Examples with ActorKerberosKey com.cloudera.thunderhead.service.usermanagement.UserManagementProto.ActorKerberosKey used on opensource projects

Search in sources :

Example 1 with ActorKerberosKey

use of com.cloudera.thunderhead.service.usermanagement.UserManagementProto.ActorKerberosKey in project cloudbreak by hortonworks.

the class UserKeytabService method getKeytabBase64.

public String getKeytabBase64(String userCrn, String environmentCrn) {
    String userAccountId = Crn.safeFromString(userCrn).getAccountId();
    validateSameAccount(userAccountId, environmentCrn);
    String realm = getKerberosRealm(userAccountId, environmentCrn);
    GetActorWorkloadCredentialsResponse getActorWorkloadCredentialsResponse = grpcUmsClient.getActorWorkloadCredentials(userCrn, MDCUtils.getRequestId(), regionAwareInternalCrnGeneratorFactory);
    validateHasCredentials(getActorWorkloadCredentialsResponse);
    String workloadUsername = getActorWorkloadCredentialsResponse.getWorkloadUsername();
    validateFreeIpaState(workloadUsername, environmentCrn);
    List<ActorKerberosKey> actorKerberosKeys = getActorWorkloadCredentialsResponse.getKerberosKeysList();
    return userKeytabGenerator.generateKeytabBase64(workloadUsername, realm, actorKerberosKeys);
}
Also used : GetActorWorkloadCredentialsResponse(com.cloudera.thunderhead.service.usermanagement.UserManagementProto.GetActorWorkloadCredentialsResponse) ActorKerberosKey(com.cloudera.thunderhead.service.usermanagement.UserManagementProto.ActorKerberosKey)

Example 2 with ActorKerberosKey

use of com.cloudera.thunderhead.service.usermanagement.UserManagementProto.ActorKerberosKey in project cloudbreak by hortonworks.

the class KrbKeySetEncoder method getASNEncodedKrbPrincipalKey.

public static String getASNEncodedKrbPrincipalKey(List<ActorKerberosKey> keys) throws IOException {
    ASN1Encodable[] asn1Encodables = new ASN1Encodable[keys.size()];
    for (int i = 0; i < keys.size(); i++) {
        ActorKerberosKey key = keys.get(i);
        byte[] byteValue = Base64.getDecoder().decode(key.getKeyValue().getBytes(StandardCharsets.UTF_8));
        asn1Encodables[i] = makeKrbKey(makeSalt(key.getSaltType(), key.getSaltValue()), makeEncryptionKey(key.getKeyType(), byteValue));
    }
    DERSequence krbKeys = new DERSequence(asn1Encodables);
    DERSequence krbKeySet = new DERSequence(new ASN1Encodable[] { // attribute-major-vno
    new DERTaggedObject(true, TAG_ATTRIBUTE_MAJOR_VNO, new ASN1Integer(1)), // attribute-minor-vno
    new DERTaggedObject(true, TAG_ATTRIBUTE_MINOR_VNO, new ASN1Integer(1)), // kvno
    new DERTaggedObject(true, TAG_KVNO, new ASN1Integer(1)), // mkvno
    new DERTaggedObject(true, TAG_MKVNO, new ASN1Integer(1)), new DERTaggedObject(true, TAG_KEYS, krbKeys) });
    return Base64.getEncoder().encodeToString(krbKeySet.getEncoded());
}
Also used : DERSequence(org.bouncycastle.asn1.DERSequence) DERTaggedObject(org.bouncycastle.asn1.DERTaggedObject) ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable) ActorKerberosKey(com.cloudera.thunderhead.service.usermanagement.UserManagementProto.ActorKerberosKey) ASN1Integer(org.bouncycastle.asn1.ASN1Integer)

Example 3 with ActorKerberosKey

use of com.cloudera.thunderhead.service.usermanagement.UserManagementProto.ActorKerberosKey in project cloudbreak by hortonworks.

the class UserKeytabServiceTest method newActorKerberosKeys.

private static List<ActorKerberosKey> newActorKerberosKeys() {
    ActorKerberosKey key1 = ActorKerberosKey.newBuilder().build();
    ActorKerberosKey key2 = ActorKerberosKey.newBuilder().build();
    return List.of(key1, key2);
}
Also used : ActorKerberosKey(com.cloudera.thunderhead.service.usermanagement.UserManagementProto.ActorKerberosKey)

Example 4 with ActorKerberosKey

use of com.cloudera.thunderhead.service.usermanagement.UserManagementProto.ActorKerberosKey in project cloudbreak by hortonworks.

the class UserKeytabGenerator method generateKeytabBase64.

public String generateKeytabBase64(String username, String realm, List<ActorKerberosKey> actorKerberosKeys) {
    LOGGER.info("Generating keytab for username = {} with realm = {}", username, realm);
    if (actorKerberosKeys.isEmpty()) {
        throw new IllegalArgumentException("Expected at least 1 actorKerberosKeys");
    }
    List<KeytabEntry> keytabEntries = actorKerberosKeys.stream().map(key -> toKeytabEntry(username, realm, key)).collect(Collectors.toList());
    Keytab keytab = new Keytab();
    keytab.addKeytabEntries(keytabEntries);
    try (ByteArrayOutputStream outputStream = new ByteArrayOutputStream()) {
        keytab.store(outputStream);
        byte[] keyBytes = outputStream.toByteArray();
        return Base64.getEncoder().encodeToString(keyBytes);
    } catch (IOException e) {
        throw new RuntimeException("Failed to generate keytab", e);
    }
}
Also used : Clock(com.sequenceiq.cloudbreak.common.service.Clock) Logger(org.slf4j.Logger) ByteArrayOutputStream(java.io.ByteArrayOutputStream) LoggerFactory(org.slf4j.LoggerFactory) IOException(java.io.IOException) ActorKerberosKey(com.cloudera.thunderhead.service.usermanagement.UserManagementProto.ActorKerberosKey) Collectors(java.util.stream.Collectors) Inject(javax.inject.Inject) KeytabEntry(org.apache.kerby.kerberos.kerb.keytab.KeytabEntry) Component(org.springframework.stereotype.Component) Base64(java.util.Base64) List(java.util.List) EncryptionKey(org.apache.kerby.kerberos.kerb.type.base.EncryptionKey) KerberosTime(org.apache.kerby.kerberos.kerb.type.KerberosTime) Objects.requireNonNull(java.util.Objects.requireNonNull) EncryptionType(org.apache.kerby.kerberos.kerb.type.base.EncryptionType) Keytab(org.apache.kerby.kerberos.kerb.keytab.Keytab) PrincipalName(org.apache.kerby.kerberos.kerb.type.base.PrincipalName) Keytab(org.apache.kerby.kerberos.kerb.keytab.Keytab) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) KeytabEntry(org.apache.kerby.kerberos.kerb.keytab.KeytabEntry)

Aggregations

ActorKerberosKey (com.cloudera.thunderhead.service.usermanagement.UserManagementProto.ActorKerberosKey)4 GetActorWorkloadCredentialsResponse (com.cloudera.thunderhead.service.usermanagement.UserManagementProto.GetActorWorkloadCredentialsResponse)1 Clock (com.sequenceiq.cloudbreak.common.service.Clock)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 IOException (java.io.IOException)1 Base64 (java.util.Base64)1 List (java.util.List)1 Objects.requireNonNull (java.util.Objects.requireNonNull)1 Collectors (java.util.stream.Collectors)1 Inject (javax.inject.Inject)1 Keytab (org.apache.kerby.kerberos.kerb.keytab.Keytab)1 KeytabEntry (org.apache.kerby.kerberos.kerb.keytab.KeytabEntry)1 KerberosTime (org.apache.kerby.kerberos.kerb.type.KerberosTime)1 EncryptionKey (org.apache.kerby.kerberos.kerb.type.base.EncryptionKey)1 EncryptionType (org.apache.kerby.kerberos.kerb.type.base.EncryptionType)1 PrincipalName (org.apache.kerby.kerberos.kerb.type.base.PrincipalName)1 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)1 ASN1Integer (org.bouncycastle.asn1.ASN1Integer)1 DERSequence (org.bouncycastle.asn1.DERSequence)1 DERTaggedObject (org.bouncycastle.asn1.DERTaggedObject)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial