Example 6 with AliasServiceException
use of org.apache.knox.gateway.services.security.AliasServiceException in project knox by apache.
the class CredentialResource method getCredentialsList.
/**
* @return
*/
private List<String> getCredentialsList() {
GatewayServices services = (GatewayServices) request.getServletContext().getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
String clusterName = (String) request.getServletContext().getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE);
AliasService as = services.getService(GatewayServices.ALIAS_SERVICE);
List<String> aliases = null;
try {
aliases = as.getAliasesForCluster(clusterName);
} catch (AliasServiceException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return aliases;
}
Also used :
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
AliasService(org.apache.knox.gateway.services.security.AliasService)
AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException)
Example 7 with AliasServiceException
use of org.apache.knox.gateway.services.security.AliasServiceException in project knox by apache.
the class RemoteConfigurationRegistryJAASConfig method createEntry.
private AppConfigurationEntry createEntry(RemoteConfigurationRegistryConfig config) {
AppConfigurationEntry entry = null;
Map<String, String> opts = new HashMap<>();
SASLMechanism saslMechanism = getSASLMechanism(config.getAuthType());
switch(saslMechanism) {
case Digest:
// Digest auth options
opts.put("username", config.getPrincipal());
char[] credential = null;
if (aliasService != null) {
try {
credential = aliasService.getPasswordFromAliasForGateway(config.getCredentialAlias());
} catch (AliasServiceException e) {
log.unresolvedCredentialAlias(config.getCredentialAlias());
}
} else {
throw new IllegalArgumentException("The AliasService is required to resolve credential aliases.");
}
if (credential != null) {
opts.put("password", new String(credential));
}
break;
case Kerberos:
opts.put("isUseTicketCache", String.valueOf(config.isUseTicketCache()));
opts.put("isUseKeyTab", String.valueOf(config.isUseKeyTab()));
opts.put("keyTab", config.getKeytab());
opts.put("principal", config.getPrincipal());
}
if (!opts.isEmpty()) {
entry = new AppConfigurationEntry(getLoginModuleName(config.getRegistryType(), saslMechanism), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, opts);
}
return entry;
}
Also used :
AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)
HashMap(java.util.HashMap)
AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException)
Example 8 with AliasServiceException
use of org.apache.knox.gateway.services.security.AliasServiceException in project knox by apache.
the class DefaultHttpClientFactory method createHttpClient.
@Override
public HttpClient createHttpClient(FilterConfig filterConfig) {
HttpClientBuilder builder = null;
GatewayConfig gatewayConfig = (GatewayConfig) filterConfig.getServletContext().getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
GatewayServices services = (GatewayServices) filterConfig.getServletContext().getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
if (gatewayConfig != null && gatewayConfig.isMetricsEnabled()) {
MetricsService metricsService = services.getService(GatewayServices.METRICS_SERVICE);
builder = metricsService.getInstrumented(HttpClientBuilder.class);
} else {
builder = HttpClients.custom();
}
if (Boolean.parseBoolean(filterConfig.getInitParameter("useTwoWaySsl"))) {
char[] keypass = null;
MasterService ms = services.getService("MasterService");
AliasService as = services.getService(GatewayServices.ALIAS_SERVICE);
try {
keypass = as.getGatewayIdentityPassphrase();
} catch (AliasServiceException e) {
// nop - default passphrase will be used
}
if (keypass == null) {
// there has been no alias created for the key - let's assume it is the same as the keystore password
keypass = ms.getMasterSecret();
}
KeystoreService ks = services.getService(GatewayServices.KEYSTORE_SERVICE);
final SSLContext sslcontext;
try {
KeyStore keystoreForGateway = ks.getKeystoreForGateway();
sslcontext = SSLContexts.custom().loadTrustMaterial(keystoreForGateway, new TrustSelfSignedStrategy()).loadKeyMaterial(keystoreForGateway, keypass).build();
} catch (Exception e) {
throw new IllegalArgumentException("Unable to create SSLContext", e);
}
builder.setSSLSocketFactory(new SSLConnectionSocketFactory(sslcontext));
}
if ("true".equals(System.getProperty(GatewayConfig.HADOOP_KERBEROS_SECURED))) {
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new UseJaasCredentials());
Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new KnoxSpnegoAuthSchemeFactory(true)).build();
builder = builder.setDefaultAuthSchemeRegistry(authSchemeRegistry).setDefaultCookieStore(new HadoopAuthCookieStore()).setDefaultCredentialsProvider(credentialsProvider);
} else {
builder = builder.setDefaultCookieStore(new NoCookieStore());
}
builder.setKeepAliveStrategy(DefaultConnectionKeepAliveStrategy.INSTANCE);
builder.setConnectionReuseStrategy(DefaultConnectionReuseStrategy.INSTANCE);
builder.setRedirectStrategy(new NeverRedirectStrategy());
builder.setRetryHandler(new NeverRetryHandler());
int maxConnections = getMaxConnections(filterConfig);
builder.setMaxConnTotal(maxConnections);
builder.setMaxConnPerRoute(maxConnections);
builder.setDefaultRequestConfig(getRequestConfig(filterConfig));
HttpClient client = builder.build();
return client;
}
Also used :
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider)
AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException)
HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
KeystoreService(org.apache.knox.gateway.services.security.KeystoreService)
TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy)
GatewayConfig(org.apache.knox.gateway.config.GatewayConfig)
AliasService(org.apache.knox.gateway.services.security.AliasService)
MetricsService(org.apache.knox.gateway.services.metrics.MetricsService)
SSLContext(javax.net.ssl.SSLContext)
BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider)
CredentialsProvider(org.apache.http.client.CredentialsProvider)
MasterService(org.apache.knox.gateway.services.security.MasterService)
KeyStore(java.security.KeyStore)
ProtocolException(org.apache.http.ProtocolException)
IOException(java.io.IOException)
AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException)
HttpClient(org.apache.http.client.HttpClient)
AuthSchemeProvider(org.apache.http.auth.AuthSchemeProvider)
Example 9 with AliasServiceException
use of org.apache.knox.gateway.services.security.AliasServiceException in project knox by apache.
the class CredentialResource method getCredentialValueForAlias.
/**
* @param alias
* @return
*/
private CredentialValue getCredentialValueForAlias(String alias) {
GatewayServices services = (GatewayServices) request.getServletContext().getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
String clusterName = (String) request.getServletContext().getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE);
AliasService as = services.getService(GatewayServices.ALIAS_SERVICE);
char[] credential = null;
try {
credential = as.getPasswordFromAliasForCluster(clusterName, alias);
} catch (AliasServiceException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if (credential != null) {
return new CredentialValue(alias, new String(credential));
}
return null;
}
Also used :
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
AliasService(org.apache.knox.gateway.services.security.AliasService)
AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException)
Example 10 with AliasServiceException
use of org.apache.knox.gateway.services.security.AliasServiceException in project knox by apache.
the class KnoxLdapContextFactory method setSystemPassword.
@Override
public void setSystemPassword(String systemPass) {
if (systemPass == null) {
return;
}
systemPass = systemPass.trim();
if (systemPass.length() == 0) {
return;
}
if (!systemPass.startsWith("S{ALIAS=")) {
super.setSystemPassword(systemPass);
return;
}
systemPass = systemPass.substring("S{ALIAS=".length(), systemPass.length() - 1);
String aliasName = systemPass;
GatewayServices services = GatewayServer.getGatewayServices();
AliasService aliasService = (AliasService) services.getService(GatewayServices.ALIAS_SERVICE);
String clusterName = getClusterName();
// System.err.println("FACTORY systempass 30: " + systemPass);
// System.err.println("FACTORY clustername 40: " + clusterName);
// System.err.println("FACTORY SystemProperty GatewayHome 50: " + System.getProperty(GatewayConfig.GATEWAY_HOME_VAR));
char[] password = null;
try {
password = aliasService.getPasswordFromAliasForCluster(clusterName, systemPass);
} catch (AliasServiceException e) {
LOG.unableToGetPassword(e);
}
// System.err.println("FACTORY password: " + ((password == null) ? "NULL" : new String(password)));
if (password != null) {
// System.err.println("FACTORY SUCCESS 20 system password :" + new String(password));
super.setSystemPassword(new String(password));
} else {
// System.err.println("FACTORY FORCING system password to blank");
super.setSystemPassword("");
LOG.aliasValueNotFound(clusterName, aliasName);
}
}
Also used :
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
AliasService(org.apache.knox.gateway.services.security.AliasService)
AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException)
Aggregations
AliasServiceException (org.apache.knox.gateway.services.security.AliasServiceException)15
KeystoreServiceException (org.apache.knox.gateway.services.security.KeystoreServiceException)6
GatewayServices (org.apache.knox.gateway.services.GatewayServices)5
AliasService (org.apache.knox.gateway.services.security.AliasService)4
ServiceLifecycleException (org.apache.knox.gateway.services.ServiceLifecycleException)3
IOException (java.io.IOException)2
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)2
HashMap (java.util.HashMap)2
JWSSigner (com.nimbusds.jose.JWSSigner)1
RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
InvalidKeyException (java.security.InvalidKeyException)1
KeyStore (java.security.KeyStore)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
PrivateKey (java.security.PrivateKey)1
Signature (java.security.Signature)1
SignatureException (java.security.SignatureException)1
Certificate (java.security.cert.Certificate)1
CertificateExpiredException (java.security.cert.CertificateExpiredException)1
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)1
