Example 1 with StrongPasswordProcessor
use of io.pravega.shared.security.crypto.StrongPasswordProcessor in project pravega by pravega.
the class PasswordFileCreatorTool method main.
public static void main(String[] args) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
String fileName = args[0];
StrongPasswordProcessor passwordEncryptor = StrongPasswordProcessor.builder().build();
try (FileWriter writer = new FileWriter(fileName);
BufferedReader bufferRead = new BufferedReader(new InputStreamReader(System.in))) {
while (true) {
String s = bufferRead.readLine();
if (Strings.isNullOrEmpty(s)) {
break;
}
String[] lists = s.split(":", 3);
String toWrite = lists[0] + ":" + passwordEncryptor.encryptPassword(lists[1]) + ":" + lists[2];
writer.write(toWrite + "\n");
writer.flush();
}
}
}
Also used :
StrongPasswordProcessor(io.pravega.shared.security.crypto.StrongPasswordProcessor)
InputStreamReader(java.io.InputStreamReader)
FileWriter(java.io.FileWriter)
BufferedReader(java.io.BufferedReader)
Example 2 with StrongPasswordProcessor
use of io.pravega.shared.security.crypto.StrongPasswordProcessor in project pravega by pravega.
the class TestUtils method preparePasswordInputFileEntries.
/**
* Prepares a list of password auth handler user account database file entries. The
* {@link io.pravega.test.integration.demo.ClusterWrapper} accepts entries in the returned format.
*
* @param entries ACLs by user
* @param password the plaintext password for each user
* @return Password auth handler user account database entries
*/
@SneakyThrows
public static List<PasswordAuthHandlerInput.Entry> preparePasswordInputFileEntries(Map<String, String> entries, String password) {
StrongPasswordProcessor passwordProcessor = StrongPasswordProcessor.builder().build();
String encryptedPassword = passwordProcessor.encryptPassword(password);
List<PasswordAuthHandlerInput.Entry> result = new ArrayList<>();
entries.forEach((k, v) -> result.add(PasswordAuthHandlerInput.Entry.of(k, encryptedPassword, v)));
return result;
}
Also used :
StrongPasswordProcessor(io.pravega.shared.security.crypto.StrongPasswordProcessor)
ArrayList(java.util.ArrayList)
SneakyThrows(lombok.SneakyThrows)
Example 3 with StrongPasswordProcessor
use of io.pravega.shared.security.crypto.StrongPasswordProcessor in project pravega by pravega.
the class ControllerGrpcListStreamsTest method preparePasswordInputFileEntries.
// region Private methods
private List<PasswordAuthHandlerInput.Entry> preparePasswordInputFileEntries(Map<String, String> entries) {
StrongPasswordProcessor passwordProcessor = StrongPasswordProcessor.builder().build();
try {
String encryptedPassword = passwordProcessor.encryptPassword("1111_aaaa");
List<PasswordAuthHandlerInput.Entry> result = new ArrayList<>();
entries.forEach((k, v) -> result.add(PasswordAuthHandlerInput.Entry.of(k, encryptedPassword, v)));
return result;
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
throw new RuntimeException(e);
}
}
Also used :
StrongPasswordProcessor(io.pravega.shared.security.crypto.StrongPasswordProcessor)
ArrayList(java.util.ArrayList)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
Example 4 with StrongPasswordProcessor
use of io.pravega.shared.security.crypto.StrongPasswordProcessor in project pravega by pravega.
the class SecureStreamMetaDataTests method setup.
@Override
@Before
public void setup() throws Exception {
File file = File.createTempFile("SecureStreamMetaDataTests", ".txt");
StrongPasswordProcessor passwordEncryptor = StrongPasswordProcessor.builder().build();
try (FileWriter writer = new FileWriter(file.getAbsolutePath())) {
String passwd = passwordEncryptor.encryptPassword("1111_aaaa");
// Admin has READ_WRITE permission to everything
addAuthFileEntry(writer, "admin", passwd, Collections.singletonList("prn::*,READ_UPDATE"));
// User "user1" can:
// - list, create and delete scopes
// - Create and delete streams within scopes "scope1" and "scope2". Also if "user1" lists scopes,
// she'll see those scopes, but not "scope3".
addAuthFileEntry(writer, "user1", passwd, Arrays.asList("prn::/,READ_UPDATE", "prn::/scope:scope1,READ_UPDATE", "prn::/scope:scope1/*,READ_UPDATE", "prn::/scope:scope2,READ_UPDATE", "prn::/scope:scope2/*,READ_UPDATE\n"));
addAuthFileEntry(writer, "user2", passwd, Arrays.asList("prn::/,READ", "prn::/scope:scope3,READ_UPDATE"));
}
this.authManager = new AuthHandlerManager(GRPCServerConfigImpl.builder().authorizationEnabled(true).tlsCertFile(SecurityConfigDefaults.TLS_SERVER_CERT_PATH).tlsKeyFile(SecurityConfigDefaults.TLS_SERVER_PRIVATE_KEY_PATH).userPasswordFile(file.getAbsolutePath()).port(1000).build());
super.setup();
}
Also used :
StrongPasswordProcessor(io.pravega.shared.security.crypto.StrongPasswordProcessor)
FileWriter(java.io.FileWriter)
AuthHandlerManager(io.pravega.shared.rest.security.AuthHandlerManager)
File(java.io.File)
Before(org.junit.Before)
Example 5 with StrongPasswordProcessor
use of io.pravega.shared.security.crypto.StrongPasswordProcessor in project pravega by pravega.
the class StreamMetaDataAuthFocusedTests method initializer.
// region Test class initializer and cleanup
@BeforeClass
public static void initializer() throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
passwordHandlerInputFile = File.createTempFile("AuthFocusedTests", ".txt");
StrongPasswordProcessor passwordEncryptor = StrongPasswordProcessor.builder().build();
try (FileWriter writer = new FileWriter(passwordHandlerInputFile.getAbsolutePath())) {
String encryptedPassword = passwordEncryptor.encryptPassword(DEFAULT_PASSWORD);
// This user can do anything in the system.
writer.write(credentialsAndAclAsString(USER_PRIVILEGED, encryptedPassword, "prn::*,READ_UPDATE"));
writer.write(credentialsAndAclAsString(USER_SCOPE_CREATOR, encryptedPassword, "prn::/,READ_UPDATE"));
// This user can list scopes and upon listing will see all scopes (/*).
writer.write(credentialsAndAclAsString(USER_SCOPE_LISTER, encryptedPassword, "prn::/,READ;prn::/*,READ"));
// This user can list, read, update, delete all scopes. Upon listing scopes, this user will see all scopes.
writer.write(credentialsAndAclAsString(USER_SCOPE_MANAGER, encryptedPassword, "prn::/,READ_UPDATE;prn::/*,READ_UPDATE"));
// This user can create, update, delete all child objects of a scope (streams, reader groups, etc.)
writer.write(credentialsAndAclAsString(USER_STREAMS_IN_A_SCOPE_CREATOR, encryptedPassword, "prn::/scope:sisc-scope,READ_UPDATE;"));
writer.write(credentialsAndAclAsString(USER_USER1, encryptedPassword, "prn::/,READ_UPDATE;prn::/scope:scope1,READ_UPDATE;prn::/scope:scope2,READ_UPDATE;"));
writer.write(credentialsAndAclAsString(USER_WITH_NO_ROOT_ACCESS, encryptedPassword, "prn::/scope:scope1,READ_UPDATE;prn::/scope:scope2,READ_UPDATE;"));
writer.write(credentialsAndAclAsString(USER_UNAUTHORIZED, encryptedPassword, "prn::/,READ_UPDATE;prn::/scope:scope1,READ_UPDATE;prn::/scope:scope2,READ_UPDATE;"));
writer.write(credentialsAndAclAsString(USER_ACCESS_TO_SUBSET_OF_SCOPES, encryptedPassword, "prn::/,READ;prn::/scope:scope3,READ_UPDATE;"));
writer.write(credentialsAndAclAsString(USER_WITH_NO_AUTHORIZATIONS, encryptedPassword, ";"));
writer.write(credentialsAndAclAsString(USER_WITH_READ_UPDATE_ROOT, encryptedPassword, "prn::/scope:scopeToDelete,READ_UPDATE;"));
writer.write(credentialsAndAclAsString(USER_ACCESS_TO_SCOPES_BUT_NOSTREAMS, encryptedPassword, "prn::/scope:myscope,READ_UPDATE;"));
writer.write(credentialsAndAclAsString(USER_ACCESS_TO_SCOPES_READ_ALLSTREAMS, encryptedPassword, "prn::/scope:myscope,READ_UPDATE;prn::/scope:myscope/*,READ;"));
writer.write(credentialsAndAclAsString(USER_ACCESS_TO_SCOPES_READUPDATE_ALLSTREAMS, encryptedPassword, "prn::/scope:myscope,READ_UPDATE;prn::/scope:myscope/*,READ_UPDATE;"));
writer.write(credentialsAndAclAsString(USER_ACCESS_TO_SCOPE_WRITE_SPECIFIC_STREAM, encryptedPassword, "prn::/scope:myscope,READ_UPDATE;prn::/scope:myscope/stream:stream1,READ_UPDATE;"));
}
AuthHandlerManager authManager = new AuthHandlerManager(GRPCServerConfigImpl.builder().authorizationEnabled(true).userPasswordFile(passwordHandlerInputFile.getAbsolutePath()).port(1000).build());
ServerBuilder<?> server = ServerBuilder.forPort(TestUtils.getAvailableListenPort());
GrpcAuthHelper.registerInterceptors(authManager.getHandlerMap(), server);
mockControllerService = mock(ControllerService.class);
serverConfig = RESTServerConfigImpl.builder().host("localhost").port(TestUtils.getAvailableListenPort()).build();
LocalController controller = new LocalController(mockControllerService, false, "");
connectionFactory = new SocketConnectionFactoryImpl(ClientConfig.builder().controllerURI(URI.create("tcp://localhost")).build());
restServer = new RESTServer(serverConfig, Set.of(new StreamMetadataResourceImpl(controller, mockControllerService, authManager, connectionFactory, ClientConfig.builder().build())));
restServer.startAsync();
restServer.awaitRunning();
client = ClientBuilder.newClient();
}
Also used :
StrongPasswordProcessor(io.pravega.shared.security.crypto.StrongPasswordProcessor)
LocalController(io.pravega.controller.server.eventProcessor.LocalController)
FileWriter(java.io.FileWriter)
AuthHandlerManager(io.pravega.shared.rest.security.AuthHandlerManager)
StreamMetadataResourceImpl(io.pravega.controller.server.rest.resources.StreamMetadataResourceImpl)
AuthFileUtils.credentialsAndAclAsString(io.pravega.auth.AuthFileUtils.credentialsAndAclAsString)
RESTServer(io.pravega.shared.rest.RESTServer)
SocketConnectionFactoryImpl(io.pravega.client.connection.impl.SocketConnectionFactoryImpl)
ControllerService(io.pravega.controller.server.ControllerService)
BeforeClass(org.junit.BeforeClass)
Aggregations
StrongPasswordProcessor (io.pravega.shared.security.crypto.StrongPasswordProcessor)10
FileWriter (java.io.FileWriter)4
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)3
StatusRuntimeException (io.grpc.StatusRuntimeException)2
AuthFileUtils.credentialsAndAclAsString (io.pravega.auth.AuthFileUtils.credentialsAndAclAsString)2
AuthHandlerManager (io.pravega.shared.rest.security.AuthHandlerManager)2
File (java.io.File)2
ArrayList (java.util.ArrayList)2
SocketConnectionFactoryImpl (io.pravega.client.connection.impl.SocketConnectionFactoryImpl)1
ControllerService (io.pravega.controller.server.ControllerService)1
LocalController (io.pravega.controller.server.eventProcessor.LocalController)1
StreamMetadataResourceImpl (io.pravega.controller.server.rest.resources.StreamMetadataResourceImpl)1
RESTServer (io.pravega.shared.rest.RESTServer)1
PasswordAuthHandlerInput (io.pravega.shared.security.auth.PasswordAuthHandlerInput)1
BufferedReader (java.io.BufferedReader)1
IOException (java.io.IOException)1
InputStreamReader (java.io.InputStreamReader)1
SneakyThrows (lombok.SneakyThrows)1
Before (org.junit.Before)1
