Examples with DaoManager org.apache.ranger.kms.dao.DaoManager used on opensource projects

Search in sources :

Example 11 with DaoManager

use of org.apache.ranger.kms.dao.DaoManager in project ranger by apache.

the class DBToAzureKeyVault method doExportMKToAzureKeyVault.

private boolean doExportMKToAzureKeyVault(boolean sslEnabled, String masterKeyName, String masterKeyType, String zoneKeyEncryptionAlgo, String azureClientId, String azureKeyVaultUrl, String passwordOrCertPath, String certificatePassword, Configuration conf) {
    try {
        String mKeyPass = conf.get(ENCRYPTION_KEY);
        if (mKeyPass == null || mKeyPass.trim().equals("") || mKeyPass.trim().equals("_") || mKeyPass.trim().equals("crypted")) {
            throw new IOException("Master Key Jceks does not exists");
        }
        conf.set(AZURE_MASTER_KEY_TYPE, masterKeyType);
        conf.set(ZONE_KEY_ENCRYPTION_ALGO, zoneKeyEncryptionAlgo);
        conf.set(AZURE_MASTER_KEY_ALIAS, masterKeyName);
        conf.set(AZURE_CLIENT_ID, azureClientId);
        conf.set(AZURE_KEYVAULT_URL, azureKeyVaultUrl);
        RangerKMSDB rangerkmsDb = new RangerKMSDB(conf);
        DaoManager daoManager = rangerkmsDb.getDaoManager();
        KeyVaultClient kvClient = null;
        if (sslEnabled) {
            conf.set(AZURE_KEYVAULT_CERTIFICATE_PATH, passwordOrCertPath);
            AzureKeyVaultClientAuthenticator azureKVClientAuthenticator = new AzureKeyVaultClientAuthenticator(azureClientId);
            kvClient = !StringUtils.isEmpty(certificatePassword) ? azureKVClientAuthenticator.getAuthentication(passwordOrCertPath, certificatePassword) : azureKVClientAuthenticator.getAuthentication(passwordOrCertPath, "");
        } else {
            conf.set(AZURE_CLIENT_SECRET, passwordOrCertPath);
            AzureKeyVaultClientAuthenticator azureKVClientAuthenticator = new AzureKeyVaultClientAuthenticator(azureClientId, passwordOrCertPath);
            kvClient = new KeyVaultClient(azureKVClientAuthenticator);
        }
        if (kvClient == null) {
            System.err.println("Key Vault is null. Please check the azure related configs.");
            System.exit(1);
        }
        RangerKMSMKI rangerKVKeyGenerator = new RangerAzureKeyVaultKeyGenerator(conf, kvClient);
        boolean azureMKSuccess = rangerKVKeyGenerator.generateMasterKey(mKeyPass);
        if (azureMKSuccess) {
            dbStore = new RangerKeyStore(daoManager, conf, kvClient);
            // Get Master Key from Ranger DB
            RangerMasterKey rangerMasterKey = new RangerMasterKey(daoManager);
            char[] mkey = rangerMasterKey.getMasterKey(mKeyPass).toCharArray();
            List<XXRangerKeyStore> rangerKeyStoreList = new ArrayList<XXRangerKeyStore>();
            dbStore.engineLoad(null, mkey);
            Enumeration<String> e = dbStore.engineAliases();
            Key key;
            String alias = null;
            while (e.hasMoreElements()) {
                alias = e.nextElement();
                key = dbStore.engineGetKey(alias, mkey);
                XXRangerKeyStore xxRangerKeyStore = dbStore.convertKeysBetweenRangerKMSAndAzureKeyVault(alias, key, rangerKVKeyGenerator);
                rangerKeyStoreList.add(xxRangerKeyStore);
            }
            if (rangerKeyStoreList != null && !rangerKeyStoreList.isEmpty()) {
                for (XXRangerKeyStore rangerKeyStore : rangerKeyStoreList) {
                    dbStore.dbOperationStore(rangerKeyStore);
                }
            }
            return true;
        }
        return false;
    } catch (Throwable t) {
        throw new RuntimeException("Unable to import Master key from Ranger DB to Azure Key Vault ", t);
    }
}
Also used : KeyVaultClient(com.microsoft.azure.keyvault.KeyVaultClient) ArrayList(java.util.ArrayList) IOException(java.io.IOException) XXRangerKeyStore(org.apache.ranger.entity.XXRangerKeyStore) DaoManager(org.apache.ranger.kms.dao.DaoManager) XXRangerKeyStore(org.apache.ranger.entity.XXRangerKeyStore) Key(java.security.Key)

Example 12 with DaoManager

use of org.apache.ranger.kms.dao.DaoManager in project ranger by apache.

the class HSM2DBMKUtil method doImportMKFromHSM.

private void doImportMKFromHSM(String hsmType, String partitionName) {
    char[] partitionPassword = null;
    try {
        partitionPassword = ConsoleUtil.getPasswordFromConsole("Enter Password for the Partition " + partitionName + " : ");
        Configuration conf = RangerKeyStoreProvider.getDBKSConf();
        conf.set(HSM_TYPE, hsmType);
        conf.set(PARTITION_NAME, partitionName);
        conf.set(PARTITION_PASSWORD, String.valueOf(partitionPassword));
        RangerKMSDB rangerkmsDb = new RangerKMSDB(conf);
        DaoManager daoManager = rangerkmsDb.getDaoManager();
        String password = conf.get(ENCRYPTION_KEY);
        // Get Master Key from HSM
        RangerHSM rangerHSM = new RangerHSM(conf);
        String mKey = rangerHSM.getMasterKey(password);
        byte[] key = Base64.decode(mKey);
        // Put Master Key in Ranger DB
        RangerMasterKey rangerMasterKey = new RangerMasterKey(daoManager);
        rangerMasterKey.generateMKFromHSMMK(password, key);
    } catch (Throwable t) {
        throw new RuntimeException("Unable to import Master key from HSM to Ranger DB", t);
    } finally {
        Arrays.fill(partitionPassword, ' ');
    }
}
Also used : Configuration(org.apache.hadoop.conf.Configuration) DaoManager(org.apache.ranger.kms.dao.DaoManager)

Example 13 with DaoManager

use of org.apache.ranger.kms.dao.DaoManager in project ranger by apache.

the class Ranger2JKSUtil method doExportKeysFromJKS.

private void doExportKeysFromJKS(String keyStoreFileName, String keyStoreType) {
    char[] keyStorePassword = null;
    char[] keyPassword = null;
    try {
        keyStorePassword = ConsoleUtil.getPasswordFromConsole("Enter Password for the keystore FILE :");
        keyPassword = ConsoleUtil.getPasswordFromConsole("Enter Password for the KEY(s) stored in the keystore:");
        Configuration conf = RangerKeyStoreProvider.getDBKSConf();
        RangerKMSDB rangerkmsDb = new RangerKMSDB(conf);
        DaoManager daoManager = rangerkmsDb.getDaoManager();
        RangerKeyStore dbStore;
        char[] masterKey = null;
        String password = conf.get(ENCRYPTION_KEY);
        if (conf != null && StringUtils.isNotEmpty(conf.get(KEYSECURE_ENABLED)) && conf.get(KEYSECURE_ENABLED).equalsIgnoreCase("true")) {
            getFromJceks(conf, CREDENTIAL_PATH, KEYSECURE_PASSWORD_ALIAS, KEYSECURE_PASSWORD);
            String keySecureLoginCred = conf.get(KEYSECURE_USERNAME).trim() + ":" + conf.get(KEYSECURE_PASSWORD);
            conf.set(KEYSECURE_LOGIN, keySecureLoginCred);
            RangerSafenetKeySecure rangerSafenetKeySecure = new RangerSafenetKeySecure(conf);
            masterKey = rangerSafenetKeySecure.getMasterKey(password).toCharArray();
            dbStore = new RangerKeyStore(daoManager);
        } else if (conf != null && StringUtils.isNotEmpty(conf.get(AZURE_KEYVAULT_ENABLED)) && conf.get(AZURE_KEYVAULT_ENABLED).equalsIgnoreCase("true")) {
            getFromJceks(conf, CREDENTIAL_PATH, AZURE_CLIENT_SECRET_ALIAS, AZURE_CLIENT_SECRET);
            String azureClientId = conf.get(AZURE_CLIENT_ID);
            if (StringUtils.isEmpty(azureClientId)) {
                throw new Exception("Azure Key Vault is enabled and client id is not configured");
            }
            String azureClientSecret = conf.get(AZURE_CLIENT_SECRET);
            dbStore = new RangerKeyStore(daoManager);
            AzureKeyVaultClientAuthenticator azureKVClientAuthenticator;
            KeyVaultClient kvClient = null;
            if (conf != null && StringUtils.isNotEmpty(conf.get(AZURE_KEYVAULT_SSL_ENABLED)) && conf.get(AZURE_KEYVAULT_SSL_ENABLED).equalsIgnoreCase("false")) {
                try {
                    azureKVClientAuthenticator = new AzureKeyVaultClientAuthenticator(azureClientId, azureClientSecret);
                    kvClient = new KeyVaultClient(azureKVClientAuthenticator);
                } catch (Exception ex) {
                    throw new Exception("Error while getting key vault client object with client id and client secret : " + ex);
                }
            } else {
                try {
                    azureKVClientAuthenticator = new AzureKeyVaultClientAuthenticator(azureClientId);
                    String keyVaultCertPath = conf.get(AZURE_KEYVAULT_CERTIFICATE_PATH);
                    if (StringUtils.isEmpty(keyVaultCertPath)) {
                        throw new Exception("Azure Key Vault is enabled. Please provide client secret or certificate path for authentication.");
                    }
                    String keyVaultCertPassword = conf.get(AZURE_KEYVAULT_CERTIFICATE_PASSWORD);
                    kvClient = !StringUtils.isEmpty(keyVaultCertPassword) ? azureKVClientAuthenticator.getAuthentication(keyVaultCertPath, keyVaultCertPassword) : azureKVClientAuthenticator.getAuthentication(keyVaultCertPath, "");
                } catch (Exception ex) {
                    throw new Exception("Error while getting key vault client object with client id and certificate. Error :  : " + ex);
                }
            }
            if (kvClient != null) {
                masterKey = null;
                dbStore = new RangerKeyStore(daoManager, conf, kvClient);
            }
        } else {
            RangerMasterKey rangerMasterKey = new RangerMasterKey(daoManager);
            masterKey = rangerMasterKey.getMasterKey(password).toCharArray();
            dbStore = new RangerKeyStore(daoManager);
        }
        OutputStream out = null;
        try {
            out = new FileOutputStream(new File(keyStoreFileName));
            dbStore.engineLoadToKeyStoreFile(out, keyStorePassword, keyPassword, masterKey, keyStoreType);
        } finally {
            if (out != null) {
                try {
                    out.close();
                } catch (Exception e) {
                    throw new RuntimeException("ERROR:  Unable to close file stream for [" + keyStoreFileName + "]", e);
                }
            }
        }
    } catch (Throwable t) {
        throw new RuntimeException("Unable to export keys to [" + keyStoreFileName + "] due to exception.", t);
    } finally {
        Arrays.fill(keyStorePassword, ' ');
        Arrays.fill(keyPassword, ' ');
    }
}
Also used : Configuration(org.apache.hadoop.conf.Configuration) KeyVaultClient(com.microsoft.azure.keyvault.KeyVaultClient) OutputStream(java.io.OutputStream) FileOutputStream(java.io.FileOutputStream) IOException(java.io.IOException) KeyStoreException(java.security.KeyStoreException) DaoManager(org.apache.ranger.kms.dao.DaoManager) FileOutputStream(java.io.FileOutputStream) File(java.io.File)

Example 14 with DaoManager

use of org.apache.ranger.kms.dao.DaoManager in project ranger by apache.

the class MigrateDBMKeyToGCP method doExportMKToGcp.

private boolean doExportMKToGcp(Configuration conf, final String masterKeyName) {
    try {
        String mKeyPass = conf.get(ENCRYPTION_KEY);
        if (mKeyPass == null || mKeyPass.trim().equals("") || mKeyPass.trim().equals("_") || mKeyPass.trim().equals("crypted")) {
            throw new IOException("Master Key Jceks does not exists");
        }
        RangerKMSDB rangerkmsDb = new RangerKMSDB(conf);
        DaoManager daoManager = rangerkmsDb.getDaoManager();
        System.out.println("Creating masterkey with the name - " + masterKeyName);
        boolean gcpMKSuccess = rangerGcpProvider.generateMasterKey(null);
        if (gcpMKSuccess) {
            System.out.println("Masterkey with the name '" + masterKeyName + "' created successfully on Google Cloud KMS.");
            dbStore = new RangerKeyStore(daoManager, false, rangerGcpProvider);
            // Get Master Key from Ranger DB
            RangerMasterKey rangerMasterKey = new RangerMasterKey(daoManager);
            char[] mkey = rangerMasterKey.getMasterKey(mKeyPass).toCharArray();
            List<XXRangerKeyStore> rangerKeyStoreList = new ArrayList<XXRangerKeyStore>();
            dbStore.engineLoad(null, mkey);
            Enumeration<String> e = dbStore.engineAliases();
            Key key;
            String alias = null;
            while (e.hasMoreElements()) {
                alias = e.nextElement();
                key = dbStore.engineGetKey(alias, mkey);
                XXRangerKeyStore xxRangerKeyStore = dbStore.convertKeysBetweenRangerKMSAndGCP(alias, key, rangerGcpProvider);
                rangerKeyStoreList.add(xxRangerKeyStore);
            }
            if (rangerKeyStoreList != null && !rangerKeyStoreList.isEmpty()) {
                for (XXRangerKeyStore rangerKeyStore : rangerKeyStoreList) {
                    dbStore.dbOperationStore(rangerKeyStore);
                }
            }
            return true;
        }
        return false;
    } catch (Throwable t) {
        throw new RuntimeException("Unable to migrate Master key from Ranger KMS DB to GCP ", t);
    }
}
Also used : ArrayList(java.util.ArrayList) IOException(java.io.IOException) XXRangerKeyStore(org.apache.ranger.entity.XXRangerKeyStore) DaoManager(org.apache.ranger.kms.dao.DaoManager) XXRangerKeyStore(org.apache.ranger.entity.XXRangerKeyStore) Key(java.security.Key)

Example 15 with DaoManager

use of org.apache.ranger.kms.dao.DaoManager in project ranger by apache.

the class TestRangerKeyStore method testValidKey1.

@Test
public void testValidKey1() throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
    DaoManager daoManager = Mockito.mock(DaoManager.class);
    RangerKeyStore rangerKeyStore = new RangerKeyStore(daoManager);
    String keyValue = "enckey_1-test";
    InputStream inputStream = generateKeyStoreFile(keyValue);
    rangerKeyStore.engineLoadKeyStoreFile(inputStream, storePass, keyPass, masterKey, fileFormat);
    inputStream.close();
}
Also used : FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) RangerKeyStore(org.apache.hadoop.crypto.key.RangerKeyStore) DaoManager(org.apache.ranger.kms.dao.DaoManager) Test(org.junit.Test)

Aggregations

DaoManager (org.apache.ranger.kms.dao.DaoManager)18 FileInputStream (java.io.FileInputStream)7 InputStream (java.io.InputStream)7 Test (org.junit.Test)7 Configuration (org.apache.hadoop.conf.Configuration)6 RangerKeyStore (org.apache.hadoop.crypto.key.RangerKeyStore)6 IOException (java.io.IOException)5 KeyVaultClient (com.microsoft.azure.keyvault.KeyVaultClient)3 File (java.io.File)2 Path (java.nio.file.Path)2 Key (java.security.Key)2 KeyStoreException (java.security.KeyStoreException)2 ArrayList (java.util.ArrayList)2 RangerKMSDB (org.apache.hadoop.crypto.key.RangerKMSDB)2 RangerMasterKey (org.apache.hadoop.crypto.key.RangerMasterKey)2 XXRangerKeyStore (org.apache.ranger.entity.XXRangerKeyStore)2 FileOutputStream (java.io.FileOutputStream)1 OutputStream (java.io.OutputStream)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial