Search in sources :

Example 1 with AuthenticationTokenSecretManager

use of org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager in project accumulo by apache.

the class SaslDigestCallbackHandlerTest method testTokenSerialization.

@Test
public void testTokenSerialization() throws Exception {
    Instance instance = createMock(Instance.class);
    AuthenticationTokenSecretManager secretManager = new AuthenticationTokenSecretManager(instance, 1000l);
    expect(instance.getInstanceID()).andReturn("instanceid");
    replay(instance);
    secretManager.addKey(new AuthenticationKey(1, 0l, 100l, keyGen.generateKey()));
    Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> entry = secretManager.generateToken("user", cfg);
    byte[] password = entry.getKey().getPassword();
    char[] encodedPassword = handler.encodePassword(password);
    char[] computedPassword = handler.getPassword(secretManager, entry.getValue());
    verify(instance);
    assertArrayEquals(computedPassword, encodedPassword);
}
Also used : Instance(org.apache.accumulo.core.client.Instance) AuthenticationKey(org.apache.accumulo.server.security.delegation.AuthenticationKey) AuthenticationTokenIdentifier(org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier) AuthenticationTokenSecretManager(org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager) Token(org.apache.hadoop.security.token.Token) Test(org.junit.Test)

Example 2 with AuthenticationTokenSecretManager

use of org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager in project accumulo by apache.

the class SaslDigestCallbackHandlerTest method testTokenAndIdentifierSerialization.

@Test
public void testTokenAndIdentifierSerialization() throws Exception {
    Instance instance = createMock(Instance.class);
    AuthenticationTokenSecretManager secretManager = new AuthenticationTokenSecretManager(instance, 1000l);
    expect(instance.getInstanceID()).andReturn("instanceid");
    replay(instance);
    secretManager.addKey(new AuthenticationKey(1, 0l, 1000 * 100l, keyGen.generateKey()));
    Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> entry = secretManager.generateToken("user", cfg);
    byte[] password = entry.getKey().getPassword();
    char[] encodedPassword = handler.encodePassword(password);
    String name = handler.encodeIdentifier(entry.getValue().getBytes());
    byte[] decodedIdentifier = handler.decodeIdentifier(name);
    AuthenticationTokenIdentifier identifier = new AuthenticationTokenIdentifier();
    identifier.readFields(new DataInputStream(new ByteArrayInputStream(decodedIdentifier)));
    char[] computedPassword = handler.getPassword(secretManager, identifier);
    verify(instance);
    assertArrayEquals(computedPassword, encodedPassword);
}
Also used : Instance(org.apache.accumulo.core.client.Instance) ByteArrayInputStream(java.io.ByteArrayInputStream) AuthenticationKey(org.apache.accumulo.server.security.delegation.AuthenticationKey) AuthenticationTokenIdentifier(org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier) AuthenticationTokenSecretManager(org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager) Token(org.apache.hadoop.security.token.Token) DataInputStream(java.io.DataInputStream) Test(org.junit.Test)

Example 3 with AuthenticationTokenSecretManager

use of org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager in project accumulo by apache.

the class MasterClientServiceHandler method getDelegationToken.

@Override
public TDelegationToken getDelegationToken(TInfo tinfo, TCredentials credentials, TDelegationTokenConfig tConfig) throws ThriftSecurityException, TException {
    if (!master.security.canObtainDelegationToken(credentials)) {
        throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
    }
    // Round-about way to verify that SASL is also enabled.
    if (!master.delegationTokensAvailable()) {
        throw new TException("Delegation tokens are not available for use");
    }
    final DelegationTokenConfig config = DelegationTokenConfigSerializer.deserialize(tConfig);
    final AuthenticationTokenSecretManager secretManager = master.getSecretManager();
    try {
        Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> pair = secretManager.generateToken(credentials.principal, config);
        return new TDelegationToken(ByteBuffer.wrap(pair.getKey().getPassword()), pair.getValue().getThriftIdentifier());
    } catch (Exception e) {
        throw new TException(e.getMessage());
    }
}
Also used : TException(org.apache.thrift.TException) DelegationTokenConfig(org.apache.accumulo.core.client.admin.DelegationTokenConfig) TDelegationTokenConfig(org.apache.accumulo.core.security.thrift.TDelegationTokenConfig) AuthenticationTokenIdentifier(org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier) AuthenticationTokenSecretManager(org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager) TDelegationToken(org.apache.accumulo.core.security.thrift.TDelegationToken) TDelegationToken(org.apache.accumulo.core.security.thrift.TDelegationToken) Token(org.apache.hadoop.security.token.Token) ThriftSecurityException(org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException) TableNotFoundException(org.apache.accumulo.core.client.TableNotFoundException) InvalidProtocolBufferException(com.google.protobuf.InvalidProtocolBufferException) ThriftSecurityException(org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException) AccumuloSecurityException(org.apache.accumulo.core.client.AccumuloSecurityException) TabletDeletedException(org.apache.accumulo.server.util.TabletIterator.TabletDeletedException) KeeperException(org.apache.zookeeper.KeeperException) TException(org.apache.thrift.TException) AccumuloException(org.apache.accumulo.core.client.AccumuloException) NoNodeException(org.apache.zookeeper.KeeperException.NoNodeException) ThriftTableOperationException(org.apache.accumulo.core.client.impl.thrift.ThriftTableOperationException)

Aggregations

AuthenticationTokenIdentifier (org.apache.accumulo.core.client.impl.AuthenticationTokenIdentifier)3 AuthenticationTokenSecretManager (org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager)3 Token (org.apache.hadoop.security.token.Token)3 Instance (org.apache.accumulo.core.client.Instance)2 AuthenticationKey (org.apache.accumulo.server.security.delegation.AuthenticationKey)2 Test (org.junit.Test)2 InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 DataInputStream (java.io.DataInputStream)1 AccumuloException (org.apache.accumulo.core.client.AccumuloException)1 AccumuloSecurityException (org.apache.accumulo.core.client.AccumuloSecurityException)1 TableNotFoundException (org.apache.accumulo.core.client.TableNotFoundException)1 DelegationTokenConfig (org.apache.accumulo.core.client.admin.DelegationTokenConfig)1 ThriftSecurityException (org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException)1 ThriftTableOperationException (org.apache.accumulo.core.client.impl.thrift.ThriftTableOperationException)1 TDelegationToken (org.apache.accumulo.core.security.thrift.TDelegationToken)1 TDelegationTokenConfig (org.apache.accumulo.core.security.thrift.TDelegationTokenConfig)1 TabletDeletedException (org.apache.accumulo.server.util.TabletIterator.TabletDeletedException)1 TException (org.apache.thrift.TException)1 KeeperException (org.apache.zookeeper.KeeperException)1