Example 11 with UnauthorizedException
use of com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException in project coprhd-controller by CoprHD.
the class GeoServiceClient method resetBlacklist.
/**
* Reset geodb blacklist for given vdc short id
*/
public void resetBlacklist(String vdcShortId) {
WebResource rRoot = createRequest(VDCCONFIG_RESET_BLACKLIST).queryParam("vdc_short_id", vdcShortId);
rRoot.accept(MediaType.APPLICATION_XML);
try {
addSignature(rRoot).post(ClientResponse.class);
} catch (UnauthorizedException e) {
throw GeoException.fatals.unableConnect(endPoint, e);
} catch (GeoException e) {
throw e;
} catch (Exception e) {
throw GeoException.fatals.unableConnect(endPoint, e);
}
}
Also used :
UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)
WebResource(com.sun.jersey.api.client.WebResource)
UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)
Example 12 with UnauthorizedException
use of com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException in project coprhd-controller by CoprHD.
the class GeoServiceClient method syncVdcConfigPostCheck.
/**
* Post steps after syncing the VDC config list to a remote VDC.
*
* @param checkParam the list to be checked
* @throws Exception
*/
public void syncVdcConfigPostCheck(VdcPostCheckParam checkParam, String vdcName) {
WebResource rRoot = createRequest(VDCCONFIG_POSTCHECK_URI);
rRoot.accept(MediaType.APPLICATION_XML);
try {
addSignature(rRoot).post(checkParam);
} catch (UnauthorizedException e) {
throw GeoException.fatals.remoteVdcAuthorizationFailed(vdcName, e);
} catch (GeoException e) {
throw e;
} catch (Exception e) {
throw GeoException.fatals.failedToSedPostCheckRequest(vdcName, e);
}
}
Also used :
UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)
WebResource(com.sun.jersey.api.client.WebResource)
UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)
Example 13 with UnauthorizedException
use of com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException in project coprhd-controller by CoprHD.
the class GeoServiceClient method syncVdcCerts.
/**
* Send all the VDC certs list to a remote VDC.
*
* @param vdcCertListParam all the VDCs' certs
* @throws Exception
*/
public void syncVdcCerts(VdcCertListParam vdcCertListParam, String VdcName) {
WebResource rRoot = createRequest(VDCCONFIG_CERT_URI);
rRoot.accept(MediaType.APPLICATION_XML);
try {
addSignature(rRoot).post(vdcCertListParam);
} catch (UnauthorizedException e) {
throw GeoException.fatals.remoteVdcAuthorizationFailed(VdcName, e);
} catch (GeoException e) {
throw e;
} catch (Exception e) {
throw GeoException.fatals.connectVdcSyncCertFail(VdcName, e);
}
}
Also used :
UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)
WebResource(com.sun.jersey.api.client.WebResource)
UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)
Example 14 with UnauthorizedException
use of com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException in project coprhd-controller by CoprHD.
the class TokenManagerTests method testTokenKeysSignature.
/**
* tests for token signature manipulation
*
* @throws Exception
*/
@Test
public void testTokenKeysSignature() throws Exception {
commonDefaultSetupForSingleNodeTests();
StorageOSUserDAO userDAO = new StorageOSUserDAO();
userDAO.setUserName("user1");
userDAO.setIsLocal(true);
final String token = _tokenManager.getToken(userDAO);
Assert.assertNotNull(token);
TokenOnWire tw1 = _encoder.decode(token);
// verify token
StorageOSUserDAO gotUser = _tokenManager.validateToken(token);
Assert.assertNotNull(gotUser);
// base64 decode the token, just to look at the version field and
// make sure it is set to what we think.
byte[] decoded = Base64.decodeBase64(token.getBytes("UTF-8"));
SignedToken stOffTheWire = (SignedToken) _serializer.fromByteArray(SignedToken.class, decoded);
Assert.assertEquals(stOffTheWire.getTokenEncodingVersion(), Base64TokenEncoder.VIPR_ENCODING_VERSION);
// Re-encode the valid token, using a bad signature. Try to validate that.
byte[] reserialized = _serializer.toByteArray(TokenOnWire.class, tw1);
SignedToken st = new SignedToken(reserialized, "badsignature");
byte[] serializedSignedToken = _serializer.toByteArray(SignedToken.class, st);
byte[] forgedToken = Base64.encodeBase64(serializedSignedToken);
// Resulting token should fail validation even though the embedded token data is good
try {
gotUser = _tokenManager.validateToken(new String(forgedToken, "UTF-8"));
Assert.fail("Resulting token should fail validation");
} catch (UnauthorizedException ex) {
// This is an expected exception
Assert.assertTrue(true);
}
try {
gotUser = _tokenManager.validateToken("somethingthatwontevendecode");
Assert.fail("Arbitrary token should not be validated.");
} catch (UnauthorizedException ex) {
// This is an expected exception.
Assert.assertTrue(true);
}
}
Also used :
SignedToken(com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken)
StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO)
UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)
TokenOnWire(com.emc.storageos.security.authentication.TokenOnWire)
Test(org.junit.Test)
Example 15 with UnauthorizedException
use of com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException in project coprhd-controller by CoprHD.
the class TokenManagerTests method testMultiNodesCacheUpdates.
/**
* Tests out of sync cache behavior with multiple nodes.
*
* @throws Exception
*/
@Test
public void testMultiNodesCacheUpdates() throws Exception {
// For this test, we need our custom setup, with several
// tokenManagers sharing a common TestCoordinator. This will
// simulate shared zookeeper data on the cluster. And the different
// tokenManagers/KeyGenerators will simulate the different nodes with
// out of sync caches.
final long ROTATION_INTERVAL_MSECS = 5000;
DbClient dbClient = getDbClient();
CoordinatorClient coordinator = new TestCoordinator();
// Node 1
CassandraTokenManager tokenManager1 = new CassandraTokenManager();
Base64TokenEncoder encoder1 = new Base64TokenEncoder();
TokenKeyGenerator tokenKeyGenerator1 = new TokenKeyGenerator();
TokenMaxLifeValuesHolder holder1 = new TokenMaxLifeValuesHolder();
// means that once a token is created,
holder1.setKeyRotationIntervalInMSecs(ROTATION_INTERVAL_MSECS);
// if the next token being requested happens 5 seconds later or more, the keys will
// rotate. This is to test the built in logic that triggers rotation.
tokenManager1.setTokenMaxLifeValuesHolder(holder1);
tokenManager1.setDbClient(dbClient);
tokenManager1.setCoordinator(coordinator);
encoder1.setCoordinator(coordinator);
tokenKeyGenerator1.setTokenMaxLifeValuesHolder(holder1);
encoder1.setTokenKeyGenerator(tokenKeyGenerator1);
encoder1.managerInit();
tokenManager1.setTokenEncoder(encoder1);
// Node 2
CassandraTokenManager tokenManager2 = new CassandraTokenManager();
Base64TokenEncoder encoder2 = new Base64TokenEncoder();
TokenKeyGenerator tokenKeyGenerator2 = new TokenKeyGenerator();
TokenMaxLifeValuesHolder holder2 = new TokenMaxLifeValuesHolder();
holder2.setKeyRotationIntervalInMSecs(ROTATION_INTERVAL_MSECS);
tokenManager2.setTokenMaxLifeValuesHolder(holder2);
tokenManager2.setDbClient(dbClient);
tokenManager2.setCoordinator(coordinator);
encoder2.setCoordinator(coordinator);
tokenKeyGenerator2.setTokenMaxLifeValuesHolder(holder2);
encoder2.setTokenKeyGenerator(tokenKeyGenerator2);
encoder2.managerInit();
tokenManager2.setTokenEncoder(encoder2);
// We do not need to use multi threads for these tests. We are using
// a determined sequence of events to cause caches to be out of sync and
// see how the keyGenerators react.
// SCENARIO 1 -----------------------------------------------------------------
// Cause a rotation on node1, then go with that token to node 2 to validate the
// token. Node2 should update the cache automatically to find the new key and
// validate the token successfully.
resetCoordinatorData(coordinator, tokenManager1, tokenManager2, encoder1, encoder2, tokenKeyGenerator1, tokenKeyGenerator2);
// cause the rotation
Thread.sleep((ROTATION_INTERVAL_MSECS) + 1000);
StorageOSUserDAO userDAO = new StorageOSUserDAO();
userDAO.setUserName("user1");
// get a new token from node 1 (it will be encoded with a new key)
final String token3 = tokenManager1.getToken(userDAO);
Assert.assertNotNull(token3);
// validate it on node 2
StorageOSUserDAO gotUser = tokenManager2.validateToken(token3);
Assert.assertNotNull(gotUser);
// SCENARIO 2 -----------------------------------------------------------------
// Create a token with the current key on node 1. Cause 2 rotations on node1, then go with that
// token to node 2 to validate. At that point, node 2 still has the token's key in cache. But
// that key is now 2 rotations old and should not be accepted. We want to test that node 2
// appropriately updates its cache, then refuses the key, rejects the token.
// reset coordinator data, start from scratch with fresh keys.
resetCoordinatorData(coordinator, tokenManager1, tokenManager2, encoder1, encoder2, tokenKeyGenerator1, tokenKeyGenerator2);
final String token4 = tokenManager1.getToken(userDAO);
Assert.assertNotNull(token4);
Thread.sleep((ROTATION_INTERVAL_MSECS + 1000));
final String token5 = tokenManager1.getToken(userDAO);
Assert.assertNotNull(token5);
Thread.sleep((ROTATION_INTERVAL_MSECS + 1000));
final String token6 = tokenManager1.getToken(userDAO);
Assert.assertNotNull(token6);
try {
gotUser = tokenManager2.validateToken(token4);
Assert.fail("The token validation should fail because of the token rotation.");
} catch (UnauthorizedException ex) {
// This exception is an expected one.
Assert.assertTrue(true);
}
// SCENARIO 3 -----------------------------------------------------------------
// Cause a rotation on node 1. Then go to node 2 to get a new token. Node 2 should realize
// that the key it is about to use for signing is not the latest and refresh its cache. It should
// not however cause a rotation, because it already just happened.
resetCoordinatorData(coordinator, tokenManager1, tokenManager2, encoder1, encoder2, tokenKeyGenerator1, tokenKeyGenerator2);
// cause a rotation
Thread.sleep((ROTATION_INTERVAL_MSECS + 1000));
final String token7 = tokenManager1.getToken(userDAO);
Assert.assertNotNull(token7);
TokenOnWire tw7 = encoder1.decode(token7);
String key7 = tw7.getEncryptionKeyId();
final String token8 = tokenManager2.getToken(userDAO);
Assert.assertNotNull(token8);
TokenOnWire tw8 = encoder1.decode(token8);
String key8 = tw8.getEncryptionKeyId();
// see that the key id that was used to encode both tokens are the same.
Assert.assertEquals(key7, key8);
}
Also used :
TokenMaxLifeValuesHolder(com.emc.storageos.security.authentication.TokenMaxLifeValuesHolder)
CassandraTokenManager(com.emc.storageos.auth.impl.CassandraTokenManager)
StorageOSUserDAO(com.emc.storageos.db.client.model.StorageOSUserDAO)
DbClient(com.emc.storageos.db.client.DbClient)
UnauthorizedException(com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)
CoordinatorClient(com.emc.storageos.coordinator.client.service.CoordinatorClient)
Base64TokenEncoder(com.emc.storageos.security.authentication.Base64TokenEncoder)
TokenKeyGenerator(com.emc.storageos.security.authentication.TokenKeyGenerator)
TokenOnWire(com.emc.storageos.security.authentication.TokenOnWire)
Test(org.junit.Test)
Aggregations
UnauthorizedException (com.emc.storageos.svcs.errorhandling.resources.UnauthorizedException)15
WebResource (com.sun.jersey.api.client.WebResource)11
StorageOSUserDAO (com.emc.storageos.db.client.model.StorageOSUserDAO)4
TokenOnWire (com.emc.storageos.security.authentication.TokenOnWire)4
Test (org.junit.Test)4
SignedToken (com.emc.storageos.security.authentication.Base64TokenEncoder.SignedToken)3
CassandraTokenManager (com.emc.storageos.auth.impl.CassandraTokenManager)2
CoordinatorClient (com.emc.storageos.coordinator.client.service.CoordinatorClient)2
DbClient (com.emc.storageos.db.client.DbClient)2
BaseToken (com.emc.storageos.db.client.model.BaseToken)2
ProxyToken (com.emc.storageos.db.client.model.ProxyToken)2
Token (com.emc.storageos.db.client.model.Token)2
Base64TokenEncoder (com.emc.storageos.security.authentication.Base64TokenEncoder)2
TokenKeyGenerator (com.emc.storageos.security.authentication.TokenKeyGenerator)2
TokenMaxLifeValuesHolder (com.emc.storageos.security.authentication.TokenMaxLifeValuesHolder)2
AlternateIdConstraint (com.emc.storageos.db.client.constraint.AlternateIdConstraint)1
ContainmentConstraint (com.emc.storageos.db.client.constraint.ContainmentConstraint)1
URIQueryResultList (com.emc.storageos.db.client.constraint.URIQueryResultList)1
StringSet (com.emc.storageos.db.client.model.StringSet)1
IOException (java.io.IOException)1
