Example 46 with GatewayServices
use of org.apache.knox.gateway.services.GatewayServices in project knox by apache.
the class EncryptDecryptUriProcessorTest method testEncryptDecrypt.
@Test
public void testEncryptDecrypt() throws Exception {
String encryptedValueParamName = "address";
String clusterName = "test-cluster-name";
String passwordAlias = "encryptQueryString";
// Test encryption. Result is in encryptedAdrress
AliasService as = EasyMock.createNiceMock(AliasService.class);
String secret = "asdf";
EasyMock.expect(as.getPasswordFromAliasForCluster(clusterName, passwordAlias)).andReturn(secret.toCharArray()).anyTimes();
CryptoService cryptoService = new DefaultCryptoService();
((DefaultCryptoService) cryptoService).setAliasService(as);
GatewayServices gatewayServices = EasyMock.createNiceMock(GatewayServices.class);
EasyMock.expect(gatewayServices.getService(GatewayServices.CRYPTO_SERVICE)).andReturn(cryptoService);
UrlRewriteEnvironment encEnvironment = EasyMock.createNiceMock(UrlRewriteEnvironment.class);
EasyMock.expect(encEnvironment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(gatewayServices).anyTimes();
EasyMock.expect(encEnvironment.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE)).andReturn(clusterName).anyTimes();
UrlRewriteContext encContext = EasyMock.createNiceMock(UrlRewriteContext.class);
EncryptStepContextParams hostPortParams = new EncryptStepContextParams();
hostPortParams.addParam("host", Arrays.asList("host.yarn.com"));
hostPortParams.addParam("port", Arrays.asList("8088"));
EasyMock.expect(encContext.getParameters()).andReturn(hostPortParams);
Capture<EncryptStepContextParams> encodedValue = new Capture<EncryptStepContextParams>();
encContext.addParameters(EasyMock.capture(encodedValue));
EasyMock.replay(gatewayServices, as, encEnvironment, encContext);
EncryptUriDescriptor descriptor = new EncryptUriDescriptor();
descriptor.setTemplate("{host}:{port}");
descriptor.setParam(encryptedValueParamName);
EncryptUriProcessor processor = new EncryptUriProcessor();
processor.initialize(encEnvironment, descriptor);
UrlRewriteStepStatus encStatus = processor.process(encContext);
assertThat(encStatus, is(UrlRewriteStepStatus.SUCCESS));
assertThat(encodedValue.getValue(), notNullValue());
assertThat(encodedValue.getValue().resolve(encryptedValueParamName).size(), is(1));
String encryptedAdrress = encodedValue.getValue().resolve(encryptedValueParamName).get(0);
assertThat(encryptedAdrress, not(isEmptyOrNullString()));
assertThat(encryptedAdrress, not("{host}:{port}"));
assertThat(encryptedAdrress, not("hdp:8088"));
// Test decryption. Result is in dectryptedAdrress.
String decParam = "foo";
gatewayServices = EasyMock.createNiceMock(GatewayServices.class);
EasyMock.expect(gatewayServices.getService(GatewayServices.CRYPTO_SERVICE)).andReturn(cryptoService);
as = EasyMock.createNiceMock(AliasService.class);
EasyMock.expect(as.getPasswordFromAliasForCluster(clusterName, passwordAlias)).andReturn(secret.toCharArray()).anyTimes();
UrlRewriteEnvironment decEnvironment = EasyMock.createNiceMock(UrlRewriteEnvironment.class);
EasyMock.expect(decEnvironment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(gatewayServices).anyTimes();
EasyMock.expect(decEnvironment.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE)).andReturn(clusterName).anyTimes();
UrlRewriteContext decContext = EasyMock.createNiceMock(UrlRewriteContext.class);
EncryptStepContextParams encryptedParams = new EncryptStepContextParams();
// Value was encrypted by EncryptUriProcessor
encryptedParams.addParam(decParam, Arrays.asList(encryptedAdrress));
encryptedParams.addParam("foo1", Arrays.asList("test"));
EasyMock.expect(decContext.getParameters()).andReturn(encryptedParams);
Capture<EncryptStepContextParams> decodedValue = new Capture<EncryptStepContextParams>();
decContext.addParameters(EasyMock.capture(decodedValue));
EasyMock.replay(gatewayServices, as, decEnvironment, decContext);
DecryptUriDescriptor decDescriptor = new DecryptUriDescriptor();
decDescriptor.setParam(decParam);
DecryptUriProcessor decProcessor = new DecryptUriProcessor();
decProcessor.initialize(decEnvironment, decDescriptor);
UrlRewriteStepStatus decStatus = decProcessor.process(decContext);
assertThat(decStatus, is(UrlRewriteStepStatus.SUCCESS));
assertThat(decodedValue.getValue(), notNullValue());
assertThat(decodedValue.getValue().resolve(decParam).size(), is(1));
String dectryptedAdrress = decodedValue.getValue().resolve(decParam).get(0);
assertThat(dectryptedAdrress, is("host.yarn.com:8088"));
}
Also used :
UrlRewriteEnvironment(org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment)
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
EncryptStepContextParams(org.apache.knox.gateway.encrypturi.EncryptStepContextParams)
AliasService(org.apache.knox.gateway.services.security.AliasService)
EncryptUriDescriptor(org.apache.knox.gateway.encrypturi.api.EncryptUriDescriptor)
IsEmptyString.isEmptyOrNullString(org.hamcrest.text.IsEmptyString.isEmptyOrNullString)
UrlRewriteContext(org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext)
Capture(org.easymock.Capture)
UrlRewriteStepStatus(org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepStatus)
DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService)
CryptoService(org.apache.knox.gateway.services.security.CryptoService)
DecryptUriDescriptor(org.apache.knox.gateway.encrypturi.api.DecryptUriDescriptor)
DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService)
Test(org.junit.Test)
Example 47 with GatewayServices
use of org.apache.knox.gateway.services.GatewayServices in project knox by apache.
the class DecryptUriProcessor method initialize.
@Override
public void initialize(UrlRewriteEnvironment environment, DecryptUriDescriptor descriptor) throws Exception {
clusterName = environment.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE);
GatewayServices services = environment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE);
param = descriptor.getParam();
}
Also used :
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
Example 48 with GatewayServices
use of org.apache.knox.gateway.services.GatewayServices in project knox by apache.
the class DefaultHttpClientFactory method createHttpClient.
@Override
public HttpClient createHttpClient(FilterConfig filterConfig) {
HttpClientBuilder builder = null;
GatewayConfig gatewayConfig = (GatewayConfig) filterConfig.getServletContext().getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
GatewayServices services = (GatewayServices) filterConfig.getServletContext().getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
if (gatewayConfig != null && gatewayConfig.isMetricsEnabled()) {
MetricsService metricsService = services.getService(GatewayServices.METRICS_SERVICE);
builder = metricsService.getInstrumented(HttpClientBuilder.class);
} else {
builder = HttpClients.custom();
}
if (Boolean.parseBoolean(filterConfig.getInitParameter("useTwoWaySsl"))) {
char[] keypass = null;
MasterService ms = services.getService("MasterService");
AliasService as = services.getService(GatewayServices.ALIAS_SERVICE);
try {
keypass = as.getGatewayIdentityPassphrase();
} catch (AliasServiceException e) {
// nop - default passphrase will be used
}
if (keypass == null) {
// there has been no alias created for the key - let's assume it is the same as the keystore password
keypass = ms.getMasterSecret();
}
KeystoreService ks = services.getService(GatewayServices.KEYSTORE_SERVICE);
final SSLContext sslcontext;
try {
KeyStore keystoreForGateway = ks.getKeystoreForGateway();
sslcontext = SSLContexts.custom().loadTrustMaterial(keystoreForGateway, new TrustSelfSignedStrategy()).loadKeyMaterial(keystoreForGateway, keypass).build();
} catch (Exception e) {
throw new IllegalArgumentException("Unable to create SSLContext", e);
}
builder.setSSLSocketFactory(new SSLConnectionSocketFactory(sslcontext));
}
if ("true".equals(System.getProperty(GatewayConfig.HADOOP_KERBEROS_SECURED))) {
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new UseJaasCredentials());
Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new KnoxSpnegoAuthSchemeFactory(true)).build();
builder = builder.setDefaultAuthSchemeRegistry(authSchemeRegistry).setDefaultCookieStore(new HadoopAuthCookieStore()).setDefaultCredentialsProvider(credentialsProvider);
} else {
builder = builder.setDefaultCookieStore(new NoCookieStore());
}
builder.setKeepAliveStrategy(DefaultConnectionKeepAliveStrategy.INSTANCE);
builder.setConnectionReuseStrategy(DefaultConnectionReuseStrategy.INSTANCE);
builder.setRedirectStrategy(new NeverRedirectStrategy());
builder.setRetryHandler(new NeverRetryHandler());
int maxConnections = getMaxConnections(filterConfig);
builder.setMaxConnTotal(maxConnections);
builder.setMaxConnPerRoute(maxConnections);
builder.setDefaultRequestConfig(getRequestConfig(filterConfig));
HttpClient client = builder.build();
return client;
}
Also used :
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider)
AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException)
HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
KeystoreService(org.apache.knox.gateway.services.security.KeystoreService)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
GatewayConfig(org.apache.knox.gateway.config.GatewayConfig)
AliasService(org.apache.knox.gateway.services.security.AliasService)
MetricsService(org.apache.knox.gateway.services.metrics.MetricsService)
SSLContext(javax.net.ssl.SSLContext)
BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider)
CredentialsProvider(org.apache.http.client.CredentialsProvider)
MasterService(org.apache.knox.gateway.services.security.MasterService)
KeyStore(java.security.KeyStore)
ProtocolException(org.apache.http.ProtocolException)
IOException(java.io.IOException)
AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException)
HttpClient(org.apache.http.client.HttpClient)
AuthSchemeProvider(org.apache.http.auth.AuthSchemeProvider)
Example 49 with GatewayServices
use of org.apache.knox.gateway.services.GatewayServices in project knox by apache.
the class ServiceTestResource method getTopology.
public Topology getTopology(@PathParam("id") String id) {
GatewayServices services = (GatewayServices) request.getServletContext().getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
GatewayConfig config = (GatewayConfig) request.getServletContext().getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
TopologyService ts = services.getService(GatewayServices.TOPOLOGY_SERVICE);
for (Topology t : ts.getTopologies()) {
if (t.getName().equals(id)) {
try {
t.setUri(new URI(buildURI(t, config, request)));
} catch (URISyntaxException se) {
t.setUri(null);
}
return t;
}
}
return null;
}
Also used :
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
Topology(org.apache.knox.gateway.topology.Topology)
URISyntaxException(java.net.URISyntaxException)
URI(java.net.URI)
GatewayConfig(org.apache.knox.gateway.config.GatewayConfig)
TopologyService(org.apache.knox.gateway.services.topology.TopologyService)
Example 50 with GatewayServices
use of org.apache.knox.gateway.services.GatewayServices in project knox by apache.
the class CredentialResource method getCredentialValueForAlias.
/**
* @param alias
* @return
*/
private CredentialValue getCredentialValueForAlias(String alias) {
GatewayServices services = (GatewayServices) request.getServletContext().getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
String clusterName = (String) request.getServletContext().getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE);
AliasService as = services.getService(GatewayServices.ALIAS_SERVICE);
char[] credential = null;
try {
credential = as.getPasswordFromAliasForCluster(clusterName, alias);
} catch (AliasServiceException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if (credential != null) {
return new CredentialValue(alias, new String(credential));
}
return null;
}
Also used :
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
AliasService(org.apache.knox.gateway.services.security.AliasService)
AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException)
Aggregations
GatewayServices (org.apache.knox.gateway.services.GatewayServices)75
Test (org.junit.Test)37
HttpServletRequest (javax.servlet.http.HttpServletRequest)24
ServletContext (javax.servlet.ServletContext)22
Principal (java.security.Principal)21
JWTokenAuthority (org.apache.knox.gateway.services.security.token.JWTokenAuthority)21
AliasService (org.apache.knox.gateway.services.security.AliasService)20
HttpServletResponse (javax.servlet.http.HttpServletResponse)19
JWT (org.apache.knox.gateway.services.security.token.impl.JWT)18
Response (javax.ws.rs.core.Response)17
JWTToken (org.apache.knox.gateway.services.security.token.impl.JWTToken)17
TopologyService (org.apache.knox.gateway.services.topology.TopologyService)17
HashMap (java.util.HashMap)14
Path (javax.ws.rs.Path)12
File (java.io.File)11
PrintWriter (java.io.PrintWriter)11
StringWriter (java.io.StringWriter)11
UrlRewriteEnvironment (org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment)11
PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)11
TokenResource (org.apache.knox.gateway.service.knoxtoken.TokenResource)11
