Examples with WorkerTokenInfo org.apache.storm.generated.WorkerTokenInfo used on opensource projects
Example 1 with WorkerTokenInfo
use of org.apache.storm.generated.WorkerTokenInfo in project storm by apache.
the class WorkerTokenTest method testBasicGenerateAndAuthorize.
@Test
public void testBasicGenerateAndAuthorize() {
final AtomicReference<PrivateWorkerKey> privateKey = new AtomicReference<>();
final String topoId = "topo-1";
final String userName = "user";
final WorkerTokenServiceType type = WorkerTokenServiceType.NIMBUS;
final long versionNumber = 0L;
// Simulate time starts out at 0, so we are going to just leave it here.
try (Time.SimulatedTime sim = new Time.SimulatedTime()) {
IStormClusterState mockState = mock(IStormClusterState.class);
Map<String, Object> conf = new HashMap<>();
WorkerTokenManager wtm = new WorkerTokenManager(conf, mockState);
when(mockState.getNextPrivateWorkerKeyVersion(type, topoId)).thenReturn(versionNumber);
doAnswer((invocation) -> {
// Save the private worker key away so we can test it too.
privateKey.set(invocation.getArgument(3));
return null;
}).when(mockState).addPrivateWorkerKey(eq(type), eq(topoId), eq(versionNumber), any(PrivateWorkerKey.class));
// Answer when we ask for a private key...
when(mockState.getPrivateWorkerKey(type, topoId, versionNumber)).thenAnswer((invocation) -> privateKey.get());
WorkerToken wt = wtm.createOrUpdateTokenFor(type, userName, topoId);
verify(mockState).addPrivateWorkerKey(eq(type), eq(topoId), eq(versionNumber), any(PrivateWorkerKey.class));
assertTrue(wt.is_set_serviceType());
assertEquals(type, wt.get_serviceType());
assertTrue(wt.is_set_info());
assertTrue(wt.is_set_signature());
PrivateWorkerKey pwk = privateKey.get();
assertNotNull(pwk);
assertTrue(pwk.is_set_expirationTimeMillis());
assertEquals(ONE_DAY_MILLIS, pwk.get_expirationTimeMillis());
WorkerTokenInfo info = ClientAuthUtils.getWorkerTokenInfo(wt);
assertTrue(info.is_set_topologyId());
assertTrue(info.is_set_userName());
assertTrue(info.is_set_expirationTimeMillis());
assertTrue(info.is_set_secretVersion());
assertEquals(topoId, info.get_topologyId());
assertEquals(userName, info.get_userName());
assertEquals(ONE_DAY_MILLIS, info.get_expirationTimeMillis());
assertEquals(versionNumber, info.get_secretVersion());
try (WorkerTokenAuthorizer wta = new WorkerTokenAuthorizer(type, mockState)) {
// Verify the signature...
byte[] signature = wta.getSignedPasswordFor(wt.get_info(), info);
assertArrayEquals(wt.get_signature(), signature);
}
}
}
Also used :
WorkerToken(org.apache.storm.generated.WorkerToken)
HashMap(java.util.HashMap)
WorkerTokenServiceType(org.apache.storm.generated.WorkerTokenServiceType)
PrivateWorkerKey(org.apache.storm.generated.PrivateWorkerKey)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
Time(org.apache.storm.utils.Time)
WorkerTokenInfo(org.apache.storm.generated.WorkerTokenInfo)
IStormClusterState(org.apache.storm.cluster.IStormClusterState)
Test(org.junit.Test)
Example 2 with WorkerTokenInfo
use of org.apache.storm.generated.WorkerTokenInfo in project storm by apache.
the class WorkerTokenAuthorizer method userName.
@Override
public String userName(String userName) {
byte[] user = Base64.getDecoder().decode(userName);
WorkerTokenInfo deser = Utils.deserialize(user, WorkerTokenInfo.class);
return deser.get_userName();
}
Also used :
WorkerTokenInfo(org.apache.storm.generated.WorkerTokenInfo)
Example 3 with WorkerTokenInfo
use of org.apache.storm.generated.WorkerTokenInfo in project storm by apache.
the class WorkerTokenAuthorizer method getPasswordFor.
@Override
public Optional<char[]> getPasswordFor(String userName) {
if (keyCache == null) {
return Optional.empty();
}
byte[] user = null;
WorkerTokenInfo deser = null;
try {
user = Base64.getDecoder().decode(userName);
deser = Utils.deserialize(user, WorkerTokenInfo.class);
} catch (Exception e) {
LOG.info("Could not decode {}, might just be a plain digest request...", userName, e);
return Optional.empty();
}
try {
byte[] password = getSignedPasswordFor(user, deser);
return Optional.of(Base64.getEncoder().encodeToString(password).toCharArray());
} catch (Exception e) {
passwordFailures.mark();
LOG.error("Could not get password for token {}/{}", deser.get_userName(), deser.get_topologyId(), e);
return Optional.empty();
}
}
Also used :
WorkerTokenInfo(org.apache.storm.generated.WorkerTokenInfo)
Example 4 with WorkerTokenInfo
use of org.apache.storm.generated.WorkerTokenInfo in project storm by apache.
the class WorkerTokenManager method createOrUpdateTokenFor.
/**
* Create or update an existing key.
*
* @param serviceType the type of service to create a token for
* @param user the user the token is for
* @param topologyId the topology the token is for
* @return a newly generated token that should be good to start using form now until it expires.
*/
public WorkerToken createOrUpdateTokenFor(WorkerTokenServiceType serviceType, String user, String topologyId) {
long nextVersion = state.getNextPrivateWorkerKeyVersion(serviceType, topologyId);
SecretKey topoSecret = getCurrentSecret();
long expirationTimeMillis = Time.currentTimeMillis() + tokenLifetimeMillis;
WorkerTokenInfo info = new WorkerTokenInfo(user, topologyId, nextVersion, expirationTimeMillis);
byte[] serializedInfo = ClientAuthUtils.serializeWorkerTokenInfo(info);
byte[] signature = WorkerTokenSigner.createPassword(serializedInfo, topoSecret);
WorkerToken ret = new WorkerToken(serviceType, ByteBuffer.wrap(serializedInfo), ByteBuffer.wrap(signature));
PrivateWorkerKey key = new PrivateWorkerKey(ByteBuffer.wrap(topoSecret.getEncoded()), user, expirationTimeMillis);
state.addPrivateWorkerKey(serviceType, topologyId, nextVersion, key);
LOG.info("Created new WorkerToken for user {} topology {} on service {}", user, topologyId, serviceType);
return ret;
}
Also used :
SecretKey(javax.crypto.SecretKey)
WorkerToken(org.apache.storm.generated.WorkerToken)
WorkerTokenInfo(org.apache.storm.generated.WorkerTokenInfo)
PrivateWorkerKey(org.apache.storm.generated.PrivateWorkerKey)
Example 5 with WorkerTokenInfo
use of org.apache.storm.generated.WorkerTokenInfo in project storm by apache.
the class WorkerTokenManager method shouldRenewWorkerToken.
@VisibleForTesting
public boolean shouldRenewWorkerToken(Map<String, String> creds, WorkerTokenServiceType type) {
boolean shouldAdd = true;
WorkerToken oldToken = ClientAuthUtils.readWorkerToken(creds, type);
if (oldToken != null) {
try {
WorkerTokenInfo info = ClientAuthUtils.getWorkerTokenInfo(oldToken);
if (!info.is_set_expirationTimeMillis() || info.get_expirationTimeMillis() - Time.currentTimeMillis() > (tokenLifetimeMillis / 2)) {
// Found an existing token and it is not going to expire any time soon, so don't bother adding in a new
// token.
shouldAdd = false;
}
} catch (Exception e) {
// The old token could not be deserialized. This is bad, but we are going to replace it anyways so just keep going.
LOG.error("Could not deserialize token info", e);
}
}
return shouldAdd;
}
Also used :
WorkerToken(org.apache.storm.generated.WorkerToken)
WorkerTokenInfo(org.apache.storm.generated.WorkerTokenInfo)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
Aggregations
WorkerTokenInfo (org.apache.storm.generated.WorkerTokenInfo)6
WorkerToken (org.apache.storm.generated.WorkerToken)4
PrivateWorkerKey (org.apache.storm.generated.PrivateWorkerKey)3
HashMap (java.util.HashMap)2
AtomicReference (java.util.concurrent.atomic.AtomicReference)2
IStormClusterState (org.apache.storm.cluster.IStormClusterState)2
WorkerTokenServiceType (org.apache.storm.generated.WorkerTokenServiceType)2
Time (org.apache.storm.utils.Time)2
Test (org.junit.Test)2
VisibleForTesting (com.google.common.annotations.VisibleForTesting)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
SecretKey (javax.crypto.SecretKey)1
