Example 1 with UserCerts
use of io.hops.hopsworks.persistence.entity.certificates.UserCerts in project hopsworks by logicalclocks.
the class AuthController method resetProjectCertPassword.
private void resetProjectCertPassword(Users p, String oldPass) {
// For every project, change the certificate secret in the database
// Get cert password by decrypting it with old password
List<Project> projects = projectFacade.findAllMemberStudies(p);
try {
for (Project project : projects) {
UserCerts userCert = userCertsFacade.findUserCert(project.getName(), p.getUsername());
String masterEncryptionPassword = certificatesMgmService.getMasterEncryptionPassword();
String certPassword = HopsUtils.decrypt(oldPass, userCert.getUserKeyPwd(), masterEncryptionPassword);
// Encrypt it with new password and store it in the db
String newSecret = HopsUtils.encrypt(p.getPassword(), certPassword, masterEncryptionPassword);
userCert.setUserKeyPwd(newSecret);
userCertsFacade.update(userCert);
}
} catch (Exception ex) {
LOGGER.log(Level.SEVERE, null, ex);
throw new EJBException(ex);
}
}
Also used :
Project(io.hops.hopsworks.persistence.entity.project.Project)
UserCerts(io.hops.hopsworks.persistence.entity.certificates.UserCerts)
EJBException(javax.ejb.EJBException)
MessagingException(javax.mail.MessagingException)
UserException(io.hops.hopsworks.exceptions.UserException)
EJBException(javax.ejb.EJBException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
Example 2 with UserCerts
use of io.hops.hopsworks.persistence.entity.certificates.UserCerts in project hopsworks by logicalclocks.
the class PSUserCertsMasterPasswordHandler method rollback.
@Override
@SuppressWarnings("unchecked")
public void rollback(MasterPasswordChangeResult result) {
Map<String, String> items2rollback = (HashMap<String, String>) result.getRollbackItems();
LOGGER.log(Level.INFO, "Rolling back PSU certificates");
for (Map.Entry<String, String> oldPassword : items2rollback.entrySet()) {
String key = oldPassword.getKey();
String value = oldPassword.getValue();
String[] project__username = key.split(HdfsUsersController.USER_NAME_DELIMITER, 2);
UserCerts userCerts = certsFacade.findUserCert(project__username[0], project__username[1]);
userCerts.setUserKeyPwd(value);
certsFacade.update(userCerts);
}
}Example 3 with UserCerts
use of io.hops.hopsworks.persistence.entity.certificates.UserCerts in project hopsworks by logicalclocks.
the class CertificateMaterializer method getMaterialFromDatabase.
/*
* Utility methods
*/
private CryptoMaterial getMaterialFromDatabase(MaterialKey key) throws IOException {
UserCerts projectSpecificCerts = certsFacade.findUserCert(key.projectName, key.username);
ByteBuffer keyStore = ByteBuffer.wrap(projectSpecificCerts.getUserKey());
ByteBuffer trustStore = ByteBuffer.wrap(projectSpecificCerts.getUserCert());
char[] password = decryptMaterialPassword(key.getExtendedUsername(), projectSpecificCerts.getUserKeyPwd());
return new CryptoMaterial(keyStore, trustStore, password);
}
Also used :
UserCerts(io.hops.hopsworks.persistence.entity.certificates.UserCerts)
ByteBuffer(java.nio.ByteBuffer)
Example 4 with UserCerts
use of io.hops.hopsworks.persistence.entity.certificates.UserCerts in project hopsworks by logicalclocks.
the class CertificatesController method generateCertificates.
/**
* Creates x509 certificates for a project specific user and project generic
*
* @param project Associated project
* @param user Hopsworks user
* @return
*/
@Asynchronous
public Future<CertsResult> generateCertificates(Project project, Users user) throws Exception {
String userKeyPwd = HopsUtils.randomString(64);
String encryptedKey = HopsUtils.encrypt(user.getPassword(), userKeyPwd, certificatesMgmService.getMasterEncryptionPassword());
Pair<KeyStore, KeyStore> userKeystores = generateStores(project.getName() + Settings.HOPS_USERNAME_SEPARATOR + user.getUsername(), userKeyPwd, Endpoint.PROJECT);
UserCerts uc = certsFacade.putUserCerts(project.getName(), user.getUsername(), convertKeystoreToByteArray(userKeystores.getValue0(), userKeyPwd), convertKeystoreToByteArray(userKeystores.getValue1(), userKeyPwd), encryptedKey);
// Run custom certificateHandlers
for (CertificateHandler certificateHandler : certificateHandlers) {
certificateHandler.generate(project, user, uc);
}
LOGGER.log(Level.FINE, "Created project generic certificates for project: " + project.getName());
return new AsyncResult<>(new CertsResult(project.getName(), user.getUsername()));
}
Also used :
UserCerts(io.hops.hopsworks.persistence.entity.certificates.UserCerts)
KeyStore(java.security.KeyStore)
AsyncResult(javax.ejb.AsyncResult)
Asynchronous(javax.ejb.Asynchronous)
Example 5 with UserCerts
use of io.hops.hopsworks.persistence.entity.certificates.UserCerts in project hopsworks by logicalclocks.
the class PSUserCertsMasterPasswordHandler method perform.
@Override
public MasterPasswordChangeResult perform(String oldMasterPassword, String newMasterPassword) {
StringBuilder successLog = new StringBuilder();
successLog.append("Performing change of master password for PSU certificates\n");
Map<String, String> oldPasswords4Rollback = new HashMap<>();
List<UserCerts> allPSCerts = certsFacade.findAllUserCerts();
String mapKey = null, oldPassword, newEncCertPassword;
Users user;
try {
LOGGER.log(Level.INFO, "Updating PSU certs with new Hopsworks master encryption password");
for (UserCerts psCert : allPSCerts) {
mapKey = psCert.getUserCertsPK().getProjectname() + HdfsUsersController.USER_NAME_DELIMITER + psCert.getUserCertsPK().getUsername();
oldPassword = psCert.getUserKeyPwd();
oldPasswords4Rollback.putIfAbsent(mapKey, oldPassword);
user = userFacade.findByUsername(psCert.getUserCertsPK().getUsername());
if (user == null) {
throw new Exception("Could not find Hopsworks user for certificate " + mapKey);
}
newEncCertPassword = getNewUserPassword(user.getPassword(), oldPassword, oldMasterPassword, newMasterPassword);
psCert.setUserKeyPwd(newEncCertPassword);
certsFacade.update(psCert);
successLog.append("Updated certificate: ").append(mapKey).append("\n");
}
return new MasterPasswordChangeResult<>(successLog, oldPasswords4Rollback, null);
} catch (Exception ex) {
String errorMsg = "Something went wrong while updating master encryption password for Project Specific User " + "certificates. PSU certificate provoked the error was: " + mapKey;
LOGGER.log(Level.SEVERE, errorMsg + " rolling back...", ex);
return new MasterPasswordChangeResult<Map<String, String>>(oldPasswords4Rollback, new EncryptionMasterPasswordException(errorMsg));
}
}
Also used :
HashMap(java.util.HashMap)
UserCerts(io.hops.hopsworks.persistence.entity.certificates.UserCerts)
Users(io.hops.hopsworks.persistence.entity.user.Users)
EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)
HashMap(java.util.HashMap)
Map(java.util.Map)
EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)
Aggregations
UserCerts (io.hops.hopsworks.persistence.entity.certificates.UserCerts)11
HashMap (java.util.HashMap)3
Map (java.util.Map)3
UserException (io.hops.hopsworks.exceptions.UserException)2
File (java.io.File)2
IOException (java.io.IOException)2
CertificateMaterializer (io.hops.hopsworks.common.security.CertificateMaterializer)1
CryptoPasswordNotFoundException (io.hops.hopsworks.exceptions.CryptoPasswordNotFoundException)1
EncryptionMasterPasswordException (io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)1
KafkaException (io.hops.hopsworks.exceptions.KafkaException)1
ProjectException (io.hops.hopsworks.exceptions.ProjectException)1
SchemaException (io.hops.hopsworks.exceptions.SchemaException)1
LocalResourceDTO (io.hops.hopsworks.persistence.entity.jobs.configuration.yarn.LocalResourceDTO)1
Project (io.hops.hopsworks.persistence.entity.project.Project)1
Users (io.hops.hopsworks.persistence.entity.user.Users)1
FileOutputStream (java.io.FileOutputStream)1
ByteBuffer (java.nio.ByteBuffer)1
InvalidKeyException (java.security.InvalidKeyException)1
KeyStore (java.security.KeyStore)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
