Examples with KeystoreService org.apache.knox.gateway.services.security.KeystoreService used on opensource projects

Search in sources :

Example 6 with KeystoreService

use of org.apache.knox.gateway.services.security.KeystoreService in project knox by apache.

the class DefaultHttpClientFactory method createHttpClient.

@Override
public HttpClient createHttpClient(FilterConfig filterConfig) {
    HttpClientBuilder builder = null;
    GatewayConfig gatewayConfig = (GatewayConfig) filterConfig.getServletContext().getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
    GatewayServices services = (GatewayServices) filterConfig.getServletContext().getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
    if (gatewayConfig != null && gatewayConfig.isMetricsEnabled()) {
        MetricsService metricsService = services.getService(GatewayServices.METRICS_SERVICE);
        builder = metricsService.getInstrumented(HttpClientBuilder.class);
    } else {
        builder = HttpClients.custom();
    }
    if (Boolean.parseBoolean(filterConfig.getInitParameter("useTwoWaySsl"))) {
        char[] keypass = null;
        MasterService ms = services.getService("MasterService");
        AliasService as = services.getService(GatewayServices.ALIAS_SERVICE);
        try {
            keypass = as.getGatewayIdentityPassphrase();
        } catch (AliasServiceException e) {
        // nop - default passphrase will be used
        }
        if (keypass == null) {
            // there has been no alias created for the key - let's assume it is the same as the keystore password
            keypass = ms.getMasterSecret();
        }
        KeystoreService ks = services.getService(GatewayServices.KEYSTORE_SERVICE);
        final SSLContext sslcontext;
        try {
            KeyStore keystoreForGateway = ks.getKeystoreForGateway();
            sslcontext = SSLContexts.custom().loadTrustMaterial(keystoreForGateway, new TrustSelfSignedStrategy()).loadKeyMaterial(keystoreForGateway, keypass).build();
        } catch (Exception e) {
            throw new IllegalArgumentException("Unable to create SSLContext", e);
        }
        builder.setSSLSocketFactory(new SSLConnectionSocketFactory(sslcontext));
    }
    if ("true".equals(System.getProperty(GatewayConfig.HADOOP_KERBEROS_SECURED))) {
        CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
        credentialsProvider.setCredentials(AuthScope.ANY, new UseJaasCredentials());
        Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new KnoxSpnegoAuthSchemeFactory(true)).build();
        builder = builder.setDefaultAuthSchemeRegistry(authSchemeRegistry).setDefaultCookieStore(new HadoopAuthCookieStore()).setDefaultCredentialsProvider(credentialsProvider);
    } else {
        builder = builder.setDefaultCookieStore(new NoCookieStore());
    }
    builder.setKeepAliveStrategy(DefaultConnectionKeepAliveStrategy.INSTANCE);
    builder.setConnectionReuseStrategy(DefaultConnectionReuseStrategy.INSTANCE);
    builder.setRedirectStrategy(new NeverRedirectStrategy());
    builder.setRetryHandler(new NeverRetryHandler());
    int maxConnections = getMaxConnections(filterConfig);
    builder.setMaxConnTotal(maxConnections);
    builder.setMaxConnPerRoute(maxConnections);
    builder.setDefaultRequestConfig(getRequestConfig(filterConfig));
    HttpClient client = builder.build();
    return client;
}
Also used : GatewayServices(org.apache.knox.gateway.services.GatewayServices) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) KeystoreService(org.apache.knox.gateway.services.security.KeystoreService) TrustSelfSignedStrategy(org.apache.http.conn.ssl.TrustSelfSignedStrategy) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) AliasService(org.apache.knox.gateway.services.security.AliasService) MetricsService(org.apache.knox.gateway.services.metrics.MetricsService) SSLContext(javax.net.ssl.SSLContext) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) CredentialsProvider(org.apache.http.client.CredentialsProvider) MasterService(org.apache.knox.gateway.services.security.MasterService) KeyStore(java.security.KeyStore) ProtocolException(org.apache.http.ProtocolException) IOException(java.io.IOException) AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException) HttpClient(org.apache.http.client.HttpClient) AuthSchemeProvider(org.apache.http.auth.AuthSchemeProvider)

Example 7 with KeystoreService

use of org.apache.knox.gateway.services.security.KeystoreService in project knox by apache.

the class DefaultTokenAuthorityServiceTest method testTokenCreationSignatureAlgorithm.

@Test
public void testTokenCreationSignatureAlgorithm() throws Exception {
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("john.doe@example.com");
    GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
    String basedir = System.getProperty("basedir");
    if (basedir == null) {
        basedir = new File(".").getCanonicalPath();
    }
    EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes");
    EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks");
    EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
    MasterService ms = EasyMock.createNiceMock(MasterService.class);
    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray());
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray());
    EasyMock.replay(principal, config, ms, as);
    KeystoreService ks = new DefaultKeystoreService();
    ((DefaultKeystoreService) ks).setMasterService(ms);
    ((DefaultKeystoreService) ks).init(config, new HashMap<String, String>());
    JWTokenAuthority ta = new DefaultTokenAuthorityService();
    ((DefaultTokenAuthorityService) ta).setAliasService(as);
    ((DefaultTokenAuthorityService) ta).setKeystoreService(ks);
    ((DefaultTokenAuthorityService) ta).init(config, new HashMap<String, String>());
    JWT token = ta.issueToken(principal, "RS512");
    assertEquals("KNOXSSO", token.getIssuer());
    assertEquals("john.doe@example.com", token.getSubject());
    assertTrue(token.getHeader().contains("RS512"));
    assertTrue(ta.verifyToken(token));
}
Also used : AliasService(org.apache.knox.gateway.services.security.AliasService) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) KeystoreService(org.apache.knox.gateway.services.security.KeystoreService) File(java.io.File) MasterService(org.apache.knox.gateway.services.security.MasterService) Principal(java.security.Principal) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) Test(org.junit.Test)

Example 8 with KeystoreService

use of org.apache.knox.gateway.services.security.KeystoreService in project knox by apache.

the class DefaultTokenAuthorityServiceTest method testTokenCreationBadSignatureAlgorithm.

@Test
public void testTokenCreationBadSignatureAlgorithm() throws Exception {
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("john.doe@example.com");
    GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
    String basedir = System.getProperty("basedir");
    if (basedir == null) {
        basedir = new File(".").getCanonicalPath();
    }
    EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes");
    EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks");
    EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
    MasterService ms = EasyMock.createNiceMock(MasterService.class);
    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray());
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray());
    EasyMock.replay(principal, config, ms, as);
    KeystoreService ks = new DefaultKeystoreService();
    ((DefaultKeystoreService) ks).setMasterService(ms);
    ((DefaultKeystoreService) ks).init(config, new HashMap<String, String>());
    JWTokenAuthority ta = new DefaultTokenAuthorityService();
    ((DefaultTokenAuthorityService) ta).setAliasService(as);
    ((DefaultTokenAuthorityService) ta).setKeystoreService(ks);
    ((DefaultTokenAuthorityService) ta).init(config, new HashMap<String, String>());
    try {
        ta.issueToken(principal, "none");
        fail("Failure expected on a bad signature algorithm");
    } catch (TokenServiceException ex) {
    // expected
    }
}
Also used : AliasService(org.apache.knox.gateway.services.security.AliasService) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) KeystoreService(org.apache.knox.gateway.services.security.KeystoreService) File(java.io.File) MasterService(org.apache.knox.gateway.services.security.MasterService) Principal(java.security.Principal) TokenServiceException(org.apache.knox.gateway.services.security.token.TokenServiceException) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) Test(org.junit.Test)

Aggregations

AliasService (org.apache.knox.gateway.services.security.AliasService)8 KeystoreService (org.apache.knox.gateway.services.security.KeystoreService)8 MasterService (org.apache.knox.gateway.services.security.MasterService)8 GatewayConfig (org.apache.knox.gateway.config.GatewayConfig)7 File (java.io.File)6 Test (org.junit.Test)6 Principal (java.security.Principal)5 DefaultKeystoreService (org.apache.knox.gateway.services.security.impl.DefaultKeystoreService)5 JWTokenAuthority (org.apache.knox.gateway.services.security.token.JWTokenAuthority)5 JWT (org.apache.knox.gateway.services.security.token.impl.JWT)4 GatewayServices (org.apache.knox.gateway.services.GatewayServices)3 IOException (java.io.IOException)2 KeyStore (java.security.KeyStore)2 InetSocketAddress (java.net.InetSocketAddress)1 URISyntaxException (java.net.URISyntaxException)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 List (java.util.List)1 SSLContext (javax.net.ssl.SSLContext)1 ProtocolException (org.apache.http.ProtocolException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial