use of co.cask.cdap.common.io.Codec in project cdap by caskdata.
the class SecurityModule method configure.
@Override
protected final void configure() {
bind(new TypeLiteral<Codec<AccessToken>>() {
}).to(AccessTokenCodec.class).in(Scopes.SINGLETON);
bind(new TypeLiteral<Codec<AccessTokenIdentifier>>() {
}).to(AccessTokenIdentifierCodec.class).in(Scopes.SINGLETON);
bind(new TypeLiteral<Codec<KeyIdentifier>>() {
}).to(KeyIdentifierCodec.class).in(Scopes.SINGLETON);
bindKeyManager(binder());
bind(TokenManager.class).in(Scopes.SINGLETON);
bind(ExternalAuthenticationServer.class).in(Scopes.SINGLETON);
MapBinder<String, Object> handlerBinder = MapBinder.newMapBinder(binder(), String.class, Object.class, Names.named("security.handlers.map"));
handlerBinder.addBinding(ExternalAuthenticationServer.HandlerType.AUTHENTICATION_HANDLER).toProvider(AuthenticationHandlerProvider.class).in(Scopes.SINGLETON);
handlerBinder.addBinding(ExternalAuthenticationServer.HandlerType.GRANT_TOKEN_HANDLER).to(GrantAccessToken.class).in(Scopes.SINGLETON);
bind(AuditLogHandler.class).annotatedWith(Names.named(ExternalAuthenticationServer.NAMED_EXTERNAL_AUTH)).toInstance(new AuditLogHandler(EXTERNAL_AUTH_AUDIT_LOG));
bind(TokenValidator.class).to(AccessTokenValidator.class);
bind(AccessTokenTransformer.class).in(Scopes.SINGLETON);
expose(AccessTokenTransformer.class);
expose(TokenValidator.class);
expose(TokenManager.class);
expose(ExternalAuthenticationServer.class);
expose(new TypeLiteral<Codec<KeyIdentifier>>() {
});
}
use of co.cask.cdap.common.io.Codec in project cdap by caskdata.
the class DistributedKeyManagerTest method getKeyManager.
private DistributedKeyManager getKeyManager(Injector injector, boolean expectLeader) throws Exception {
ZKClientService zk = injector.getInstance(ZKClientService.class);
zk.startAndWait();
WaitableDistributedKeyManager keyManager = new WaitableDistributedKeyManager(injector.getInstance(CConfiguration.class), injector.getInstance(Key.get(new TypeLiteral<Codec<KeyIdentifier>>() {
})), zk);
keyManager.startAndWait();
if (expectLeader) {
keyManager.waitForLeader(5000, TimeUnit.MILLISECONDS);
}
return keyManager;
}
use of co.cask.cdap.common.io.Codec in project cdap by caskdata.
the class TestTokenManager method testTokenValidation.
@Test
public void testTokenValidation() throws Exception {
ImmutablePair<TokenManager, Codec<AccessToken>> pair = getTokenManagerAndCodec();
TokenManager tokenManager = pair.getFirst();
tokenManager.startAndWait();
Codec<AccessToken> tokenCodec = pair.getSecond();
long now = System.currentTimeMillis();
String user = "testuser";
List<String> groups = Lists.newArrayList("users", "admins");
AccessTokenIdentifier ident1 = new AccessTokenIdentifier(user, groups, now, now + TOKEN_DURATION);
AccessToken token1 = tokenManager.signIdentifier(ident1);
LOG.info("Signed token is: " + Bytes.toStringBinary(tokenCodec.encode(token1)));
// should be valid since we just signed it
tokenManager.validateSecret(token1);
// test token expiration
AccessTokenIdentifier expiredIdent = new AccessTokenIdentifier(user, groups, now - 1000, now - 1);
AccessToken expiredToken = tokenManager.signIdentifier(expiredIdent);
try {
tokenManager.validateSecret(expiredToken);
fail("Token should have been expired but passed validation: " + Bytes.toStringBinary(tokenCodec.encode(expiredToken)));
} catch (InvalidTokenException expected) {
}
// test token with invalid signature
Random random = new Random();
byte[] invalidDigest = token1.getDigestBytes();
random.nextBytes(invalidDigest);
AccessToken invalidToken = new AccessToken(token1.getIdentifier(), token1.getKeyId(), invalidDigest);
try {
tokenManager.validateSecret(invalidToken);
fail("Token should have been rejected for invalid digest but passed: " + Bytes.toStringBinary(tokenCodec.encode(invalidToken)));
} catch (InvalidTokenException expected) {
}
// test token with bad key ID
AccessToken invalidKeyToken = new AccessToken(token1.getIdentifier(), token1.getKeyId() + 1, token1.getDigestBytes());
try {
tokenManager.validateSecret(invalidKeyToken);
fail("Token should have been rejected for invalid key ID but passed: " + Bytes.toStringBinary(tokenCodec.encode(invalidToken)));
} catch (InvalidTokenException expected) {
}
tokenManager.stopAndWait();
}
Aggregations