Examples with CredentialGenerator org.apache.geode.security.generator.CredentialGenerator used on opensource projects

Example 11 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class ClientAuthenticationTestCase method doTestCredentialsWithFailover.

protected void doTestCredentialsWithFailover(final boolean multiUser) throws Exception {
    CredentialGenerator gen = new DummyCredentialGenerator();
    Properties extraProps = gen.getSystemProperties();
    Properties javaProps = gen.getJavaProperties();
    String authenticator = gen.getAuthenticator();
    String authInit = gen.getAuthInit();
    getLogWriter().info("testCredentialsWithFailover: Using scheme: " + gen.classCode());
    getLogWriter().info("testCredentialsWithFailover: Using authenticator: " + authenticator);
    getLogWriter().info("testCredentialsWithFailover: Using authinit: " + authInit);
    // Start the first server
    int locPort1 = getLocatorPort();
    int locPort2 = getLocatorPort();
    String locString = getAndClearLocatorString();
    int port1 = server1.invoke(() -> createCacheServer(locPort1, locString, authenticator, extraProps, javaProps));
    // Get a port for second server but do not start it
    // This forces the clients to connect to the first server
    int port2 = getRandomAvailablePort(SOCKET);
    // Start the clients with valid credentials
    Properties credentials1 = gen.getValidCredentials(5);
    Properties javaProps1 = gen.getJavaProperties();
    getLogWriter().info("testCredentialsWithFailover: For first client credentials: " + credentials1 + " : " + javaProps1);
    Properties credentials2 = gen.getValidCredentials(6);
    Properties javaProps2 = gen.getJavaProperties();
    getLogWriter().info("testCredentialsWithFailover: For second client credentials: " + credentials2 + " : " + javaProps2);
    createClientsNoException(multiUser, authInit, port1, port2, credentials1, javaProps1, credentials2, javaProps2);
    // Perform some put operations from client1
    client1.invoke(() -> doPuts(2));
    // Verify that the puts succeeded
    client2.invoke(() -> doGets(2));
    // start the second one and stop the first server to force a failover
    server2.invoke(() -> createCacheServer(locPort2, locString, port2, authenticator, extraProps, javaProps));
    server1.invoke(() -> closeCache());
    // Perform some create/update operations from client1
    client1.invoke(() -> doNPuts(4));
    // Verify that the creates/updates succeeded
    client2.invoke(() -> doNGets(4));
    // Verify that the creation of region throws security exception
    if (gen.classCode().equals(CredentialGenerator.ClassCode.SSL)) {
        // For SSL the exception may not come since the server can close socket
        // before handshake message is sent from client. However exception
        // should come in any region operations.
        client2.invoke(() -> createCacheClient(null, null, null, port1, port2, 0, multiUser, NOFORCE_AUTHREQ_EXCEPTION));
        client2.invoke(() -> doPuts(2, OTHER_EXCEPTION));
    } else {
        client2.invoke(() -> createCacheClient(null, null, null, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION));
    }
    // Now try to connect client1 with invalid credentials
    // Verify that the creation of region throws security exception
    Properties credentials3 = gen.getInvalidCredentials(7);
    Properties javaProps3 = gen.getJavaProperties();
    getLogWriter().info("testCredentialsWithFailover: For first client invalid credentials: " + credentials3 + " : " + javaProps3);
    client1.invoke(() -> createCacheClient(authInit, credentials3, javaProps3, port1, port2, 0, multiUser, AUTHFAIL_EXCEPTION));
    if (multiUser) {
        client1.invoke(() -> doProxyCacheClose());
        client2.invoke(() -> doProxyCacheClose());
        client1.invoke(() -> doSimplePut("CacheClosedException"));
        client2.invoke(() -> doSimpleGet("CacheClosedException"));
    }
}

Example 12 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class ClientAuthenticationTestCase method doTestInvalidAuthenticator.

/**
   * NOTE: "final boolean multiUser" is unused
   */
protected void doTestInvalidAuthenticator(final boolean multiUser) throws Exception {
    CredentialGenerator gen = new DummyCredentialGenerator();
    Properties extraProps = gen.getSystemProperties();
    Properties javaProps = gen.getJavaProperties();
    String authInit = gen.getAuthInit();
    getLogWriter().info("testInvalidAuthenticator: Using scheme: " + gen.classCode());
    getLogWriter().info("testInvalidAuthenticator: Using authinit: " + authInit);
    // Start the server with invalid authenticator
    int locPort1 = getLocatorPort();
    String locString = getAndClearLocatorString();
    server1.invoke(() -> createCacheServer(locPort1, locString, "org.apache.geode.none", extraProps, javaProps, AUTHREQ_EXCEPTION));
}

Example 13 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class ClientAuthorizationDUnitTest method testAllowPutsGets.

@Test
public void testAllowPutsGets() {
    AuthzCredentialGenerator gen = getXmlAuthzGenerator();
    CredentialGenerator cGen = gen.getCredentialGenerator();
    Properties extraAuthProps = cGen.getSystemProperties();
    Properties javaProps = cGen.getJavaProperties();
    Properties extraAuthzProps = gen.getSystemProperties();
    String authenticator = cGen.getAuthenticator();
    String authInit = cGen.getAuthInit();
    String accessor = gen.getAuthorizationCallback();
    getLogWriter().info("testAllowPutsGets: Using authinit: " + authInit);
    getLogWriter().info("testAllowPutsGets: Using authenticator: " + authenticator);
    getLogWriter().info("testAllowPutsGets: Using accessor: " + accessor);
    // Start servers with all required properties
    Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
    int port1 = createServer1(javaProps, serverProps);
    int port2 = createServer2(javaProps, serverProps);
    // Start client1 with valid CREATE credentials
    Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, 1);
    javaProps = cGen.getJavaProperties();
    getLogWriter().info("testAllowPutsGets: For first client credentials: " + createCredentials);
    createClient1NoException(javaProps, authInit, port1, port2, createCredentials);
    // Start client2 with valid GET credentials
    Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { regionName }, 2);
    javaProps = cGen.getJavaProperties();
    getLogWriter().info("testAllowPutsGets: For second client credentials: " + getCredentials);
    createClient2NoException(javaProps, authInit, port1, port2, getCredentials);
    // Perform some put operations from client1
    client1.invoke(() -> doPuts(2, NO_EXCEPTION));
    // Verify that the gets succeed
    client2.invoke(() -> doGets(2, NO_EXCEPTION));
}

Example 14 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class P2PAuthenticationDUnitTest method testP2PAuthenticationWithInvalidAuthInitialize.

/**
   * AuthInitialize is incorrect
   */
@Test
public void testP2PAuthenticationWithInvalidAuthInitialize() throws Exception {
    int locatorPort = getRandomAvailablePort(SOCKET);
    CredentialGenerator gen = new DummyCredentialGenerator();
    assertNotNull(gen.getAuthenticator());
    assertNull(gen.getJavaProperties());
    Properties props = new Properties();
    props.setProperty(MCAST_PORT, "0");
    props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
    props.setProperty(SECURITY_PEER_AUTH_INIT, "Incorrect_AuthInitialize");
    props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
    startTheLocator(props, gen.getJavaProperties(), locatorPort);
    try {
        new SecurityTestUtils("tmp").createSystem(props, null);
        fail("AuthenticationFailedException was expected as the AuthInitialize object passed is incorrect");
    } catch (GemFireSecurityException expected) {
    // success
    } finally {
        locatorVM.invoke(() -> stopLocator(locatorPort, ignoredExceptions));
    }
}

Example 15 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class P2PAuthenticationDUnitTest method testP2PLargeCredentialSucceeds.

/**
   * The strategy is to test credential size greater than UDP datagram size.
   * 
   * Here locator will accept the credentials from peer2 and the large credential from the first
   * peer. Number of members in the DS should be four
   */
@Test
public void testP2PLargeCredentialSucceeds() throws Exception {
    int locatorPort = getRandomAvailablePort(SOCKET);
    final Host host = Host.getHost(0);
    final VM peer2 = host.getVM(1);
    final VM peer3 = host.getVM(2);
    CredentialGenerator gen = new DummyCredentialGenerator();
    gen.init();
    assertNotNull(gen.getAuthenticator());
    assertNull(gen.getJavaProperties());
    assertNull(gen.getSystemProperties());
    assertNotNull(gen.getValidCredentials(1));
    String authInit = UserPasswordWithExtraPropsAuthInit.class.getName() + ".create";
    Properties credentials = gen.getValidCredentials(1);
    Properties props = new Properties();
    props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
    props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
    props.putAll(credentials);
    startTheLocator(props, null, locatorPort);
    try {
        // Start the first peer with huge credentials
        props = new Properties();
        props.setProperty(MCAST_PORT, "0");
        props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
        props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
        props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
        String hugeStr = "20KString";
        for (int i = 0; i <= 20000; i++) {
            hugeStr += "A";
        }
        credentials = gen.getValidCredentials(3);
        credentials.setProperty("security-keep-extra-props", "-");
        credentials.setProperty("security-hugeentryone", hugeStr);
        credentials.setProperty("security-hugeentrytwo", hugeStr);
        credentials.setProperty("security-hugeentrythree", hugeStr);
        props.putAll(credentials);
        createDS(props, null);
        // fail("AuthenticationFailedException was expected as credentials were passed beyond 50k");
        // --?
        // Start the second peer with the same authenticator as locator
        props = new Properties();
        props.setProperty(MCAST_PORT, "0");
        props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
        props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
        props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
        credentials = gen.getValidCredentials(7);
        props.putAll(credentials);
        createDS(peer2, props, null);
        createDS(peer3, props, null);
        // wait for view propagation
        pause(2000);
        // Verify the number of members on all peers and locator
        locatorVM.invoke(() -> verifyMembers(4));
        peer2.invoke(() -> verifyMembers(4));
        peer3.invoke(() -> verifyMembers(4));
        // Disconnect the peers
        disconnectFromDS();
        peer2.invoke(() -> disconnectFromDS());
        peer3.invoke(() -> disconnectFromDS());
    } finally {
        locatorVM.invoke(() -> stopLocator(locatorPort, ignoredExceptions));
    }
}