List of usage examples for org.apache.hadoop.security.alias CredentialProviderFactory getProviders
public static List<CredentialProvider> getProviders(Configuration conf) throws IOException
From source file:org.apache.ranger.credentialapi.CredentialReader.java
License:Apache License
public static String getDecryptedString(String CrendentialProviderPath, String alias) { String credential = null;//from w ww . j a v a 2 s . c o m try { if (CrendentialProviderPath == null || alias == null || CrendentialProviderPath.trim().isEmpty() || alias.trim().isEmpty()) { return null; } char[] pass = null; Configuration conf = new Configuration(); String crendentialProviderPrefixJceks = JavaKeyStoreProvider.SCHEME_NAME + "://file"; String crendentialProviderPrefixLocalJceks = "localjceks://file"; crendentialProviderPrefixJceks = crendentialProviderPrefixJceks.toLowerCase(); CrendentialProviderPath = CrendentialProviderPath.trim(); alias = alias.trim(); if (CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixJceks) || CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixLocalJceks)) { conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, //UserProvider.SCHEME_NAME + ":///," + CrendentialProviderPath); } else { if (CrendentialProviderPath.startsWith("/")) { conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, //UserProvider.SCHEME_NAME + ":///," + JavaKeyStoreProvider.SCHEME_NAME + "://file" + CrendentialProviderPath); } else { conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, //UserProvider.SCHEME_NAME + ":///," + JavaKeyStoreProvider.SCHEME_NAME + "://file/" + CrendentialProviderPath); } } List<CredentialProvider> providers = CredentialProviderFactory.getProviders(conf); List<String> aliasesList = new ArrayList<String>(); CredentialProvider.CredentialEntry credEntry = null; for (CredentialProvider provider : providers) { //System.out.println("Credential Provider :" + provider); aliasesList = provider.getAliases(); if (aliasesList != null && aliasesList.contains(alias.toLowerCase())) { credEntry = null; credEntry = provider.getCredentialEntry(alias); pass = credEntry.getCredential(); if (pass != null && pass.length > 0) { credential = String.valueOf(pass); break; } } } } catch (Exception ex) { ex.printStackTrace(); credential = null; } return credential; }
From source file:org.apache.sentry.provider.db.service.persistent.TestHMSFollowerSentryStoreIntegration.java
License:Apache License
@BeforeClass public static void setup() throws Exception { conf = new Configuration(true); final String ourUrl = UserProvider.SCHEME_NAME + ":///"; conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); // THis should be a UserGroupInformation provider CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); // The user credentials are stored as a static variable by UserGrouoInformation provider. // We need to only set the password the first time, an attempt to set it for the second // time fails with an exception. if (provider.getCredentialEntry(ServerConfig.SENTRY_STORE_JDBC_PASS) == null) { provider.createCredentialEntry(ServerConfig.SENTRY_STORE_JDBC_PASS, passwd); provider.flush();/*w ww. java 2 s. c om*/ } dataDir = new File(Files.createTempDir(), "sentry_policy_db"); conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false"); conf.set(ServerConfig.SENTRY_STORE_JDBC_URL, "jdbc:derby:;databaseName=" + dataDir.getPath() + ";create=true"); conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy"); conf.setStrings(ServerConfig.ADMIN_GROUPS, adminGroups); conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING, ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING); policyFilePath = new File(dataDir, "local_policy_file.ini"); conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE, policyFilePath.getPath()); conf.setInt(ServerConfig.SENTRY_STORE_TRANSACTION_RETRY, 10); }
From source file:org.apache.sentry.provider.db.service.persistent.TestSentryStore.java
License:Apache License
@BeforeClass public static void setup() throws Exception { conf = new Configuration(true); final String ourUrl = UserProvider.SCHEME_NAME + ":///"; conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); // enable HDFS sync, so perm and path changes will be saved into DB conf.set(ServiceConstants.ServerConfig.PROCESSOR_FACTORIES, "org.apache.sentry.hdfs.SentryHDFSServiceProcessorFactory"); conf.set(ServiceConstants.ServerConfig.SENTRY_POLICY_STORE_PLUGINS, "org.apache.sentry.hdfs.SentryPlugin"); // THis should be a UserGroupInformation provider CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); // The user credentials are stored as a static variable by UserGrouoInformation provider. // We need to only set the password the first time, an attempt to set it for the second // time fails with an exception. if (provider.getCredentialEntry(ServerConfig.SENTRY_STORE_JDBC_PASS) == null) { provider.createCredentialEntry(ServerConfig.SENTRY_STORE_JDBC_PASS, passwd); provider.flush();//from w w w . j a va 2 s. c o m } dataDir = new File(Files.createTempDir(), "sentry_policy_db"); conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false"); conf.set(ServerConfig.SENTRY_STORE_JDBC_URL, "jdbc:derby:;databaseName=" + dataDir.getPath() + ";create=true"); conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy"); conf.setStrings(ServerConfig.ADMIN_GROUPS, adminGroups); conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING, ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING); policyFilePath = new File(dataDir, "local_policy_file.ini"); conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE, policyFilePath.getPath()); // These tests do not need to retry transactions, so setting to 1 to reduce testing time conf.setInt(ServerConfig.SENTRY_STORE_TRANSACTION_RETRY, 1); // SentryStore should be initialized only once. The tables created by the test cases will // be cleaned up during the @After method. sentryStore = new SentryStore(conf); boolean hdfsSyncEnabled = SentryServiceUtil.isHDFSSyncEnabled(conf); sentryStore.setPersistUpdateDeltas(hdfsSyncEnabled); }
From source file:org.apache.slider.client.SliderClient.java
License:Apache License
private void checkForCredentials(Configuration conf, ConfTree tree) throws IOException { if (tree.credentials == null || tree.credentials.size() == 0) { log.info("No credentials requested"); return;//from ww w. ja v a2 s .com } for (Entry<String, List<String>> cred : tree.credentials.entrySet()) { String provider = cred.getKey(); List<String> aliases = cred.getValue(); if (aliases == null || aliases.size() == 0) { continue; } Configuration c = new Configuration(conf); c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider); CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(c).get(0); Set<String> existingAliases = new HashSet<String>(credentialProvider.getAliases()); for (String alias : aliases) { if (!existingAliases.contains(alias.toLowerCase(Locale.ENGLISH))) { throw new IOException("Specified credentials have not been " + "initialized in provider " + provider + ": " + alias); } } } }
From source file:org.apache.slider.server.services.security.AbstractSecurityStoreGenerator.java
License:Apache License
protected String getStorePassword(Map<String, List<String>> credentials, MapOperations compOps, String role) throws SliderException, IOException { String password = getPassword(compOps); if (password == null) { // need to leverage credential provider String alias = getAlias(compOps); LOG.debug("Alias {} found for role {}", alias, role); if (alias == null) { throw new SliderException("No store password or credential provider " + "alias found"); }/* ww w . j a v a 2s. co m*/ if (credentials.isEmpty()) { LOG.info("Credentials can not be retrieved for store generation since " + "no CP paths are configured"); } synchronized (this) { for (Map.Entry<String, List<String>> cred : credentials.entrySet()) { String provider = cred.getKey(); Configuration c = new Configuration(); c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider); LOG.debug("Configured provider {}", provider); CredentialProvider cp = CredentialProviderFactory.getProviders(c).get(0); LOG.debug("Aliases: {}", cp.getAliases()); char[] credential = c.getPassword(alias); if (credential != null) { LOG.info("Credential found for role {}", role); return String.valueOf(credential); } } } if (password == null) { LOG.info( "No store credential found for alias {}. " + "Generation of store for {} is not possible.", alias, role); } } return password; }
From source file:org.apache.slider.server.services.security.TestCertificateManager.java
License:Apache License
private void setupCredentials(AggregateConf instanceDefinition, String keyAlias, String trustAlias) throws Exception { Configuration conf = new Configuration(); final Path jksPath = new Path(SecurityUtils.getSecurityDir(), "test.jks"); final String ourUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); File file = new File(SecurityUtils.getSecurityDir(), "test.jks"); file.delete();//from w ww . j a v a2 s.co m conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); instanceDefinition.getAppConf().credentials.put(ourUrl, new ArrayList<String>()); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); // create new aliases try { if (keyAlias != null) { char[] storepass = { 'k', 'e', 'y', 'p', 'a', 's', 's' }; provider.createCredentialEntry(keyAlias, storepass); } if (trustAlias != null) { char[] trustpass = { 't', 'r', 'u', 's', 't', 'p', 'a', 's', 's' }; provider.createCredentialEntry(trustAlias, trustpass); } // write out so that it can be found in checks provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } }
From source file:org.apache.zeppelin.jdbc.JDBCInterpreter.java
License:Apache License
private String getPassword(Properties properties) throws IOException, InterpreterException { if (isNotEmpty(properties.getProperty(PASSWORD_KEY))) { return properties.getProperty(PASSWORD_KEY); } else if (isNotEmpty(properties.getProperty(JDBC_JCEKS_FILE)) && isNotEmpty(properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY))) { try {/*from w w w. j a v a 2 s.c om*/ Configuration configuration = new Configuration(); configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, properties.getProperty(JDBC_JCEKS_FILE)); CredentialProvider provider = CredentialProviderFactory.getProviders(configuration).get(0); CredentialProvider.CredentialEntry credEntry = provider .getCredentialEntry(properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY)); if (credEntry != null) { return new String(credEntry.getCredential()); } else { throw new InterpreterException("Failed to retrieve password from JCEKS from key: " + properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY)); } } catch (Exception e) { logger.error("Failed to retrieve password from JCEKS \n" + "For file: " + properties.getProperty(JDBC_JCEKS_FILE) + "\nFor key: " + properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY), e); throw e; } } return null; }
From source file:org.apache.zeppelin.realm.ActiveDirectoryGroupRealm.java
License:Apache License
private String getSystemPassword() { String password = ""; if (StringUtils.isEmpty(this.hadoopSecurityCredentialPath)) { password = this.systemPassword; } else {// www.ja v a 2s.c o m try { Configuration configuration = new Configuration(); configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, this.hadoopSecurityCredentialPath); CredentialProvider provider = CredentialProviderFactory.getProviders(configuration).get(0); CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry(KEYSTORE_PASS); if (credEntry != null) { password = new String(credEntry.getCredential()); } } catch (Exception e) { } } return password; }
From source file:org.apache.zeppelin.realm.LdapRealm.java
License:Apache License
static String getSystemPassword(String hadoopSecurityCredentialPath, String keystorePass) { String password = ""; try {/*w ww . ja v a 2 s.c o m*/ Configuration configuration = new Configuration(); configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, hadoopSecurityCredentialPath); CredentialProvider provider = CredentialProviderFactory.getProviders(configuration).get(0); CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry(keystorePass); if (credEntry != null) { password = new String(credEntry.getCredential()); } } catch (IOException e) { throw new ShiroException("Error from getting credential entry from keystore", e); } if (org.apache.commons.lang.StringUtils.isEmpty(password)) { throw new ShiroException("Error getting SystemPassword from the provided keystore:" + keystorePass + ", in path:" + hadoopSecurityCredentialPath); } return password; }
From source file:uk.gov.gchq.gaffer.slider.util.AccumuloSliderUtils.java
License:Apache License
/** * Retrieves the Accumulo root password from the credential keystores used by an Accumulo instance * * @param appConfig The Slider application configuration for an Accumulo instance * @return The root password// w ww. j a v a 2s . co m * @throws IOException if IOException * @throws URISyntaxException if URISyntaxException */ public static String getRootPassword(final ConfTree appConfig) throws IOException, URISyntaxException { Map<String, List<String>> keystores = SliderKeystoreUtils.getCredentialKeyStores(appConfig); String passwordKeystore = null; // Identify the keystore that is being used to store the Accumulo root user's password for (final Map.Entry<String, List<String>> keystore : keystores.entrySet()) { if (keystore.getValue().contains(CustomAuthenticator.ROOT_INITIAL_PASSWORD_PROPERTY)) { passwordKeystore = keystore.getKey(); } } if (passwordKeystore == null) { throw new IOException("Unable to identify a keystore that contains: " + CustomAuthenticator.ROOT_INITIAL_PASSWORD_PROPERTY); } // Load keystore CommandTestBase.SLIDER_CONFIG.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, passwordKeystore); CredentialProvider provider = CredentialProviderFactory.getProviders(CommandTestBase.SLIDER_CONFIG).get(0); // Access root password CredentialProvider.CredentialEntry rootPasswordEntry = provider .getCredentialEntry(CustomAuthenticator.ROOT_INITIAL_PASSWORD_PROPERTY); return new String(rootPasswordEntry.getCredential()); }