Examples with AuthenticationTokenIdentifier org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier used on opensource projects

Search in sources :

Example 1 with AuthenticationTokenIdentifier

use of org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier in project accumulo by apache.

the class SaslDigestCallbackHandlerTest method testTokenSerialization.

@Test
public void testTokenSerialization() throws Exception {
    Instance instance = createMock(Instance.class);
    AuthenticationTokenSecretManager secretManager = new AuthenticationTokenSecretManager(instance, 1000l);
    expect(instance.getInstanceID()).andReturn("instanceid");
    replay(instance);
    secretManager.addKey(new AuthenticationKey(1, 0l, 100l, keyGen.generateKey()));
    Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> entry = secretManager.generateToken("user", cfg);
    byte[] password = entry.getKey().getPassword();
    char[] encodedPassword = handler.encodePassword(password);
    char[] computedPassword = handler.getPassword(secretManager, entry.getValue());
    verify(instance);
    assertArrayEquals(computedPassword, encodedPassword);
}
Also used : Instance(org.apache.accumulo.core.client.Instance) AuthenticationKey(org.apache.accumulo.server.security.delegation.AuthenticationKey) AuthenticationTokenIdentifier(org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier) AuthenticationTokenSecretManager(org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager) Token(org.apache.hadoop.security.token.Token) Test(org.junit.Test)

Example 2 with AuthenticationTokenIdentifier

use of org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier in project accumulo by apache.

the class SaslDigestCallbackHandlerTest method testTokenAndIdentifierSerialization.

@Test
public void testTokenAndIdentifierSerialization() throws Exception {
    Instance instance = createMock(Instance.class);
    AuthenticationTokenSecretManager secretManager = new AuthenticationTokenSecretManager(instance, 1000l);
    expect(instance.getInstanceID()).andReturn("instanceid");
    replay(instance);
    secretManager.addKey(new AuthenticationKey(1, 0l, 1000 * 100l, keyGen.generateKey()));
    Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> entry = secretManager.generateToken("user", cfg);
    byte[] password = entry.getKey().getPassword();
    char[] encodedPassword = handler.encodePassword(password);
    String name = handler.encodeIdentifier(entry.getValue().getBytes());
    byte[] decodedIdentifier = handler.decodeIdentifier(name);
    AuthenticationTokenIdentifier identifier = new AuthenticationTokenIdentifier();
    identifier.readFields(new DataInputStream(new ByteArrayInputStream(decodedIdentifier)));
    char[] computedPassword = handler.getPassword(secretManager, identifier);
    verify(instance);
    assertArrayEquals(computedPassword, encodedPassword);
}
Also used : Instance(org.apache.accumulo.core.client.Instance) ByteArrayInputStream(java.io.ByteArrayInputStream) AuthenticationKey(org.apache.accumulo.server.security.delegation.AuthenticationKey) AuthenticationTokenIdentifier(org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier) AuthenticationTokenSecretManager(org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager) Token(org.apache.hadoop.security.token.Token) DataInputStream(java.io.DataInputStream) Test(org.junit.Test)

Example 3 with AuthenticationTokenIdentifier

use of org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier in project accumulo by apache.

the class AuthenticationTokenSecretManagerTest method testTokenIssuedInFuture.

@Test(expected = InvalidToken.class)
public void testTokenIssuedInFuture() throws Exception {
    // start of the test
    long then = System.currentTimeMillis();
    long tokenLifetime = 60 * 1000;
    AuthenticationTokenSecretManager secretManager = new AuthenticationTokenSecretManager(instance, tokenLifetime);
    // Add a current key
    secretManager.addKey(new AuthenticationKey(1, then, then + tokenLifetime, keyGen.generateKey()));
    String principal = "user@EXAMPLE.COM";
    Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> pair = secretManager.generateToken(principal, cfg);
    Token<AuthenticationTokenIdentifier> token = pair.getKey();
    // Reconstitute the token identifier (will happen when clients are involved)
    AuthenticationTokenIdentifier id = new AuthenticationTokenIdentifier();
    id.readFields(new DataInputStream(new ByteArrayInputStream(token.getIdentifier())));
    // Increase the value of issueDate
    id.setIssueDate(Long.MAX_VALUE);
    secretManager.retrievePassword(id);
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) AuthenticationTokenIdentifier(org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier) InvalidToken(org.apache.hadoop.security.token.SecretManager.InvalidToken) Token(org.apache.hadoop.security.token.Token) DataInputStream(java.io.DataInputStream) Test(org.junit.Test)

Example 4 with AuthenticationTokenIdentifier

use of org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier in project accumulo by apache.

the class AuthenticationTokenSecretManagerTest method testVerifyPassword.

@Test
public void testVerifyPassword() throws Exception {
    // start of the test
    long then = System.currentTimeMillis();
    // 1 minute
    long tokenLifetime = 60 * 1000;
    AuthenticationTokenSecretManager secretManager = new AuthenticationTokenSecretManager(instance, tokenLifetime);
    // Add a current key
    secretManager.addKey(new AuthenticationKey(1, then, then + tokenLifetime, keyGen.generateKey()));
    String principal = "user@EXAMPLE.COM";
    Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> pair = secretManager.generateToken(principal, cfg);
    Token<AuthenticationTokenIdentifier> token = pair.getKey();
    AuthenticationTokenIdentifier id = new AuthenticationTokenIdentifier();
    id.readFields(new DataInputStream(new ByteArrayInputStream(token.getIdentifier())));
    byte[] password = secretManager.retrievePassword(id);
    // The passwords line up against multiple calls with the same ID
    assertArrayEquals(password, secretManager.retrievePassword(id));
    // Make a second token for the same user
    Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> pair2 = secretManager.generateToken(principal, cfg);
    Token<AuthenticationTokenIdentifier> token2 = pair2.getKey();
    // Reconstitute the token identifier (will happen when clients are involved)
    AuthenticationTokenIdentifier id2 = new AuthenticationTokenIdentifier();
    id2.readFields(new DataInputStream(new ByteArrayInputStream(token2.getIdentifier())));
    // Get the password
    byte[] password2 = secretManager.retrievePassword(id2);
    // It should be different than the password for the first user.
    assertFalse("Different tokens for the same user shouldn't have the same password", Arrays.equals(password, password2));
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) AuthenticationTokenIdentifier(org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier) InvalidToken(org.apache.hadoop.security.token.SecretManager.InvalidToken) Token(org.apache.hadoop.security.token.Token) DataInputStream(java.io.DataInputStream) Test(org.junit.Test)

Example 5 with AuthenticationTokenIdentifier

use of org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier in project accumulo by apache.

the class AuthenticationTokenSecretManagerTest method testRolledMasterKey.

@Test(expected = InvalidToken.class)
public void testRolledMasterKey() throws Exception {
    // start of the test
    long then = System.currentTimeMillis();
    long tokenLifetime = 60 * 1000;
    AuthenticationTokenSecretManager secretManager = new AuthenticationTokenSecretManager(instance, tokenLifetime);
    // Add a current key
    AuthenticationKey authKey1 = new AuthenticationKey(1, then, then + tokenLifetime, keyGen.generateKey());
    secretManager.addKey(authKey1);
    String principal = "user@EXAMPLE.COM";
    Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> pair = secretManager.generateToken(principal, cfg);
    Token<AuthenticationTokenIdentifier> token = pair.getKey();
    AuthenticationTokenIdentifier id = new AuthenticationTokenIdentifier();
    id.readFields(new DataInputStream(new ByteArrayInputStream(token.getIdentifier())));
    long now = System.currentTimeMillis();
    secretManager.addKey(new AuthenticationKey(2, now, now + tokenLifetime, keyGen.generateKey()));
    // Should succeed -- the SecretManager still has authKey1
    secretManager.retrievePassword(id);
    // Remove authKey1
    secretManager.removeKey(authKey1.getKeyId());
    // Should fail -- authKey1 (presumably) expired, cannot authenticate
    secretManager.retrievePassword(id);
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) AuthenticationTokenIdentifier(org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier) InvalidToken(org.apache.hadoop.security.token.SecretManager.InvalidToken) Token(org.apache.hadoop.security.token.Token) DataInputStream(java.io.DataInputStream) Test(org.junit.Test)

Aggregations

AuthenticationTokenIdentifier (org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier)30 Test (org.junit.Test)20 ByteArrayInputStream (java.io.ByteArrayInputStream)13 DataInputStream (java.io.DataInputStream)13 Token (org.apache.hadoop.security.token.Token)13 DelegationTokenImpl (org.apache.accumulo.core.client.impl.DelegationTokenImpl)11 IOException (java.io.IOException)7 AccumuloException (org.apache.accumulo.core.client.AccumuloException)7 AccumuloSecurityException (org.apache.accumulo.core.client.AccumuloSecurityException)6 Instance (org.apache.accumulo.core.client.Instance)6 TableNotFoundException (org.apache.accumulo.core.client.TableNotFoundException)6 DelegationTokenConfig (org.apache.accumulo.core.client.admin.DelegationTokenConfig)6 KerberosToken (org.apache.accumulo.core.client.security.tokens.KerberosToken)6 InvalidToken (org.apache.hadoop.security.token.SecretManager.InvalidToken)6 Connector (org.apache.accumulo.core.client.Connector)5 AuthenticationToken (org.apache.accumulo.core.client.security.tokens.AuthenticationToken)5 DelegationToken (org.apache.accumulo.core.client.security.tokens.DelegationToken)4 PasswordToken (org.apache.accumulo.core.client.security.tokens.PasswordToken)4 ByteArrayOutputStream (java.io.ByteArrayOutputStream)3 DataOutputStream (java.io.DataOutputStream)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial