Search in sources :

Example 1 with UserCerts

use of io.hops.hopsworks.persistence.entity.certificates.UserCerts in project hopsworks by logicalclocks.

the class AuthController method resetProjectCertPassword.

private void resetProjectCertPassword(Users p, String oldPass) {
    // For every project, change the certificate secret in the database
    // Get cert password by decrypting it with old password
    List<Project> projects = projectFacade.findAllMemberStudies(p);
    try {
        for (Project project : projects) {
            UserCerts userCert = userCertsFacade.findUserCert(project.getName(), p.getUsername());
            String masterEncryptionPassword = certificatesMgmService.getMasterEncryptionPassword();
            String certPassword = HopsUtils.decrypt(oldPass, userCert.getUserKeyPwd(), masterEncryptionPassword);
            // Encrypt it with new password and store it in the db
            String newSecret = HopsUtils.encrypt(p.getPassword(), certPassword, masterEncryptionPassword);
            userCert.setUserKeyPwd(newSecret);
            userCertsFacade.update(userCert);
        }
    } catch (Exception ex) {
        LOGGER.log(Level.SEVERE, null, ex);
        throw new EJBException(ex);
    }
}
Also used : Project(io.hops.hopsworks.persistence.entity.project.Project) UserCerts(io.hops.hopsworks.persistence.entity.certificates.UserCerts) EJBException(javax.ejb.EJBException) MessagingException(javax.mail.MessagingException) UserException(io.hops.hopsworks.exceptions.UserException) EJBException(javax.ejb.EJBException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException)

Example 2 with UserCerts

use of io.hops.hopsworks.persistence.entity.certificates.UserCerts in project hopsworks by logicalclocks.

the class PSUserCertsMasterPasswordHandler method rollback.

@Override
@SuppressWarnings("unchecked")
public void rollback(MasterPasswordChangeResult result) {
    Map<String, String> items2rollback = (HashMap<String, String>) result.getRollbackItems();
    LOGGER.log(Level.INFO, "Rolling back PSU certificates");
    for (Map.Entry<String, String> oldPassword : items2rollback.entrySet()) {
        String key = oldPassword.getKey();
        String value = oldPassword.getValue();
        String[] project__username = key.split(HdfsUsersController.USER_NAME_DELIMITER, 2);
        UserCerts userCerts = certsFacade.findUserCert(project__username[0], project__username[1]);
        userCerts.setUserKeyPwd(value);
        certsFacade.update(userCerts);
    }
}
Also used : HashMap(java.util.HashMap) UserCerts(io.hops.hopsworks.persistence.entity.certificates.UserCerts) HashMap(java.util.HashMap) Map(java.util.Map)

Example 3 with UserCerts

use of io.hops.hopsworks.persistence.entity.certificates.UserCerts in project hopsworks by logicalclocks.

the class CertificateMaterializer method getMaterialFromDatabase.

/*
   * Utility methods
   */
private CryptoMaterial getMaterialFromDatabase(MaterialKey key) throws IOException {
    UserCerts projectSpecificCerts = certsFacade.findUserCert(key.projectName, key.username);
    ByteBuffer keyStore = ByteBuffer.wrap(projectSpecificCerts.getUserKey());
    ByteBuffer trustStore = ByteBuffer.wrap(projectSpecificCerts.getUserCert());
    char[] password = decryptMaterialPassword(key.getExtendedUsername(), projectSpecificCerts.getUserKeyPwd());
    return new CryptoMaterial(keyStore, trustStore, password);
}
Also used : UserCerts(io.hops.hopsworks.persistence.entity.certificates.UserCerts) ByteBuffer(java.nio.ByteBuffer)

Example 4 with UserCerts

use of io.hops.hopsworks.persistence.entity.certificates.UserCerts in project hopsworks by logicalclocks.

the class CertificatesController method generateCertificates.

/**
 * Creates x509 certificates for a project specific user and project generic
 *
 * @param project                  Associated project
 * @param user                     Hopsworks user
 * @return
 */
@Asynchronous
public Future<CertsResult> generateCertificates(Project project, Users user) throws Exception {
    String userKeyPwd = HopsUtils.randomString(64);
    String encryptedKey = HopsUtils.encrypt(user.getPassword(), userKeyPwd, certificatesMgmService.getMasterEncryptionPassword());
    Pair<KeyStore, KeyStore> userKeystores = generateStores(project.getName() + Settings.HOPS_USERNAME_SEPARATOR + user.getUsername(), userKeyPwd, Endpoint.PROJECT);
    UserCerts uc = certsFacade.putUserCerts(project.getName(), user.getUsername(), convertKeystoreToByteArray(userKeystores.getValue0(), userKeyPwd), convertKeystoreToByteArray(userKeystores.getValue1(), userKeyPwd), encryptedKey);
    // Run custom certificateHandlers
    for (CertificateHandler certificateHandler : certificateHandlers) {
        certificateHandler.generate(project, user, uc);
    }
    LOGGER.log(Level.FINE, "Created project generic certificates for project: " + project.getName());
    return new AsyncResult<>(new CertsResult(project.getName(), user.getUsername()));
}
Also used : UserCerts(io.hops.hopsworks.persistence.entity.certificates.UserCerts) KeyStore(java.security.KeyStore) AsyncResult(javax.ejb.AsyncResult) Asynchronous(javax.ejb.Asynchronous)

Example 5 with UserCerts

use of io.hops.hopsworks.persistence.entity.certificates.UserCerts in project hopsworks by logicalclocks.

the class PSUserCertsMasterPasswordHandler method perform.

@Override
public MasterPasswordChangeResult perform(String oldMasterPassword, String newMasterPassword) {
    StringBuilder successLog = new StringBuilder();
    successLog.append("Performing change of master password for PSU certificates\n");
    Map<String, String> oldPasswords4Rollback = new HashMap<>();
    List<UserCerts> allPSCerts = certsFacade.findAllUserCerts();
    String mapKey = null, oldPassword, newEncCertPassword;
    Users user;
    try {
        LOGGER.log(Level.INFO, "Updating PSU certs with new Hopsworks master encryption password");
        for (UserCerts psCert : allPSCerts) {
            mapKey = psCert.getUserCertsPK().getProjectname() + HdfsUsersController.USER_NAME_DELIMITER + psCert.getUserCertsPK().getUsername();
            oldPassword = psCert.getUserKeyPwd();
            oldPasswords4Rollback.putIfAbsent(mapKey, oldPassword);
            user = userFacade.findByUsername(psCert.getUserCertsPK().getUsername());
            if (user == null) {
                throw new Exception("Could not find Hopsworks user for certificate " + mapKey);
            }
            newEncCertPassword = getNewUserPassword(user.getPassword(), oldPassword, oldMasterPassword, newMasterPassword);
            psCert.setUserKeyPwd(newEncCertPassword);
            certsFacade.update(psCert);
            successLog.append("Updated certificate: ").append(mapKey).append("\n");
        }
        return new MasterPasswordChangeResult<>(successLog, oldPasswords4Rollback, null);
    } catch (Exception ex) {
        String errorMsg = "Something went wrong while updating master encryption password for Project Specific User " + "certificates. PSU certificate provoked the error was: " + mapKey;
        LOGGER.log(Level.SEVERE, errorMsg + " rolling back...", ex);
        return new MasterPasswordChangeResult<Map<String, String>>(oldPasswords4Rollback, new EncryptionMasterPasswordException(errorMsg));
    }
}
Also used : HashMap(java.util.HashMap) UserCerts(io.hops.hopsworks.persistence.entity.certificates.UserCerts) Users(io.hops.hopsworks.persistence.entity.user.Users) EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException) HashMap(java.util.HashMap) Map(java.util.Map) EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)

Aggregations

UserCerts (io.hops.hopsworks.persistence.entity.certificates.UserCerts)11 HashMap (java.util.HashMap)3 Map (java.util.Map)3 UserException (io.hops.hopsworks.exceptions.UserException)2 File (java.io.File)2 IOException (java.io.IOException)2 CertificateMaterializer (io.hops.hopsworks.common.security.CertificateMaterializer)1 CryptoPasswordNotFoundException (io.hops.hopsworks.exceptions.CryptoPasswordNotFoundException)1 EncryptionMasterPasswordException (io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)1 KafkaException (io.hops.hopsworks.exceptions.KafkaException)1 ProjectException (io.hops.hopsworks.exceptions.ProjectException)1 SchemaException (io.hops.hopsworks.exceptions.SchemaException)1 LocalResourceDTO (io.hops.hopsworks.persistence.entity.jobs.configuration.yarn.LocalResourceDTO)1 Project (io.hops.hopsworks.persistence.entity.project.Project)1 Users (io.hops.hopsworks.persistence.entity.user.Users)1 FileOutputStream (java.io.FileOutputStream)1 ByteBuffer (java.nio.ByteBuffer)1 InvalidKeyException (java.security.InvalidKeyException)1 KeyStore (java.security.KeyStore)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1