use of io.hops.hopsworks.exceptions.EncryptionMasterPasswordException in project hopsworks by logicalclocks.
the class CertificatesMgmService method checkPassword.
/**
* Validates the provided password against the configured one
* @param providedPassword Password to validate
* @param userRequestedEmail User requested the password check
* @throws IOException
* @throws EncryptionMasterPasswordException
*/
@Lock(LockType.READ)
@AccessTimeout(value = 3, unit = TimeUnit.SECONDS)
public void checkPassword(String providedPassword, String userRequestedEmail) throws IOException, EncryptionMasterPasswordException {
String sha = DigestUtils.sha256Hex(providedPassword);
if (!getMasterEncryptionPassword().equals(sha)) {
Users user = userFacade.findByEmail(userRequestedEmail);
String logMsg = "*** Attempt to change master encryption password with wrong credentials";
if (user != null) {
LOG.log(Level.INFO, logMsg + " by user <" + user.getUsername() + ">");
} else {
LOG.log(Level.INFO, logMsg);
}
throw new EncryptionMasterPasswordException("Provided password is incorrect");
}
}
use of io.hops.hopsworks.exceptions.EncryptionMasterPasswordException in project hopsworks by logicalclocks.
the class DelaCertsMasterPasswordHandler method perform.
@Override
public MasterPasswordChangeResult perform(String oldMasterPassword, String newMasterPassword) {
StringBuilder successLog = new StringBuilder();
successLog.append("Performing change of master password for Dela certificates\n");
Map<String, String> items2rollback = new HashMap<>();
Optional<List<ClusterCertificate>> maybe = clusterCertificateFacade.getAllClusterCerts();
if (maybe.isPresent()) {
LOGGER.log(Level.INFO, "Updating Dela certs with new Hopsworks master encryption password");
String mapKey = null, oldPassword, newEncCertPassword;
try {
for (ClusterCertificate cert : maybe.get()) {
mapKey = cert.getClusterName();
oldPassword = cert.getCertificatePassword();
items2rollback.putIfAbsent(mapKey, oldPassword);
newEncCertPassword = getNewUserPassword(settings.getHopsSiteClusterPswd().get(), oldPassword, oldMasterPassword, newMasterPassword);
cert.setCertificatePassword(newEncCertPassword);
clusterCertificateFacade.updateClusterCerts(cert);
successLog.append("Updated certificate: ").append(mapKey).append("\n");
}
} catch (Exception ex) {
String errorMsg = "Something went wrong while updating master encryption password for Cluster Certificates. " + "Cluster certificate provoked the error was: " + mapKey;
LOGGER.log(Level.SEVERE, errorMsg + " rolling back...", ex);
return new MasterPasswordChangeResult<>(items2rollback, new EncryptionMasterPasswordException(errorMsg));
}
}
return new MasterPasswordChangeResult<>(successLog, items2rollback, null);
}
use of io.hops.hopsworks.exceptions.EncryptionMasterPasswordException in project hopsworks by logicalclocks.
the class SecretsPasswordHandler method perform.
@Override
public MasterPasswordChangeResult perform(String oldPassword, String newPassword) {
Map<SecretId, byte[]> secrets2Rollback = new HashMap<>();
StringBuilder successLog = new StringBuilder();
successLog.append("Performing change of master password for Secrets\n");
SecretId secretId;
Secret newSecret;
SymmetricEncryptionDescriptor inDescriptor;
SymmetricEncryptionDescriptor outDescriptor;
try {
LOGGER.log(Level.INFO, "Updating Secrets with new Hopsworks master encryption password");
List<Secret> cipheredSecrets = secretsController.getAllCiphered();
for (Secret cipheredSecret : cipheredSecrets) {
secretId = cipheredSecret.getId();
secrets2Rollback.put(secretId, cipheredSecret.getSecret());
// First decrypt with the old password
byte[][] cryptoPrimitives = symmetricEncryptionService.splitPayloadFromCryptoPrimitives(cipheredSecret.getSecret());
inDescriptor = new SymmetricEncryptionDescriptor.Builder().setPassword(oldPassword).setSalt(cryptoPrimitives[0]).setIV(cryptoPrimitives[1]).setInput(cryptoPrimitives[2]).build();
outDescriptor = symmetricEncryptionService.decrypt(inDescriptor);
inDescriptor.clearPassword();
// Then encrypt plaintext secret with the new password
inDescriptor = new SymmetricEncryptionDescriptor.Builder().setInput(outDescriptor.getOutput()).setPassword(newPassword).build();
outDescriptor = symmetricEncryptionService.encrypt(inDescriptor);
inDescriptor.clearPassword();
byte[] newCipheredSecret = symmetricEncryptionService.mergePayloadWithCryptoPrimitives(outDescriptor.getSalt(), outDescriptor.getIv(), outDescriptor.getOutput());
// Store new API key
newSecret = new Secret(secretId, newCipheredSecret, cipheredSecret.getAddedOn());
newSecret.setVisibilityType(cipheredSecret.getVisibilityType());
if (cipheredSecret.getProjectIdScope() != null) {
newSecret.setProjectIdScope(cipheredSecret.getProjectIdScope());
}
secretsFacade.update(newSecret);
successLog.append("Updated Secret <").append(newSecret.getId().getUid()).append(",").append(newSecret.getId().getName()).append(">\n");
}
return new MasterPasswordChangeResult<>(successLog, secrets2Rollback, null);
} catch (Exception ex) {
String errorMsg = "Error while updating master encryption password for Secrets";
LOGGER.log(Level.SEVERE, errorMsg, ex);
return new MasterPasswordChangeResult<>(secrets2Rollback, new EncryptionMasterPasswordException(errorMsg, ex));
}
}
use of io.hops.hopsworks.exceptions.EncryptionMasterPasswordException in project hopsworks by logicalclocks.
the class PSUserCertsMasterPasswordHandler method perform.
@Override
public MasterPasswordChangeResult perform(String oldMasterPassword, String newMasterPassword) {
StringBuilder successLog = new StringBuilder();
successLog.append("Performing change of master password for PSU certificates\n");
Map<String, String> oldPasswords4Rollback = new HashMap<>();
List<UserCerts> allPSCerts = certsFacade.findAllUserCerts();
String mapKey = null, oldPassword, newEncCertPassword;
Users user;
try {
LOGGER.log(Level.INFO, "Updating PSU certs with new Hopsworks master encryption password");
for (UserCerts psCert : allPSCerts) {
mapKey = psCert.getUserCertsPK().getProjectname() + HdfsUsersController.USER_NAME_DELIMITER + psCert.getUserCertsPK().getUsername();
oldPassword = psCert.getUserKeyPwd();
oldPasswords4Rollback.putIfAbsent(mapKey, oldPassword);
user = userFacade.findByUsername(psCert.getUserCertsPK().getUsername());
if (user == null) {
throw new Exception("Could not find Hopsworks user for certificate " + mapKey);
}
newEncCertPassword = getNewUserPassword(user.getPassword(), oldPassword, oldMasterPassword, newMasterPassword);
psCert.setUserKeyPwd(newEncCertPassword);
certsFacade.update(psCert);
successLog.append("Updated certificate: ").append(mapKey).append("\n");
}
return new MasterPasswordChangeResult<>(successLog, oldPasswords4Rollback, null);
} catch (Exception ex) {
String errorMsg = "Something went wrong while updating master encryption password for Project Specific User " + "certificates. PSU certificate provoked the error was: " + mapKey;
LOGGER.log(Level.SEVERE, errorMsg + " rolling back...", ex);
return new MasterPasswordChangeResult<Map<String, String>>(oldPasswords4Rollback, new EncryptionMasterPasswordException(errorMsg));
}
}
use of io.hops.hopsworks.exceptions.EncryptionMasterPasswordException in project hopsworks by logicalclocks.
the class ChangeEncryptionPasswordBean method changeMasterEncryptionPassword.
public void changeMasterEncryptionPassword() {
try {
FacesContext context = FacesContext.getCurrentInstance();
HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();
loggedMaintenanceHelper.changeMasterEncryptionPassword(currentPassword, newPassword, request);
MessagesController.addInfoMessage("Changing password...", "Check your Inbox for completion status");
} catch (EncryptionMasterPasswordException ex) {
MessagesController.addErrorMessage(ex.getMessage());
} catch (IOException ex) {
MessagesController.addErrorMessage("Error while reading master password file!");
}
}
Aggregations