Examples with CredentialGenerator org.apache.geode.security.generator.CredentialGenerator used on opensource projects

Example 31 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class DeltaClientPostAuthorizationDUnitTest method testPutPostOpNotifications.

// GEODE-1502
@Category(FlakyTest.class)
@Test
public void testPutPostOpNotifications() throws Exception {
    OperationWithAction[] allOps = allOps();
    AuthzCredentialGenerator gen = this.getXmlAuthzGenerator();
    CredentialGenerator cGen = gen.getCredentialGenerator();
    Properties extraAuthProps = cGen.getSystemProperties();
    Properties javaProps = cGen.getJavaProperties();
    Properties extraAuthzProps = gen.getSystemProperties();
    String authenticator = cGen.getAuthenticator();
    String authInit = cGen.getAuthInit();
    String accessor = gen.getAuthorizationCallback();
    TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(gen);
    getLogWriter().info("testAllOpsNotifications: Using authinit: " + authInit);
    getLogWriter().info("testAllOpsNotifications: Using authenticator: " + authenticator);
    getLogWriter().info("testAllOpsNotifications: Using accessor: " + accessor);
    // Start servers with all required properties
    Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
    // Get ports for the servers
    int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(2);
    int port1 = randomAvailableTCPPorts[0];
    int port2 = randomAvailableTCPPorts[1];
    // Perform all the ops on the clients
    List opBlock = new ArrayList();
    Random rnd = new Random();
    for (int opNum = 0; opNum < allOps.length; ++opNum) {
        // Start client with valid credentials as specified in OperationWithAction
        OperationWithAction currentOp = allOps[opNum];
        if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
            // End of current operation block; execute all the operations on the servers with failover
            if (opBlock.size() > 0) {
                // Start the first server and execute the operation block
                server1.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), port1, serverProps, javaProps));
                server2.invoke(() -> closeCache());
                executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
                if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
                    // Failover to the second server and run the block again
                    server2.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), port2, serverProps, javaProps));
                    server1.invoke(() -> closeCache());
                    executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
                }
                opBlock.clear();
            }
        } else {
            currentOp.setOpNum(opNum);
            opBlock.add(currentOp);
        }
    }
}

Example 32 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class DeltaClientPostAuthorizationDUnitTest method executeOpBlock.

@Override
protected void executeOpBlock(final List<OperationWithAction> opBlock, final int port1, final int port2, final String authInit, final Properties extraAuthProps, final Properties extraAuthzProps, final TestCredentialGenerator credentialGenerator, final Random random) throws InterruptedException {
    for (Iterator<OperationWithAction> opIter = opBlock.iterator(); opIter.hasNext(); ) {
        // Start client with valid credentials as specified in OperationWithAction
        OperationWithAction currentOp = opIter.next();
        OperationCode opCode = currentOp.getOperationCode();
        int opFlags = currentOp.getFlags();
        int clientNum = currentOp.getClientNum();
        VM clientVM = null;
        boolean useThisVM = false;
        switch(clientNum) {
            case 1:
                clientVM = client1;
                break;
            case 2:
                clientVM = client2;
                break;
            case 3:
                useThisVM = true;
                break;
            default:
                fail("executeOpBlock: Unknown client number " + clientNum);
                break;
        }
        getLogWriter().info("executeOpBlock: performing operation number [" + currentOp.getOpNum() + "]: " + currentOp);
        if ((opFlags & OpFlags.USE_OLDCONN) == 0) {
            Properties opCredentials;
            int newRnd = random.nextInt(100) + 1;
            String currentRegionName = '/' + regionName;
            if ((opFlags & OpFlags.USE_SUBREGION) > 0) {
                currentRegionName += ('/' + SUBREGION_NAME);
            }
            String credentialsTypeStr;
            OperationCode authOpCode = currentOp.getAuthzOperationCode();
            int[] indices = currentOp.getIndices();
            CredentialGenerator cGen = credentialGenerator.getCredentialGenerator();
            final Properties javaProps = cGen == null ? null : cGen.getJavaProperties();
            if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0 || (opFlags & OpFlags.USE_NOTAUTHZ) > 0) {
                opCredentials = credentialGenerator.getDisallowedCredentials(new OperationCode[] { authOpCode }, new String[] { currentRegionName }, indices, newRnd);
                credentialsTypeStr = " unauthorized " + authOpCode;
            } else {
                opCredentials = credentialGenerator.getAllowedCredentials(new OperationCode[] { opCode, authOpCode }, new String[] { currentRegionName }, indices, newRnd);
                credentialsTypeStr = " authorized " + authOpCode;
            }
            Properties clientProps = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
            // Start the client with valid credentials but allowed or disallowed to perform an operation
            getLogWriter().info("executeOpBlock: For client" + clientNum + credentialsTypeStr + " credentials: " + opCredentials);
            boolean setupDynamicRegionFactory = (opFlags & OpFlags.ENABLE_DRF) > 0;
            if (useThisVM) {
                createCacheClient(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, setupDynamicRegionFactory, NO_EXCEPTION);
            } else {
                clientVM.invoke(() -> createCacheClient(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, setupDynamicRegionFactory, NO_EXCEPTION));
            }
        }
        int expectedResult;
        if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) {
            expectedResult = NOTAUTHZ_EXCEPTION;
        } else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) {
            expectedResult = OTHER_EXCEPTION;
        } else {
            expectedResult = NO_EXCEPTION;
        }
        // Perform the operation from selected client
        if (useThisVM) {
            doOp(opCode, currentOp.getIndices(), new Integer(opFlags), new Integer(expectedResult));
        } else {
            int[] indices = currentOp.getIndices();
            clientVM.invoke(() -> DeltaClientPostAuthorizationDUnitTest.doOp(opCode, indices, new Integer(opFlags), new Integer(expectedResult)));
        }
    }
}

Example 33 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class ClientAuthenticationTestCase method doTestCredentialsForNotifications.

protected void doTestCredentialsForNotifications(final boolean multiUser) throws Exception {
    CredentialGenerator gen = new DummyCredentialGenerator();
    Properties extraProps = gen.getSystemProperties();
    Properties javaProps = gen.getJavaProperties();
    String authenticator = gen.getAuthenticator();
    String authInit = gen.getAuthInit();
    getLogWriter().info("testCredentialsForNotifications: Using scheme: " + gen.classCode());
    getLogWriter().info("testCredentialsForNotifications: Using authenticator: " + authenticator);
    getLogWriter().info("testCredentialsForNotifications: Using authinit: " + authInit);
    // Start the first server
    int locPort1 = getLocatorPort();
    int locPort2 = getLocatorPort();
    String locString = getAndClearLocatorString();
    int port1 = server1.invoke(() -> createCacheServer(locPort1, locString, authenticator, extraProps, javaProps));
    // Get a port for second server but do not start it
    // This forces the clients to connect to the first server
    int port2 = getRandomAvailablePort(SOCKET);
    // Start the clients with valid credentials
    Properties credentials1 = gen.getValidCredentials(3);
    Properties javaProps1 = gen.getJavaProperties();
    getLogWriter().info("testCredentialsForNotifications: For first client credentials: " + credentials1 + " : " + javaProps1);
    Properties credentials2 = gen.getValidCredentials(4);
    Properties javaProps2 = gen.getJavaProperties();
    getLogWriter().info("testCredentialsForNotifications: For second client credentials: " + credentials2 + " : " + javaProps2);
    createClient1NoException(multiUser, authInit, port1, port2, credentials1, javaProps1);
    // Set up zero forward connections to check notification handshake only
    int zeroConns = 0;
    createClient2NoException(multiUser, authInit, port1, port2, credentials2, javaProps2, zeroConns);
    // Register interest on all keys on second client
    client2.invoke(() -> registerAllInterest());
    // Perform some put operations from client1
    client1.invoke(() -> doPuts(2));
    // Verify that the puts succeeded
    client2.invoke(() -> doLocalGets(2));
    // start the second one and stop the first server to force a failover
    server2.invoke(() -> createCacheServer(locPort2, locString, port2, authenticator, extraProps, javaProps));
    server1.invoke(() -> closeCache());
    // Wait for failover to complete
    pause(500);
    // Perform some create/update operations from client1
    client1.invoke(() -> doNPuts(4));
    // Verify that the creates/updates succeeded
    client2.invoke(() -> doNLocalGets(4));
    // Try to connect client1 with no credentials
    // Verify that the creation of region throws security exception
    final int p = server1.invoke(() -> createCacheServer(locPort1, locString, 0, authenticator, extraProps, javaProps));
    if (gen.classCode().equals(CredentialGenerator.ClassCode.SSL)) {
        // For SSL the exception may not come since the server can close socket
        // before handshake message is sent from client. However exception
        // should come in any region operations.
        client1.invoke(() -> createCacheClient(null, null, null, p, port2, zeroConns, multiUser, NOFORCE_AUTHREQ_EXCEPTION));
        client1.invoke(() -> doPuts(2, OTHER_EXCEPTION));
    } else {
        client1.invoke(() -> createCacheClient(null, null, null, p, port2, zeroConns, multiUser, AUTHREQ_EXCEPTION));
    }
    // Now try to connect client2 with invalid credentials
    // Verify that the creation of region throws security exception
    credentials2 = gen.getInvalidCredentials(3);
    javaProps2 = gen.getJavaProperties();
    getLogWriter().info("testCredentialsForNotifications: For second client invalid credentials: " + credentials2 + " : " + javaProps2);
    createClient2WithException(multiUser, authInit, p, port2, credentials2, javaProps2, zeroConns);
    // Now try to connect client2 with invalid auth-init method
    // Trying to create the region on client with valid credentials should
    // throw a security exception
    client2.invoke(() -> createCacheClient("org.apache.none", credentials1, javaProps1, p, port2, zeroConns, multiUser, SECURITY_EXCEPTION));
    // first place (e.g. SSL).
    if (authInit != null && authInit.length() > 0) {
        final int p1 = server1.invoke(() -> createCacheServer(locPort1, locString, 0, authenticator, extraProps, javaProps));
        final int p2 = server2.invoke(() -> createCacheServer(locPort2, locString, 0, authenticator, extraProps, javaProps));
        client1.invoke(() -> createCacheClient(null, credentials1, javaProps1, p1, p2, 0, multiUser, AUTHREQ_EXCEPTION));
        createClient2AuthReqException(multiUser, p1, p2, credentials2, javaProps2, zeroConns);
        createClient2AuthReqException(multiUser, p1, p2, credentials2, javaProps2, zeroConns);
    } else {
        getLogWriter().info("testCredentialsForNotifications: Skipping null authInit for scheme [" + gen.classCode() + "] which has no authInit");
    }
    // SSL) then skip it since this test is useless.
    if (authenticator != null && authenticator.length() > 0) {
        final int p1 = server1.invoke(() -> createCacheServer(locPort1, locString, 0, null, extraProps, javaProps));
        final int p2 = server2.invoke(() -> createCacheServer(locPort2, locString, 0, null, extraProps, javaProps));
        createClient1NoException(multiUser, authInit, p1, p2, credentials1, javaProps1);
        createClient2NoException(multiUser, authInit, p1, p2, credentials2, javaProps2, zeroConns);
        // Register interest on all keys on second client
        client2.invoke(() -> registerAllInterest());
        // Perform some put operations from client1
        client1.invoke(() -> doPuts(4));
        // Verify that the puts succeeded
        client2.invoke(() -> doLocalGets(4));
        // Now also try with valid credentials on client2
        createClient1NoException(multiUser, authInit, p1, p2, credentials2, javaProps2);
        createClient2NoException(multiUser, authInit, p1, p2, credentials1, javaProps1, zeroConns);
        // Register interest on all keys on second client
        client2.invoke(() -> registerAllInterest());
        // Perform some put operations from client1
        client1.invoke(() -> doNPuts(4));
        // Verify that the puts succeeded
        client2.invoke(() -> doNLocalGets(4));
    } else {
        getLogWriter().info("testCredentialsForNotifications: Skipping scheme [" + gen.classCode() + "] which has no authenticator");
    }
}

Example 34 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class ClientAuthenticationTestCase method doTestInvalidAuthInit.

protected void doTestInvalidAuthInit(final boolean multiUser) throws Exception {
    CredentialGenerator gen = new DummyCredentialGenerator();
    Properties extraProps = gen.getSystemProperties();
    final Properties javaProps = gen.getJavaProperties();
    String authenticator = gen.getAuthenticator();
    getLogWriter().info("testInvalidAuthInit: Using scheme: " + gen.classCode());
    getLogWriter().info("testInvalidAuthInit: Using authenticator: " + authenticator);
    // Start the server
    int locPort1 = getLocatorPort();
    String locString = getAndClearLocatorString();
    int port1 = createServer1(extraProps, javaProps, authenticator, locPort1, locString);
    Properties credentials = gen.getValidCredentials(1);
    getLogWriter().info("testInvalidAuthInit: For first client credentials: " + credentials + " : " + javaProps);
    client1.invoke(() -> createCacheClient("org.apache.none", credentials, javaProps, new int[] { port1 }, 0, false, multiUser, true, SECURITY_EXCEPTION));
}

Example 35 with CredentialGenerator

use of org.apache.geode.security.generator.CredentialGenerator in project geode by apache.

the class ClientAuthenticationTestCase method doTestValidCredentials.

protected void doTestValidCredentials(final boolean multiUser) throws Exception {
    CredentialGenerator gen = new DummyCredentialGenerator();
    Properties extraProps = gen.getSystemProperties();
    Properties javaProps = gen.getJavaProperties();
    String authenticator = gen.getAuthenticator();
    String authInit = gen.getAuthInit();
    getLogWriter().info("testValidCredentials: Using scheme: " + gen.classCode());
    getLogWriter().info("testValidCredentials: Using authenticator: " + authenticator);
    getLogWriter().info("testValidCredentials: Using authinit: " + authInit);
    // Start the servers
    int locPort1 = getLocatorPort();
    int locPort2 = getLocatorPort();
    String locString = getAndClearLocatorString();
    int port1 = server1.invoke(() -> createCacheServer(locPort1, locString, authenticator, extraProps, javaProps));
    int port2 = server2.invoke(() -> createCacheServer(locPort2, locString, authenticator, extraProps, javaProps));
    // Start the clients with valid credentials
    Properties credentials1 = gen.getValidCredentials(1);
    Properties javaProps1 = gen.getJavaProperties();
    getLogWriter().info("testValidCredentials: For first client credentials: " + credentials1 + " : " + javaProps1);
    Properties credentials2 = gen.getValidCredentials(2);
    Properties javaProps2 = gen.getJavaProperties();
    getLogWriter().info("testValidCredentials: For second client credentials: " + credentials2 + " : " + javaProps2);
    createClientsNoException(multiUser, authInit, port1, port2, credentials1, javaProps1, credentials2, javaProps2);
    // Perform some put operations from client1
    client1.invoke(() -> doPuts(2));
    // Verify that the puts succeeded
    client2.invoke(() -> doGets(2));
    // Verify sizeOnServer is correct
    client1.invoke(() -> verifySizeOnServer(2));
    client1.invoke(() -> verifyIsEmptyOnServer(false));
    client2.invoke(() -> verifySizeOnServer(2));
    client2.invoke(() -> verifyIsEmptyOnServer(false));
    if (multiUser) {
        client1.invoke(() -> doProxyCacheClose());
        client2.invoke(() -> doProxyCacheClose());
        client1.invoke(() -> doSimplePut("CacheClosedException"));
        client2.invoke(() -> doSimpleGet("CacheClosedException"));
    }
}