List of usage examples for org.apache.hadoop.security.alias CredentialProvider getCredentialEntry
public abstract CredentialEntry getCredentialEntry(String alias) throws IOException;
From source file:org.apache.atlas.CredentialProviderUtilityIT.java
License:Apache License
@Test public void testEnterValidValues() throws Exception { Path testPath = null;//from w w w . j a v a 2s . c o m try { testPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); } catch (IOException e) { e.printStackTrace(); } new File(testPath.toUri().getPath()).delete(); final Path finalTestPath = testPath; CredentialProviderUtility.textDevice = new CredentialProviderUtility.TextDevice() { @Override public void printf(String fmt, Object... params) { System.out.print(String.format(fmt, params)); } public String readLine(String fmt, Object... args) { return finalTestPath.toString(); } @Override public char[] readPassword(String fmt, Object... args) { return defaultPass; } }; CredentialProviderUtility.main(new String[] {}); String providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + testPath.toUri(); Configuration conf = new Configuration(false); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); CredentialProvider.CredentialEntry entry = provider .getCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY); assertCredentialEntryCorrect(entry); entry = provider.getCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY); assertCredentialEntryCorrect(entry); entry = provider.getCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY); assertCredentialEntryCorrect(entry); }
From source file:org.apache.atlas.CredentialProviderUtilityIT.java
License:Apache License
@Test public void testEnterEmptyValues() throws Exception { Path testPath = null;/*from w w w . ja va 2 s .co m*/ try { testPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); } catch (IOException e) { e.printStackTrace(); } new File(testPath.toUri().getPath()).delete(); final Path finalTestPath = testPath; CredentialProviderUtility.textDevice = new CredentialProviderUtility.TextDevice() { private Random random = new Random(); @Override public void printf(String fmt, Object... params) { System.out.print(String.format(fmt, params)); } public String readLine(String fmt, Object... args) { return finalTestPath.toString(); } @Override public char[] readPassword(String fmt, Object... args) { List<char[]> responses = new ArrayList<>(); responses.add(new char[0]); responses.add(defaultPass); int size = responses.size(); int item = random.nextInt(size); return responses.get(item); } }; CredentialProviderUtility.main(new String[] {}); String providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + testPath.toUri(); Configuration conf = new Configuration(false); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); CredentialProvider.CredentialEntry entry = provider .getCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY); assertCredentialEntryCorrect(entry); entry = provider.getCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY); assertCredentialEntryCorrect(entry); entry = provider.getCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY); assertCredentialEntryCorrect(entry); }
From source file:org.apache.atlas.CredentialProviderUtilityIT.java
License:Apache License
@Test public void testEnterMismatchedValues() throws Exception { Path testPath = null;/*from w ww . j a v a 2 s .c o m*/ try { testPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); } catch (IOException e) { e.printStackTrace(); } new File(testPath.toUri().getPath()).delete(); final Path finalTestPath = testPath; CredentialProviderUtility.textDevice = new CredentialProviderUtility.TextDevice() { int i = 0; @Override public void printf(String fmt, Object... params) { System.out.print(String.format(fmt, params)); } public String readLine(String fmt, Object... args) { return finalTestPath.toString(); } @Override public char[] readPassword(String fmt, Object... args) { List<char[]> responses = new ArrayList<>(); responses.add(defaultPass); responses.add(new char[] { 'b', 'a', 'd', 'p', 'a', 's', 's' }); responses.add(defaultPass); int item = i % 3; i++; return responses.get(item); } }; CredentialProviderUtility.main(new String[] {}); String providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + testPath.toUri(); Configuration conf = new Configuration(false); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); CredentialProvider.CredentialEntry entry = provider .getCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY); assertCredentialEntryCorrect(entry); entry = provider.getCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY); assertCredentialEntryCorrect(entry); entry = provider.getCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY); assertCredentialEntryCorrect(entry); }
From source file:org.apache.atlas.CredentialProviderUtilityIT.java
License:Apache License
@Test public void testOverwriteValues() throws Exception { Path testPath = null;// www . java 2 s . c om try { testPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); } catch (IOException e) { e.printStackTrace(); } new File(testPath.toUri().getPath()).delete(); final Path finalTestPath = testPath; CredentialProviderUtility.textDevice = new CredentialProviderUtility.TextDevice() { @Override public void printf(String fmt, Object... params) { System.out.print(String.format(fmt, params)); } public String readLine(String fmt, Object... args) { return finalTestPath.toString(); } @Override public char[] readPassword(String fmt, Object... args) { return defaultPass; } }; CredentialProviderUtility.main(new String[] {}); // now attempt to overwrite values CredentialProviderUtility.textDevice = new CredentialProviderUtility.TextDevice() { int i = 0; @Override public void printf(String fmt, Object... params) { System.out.print(String.format(fmt, params)); } public String readLine(String fmt, Object... args) { return i++ == 0 ? finalTestPath.toString() : "y"; } @Override public char[] readPassword(String fmt, Object... args) { return new char[] { 'n', 'e', 'w', 'p', 'a', 's', 's' }; } }; CredentialProviderUtility.main(new String[] {}); String providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + testPath.toUri(); Configuration conf = new Configuration(false); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); char[] newpass = "newpass".toCharArray(); CredentialProvider.CredentialEntry entry = provider .getCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY); assertCredentialEntryCorrect(entry, newpass); entry = provider.getCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY); assertCredentialEntryCorrect(entry, newpass); entry = provider.getCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY); assertCredentialEntryCorrect(entry, newpass); }
From source file:org.apache.atlas.util.CredentialProviderUtility.java
License:Apache License
public static void main(String[] args) throws IOException { // prompt for the provider name CredentialProvider provider = getCredentialProvider(textDevice); char[] cred;/*from w w w . j a va 2s . c o m*/ for (String key : KEYS) { cred = getPassword(textDevice, key); // create a credential entry and store it boolean overwrite = true; if (provider.getCredentialEntry(key) != null) { String choice = textDevice.readLine("Entry for %s already exists. Overwrite? (y/n) [y]:", key); overwrite = StringUtils.isEmpty(choice) || choice.equalsIgnoreCase("y"); if (overwrite) { provider.deleteCredentialEntry(key); provider.flush(); provider.createCredentialEntry(key, cred); provider.flush(); textDevice.printf("Entry for %s was overwritten with the new value.\n", key); } else { textDevice.printf("Entry for %s was not overwritten.\n", key); } } else { provider.createCredentialEntry(key, cred); provider.flush(); } } }
From source file:org.apache.atlas.web.service.SecureEmbeddedServer.java
License:Apache License
/** * Retrieves a password from a configured credential provider or prompts for the password and stores it in the * configured credential provider./*from ww w.j av a 2s .c o m*/ * @param config application configuration * @param key the key/alias for the password. * @return the password. * @throws IOException */ private String getPassword(org.apache.commons.configuration.Configuration config, String key) throws IOException { String password; String provider = config.getString(CERT_STORES_CREDENTIAL_PROVIDER_PATH); if (provider != null) { LOG.info("Attempting to retrieve password from configured credential provider path"); Configuration c = new Configuration(); c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider); CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(c).get(0); CredentialProvider.CredentialEntry entry = credentialProvider.getCredentialEntry(key); if (entry == null) { throw new IOException(String.format("No credential entry found for %s. " + "Please create an entry in the configured credential provider", key)); } else { password = String.valueOf(entry.getCredential()); } } else { throw new IOException( "No credential provider path configured for storage of certificate store passwords"); } return password; }
From source file:org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider.java
License:Apache License
public char[] getCredentialString(String url, String alias) { List<CredentialProvider> providers = getCredentialProviders(url); if (providers != null) { for (CredentialProvider provider : providers) { try { CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry(alias); if (credEntry != null) { return credEntry.getCredential(); }/*ww w . java 2 s .c om*/ } catch (Exception ie) { LOG.error("Unable to get the Credential Provider from the Configuration", ie); } } } return null; }
From source file:org.apache.ranger.credentialapi.CredentialReader.java
License:Apache License
public static String getDecryptedString(String CrendentialProviderPath, String alias) { String credential = null;// w w w .ja v a2 s . c o m try { if (CrendentialProviderPath == null || alias == null || CrendentialProviderPath.trim().isEmpty() || alias.trim().isEmpty()) { return null; } char[] pass = null; Configuration conf = new Configuration(); String crendentialProviderPrefixJceks = JavaKeyStoreProvider.SCHEME_NAME + "://file"; String crendentialProviderPrefixLocalJceks = "localjceks://file"; crendentialProviderPrefixJceks = crendentialProviderPrefixJceks.toLowerCase(); CrendentialProviderPath = CrendentialProviderPath.trim(); alias = alias.trim(); if (CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixJceks) || CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixLocalJceks)) { conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, //UserProvider.SCHEME_NAME + ":///," + CrendentialProviderPath); } else { if (CrendentialProviderPath.startsWith("/")) { conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, //UserProvider.SCHEME_NAME + ":///," + JavaKeyStoreProvider.SCHEME_NAME + "://file" + CrendentialProviderPath); } else { conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, //UserProvider.SCHEME_NAME + ":///," + JavaKeyStoreProvider.SCHEME_NAME + "://file/" + CrendentialProviderPath); } } List<CredentialProvider> providers = CredentialProviderFactory.getProviders(conf); List<String> aliasesList = new ArrayList<String>(); CredentialProvider.CredentialEntry credEntry = null; for (CredentialProvider provider : providers) { //System.out.println("Credential Provider :" + provider); aliasesList = provider.getAliases(); if (aliasesList != null && aliasesList.contains(alias.toLowerCase())) { credEntry = null; credEntry = provider.getCredentialEntry(alias); pass = credEntry.getCredential(); if (pass != null && pass.length > 0) { credential = String.valueOf(pass); break; } } } } catch (Exception ex) { ex.printStackTrace(); credential = null; } return credential; }
From source file:org.apache.sentry.provider.db.service.persistent.TestHMSFollowerSentryStoreIntegration.java
License:Apache License
@BeforeClass public static void setup() throws Exception { conf = new Configuration(true); final String ourUrl = UserProvider.SCHEME_NAME + ":///"; conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); // THis should be a UserGroupInformation provider CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); // The user credentials are stored as a static variable by UserGrouoInformation provider. // We need to only set the password the first time, an attempt to set it for the second // time fails with an exception. if (provider.getCredentialEntry(ServerConfig.SENTRY_STORE_JDBC_PASS) == null) { provider.createCredentialEntry(ServerConfig.SENTRY_STORE_JDBC_PASS, passwd); provider.flush();//from w ww . j av a 2 s . c o m } dataDir = new File(Files.createTempDir(), "sentry_policy_db"); conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false"); conf.set(ServerConfig.SENTRY_STORE_JDBC_URL, "jdbc:derby:;databaseName=" + dataDir.getPath() + ";create=true"); conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy"); conf.setStrings(ServerConfig.ADMIN_GROUPS, adminGroups); conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING, ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING); policyFilePath = new File(dataDir, "local_policy_file.ini"); conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE, policyFilePath.getPath()); conf.setInt(ServerConfig.SENTRY_STORE_TRANSACTION_RETRY, 10); }
From source file:org.apache.sentry.provider.db.service.persistent.TestSentryStore.java
License:Apache License
@BeforeClass public static void setup() throws Exception { conf = new Configuration(true); final String ourUrl = UserProvider.SCHEME_NAME + ":///"; conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); // enable HDFS sync, so perm and path changes will be saved into DB conf.set(ServiceConstants.ServerConfig.PROCESSOR_FACTORIES, "org.apache.sentry.hdfs.SentryHDFSServiceProcessorFactory"); conf.set(ServiceConstants.ServerConfig.SENTRY_POLICY_STORE_PLUGINS, "org.apache.sentry.hdfs.SentryPlugin"); // THis should be a UserGroupInformation provider CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); // The user credentials are stored as a static variable by UserGrouoInformation provider. // We need to only set the password the first time, an attempt to set it for the second // time fails with an exception. if (provider.getCredentialEntry(ServerConfig.SENTRY_STORE_JDBC_PASS) == null) { provider.createCredentialEntry(ServerConfig.SENTRY_STORE_JDBC_PASS, passwd); provider.flush();//from w w w . ja va 2 s. com } dataDir = new File(Files.createTempDir(), "sentry_policy_db"); conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false"); conf.set(ServerConfig.SENTRY_STORE_JDBC_URL, "jdbc:derby:;databaseName=" + dataDir.getPath() + ";create=true"); conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy"); conf.setStrings(ServerConfig.ADMIN_GROUPS, adminGroups); conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING, ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING); policyFilePath = new File(dataDir, "local_policy_file.ini"); conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE, policyFilePath.getPath()); // These tests do not need to retry transactions, so setting to 1 to reduce testing time conf.setInt(ServerConfig.SENTRY_STORE_TRANSACTION_RETRY, 1); // SentryStore should be initialized only once. The tables created by the test cases will // be cleaned up during the @After method. sentryStore = new SentryStore(conf); boolean hdfsSyncEnabled = SentryServiceUtil.isHDFSSyncEnabled(conf); sentryStore.setPersistUpdateDeltas(hdfsSyncEnabled); }