Search in sources :

Example 1 with ClusterCertificate

use of io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate in project hopsworks by logicalclocks.

the class DelaCertsMasterPasswordHandler method perform.

@Override
public MasterPasswordChangeResult perform(String oldMasterPassword, String newMasterPassword) {
    StringBuilder successLog = new StringBuilder();
    successLog.append("Performing change of master password for Dela certificates\n");
    Map<String, String> items2rollback = new HashMap<>();
    Optional<List<ClusterCertificate>> maybe = clusterCertificateFacade.getAllClusterCerts();
    if (maybe.isPresent()) {
        LOGGER.log(Level.INFO, "Updating Dela certs with new Hopsworks master encryption password");
        String mapKey = null, oldPassword, newEncCertPassword;
        try {
            for (ClusterCertificate cert : maybe.get()) {
                mapKey = cert.getClusterName();
                oldPassword = cert.getCertificatePassword();
                items2rollback.putIfAbsent(mapKey, oldPassword);
                newEncCertPassword = getNewUserPassword(settings.getHopsSiteClusterPswd().get(), oldPassword, oldMasterPassword, newMasterPassword);
                cert.setCertificatePassword(newEncCertPassword);
                clusterCertificateFacade.updateClusterCerts(cert);
                successLog.append("Updated certificate: ").append(mapKey).append("\n");
            }
        } catch (Exception ex) {
            String errorMsg = "Something went wrong while updating master encryption password for Cluster Certificates. " + "Cluster certificate provoked the error was: " + mapKey;
            LOGGER.log(Level.SEVERE, errorMsg + " rolling back...", ex);
            return new MasterPasswordChangeResult<>(items2rollback, new EncryptionMasterPasswordException(errorMsg));
        }
    }
    return new MasterPasswordChangeResult<>(successLog, items2rollback, null);
}
Also used : HashMap(java.util.HashMap) ClusterCertificate(io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate) List(java.util.List) EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException) EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)

Example 2 with ClusterCertificate

use of io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate in project hopsworks by logicalclocks.

the class DelaCertsMasterPasswordHandler method rollback.

@Override
@SuppressWarnings("unchecked")
public void rollback(MasterPasswordChangeResult result) {
    LOGGER.log(Level.INFO, "Rolling back Dela certificates");
    Map<String, String> items2rollback = (HashMap<String, String>) result.getRollbackItems();
    for (Map.Entry<String, String> cert : items2rollback.entrySet()) {
        String key = cert.getKey();
        String value = cert.getValue();
        Optional<ClusterCertificate> optional = clusterCertificateFacade.getClusterCert(key);
        if (optional.isPresent()) {
            ClusterCertificate cc = optional.get();
            cc.setCertificatePassword(value);
            clusterCertificateFacade.updateClusterCerts(cc);
        }
    }
}
Also used : HashMap(java.util.HashMap) ClusterCertificate(io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate) HashMap(java.util.HashMap) Map(java.util.Map)

Example 3 with ClusterCertificate

use of io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate in project hopsworks by logicalclocks.

the class ClusterCertificateFacade method saveClusterCerts.

public void saveClusterCerts(String clusterName, byte[] keystore, byte[] truststore, String certPswd) {
    ClusterCertificate sc = new ClusterCertificate();
    sc.setClusterName(clusterName);
    sc.setClusterKey(keystore);
    sc.setClusterCert(truststore);
    sc.setCertificatePassword(certPswd);
    em.persist(sc);
    em.flush();
}
Also used : ClusterCertificate(io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate)

Example 4 with ClusterCertificate

use of io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate in project hopsworks by logicalclocks.

the class CertificateHelper method loadKeystoreFromDB.

public static Optional<Triplet<KeyStore, KeyStore, String>> loadKeystoreFromDB(String masterPswd, String clusterName, ClusterCertificateFacade certFacade, CertificatesMgmService certificatesMgmService) {
    try {
        Optional<ClusterCertificate> cert = certFacade.getClusterCert(clusterName);
        if (!cert.isPresent()) {
            return Optional.empty();
        }
        String certPswd = HopsUtils.decrypt(masterPswd, cert.get().getCertificatePassword(), certificatesMgmService.getMasterEncryptionPassword());
        KeyStore keystore, truststore;
        try (ByteArrayInputStream keystoreIS = new ByteArrayInputStream(cert.get().getClusterKey());
            ByteArrayInputStream truststoreIS = new ByteArrayInputStream(cert.get().getClusterCert())) {
            keystore = keystore(keystoreIS, certPswd);
            truststore = keystore(truststoreIS, certPswd);
        }
        return Optional.of(Triplet.with(keystore, truststore, certPswd));
    } catch (Exception ex) {
        LOG.log(Level.SEVERE, "keystore ex. {0}", ex.getMessage());
        return Optional.empty();
    }
}
Also used : ClusterCertificate(io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate) ByteArrayInputStream(java.io.ByteArrayInputStream) KeyStore(java.security.KeyStore) KeyStoreException(java.security.KeyStoreException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Aggregations

ClusterCertificate (io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate)4 HashMap (java.util.HashMap)2 EncryptionMasterPasswordException (io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 IOException (java.io.IOException)1 KeyStore (java.security.KeyStore)1 KeyStoreException (java.security.KeyStoreException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 CertificateException (java.security.cert.CertificateException)1 List (java.util.List)1 Map (java.util.Map)1