use of io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate in project hopsworks by logicalclocks.
the class DelaCertsMasterPasswordHandler method perform.
@Override
public MasterPasswordChangeResult perform(String oldMasterPassword, String newMasterPassword) {
StringBuilder successLog = new StringBuilder();
successLog.append("Performing change of master password for Dela certificates\n");
Map<String, String> items2rollback = new HashMap<>();
Optional<List<ClusterCertificate>> maybe = clusterCertificateFacade.getAllClusterCerts();
if (maybe.isPresent()) {
LOGGER.log(Level.INFO, "Updating Dela certs with new Hopsworks master encryption password");
String mapKey = null, oldPassword, newEncCertPassword;
try {
for (ClusterCertificate cert : maybe.get()) {
mapKey = cert.getClusterName();
oldPassword = cert.getCertificatePassword();
items2rollback.putIfAbsent(mapKey, oldPassword);
newEncCertPassword = getNewUserPassword(settings.getHopsSiteClusterPswd().get(), oldPassword, oldMasterPassword, newMasterPassword);
cert.setCertificatePassword(newEncCertPassword);
clusterCertificateFacade.updateClusterCerts(cert);
successLog.append("Updated certificate: ").append(mapKey).append("\n");
}
} catch (Exception ex) {
String errorMsg = "Something went wrong while updating master encryption password for Cluster Certificates. " + "Cluster certificate provoked the error was: " + mapKey;
LOGGER.log(Level.SEVERE, errorMsg + " rolling back...", ex);
return new MasterPasswordChangeResult<>(items2rollback, new EncryptionMasterPasswordException(errorMsg));
}
}
return new MasterPasswordChangeResult<>(successLog, items2rollback, null);
}
use of io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate in project hopsworks by logicalclocks.
the class DelaCertsMasterPasswordHandler method rollback.
@Override
@SuppressWarnings("unchecked")
public void rollback(MasterPasswordChangeResult result) {
LOGGER.log(Level.INFO, "Rolling back Dela certificates");
Map<String, String> items2rollback = (HashMap<String, String>) result.getRollbackItems();
for (Map.Entry<String, String> cert : items2rollback.entrySet()) {
String key = cert.getKey();
String value = cert.getValue();
Optional<ClusterCertificate> optional = clusterCertificateFacade.getClusterCert(key);
if (optional.isPresent()) {
ClusterCertificate cc = optional.get();
cc.setCertificatePassword(value);
clusterCertificateFacade.updateClusterCerts(cc);
}
}
}
use of io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate in project hopsworks by logicalclocks.
the class ClusterCertificateFacade method saveClusterCerts.
public void saveClusterCerts(String clusterName, byte[] keystore, byte[] truststore, String certPswd) {
ClusterCertificate sc = new ClusterCertificate();
sc.setClusterName(clusterName);
sc.setClusterKey(keystore);
sc.setClusterCert(truststore);
sc.setCertificatePassword(certPswd);
em.persist(sc);
em.flush();
}
use of io.hops.hopsworks.persistence.entity.dela.certs.ClusterCertificate in project hopsworks by logicalclocks.
the class CertificateHelper method loadKeystoreFromDB.
public static Optional<Triplet<KeyStore, KeyStore, String>> loadKeystoreFromDB(String masterPswd, String clusterName, ClusterCertificateFacade certFacade, CertificatesMgmService certificatesMgmService) {
try {
Optional<ClusterCertificate> cert = certFacade.getClusterCert(clusterName);
if (!cert.isPresent()) {
return Optional.empty();
}
String certPswd = HopsUtils.decrypt(masterPswd, cert.get().getCertificatePassword(), certificatesMgmService.getMasterEncryptionPassword());
KeyStore keystore, truststore;
try (ByteArrayInputStream keystoreIS = new ByteArrayInputStream(cert.get().getClusterKey());
ByteArrayInputStream truststoreIS = new ByteArrayInputStream(cert.get().getClusterCert())) {
keystore = keystore(keystoreIS, certPswd);
truststore = keystore(truststoreIS, certPswd);
}
return Optional.of(Triplet.with(keystore, truststore, certPswd));
} catch (Exception ex) {
LOG.log(Level.SEVERE, "keystore ex. {0}", ex.getMessage());
return Optional.empty();
}
}
Aggregations