Search in sources :

Example 26 with AuthenticationFailedException

use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.

the class ShellCommands method httpConnect.

private Result httpConnect(Map<String, String> sslConfigProps, boolean useSsl, String url, String userName, String passwordToUse) {
    Gfsh gfsh = getGfsh();
    try {
        Map<String, String> securityProperties = new HashMap<String, String>();
        // at this point, if userName is not empty, password should not be empty either
        if (userName != null && userName.length() > 0) {
            securityProperties.put("security-username", userName);
            securityProperties.put("security-password", passwordToUse);
        }
        if (useSsl) {
            configureHttpsURLConnection(sslConfigProps);
            if (url.startsWith("http:")) {
                url = url.replace("http:", "https:");
            }
        }
        Iterator<String> it = sslConfigProps.keySet().iterator();
        while (it.hasNext()) {
            String secKey = it.next();
            securityProperties.put(secKey, sslConfigProps.get(secKey));
        }
        // This is so that SSL termination results in https URLs being returned
        String query = (url.startsWith("https")) ? "?scheme=https" : "";
        LogWrapper.getInstance().warning(String.format("Sending HTTP request for Link Index at (%1$s)...", url.concat("/index").concat(query)));
        LinkIndex linkIndex = new SimpleHttpRequester(gfsh, CONNECT_LOCATOR_TIMEOUT_MS, securityProperties).exchange(url.concat("/index").concat(query), LinkIndex.class);
        LogWrapper.getInstance().warning(String.format("Received Link Index (%1$s)", linkIndex.toString()));
        HttpOperationInvoker operationInvoker = new RestHttpOperationInvoker(linkIndex, gfsh, url, securityProperties);
        Initializer.init(operationInvoker);
        gfsh.setOperationInvoker(operationInvoker);
        LogWrapper.getInstance().info(CliStrings.format(CliStrings.CONNECT__MSG__SUCCESS, operationInvoker.toString()));
        return ResultBuilder.createInfoResult(CliStrings.format(CliStrings.CONNECT__MSG__SUCCESS, operationInvoker.toString()));
    } catch (Exception e) {
        // all other exceptions, just logs it and returns a connection error
        if (!(e instanceof SecurityException) && !(e instanceof AuthenticationFailedException)) {
            return handleExcpetion(e, null);
        }
        // connection error
        if (userName != null) {
            return handleExcpetion(e, null);
        }
        // otherwise, prompt for username and password and retry the conenction
        try {
            userName = gfsh.readText(CliStrings.CONNECT__USERNAME + ": ");
            passwordToUse = gfsh.readPassword(CliStrings.CONNECT__PASSWORD + ": ");
            return httpConnect(sslConfigProps, useSsl, url, userName, passwordToUse);
        } catch (IOException ioe) {
            return handleExcpetion(ioe, null);
        }
    } finally {
        Gfsh.redirectInternalJavaLoggers();
    }
}
Also used : HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) IOException(java.io.IOException) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException) LinkIndex(org.apache.geode.management.internal.web.domain.LinkIndex) RestHttpOperationInvoker(org.apache.geode.management.internal.web.shell.RestHttpOperationInvoker) HttpOperationInvoker(org.apache.geode.management.internal.web.shell.HttpOperationInvoker) RestHttpOperationInvoker(org.apache.geode.management.internal.web.shell.RestHttpOperationInvoker) SimpleHttpRequester(org.apache.geode.management.internal.web.http.support.SimpleHttpRequester) Gfsh(org.apache.geode.management.internal.cli.shell.Gfsh)

Example 27 with AuthenticationFailedException

use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.

the class SSLCredentialGenerator method getInvalidJavaSSLProperties.

private Properties getInvalidJavaSSLProperties() {
    final File jks = findUntrustedJKS();
    try {
        final Properties props = new Properties();
        props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath());
        props.setProperty("javax.net.ssl.trustStorePassword", "password");
        props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath());
        props.setProperty("javax.net.ssl.keyStorePassword", "password");
        return props;
    } catch (IOException ex) {
        throw new AuthenticationFailedException("SSL: Exception while opening the key store: " + ex.getMessage(), ex);
    }
}
Also used : AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) IOException(java.io.IOException) ConfigurationProperties(org.apache.geode.distributed.ConfigurationProperties) Properties(java.util.Properties) File(java.io.File)

Example 28 with AuthenticationFailedException

use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.

the class PKCSAuthenticator method authenticate.

@Override
public Principal authenticate(final Properties credentials, final DistributedMember member) throws AuthenticationFailedException {
    final String alias = (String) credentials.get(PKCSAuthInit.KEYSTORE_ALIAS);
    if (alias == null || alias.length() <= 0) {
        throw new AuthenticationFailedException("No alias received");
    }
    try {
        final X509Certificate cert = getCertificate(alias);
        if (cert == null) {
            throw newException("No certificate found for alias:" + alias);
        }
        final byte[] signatureBytes = (byte[]) credentials.get(PKCSAuthInit.SIGNATURE_DATA);
        if (signatureBytes == null) {
            throw newException("signature data property [" + PKCSAuthInit.SIGNATURE_DATA + "] not provided");
        }
        final Signature sig = Signature.getInstance(cert.getSigAlgName());
        sig.initVerify(cert);
        sig.update(alias.getBytes("UTF-8"));
        if (!sig.verify(signatureBytes)) {
            throw newException("verification of client signature failed");
        }
        return new PKCSPrincipal(alias);
    } catch (Exception ex) {
        throw newException(ex.toString(), ex);
    }
}
Also used : AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) Signature(java.security.Signature) X509Certificate(java.security.cert.X509Certificate) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)

Example 29 with AuthenticationFailedException

use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.

the class NewWanAuthenticationDUnitTest method testWanSecurityManagerWithInvalidCredentials.

/**
   * Test authentication with new WAN with invalid credentials. Although, nothing related to
   * authentication has been changed in new WAN, this test case is added on request from QA for
   * defect 44650.
   */
@Test
public void testWanSecurityManagerWithInvalidCredentials() {
    Integer lnPort = (Integer) vm0.invoke(() -> WANTestBase.createFirstLocatorWithDSId(1));
    logger.info("Created locator on local site");
    Integer nyPort = (Integer) vm1.invoke(() -> WANTestBase.createFirstRemoteLocator(2, lnPort));
    logger.info("Created locator on remote site");
    Properties props1 = buildSecurityProperties("admin", "wrongPswd");
    Properties props2 = buildSecurityProperties("guest", "wrongPswd");
    logger.info("Done building auth properties");
    vm2.invoke(() -> NewWanAuthenticationDUnitTest.createSecuredCache(props1, null, lnPort));
    logger.info("Created secured cache in vm2");
    vm3.invoke(() -> NewWanAuthenticationDUnitTest.createSecuredCache(props2, null, nyPort));
    logger.info("Created secured cache in vm3");
    vm2.invoke(() -> WANTestBase.createSender("ln", 2, false, 100, 10, false, false, null, true));
    logger.info("Created sender in vm2");
    vm3.invoke(() -> createReceiverInSecuredCache());
    logger.info("Created receiver in vm3");
    vm2.invoke(() -> WANTestBase.createReplicatedRegion(getTestMethodName() + "_RR", "ln", isOffHeap()));
    logger.info("Created RR in vm2");
    vm3.invoke(() -> WANTestBase.createReplicatedRegion(getTestMethodName() + "_RR", null, isOffHeap()));
    logger.info("Created RR in vm3");
    try {
        vm2.invoke(() -> WANTestBase.startSender("ln"));
        fail("Authentication Failed: While starting the sender, an exception should have been thrown");
    } catch (Exception e) {
        if (!(e.getCause().getCause() instanceof AuthenticationFailedException)) {
            fail("Authentication is not working as expected", e);
        }
    }
}
Also used : AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) ConfigurationProperties(org.apache.geode.distributed.ConfigurationProperties) Properties(java.util.Properties) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) Test(org.junit.Test) DistributedTest(org.apache.geode.test.junit.categories.DistributedTest)

Aggregations

AuthenticationFailedException (org.apache.geode.security.AuthenticationFailedException)29 IOException (java.io.IOException)14 Properties (java.util.Properties)12 AuthenticationRequiredException (org.apache.geode.security.AuthenticationRequiredException)9 GemFireSecurityException (org.apache.geode.security.GemFireSecurityException)9 InternalLogWriter (org.apache.geode.internal.logging.InternalLogWriter)7 EOFException (java.io.EOFException)6 Signature (java.security.Signature)6 ConfigurationProperties (org.apache.geode.distributed.ConfigurationProperties)6 X509Certificate (java.security.cert.X509Certificate)5 GemFireConfigException (org.apache.geode.GemFireConfigException)5 InternalGemFireException (org.apache.geode.InternalGemFireException)5 GatewayConfigurationException (org.apache.geode.cache.GatewayConfigurationException)5 ServerRefusedConnectionException (org.apache.geode.cache.client.ServerRefusedConnectionException)5 KeyFactory (java.security.KeyFactory)4 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)4 Test (org.junit.Test)4 ByteArrayInputStream (java.io.ByteArrayInputStream)3 DataInputStream (java.io.DataInputStream)3 MalformedURLException (java.net.MalformedURLException)3