Search in sources :

Example 1 with InternalLogWriter

use of org.apache.geode.internal.logging.InternalLogWriter in project geode by apache.

the class RoutingObject method dump.

protected static void dump() {
    final InternalLogWriter logger = LogWriterUtils.getLogWriter();
    ((PartitionedRegion) customerPR).dumpAllBuckets(false);
    ((PartitionedRegion) orderPR).dumpAllBuckets(false);
    ((PartitionedRegion) shipmentPR).dumpAllBuckets(false);
    for (int i = 0; i < 6; i++) {
        ((PartitionedRegion) customerPR).dumpB2NForBucket(i);
    }
    for (int i = 0; i < 6; i++) {
        ((PartitionedRegion) orderPR).dumpB2NForBucket(i);
    }
    for (int i = 0; i < 6; i++) {
        ((PartitionedRegion) shipmentPR).dumpB2NForBucket(i);
    }
}
Also used : InternalLogWriter(org.apache.geode.internal.logging.InternalLogWriter) PartitionedRegion(org.apache.geode.internal.cache.PartitionedRegion)

Example 2 with InternalLogWriter

use of org.apache.geode.internal.logging.InternalLogWriter in project geode by apache.

the class LocatorLoadBalancingDUnitTest method checkLocatorLoad.

public void checkLocatorLoad(final Map expected) {
    List locators = Locator.getLocators();
    Assert.assertEquals(1, locators.size());
    InternalLocator locator = (InternalLocator) locators.get(0);
    final ServerLocator sl = locator.getServerLocatorAdvisee();
    InternalLogWriter log = new LocalLogWriter(InternalLogWriter.FINEST_LEVEL, System.out);
    sl.getDistributionAdvisor().dumpProfiles("PROFILES= ");
    Awaitility.await().pollDelay(100, TimeUnit.MILLISECONDS).pollInterval(100, TimeUnit.MILLISECONDS).timeout(300, TimeUnit.SECONDS).until(() -> expected.equals(sl.getLoadMap()));
}
Also used : InternalLocator(org.apache.geode.distributed.internal.InternalLocator) InternalLogWriter(org.apache.geode.internal.logging.InternalLogWriter) List(java.util.List) LocalLogWriter(org.apache.geode.internal.logging.LocalLogWriter) ServerLocator(org.apache.geode.distributed.internal.ServerLocator)

Example 3 with InternalLogWriter

use of org.apache.geode.internal.logging.InternalLogWriter in project geode by apache.

the class HandShake method readCredentials.

// This assumes that authentication is the last piece of info in handshake
public static Properties readCredentials(DataInputStream dis, DataOutputStream dos, DistributedSystem system) throws GemFireSecurityException, IOException {
    boolean requireAuthentication = securityService.isClientSecurityRequired();
    Properties credentials = null;
    try {
        byte secureMode = dis.readByte();
        throwIfMissingRequiredCredentials(requireAuthentication, secureMode != CREDENTIALS_NONE);
        if (secureMode == CREDENTIALS_NORMAL) {
            if (requireAuthentication) {
                credentials = DataSerializer.readProperties(dis);
            } else {
                // ignore the credentials
                DataSerializer.readProperties(dis);
            }
        } else if (secureMode == CREDENTIALS_DHENCRYPT) {
            boolean sendAuthentication = dis.readBoolean();
            InternalLogWriter securityLogWriter = (InternalLogWriter) system.getSecurityLogWriter();
            // Get the symmetric encryption algorithm to be used
            String skAlgo = DataSerializer.readString(dis);
            // Get the public key of the other side
            byte[] keyBytes = DataSerializer.readByteArray(dis);
            byte[] challenge = null;
            PublicKey pubKey = null;
            if (requireAuthentication) {
                // Generate PublicKey from encoded form
                X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
                KeyFactory keyFact = KeyFactory.getInstance("DH");
                pubKey = keyFact.generatePublic(x509KeySpec);
                // Send the public key to other side
                keyBytes = dhPublicKey.getEncoded();
                challenge = new byte[64];
                random.nextBytes(challenge);
                // sign the challenge from client.
                if (sendAuthentication) {
                    // Get the challenge string from client
                    byte[] clientChallenge = DataSerializer.readByteArray(dis);
                    if (privateKeyEncrypt == null) {
                        throw new AuthenticationFailedException(LocalizedStrings.HandShake_SERVER_PRIVATE_KEY_NOT_AVAILABLE_FOR_CREATING_SIGNATURE.toLocalizedString());
                    }
                    // Sign the challenge from client and send it to the client
                    Signature sig = Signature.getInstance(privateKeySignAlgo);
                    sig.initSign(privateKeyEncrypt);
                    sig.update(clientChallenge);
                    byte[] signedBytes = sig.sign();
                    dos.writeByte(REPLY_OK);
                    DataSerializer.writeByteArray(keyBytes, dos);
                    // DataSerializer.writeString(privateKeyAlias, dos);
                    DataSerializer.writeString(privateKeySubject, dos);
                    DataSerializer.writeByteArray(signedBytes, dos);
                    securityLogWriter.fine("HandShake: sent the signed client challenge");
                } else {
                    // These two lines should not be moved before the if{} statement in
                    // a common block for both if...then...else parts. This is to handle
                    // the case when an AuthenticationFailedException is thrown by the
                    // if...then part when sending the signature.
                    dos.writeByte(REPLY_OK);
                    DataSerializer.writeByteArray(keyBytes, dos);
                }
                // Now send the server challenge
                DataSerializer.writeByteArray(challenge, dos);
                securityLogWriter.fine("HandShake: sent the public key and challenge");
                dos.flush();
                // Read and decrypt the credentials
                byte[] encBytes = DataSerializer.readByteArray(dis);
                KeyAgreement ka = KeyAgreement.getInstance("DH");
                ka.init(dhPrivateKey);
                ka.doPhase(pubKey, true);
                Cipher decrypt;
                int keysize = getKeySize(skAlgo);
                int blocksize = getBlockSize(skAlgo);
                if (keysize == -1 || blocksize == -1) {
                    SecretKey sKey = ka.generateSecret(skAlgo);
                    decrypt = Cipher.getInstance(skAlgo);
                    decrypt.init(Cipher.DECRYPT_MODE, sKey);
                } else {
                    String algoStr = getDhAlgoStr(skAlgo);
                    byte[] sKeyBytes = ka.generateSecret();
                    SecretKeySpec sks = new SecretKeySpec(sKeyBytes, 0, keysize, algoStr);
                    IvParameterSpec ivps = new IvParameterSpec(sKeyBytes, keysize, blocksize);
                    decrypt = Cipher.getInstance(algoStr + "/CBC/PKCS5Padding");
                    decrypt.init(Cipher.DECRYPT_MODE, sks, ivps);
                }
                byte[] credentialBytes = decrypt.doFinal(encBytes);
                ByteArrayInputStream bis = new ByteArrayInputStream(credentialBytes);
                DataInputStream dinp = new DataInputStream(bis);
                credentials = DataSerializer.readProperties(dinp);
                byte[] challengeRes = DataSerializer.readByteArray(dinp);
                // Check the challenge string
                if (!Arrays.equals(challenge, challengeRes)) {
                    throw new AuthenticationFailedException(LocalizedStrings.HandShake_MISMATCH_IN_CHALLENGE_BYTES_MALICIOUS_CLIENT.toLocalizedString());
                }
                dinp.close();
            } else {
                if (sendAuthentication) {
                    // Read and ignore the client challenge
                    DataSerializer.readByteArray(dis);
                }
                dos.writeByte(REPLY_AUTH_NOT_REQUIRED);
                dos.flush();
            }
        } else if (secureMode == SECURITY_MULTIUSER_NOTIFICATIONCHANNEL) {
            // hitesh there will be no credential CCP will get credential(Principal) using
            // ServerConnection..
            logger.debug("readCredential where multiuser mode creating callback connection");
        }
    } catch (IOException ex) {
        throw ex;
    } catch (GemFireSecurityException ex) {
        throw ex;
    } catch (Exception ex) {
        throw new AuthenticationFailedException(LocalizedStrings.HandShake_FAILURE_IN_READING_CREDENTIALS.toLocalizedString(), ex);
    }
    return credentials;
}
Also used : InternalLogWriter(org.apache.geode.internal.logging.InternalLogWriter) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) PublicKey(java.security.PublicKey) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) IOException(java.io.IOException) Properties(java.util.Properties) VersionedDataInputStream(org.apache.geode.internal.VersionedDataInputStream) DataInputStream(java.io.DataInputStream) ServerRefusedConnectionException(org.apache.geode.cache.client.ServerRefusedConnectionException) GemFireSecurityException(org.apache.geode.security.GemFireSecurityException) InternalGemFireException(org.apache.geode.InternalGemFireException) GatewayConfigurationException(org.apache.geode.cache.GatewayConfigurationException) EOFException(java.io.EOFException) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) GemFireConfigException(org.apache.geode.GemFireConfigException) IOException(java.io.IOException) AuthenticationRequiredException(org.apache.geode.security.AuthenticationRequiredException) SecretKey(javax.crypto.SecretKey) GemFireSecurityException(org.apache.geode.security.GemFireSecurityException) ByteArrayInputStream(java.io.ByteArrayInputStream) SecretKeySpec(javax.crypto.spec.SecretKeySpec) Signature(java.security.Signature) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) KeyAgreement(javax.crypto.KeyAgreement) KeyFactory(java.security.KeyFactory)

Example 4 with InternalLogWriter

use of org.apache.geode.internal.logging.InternalLogWriter in project geode by apache.

the class HandShake method readCredential.

// This assumes that authentication is the last piece of info in handshake
public Properties readCredential(DataInputStream dis, DataOutputStream dos, DistributedSystem system) throws GemFireSecurityException, IOException {
    Properties credentials = null;
    boolean requireAuthentication = securityService.isClientSecurityRequired();
    try {
        byte secureMode = dis.readByte();
        throwIfMissingRequiredCredentials(requireAuthentication, secureMode != CREDENTIALS_NONE);
        if (secureMode == CREDENTIALS_NORMAL) {
            this.appSecureMode = CREDENTIALS_NORMAL;
        /*
         * if (requireAuthentication) { credentials = DataSerializer.readProperties(dis); } else {
         * DataSerializer.readProperties(dis); // ignore the credentials }
         */
        } else if (secureMode == CREDENTIALS_DHENCRYPT) {
            this.appSecureMode = CREDENTIALS_DHENCRYPT;
            boolean sendAuthentication = dis.readBoolean();
            InternalLogWriter securityLogWriter = (InternalLogWriter) system.getSecurityLogWriter();
            // Get the symmetric encryption algorithm to be used
            // String skAlgo = DataSerializer.readString(dis);
            this.clientSKAlgo = DataSerializer.readString(dis);
            // Get the public key of the other side
            byte[] keyBytes = DataSerializer.readByteArray(dis);
            byte[] challenge = null;
            // PublicKey pubKey = null;
            if (requireAuthentication) {
                // Generate PublicKey from encoded form
                X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
                KeyFactory keyFact = KeyFactory.getInstance("DH");
                this.clientPublicKey = keyFact.generatePublic(x509KeySpec);
                // Send the public key to other side
                keyBytes = dhPublicKey.getEncoded();
                challenge = new byte[64];
                random.nextBytes(challenge);
                // sign the challenge from client.
                if (sendAuthentication) {
                    // Get the challenge string from client
                    byte[] clientChallenge = DataSerializer.readByteArray(dis);
                    if (privateKeyEncrypt == null) {
                        throw new AuthenticationFailedException(LocalizedStrings.HandShake_SERVER_PRIVATE_KEY_NOT_AVAILABLE_FOR_CREATING_SIGNATURE.toLocalizedString());
                    }
                    // Sign the challenge from client and send it to the client
                    Signature sig = Signature.getInstance(privateKeySignAlgo);
                    sig.initSign(privateKeyEncrypt);
                    sig.update(clientChallenge);
                    byte[] signedBytes = sig.sign();
                    dos.writeByte(REPLY_OK);
                    DataSerializer.writeByteArray(keyBytes, dos);
                    // DataSerializer.writeString(privateKeyAlias, dos);
                    DataSerializer.writeString(privateKeySubject, dos);
                    DataSerializer.writeByteArray(signedBytes, dos);
                    securityLogWriter.fine("HandShake: sent the signed client challenge");
                } else {
                    // These two lines should not be moved before the if{} statement in
                    // a common block for both if...then...else parts. This is to handle
                    // the case when an AuthenticationFailedException is thrown by the
                    // if...then part when sending the signature.
                    dos.writeByte(REPLY_OK);
                    DataSerializer.writeByteArray(keyBytes, dos);
                }
                // Now send the server challenge
                DataSerializer.writeByteArray(challenge, dos);
                securityLogWriter.fine("HandShake: sent the public key and challenge");
                dos.flush();
                // Read and decrypt the credentials
                byte[] encBytes = DataSerializer.readByteArray(dis);
                Cipher c = getDecryptCipher(this.clientSKAlgo, this.clientPublicKey);
                byte[] credentialBytes = decryptBytes(encBytes, c);
                ByteArrayInputStream bis = new ByteArrayInputStream(credentialBytes);
                DataInputStream dinp = new DataInputStream(bis);
                // credentials = DataSerializer.readProperties(dinp);//Hitesh: we don't send in handshake
                // now
                byte[] challengeRes = DataSerializer.readByteArray(dinp);
                // Check the challenge string
                if (!Arrays.equals(challenge, challengeRes)) {
                    throw new AuthenticationFailedException(LocalizedStrings.HandShake_MISMATCH_IN_CHALLENGE_BYTES_MALICIOUS_CLIENT.toLocalizedString());
                }
                dinp.close();
            } else {
                if (sendAuthentication) {
                    // Read and ignore the client challenge
                    DataSerializer.readByteArray(dis);
                }
                dos.writeByte(REPLY_AUTH_NOT_REQUIRED);
                dos.flush();
            }
        }
    } catch (IOException ex) {
        throw ex;
    } catch (GemFireSecurityException ex) {
        throw ex;
    } catch (Exception ex) {
        throw new AuthenticationFailedException(LocalizedStrings.HandShake_FAILURE_IN_READING_CREDENTIALS.toLocalizedString(), ex);
    }
    return credentials;
}
Also used : InternalLogWriter(org.apache.geode.internal.logging.InternalLogWriter) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) IOException(java.io.IOException) Properties(java.util.Properties) VersionedDataInputStream(org.apache.geode.internal.VersionedDataInputStream) DataInputStream(java.io.DataInputStream) ServerRefusedConnectionException(org.apache.geode.cache.client.ServerRefusedConnectionException) GemFireSecurityException(org.apache.geode.security.GemFireSecurityException) InternalGemFireException(org.apache.geode.InternalGemFireException) GatewayConfigurationException(org.apache.geode.cache.GatewayConfigurationException) EOFException(java.io.EOFException) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) GemFireConfigException(org.apache.geode.GemFireConfigException) IOException(java.io.IOException) AuthenticationRequiredException(org.apache.geode.security.AuthenticationRequiredException) GemFireSecurityException(org.apache.geode.security.GemFireSecurityException) ByteArrayInputStream(java.io.ByteArrayInputStream) Signature(java.security.Signature) Cipher(javax.crypto.Cipher) KeyFactory(java.security.KeyFactory)

Example 5 with InternalLogWriter

use of org.apache.geode.internal.logging.InternalLogWriter in project geode by apache.

the class GMSAuthenticator method authenticate.

/**
   * Method is package protected to be used in testing.
   */
String authenticate(DistributedMember member, Properties credentials, Properties secProps) throws AuthenticationFailedException {
    // For older systems, locator might be started without cache, so secureService may not be
    // initialized here. We need to check
    // if the passed in secProps has peer authenticator or not
    String authMethod = secProps.getProperty(SECURITY_PEER_AUTHENTICATOR);
    // at this point,
    if (!securityService.isPeerSecurityRequired() && StringUtils.isBlank(authMethod)) {
        return null;
    }
    InternalLogWriter securityLogWriter = this.services.getSecurityLogWriter();
    if (credentials == null) {
        securityLogWriter.warning(AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS, member);
        return AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS.toLocalizedString(member);
    }
    String failMsg = null;
    try {
        if (this.securityService.isIntegratedSecurity()) {
            this.securityService.login(credentials);
            this.securityService.authorizeClusterManage();
        } else {
            invokeAuthenticator(secProps, member, credentials);
        }
    } catch (Exception ex) {
        securityLogWriter.warning(AUTH_PEER_AUTHENTICATION_FAILED_WITH_EXCEPTION, new Object[] { member, ex.getLocalizedMessage() }, ex);
        failMsg = AUTH_PEER_AUTHENTICATION_FAILED.toLocalizedString(ex.getLocalizedMessage());
    }
    return failMsg;
}
Also used : InternalLogWriter(org.apache.geode.internal.logging.InternalLogWriter) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) GemFireSecurityException(org.apache.geode.security.GemFireSecurityException)

Aggregations

InternalLogWriter (org.apache.geode.internal.logging.InternalLogWriter)10 AuthenticationFailedException (org.apache.geode.security.AuthenticationFailedException)7 EOFException (java.io.EOFException)6 IOException (java.io.IOException)6 AuthenticationRequiredException (org.apache.geode.security.AuthenticationRequiredException)6 GemFireSecurityException (org.apache.geode.security.GemFireSecurityException)5 KeyFactory (java.security.KeyFactory)4 Signature (java.security.Signature)4 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)4 GemFireConfigException (org.apache.geode.GemFireConfigException)4 InternalGemFireException (org.apache.geode.InternalGemFireException)4 GatewayConfigurationException (org.apache.geode.cache.GatewayConfigurationException)4 ServerRefusedConnectionException (org.apache.geode.cache.client.ServerRefusedConnectionException)4 Properties (java.util.Properties)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 DataInputStream (java.io.DataInputStream)2 SocketException (java.net.SocketException)2 SocketTimeoutException (java.net.SocketTimeoutException)2 X509Certificate (java.security.cert.X509Certificate)2 Cipher (javax.crypto.Cipher)2