Example 6 with RMAuthentication
use of org.ow2.proactive.resourcemanager.authentication.RMAuthentication in project scheduling by ow2-proactive.
the class AuthenticationTest method loginAsAdmin.
private void loginAsAdmin(RMAuthentication auth) throws LoginException, KeyException {
log("Test 1");
log("Trying to authorized with correct admin name and password");
Credentials cred = Credentials.createCredentials(new CredData(TestUsers.DEMO.username, TestUsers.DEMO.password), auth.getPublicKey());
ResourceManager admin = auth.login(cred);
admin.disconnect().getBooleanValue();
log("Passed: successful authentication");
}
Also used :
CredData(org.ow2.proactive.authentication.crypto.CredData)
ResourceManager(org.ow2.proactive.resourcemanager.frontend.ResourceManager)
Credentials(org.ow2.proactive.authentication.crypto.Credentials)
Example 7 with RMAuthentication
use of org.ow2.proactive.resourcemanager.authentication.RMAuthentication in project scheduling by ow2-proactive.
the class ResourceManagerJMXTest method jmxClientHelper.
private void jmxClientHelper(RMAuthentication auth, Credentials adminCreds) throws IOException {
// Test Helper class
RMTHelper.log("Test JMXClientHelper as admin over RMI with connect() method");
final JMXClientHelper client = new JMXClientHelper(auth, new Object[] { TestUsers.TEST.username, adminCreds });
// default is over
final boolean isConnected1 = client.connect();
// RMI
assertTrue("Unable to connect, exception is " + client.getLastException(), isConnected1);
assertTrue("Incorrect default behavior of connect() method it must use RMI protocol", client.getConnector().getConnectionId().startsWith("rmi"));
client.disconnect();
assertFalse("The helper disconnect() must set the helper as disconnected", client.isConnected());
final boolean isConnected2 = client.connect(JMXTransportProtocol.RO);
assertTrue("Unable to connect, exception is " + client.getLastException(), isConnected2);
assertTrue("The helper connect(JMXTransportProtocol.RO) method must use RO protocol", client.getConnector().getConnectionId().startsWith("ro"));
client.disconnect();
assertFalse("The helper disconnect() must set the helper as disconnected", client.isConnected());
}
Also used :
JMXClientHelper(org.ow2.proactive.jmx.JMXClientHelper)
Example 8 with RMAuthentication
use of org.ow2.proactive.resourcemanager.authentication.RMAuthentication in project scheduling by ow2-proactive.
the class AddGetReleaseRemoveTest method action.
@Test
public void action() throws Exception {
final ResourceManager rm = rmHelper.getResourceManager();
// The username and thr password must be the same a used to connect to the RM
final String adminLogin = TestUsers.TEST.username;
final String adminPassword = TestUsers.TEST.password;
// All accounting values are checked through JMX
final RMAuthentication auth = rmHelper.getRMAuth();
final PublicKey pubKey = auth.getPublicKey();
final Credentials adminCreds = Credentials.createCredentials(new CredData(adminLogin, adminPassword), pubKey);
final JMXServiceURL jmxRmiServiceURL = new JMXServiceURL(auth.getJMXConnectorURL(JMXTransportProtocol.RMI));
final HashMap<String, Object> env = new HashMap<>(1);
env.put(JMXConnector.CREDENTIALS, new Object[] { adminLogin, adminCreds });
// Connect to the JMX RMI Connector Server
final ObjectName myAccountMBeanName = new ObjectName(RMJMXBeans.MYACCOUNT_MBEAN_NAME);
final ObjectName managementMBeanName = new ObjectName(RMJMXBeans.MANAGEMENT_MBEAN_NAME);
final JMXConnector jmxConnector = JMXConnectorFactory.connect(jmxRmiServiceURL, env);
final MBeanServerConnection conn = jmxConnector.getMBeanServerConnection();
// Ensure that no refreshes was done and all account values are correctly initialized
AttributeList atts = conn.getAttributes(myAccountMBeanName, new String[] { "UsedNodeTime", "ProvidedNodeTime", "ProvidedNodesCount" });
long usedNodeTime = (Long) ((Attribute) atts.get(0)).getValue();
long providedNodeTime = (Long) ((Attribute) atts.get(1)).getValue();
int providedNodesCount = (Integer) ((Attribute) atts.get(2)).getValue();
// ADD, GET, RELEASE, REMOVE
// 1) ADD
final long beforeAddTime = System.currentTimeMillis();
testNode = rmHelper.createNode("test");
Node node = testNode.getNode();
final String nodeURL = node.getNodeInformation().getURL();
rm.addNode(nodeURL).getBooleanValue();
// We eat the configuring to free event
rmHelper.waitForNodeEvent(RMEventType.NODE_ADDED, nodeURL);
rmHelper.waitForNodeEvent(RMEventType.NODE_STATE_CHANGED, nodeURL);
// 2) GET
final long beforeGetTime = System.currentTimeMillis();
node = rm.getAtMostNodes(1, null).get(0);
// Sleep a certain amount of time that will be the minimum amount of the GET->RELEASE duration
Thread.sleep(GR_DURATION);
// 3) RELEASE
rm.releaseNode(node).getBooleanValue();
final long getReleaseMaxDuration = System.currentTimeMillis() - beforeGetTime;
// 4) REMOVE
rm.removeNode(nodeURL, true).getBooleanValue();
final long addRemoveMaxDuration = System.currentTimeMillis() - beforeAddTime;
// Refresh the account manager
conn.invoke(managementMBeanName, "clearAccoutingCache", null, null);
// Check account values validity
atts = conn.getAttributes(myAccountMBeanName, new String[] { "UsedNodeTime", "ProvidedNodeTime", "ProvidedNodesCount" });
usedNodeTime = (Long) ((Attribute) atts.get(0)).getValue() - usedNodeTime;
providedNodeTime = (Long) ((Attribute) atts.get(1)).getValue() - providedNodeTime;
providedNodesCount = (Integer) ((Attribute) atts.get(2)).getValue() - providedNodesCount;
Assert.assertTrue("Invalid value of the usedNodeTime attribute (usedNodeTime=" + usedNodeTime + ")", (usedNodeTime >= GR_DURATION));
Assert.assertTrue("Invalid value of the usedNodeTime attribute (getReleaseMaxDuration=" + getReleaseMaxDuration + ")", (usedNodeTime <= getReleaseMaxDuration));
Assert.assertTrue("Invalid value of the providedNodeTime attribute", (providedNodeTime >= usedNodeTime) && (providedNodeTime <= addRemoveMaxDuration));
}
Also used :
JMXServiceURL(javax.management.remote.JMXServiceURL)
HashMap(java.util.HashMap)
PublicKey(java.security.PublicKey)
AttributeList(javax.management.AttributeList)
Node(org.objectweb.proactive.core.node.Node)
CredData(org.ow2.proactive.authentication.crypto.CredData)
ResourceManager(org.ow2.proactive.resourcemanager.frontend.ResourceManager)
ObjectName(javax.management.ObjectName)
RMAuthentication(org.ow2.proactive.resourcemanager.authentication.RMAuthentication)
JMXConnector(javax.management.remote.JMXConnector)
Credentials(org.ow2.proactive.authentication.crypto.Credentials)
MBeanServerConnection(javax.management.MBeanServerConnection)
Test(org.junit.Test)
RMFunctionalTest(functionaltests.utils.RMFunctionalTest)
Example 9 with RMAuthentication
use of org.ow2.proactive.resourcemanager.authentication.RMAuthentication in project scheduling by ow2-proactive.
the class AddGetRemoveTest method action.
@Test
public void action() throws Exception {
final ResourceManager rm = rmHelper.getResourceManager();
// The username and thr password must be the same a used to connect to the RM
final String adminLogin = TestUsers.TEST.username;
final String adminPassword = TestUsers.TEST.password;
// All accounting values are checked through JMX
final RMAuthentication auth = rmHelper.getRMAuth();
final PublicKey pubKey = auth.getPublicKey();
final Credentials adminCreds = Credentials.createCredentials(new CredData(adminLogin, adminPassword), pubKey);
final JMXServiceURL jmxRmiServiceURL = new JMXServiceURL(auth.getJMXConnectorURL(JMXTransportProtocol.RMI));
final HashMap<String, Object> env = new HashMap<>(1);
env.put(JMXConnector.CREDENTIALS, new Object[] { adminLogin, adminCreds });
// Connect to the JMX RMI Connector Server
final ObjectName myAccountMBeanName = new ObjectName(RMJMXBeans.MYACCOUNT_MBEAN_NAME);
final ObjectName managementMBeanName = new ObjectName(RMJMXBeans.MANAGEMENT_MBEAN_NAME);
final JMXConnector jmxConnector = JMXConnectorFactory.connect(jmxRmiServiceURL, env);
final MBeanServerConnection conn = jmxConnector.getMBeanServerConnection();
// ADD, GET, RELEASE
// 1) ADD
testNode = rmHelper.createNode("test");
Node node = testNode.getNode();
final String nodeURL = node.getNodeInformation().getURL();
rm.addNode(nodeURL).getBooleanValue();
// we eat the configuring to free
rmHelper.waitForNodeEvent(RMEventType.NODE_ADDED, nodeURL);
rmHelper.waitForNodeEvent(RMEventType.NODE_STATE_CHANGED, nodeURL);
// 2) GET
final long beforeGetTime = System.currentTimeMillis();
long originalUsedNodeTime = getUsedNodeTime(myAccountMBeanName, managementMBeanName, conn);
NodeSet nodes = rm.getNodes(new Criteria(1));
rmHelper.waitForNodeEvent(RMEventType.NODE_STATE_CHANGED, nodeURL);
// Sleep a certain amount of time that will be the minimum amount of the GET->RELEASE duration
Thread.sleep(GR_DURATION);
rm.releaseNodes(nodes);
rmHelper.waitForNodeEvent(RMEventType.NODE_STATE_CHANGED, nodeURL);
// Check account values validity
long usedNodeTime = getUsedNodeTime(myAccountMBeanName, managementMBeanName, conn) - originalUsedNodeTime;
// 3) REMOVE
rm.removeNode(nodeURL, true).getBooleanValue();
final long getRemoveMaxDuration = System.currentTimeMillis() - beforeGetTime;
assertThat("Invalid value of the usedNodeTime attribute", usedNodeTime, greaterThan(GR_DURATION));
assertThat("Invalid value of the usedNodeTime attribute", usedNodeTime, lessThan(getRemoveMaxDuration));
}
Also used :
JMXServiceURL(javax.management.remote.JMXServiceURL)
NodeSet(org.ow2.proactive.utils.NodeSet)
HashMap(java.util.HashMap)
PublicKey(java.security.PublicKey)
Node(org.objectweb.proactive.core.node.Node)
CredData(org.ow2.proactive.authentication.crypto.CredData)
ResourceManager(org.ow2.proactive.resourcemanager.frontend.ResourceManager)
Criteria(org.ow2.proactive.utils.Criteria)
ObjectName(javax.management.ObjectName)
RMAuthentication(org.ow2.proactive.resourcemanager.authentication.RMAuthentication)
JMXConnector(javax.management.remote.JMXConnector)
Credentials(org.ow2.proactive.authentication.crypto.Credentials)
MBeanServerConnection(javax.management.MBeanServerConnection)
Test(org.junit.Test)
RMFunctionalTest(functionaltests.utils.RMFunctionalTest)
Example 10 with RMAuthentication
use of org.ow2.proactive.resourcemanager.authentication.RMAuthentication in project scheduling by ow2-proactive.
the class CreateCredentials method main.
/**
* Entry point
*
* @see org.ow2.proactive.authentication.crypto.Credentials
* @param args arguments, try '-h' for help
* @throws IOException
* @throws ParseException
*/
public static void main(String[] args) throws IOException, ParseException {
SecurityManagerConfigurator.configureSecurityManager(CreateCredentials.class.getResource("/all-permissions.security.policy").toString());
Console console = System.console();
/**
* default values
*/
boolean interactive = true;
String pubKeyPath = null;
PublicKey pubKey = null;
String login = null;
String pass = null;
String keyfile = null;
String cipher = "RSA/ECB/PKCS1Padding";
String path = Credentials.getCredentialsPath();
String rm = null;
String scheduler = null;
String url = null;
Options options = new Options();
Option opt = new Option("h", "help", false, "Display this help");
opt.setRequired(false);
options.addOption(opt);
OptionGroup group = new OptionGroup();
group.setRequired(false);
opt = new Option("F", "file", true, "Public key path on the local filesystem [default:" + Credentials.getPubKeyPath() + "]");
opt.setArgName("PATH");
opt.setArgs(1);
opt.setRequired(false);
group.addOption(opt);
opt = new Option("R", "rm", true, "Request the public key to the Resource Manager at URL");
opt.setArgName("URL");
opt.setArgs(1);
opt.setRequired(false);
group.addOption(opt);
opt = new Option("S", "scheduler", true, "Request the public key to the Scheduler at URL");
opt.setArgName("URL");
opt.setArgs(1);
opt.setRequired(false);
group.addOption(opt);
options.addOptionGroup(group);
opt = new Option("l", "login", true, "Generate credentials for this specific user, will be asked interactively if not specified");
opt.setArgName("LOGIN");
opt.setArgs(1);
opt.setRequired(false);
options.addOption(opt);
opt = new Option("p", "password", true, "Use this password, will be asked interactively if not specified");
opt.setArgName("PWD");
opt.setArgs(1);
opt.setRequired(false);
options.addOption(opt);
opt = new Option("k", "keyfile", true, "Use specified ssh private key, asked interactively if specified without PATH, not specified otherwise.");
opt.setArgName("PATH");
opt.setOptionalArg(true);
opt.setRequired(false);
options.addOption(opt);
opt = new Option("o", "output", true, "Output the resulting credentials to the specified file [default:" + path + "]");
opt.setArgName("PATH");
opt.setArgs(1);
opt.setRequired(false);
options.addOption(opt);
opt = new Option("c", "cipher", true, "Use specified cipher parameters, need to be compatible with the specified key [default:" + cipher + "]");
opt.setArgName("PARAMS");
opt.setArgs(1);
opt.setRequired(false);
options.addOption(opt);
CommandLineParser parser = new DefaultParser();
CommandLine cmd = null;
try {
cmd = parser.parse(options, args);
} catch (Exception e) {
System.err.println(newline + "ERROR : " + e.getMessage() + newline);
System.out.println("type -h or --help to display help screen");
System.exit(1);
}
if (cmd.hasOption("help")) {
displayHelp(options);
}
if (cmd.hasOption("file")) {
pubKeyPath = cmd.getOptionValue("file");
}
if (cmd.hasOption("rm")) {
rm = cmd.getOptionValue("rm");
}
if (cmd.hasOption("scheduler")) {
scheduler = cmd.getOptionValue("scheduler");
}
if (cmd.hasOption("login")) {
login = cmd.getOptionValue("login");
}
if (cmd.hasOption("password")) {
pass = cmd.getOptionValue("password");
}
if (cmd.hasOption("keyfile") && cmd.getOptionValues("keyfile") != null) {
keyfile = cmd.getOptionValue("keyfile");
}
if (cmd.hasOption("output")) {
path = cmd.getOptionValue("output");
}
if (cmd.hasOption("cipher")) {
cipher = cmd.getOptionValue("cipher");
}
int acc = 0;
if (pubKeyPath != null) {
acc++;
}
if (scheduler != null) {
url = URIBuilder.buildURI(Connection.normalize(scheduler), "SCHEDULER").toString();
acc++;
}
if (rm != null) {
url = URIBuilder.buildURI(Connection.normalize(rm), "RMAUTHENTICATION").toString();
acc++;
}
if (acc > 1) {
System.out.println("--rm, --scheduler and --file arguments cannot be combined.");
System.out.println("try -h for help.");
System.exit(1);
}
if (url != null) {
try {
Connection<AuthenticationImpl> conn = new Connection<AuthenticationImpl>(AuthenticationImpl.class) {
public Logger getLogger() {
return Logger.getLogger("pa.scheduler.credentials");
}
};
AuthenticationImpl auth = conn.connect(url);
pubKey = auth.getPublicKey();
} catch (Exception e) {
System.err.println("ERROR : Could not retrieve public key from '" + url + "'");
e.printStackTrace();
System.exit(3);
}
System.out.println("Successfully obtained public key from " + url + newline);
} else if (pubKeyPath != null) {
try {
pubKey = Credentials.getPublicKey(pubKeyPath);
} catch (KeyException e) {
System.err.println("ERROR : Could not retrieve public key from '" + pubKeyPath + "' (no such file)");
System.exit(4);
}
} else {
System.out.println("No public key specified, attempting to retrieve it from default location.");
pubKeyPath = Credentials.getPubKeyPath();
try {
pubKey = Credentials.getPublicKey(pubKeyPath);
} catch (KeyException e) {
System.err.println("ERROR : Could not retrieve public key from '" + pubKeyPath + "' (no such file)");
System.exit(5);
}
}
if (login != null && pass != null && (!cmd.hasOption("keyfile") || cmd.getOptionValues("keyfile") != null)) {
System.out.println("Running in non-interactive mode." + newline);
interactive = false;
} else {
System.out.println("Running in interactive mode.");
}
if (interactive) {
System.out.println("Please enter Scheduler credentials,");
System.out.println("they will be stored encrypted on disk for future logins." + newline);
System.out.print("login: ");
if (login == null) {
login = console.readLine();
} else {
System.out.println(login);
}
System.out.print("password: ");
if (pass == null) {
pass = new String(console.readPassword());
} else {
System.out.println("*******");
}
System.out.print("keyfile: ");
if (!cmd.hasOption("keyfile")) {
System.out.println("no key file specified");
} else if (cmd.hasOption("keyfile") && cmd.getOptionValues("keyfile") != null) {
System.out.println(keyfile);
} else {
keyfile = console.readLine();
}
}
try {
CredData credData;
if (keyfile != null && keyfile.length() > 0) {
byte[] keyfileContent = FileToBytesConverter.convertFileToByteArray(new File(keyfile));
credData = new CredData(CredData.parseLogin(login), CredData.parseDomain(login), pass, keyfileContent);
} else {
System.out.println("--> Ignoring keyfile, credential does not contain SSH key");
credData = new CredData(CredData.parseLogin(login), CredData.parseDomain(login), pass);
}
Credentials cred = Credentials.createCredentials(credData, pubKey, cipher);
cred.writeToDisk(path);
} catch (FileNotFoundException e) {
System.err.println("ERROR : Could not retrieve ssh private key from '" + keyfile + "' (no such file)");
System.exit(6);
} catch (Throwable t) {
t.printStackTrace();
System.exit(7);
}
System.out.println("Successfully stored encrypted credentials on disk at :");
System.out.println("\t" + path);
System.exit(0);
}
Also used :
Options(org.apache.commons.cli.Options)
PublicKey(java.security.PublicKey)
Connection(org.ow2.proactive.authentication.Connection)
FileNotFoundException(java.io.FileNotFoundException)
KeyException(java.security.KeyException)
IOException(java.io.IOException)
FileNotFoundException(java.io.FileNotFoundException)
ParseException(org.apache.commons.cli.ParseException)
KeyException(java.security.KeyException)
AuthenticationImpl(org.ow2.proactive.authentication.AuthenticationImpl)
CommandLine(org.apache.commons.cli.CommandLine)
OptionGroup(org.apache.commons.cli.OptionGroup)
Console(java.io.Console)
Option(org.apache.commons.cli.Option)
CommandLineParser(org.apache.commons.cli.CommandLineParser)
File(java.io.File)
DefaultParser(org.apache.commons.cli.DefaultParser)
Aggregations
RMAuthentication (org.ow2.proactive.resourcemanager.authentication.RMAuthentication)17
Credentials (org.ow2.proactive.authentication.crypto.Credentials)16
ResourceManager (org.ow2.proactive.resourcemanager.frontend.ResourceManager)14
CredData (org.ow2.proactive.authentication.crypto.CredData)13
RMFunctionalTest (functionaltests.utils.RMFunctionalTest)7
PublicKey (java.security.PublicKey)7
Test (org.junit.Test)7
Node (org.objectweb.proactive.core.node.Node)6
JMXServiceURL (javax.management.remote.JMXServiceURL)5
LoginException (javax.security.auth.login.LoginException)5
File (java.io.File)4
HashMap (java.util.HashMap)4
MBeanServerConnection (javax.management.MBeanServerConnection)4
ObjectName (javax.management.ObjectName)4
JMXConnector (javax.management.remote.JMXConnector)4
ParseException (org.apache.commons.cli.ParseException)3
IOException (java.io.IOException)2
KeyException (java.security.KeyException)2
AttributeList (javax.management.AttributeList)2
CommandLine (org.apache.commons.cli.CommandLine)2
