Examples with CryptoService org.apache.knox.gateway.services.security.CryptoService used on opensource projects

Example 1 with CryptoService

use of org.apache.knox.gateway.services.security.CryptoService in project knox by apache.

the class EncryptUriDeploymentContributorTest method testDeployment.

@Test
public void testDeployment() throws IOException {
    WebArchive webArchive = ShrinkWrap.create(WebArchive.class, "test-acrhive");
    Provider provider = new Provider();
    provider.setEnabled(true);
    provider.setName(EncryptUriDeploymentContributor.PROVIDER_ROLE_NAME);
    Topology topology = new Topology();
    topology.setName("Sample");
    DeploymentContext context = EasyMock.createNiceMock(DeploymentContext.class);
    EasyMock.expect(context.getWebArchive()).andReturn(webArchive).anyTimes();
    EasyMock.expect(context.getTopology()).andReturn(topology).anyTimes();
    EasyMock.replay(context);
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    CryptoService cryptoService = new DefaultCryptoService();
    ((DefaultCryptoService) cryptoService).setAliasService(as);
    GatewayServices gatewayServices = EasyMock.createNiceMock(GatewayServices.class);
    EasyMock.expect(gatewayServices.getService(GatewayServices.CRYPTO_SERVICE)).andReturn(cryptoService).anyTimes();
    UrlRewriteEnvironment encEnvironment = EasyMock.createNiceMock(UrlRewriteEnvironment.class);
    EasyMock.expect(encEnvironment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(gatewayServices).anyTimes();
    EncryptUriDeploymentContributor contributor = new EncryptUriDeploymentContributor();
    contributor.setAliasService(as);
    assertThat(contributor.getRole(), is(EncryptUriDeploymentContributor.PROVIDER_ROLE_NAME));
    assertThat(contributor.getName(), is(EncryptUriDeploymentContributor.PROVIDER_IMPL_NAME));
    // Just make sure it doesn't blow up.
    contributor.contributeFilter(null, null, null, null, null);
    // Just make sure it doesn't blow up.
    contributor.initializeContribution(context);
    contributor.contributeProvider(context, provider);
    // Just make sure it doesn't blow up.
    contributor.finalizeContribution(context);
}

Example 2 with CryptoService

use of org.apache.knox.gateway.services.security.CryptoService in project knox by apache.

the class SecureQueryDeploymentContributorTest method testDeployment.

@Test
public void testDeployment() throws IOException {
    WebArchive webArchive = ShrinkWrap.create(WebArchive.class, "test-acrhive");
    // UrlRewriteRulesDescriptorImpl rewriteRules = new UrlRewriteRulesDescriptorImpl();
    Map<String, String> providerParams = new HashMap<>();
    // providerParams.put( "test-host-external", "test-host-internal" );
    Provider provider = new Provider();
    provider.setEnabled(true);
    provider.setName("secure-query");
    provider.setParams(providerParams);
    Topology topology = new Topology();
    topology.setName("Sample");
    DeploymentContext context = EasyMock.createNiceMock(DeploymentContext.class);
    // EasyMock.expect( context.getDescriptor( "rewrite" ) ).andReturn( rewriteRules ).anyTimes();
    EasyMock.expect(context.getWebArchive()).andReturn(webArchive).anyTimes();
    EasyMock.expect(context.getTopology()).andReturn(topology).anyTimes();
    EasyMock.replay(context);
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    CryptoService cryptoService = new DefaultCryptoService();
    ((DefaultCryptoService) cryptoService).setAliasService(as);
    GatewayServices gatewayServices = EasyMock.createNiceMock(GatewayServices.class);
    EasyMock.expect(gatewayServices.getService(GatewayServices.CRYPTO_SERVICE)).andReturn(cryptoService).anyTimes();
    UrlRewriteEnvironment encEnvironment = EasyMock.createNiceMock(UrlRewriteEnvironment.class);
    EasyMock.expect(encEnvironment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(gatewayServices).anyTimes();
    SecureQueryDeploymentContributor contributor = new SecureQueryDeploymentContributor();
    contributor.setAliasService(as);
    assertThat(contributor.getRole(), is("secure-query"));
    assertThat(contributor.getName(), is("default"));
    // Just make sure it doesn't blow up.
    contributor.contributeFilter(null, null, null, null, null);
    // Just make sure it doesn't blow up.
    contributor.initializeContribution(context);
    contributor.contributeProvider(context, provider);
    // HostmapFunctionDescriptor funcDesc = rewriteRules.getFunction( "hostmap" );
    // assertThat( funcDesc.config(), is( "/WEB-INF/hostmap.txt" ) );
    // 
    // Node node = webArchive.get( "/WEB-INF/hostmap.txt" );
    // String asset = IOUtils.toString( node.getAsset().openStream() );
    // assertThat( asset, containsString( "test-host-external=test-host-internal" ) );
    // Just make sure it doesn't blow up.
    contributor.finalizeContribution(context);
}

Example 3 with CryptoService

use of org.apache.knox.gateway.services.security.CryptoService in project knox by apache.

the class Pac4jDispatcherFilter method init.

@Override
public void init(FilterConfig filterConfig) throws ServletException {
    // JWT service
    final ServletContext context = filterConfig.getServletContext();
    CryptoService cryptoService = null;
    String clusterName = null;
    if (context != null) {
        GatewayServices services = (GatewayServices) context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
        clusterName = (String) context.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE);
        if (services != null) {
            keystoreService = (KeystoreService) services.getService(GatewayServices.KEYSTORE_SERVICE);
            cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE);
            aliasService = (AliasService) services.getService(GatewayServices.ALIAS_SERVICE);
            masterService = (MasterService) services.getService("MasterService");
        }
    }
    // crypto service, alias service and cluster name are mandatory
    if (cryptoService == null || aliasService == null || clusterName == null) {
        log.cryptoServiceAndAliasServiceAndClusterNameRequired();
        throw new ServletException("The crypto service, alias service and cluster name are required.");
    }
    try {
        aliasService.getPasswordFromAliasForCluster(clusterName, KnoxSessionStore.PAC4J_PASSWORD, true);
    } catch (AliasServiceException e) {
        log.unableToGenerateAPasswordForEncryption(e);
        throw new ServletException("Unable to generate a password for encryption.");
    }
    // url to SSO authentication provider
    String pac4jCallbackUrl = filterConfig.getInitParameter(PAC4J_CALLBACK_URL);
    if (pac4jCallbackUrl == null) {
        log.ssoAuthenticationProviderUrlRequired();
        throw new ServletException("Required pac4j callback URL is missing.");
    }
    // add the callback parameter to know it's a callback
    pac4jCallbackUrl = CommonHelper.addParameter(pac4jCallbackUrl, PAC4J_CALLBACK_PARAMETER, "true");
    final Config config;
    final String clientName;
    // client name from servlet parameter (mandatory)
    final String clientNameParameter = filterConfig.getInitParameter("clientName");
    if (clientNameParameter == null) {
        log.clientNameParameterRequired();
        throw new ServletException("Required pac4j clientName parameter is missing.");
    }
    if (TEST_BASIC_AUTH.equalsIgnoreCase(clientNameParameter)) {
        // test configuration
        final IndirectBasicAuthClient indirectBasicAuthClient = new IndirectBasicAuthClient(new SimpleTestUsernamePasswordAuthenticator());
        indirectBasicAuthClient.setRealmName("Knox TEST");
        config = new Config(pac4jCallbackUrl, indirectBasicAuthClient);
        clientName = "IndirectBasicAuthClient";
    } else {
        // get clients from the init parameters
        final Map<String, String> properties = new HashMap<>();
        final Enumeration<String> names = filterConfig.getInitParameterNames();
        addDefaultConfig(clientNameParameter, properties);
        while (names.hasMoreElements()) {
            final String key = names.nextElement();
            properties.put(key, filterConfig.getInitParameter(key));
        }
        final PropertiesConfigFactory propertiesConfigFactory = new PropertiesConfigFactory(pac4jCallbackUrl, properties);
        config = propertiesConfigFactory.build();
        final List<Client> clients = config.getClients().getClients();
        if (clients == null || clients.size() == 0) {
            log.atLeastOnePac4jClientMustBeDefined();
            throw new ServletException("At least one pac4j client must be defined.");
        }
        if (CommonHelper.isBlank(clientNameParameter)) {
            clientName = clients.get(0).getName();
        } else {
            clientName = clientNameParameter;
        }
    }
    callbackFilter = new CallbackFilter();
    callbackFilter.init(filterConfig);
    callbackFilter.setConfigOnly(config);
    securityFilter = new SecurityFilter();
    securityFilter.setClients(clientName);
    securityFilter.setConfigOnly(config);
    final String domainSuffix = filterConfig.getInitParameter(PAC4J_COOKIE_DOMAIN_SUFFIX_PARAM);
    final String sessionStoreVar = filterConfig.getInitParameter(PAC4J_SESSION_STORE);
    SessionStore sessionStore;
    if (!StringUtils.isBlank(sessionStoreVar) && J2ESessionStore.class.getName().contains(sessionStoreVar)) {
        sessionStore = new J2ESessionStore();
    } else {
        sessionStore = new KnoxSessionStore(cryptoService, clusterName, domainSuffix);
    }
    config.setSessionStore(sessionStore);
}

Example 4 with CryptoService

use of org.apache.knox.gateway.services.security.CryptoService in project knox by apache.

the class EncryptDecryptUriProcessorTest method testEncryptDecrypt.

@Test
public void testEncryptDecrypt() throws Exception {
    String encryptedValueParamName = "address";
    String clusterName = "test-cluster-name";
    String passwordAlias = "encryptQueryString";
    // Test encryption.  Result is in encryptedAdrress
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    String secret = "asdf";
    EasyMock.expect(as.getPasswordFromAliasForCluster(clusterName, passwordAlias)).andReturn(secret.toCharArray()).anyTimes();
    CryptoService cryptoService = new DefaultCryptoService();
    ((DefaultCryptoService) cryptoService).setAliasService(as);
    GatewayServices gatewayServices = EasyMock.createNiceMock(GatewayServices.class);
    EasyMock.expect(gatewayServices.getService(GatewayServices.CRYPTO_SERVICE)).andReturn(cryptoService);
    UrlRewriteEnvironment encEnvironment = EasyMock.createNiceMock(UrlRewriteEnvironment.class);
    EasyMock.expect(encEnvironment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(gatewayServices).anyTimes();
    EasyMock.expect(encEnvironment.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE)).andReturn(clusterName).anyTimes();
    UrlRewriteContext encContext = EasyMock.createNiceMock(UrlRewriteContext.class);
    EncryptStepContextParams hostPortParams = new EncryptStepContextParams();
    hostPortParams.addParam("host", Arrays.asList("host.yarn.com"));
    hostPortParams.addParam("port", Arrays.asList("8088"));
    EasyMock.expect(encContext.getParameters()).andReturn(hostPortParams);
    Capture<EncryptStepContextParams> encodedValue = new Capture<EncryptStepContextParams>();
    encContext.addParameters(EasyMock.capture(encodedValue));
    EasyMock.replay(gatewayServices, as, encEnvironment, encContext);
    EncryptUriDescriptor descriptor = new EncryptUriDescriptor();
    descriptor.setTemplate("{host}:{port}");
    descriptor.setParam(encryptedValueParamName);
    EncryptUriProcessor processor = new EncryptUriProcessor();
    processor.initialize(encEnvironment, descriptor);
    UrlRewriteStepStatus encStatus = processor.process(encContext);
    assertThat(encStatus, is(UrlRewriteStepStatus.SUCCESS));
    assertThat(encodedValue.getValue(), notNullValue());
    assertThat(encodedValue.getValue().resolve(encryptedValueParamName).size(), is(1));
    String encryptedAdrress = encodedValue.getValue().resolve(encryptedValueParamName).get(0);
    assertThat(encryptedAdrress, not(isEmptyOrNullString()));
    assertThat(encryptedAdrress, not("{host}:{port}"));
    assertThat(encryptedAdrress, not("hdp:8088"));
    // Test decryption.  Result is in dectryptedAdrress.
    String decParam = "foo";
    gatewayServices = EasyMock.createNiceMock(GatewayServices.class);
    EasyMock.expect(gatewayServices.getService(GatewayServices.CRYPTO_SERVICE)).andReturn(cryptoService);
    as = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(as.getPasswordFromAliasForCluster(clusterName, passwordAlias)).andReturn(secret.toCharArray()).anyTimes();
    UrlRewriteEnvironment decEnvironment = EasyMock.createNiceMock(UrlRewriteEnvironment.class);
    EasyMock.expect(decEnvironment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(gatewayServices).anyTimes();
    EasyMock.expect(decEnvironment.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE)).andReturn(clusterName).anyTimes();
    UrlRewriteContext decContext = EasyMock.createNiceMock(UrlRewriteContext.class);
    EncryptStepContextParams encryptedParams = new EncryptStepContextParams();
    // Value was encrypted by EncryptUriProcessor
    encryptedParams.addParam(decParam, Arrays.asList(encryptedAdrress));
    encryptedParams.addParam("foo1", Arrays.asList("test"));
    EasyMock.expect(decContext.getParameters()).andReturn(encryptedParams);
    Capture<EncryptStepContextParams> decodedValue = new Capture<EncryptStepContextParams>();
    decContext.addParameters(EasyMock.capture(decodedValue));
    EasyMock.replay(gatewayServices, as, decEnvironment, decContext);
    DecryptUriDescriptor decDescriptor = new DecryptUriDescriptor();
    decDescriptor.setParam(decParam);
    DecryptUriProcessor decProcessor = new DecryptUriProcessor();
    decProcessor.initialize(decEnvironment, decDescriptor);
    UrlRewriteStepStatus decStatus = decProcessor.process(decContext);
    assertThat(decStatus, is(UrlRewriteStepStatus.SUCCESS));
    assertThat(decodedValue.getValue(), notNullValue());
    assertThat(decodedValue.getValue().resolve(decParam).size(), is(1));
    String dectryptedAdrress = decodedValue.getValue().resolve(decParam).get(0);
    assertThat(dectryptedAdrress, is("host.yarn.com:8088"));
}

Example 5 with CryptoService

use of org.apache.knox.gateway.services.security.CryptoService in project knox by apache.

the class SecureQueryEncodeProcessorTest method testSimpleQueryEncoding.

@Test
public void testSimpleQueryEncoding() throws Exception {
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    String secret = "sdkjfhsdkjfhsdfs";
    EasyMock.expect(as.getPasswordFromAliasForCluster("test-cluster-name", "encryptQueryString")).andReturn(secret.toCharArray()).anyTimes();
    CryptoService cryptoService = new DefaultCryptoService();
    ((DefaultCryptoService) cryptoService).setAliasService(as);
    GatewayServices gatewayServices = EasyMock.createNiceMock(GatewayServices.class);
    EasyMock.expect(gatewayServices.getService(GatewayServices.CRYPTO_SERVICE)).andReturn(cryptoService);
    UrlRewriteEnvironment environment = EasyMock.createNiceMock(UrlRewriteEnvironment.class);
    EasyMock.expect(environment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(gatewayServices).anyTimes();
    EasyMock.expect(environment.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE)).andReturn(Arrays.asList("test-cluster-name")).anyTimes();
    Template inTemplate = Parser.parseLiteral("http://host:0/root/path?query");
    UrlRewriteContext context = EasyMock.createNiceMock(UrlRewriteContext.class);
    EasyMock.expect(context.getCurrentUrl()).andReturn(inTemplate);
    Capture<Template> outTemplate = new Capture<Template>();
    context.setCurrentUrl(EasyMock.capture(outTemplate));
    EasyMock.replay(environment, context);
    SecureQueryEncodeDescriptor descriptor = new SecureQueryEncodeDescriptor();
    SecureQueryEncodeProcessor processor = new SecureQueryEncodeProcessor();
    processor.initialize(environment, descriptor);
    processor.process(context);
    BASE64Encoder encoder = new BASE64Encoder();
    String encQuery = encoder.encode("query".getBytes("utf-8"));
    encQuery = encQuery.replaceAll("\\=", "");
    String outExpect = "http://host:0/root/path?_=" + encQuery;
    String outActual = outTemplate.getValue().toString();
    assertThat(outActual, is(outExpect));
}