Example 1 with SConfiguration
use of co.cask.cdap.common.conf.SConfiguration in project cdap by caskdata.
the class ExternalLDAPAuthenticationServerSSLTest method beforeClass.
@BeforeClass
public static void beforeClass() throws Exception {
URL certUrl = ExternalLDAPAuthenticationServerSSLTest.class.getClassLoader().getResource("cert.jks");
Assert.assertNotNull(certUrl);
String authHandlerConfigBase = Constants.Security.AUTH_HANDLER_CONFIG_BASE;
CConfiguration cConf = CConfiguration.create();
SConfiguration sConf = SConfiguration.create();
cConf.set(Constants.Security.AUTH_SERVER_BIND_ADDRESS, "127.0.0.1");
cConf.set(Constants.Security.SSL.EXTERNAL_ENABLED, "true");
cConf.set(Constants.Security.AuthenticationServer.SSL_PORT, "0");
cConf.set(authHandlerConfigBase.concat("useLdaps"), "true");
cConf.set(authHandlerConfigBase.concat("ldapsVerifyCertificate"), "false");
sConf.set(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PATH, certUrl.getPath());
configuration = cConf;
sConfiguration = sConf;
String keystorePassword = sConf.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PASSWORD);
KeyStoreKeyManager keyManager = new KeyStoreKeyManager(certUrl.getFile(), keystorePassword.toCharArray());
SSLUtil sslUtil = new SSLUtil(keyManager, new TrustAllTrustManager());
ldapListenerConfig = InMemoryListenerConfig.createLDAPSConfig("LDAP", InetAddress.getByName("127.0.0.1"), ldapPort, sslUtil.createSSLServerSocketFactory(), sslUtil.createSSLSocketFactory());
testServer = new ExternalLDAPAuthenticationServerSSLTest();
testServer.setup();
}
Also used :
KeyStoreKeyManager(com.unboundid.util.ssl.KeyStoreKeyManager)
SSLUtil(com.unboundid.util.ssl.SSLUtil)
SConfiguration(co.cask.cdap.common.conf.SConfiguration)
TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager)
CConfiguration(co.cask.cdap.common.conf.CConfiguration)
URL(java.net.URL)
BeforeClass(org.junit.BeforeClass)
Example 2 with SConfiguration
use of co.cask.cdap.common.conf.SConfiguration in project cdap by caskdata.
the class FileSecureStoreTest method setUp.
@Before
public void setUp() throws Exception {
CConfiguration conf = CConfiguration.create();
conf.set(Constants.Security.Store.FILE_PATH, STORE_PATH);
SConfiguration sConf = SConfiguration.create();
sConf.set(Constants.Security.Store.FILE_PASSWORD, "secret");
InMemoryNamespaceClient namespaceClient = new InMemoryNamespaceClient();
NamespaceMeta namespaceMeta = new NamespaceMeta.Builder().setName(NAMESPACE1).build();
namespaceClient.create(namespaceMeta);
namespaceMeta = new NamespaceMeta.Builder().setName(NAMESPACE2).build();
namespaceClient.create(namespaceMeta);
FileSecureStore fileSecureStore = new FileSecureStore(conf, sConf, namespaceClient);
secureStoreManager = fileSecureStore;
secureStore = fileSecureStore;
}
Also used :
NamespaceMeta(co.cask.cdap.proto.NamespaceMeta)
SConfiguration(co.cask.cdap.common.conf.SConfiguration)
InMemoryNamespaceClient(co.cask.cdap.common.namespace.InMemoryNamespaceClient)
CConfiguration(co.cask.cdap.common.conf.CConfiguration)
Before(org.junit.Before)
Example 3 with SConfiguration
use of co.cask.cdap.common.conf.SConfiguration in project cdap by caskdata.
the class ExternalMTLSAuthenticationServerTest method beforeClass.
@BeforeClass
public static void beforeClass() throws Exception {
URL serverTrustoreURL = ExternalMTLSAuthenticationServerTest.class.getClassLoader().getResource("server-trust.jks");
URL serverKeystoreURL = ExternalMTLSAuthenticationServerTest.class.getClassLoader().getResource("server-key.jks");
URL realmURL = ExternalMTLSAuthenticationServerTest.class.getClassLoader().getResource("realm.properties");
Assert.assertNotNull(serverTrustoreURL);
Assert.assertNotNull(serverKeystoreURL);
Assert.assertNotNull(realmURL);
CConfiguration cConf = CConfiguration.create();
SConfiguration sConf = SConfiguration.create();
cConf.set(Constants.Security.AUTH_SERVER_BIND_ADDRESS, "127.0.0.1");
// enables SSL
cConf.set(Constants.Security.SSL.EXTERNAL_ENABLED, "true");
cConf.set(Constants.Security.AuthenticationServer.SSL_PORT, "0");
// set up port for non-ssl endpoints
cConf.set(Constants.Security.AUTH_SERVER_BIND_PORT, "1");
// Configure the Custom Handler
cConf.set(AUTH_HANDLER_CONFIG_BASE.concat("ClassName"), "co.cask.cdap.security.server" + ".CertificateAuthenticationHandler");
// setup the realm file for Identity
cConf.set(AUTH_HANDLER_CONFIG_BASE.concat("realmfile"), realmURL.getPath());
cConf.set(Constants.Security.AuthenticationServer.SSL_TRUSTSTORE_PATH, serverTrustoreURL.getPath());
cConf.set(Constants.Security.AuthenticationServer.SSL_TRUSTSTORE_PASSWORD, "secret");
cConf.set(Constants.Security.AuthenticationServer.SSL_TRUSTSTORE_TYPE, "JKS");
// Setup the Server's Key Store
cConf.set(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PATH, serverKeystoreURL.getPath());
sConf.set(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PATH, serverKeystoreURL.getPath());
sConf.set(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PASSWORD, "secret");
sConf.set(Constants.Security.AuthenticationServer.SSL_KEYPASSWORD, "secret");
sConf.set(Constants.Security.AuthenticationServer.SSL_KEYSTORE_TYPE, "JKS");
configuration = cConf;
sConfiguration = sConf;
testServer = new ExternalMTLSAuthenticationServerTest();
testServer.setup();
}
Also used :
SConfiguration(co.cask.cdap.common.conf.SConfiguration)
CConfiguration(co.cask.cdap.common.conf.CConfiguration)
URL(java.net.URL)
BeforeClass(org.junit.BeforeClass)
Example 4 with SConfiguration
use of co.cask.cdap.common.conf.SConfiguration in project cdap by caskdata.
the class KeyStoresTest method testGetSSLKeyStore.
@Test
public void testGetSSLKeyStore() throws Exception {
SConfiguration sConf = SConfiguration.create();
sConf.set(Constants.Security.SSL.KEYSTORE_PASSWORD, SSL_PASSWORD);
KeyStore ks = KeyStores.generatedCertKeyStore(sConf, SSL_PASSWORD);
Assert.assertEquals(KeyStores.SSL_KEYSTORE_TYPE, ks.getType());
Assert.assertEquals(KeyStores.CERT_ALIAS, ks.aliases().nextElement());
Assert.assertEquals(1, ks.size());
Assert.assertTrue(ks.getCertificate(KeyStores.CERT_ALIAS) instanceof X509Certificate);
X509Certificate cert = (X509Certificate) ks.getCertificate(KeyStores.CERT_ALIAS);
// throws an exception on failure
cert.checkValidity();
Assert.assertEquals(CERTIFICATE_TYPE, cert.getType());
Assert.assertEquals(KeyStores.SIGNATURE_ALGORITHM, cert.getSigAlgName());
Assert.assertEquals(KeyStores.DISTINGUISHED_NAME, cert.getIssuerDN().getName());
Assert.assertEquals(3, cert.getVersion());
}
Also used :
SConfiguration(co.cask.cdap.common.conf.SConfiguration)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Example 5 with SConfiguration
use of co.cask.cdap.common.conf.SConfiguration in project cdap by caskdata.
the class SecureStoreTest method beforeClass.
@BeforeClass
public static void beforeClass() throws Exception {
CConfiguration cConf = CConfiguration.create();
cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMP_FOLDER.newFolder().getAbsolutePath());
cConf.set(Constants.Security.Store.PROVIDER, "file");
SConfiguration sConf = SConfiguration.create();
sConf.set(Constants.Security.Store.FILE_PASSWORD, "secret");
Injector injector = Guice.createInjector(new ConfigModule(cConf, new Configuration(), sConf), new SecureStoreModules().getInMemoryModules(), new AuthorizationTestModule(), new AuthenticationContextModules().getNoOpModule(), new AbstractModule() {
@Override
protected void configure() {
bind(AuthorizationEnforcer.class).to(NoOpAuthorizer.class);
bind(NamespaceAdmin.class).to(InMemoryNamespaceClient.class).in(Scopes.SINGLETON);
bind(NamespaceQueryAdmin.class).to(NamespaceAdmin.class);
}
});
injector.getInstance(NamespaceAdmin.class).create(NamespaceMeta.DEFAULT);
httpServer = new CommonNettyHttpServiceBuilder(injector.getInstance(CConfiguration.class), "SecureStore").setHttpHandlers(Collections.singleton(injector.getInstance(SecureStoreHandler.class))).build();
httpServer.start();
}
Also used :
CConfiguration(co.cask.cdap.common.conf.CConfiguration)
SConfiguration(co.cask.cdap.common.conf.SConfiguration)
Configuration(org.apache.hadoop.conf.Configuration)
CommonNettyHttpServiceBuilder(co.cask.cdap.common.http.CommonNettyHttpServiceBuilder)
ConfigModule(co.cask.cdap.common.guice.ConfigModule)
AuthenticationContextModules(co.cask.cdap.security.auth.context.AuthenticationContextModules)
SecureStoreModules(co.cask.cdap.security.guice.SecureStoreModules)
NamespaceAdmin(co.cask.cdap.common.namespace.NamespaceAdmin)
NoOpAuthorizer(co.cask.cdap.security.spi.authorization.NoOpAuthorizer)
CConfiguration(co.cask.cdap.common.conf.CConfiguration)
AuthorizationTestModule(co.cask.cdap.security.authorization.AuthorizationTestModule)
AbstractModule(com.google.inject.AbstractModule)
Injector(com.google.inject.Injector)
SConfiguration(co.cask.cdap.common.conf.SConfiguration)
BeforeClass(org.junit.BeforeClass)
Aggregations
SConfiguration (co.cask.cdap.common.conf.SConfiguration)10
CConfiguration (co.cask.cdap.common.conf.CConfiguration)9
BeforeClass (org.junit.BeforeClass)6
Injector (com.google.inject.Injector)5
DiscoveryServiceClient (org.apache.twill.discovery.DiscoveryServiceClient)4
AbstractModule (com.google.inject.AbstractModule)3
DiscoveryRuntimeModule (co.cask.cdap.common.guice.DiscoveryRuntimeModule)2
AppFabricTestModule (co.cask.cdap.internal.guice.AppFabricTestModule)2
RouteStore (co.cask.cdap.route.store.RouteStore)2
AccessTokenTransformer (co.cask.cdap.security.auth.AccessTokenTransformer)2
SecurityModules (co.cask.cdap.security.guice.SecurityModules)2
URL (java.net.URL)2
Discoverable (org.apache.twill.discovery.Discoverable)2
Test (org.junit.Test)2
Logger (ch.qos.logback.classic.Logger)1
SecureStore (co.cask.cdap.api.security.store.SecureStore)1
SecureStoreManager (co.cask.cdap.api.security.store.SecureStoreManager)1
EndpointStrategy (co.cask.cdap.common.discovery.EndpointStrategy)1
RandomEndpointStrategy (co.cask.cdap.common.discovery.RandomEndpointStrategy)1
ConfigModule (co.cask.cdap.common.guice.ConfigModule)1
