org.apache.hadoop.security.alias.CredentialProvider Java Examples

The following examples show how to use org.apache.hadoop.security.alias.CredentialProvider. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SecurityUtil.java    From atlas with Apache License 2.0 7 votes vote down vote up
/**
 * Retrieves a password from a configured credential provider or prompts for the password and stores it in the
 * configured credential provider.
 * @param config application configuration
 * @param key the key/alias for the password.
 * @return the password.
 * @throws IOException
 */
public static String getPassword(org.apache.commons.configuration.Configuration config, String key) throws IOException {

    String password;

    String provider = config.getString(CERT_STORES_CREDENTIAL_PROVIDER_PATH);
    if (provider != null) {
        LOG.info("Attempting to retrieve password for key {} from configured credential provider path {}", key, provider);
        Configuration c = new Configuration();
        c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider);
        CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(c).get(0);
        CredentialProvider.CredentialEntry entry = credentialProvider.getCredentialEntry(key);
        if (entry == null) {
            throw new IOException(String.format("No credential entry found for %s. "
                    + "Please create an entry in the configured credential provider", key));
        } else {
            password = String.valueOf(entry.getCredential());
        }

    } else {
        throw new IOException("No credential provider path configured for storage of certificate store passwords");
    }

    return password;
}
 
Example #2
Source File: TestSentryStore.java    From incubator-sentry with Apache License 2.0 6 votes vote down vote up
@BeforeClass
public static void setup() throws Exception {
  conf = new Configuration(false);
  final String ourUrl = UserProvider.SCHEME_NAME + ":///";
  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);
  CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
  provider.createCredentialEntry(ServerConfig.
      SENTRY_STORE_JDBC_PASS, passwd);
  provider.flush();

  dataDir = new File(Files.createTempDir(), "sentry_policy_db");
  conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false");
  conf.set(ServerConfig.SENTRY_STORE_JDBC_URL,
      "jdbc:derby:;databaseName=" + dataDir.getPath() + ";create=true");
  conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy");
  conf.setStrings(ServerConfig.ADMIN_GROUPS, adminGroups);
  conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING,
      ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING);
  policyFilePath = new File(dataDir, "local_policy_file.ini");
  conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE,
      policyFilePath.getPath());
  sentryStore = new SentryStore(conf);
}
 
Example #3
Source File: SecureEmbeddedServer.java    From incubator-atlas with Apache License 2.0 6 votes vote down vote up
/**
 * Retrieves a password from a configured credential provider or prompts for the password and stores it in the
 * configured credential provider.
 * @param config application configuration
 * @param key the key/alias for the password.
 * @return the password.
 * @throws IOException
 */
private String getPassword(org.apache.commons.configuration.Configuration config, String key) throws IOException {

    String password;

    String provider = config.getString(CERT_STORES_CREDENTIAL_PROVIDER_PATH);
    if (provider != null) {
        LOG.info("Attempting to retrieve password from configured credential provider path");
        Configuration c = new Configuration();
        c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider);
        CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(c).get(0);
        CredentialProvider.CredentialEntry entry = credentialProvider.getCredentialEntry(key);
        if (entry == null) {
            throw new IOException(String.format("No credential entry found for %s. "
                    + "Please create an entry in the configured credential provider", key));
        } else {
            password = String.valueOf(entry.getCredential());
        }

    } else {
        throw new IOException("No credential provider path configured for storage of certificate store passwords");
    }

    return password;
}
 
Example #4
Source File: RangerCredentialProvider.java    From ranger with Apache License 2.0 6 votes vote down vote up
public String getCredentialString(String url, String alias) {
	if (url != null && alias != null) {
		List<CredentialProvider> providers = getCredentialProviders(url);
		if (providers != null) {
			for (CredentialProvider provider : providers) {
				try {
					CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry(alias);
					if (credEntry != null && credEntry.getCredential() != null) {
						return new String(credEntry.getCredential());
					}
				} catch (Exception ie) {
					LOG.error("Unable to get the Credential Provider from the Configuration", ie);
				}
			}
		}
	}
	return null;
}
 
Example #5
Source File: LdapRealm.java    From zeppelin with Apache License 2.0 6 votes vote down vote up
static String getSystemPassword(String hadoopSecurityCredentialPath,
    String keystorePass) {
  String password = "";
  try {
    Configuration configuration = new Configuration();
    configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
        hadoopSecurityCredentialPath);
    CredentialProvider provider = CredentialProviderFactory.getProviders(configuration).get(0);
    CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry(keystorePass);
    if (credEntry != null) {
      password = new String(credEntry.getCredential());
    }
  } catch (IOException e) {
    throw new ShiroException("Error from getting credential entry from keystore", e);
  }
  if (org.apache.commons.lang3.StringUtils.isEmpty(password)) {
    throw new ShiroException("Error getting SystemPassword from the provided keystore:"
        + keystorePass + ", in path:" + hadoopSecurityCredentialPath);
  }
  return password;
}
 
Example #6
Source File: Configuration.java    From big-c with Apache License 2.0 5 votes vote down vote up
/**
 * Fallback to clear text passwords in configuration.
 * @param name
 * @return clear text password or null
 */
protected char[] getPasswordFromConfig(String name) {
  char[] pass = null;
  if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK, true)) {
    String passStr = get(name);
    if (passStr != null) {
      pass = passStr.toCharArray();
    }
  }
  return pass;
}
 
Example #7
Source File: KeyStoreTestUtil.java    From big-c with Apache License 2.0 5 votes vote down vote up
public static void provisionPasswordsToCredentialProvider() throws Exception {
  File testDir = new File(System.getProperty("test.build.data",
      "target/test-dir"));

  Configuration conf = new Configuration();
  final Path jksPath = new Path(testDir.toString(), "test.jks");
  final String ourUrl =
  JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();

  File file = new File(testDir, "test.jks");
  file.delete();
  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);

  CredentialProvider provider =
      CredentialProviderFactory.getProviders(conf).get(0);
  char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
  char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'};

  // create new aliases
  try {
    provider.createCredentialEntry(
        FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER,
            FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY),
            storepass);

    provider.createCredentialEntry(
        FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER,
            FileBasedKeyStoresFactory.SSL_KEYSTORE_KEYPASSWORD_TPL_KEY),
            keypass);

    // write out so that it can be found in checks
    provider.flush();
  } catch (Exception e) {
    e.printStackTrace();
    throw e;
  }
}
 
Example #8
Source File: Configuration.java    From Flink-CEPplus with Apache License 2.0 5 votes vote down vote up
/**
 * Fallback to clear text passwords in configuration.
 * @param name
 * @return clear text password or null
 */
protected char[] getPasswordFromConfig(String name) {
  char[] pass = null;
  if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK, true)) {
    String passStr = get(name);
    if (passStr != null) {
      pass = passStr.toCharArray();
    }
  }
  return pass;
}
 
Example #9
Source File: CredentialProviderUtility.java    From incubator-atlas with Apache License 2.0 5 votes vote down vote up
public static void main(String[] args) throws IOException {
    // prompt for the provider name
    CredentialProvider provider = getCredentialProvider(textDevice);

    if(provider != null) {
        char[] cred;
        for (String key : KEYS) {
            cred = getPassword(textDevice, key);
            // create a credential entry and store it
            boolean overwrite = true;
            if (provider.getCredentialEntry(key) != null) {
                String choice = textDevice.readLine("Entry for %s already exists.  Overwrite? (y/n) [y]:", key);
                overwrite = StringUtils.isEmpty(choice) || choice.equalsIgnoreCase("y");
                if (overwrite) {
                    provider.deleteCredentialEntry(key);
                    provider.flush();
                    provider.createCredentialEntry(key, cred);
                    provider.flush();
                    textDevice.printf("Entry for %s was overwritten with the new value.\n", key);
                } else {
                    textDevice.printf("Entry for %s was not overwritten.\n", key);
                }
            } else {
                provider.createCredentialEntry(key, cred);
                provider.flush();
            }
        }
    }
}
 
Example #10
Source File: CredentialProviderUtility.java    From incubator-atlas with Apache License 2.0 5 votes vote down vote up
/**\
 * Returns a credential provider for the entered JKS path.
 * @param textDevice the system console.
 * @return the Credential provider
 * @throws IOException
 */
private static CredentialProvider getCredentialProvider(TextDevice textDevice) throws IOException {
    String providerPath = textDevice.readLine("Please enter the full path to the credential provider:");

    if (providerPath != null) {
        Configuration conf = new Configuration(false);
        conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerPath);
        return CredentialProviderFactory.getProviders(conf).get(0);
    }

    return null;
}
 
Example #11
Source File: SSLTest.java    From incubator-atlas with Apache License 2.0 5 votes vote down vote up
protected void setupCredentials() throws Exception {
    Configuration conf = new Configuration(false);

    File file = new File(jksPath.toUri().getPath());
    file.delete();
    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);

    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);

    // create new aliases
    try {

        char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);

        char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);

        char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);

        char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);

        // write out so that it can be found in checks
        provider.flush();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    }
}
 
Example #12
Source File: BaseSSLAndKerberosTest.java    From incubator-atlas with Apache License 2.0 5 votes vote down vote up
protected void setupCredentials() throws Exception {
    Configuration conf = new Configuration(false);

    File file = new File(jksPath.toUri().getPath());
    file.delete();
    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);

    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);

    // create new aliases
    try {

        char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY, storepass);

        char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY, trustpass);

        char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);

        char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY, certpass);

        // write out so that it can be found in checks
        provider.flush();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    }
}
 
Example #13
Source File: SecureEmbeddedServerTestBase.java    From incubator-atlas with Apache License 2.0 5 votes vote down vote up
protected void setupCredentials() throws Exception {
    Configuration conf = new Configuration(false);

    File file = new File(jksPath.toUri().getPath());
    file.delete();
    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);

    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);

    // create new aliases
    try {

        char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);

        char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);

        char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);

        // write out so that it can be found in checks
        provider.flush();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    }
}
 
Example #14
Source File: JDBCInterpreter.java    From zeppelin with Apache License 2.0 5 votes vote down vote up
private String getPassword(Properties properties) throws IOException, InterpreterException {
  if (isNotEmpty(properties.getProperty(PASSWORD_KEY))) {
    return properties.getProperty(PASSWORD_KEY);
  } else if (isNotEmpty(properties.getProperty(JDBC_JCEKS_FILE))
      && isNotEmpty(properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY))) {
    try {
      Configuration configuration = new Configuration();
      configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
          properties.getProperty(JDBC_JCEKS_FILE));
      CredentialProvider provider = CredentialProviderFactory.getProviders(configuration).get(0);
      CredentialProvider.CredentialEntry credEntry =
          provider.getCredentialEntry(properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY));
      if (credEntry != null) {
        return new String(credEntry.getCredential());
      } else {
        throw new InterpreterException("Failed to retrieve password from JCEKS from key: "
            + properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY));
      }
    } catch (Exception e) {
      LOGGER.error("Failed to retrieve password from JCEKS \n" +
          "For file: {} \nFor key: {}", properties.getProperty(JDBC_JCEKS_FILE),
              properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY), e);
      throw e;
    }
  }
  return null;
}
 
Example #15
Source File: RangerCredentialProvider.java    From ranger with Apache License 2.0 5 votes vote down vote up
List<CredentialProvider> getCredentialProviders(String url) {
	if (url != null) {
		try {
			Configuration conf = new Configuration();
			conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, url);
			return CredentialProviderFactory.getProviders(conf);
		} catch (Exception ie) {
			LOG.error("Unable to get the Credential Provider from the Configuration", ie);
		}
	}
	return null;
}
 
Example #16
Source File: Configuration.java    From flink with Apache License 2.0 5 votes vote down vote up
/**
 * Fallback to clear text passwords in configuration.
 * @param name
 * @return clear text password or null
 */
protected char[] getPasswordFromConfig(String name) {
  char[] pass = null;
  if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK, true)) {
    String passStr = get(name);
    if (passStr != null) {
      pass = passStr.toCharArray();
    }
  }
  return pass;
}
 
Example #17
Source File: Configuration.java    From flink with Apache License 2.0 5 votes vote down vote up
/**
 * Get the credential entry by name from a credential provider.
 *
 * Handle key deprecation.
 *
 * @param provider a credential provider
 * @param name alias of the credential
 * @return the credential entry or null if not found
 */
private CredentialEntry getCredentialEntry(CredentialProvider provider,
                                           String name) throws IOException {
	CredentialEntry entry = provider.getCredentialEntry(name);
	if (entry != null) {
		return entry;
	}

	// The old name is stored in the credential provider.
	String oldName = getDeprecatedKey(name);
	if (oldName != null) {
		entry = provider.getCredentialEntry(oldName);
		if (entry != null) {
			logDeprecationOnce(oldName, provider.toString());
			return entry;
		}
	}

	// The name is deprecated.
	DeprecatedKeyInfo keyInfo = getDeprecatedKeyInfo(name);
	if (keyInfo != null && keyInfo.newKeys != null) {
		for (String newName : keyInfo.newKeys) {
			entry = provider.getCredentialEntry(newName);
			if (entry != null) {
				logDeprecationOnce(name, null);
				return entry;
			}
		}
	}

	return null;
}
 
Example #18
Source File: Configuration.java    From flink with Apache License 2.0 5 votes vote down vote up
/**
 * Fallback to clear text passwords in configuration.
 * @param name
 * @return clear text password or null
 */
protected char[] getPasswordFromConfig(String name) {
	char[] pass = null;
	if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK,
			CommonConfigurationKeysPublic.
					HADOOP_SECURITY_CREDENTIAL_CLEAR_TEXT_FALLBACK_DEFAULT)) {
		String passStr = get(name);
		if (passStr != null) {
			pass = passStr.toCharArray();
		}
	}
	return pass;
}
 
Example #19
Source File: ReportLineageToAtlas.java    From nifi with Apache License 2.0 5 votes vote down vote up
private void setAtlasSSLConfig(Properties atlasProperties, ConfigurationContext context, List<String> urls, File confDir) throws Exception {
    boolean isAtlasApiSecure = urls.stream().anyMatch(url -> url.toLowerCase().startsWith("https"));
    atlasProperties.put(ATLAS_PROPERTY_ENABLE_TLS, String.valueOf(isAtlasApiSecure));

    // ssl-client.xml must be deleted, Atlas will not regenerate it otherwise
    Path credStorePath = new File(confDir, CRED_STORE_FILENAME).toPath();
    Files.deleteIfExists(credStorePath);
    Path sslClientXmlPath = new File(confDir, SSL_CLIENT_XML_FILENAME).toPath();
    Files.deleteIfExists(sslClientXmlPath);

    if (isAtlasApiSecure) {
        SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
        if (sslContextService == null) {
            getLogger().warn("No SSLContextService configured, the system default truststore will be used.");
        } else if (!sslContextService.isTrustStoreConfigured()) {
            getLogger().warn("No truststore configured on SSLContextService, the system default truststore will be used.");
        } else if (!KEYSTORE_TYPE_JKS.equalsIgnoreCase(sslContextService.getTrustStoreType())) {
            getLogger().warn("The configured truststore type is not supported by Atlas (not JKS), the system default truststore will be used.");
        } else {
            atlasProperties.put(ATLAS_PROPERTY_TRUSTSTORE_FILE, sslContextService.getTrustStoreFile());

            String password = sslContextService.getTrustStorePassword();
            // Hadoop Credential Provider JCEKS URI format: localjceks://file/PATH/TO/JCEKS
            String credStoreUri = credStorePath.toUri().toString().replaceFirst("^file://", "localjceks://file");

            CredentialProvider credentialProvider = new LocalJavaKeyStoreProvider.Factory().createProvider(new URI(credStoreUri), new Configuration());
            credentialProvider.createCredentialEntry(TRUSTSTORE_PASSWORD_ALIAS, password.toCharArray());
            credentialProvider.flush();

            atlasProperties.put(ATLAS_PROPERTY_CRED_STORE_PATH, credStoreUri);
        }
    }
}
 
Example #20
Source File: Configuration.java    From Flink-CEPplus with Apache License 2.0 5 votes vote down vote up
/**
 * Get the credential entry by name from a credential provider.
 *
 * Handle key deprecation.
 *
 * @param provider a credential provider
 * @param name alias of the credential
 * @return the credential entry or null if not found
 */
private CredentialEntry getCredentialEntry(CredentialProvider provider,
                                           String name) throws IOException {
	CredentialEntry entry = provider.getCredentialEntry(name);
	if (entry != null) {
		return entry;
	}

	// The old name is stored in the credential provider.
	String oldName = getDeprecatedKey(name);
	if (oldName != null) {
		entry = provider.getCredentialEntry(oldName);
		if (entry != null) {
			logDeprecationOnce(oldName, provider.toString());
			return entry;
		}
	}

	// The name is deprecated.
	DeprecatedKeyInfo keyInfo = getDeprecatedKeyInfo(name);
	if (keyInfo != null && keyInfo.newKeys != null) {
		for (String newName : keyInfo.newKeys) {
			entry = provider.getCredentialEntry(newName);
			if (entry != null) {
				logDeprecationOnce(name, null);
				return entry;
			}
		}
	}

	return null;
}
 
Example #21
Source File: Configuration.java    From Flink-CEPplus with Apache License 2.0 5 votes vote down vote up
/**
 * Fallback to clear text passwords in configuration.
 * @param name
 * @return clear text password or null
 */
protected char[] getPasswordFromConfig(String name) {
	char[] pass = null;
	if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK,
			CommonConfigurationKeysPublic.
					HADOOP_SECURITY_CREDENTIAL_CLEAR_TEXT_FALLBACK_DEFAULT)) {
		String passStr = get(name);
		if (passStr != null) {
			pass = passStr.toCharArray();
		}
	}
	return pass;
}
 
Example #22
Source File: Configuration.java    From flink with Apache License 2.0 5 votes vote down vote up
/**
 * Fallback to clear text passwords in configuration.
 * @param name
 * @return clear text password or null
 */
protected char[] getPasswordFromConfig(String name) {
  char[] pass = null;
  if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK, true)) {
    String passStr = get(name);
    if (passStr != null) {
      pass = passStr.toCharArray();
    }
  }
  return pass;
}
 
Example #23
Source File: KeyStoreTestUtil.java    From hadoop with Apache License 2.0 5 votes vote down vote up
public static void provisionPasswordsToCredentialProvider() throws Exception {
  File testDir = new File(System.getProperty("test.build.data",
      "target/test-dir"));

  Configuration conf = new Configuration();
  final Path jksPath = new Path(testDir.toString(), "test.jks");
  final String ourUrl =
  JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();

  File file = new File(testDir, "test.jks");
  file.delete();
  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);

  CredentialProvider provider =
      CredentialProviderFactory.getProviders(conf).get(0);
  char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
  char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'};

  // create new aliases
  try {
    provider.createCredentialEntry(
        FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER,
            FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY),
            storepass);

    provider.createCredentialEntry(
        FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER,
            FileBasedKeyStoresFactory.SSL_KEYSTORE_KEYPASSWORD_TPL_KEY),
            keypass);

    // write out so that it can be found in checks
    provider.flush();
  } catch (Exception e) {
    e.printStackTrace();
    throw e;
  }
}
 
Example #24
Source File: Configuration.java    From hadoop with Apache License 2.0 5 votes vote down vote up
/**
 * Fallback to clear text passwords in configuration.
 * @param name
 * @return clear text password or null
 */
protected char[] getPasswordFromConfig(String name) {
  char[] pass = null;
  if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK, true)) {
    String passStr = get(name);
    if (passStr != null) {
      pass = passStr.toCharArray();
    }
  }
  return pass;
}
 
Example #25
Source File: Configuration.java    From flink with Apache License 2.0 5 votes vote down vote up
/**
 * Get the credential entry by name from a credential provider.
 *
 * Handle key deprecation.
 *
 * @param provider a credential provider
 * @param name alias of the credential
 * @return the credential entry or null if not found
 */
private CredentialEntry getCredentialEntry(CredentialProvider provider,
                                           String name) throws IOException {
	CredentialEntry entry = provider.getCredentialEntry(name);
	if (entry != null) {
		return entry;
	}

	// The old name is stored in the credential provider.
	String oldName = getDeprecatedKey(name);
	if (oldName != null) {
		entry = provider.getCredentialEntry(oldName);
		if (entry != null) {
			logDeprecationOnce(oldName, provider.toString());
			return entry;
		}
	}

	// The name is deprecated.
	DeprecatedKeyInfo keyInfo = getDeprecatedKeyInfo(name);
	if (keyInfo != null && keyInfo.newKeys != null) {
		for (String newName : keyInfo.newKeys) {
			entry = provider.getCredentialEntry(newName);
			if (entry != null) {
				logDeprecationOnce(name, null);
				return entry;
			}
		}
	}

	return null;
}
 
Example #26
Source File: Configuration.java    From flink with Apache License 2.0 5 votes vote down vote up
/**
 * Fallback to clear text passwords in configuration.
 * @param name
 * @return clear text password or null
 */
protected char[] getPasswordFromConfig(String name) {
	char[] pass = null;
	if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK,
			CommonConfigurationKeysPublic.
					HADOOP_SECURITY_CREDENTIAL_CLEAR_TEXT_FALLBACK_DEFAULT)) {
		String passStr = get(name);
		if (passStr != null) {
			pass = passStr.toCharArray();
		}
	}
	return pass;
}
 
Example #27
Source File: CredentialProviderUtility.java    From atlas with Apache License 2.0 5 votes vote down vote up
/**\
 * Returns a credential provider for the entered JKS path.
 * @param textDevice the system console.
 * @return the Credential provider
 * @throws IOException
 */
private static CredentialProvider getCredentialProvider(TextDevice textDevice) throws IOException {
    String providerPath = textDevice.readLine("Please enter the full path to the credential provider:");

    if (providerPath != null) {
        Configuration conf = new Configuration(false);

        conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerPath);

        return CredentialProviderFactory.getProviders(conf).get(0);
    }

    return null;
}
 
Example #28
Source File: SSLTest.java    From atlas with Apache License 2.0 5 votes vote down vote up
protected void setupCredentials() throws Exception {
    Configuration conf = new Configuration(false);

    File file = new File(jksPath.toUri().getPath());
    file.delete();
    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);

    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);

    // create new aliases
    try {

        char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);

        char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);

        char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);

        char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);

        // write out so that it can be found in checks
        provider.flush();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    }
}
 
Example #29
Source File: SecureEmbeddedServerTestBase.java    From atlas with Apache License 2.0 5 votes vote down vote up
protected void setupCredentials() throws Exception {
    Configuration conf = new Configuration(false);

    File file = new File(jksPath.toUri().getPath());
    file.delete();
    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);

    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);

    // create new aliases
    try {

        char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);

        char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);

        char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);

        // write out so that it can be found in checks
        provider.flush();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    }
}
 
Example #30
Source File: BaseSSLAndKerberosTest.java    From atlas with Apache License 2.0 5 votes vote down vote up
protected void setupCredentials() throws Exception {
    Configuration conf = new Configuration(false);

    File file = new File(jksPath.toUri().getPath());
    file.delete();
    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);

    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);

    // create new aliases
    try {

        char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY, storepass);

        char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY, trustpass);

        char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);

        char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY, certpass);

        // write out so that it can be found in checks
        provider.flush();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    }
}