Examples with AuthenticationTokenIdentifier org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier used on opensource projects

Example 26 with AuthenticationTokenIdentifier

use of org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier in project accumulo by apache.

the class AuthenticationTokenSecretManagerTest method testRolledManagerKey.

@Test
public void testRolledManagerKey() throws Exception {
    // start of the test
    long then = System.currentTimeMillis();
    long tokenLifetime = MINUTES.toMillis(1);
    AuthenticationTokenSecretManager secretManager = new AuthenticationTokenSecretManager(instanceId, tokenLifetime);
    // Add a current key
    AuthenticationKey authKey1 = new AuthenticationKey(1, then, then + tokenLifetime, keyGen.generateKey());
    secretManager.addKey(authKey1);
    String principal = "user@EXAMPLE.COM";
    Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> pair = secretManager.generateToken(principal, cfg);
    Token<AuthenticationTokenIdentifier> token = pair.getKey();
    AuthenticationTokenIdentifier id = new AuthenticationTokenIdentifier();
    id.readFields(new DataInputStream(new ByteArrayInputStream(token.getIdentifier())));
    long now = System.currentTimeMillis();
    secretManager.addKey(new AuthenticationKey(2, now, now + tokenLifetime, keyGen.generateKey()));
    // Should succeed -- the SecretManager still has authKey1
    secretManager.retrievePassword(id);
    // Remove authKey1
    secretManager.removeKey(authKey1.getKeyId());
    // Should fail -- authKey1 (presumably) expired, cannot authenticate
    assertThrows(InvalidToken.class, () -> secretManager.retrievePassword(id));
}

Example 27 with AuthenticationTokenIdentifier

use of org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier in project accumulo by apache.

the class AuthenticationTokenSecretManagerTest method testGenerateToken.

@Test
public void testGenerateToken() throws Exception {
    // start of the test
    long then = System.currentTimeMillis();
    // 1 minute
    long tokenLifetime = MINUTES.toMillis(1);
    AuthenticationTokenSecretManager secretManager = new AuthenticationTokenSecretManager(instanceId, tokenLifetime);
    // Add a current key
    secretManager.addKey(new AuthenticationKey(1, then, then + tokenLifetime, keyGen.generateKey()));
    String principal = "user@EXAMPLE.COM";
    Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> pair = secretManager.generateToken(principal, cfg);
    assertNotNull(pair);
    Token<AuthenticationTokenIdentifier> token = pair.getKey();
    assertNotNull(token);
    assertEquals(AuthenticationTokenIdentifier.TOKEN_KIND, token.getKind());
    // Reconstitute the token identifier (will happen when clients are involved)
    AuthenticationTokenIdentifier id = new AuthenticationTokenIdentifier();
    id.readFields(new DataInputStream(new ByteArrayInputStream(token.getIdentifier())));
    long now = System.currentTimeMillis();
    // Issue date should be after the test started, but before we deserialized the token
    assertTrue("Issue date did not fall within the expected upper bound. Expected less than " + now + ", but was " + id.getIssueDate(), id.getIssueDate() <= now);
    assertTrue("Issue date did not fall within the expected lower bound. Expected greater than " + then + ", but was " + id.getIssueDate(), id.getIssueDate() >= then);
    // Expiration is the token lifetime plus the issue date
    assertEquals(id.getIssueDate() + tokenLifetime, id.getExpirationDate());
    // Verify instance ID
    assertEquals(instanceId, id.getInstanceId());
    // The returned id should be the same as the reconstructed id
    assertEquals(pair.getValue(), id);
}

Example 28 with AuthenticationTokenIdentifier

use of org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier in project accumulo by apache.

the class AuthenticationTokenSecretManagerTest method testExpiredPasswordsThrowError.

@Test
public void testExpiredPasswordsThrowError() throws Exception {
    // start of the test
    long then = System.currentTimeMillis();
    // 500ms lifetime
    long tokenLifetime = 500;
    AuthenticationTokenSecretManager secretManager = new AuthenticationTokenSecretManager(instanceId, tokenLifetime);
    // Add a current key
    secretManager.addKey(new AuthenticationKey(1, then, then + tokenLifetime, keyGen.generateKey()));
    String principal = "user@EXAMPLE.COM";
    Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> pair = secretManager.generateToken(principal, cfg);
    Token<AuthenticationTokenIdentifier> token = pair.getKey();
    // Add a small buffer to make sure we move past the expiration of 0 for the token.
    Thread.sleep(1000);
    // Reconstitute the token identifier (will happen when clients are involved)
    AuthenticationTokenIdentifier id = new AuthenticationTokenIdentifier();
    id.readFields(new DataInputStream(new ByteArrayInputStream(token.getIdentifier())));
    assertThrows(InvalidToken.class, () -> secretManager.retrievePassword(id));
}

Example 29 with AuthenticationTokenIdentifier

use of org.apache.accumulo.core.clientImpl.AuthenticationTokenIdentifier in project accumulo by apache.

the class SaslDigestCallbackHandlerTest method testIdentifierSerialization.

@Test
public void testIdentifierSerialization() throws IOException {
    var tAuthIdentifier = createTAuthIdentifier("user", 1, 100L, 1000L, "instanceid");
    var identifier = new AuthenticationTokenIdentifier(tAuthIdentifier);
    byte[] serialized = identifier.getBytes();
    String name = handler.encodeIdentifier(serialized);
    byte[] reserialized = handler.decodeIdentifier(name);
    assertArrayEquals(serialized, reserialized);
    AuthenticationTokenIdentifier copy = new AuthenticationTokenIdentifier();
    copy.readFields(new DataInputStream(new ByteArrayInputStream(reserialized)));
    assertEquals(identifier, copy);
}