Search in sources :

Example 1 with EncryptionMasterPasswordException

use of io.hops.hopsworks.exceptions.EncryptionMasterPasswordException in project hopsworks by logicalclocks.

the class CertificatesMgmService method checkPassword.

/**
 * Validates the provided password against the configured one
 * @param providedPassword Password to validate
 * @param userRequestedEmail User requested the password check
 * @throws IOException
 * @throws EncryptionMasterPasswordException
 */
@Lock(LockType.READ)
@AccessTimeout(value = 3, unit = TimeUnit.SECONDS)
public void checkPassword(String providedPassword, String userRequestedEmail) throws IOException, EncryptionMasterPasswordException {
    String sha = DigestUtils.sha256Hex(providedPassword);
    if (!getMasterEncryptionPassword().equals(sha)) {
        Users user = userFacade.findByEmail(userRequestedEmail);
        String logMsg = "*** Attempt to change master encryption password with wrong credentials";
        if (user != null) {
            LOG.log(Level.INFO, logMsg + " by user <" + user.getUsername() + ">");
        } else {
            LOG.log(Level.INFO, logMsg);
        }
        throw new EncryptionMasterPasswordException("Provided password is incorrect");
    }
}
Also used : Users(io.hops.hopsworks.persistence.entity.user.Users) EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException) AccessTimeout(javax.ejb.AccessTimeout) Lock(javax.ejb.Lock)

Example 2 with EncryptionMasterPasswordException

use of io.hops.hopsworks.exceptions.EncryptionMasterPasswordException in project hopsworks by logicalclocks.

the class DelaCertsMasterPasswordHandler method perform.

@Override
public MasterPasswordChangeResult perform(String oldMasterPassword, String newMasterPassword) {
    StringBuilder successLog = new StringBuilder();
    successLog.append("Performing change of master password for Dela certificates\n");
    Map<String, String> items2rollback = new HashMap<>();
    Optional<List<ClusterCertificate>> maybe = clusterCertificateFacade.getAllClusterCerts();
    if (maybe.isPresent()) {
        LOGGER.log(Level.INFO, "Updating Dela certs with new Hopsworks master encryption password");
        String mapKey = null, oldPassword, newEncCertPassword;
        try {
            for (ClusterCertificate cert : maybe.get()) {
                mapKey = cert.getClusterName();
                oldPassword = cert.getCertificatePassword();
                items2rollback.putIfAbsent(mapKey, oldPassword);
                newEncCertPassword = getNewUserPassword(settings.getHopsSiteClusterPswd().get(), oldPassword, oldMasterPassword, newMasterPassword);
                cert.setCertificatePassword(newEncCertPassword);
                clusterCertificateFacade.updateClusterCerts(cert);
                successLog.append("Updated certificate: ").append(mapKey).append("\n");
            }
        } catch (Exception ex) {
            String errorMsg = "Something went wrong while updating master encryption password for Cluster Certificates. " + "Cluster certificate provoked the error was: " + mapKey;
            LOGGER.log(Level.SEVERE, errorMsg + " rolling back...", ex);
            return new MasterPasswordChangeResult<>(items2rollback, new EncryptionMasterPasswordException(errorMsg));
        }
    }
    return new MasterPasswordChangeResult<>(successLog, items2rollback, null);
}
Also used : HashMap(java.util.HashMap) ClusterCertificate(io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate) List(java.util.List) EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException) EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)

Example 3 with EncryptionMasterPasswordException

use of io.hops.hopsworks.exceptions.EncryptionMasterPasswordException in project hopsworks by logicalclocks.

the class SecretsPasswordHandler method perform.

@Override
public MasterPasswordChangeResult perform(String oldPassword, String newPassword) {
    Map<SecretId, byte[]> secrets2Rollback = new HashMap<>();
    StringBuilder successLog = new StringBuilder();
    successLog.append("Performing change of master password for Secrets\n");
    SecretId secretId;
    Secret newSecret;
    SymmetricEncryptionDescriptor inDescriptor;
    SymmetricEncryptionDescriptor outDescriptor;
    try {
        LOGGER.log(Level.INFO, "Updating Secrets with new Hopsworks master encryption password");
        List<Secret> cipheredSecrets = secretsController.getAllCiphered();
        for (Secret cipheredSecret : cipheredSecrets) {
            secretId = cipheredSecret.getId();
            secrets2Rollback.put(secretId, cipheredSecret.getSecret());
            // First decrypt with the old password
            byte[][] cryptoPrimitives = symmetricEncryptionService.splitPayloadFromCryptoPrimitives(cipheredSecret.getSecret());
            inDescriptor = new SymmetricEncryptionDescriptor.Builder().setPassword(oldPassword).setSalt(cryptoPrimitives[0]).setIV(cryptoPrimitives[1]).setInput(cryptoPrimitives[2]).build();
            outDescriptor = symmetricEncryptionService.decrypt(inDescriptor);
            inDescriptor.clearPassword();
            // Then encrypt plaintext secret with the new password
            inDescriptor = new SymmetricEncryptionDescriptor.Builder().setInput(outDescriptor.getOutput()).setPassword(newPassword).build();
            outDescriptor = symmetricEncryptionService.encrypt(inDescriptor);
            inDescriptor.clearPassword();
            byte[] newCipheredSecret = symmetricEncryptionService.mergePayloadWithCryptoPrimitives(outDescriptor.getSalt(), outDescriptor.getIv(), outDescriptor.getOutput());
            // Store new API key
            newSecret = new Secret(secretId, newCipheredSecret, cipheredSecret.getAddedOn());
            newSecret.setVisibilityType(cipheredSecret.getVisibilityType());
            if (cipheredSecret.getProjectIdScope() != null) {
                newSecret.setProjectIdScope(cipheredSecret.getProjectIdScope());
            }
            secretsFacade.update(newSecret);
            successLog.append("Updated Secret <").append(newSecret.getId().getUid()).append(",").append(newSecret.getId().getName()).append(">\n");
        }
        return new MasterPasswordChangeResult<>(successLog, secrets2Rollback, null);
    } catch (Exception ex) {
        String errorMsg = "Error while updating master encryption password for Secrets";
        LOGGER.log(Level.SEVERE, errorMsg, ex);
        return new MasterPasswordChangeResult<>(secrets2Rollback, new EncryptionMasterPasswordException(errorMsg, ex));
    }
}
Also used : SymmetricEncryptionDescriptor(io.hops.hopsworks.common.security.SymmetricEncryptionDescriptor) HashMap(java.util.HashMap) EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException) Secret(io.hops.hopsworks.persistence.entity.user.security.secrets.Secret) MasterPasswordChangeResult(io.hops.hopsworks.common.security.MasterPasswordChangeResult) SecretId(io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId) EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)

Example 4 with EncryptionMasterPasswordException

use of io.hops.hopsworks.exceptions.EncryptionMasterPasswordException in project hopsworks by logicalclocks.

the class PSUserCertsMasterPasswordHandler method perform.

@Override
public MasterPasswordChangeResult perform(String oldMasterPassword, String newMasterPassword) {
    StringBuilder successLog = new StringBuilder();
    successLog.append("Performing change of master password for PSU certificates\n");
    Map<String, String> oldPasswords4Rollback = new HashMap<>();
    List<UserCerts> allPSCerts = certsFacade.findAllUserCerts();
    String mapKey = null, oldPassword, newEncCertPassword;
    Users user;
    try {
        LOGGER.log(Level.INFO, "Updating PSU certs with new Hopsworks master encryption password");
        for (UserCerts psCert : allPSCerts) {
            mapKey = psCert.getUserCertsPK().getProjectname() + HdfsUsersController.USER_NAME_DELIMITER + psCert.getUserCertsPK().getUsername();
            oldPassword = psCert.getUserKeyPwd();
            oldPasswords4Rollback.putIfAbsent(mapKey, oldPassword);
            user = userFacade.findByUsername(psCert.getUserCertsPK().getUsername());
            if (user == null) {
                throw new Exception("Could not find Hopsworks user for certificate " + mapKey);
            }
            newEncCertPassword = getNewUserPassword(user.getPassword(), oldPassword, oldMasterPassword, newMasterPassword);
            psCert.setUserKeyPwd(newEncCertPassword);
            certsFacade.update(psCert);
            successLog.append("Updated certificate: ").append(mapKey).append("\n");
        }
        return new MasterPasswordChangeResult<>(successLog, oldPasswords4Rollback, null);
    } catch (Exception ex) {
        String errorMsg = "Something went wrong while updating master encryption password for Project Specific User " + "certificates. PSU certificate provoked the error was: " + mapKey;
        LOGGER.log(Level.SEVERE, errorMsg + " rolling back...", ex);
        return new MasterPasswordChangeResult<Map<String, String>>(oldPasswords4Rollback, new EncryptionMasterPasswordException(errorMsg));
    }
}
Also used : HashMap(java.util.HashMap) UserCerts(io.hops.hopsworks.persistence.entity.certificates.UserCerts) Users(io.hops.hopsworks.persistence.entity.user.Users) EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException) HashMap(java.util.HashMap) Map(java.util.Map) EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)

Example 5 with EncryptionMasterPasswordException

use of io.hops.hopsworks.exceptions.EncryptionMasterPasswordException in project hopsworks by logicalclocks.

the class ChangeEncryptionPasswordBean method changeMasterEncryptionPassword.

public void changeMasterEncryptionPassword() {
    try {
        FacesContext context = FacesContext.getCurrentInstance();
        HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();
        loggedMaintenanceHelper.changeMasterEncryptionPassword(currentPassword, newPassword, request);
        MessagesController.addInfoMessage("Changing password...", "Check your Inbox for completion status");
    } catch (EncryptionMasterPasswordException ex) {
        MessagesController.addErrorMessage(ex.getMessage());
    } catch (IOException ex) {
        MessagesController.addErrorMessage("Error while reading master password file!");
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) FacesContext(javax.faces.context.FacesContext) IOException(java.io.IOException) EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)

Aggregations

EncryptionMasterPasswordException (io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)6 Users (io.hops.hopsworks.persistence.entity.user.Users)3 HashMap (java.util.HashMap)3 IOException (java.io.IOException)2 RESTApiJsonResponse (io.hops.hopsworks.api.util.RESTApiJsonResponse)1 MasterPasswordChangeResult (io.hops.hopsworks.common.security.MasterPasswordChangeResult)1 SymmetricEncryptionDescriptor (io.hops.hopsworks.common.security.SymmetricEncryptionDescriptor)1 HopsSecurityException (io.hops.hopsworks.exceptions.HopsSecurityException)1 UserCerts (io.hops.hopsworks.persistence.entity.certificates.UserCerts)1 ClusterCertificate (io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate)1 Secret (io.hops.hopsworks.persistence.entity.user.security.secrets.Secret)1 SecretId (io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId)1 List (java.util.List)1 Map (java.util.Map)1 AccessTimeout (javax.ejb.AccessTimeout)1 Lock (javax.ejb.Lock)1 FacesContext (javax.faces.context.FacesContext)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 PUT (javax.ws.rs.PUT)1 Path (javax.ws.rs.Path)1