Examples with CredentialGenerator org.apache.geode.security.generator.CredentialGenerator used on opensource projects

Example 16 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class P2PAuthenticationDUnitTest method testP2PAuthenticationWithBothValidAndInValidCredentials.

@Test
public void testP2PAuthenticationWithBothValidAndInValidCredentials() throws Exception {
    addIgnoredException("Authentication failed");
    int locatorPort = getRandomAvailablePort(SOCKET);
    CredentialGenerator gen = new DummyCredentialGenerator();
    assertNotNull(gen.getAuthenticator());
    assertNotNull(gen.getAuthInit());
    assertNotNull(gen.getInvalidCredentials(1));
    assertNull(gen.getJavaProperties());
    assertNull(gen.getSystemProperties());
    assertNotNull(gen.getValidCredentials(1));
    assertNotNull(gen.getValidCredentials(3));
    Properties props = new Properties();
    props.setProperty(MCAST_PORT, "0");
    props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
    props.setProperty(SECURITY_PEER_AUTH_INIT, gen.getAuthInit());
    props.setProperty(SECURITY_PEER_AUTHENTICATOR, gen.getAuthenticator());
    props.putAll(gen.getValidCredentials(1));
    startTheLocator(props, null, locatorPort);
    try {
        // invalid credentials for the peer
        props.putAll(gen.getInvalidCredentials(1));
        try {
            new SecurityTestUtils("tmp").createSystem(props, null);
            fail("AuthenticationFailedException was expected as wrong credentials were passed");
        } catch (GemFireSecurityException expected) {
        // success
        }
        props.putAll(gen.getValidCredentials(3));
        createDS(props, null);
        verifyMembers(2);
        disconnectFromDS();
    } finally {
        locatorVM.invoke(() -> stopLocator(locatorPort, ignoredExceptions));
    }
}

Example 17 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class P2PAuthenticationDUnitTest method testP2PViewChangeReject.

/**
   * The strategy is to test view change reject by having two different authenticators on different
   * VMs.
   * 
   * Here locator will accept the credentials from peer2 but the first peer will reject them due to
   * different authenticator. Hence the number of members reported by the first peer should be only
   * two while others will report as three.
   */
@Ignore("disabled for some reason?")
@Test
public void testP2PViewChangeReject() throws Exception {
    final Host host = Host.getHost(0);
    final VM peer2 = host.getVM(1);
    final VM peer3 = host.getVM(2);
    CredentialGenerator gen = new LdapUserCredentialGenerator();
    gen.init();
    Properties extraProps = gen.getSystemProperties();
    String authenticator = gen.getAuthenticator();
    String authInit = gen.getAuthInit();
    if (extraProps == null) {
        extraProps = new Properties();
    }
    CredentialGenerator gen2 = new DummyCredentialGenerator();
    gen2.init();
    Properties extraProps2 = gen2.getSystemProperties();
    String authenticator2 = gen2.getAuthenticator();
    if (extraProps2 == null) {
        extraProps2 = new Properties();
    }
    // Start the locator with the LDAP authenticator
    Properties props = new Properties();
    int port = getRandomAvailablePort(SOCKET);
    final String locators = getIPLiteral() + "[" + port + "]";
    props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
    props.setProperty(SECURITY_PEER_AUTHENTICATOR, authenticator);
    Properties credentials = gen.getValidCredentials(1);
    Properties javaProps = gen.getJavaProperties();
    props.putAll(credentials);
    props.putAll(extraProps);
    startTheLocator(props, javaProps, port);
    try {
        // Start the first peer with different authenticator
        props = new Properties();
        props.setProperty(MCAST_PORT, "0");
        props.setProperty(LOCATORS, locators);
        props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
        props.setProperty(SECURITY_PEER_AUTHENTICATOR, authenticator2);
        credentials = gen.getValidCredentials(3);
        Properties javaProps2 = gen2.getJavaProperties();
        props.putAll(credentials);
        props.putAll(extraProps2);
        createDS(props, javaProps2);
        // Start the second peer with the same authenticator as locator
        props = new Properties();
        props.setProperty(MCAST_PORT, "0");
        props.setProperty(LOCATORS, locators);
        props.setProperty(SECURITY_PEER_AUTH_INIT, authInit);
        props.setProperty(SECURITY_PEER_AUTHENTICATOR, authenticator);
        credentials = gen.getValidCredentials(7);
        javaProps = gen.getJavaProperties();
        props.putAll(credentials);
        props.putAll(extraProps);
        createDS(peer2, props, javaProps);
        createDS(peer3, props, javaProps);
        // wait for view propagation
        pause(2000);
        // Verify the number of members on all peers and locator
        locatorVM.invoke(() -> verifyMembers(4));
        verifyMembers(2);
        peer2.invoke(() -> verifyMembers(4));
        peer3.invoke(() -> verifyMembers(4));
        // Disconnect the first peer and check again
        disconnectFromDS();
        pause(2000);
        locatorVM.invoke(() -> verifyMembers(3));
        peer2.invoke(() -> verifyMembers(3));
        peer3.invoke(() -> verifyMembers(3));
        // Disconnect the second peer and check again
        peer2.invoke(() -> disconnectFromDS());
        pause(2000);
        locatorVM.invoke(() -> verifyMembers(2));
        peer3.invoke(() -> verifyMembers(2));
        // Same for last peer
        peer3.invoke(() -> disconnectFromDS());
        pause(2000);
        locatorVM.invoke(() -> verifyMembers(1));
    } finally {
        locatorVM.invoke(() -> stopLocator(port, ignoredExceptions));
    }
}

Example 18 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class P2PAuthenticationDUnitTest method testP2PAuthenticationWithInvalidAuthenticator.

/**
   * Authenticator is incorrect
   */
// GEODE-1089: random port
@Category(FlakyTest.class)
@Test
public void testP2PAuthenticationWithInvalidAuthenticator() throws Exception {
    int locatorPort = getRandomAvailablePort(SOCKET);
    CredentialGenerator gen = new DummyCredentialGenerator();
    assertNotNull(gen.getAuthInit());
    assertNull(gen.getJavaProperties());
    Properties props = new Properties();
    props.setProperty(MCAST_PORT, "0");
    props.setProperty(LOCATORS, getIPLiteral() + "[" + locatorPort + "]");
    props.setProperty(SECURITY_PEER_AUTH_INIT, gen.getAuthInit());
    props.setProperty(SECURITY_PEER_AUTHENTICATOR, "xyz");
    startTheLocator(props, null, locatorPort);
    try {
        new SecurityTestUtils("tmp").createSystem(props, null);
        fail("AuthenticationFailedException was expected as the Authenticator object passed is incorrect");
    } catch (GemFireSecurityException expected) {
    // success
    } finally {
        locatorVM.invoke(() -> stopLocator(locatorPort, ignoredExceptions));
    }
}

Example 19 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class ClientCQPostAuthorizationDUnitTest method doStartUp.

private void doStartUp(final int numOfUsers, final int numOfPuts, final boolean[] postAuthzAllowed, final boolean failover) throws Exception {
    AuthzCredentialGenerator authzGenerator = getXmlAuthzGenerator();
    CredentialGenerator credentialGenerator = authzGenerator.getCredentialGenerator();
    Properties extraAuthProps = credentialGenerator.getSystemProperties();
    Properties javaProps = credentialGenerator.getJavaProperties();
    Properties extraAuthzProps = authzGenerator.getSystemProperties();
    String authenticator = credentialGenerator.getAuthenticator();
    String accessor = authzGenerator.getAuthorizationCallback();
    String authInit = credentialGenerator.getAuthInit();
    TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(authzGenerator);
    Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
    Properties opCredentials;
    credentialGenerator = tgen.getCredentialGenerator();
    final Properties javaProps2 = credentialGenerator == null ? null : credentialGenerator.getJavaProperties();
    int[] indices = new int[numOfPuts];
    for (int index = 0; index < numOfPuts; ++index) {
        indices[index] = index;
    }
    Random rnd = new Random();
    Properties[] authProps = new Properties[numOfUsers];
    for (int i = 0; i < numOfUsers; i++) {
        int rand = rnd.nextInt(100) + 1;
        if (postAuthzAllowed[i]) {
            // For callback, GET should be allowed
            opCredentials = tgen.getAllowedCredentials(new OperationCode[] { OperationCode.EXECUTE_CQ, OperationCode.GET }, new String[] { REGION_NAME }, indices, rand);
        } else {
            // For callback, GET should be disallowed
            opCredentials = tgen.getDisallowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { REGION_NAME }, indices, rand);
        }
        authProps[i] = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
    }
    // Get ports for the servers
    int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(3);
    int port1 = randomAvailableTCPPorts[0];
    int port2 = randomAvailableTCPPorts[1];
    int locatorPort = randomAvailableTCPPorts[2];
    // Close down any running servers
    server1.invoke(() -> closeCache());
    server2.invoke(() -> closeCache());
    server1.invoke(() -> createTheServerCache(serverProps, javaProps, locatorPort, port1));
    client1.invoke(() -> createClientCache(javaProps2, authInit, authProps, new int[] { port1, port2 }, numOfUsers, postAuthzAllowed));
    client2.invoke(() -> createClientCache(javaProps2, authInit, authProps, new int[] { port1, port2 }, numOfUsers, postAuthzAllowed));
    client1.invoke(() -> createCQ(numOfUsers));
    client1.invoke(() -> executeCQ(numOfUsers, new boolean[] { false, false }, numOfPuts, new String[numOfUsers], postAuthzAllowed));
    client2.invoke(() -> doPuts(numOfPuts, true));
    if (!postAuthzAllowed[0]) {
        // There is no point waiting as no user is authorized to receive cq events.
        try {
            Thread.sleep(1000);
        } catch (InterruptedException ie) {
        }
    // TODO: replace with Awaitility
    } else {
        client1.invoke(() -> waitForLastKey(0));
        if (postAuthzAllowed[1]) {
            client1.invoke(() -> waitForLastKey(1));
        }
    }
    client1.invoke(() -> checkCQListeners(numOfUsers, postAuthzAllowed, numOfPuts + 1, /* last key */
    0, !failover));
    if (failover) {
        server2.invoke(() -> createTheServerCache(serverProps, javaProps, locatorPort, port2));
        server1.invoke(() -> closeCache());
        // Allow time for client1 to register its CQs on server2
        server2.invoke(() -> allowCQsToRegister(2));
        client2.invoke(() -> doPuts(numOfPuts, true));
        client1.invoke(() -> waitForLastKeyUpdate(0));
        client1.invoke(() -> checkCQListeners(numOfUsers, postAuthzAllowed, numOfPuts + 1, /* last key */
        numOfPuts + 1, /* last key */
        true));
    }
}

Example 20 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class MultiUserDurableCQAuthzDUnitTest method doTest.

/**
   * WARNING: "final Boolean keepAlive" is treated as a ternary value: null, true, false
   */
private void doTest(int numOfUsers, int numOfPuts, boolean[] postAuthzAllowed, final AuthzCredentialGenerator authzGenerator, final Boolean keepAlive) throws Exception {
    CredentialGenerator credentialGenerator = authzGenerator.getCredentialGenerator();
    Properties extraAuthProps = credentialGenerator.getSystemProperties();
    Properties javaProps = credentialGenerator.getJavaProperties();
    Properties extraAuthzProps = authzGenerator.getSystemProperties();
    String authenticator = credentialGenerator.getAuthenticator();
    String accessor = authzGenerator.getAuthorizationCallback();
    String authInit = credentialGenerator.getAuthInit();
    TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(authzGenerator);
    Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
    Properties opCredentials;
    credentialGenerator = tgen.getCredentialGenerator();
    final Properties javaProps2 = credentialGenerator != null ? credentialGenerator.getJavaProperties() : null;
    int[] indices = new int[numOfPuts];
    for (int index = 0; index < numOfPuts; ++index) {
        indices[index] = index;
    }
    Random random = new Random();
    Properties[] authProps = new Properties[numOfUsers];
    String durableClientId = "multiuser_durable_client_1";
    Properties client2Credentials = null;
    for (int i = 0; i < numOfUsers; i++) {
        int rand = random.nextInt(100) + 1;
        if (postAuthzAllowed[i]) {
            opCredentials = tgen.getAllowedCredentials(// For callback, GET
            new OperationCode[] { OperationCode.EXECUTE_CQ, OperationCode.GET }, // should be allowed
            new String[] { regionName }, indices, rand);
        } else {
            opCredentials = // For
            tgen.getDisallowedCredentials(// For
            new OperationCode[] { OperationCode.GET }, // disallowed
            new String[] { regionName }, indices, rand);
        }
        authProps[i] = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
        if (client2Credentials == null) {
            client2Credentials = tgen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { regionName }, indices, rand);
        }
    }
    // Get ports for the servers
    int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(3);
    int port1 = randomAvailableTCPPorts[0];
    int port2 = randomAvailableTCPPorts[1];
    int locatorPort = randomAvailableTCPPorts[2];
    // Close down any running servers
    server1.invoke(() -> closeCache());
    server2.invoke(() -> closeCache());
    server1.invoke(() -> createServerCache(serverProps, javaProps, locatorPort, port1));
    client1.invoke(() -> createClientCache(javaProps2, authInit, authProps, new int[] { port1, port2 }, numOfUsers, durableClientId, postAuthzAllowed));
    client1.invoke(() -> createCQ(numOfUsers, true));
    client1.invoke(() -> executeCQ(numOfUsers, new boolean[] { false, false }, numOfPuts, new String[numOfUsers]));
    client1.invoke(() -> readyForEvents());
    if (keepAlive == null) {
        client1.invoke(() -> closeCache());
    } else {
        client1.invoke(() -> closeCache(keepAlive));
    }
    server1.invoke(() -> doPuts(numOfPuts, true));
    client1.invoke(() -> createClientCache(javaProps2, authInit, authProps, new int[] { port1, port2 }, numOfUsers, durableClientId, postAuthzAllowed));
    client1.invoke(() -> createCQ(numOfUsers, true));
    client1.invoke(() -> executeCQ(numOfUsers, new boolean[] { false, false }, numOfPuts, new String[numOfUsers]));
    client1.invoke(() -> readyForEvents());
    if (!postAuthzAllowed[0] || keepAlive == null || !keepAlive) {
        // Don't wait as no user is authorized to receive cq events.
        // TODO: use Awaitility
        Thread.sleep(1000);
    } else {
        client1.invoke(() -> waitForLastKey(0, true));
    }
    int numOfCreates = keepAlive == null ? 0 : (keepAlive ? numOfPuts + 1 : /* last key */
    0);
    client1.invoke(() -> checkCQListeners(numOfUsers, postAuthzAllowed, numOfCreates, 0));
    client1.invoke(() -> proxyCacheClose(new int[] { 0, 1 }, keepAlive));
    client1.invoke(() -> createProxyCache(new int[] { 0, 1 }, authProps));
    client1.invoke(() -> createCQ(numOfUsers, true));
    client1.invoke(() -> executeCQ(numOfUsers, new boolean[] { false, false }, numOfPuts, new String[numOfUsers]));
    server1.invoke(() -> doPuts(numOfPuts, true));
    if (!postAuthzAllowed[0] || keepAlive == null || !keepAlive) {
        // Don't wait as no user is authorized to receive cq events.
        // TODO: use Awaitility
        Thread.sleep(1000);
    } else {
        client1.invoke(() -> waitForLastKey(0, false));
    }
    int numOfUpdates = numOfPuts + 1;
    client1.invoke(() -> checkCQListeners(numOfUsers, postAuthzAllowed, 0, numOfUpdates));
}