use of org.apache.geode.internal.logging.InternalLogWriter in project geode by apache.
the class RoutingObject method dump.
protected static void dump() {
final InternalLogWriter logger = LogWriterUtils.getLogWriter();
((PartitionedRegion) customerPR).dumpAllBuckets(false);
((PartitionedRegion) orderPR).dumpAllBuckets(false);
((PartitionedRegion) shipmentPR).dumpAllBuckets(false);
for (int i = 0; i < 6; i++) {
((PartitionedRegion) customerPR).dumpB2NForBucket(i);
}
for (int i = 0; i < 6; i++) {
((PartitionedRegion) orderPR).dumpB2NForBucket(i);
}
for (int i = 0; i < 6; i++) {
((PartitionedRegion) shipmentPR).dumpB2NForBucket(i);
}
}
use of org.apache.geode.internal.logging.InternalLogWriter in project geode by apache.
the class LocatorLoadBalancingDUnitTest method checkLocatorLoad.
public void checkLocatorLoad(final Map expected) {
List locators = Locator.getLocators();
Assert.assertEquals(1, locators.size());
InternalLocator locator = (InternalLocator) locators.get(0);
final ServerLocator sl = locator.getServerLocatorAdvisee();
InternalLogWriter log = new LocalLogWriter(InternalLogWriter.FINEST_LEVEL, System.out);
sl.getDistributionAdvisor().dumpProfiles("PROFILES= ");
Awaitility.await().pollDelay(100, TimeUnit.MILLISECONDS).pollInterval(100, TimeUnit.MILLISECONDS).timeout(300, TimeUnit.SECONDS).until(() -> expected.equals(sl.getLoadMap()));
}
use of org.apache.geode.internal.logging.InternalLogWriter in project geode by apache.
the class HandShake method readCredentials.
// This assumes that authentication is the last piece of info in handshake
public static Properties readCredentials(DataInputStream dis, DataOutputStream dos, DistributedSystem system) throws GemFireSecurityException, IOException {
boolean requireAuthentication = securityService.isClientSecurityRequired();
Properties credentials = null;
try {
byte secureMode = dis.readByte();
throwIfMissingRequiredCredentials(requireAuthentication, secureMode != CREDENTIALS_NONE);
if (secureMode == CREDENTIALS_NORMAL) {
if (requireAuthentication) {
credentials = DataSerializer.readProperties(dis);
} else {
// ignore the credentials
DataSerializer.readProperties(dis);
}
} else if (secureMode == CREDENTIALS_DHENCRYPT) {
boolean sendAuthentication = dis.readBoolean();
InternalLogWriter securityLogWriter = (InternalLogWriter) system.getSecurityLogWriter();
// Get the symmetric encryption algorithm to be used
String skAlgo = DataSerializer.readString(dis);
// Get the public key of the other side
byte[] keyBytes = DataSerializer.readByteArray(dis);
byte[] challenge = null;
PublicKey pubKey = null;
if (requireAuthentication) {
// Generate PublicKey from encoded form
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFact = KeyFactory.getInstance("DH");
pubKey = keyFact.generatePublic(x509KeySpec);
// Send the public key to other side
keyBytes = dhPublicKey.getEncoded();
challenge = new byte[64];
random.nextBytes(challenge);
// sign the challenge from client.
if (sendAuthentication) {
// Get the challenge string from client
byte[] clientChallenge = DataSerializer.readByteArray(dis);
if (privateKeyEncrypt == null) {
throw new AuthenticationFailedException(LocalizedStrings.HandShake_SERVER_PRIVATE_KEY_NOT_AVAILABLE_FOR_CREATING_SIGNATURE.toLocalizedString());
}
// Sign the challenge from client and send it to the client
Signature sig = Signature.getInstance(privateKeySignAlgo);
sig.initSign(privateKeyEncrypt);
sig.update(clientChallenge);
byte[] signedBytes = sig.sign();
dos.writeByte(REPLY_OK);
DataSerializer.writeByteArray(keyBytes, dos);
// DataSerializer.writeString(privateKeyAlias, dos);
DataSerializer.writeString(privateKeySubject, dos);
DataSerializer.writeByteArray(signedBytes, dos);
securityLogWriter.fine("HandShake: sent the signed client challenge");
} else {
// These two lines should not be moved before the if{} statement in
// a common block for both if...then...else parts. This is to handle
// the case when an AuthenticationFailedException is thrown by the
// if...then part when sending the signature.
dos.writeByte(REPLY_OK);
DataSerializer.writeByteArray(keyBytes, dos);
}
// Now send the server challenge
DataSerializer.writeByteArray(challenge, dos);
securityLogWriter.fine("HandShake: sent the public key and challenge");
dos.flush();
// Read and decrypt the credentials
byte[] encBytes = DataSerializer.readByteArray(dis);
KeyAgreement ka = KeyAgreement.getInstance("DH");
ka.init(dhPrivateKey);
ka.doPhase(pubKey, true);
Cipher decrypt;
int keysize = getKeySize(skAlgo);
int blocksize = getBlockSize(skAlgo);
if (keysize == -1 || blocksize == -1) {
SecretKey sKey = ka.generateSecret(skAlgo);
decrypt = Cipher.getInstance(skAlgo);
decrypt.init(Cipher.DECRYPT_MODE, sKey);
} else {
String algoStr = getDhAlgoStr(skAlgo);
byte[] sKeyBytes = ka.generateSecret();
SecretKeySpec sks = new SecretKeySpec(sKeyBytes, 0, keysize, algoStr);
IvParameterSpec ivps = new IvParameterSpec(sKeyBytes, keysize, blocksize);
decrypt = Cipher.getInstance(algoStr + "/CBC/PKCS5Padding");
decrypt.init(Cipher.DECRYPT_MODE, sks, ivps);
}
byte[] credentialBytes = decrypt.doFinal(encBytes);
ByteArrayInputStream bis = new ByteArrayInputStream(credentialBytes);
DataInputStream dinp = new DataInputStream(bis);
credentials = DataSerializer.readProperties(dinp);
byte[] challengeRes = DataSerializer.readByteArray(dinp);
// Check the challenge string
if (!Arrays.equals(challenge, challengeRes)) {
throw new AuthenticationFailedException(LocalizedStrings.HandShake_MISMATCH_IN_CHALLENGE_BYTES_MALICIOUS_CLIENT.toLocalizedString());
}
dinp.close();
} else {
if (sendAuthentication) {
// Read and ignore the client challenge
DataSerializer.readByteArray(dis);
}
dos.writeByte(REPLY_AUTH_NOT_REQUIRED);
dos.flush();
}
} else if (secureMode == SECURITY_MULTIUSER_NOTIFICATIONCHANNEL) {
// hitesh there will be no credential CCP will get credential(Principal) using
// ServerConnection..
logger.debug("readCredential where multiuser mode creating callback connection");
}
} catch (IOException ex) {
throw ex;
} catch (GemFireSecurityException ex) {
throw ex;
} catch (Exception ex) {
throw new AuthenticationFailedException(LocalizedStrings.HandShake_FAILURE_IN_READING_CREDENTIALS.toLocalizedString(), ex);
}
return credentials;
}
use of org.apache.geode.internal.logging.InternalLogWriter in project geode by apache.
the class HandShake method readCredential.
// This assumes that authentication is the last piece of info in handshake
public Properties readCredential(DataInputStream dis, DataOutputStream dos, DistributedSystem system) throws GemFireSecurityException, IOException {
Properties credentials = null;
boolean requireAuthentication = securityService.isClientSecurityRequired();
try {
byte secureMode = dis.readByte();
throwIfMissingRequiredCredentials(requireAuthentication, secureMode != CREDENTIALS_NONE);
if (secureMode == CREDENTIALS_NORMAL) {
this.appSecureMode = CREDENTIALS_NORMAL;
/*
* if (requireAuthentication) { credentials = DataSerializer.readProperties(dis); } else {
* DataSerializer.readProperties(dis); // ignore the credentials }
*/
} else if (secureMode == CREDENTIALS_DHENCRYPT) {
this.appSecureMode = CREDENTIALS_DHENCRYPT;
boolean sendAuthentication = dis.readBoolean();
InternalLogWriter securityLogWriter = (InternalLogWriter) system.getSecurityLogWriter();
// Get the symmetric encryption algorithm to be used
// String skAlgo = DataSerializer.readString(dis);
this.clientSKAlgo = DataSerializer.readString(dis);
// Get the public key of the other side
byte[] keyBytes = DataSerializer.readByteArray(dis);
byte[] challenge = null;
// PublicKey pubKey = null;
if (requireAuthentication) {
// Generate PublicKey from encoded form
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFact = KeyFactory.getInstance("DH");
this.clientPublicKey = keyFact.generatePublic(x509KeySpec);
// Send the public key to other side
keyBytes = dhPublicKey.getEncoded();
challenge = new byte[64];
random.nextBytes(challenge);
// sign the challenge from client.
if (sendAuthentication) {
// Get the challenge string from client
byte[] clientChallenge = DataSerializer.readByteArray(dis);
if (privateKeyEncrypt == null) {
throw new AuthenticationFailedException(LocalizedStrings.HandShake_SERVER_PRIVATE_KEY_NOT_AVAILABLE_FOR_CREATING_SIGNATURE.toLocalizedString());
}
// Sign the challenge from client and send it to the client
Signature sig = Signature.getInstance(privateKeySignAlgo);
sig.initSign(privateKeyEncrypt);
sig.update(clientChallenge);
byte[] signedBytes = sig.sign();
dos.writeByte(REPLY_OK);
DataSerializer.writeByteArray(keyBytes, dos);
// DataSerializer.writeString(privateKeyAlias, dos);
DataSerializer.writeString(privateKeySubject, dos);
DataSerializer.writeByteArray(signedBytes, dos);
securityLogWriter.fine("HandShake: sent the signed client challenge");
} else {
// These two lines should not be moved before the if{} statement in
// a common block for both if...then...else parts. This is to handle
// the case when an AuthenticationFailedException is thrown by the
// if...then part when sending the signature.
dos.writeByte(REPLY_OK);
DataSerializer.writeByteArray(keyBytes, dos);
}
// Now send the server challenge
DataSerializer.writeByteArray(challenge, dos);
securityLogWriter.fine("HandShake: sent the public key and challenge");
dos.flush();
// Read and decrypt the credentials
byte[] encBytes = DataSerializer.readByteArray(dis);
Cipher c = getDecryptCipher(this.clientSKAlgo, this.clientPublicKey);
byte[] credentialBytes = decryptBytes(encBytes, c);
ByteArrayInputStream bis = new ByteArrayInputStream(credentialBytes);
DataInputStream dinp = new DataInputStream(bis);
// credentials = DataSerializer.readProperties(dinp);//Hitesh: we don't send in handshake
// now
byte[] challengeRes = DataSerializer.readByteArray(dinp);
// Check the challenge string
if (!Arrays.equals(challenge, challengeRes)) {
throw new AuthenticationFailedException(LocalizedStrings.HandShake_MISMATCH_IN_CHALLENGE_BYTES_MALICIOUS_CLIENT.toLocalizedString());
}
dinp.close();
} else {
if (sendAuthentication) {
// Read and ignore the client challenge
DataSerializer.readByteArray(dis);
}
dos.writeByte(REPLY_AUTH_NOT_REQUIRED);
dos.flush();
}
}
} catch (IOException ex) {
throw ex;
} catch (GemFireSecurityException ex) {
throw ex;
} catch (Exception ex) {
throw new AuthenticationFailedException(LocalizedStrings.HandShake_FAILURE_IN_READING_CREDENTIALS.toLocalizedString(), ex);
}
return credentials;
}
use of org.apache.geode.internal.logging.InternalLogWriter in project geode by apache.
the class GMSAuthenticator method authenticate.
/**
* Method is package protected to be used in testing.
*/
String authenticate(DistributedMember member, Properties credentials, Properties secProps) throws AuthenticationFailedException {
// For older systems, locator might be started without cache, so secureService may not be
// initialized here. We need to check
// if the passed in secProps has peer authenticator or not
String authMethod = secProps.getProperty(SECURITY_PEER_AUTHENTICATOR);
// at this point,
if (!securityService.isPeerSecurityRequired() && StringUtils.isBlank(authMethod)) {
return null;
}
InternalLogWriter securityLogWriter = this.services.getSecurityLogWriter();
if (credentials == null) {
securityLogWriter.warning(AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS, member);
return AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS.toLocalizedString(member);
}
String failMsg = null;
try {
if (this.securityService.isIntegratedSecurity()) {
this.securityService.login(credentials);
this.securityService.authorizeClusterManage();
} else {
invokeAuthenticator(secProps, member, credentials);
}
} catch (Exception ex) {
securityLogWriter.warning(AUTH_PEER_AUTHENTICATION_FAILED_WITH_EXCEPTION, new Object[] { member, ex.getLocalizedMessage() }, ex);
failMsg = AUTH_PEER_AUTHENTICATION_FAILED.toLocalizedString(ex.getLocalizedMessage());
}
return failMsg;
}
Aggregations