use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.
the class ShellCommands method httpConnect.
private Result httpConnect(Map<String, String> sslConfigProps, boolean useSsl, String url, String userName, String passwordToUse) {
Gfsh gfsh = getGfsh();
try {
Map<String, String> securityProperties = new HashMap<String, String>();
// at this point, if userName is not empty, password should not be empty either
if (userName != null && userName.length() > 0) {
securityProperties.put("security-username", userName);
securityProperties.put("security-password", passwordToUse);
}
if (useSsl) {
configureHttpsURLConnection(sslConfigProps);
if (url.startsWith("http:")) {
url = url.replace("http:", "https:");
}
}
Iterator<String> it = sslConfigProps.keySet().iterator();
while (it.hasNext()) {
String secKey = it.next();
securityProperties.put(secKey, sslConfigProps.get(secKey));
}
// This is so that SSL termination results in https URLs being returned
String query = (url.startsWith("https")) ? "?scheme=https" : "";
LogWrapper.getInstance().warning(String.format("Sending HTTP request for Link Index at (%1$s)...", url.concat("/index").concat(query)));
LinkIndex linkIndex = new SimpleHttpRequester(gfsh, CONNECT_LOCATOR_TIMEOUT_MS, securityProperties).exchange(url.concat("/index").concat(query), LinkIndex.class);
LogWrapper.getInstance().warning(String.format("Received Link Index (%1$s)", linkIndex.toString()));
HttpOperationInvoker operationInvoker = new RestHttpOperationInvoker(linkIndex, gfsh, url, securityProperties);
Initializer.init(operationInvoker);
gfsh.setOperationInvoker(operationInvoker);
LogWrapper.getInstance().info(CliStrings.format(CliStrings.CONNECT__MSG__SUCCESS, operationInvoker.toString()));
return ResultBuilder.createInfoResult(CliStrings.format(CliStrings.CONNECT__MSG__SUCCESS, operationInvoker.toString()));
} catch (Exception e) {
// all other exceptions, just logs it and returns a connection error
if (!(e instanceof SecurityException) && !(e instanceof AuthenticationFailedException)) {
return handleExcpetion(e, null);
}
// connection error
if (userName != null) {
return handleExcpetion(e, null);
}
// otherwise, prompt for username and password and retry the conenction
try {
userName = gfsh.readText(CliStrings.CONNECT__USERNAME + ": ");
passwordToUse = gfsh.readPassword(CliStrings.CONNECT__PASSWORD + ": ");
return httpConnect(sslConfigProps, useSsl, url, userName, passwordToUse);
} catch (IOException ioe) {
return handleExcpetion(ioe, null);
}
} finally {
Gfsh.redirectInternalJavaLoggers();
}
}
use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.
the class SSLCredentialGenerator method getInvalidJavaSSLProperties.
private Properties getInvalidJavaSSLProperties() {
final File jks = findUntrustedJKS();
try {
final Properties props = new Properties();
props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath());
props.setProperty("javax.net.ssl.trustStorePassword", "password");
props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath());
props.setProperty("javax.net.ssl.keyStorePassword", "password");
return props;
} catch (IOException ex) {
throw new AuthenticationFailedException("SSL: Exception while opening the key store: " + ex.getMessage(), ex);
}
}
use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.
the class PKCSAuthenticator method authenticate.
@Override
public Principal authenticate(final Properties credentials, final DistributedMember member) throws AuthenticationFailedException {
final String alias = (String) credentials.get(PKCSAuthInit.KEYSTORE_ALIAS);
if (alias == null || alias.length() <= 0) {
throw new AuthenticationFailedException("No alias received");
}
try {
final X509Certificate cert = getCertificate(alias);
if (cert == null) {
throw newException("No certificate found for alias:" + alias);
}
final byte[] signatureBytes = (byte[]) credentials.get(PKCSAuthInit.SIGNATURE_DATA);
if (signatureBytes == null) {
throw newException("signature data property [" + PKCSAuthInit.SIGNATURE_DATA + "] not provided");
}
final Signature sig = Signature.getInstance(cert.getSigAlgName());
sig.initVerify(cert);
sig.update(alias.getBytes("UTF-8"));
if (!sig.verify(signatureBytes)) {
throw newException("verification of client signature failed");
}
return new PKCSPrincipal(alias);
} catch (Exception ex) {
throw newException(ex.toString(), ex);
}
}
use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.
the class NewWanAuthenticationDUnitTest method testWanSecurityManagerWithInvalidCredentials.
/**
* Test authentication with new WAN with invalid credentials. Although, nothing related to
* authentication has been changed in new WAN, this test case is added on request from QA for
* defect 44650.
*/
@Test
public void testWanSecurityManagerWithInvalidCredentials() {
Integer lnPort = (Integer) vm0.invoke(() -> WANTestBase.createFirstLocatorWithDSId(1));
logger.info("Created locator on local site");
Integer nyPort = (Integer) vm1.invoke(() -> WANTestBase.createFirstRemoteLocator(2, lnPort));
logger.info("Created locator on remote site");
Properties props1 = buildSecurityProperties("admin", "wrongPswd");
Properties props2 = buildSecurityProperties("guest", "wrongPswd");
logger.info("Done building auth properties");
vm2.invoke(() -> NewWanAuthenticationDUnitTest.createSecuredCache(props1, null, lnPort));
logger.info("Created secured cache in vm2");
vm3.invoke(() -> NewWanAuthenticationDUnitTest.createSecuredCache(props2, null, nyPort));
logger.info("Created secured cache in vm3");
vm2.invoke(() -> WANTestBase.createSender("ln", 2, false, 100, 10, false, false, null, true));
logger.info("Created sender in vm2");
vm3.invoke(() -> createReceiverInSecuredCache());
logger.info("Created receiver in vm3");
vm2.invoke(() -> WANTestBase.createReplicatedRegion(getTestMethodName() + "_RR", "ln", isOffHeap()));
logger.info("Created RR in vm2");
vm3.invoke(() -> WANTestBase.createReplicatedRegion(getTestMethodName() + "_RR", null, isOffHeap()));
logger.info("Created RR in vm3");
try {
vm2.invoke(() -> WANTestBase.startSender("ln"));
fail("Authentication Failed: While starting the sender, an exception should have been thrown");
} catch (Exception e) {
if (!(e.getCause().getCause() instanceof AuthenticationFailedException)) {
fail("Authentication is not working as expected", e);
}
}
}
Aggregations