Example 1 with SecretKey
use of javax.crypto.SecretKey in project hadoop by apache.
the class TestZKRMStateStore method testFencedState.
@Test
public void testFencedState() throws Exception {
TestZKRMStateStoreTester zkTester = new TestZKRMStateStoreTester();
RMStateStore store = zkTester.getRMStateStore();
// Move state to FENCED from ACTIVE
store.updateFencedState();
assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
long submitTime = System.currentTimeMillis();
long startTime = submitTime + 1000;
// Add a new app
RMApp mockApp = mock(RMApp.class);
ApplicationSubmissionContext context = new ApplicationSubmissionContextPBImpl();
when(mockApp.getSubmitTime()).thenReturn(submitTime);
when(mockApp.getStartTime()).thenReturn(startTime);
when(mockApp.getApplicationSubmissionContext()).thenReturn(context);
when(mockApp.getUser()).thenReturn("test");
store.storeNewApplication(mockApp);
assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
// Add a new attempt
ClientToAMTokenSecretManagerInRM clientToAMTokenMgr = new ClientToAMTokenSecretManagerInRM();
ApplicationAttemptId attemptId = ApplicationAttemptId.fromString("appattempt_1234567894321_0001_000001");
SecretKey clientTokenMasterKey = clientToAMTokenMgr.createMasterKey(attemptId);
RMAppAttemptMetrics mockRmAppAttemptMetrics = mock(RMAppAttemptMetrics.class);
Container container = new ContainerPBImpl();
container.setId(ContainerId.fromString("container_1234567891234_0001_01_000001"));
RMAppAttempt mockAttempt = mock(RMAppAttempt.class);
when(mockAttempt.getAppAttemptId()).thenReturn(attemptId);
when(mockAttempt.getMasterContainer()).thenReturn(container);
when(mockAttempt.getClientTokenMasterKey()).thenReturn(clientTokenMasterKey);
when(mockAttempt.getRMAppAttemptMetrics()).thenReturn(mockRmAppAttemptMetrics);
when(mockRmAppAttemptMetrics.getAggregateAppResourceUsage()).thenReturn(new AggregateAppResourceUsage(0, 0));
store.storeNewApplicationAttempt(mockAttempt);
assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
long finishTime = submitTime + 1000;
// Update attempt
ApplicationAttemptStateData newAttemptState = ApplicationAttemptStateData.newInstance(attemptId, container, store.getCredentialsFromAppAttempt(mockAttempt), startTime, RMAppAttemptState.FINISHED, "testUrl", "test", FinalApplicationStatus.SUCCEEDED, 100, finishTime, 0, 0, 0, 0);
store.updateApplicationAttemptState(newAttemptState);
assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
// Update app
ApplicationStateData appState = ApplicationStateData.newInstance(submitTime, startTime, context, "test");
store.updateApplicationState(appState);
assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
// Remove app
store.removeApplication(mockApp);
assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
// store RM delegation token;
RMDelegationTokenIdentifier dtId1 = new RMDelegationTokenIdentifier(new Text("owner1"), new Text("renewer1"), new Text("realuser1"));
Long renewDate1 = new Long(System.currentTimeMillis());
dtId1.setSequenceNumber(1111);
store.storeRMDelegationToken(dtId1, renewDate1);
assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
store.updateRMDelegationToken(dtId1, renewDate1);
assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
// remove delegation key;
store.removeRMDelegationToken(dtId1);
assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
// store delegation master key;
DelegationKey key = new DelegationKey(1234, 4321, "keyBytes".getBytes());
store.storeRMDTMasterKey(key);
assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
// remove delegation master key;
store.removeRMDTMasterKey(key);
assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
// store or update AMRMToken;
store.storeOrUpdateAMRMTokenSecretManager(null, false);
assertEquals("RMStateStore should have been in fenced state", true, store.isFencedState());
store.close();
}
Also used :
RMApp(org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)
RMAppAttemptMetrics(org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.RMAppAttemptMetrics)
ClientToAMTokenSecretManagerInRM(org.apache.hadoop.yarn.server.resourcemanager.security.ClientToAMTokenSecretManagerInRM)
RMAppAttempt(org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.RMAppAttempt)
ContainerPBImpl(org.apache.hadoop.yarn.api.records.impl.pb.ContainerPBImpl)
Text(org.apache.hadoop.io.Text)
ApplicationAttemptId(org.apache.hadoop.yarn.api.records.ApplicationAttemptId)
ApplicationStateData(org.apache.hadoop.yarn.server.resourcemanager.recovery.records.ApplicationStateData)
RMDelegationTokenIdentifier(org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier)
SecretKey(javax.crypto.SecretKey)
Container(org.apache.hadoop.yarn.api.records.Container)
ApplicationSubmissionContextPBImpl(org.apache.hadoop.yarn.api.records.impl.pb.ApplicationSubmissionContextPBImpl)
DelegationKey(org.apache.hadoop.security.token.delegation.DelegationKey)
ApplicationSubmissionContext(org.apache.hadoop.yarn.api.records.ApplicationSubmissionContext)
ApplicationAttemptStateData(org.apache.hadoop.yarn.server.resourcemanager.recovery.records.ApplicationAttemptStateData)
AggregateAppResourceUsage(org.apache.hadoop.yarn.server.resourcemanager.rmapp.attempt.AggregateAppResourceUsage)
Test(org.junit.Test)
Example 2 with SecretKey
use of javax.crypto.SecretKey in project hadoop by apache.
the class TestZKRMStateStorePerf method run.
@SuppressWarnings("unchecked")
@Override
public int run(String[] args) {
LOG.info("Starting ZKRMStateStorePerf ver." + version);
int numApp = ZK_PERF_NUM_APP_DEFAULT;
int numAppAttemptPerApp = ZK_PERF_NUM_APPATTEMPT_PER_APP;
String hostPort = null;
boolean launchLocalZK = true;
if (args.length == 0) {
System.err.println("Missing arguments.");
return -1;
}
for (int i = 0; i < args.length; i++) {
// parse command line
if (args[i].equalsIgnoreCase("-appsize")) {
numApp = Integer.parseInt(args[++i]);
} else if (args[i].equalsIgnoreCase("-appattemptsize")) {
numAppAttemptPerApp = Integer.parseInt(args[++i]);
} else if (args[i].equalsIgnoreCase("-hostPort")) {
hostPort = args[++i];
launchLocalZK = false;
} else if (args[i].equalsIgnoreCase("-workingZnode")) {
workingZnode = args[++i];
} else {
System.err.println("Illegal argument: " + args[i]);
return -1;
}
}
if (launchLocalZK) {
try {
setUpZKServer();
} catch (Exception e) {
System.err.println("failed to setup. : " + e.getMessage());
return -1;
}
}
initStore(hostPort);
long submitTime = System.currentTimeMillis();
long startTime = System.currentTimeMillis() + 1234;
ArrayList<ApplicationId> applicationIds = new ArrayList<>();
ArrayList<RMApp> rmApps = new ArrayList<>();
ArrayList<ApplicationAttemptId> attemptIds = new ArrayList<>();
HashMap<ApplicationId, Set<ApplicationAttemptId>> appIdsToAttemptId = new HashMap<>();
TestDispatcher dispatcher = new TestDispatcher();
store.setRMDispatcher(dispatcher);
for (int i = 0; i < numApp; i++) {
ApplicationId appId = ApplicationId.newInstance(clusterTimeStamp, i);
applicationIds.add(appId);
ArrayList<ApplicationAttemptId> attemptIdsForThisApp = new ArrayList<>();
for (int j = 0; j < numAppAttemptPerApp; j++) {
ApplicationAttemptId attemptId = ApplicationAttemptId.newInstance(appId, j);
attemptIdsForThisApp.add(attemptId);
}
appIdsToAttemptId.put(appId, new LinkedHashSet(attemptIdsForThisApp));
attemptIds.addAll(attemptIdsForThisApp);
}
for (ApplicationId appId : applicationIds) {
RMApp app = null;
try {
app = storeApp(store, appId, submitTime, startTime);
} catch (Exception e) {
System.err.println("failed to create Application Znode. : " + e.getMessage());
return -1;
}
waitNotify(dispatcher);
rmApps.add(app);
}
for (ApplicationAttemptId attemptId : attemptIds) {
Token<AMRMTokenIdentifier> tokenId = generateAMRMToken(attemptId, appTokenMgr);
SecretKey clientTokenKey = clientToAMTokenMgr.createMasterKey(attemptId);
try {
storeAttempt(store, attemptId, ContainerId.newContainerId(attemptId, 0L).toString(), tokenId, clientTokenKey, dispatcher);
} catch (Exception e) {
System.err.println("failed to create AppAttempt Znode. : " + e.getMessage());
return -1;
}
}
long storeStart = System.currentTimeMillis();
try {
store.loadState();
} catch (Exception e) {
System.err.println("failed to locaState from ZKRMStateStore. : " + e.getMessage());
return -1;
}
long storeEnd = System.currentTimeMillis();
long loadTime = storeEnd - storeStart;
String resultMsg = "ZKRMStateStore takes " + loadTime + " msec to loadState.";
LOG.info(resultMsg);
System.out.println(resultMsg);
// cleanup
try {
for (RMApp app : rmApps) {
ApplicationStateData appState = ApplicationStateData.newInstance(app.getSubmitTime(), app.getStartTime(), app.getApplicationSubmissionContext(), app.getUser());
ApplicationId appId = app.getApplicationId();
Map m = mock(Map.class);
when(m.keySet()).thenReturn(appIdsToAttemptId.get(appId));
appState.attempts = m;
store.removeApplicationStateInternal(appState);
}
} catch (Exception e) {
System.err.println("failed to cleanup. : " + e.getMessage());
return -1;
}
return 0;
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
RMApp(org.apache.hadoop.yarn.server.resourcemanager.rmapp.RMApp)
LinkedHashSet(java.util.LinkedHashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
ApplicationAttemptId(org.apache.hadoop.yarn.api.records.ApplicationAttemptId)
ApplicationStateData(org.apache.hadoop.yarn.server.resourcemanager.recovery.records.ApplicationStateData)
SecretKey(javax.crypto.SecretKey)
AMRMTokenIdentifier(org.apache.hadoop.yarn.security.AMRMTokenIdentifier)
ApplicationId(org.apache.hadoop.yarn.api.records.ApplicationId)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 3 with SecretKey
use of javax.crypto.SecretKey in project UltimateAndroid by cymcsg.
the class TripleDES method decrypt.
/**
* Decrypt the message with TripleDES
*
* @param message
* @return
* @throws Exception
*/
public static String decrypt(String message) throws Exception {
if (message == null || message == "")
return "";
byte[] values = Base64decoding(message, 0);
final MessageDigest md = MessageDigest.getInstance("SHA-1");
final byte[] digestOfPassword = md.digest(token.getBytes("utf-8"));
final byte[] keyBytes = copyOf(digestOfPassword, 24);
for (int j = 0, k = 16; j < 8; ) {
keyBytes[k++] = keyBytes[j++];
}
final SecretKey key = new SecretKeySpec(keyBytes, "DESede");
String s1 = "12345678";
byte[] bytes = s1.getBytes();
final IvParameterSpec iv = new IvParameterSpec(bytes);
final Cipher decipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
decipher.init(Cipher.DECRYPT_MODE, key, iv);
final byte[] plainText = decipher.doFinal(values);
return new String(plainText, "UTF-8");
}
Also used :
SecretKey(javax.crypto.SecretKey)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
MessageDigest(java.security.MessageDigest)
Example 4 with SecretKey
use of javax.crypto.SecretKey in project OpenAttestation by OpenAttestation.
the class ProvisionTPM method takeOwnership.
/**
* Entry point into the program
* @throws Exception
*/
public static void takeOwnership() throws Exception {
// throws InvalidKeyException, CertificateEncodingException, UnrecoverableKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException, NoSuchProviderException, KeyStoreException, CertificateException, IOException, javax.security.cert.CertificateException {
//get properties file info
final String OWNER_AUTH = "TpmOwnerAuth";
final String EC_VALIDITY = "EcValidityDays";
final String EC_STORAGE = "ecStorage";
final String PRIVACY_CA_URL = "PrivacyCaUrl";
final String TRUST_STORE = "TrustStore";
final String PRIVACY_CA_CERT = "PrivacyCaCertFile";
final String EC_LOCATION = "ecLocation";
String ecStorage = "";
String ecStorageFileName = "";
String PrivacyCaUrl = "";
int EcValidityDays = 0;
String PrivacyCaCertFile = "";
byte[] TpmOwnerAuth = null;
byte[] encryptCert = null;
byte[] pubEkMod = null;
X509Certificate pcaCert = null;
PublicKey publicKey = null;
//This is for logging purpose
String propertiesFileName = ResourceFinder.getLocation("hisprovisioner.properties");
FileInputStream PropertyFile = null;
String tpmOwnerAuth = "";
String homeFolder = "";
try {
File propFile = ResourceFinder.getFile("hisprovisioner.properties");
PropertyFile = new FileInputStream(propFile);
Properties HisProvisionerProperties = new Properties();
HisProvisionerProperties.load(new InputStreamReader(PropertyFile, "UTF-8"));
homeFolder = propFile.getAbsolutePath();
homeFolder = homeFolder.substring(0, homeFolder.indexOf("hisprovisioner.properties"));
log.info("Home folder : " + homeFolder);
EcValidityDays = Integer.parseInt(HisProvisionerProperties.getProperty(EC_VALIDITY, ""));
tpmOwnerAuth = HisProvisionerProperties.getProperty(OWNER_AUTH, "");
if (tpmOwnerAuth != null) {
TpmOwnerAuth = Hex.decodeHex(tpmOwnerAuth.toCharArray());
}
//else if (tpmOwnerAuth.length() == 40) {
// log.info("owner authentication is hex code formatted");
// TpmOwnerAuth = TpmUtils.hexStringToByteArray(tpmOwnerAuth);
//} else {
// log.info("illegal owner authentication detected! accepted owner authentication is 20 or 40 long characters");
//}
//TpmOwnerAuth = TpmUtils.hexStringToByteArray(HisProvisionerProperties.getProperty(OWNER_AUTH, ""));
PrivacyCaUrl = HisProvisionerProperties.getProperty(PRIVACY_CA_URL, "");
PrivacyCaCertFile = HisProvisionerProperties.getProperty(PRIVACY_CA_CERT, "");
ecStorage = HisProvisionerProperties.getProperty(EC_STORAGE, "NVRAM");
ecStorageFileName = HisProvisionerProperties.getProperty(EC_LOCATION, ".") + System.getProperty("file.separator") + "EC.cer";
log.info("ecStorageFileName:" + ecStorageFileName);
} catch (FileNotFoundException e) {
throw new PrivacyCAException("Error finding HIS Provisioner properties file (HISprovisionier.properties)", e);
} catch (IOException e) {
throw new PrivacyCAException("Error loading HIS Provisioner properties file (HISprovisionier.properties)", e);
} catch (NumberFormatException e) {
throw new PrivacyCAException("Error while reading EcValidityDays", e);
} finally {
if (PropertyFile != null) {
try {
PropertyFile.close();
} catch (IOException e) {
log.log(Level.SEVERE, "Error while closing the property file ", e);
}
}
}
String errorString = "Properties file \"" + propertiesFileName + "\" contains errors:\n";
boolean hasErrors = false;
if (EcValidityDays == 0) {
errorString += " - \"EcValidityDays\" value must be the number of validity days for the Endorsement Credential\n";
hasErrors = true;
}
if (TpmOwnerAuth == null) {
// || TpmOwnerAuth.length != 20){
errorString += " - \"TpmOwnerAuth\" value must be set representing the TPM owner auth\n";
hasErrors = true;
}
if (hasErrors) {
throw new PrivacyCAException(errorString);
}
//Provision the TPM
log.info("Performing TPM provisioning...");
Security.addProvider(new BouncyCastleProvider());
SecretKey deskey = TpmUtils.generateSecretKey();
// Take Ownership
byte[] nonce = null;
try {
nonce = TpmUtils.createRandomBytes(20);
TpmModule.takeOwnership(TpmOwnerAuth, nonce);
} catch (TpmModuleException e) {
if (e.toString().contains(".takeOwnership returned nonzero error: 4")) {
Logger.getLogger(ProvisionTPM.class.getName()).info("Ownership is already taken : ");
if (!System.getProperty("forceCreateEk", "false").equals("true")) {
// feature to help with bug #554 and allow admin to force creating an ek (in case it failed the first time due to a non-tpm error such as java missing classes exception
return;
}
} else
throw e;
} catch (IOException e) {
e.printStackTrace();
}
// Create Endorsement Certificate
try {
nonce = TpmUtils.createRandomBytes(20);
pubEkMod = TpmModule.getEndorsementKeyModulus(TpmOwnerAuth, nonce);
} catch (TpmModuleException e) {
System.out.println("Error getting PubEK: " + e.toString());
} catch (Exception e) {
System.out.println("Error getting PubEK: " + e.toString());
}
try {
pcaCert = TpmUtils.certFromFile(homeFolder + PrivacyCaCertFile);
if (pcaCert != null) {
publicKey = (RSAPublicKey) pcaCert.getPublicKey();
}
} catch (Exception e) {
System.out.println("print out error message: " + e.toString());
e.printStackTrace();
}
try {
IHisPrivacyCAWebService2 hisPrivacyCAWebService2 = HisPrivacyCAWebServices2ClientInvoker.getHisPrivacyCAWebService2(PrivacyCaUrl);
encryptCert = hisPrivacyCAWebService2.requestGetEC(TpmUtils.encryptDES(pubEkMod, deskey), TpmUtils.encryptRSA(deskey.getEncoded(), publicKey), EcValidityDays);
} catch (Exception e) {
System.out.println("FAILED");
e.printStackTrace();
System.exit(1);
}
//Decrypt and generate endorsement certificate
X509Certificate ekCert = null;
try {
if (encryptCert != null) {
ekCert = TpmUtils.certFromBytes(TpmUtils.decryptDES(encryptCert, deskey));
}
} catch (java.security.cert.CertificateException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
// Store the new EC in NV-RAM or in the file
try {
if (ecStorage.equalsIgnoreCase("file")) {
File ecFile = new File(ecStorageFileName);
FileOutputStream ecFileOut = new FileOutputStream(ecFile);
ecFileOut.write(ekCert.getEncoded());
ecFileOut.flush();
ecFileOut.close();
} else {
TpmModule.setCredential(TpmOwnerAuth, "EC", ekCert.getEncoded());
}
System.out.println(ekCert.getEncoded().length);
} catch (TpmModuleException e) {
System.out.println("Error getting PubEK: " + e.toString());
} catch (CertificateEncodingException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
System.out.println("DONE");
//System.exit(0);
return;
}
Also used :
FileNotFoundException(java.io.FileNotFoundException)
CertificateException(javax.security.cert.CertificateException)
Properties(java.util.Properties)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
IHisPrivacyCAWebService2(gov.niarl.his.webservices.hisPrivacyCAWebService2.IHisPrivacyCAWebService2)
InputStreamReader(java.io.InputStreamReader)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
PublicKey(java.security.PublicKey)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
FileInputStream(java.io.FileInputStream)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IOException(java.io.IOException)
TpmModuleException(gov.niarl.his.privacyca.TpmModule.TpmModuleException)
FileNotFoundException(java.io.FileNotFoundException)
CertificateException(javax.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
NoSuchProviderException(java.security.NoSuchProviderException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
SecretKey(javax.crypto.SecretKey)
FileOutputStream(java.io.FileOutputStream)
TpmModuleException(gov.niarl.his.privacyca.TpmModule.TpmModuleException)
File(java.io.File)
Example 5 with SecretKey
use of javax.crypto.SecretKey in project hadoop by apache.
the class RMStateStore method getCredentialsFromAppAttempt.
public Credentials getCredentialsFromAppAttempt(RMAppAttempt appAttempt) {
Credentials credentials = new Credentials();
SecretKey clientTokenMasterKey = appAttempt.getClientTokenMasterKey();
if (clientTokenMasterKey != null) {
credentials.addSecretKey(AM_CLIENT_TOKEN_MASTER_KEY_NAME, clientTokenMasterKey.getEncoded());
}
return credentials;
}
Also used :
SecretKey(javax.crypto.SecretKey)
Credentials(org.apache.hadoop.security.Credentials)
Aggregations
SecretKey (javax.crypto.SecretKey)1204
Cipher (javax.crypto.Cipher)339
SecretKeySpec (javax.crypto.spec.SecretKeySpec)336
KeyGenerator (javax.crypto.KeyGenerator)334
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)213
Test (org.junit.Test)200
SecretKeyFactory (javax.crypto.SecretKeyFactory)182
InputStream (java.io.InputStream)177
ArrayList (java.util.ArrayList)162
ByteArrayOutputStream (java.io.ByteArrayOutputStream)157
Document (org.w3c.dom.Document)157
ByteArrayInputStream (java.io.ByteArrayInputStream)148
XMLStreamReader (javax.xml.stream.XMLStreamReader)131
InvalidKeyException (java.security.InvalidKeyException)130
XMLSecurityProperties (org.apache.xml.security.stax.ext.XMLSecurityProperties)123
PBEKeySpec (javax.crypto.spec.PBEKeySpec)118
IOException (java.io.IOException)113
SecureRandom (java.security.SecureRandom)109
DocumentBuilder (javax.xml.parsers.DocumentBuilder)109
NodeList (org.w3c.dom.NodeList)102
