Example 1 with ClusterCertificate
use of io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate in project hopsworks by logicalclocks.
the class DelaCertsMasterPasswordHandler method perform.
@Override
public MasterPasswordChangeResult perform(String oldMasterPassword, String newMasterPassword) {
StringBuilder successLog = new StringBuilder();
successLog.append("Performing change of master password for Dela certificates\n");
Map<String, String> items2rollback = new HashMap<>();
Optional<List<ClusterCertificate>> maybe = clusterCertificateFacade.getAllClusterCerts();
if (maybe.isPresent()) {
LOGGER.log(Level.INFO, "Updating Dela certs with new Hopsworks master encryption password");
String mapKey = null, oldPassword, newEncCertPassword;
try {
for (ClusterCertificate cert : maybe.get()) {
mapKey = cert.getClusterName();
oldPassword = cert.getCertificatePassword();
items2rollback.putIfAbsent(mapKey, oldPassword);
newEncCertPassword = getNewUserPassword(settings.getHopsSiteClusterPswd().get(), oldPassword, oldMasterPassword, newMasterPassword);
cert.setCertificatePassword(newEncCertPassword);
clusterCertificateFacade.updateClusterCerts(cert);
successLog.append("Updated certificate: ").append(mapKey).append("\n");
}
} catch (Exception ex) {
String errorMsg = "Something went wrong while updating master encryption password for Cluster Certificates. " + "Cluster certificate provoked the error was: " + mapKey;
LOGGER.log(Level.SEVERE, errorMsg + " rolling back...", ex);
return new MasterPasswordChangeResult<>(items2rollback, new EncryptionMasterPasswordException(errorMsg));
}
}
return new MasterPasswordChangeResult<>(successLog, items2rollback, null);
}
Also used :
HashMap(java.util.HashMap)
ClusterCertificate(io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate)
List(java.util.List)
EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)
EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)
Example 2 with ClusterCertificate
use of io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate in project hopsworks by logicalclocks.
the class DelaCertsMasterPasswordHandler method rollback.
@Override
@SuppressWarnings("unchecked")
public void rollback(MasterPasswordChangeResult result) {
LOGGER.log(Level.INFO, "Rolling back Dela certificates");
Map<String, String> items2rollback = (HashMap<String, String>) result.getRollbackItems();
for (Map.Entry<String, String> cert : items2rollback.entrySet()) {
String key = cert.getKey();
String value = cert.getValue();
Optional<ClusterCertificate> optional = clusterCertificateFacade.getClusterCert(key);
if (optional.isPresent()) {
ClusterCertificate cc = optional.get();
cc.setCertificatePassword(value);
clusterCertificateFacade.updateClusterCerts(cc);
}
}
}
Also used :
HashMap(java.util.HashMap)
ClusterCertificate(io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 3 with ClusterCertificate
use of io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate in project hopsworks by logicalclocks.
the class ClusterCertificateFacade method saveClusterCerts.
public void saveClusterCerts(String clusterName, byte[] keystore, byte[] truststore, String certPswd) {
ClusterCertificate sc = new ClusterCertificate();
sc.setClusterName(clusterName);
sc.setClusterKey(keystore);
sc.setClusterCert(truststore);
sc.setCertificatePassword(certPswd);
em.persist(sc);
em.flush();
}
Also used :
ClusterCertificate(io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate)
Example 4 with ClusterCertificate
use of io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate in project hopsworks by logicalclocks.
the class CertificateHelper method loadKeystoreFromDB.
public static Optional<Triplet<KeyStore, KeyStore, String>> loadKeystoreFromDB(String masterPswd, String clusterName, ClusterCertificateFacade certFacade, CertificatesMgmService certificatesMgmService) {
try {
Optional<ClusterCertificate> cert = certFacade.getClusterCert(clusterName);
if (!cert.isPresent()) {
return Optional.empty();
}
String certPswd = HopsUtils.decrypt(masterPswd, cert.get().getCertificatePassword(), certificatesMgmService.getMasterEncryptionPassword());
KeyStore keystore, truststore;
try (ByteArrayInputStream keystoreIS = new ByteArrayInputStream(cert.get().getClusterKey());
ByteArrayInputStream truststoreIS = new ByteArrayInputStream(cert.get().getClusterCert())) {
keystore = keystore(keystoreIS, certPswd);
truststore = keystore(truststoreIS, certPswd);
}
return Optional.of(Triplet.with(keystore, truststore, certPswd));
} catch (Exception ex) {
LOG.log(Level.SEVERE, "keystore ex. {0}", ex.getMessage());
return Optional.empty();
}
}
Also used :
ClusterCertificate(io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate)
ByteArrayInputStream(java.io.ByteArrayInputStream)
KeyStore(java.security.KeyStore)
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Aggregations
ClusterCertificate (io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate)4
HashMap (java.util.HashMap)2
EncryptionMasterPasswordException (io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
IOException (java.io.IOException)1
KeyStore (java.security.KeyStore)1
KeyStoreException (java.security.KeyStoreException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
CertificateException (java.security.cert.CertificateException)1
List (java.util.List)1
Map (java.util.Map)1
