use of org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager in project accumulo by apache.
the class SaslDigestCallbackHandlerTest method testTokenSerialization.
@Test
public void testTokenSerialization() throws Exception {
Instance instance = createMock(Instance.class);
AuthenticationTokenSecretManager secretManager = new AuthenticationTokenSecretManager(instance, 1000l);
expect(instance.getInstanceID()).andReturn("instanceid");
replay(instance);
secretManager.addKey(new AuthenticationKey(1, 0l, 100l, keyGen.generateKey()));
Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> entry = secretManager.generateToken("user", cfg);
byte[] password = entry.getKey().getPassword();
char[] encodedPassword = handler.encodePassword(password);
char[] computedPassword = handler.getPassword(secretManager, entry.getValue());
verify(instance);
assertArrayEquals(computedPassword, encodedPassword);
}
use of org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager in project accumulo by apache.
the class SaslDigestCallbackHandlerTest method testTokenAndIdentifierSerialization.
@Test
public void testTokenAndIdentifierSerialization() throws Exception {
Instance instance = createMock(Instance.class);
AuthenticationTokenSecretManager secretManager = new AuthenticationTokenSecretManager(instance, 1000l);
expect(instance.getInstanceID()).andReturn("instanceid");
replay(instance);
secretManager.addKey(new AuthenticationKey(1, 0l, 1000 * 100l, keyGen.generateKey()));
Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> entry = secretManager.generateToken("user", cfg);
byte[] password = entry.getKey().getPassword();
char[] encodedPassword = handler.encodePassword(password);
String name = handler.encodeIdentifier(entry.getValue().getBytes());
byte[] decodedIdentifier = handler.decodeIdentifier(name);
AuthenticationTokenIdentifier identifier = new AuthenticationTokenIdentifier();
identifier.readFields(new DataInputStream(new ByteArrayInputStream(decodedIdentifier)));
char[] computedPassword = handler.getPassword(secretManager, identifier);
verify(instance);
assertArrayEquals(computedPassword, encodedPassword);
}
use of org.apache.accumulo.server.security.delegation.AuthenticationTokenSecretManager in project accumulo by apache.
the class MasterClientServiceHandler method getDelegationToken.
@Override
public TDelegationToken getDelegationToken(TInfo tinfo, TCredentials credentials, TDelegationTokenConfig tConfig) throws ThriftSecurityException, TException {
if (!master.security.canObtainDelegationToken(credentials)) {
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
}
// Round-about way to verify that SASL is also enabled.
if (!master.delegationTokensAvailable()) {
throw new TException("Delegation tokens are not available for use");
}
final DelegationTokenConfig config = DelegationTokenConfigSerializer.deserialize(tConfig);
final AuthenticationTokenSecretManager secretManager = master.getSecretManager();
try {
Entry<Token<AuthenticationTokenIdentifier>, AuthenticationTokenIdentifier> pair = secretManager.generateToken(credentials.principal, config);
return new TDelegationToken(ByteBuffer.wrap(pair.getKey().getPassword()), pair.getValue().getThriftIdentifier());
} catch (Exception e) {
throw new TException(e.getMessage());
}
}
Aggregations