Search in sources :

Example 6 with AliasServiceException

use of org.apache.knox.gateway.services.security.AliasServiceException in project knox by apache.

the class CredentialResource method getCredentialsList.

/**
 * @return
 */
private List<String> getCredentialsList() {
    GatewayServices services = (GatewayServices) request.getServletContext().getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
    String clusterName = (String) request.getServletContext().getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE);
    AliasService as = services.getService(GatewayServices.ALIAS_SERVICE);
    List<String> aliases = null;
    try {
        aliases = as.getAliasesForCluster(clusterName);
    } catch (AliasServiceException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    return aliases;
}
Also used : GatewayServices(org.apache.knox.gateway.services.GatewayServices) AliasService(org.apache.knox.gateway.services.security.AliasService) AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException)

Example 7 with AliasServiceException

use of org.apache.knox.gateway.services.security.AliasServiceException in project knox by apache.

the class RemoteConfigurationRegistryJAASConfig method createEntry.

private AppConfigurationEntry createEntry(RemoteConfigurationRegistryConfig config) {
    AppConfigurationEntry entry = null;
    Map<String, String> opts = new HashMap<>();
    SASLMechanism saslMechanism = getSASLMechanism(config.getAuthType());
    switch(saslMechanism) {
        case Digest:
            // Digest auth options
            opts.put("username", config.getPrincipal());
            char[] credential = null;
            if (aliasService != null) {
                try {
                    credential = aliasService.getPasswordFromAliasForGateway(config.getCredentialAlias());
                } catch (AliasServiceException e) {
                    log.unresolvedCredentialAlias(config.getCredentialAlias());
                }
            } else {
                throw new IllegalArgumentException("The AliasService is required to resolve credential aliases.");
            }
            if (credential != null) {
                opts.put("password", new String(credential));
            }
            break;
        case Kerberos:
            opts.put("isUseTicketCache", String.valueOf(config.isUseTicketCache()));
            opts.put("isUseKeyTab", String.valueOf(config.isUseKeyTab()));
            opts.put("keyTab", config.getKeytab());
            opts.put("principal", config.getPrincipal());
    }
    if (!opts.isEmpty()) {
        entry = new AppConfigurationEntry(getLoginModuleName(config.getRegistryType(), saslMechanism), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, opts);
    }
    return entry;
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) HashMap(java.util.HashMap) AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException)

Example 8 with AliasServiceException

use of org.apache.knox.gateway.services.security.AliasServiceException in project knox by apache.

the class DefaultHttpClientFactory method createHttpClient.

@Override
public HttpClient createHttpClient(FilterConfig filterConfig) {
    HttpClientBuilder builder = null;
    GatewayConfig gatewayConfig = (GatewayConfig) filterConfig.getServletContext().getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
    GatewayServices services = (GatewayServices) filterConfig.getServletContext().getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
    if (gatewayConfig != null && gatewayConfig.isMetricsEnabled()) {
        MetricsService metricsService = services.getService(GatewayServices.METRICS_SERVICE);
        builder = metricsService.getInstrumented(HttpClientBuilder.class);
    } else {
        builder = HttpClients.custom();
    }
    if (Boolean.parseBoolean(filterConfig.getInitParameter("useTwoWaySsl"))) {
        char[] keypass = null;
        MasterService ms = services.getService("MasterService");
        AliasService as = services.getService(GatewayServices.ALIAS_SERVICE);
        try {
            keypass = as.getGatewayIdentityPassphrase();
        } catch (AliasServiceException e) {
        // nop - default passphrase will be used
        }
        if (keypass == null) {
            // there has been no alias created for the key - let's assume it is the same as the keystore password
            keypass = ms.getMasterSecret();
        }
        KeystoreService ks = services.getService(GatewayServices.KEYSTORE_SERVICE);
        final SSLContext sslcontext;
        try {
            KeyStore keystoreForGateway = ks.getKeystoreForGateway();
            sslcontext = SSLContexts.custom().loadTrustMaterial(keystoreForGateway, new TrustSelfSignedStrategy()).loadKeyMaterial(keystoreForGateway, keypass).build();
        } catch (Exception e) {
            throw new IllegalArgumentException("Unable to create SSLContext", e);
        }
        builder.setSSLSocketFactory(new SSLConnectionSocketFactory(sslcontext));
    }
    if ("true".equals(System.getProperty(GatewayConfig.HADOOP_KERBEROS_SECURED))) {
        CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
        credentialsProvider.setCredentials(AuthScope.ANY, new UseJaasCredentials());
        Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new KnoxSpnegoAuthSchemeFactory(true)).build();
        builder = builder.setDefaultAuthSchemeRegistry(authSchemeRegistry).setDefaultCookieStore(new HadoopAuthCookieStore()).setDefaultCredentialsProvider(credentialsProvider);
    } else {
        builder = builder.setDefaultCookieStore(new NoCookieStore());
    }
    builder.setKeepAliveStrategy(DefaultConnectionKeepAliveStrategy.INSTANCE);
    builder.setConnectionReuseStrategy(DefaultConnectionReuseStrategy.INSTANCE);
    builder.setRedirectStrategy(new NeverRedirectStrategy());
    builder.setRetryHandler(new NeverRetryHandler());
    int maxConnections = getMaxConnections(filterConfig);
    builder.setMaxConnTotal(maxConnections);
    builder.setMaxConnPerRoute(maxConnections);
    builder.setDefaultRequestConfig(getRequestConfig(filterConfig));
    HttpClient client = builder.build();
    return client;
}
Also used : GatewayServices(org.apache.knox.gateway.services.GatewayServices) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) KeystoreService(org.apache.knox.gateway.services.security.KeystoreService) TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) AliasService(org.apache.knox.gateway.services.security.AliasService) MetricsService(org.apache.knox.gateway.services.metrics.MetricsService) SSLContext(javax.net.ssl.SSLContext) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) CredentialsProvider(org.apache.http.client.CredentialsProvider) MasterService(org.apache.knox.gateway.services.security.MasterService) KeyStore(java.security.KeyStore) ProtocolException(org.apache.http.ProtocolException) IOException(java.io.IOException) AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException) HttpClient(org.apache.http.client.HttpClient) AuthSchemeProvider(org.apache.http.auth.AuthSchemeProvider)

Example 9 with AliasServiceException

use of org.apache.knox.gateway.services.security.AliasServiceException in project knox by apache.

the class CredentialResource method getCredentialValueForAlias.

/**
 * @param alias
 * @return
 */
private CredentialValue getCredentialValueForAlias(String alias) {
    GatewayServices services = (GatewayServices) request.getServletContext().getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
    String clusterName = (String) request.getServletContext().getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE);
    AliasService as = services.getService(GatewayServices.ALIAS_SERVICE);
    char[] credential = null;
    try {
        credential = as.getPasswordFromAliasForCluster(clusterName, alias);
    } catch (AliasServiceException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    if (credential != null) {
        return new CredentialValue(alias, new String(credential));
    }
    return null;
}
Also used : GatewayServices(org.apache.knox.gateway.services.GatewayServices) AliasService(org.apache.knox.gateway.services.security.AliasService) AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException)

Example 10 with AliasServiceException

use of org.apache.knox.gateway.services.security.AliasServiceException in project knox by apache.

the class KnoxLdapContextFactory method setSystemPassword.

@Override
public void setSystemPassword(String systemPass) {
    if (systemPass == null) {
        return;
    }
    systemPass = systemPass.trim();
    if (systemPass.length() == 0) {
        return;
    }
    if (!systemPass.startsWith("S{ALIAS=")) {
        super.setSystemPassword(systemPass);
        return;
    }
    systemPass = systemPass.substring("S{ALIAS=".length(), systemPass.length() - 1);
    String aliasName = systemPass;
    GatewayServices services = GatewayServer.getGatewayServices();
    AliasService aliasService = (AliasService) services.getService(GatewayServices.ALIAS_SERVICE);
    String clusterName = getClusterName();
    // System.err.println("FACTORY systempass 30: " + systemPass);
    // System.err.println("FACTORY clustername 40: " + clusterName);
    // System.err.println("FACTORY SystemProperty GatewayHome 50: " + System.getProperty(GatewayConfig.GATEWAY_HOME_VAR));
    char[] password = null;
    try {
        password = aliasService.getPasswordFromAliasForCluster(clusterName, systemPass);
    } catch (AliasServiceException e) {
        LOG.unableToGetPassword(e);
    }
    // System.err.println("FACTORY password: " + ((password == null) ? "NULL" : new String(password)));
    if (password != null) {
        // System.err.println("FACTORY SUCCESS 20 system password :" + new String(password));
        super.setSystemPassword(new String(password));
    } else {
        // System.err.println("FACTORY FORCING system password to blank");
        super.setSystemPassword("");
        LOG.aliasValueNotFound(clusterName, aliasName);
    }
}
Also used : GatewayServices(org.apache.knox.gateway.services.GatewayServices) AliasService(org.apache.knox.gateway.services.security.AliasService) AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException)

Aggregations

AliasServiceException (org.apache.knox.gateway.services.security.AliasServiceException)15 KeystoreServiceException (org.apache.knox.gateway.services.security.KeystoreServiceException)6 GatewayServices (org.apache.knox.gateway.services.GatewayServices)5 AliasService (org.apache.knox.gateway.services.security.AliasService)4 ServiceLifecycleException (org.apache.knox.gateway.services.ServiceLifecycleException)3 IOException (java.io.IOException)2 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)2 HashMap (java.util.HashMap)2 JWSSigner (com.nimbusds.jose.JWSSigner)1 RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 InvalidKeyException (java.security.InvalidKeyException)1 KeyStore (java.security.KeyStore)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 PrivateKey (java.security.PrivateKey)1 Signature (java.security.Signature)1 SignatureException (java.security.SignatureException)1 Certificate (java.security.cert.Certificate)1 CertificateExpiredException (java.security.cert.CertificateExpiredException)1 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)1