Example 1 with PasswordUtils
use of org.apache.ranger.plugin.util.PasswordUtils in project ranger by apache.
the class ServiceDBStore method updateService.
@Override
public RangerService updateService(RangerService service, Map<String, Object> options) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.updateService()");
}
XXService existing = daoMgr.getXXService().getById(service.getId());
if (existing == null) {
throw restErrorUtil.createRESTException("no service exists with ID=" + service.getId(), MessageEnums.DATA_NOT_FOUND);
}
String existingName = existing.getName();
boolean renamed = !StringUtils.equalsIgnoreCase(service.getName(), existingName);
if (renamed) {
XXService newNameService = daoMgr.getXXService().findByName(service.getName());
if (newNameService != null) {
throw restErrorUtil.createRESTException("another service already exists with name '" + service.getName() + "'. ID=" + newNameService.getId(), MessageEnums.DATA_NOT_UPDATABLE);
}
long countOfTaggedResources = daoMgr.getXXServiceResource().countTaggedResourcesInServiceId(existing.getId());
Boolean isForceRename = options != null && options.get(ServiceStore.OPTION_FORCE_RENAME) != null ? (Boolean) options.get(ServiceStore.OPTION_FORCE_RENAME) : Boolean.FALSE;
if (countOfTaggedResources != 0L) {
if (isForceRename) {
LOG.warn("Forcing the renaming of service from " + existingName + " to " + service.getName() + " although it is associated with " + countOfTaggedResources + " service-resources!");
} else {
throw restErrorUtil.createRESTException("Service " + existingName + " cannot be renamed, as it has associated service-resources", MessageEnums.DATA_NOT_UPDATABLE);
}
}
}
Map<String, String> configs = service.getConfigs();
Map<String, String> validConfigs = validateRequiredConfigParams(service, configs);
if (validConfigs == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ConfigParams cannot be null, ServiceDBStore.createService(" + service + ")");
}
throw restErrorUtil.createRESTException("ConfigParams cannot be null.", MessageEnums.ERROR_CREATING_OBJECT);
}
boolean hasTagServiceValueChanged = false;
Long existingTagServiceId = existing.getTagService();
// null for old clients; empty string to remove existing association
String newTagServiceName = service.getTagService();
Long newTagServiceId = null;
if (newTagServiceName == null) {
// old client; don't update existing tagService
if (existingTagServiceId != null) {
newTagServiceName = getServiceName(existingTagServiceId);
service.setTagService(newTagServiceName);
LOG.info("ServiceDBStore.updateService(id=" + service.getId() + "; name=" + service.getName() + "): tagService is null; using existing tagService '" + newTagServiceName + "'");
}
}
if (StringUtils.isNotBlank(newTagServiceName)) {
RangerService tmp = getServiceByName(newTagServiceName);
if (tmp == null || !EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME.equals(tmp.getType())) {
if (LOG.isDebugEnabled()) {
LOG.debug("ServiceDBStore.updateService() - " + newTagServiceName + " does not refer to a valid tag service.(" + service + ")");
}
throw restErrorUtil.createRESTException("Invalid tag service name " + newTagServiceName, MessageEnums.ERROR_CREATING_OBJECT);
} else {
newTagServiceId = tmp.getId();
}
}
if (existingTagServiceId == null) {
if (newTagServiceId != null) {
hasTagServiceValueChanged = true;
}
} else if (!existingTagServiceId.equals(newTagServiceId)) {
hasTagServiceValueChanged = true;
}
boolean hasIsEnabledChanged = !existing.getIsenabled().equals(service.getIsEnabled());
List<XXServiceConfigMap> dbConfigMaps = daoMgr.getXXServiceConfigMap().findByServiceId(service.getId());
boolean hasServiceConfigForPluginChanged = hasServiceConfigForPluginChanged(dbConfigMaps, validConfigs);
List<XXTrxLog> trxLogList = svcService.getTransactionLog(service, existing, RangerServiceService.OPERATION_UPDATE_CONTEXT);
if (populateExistingBaseFields) {
svcServiceWithAssignedId.setPopulateExistingBaseFields(true);
service = svcServiceWithAssignedId.update(service);
svcServiceWithAssignedId.setPopulateExistingBaseFields(false);
} else {
service.setCreateTime(existing.getCreateTime());
service.setGuid(existing.getGuid());
service.setVersion(existing.getVersion());
service = svcService.update(service);
if (hasTagServiceValueChanged || hasIsEnabledChanged || hasServiceConfigForPluginChanged) {
updatePolicyVersion(service, RangerPolicyDelta.CHANGE_TYPE_SERVICE_CHANGE, null, false);
}
}
XXService xUpdService = daoMgr.getXXService().getById(service.getId());
String oldPassword = null;
for (XXServiceConfigMap dbConfigMap : dbConfigMaps) {
if (StringUtils.equalsIgnoreCase(dbConfigMap.getConfigkey(), CONFIG_KEY_PASSWORD)) {
oldPassword = dbConfigMap.getConfigvalue();
}
daoMgr.getXXServiceConfigMap().remove(dbConfigMap);
}
VXUser vXUser = null;
XXServiceConfigMapDao xConfMapDao = daoMgr.getXXServiceConfigMap();
for (Entry<String, String> configMap : validConfigs.entrySet()) {
String configKey = configMap.getKey();
String configValue = configMap.getValue();
if (StringUtils.equalsIgnoreCase(configKey, "username")) {
String userName = stringUtil.getValidUserName(configValue);
XXUser xxUser = daoMgr.getXXUser().findByUserName(userName);
if (xxUser != null) {
vXUser = xUserService.populateViewBean(xxUser);
} else {
UserSessionBase usb = ContextUtil.getCurrentUserSession();
if (usb != null && !usb.isUserAdmin()) {
throw restErrorUtil.createRESTException("User does not exist with given username: [" + userName + "] please use existing user", MessageEnums.OPER_NO_PERMISSION);
}
vXUser = xUserMgr.createServiceConfigUser(userName);
}
}
if (StringUtils.equalsIgnoreCase(configKey, CONFIG_KEY_PASSWORD)) {
if (StringUtils.equalsIgnoreCase(configValue, HIDDEN_PASSWORD_STR)) {
if (oldPassword != null && oldPassword.contains(",")) {
PasswordUtils util = PasswordUtils.build(oldPassword);
if (!util.getCryptAlgo().equalsIgnoreCase(CRYPT_ALGO)) {
String decryptedPwd = PasswordUtils.decryptPassword(oldPassword);
String paddingString = Joiner.on(",").skipNulls().join(CRYPT_ALGO, new String(util.getEncryptKey()), new String(util.getSalt()), util.getIterationCount(), PasswordUtils.generateIvIfNeeded(CRYPT_ALGO));
String encryptedPwd = PasswordUtils.encryptPassword(paddingString + "," + decryptedPwd);
String newDecryptedPwd = PasswordUtils.decryptPassword(paddingString + "," + encryptedPwd);
if (StringUtils.equals(newDecryptedPwd, decryptedPwd)) {
configValue = paddingString + "," + encryptedPwd;
}
} else {
configValue = oldPassword;
}
} else {
configValue = oldPassword;
}
} else {
String paddingString = Joiner.on(",").skipNulls().join(CRYPT_ALGO, ENCRYPT_KEY, SALT, ITERATION_COUNT, PasswordUtils.generateIvIfNeeded(CRYPT_ALGO));
String encryptedPwd = PasswordUtils.encryptPassword(paddingString + "," + configValue);
String decryptedPwd = PasswordUtils.decryptPassword(paddingString + "," + encryptedPwd);
if (StringUtils.equals(decryptedPwd, configValue)) {
configValue = paddingString + "," + encryptedPwd;
}
}
}
XXServiceConfigMap xConfMap = new XXServiceConfigMap();
xConfMap = (XXServiceConfigMap) rangerAuditFields.populateAuditFields(xConfMap, xUpdService);
xConfMap.setServiceId(service.getId());
xConfMap.setConfigkey(configKey);
xConfMap.setConfigvalue(configValue);
xConfMapDao.create(xConfMap);
}
updateTabPermissions(service.getType(), validConfigs);
if (LOG.isDebugEnabled()) {
LOG.debug("vXUser:[" + vXUser + "]");
}
RangerService updService = svcService.getPopulatedViewObject(xUpdService);
dataHistService.createObjectDataHistory(updService, RangerDataHistService.ACTION_UPDATE);
bizUtil.createTrxLog(trxLogList);
return updService;
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
PasswordUtils(org.apache.ranger.plugin.util.PasswordUtils)
VXString(org.apache.ranger.view.VXString)
XXTrxLog(org.apache.ranger.entity.XXTrxLog)
VXUser(org.apache.ranger.view.VXUser)
XXServiceConfigMapDao(org.apache.ranger.db.XXServiceConfigMapDao)
UserSessionBase(org.apache.ranger.common.UserSessionBase)
XXServiceConfigMap(org.apache.ranger.entity.XXServiceConfigMap)
RangerService(org.apache.ranger.plugin.model.RangerService)
XXService(org.apache.ranger.entity.XXService)
Example 2 with PasswordUtils
use of org.apache.ranger.plugin.util.PasswordUtils in project ranger by apache.
the class RangerServiceService method getConfigsWithDecryptedPassword.
public Map<String, String> getConfigsWithDecryptedPassword(RangerService service) throws Exception {
Map<String, String> configs = service.getConfigs();
String pwd = configs.get(ServiceDBStore.CONFIG_KEY_PASSWORD);
if (!stringUtil.isEmpty(pwd) && ServiceDBStore.HIDDEN_PASSWORD_STR.equalsIgnoreCase(pwd)) {
XXServiceConfigMap pwdConfig = daoMgr.getXXServiceConfigMap().findByServiceAndConfigKey(service.getId(), ServiceDBStore.CONFIG_KEY_PASSWORD);
if (pwdConfig != null) {
String encryptedPwd = pwdConfig.getConfigvalue();
if (encryptedPwd.contains(",")) {
PasswordUtils util = PasswordUtils.build(encryptedPwd);
String freeTextPasswordMetaData = Joiner.on(",").skipNulls().join(util.getCryptAlgo(), new String(util.getEncryptKey()), new String(util.getSalt()), util.getIterationCount(), PasswordUtils.needsIv(util.getCryptAlgo()) ? util.getIvAsString() : null);
String decryptedPwd = PasswordUtils.decryptPassword(encryptedPwd);
if (StringUtils.equalsIgnoreCase(freeTextPasswordMetaData + "," + PasswordUtils.encryptPassword(freeTextPasswordMetaData + "," + decryptedPwd), encryptedPwd)) {
// XXX: method name is
configs.put(ServiceDBStore.CONFIG_KEY_PASSWORD, encryptedPwd);
// getConfigsWithDecryptedPassword,
// then why do we store the
// encryptedPwd?
}
} else {
String decryptedPwd = PasswordUtils.decryptPassword(encryptedPwd);
if (StringUtils.equalsIgnoreCase(PasswordUtils.encryptPassword(decryptedPwd), encryptedPwd)) {
// XXX: method name is
configs.put(ServiceDBStore.CONFIG_KEY_PASSWORD, encryptedPwd);
// getConfigsWithDecryptedPassword,
// then why do we store the
// encryptedPwd?
}
}
}
}
return configs;
}
Also used :
XXServiceConfigMap(org.apache.ranger.entity.XXServiceConfigMap)
PasswordUtils(org.apache.ranger.plugin.util.PasswordUtils)
Aggregations
XXServiceConfigMap (org.apache.ranger.entity.XXServiceConfigMap)2
PasswordUtils (org.apache.ranger.plugin.util.PasswordUtils)2
UserSessionBase (org.apache.ranger.common.UserSessionBase)1
XXServiceConfigMapDao (org.apache.ranger.db.XXServiceConfigMapDao)1
XXService (org.apache.ranger.entity.XXService)1
XXTrxLog (org.apache.ranger.entity.XXTrxLog)1
XXUser (org.apache.ranger.entity.XXUser)1
RangerService (org.apache.ranger.plugin.model.RangerService)1
VXString (org.apache.ranger.view.VXString)1
VXUser (org.apache.ranger.view.VXUser)1
