Search in sources :

Example 1 with MasterService

use of org.apache.knox.gateway.services.security.MasterService in project knox by apache.

the class CMFKeystoreServiceTest method setup.

@Before
public void setup() {
    try {
        ks = new CMFKeystoreService(".", "ambari");
        ks.setMasterService(new MasterService() {

            public void init(GatewayConfig config, Map<String, String> options) throws ServiceLifecycleException {
            // TODO Auto-generated method stub
            }

            public void start() throws ServiceLifecycleException {
            // TODO Auto-generated method stub
            }

            public void stop() throws ServiceLifecycleException {
            // TODO Auto-generated method stub
            }

            public char[] getMasterSecret() {
                // TODO Auto-generated method stub
                return "testmaster".toCharArray();
            }
        });
    } catch (ServiceLifecycleException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
}
Also used : ServiceLifecycleException(org.apache.knox.gateway.services.ServiceLifecycleException) MasterService(org.apache.knox.gateway.services.security.MasterService) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) Before(org.junit.Before)

Example 2 with MasterService

use of org.apache.knox.gateway.services.security.MasterService in project knox by apache.

the class KnoxCLITest method testCreateMasterForce.

@Test
public void testCreateMasterForce() throws Exception {
    GatewayConfigImpl config = new GatewayConfigImpl();
    File masterFile = new File(config.getGatewaySecurityDir(), "master");
    // Need to delete the master file so that the change isn't ignored.
    if (masterFile.exists()) {
        assertThat("Failed to delete existing master file.", masterFile.delete(), is(true));
    }
    KnoxCLI cli = new KnoxCLI();
    cli.setConf(config);
    MasterService ms;
    int rc = 0;
    outContent.reset();
    String[] args = { "create-master", "--master", "test-master-1" };
    rc = cli.run(args);
    assertThat(rc, is(0));
    ms = cli.getGatewayServices().getService("MasterService");
    String master = String.copyValueOf(ms.getMasterSecret());
    assertThat(master, is("test-master-1"));
    assertThat(outContent.toString(), containsString("Master secret has been persisted to disk."));
    outContent.reset();
    rc = cli.run(args);
    assertThat(rc, is(0));
    assertThat(outContent.toString(), containsString("Master secret is already present on disk."));
    outContent.reset();
    args = new String[] { "create-master", "--master", "test-master-2", "--force" };
    rc = cli.run(args);
    assertThat(rc, is(0));
    ms = cli.getGatewayServices().getService("MasterService");
    master = String.copyValueOf(ms.getMasterSecret());
    assertThat(master, is("test-master-2"));
    assertThat(outContent.toString(), containsString("Master secret has been persisted to disk."));
}
Also used : CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) GatewayConfigImpl(org.apache.knox.gateway.config.impl.GatewayConfigImpl) File(java.io.File) MasterService(org.apache.knox.gateway.services.security.MasterService) Test(org.junit.Test)

Example 3 with MasterService

use of org.apache.knox.gateway.services.security.MasterService in project knox by apache.

the class KnoxCLITest method testCreateMasterGenerate.

@Test
public void testCreateMasterGenerate() throws Exception {
    String[] args = { "create-master", "--generate" };
    int rc = 0;
    GatewayConfigImpl config = new GatewayConfigImpl();
    File masterFile = new File(config.getGatewaySecurityDir(), "master");
    // Need to delete the master file so that the change isn't ignored.
    if (masterFile.exists()) {
        assertThat("Failed to delete existing master file.", masterFile.delete(), is(true));
    }
    outContent.reset();
    KnoxCLI cli = new KnoxCLI();
    cli.setConf(config);
    rc = cli.run(args);
    assertThat(rc, is(0));
    MasterService ms = cli.getGatewayServices().getService("MasterService");
    String master = String.copyValueOf(ms.getMasterSecret());
    assertThat(master.length(), is(36));
    assertThat(master.indexOf('-'), is(8));
    assertThat(master.indexOf('-', 9), is(13));
    assertThat(master.indexOf('-', 14), is(18));
    assertThat(master.indexOf('-', 19), is(23));
    assertThat(UUID.fromString(master), notNullValue());
    assertThat(outContent.toString(), containsString("Master secret has been persisted to disk."));
    // Need to delete the master file so that the change isn't ignored.
    if (masterFile.exists()) {
        assertThat("Failed to delete existing master file.", masterFile.delete(), is(true));
    }
    outContent.reset();
    cli = new KnoxCLI();
    rc = cli.run(args);
    ms = cli.getGatewayServices().getService("MasterService");
    String master2 = String.copyValueOf(ms.getMasterSecret());
    assertThat(master2.length(), is(36));
    assertThat(UUID.fromString(master2), notNullValue());
    assertThat(master2, not(is(master)));
    assertThat(rc, is(0));
    assertThat(outContent.toString(), containsString("Master secret has been persisted to disk."));
}
Also used : CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) GatewayConfigImpl(org.apache.knox.gateway.config.impl.GatewayConfigImpl) File(java.io.File) MasterService(org.apache.knox.gateway.services.security.MasterService) Test(org.junit.Test)

Example 4 with MasterService

use of org.apache.knox.gateway.services.security.MasterService in project knox by apache.

the class DefaultTokenAuthorityServiceTest method testTokenCreationAudience.

@Test
public void testTokenCreationAudience() throws Exception {
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("john.doe@example.com");
    GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
    String basedir = System.getProperty("basedir");
    if (basedir == null) {
        basedir = new File(".").getCanonicalPath();
    }
    EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes");
    EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks");
    EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
    MasterService ms = EasyMock.createNiceMock(MasterService.class);
    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray());
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray());
    EasyMock.replay(principal, config, ms, as);
    KeystoreService ks = new DefaultKeystoreService();
    ((DefaultKeystoreService) ks).setMasterService(ms);
    ((DefaultKeystoreService) ks).init(config, new HashMap<String, String>());
    JWTokenAuthority ta = new DefaultTokenAuthorityService();
    ((DefaultTokenAuthorityService) ta).setAliasService(as);
    ((DefaultTokenAuthorityService) ta).setKeystoreService(ks);
    ((DefaultTokenAuthorityService) ta).init(config, new HashMap<String, String>());
    JWT token = ta.issueToken(principal, "https://login.example.com", "RS256");
    assertEquals("KNOXSSO", token.getIssuer());
    assertEquals("john.doe@example.com", token.getSubject());
    assertEquals("https://login.example.com", token.getAudience());
    assertTrue(ta.verifyToken(token));
}
Also used : AliasService(org.apache.knox.gateway.services.security.AliasService) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) KeystoreService(org.apache.knox.gateway.services.security.KeystoreService) File(java.io.File) MasterService(org.apache.knox.gateway.services.security.MasterService) Principal(java.security.Principal) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) Test(org.junit.Test)

Example 5 with MasterService

use of org.apache.knox.gateway.services.security.MasterService in project knox by apache.

the class DefaultTokenAuthorityServiceTest method testTokenCreation.

@Test
public void testTokenCreation() throws Exception {
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("john.doe@example.com");
    GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
    String basedir = System.getProperty("basedir");
    if (basedir == null) {
        basedir = new File(".").getCanonicalPath();
    }
    EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes");
    EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks");
    EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
    MasterService ms = EasyMock.createNiceMock(MasterService.class);
    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray());
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray());
    EasyMock.replay(principal, config, ms, as);
    KeystoreService ks = new DefaultKeystoreService();
    ((DefaultKeystoreService) ks).setMasterService(ms);
    ((DefaultKeystoreService) ks).init(config, new HashMap<String, String>());
    JWTokenAuthority ta = new DefaultTokenAuthorityService();
    ((DefaultTokenAuthorityService) ta).setAliasService(as);
    ((DefaultTokenAuthorityService) ta).setKeystoreService(ks);
    ((DefaultTokenAuthorityService) ta).init(config, new HashMap<String, String>());
    JWT token = ta.issueToken(principal, "RS256");
    assertEquals("KNOXSSO", token.getIssuer());
    assertEquals("john.doe@example.com", token.getSubject());
    assertTrue(ta.verifyToken(token));
}
Also used : AliasService(org.apache.knox.gateway.services.security.AliasService) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) KeystoreService(org.apache.knox.gateway.services.security.KeystoreService) File(java.io.File) MasterService(org.apache.knox.gateway.services.security.MasterService) Principal(java.security.Principal) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) Test(org.junit.Test)

Aggregations

MasterService (org.apache.knox.gateway.services.security.MasterService)13 File (java.io.File)9 Test (org.junit.Test)9 GatewayConfig (org.apache.knox.gateway.config.GatewayConfig)8 AliasService (org.apache.knox.gateway.services.security.AliasService)8 KeystoreService (org.apache.knox.gateway.services.security.KeystoreService)8 Principal (java.security.Principal)5 DefaultKeystoreService (org.apache.knox.gateway.services.security.impl.DefaultKeystoreService)5 JWTokenAuthority (org.apache.knox.gateway.services.security.token.JWTokenAuthority)5 JWT (org.apache.knox.gateway.services.security.token.impl.JWT)4 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)4 GatewayConfigImpl (org.apache.knox.gateway.config.impl.GatewayConfigImpl)3 GatewayServices (org.apache.knox.gateway.services.GatewayServices)3 IOException (java.io.IOException)2 KeyStore (java.security.KeyStore)2 InetSocketAddress (java.net.InetSocketAddress)1 URISyntaxException (java.net.URISyntaxException)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 List (java.util.List)1