public static void provisionPasswordsToCredentialProvider() throws Exception { File testDir = new File(System.getProperty("test.build.data", "target/test-dir")); Configuration conf = new Configuration(); final Path jksPath = new Path(testDir.toString(), "test.jks"); final String ourUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); File file = new File(testDir, "test.jks"); file.delete(); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'}; // create new aliases try { provider.createCredentialEntry( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY), storepass); provider.createCredentialEntry( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_KEYSTORE_KEYPASSWORD_TPL_KEY), keypass); // write out so that it can be found in checks provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } }
private S3MapReduceCpOptions parseCopierOptions(Map<String, Object> copierOptions) { String defaultCredentialsProviderString = conf.get(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH); URI defaultCredentialsProvider = null; if (defaultCredentialsProviderString != null) { defaultCredentialsProvider = URI.create(defaultCredentialsProviderString); } URI replicaDataLocationUri = toDirectoryUri(replicaDataLocation); S3MapReduceCpOptionsParser optionsParser = null; if (sourceDataLocations.isEmpty()) { LOG.debug("Will copy all sub-paths."); optionsParser = new S3MapReduceCpOptionsParser(Arrays.asList(sourceDataBaseLocation), replicaDataLocationUri, defaultCredentialsProvider); } else { LOG.debug("Will copy {} sub-paths.", sourceDataLocations.size()); conf.set(SimpleCopyListing.CONF_LABEL_ROOT_PATH, sourceDataBaseLocation.toUri().toString()); optionsParser = new S3MapReduceCpOptionsParser(sourceDataLocations, replicaDataLocationUri, defaultCredentialsProvider); } return optionsParser.parse(copierOptions); }
@Test public void testCredentialProvider() throws Exception { // set up conf to have a cred provider final Configuration conf = new Configuration(); final File file = tempDir.newFile("test.jks"); final URI jks = ProviderUtils.nestURIForLocalJavaKeyStoreProvider( file.toURI()); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, jks.toString()); // add our creds to the provider final CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); provider.createCredentialEntry("fs.s3.awsSecretAccessKey", EXAMPLE_KEY.toCharArray()); provider.flush(); // make sure S3Creds can retrieve things. S3Credentials s3Credentials = new S3Credentials(); conf.set("fs.s3.awsAccessKeyId", EXAMPLE_ID); s3Credentials.initialize(new URI("s3://foobar"), conf); assertEquals("Could not retrieve proper access key", EXAMPLE_ID, s3Credentials.getAccessKey()); assertEquals("Could not retrieve proper secret", EXAMPLE_KEY, s3Credentials.getSecretAccessKey()); }
/** * Retrieves a password from a configured credential provider or prompts for the password and stores it in the * configured credential provider. * @param config application configuration * @param key the key/alias for the password. * @return the password. * @throws IOException */ private String getPassword(org.apache.commons.configuration.Configuration config, String key) throws IOException { String password; String provider = config.getString(CERT_STORES_CREDENTIAL_PROVIDER_PATH); if (provider != null) { LOG.info("Attempting to retrieve password from configured credential provider path"); Configuration c = new Configuration(); c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider); CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(c).get(0); CredentialProvider.CredentialEntry entry = credentialProvider.getCredentialEntry(key); if (entry == null) { throw new IOException(String.format("No credential entry found for %s. " + "Please create an entry in the configured credential provider", key)); } else { password = String.valueOf(entry.getCredential()); } } else { throw new IOException("No credential provider path configured for storage of certificate store passwords"); } return password; }
private String getSystemPassword() { String password = ""; if (StringUtils.isEmpty(this.hadoopSecurityCredentialPath)) { password = this.systemPassword; } else { try { Configuration configuration = new Configuration(); configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, this.hadoopSecurityCredentialPath); CredentialProvider provider = CredentialProviderFactory.getProviders(configuration).get(0); CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry( KEYSTORE_PASS); if (credEntry != null) { password = new String(credEntry.getCredential()); } } catch (Exception e) { } } return password; }
private void checkForCredentials(Configuration conf, ConfTree tree) throws IOException { if (tree.credentials == null || tree.credentials.size()==0) { log.info("No credentials requested"); return; } for (Entry<String, List<String>> cred : tree.credentials.entrySet()) { String provider = cred.getKey(); List<String> aliases = cred.getValue(); if (aliases == null || aliases.size()==0) { continue; } Configuration c = new Configuration(conf); c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider); CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(c).get(0); Set<String> existingAliases = new HashSet<String>(credentialProvider.getAliases()); for (String alias : aliases) { if (!existingAliases.contains(alias.toLowerCase(Locale.ENGLISH))) { throw new IOException("Specified credentials have not been " + "initialized in provider " + provider + ": " + alias); } } } }
@BeforeClass public static void setup() throws Exception { conf = new Configuration(false); final String ourUrl = UserProvider.SCHEME_NAME + ":///"; conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); provider.createCredentialEntry(ServerConfig. SENTRY_STORE_JDBC_PASS, passwd); provider.flush(); dataDir = new File(Files.createTempDir(), "sentry_policy_db"); conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false"); conf.set(ServerConfig.SENTRY_STORE_JDBC_URL, "jdbc:derby:;databaseName=" + dataDir.getPath() + ";create=true"); conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy"); conf.setStrings(ServerConfig.ADMIN_GROUPS, adminGroups); conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING, ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING); policyFilePath = new File(dataDir, "local_policy_file.ini"); conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE, policyFilePath.getPath()); sentryStore = new SentryStore(conf); }
@Test public void testConfGetPassword() throws Exception { File testDir = new File(System.getProperty("test.build.data", "target/test-dir")); Configuration conf = new Configuration(); final Path jksPath = new Path(testDir.toString(), "test.jks"); final String ourUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); File file = new File(testDir, "test.jks"); file.delete(); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); char[] bindpass = {'b', 'i', 'n', 'd', 'p', 'a', 's', 's'}; char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'}; // ensure that we get nulls when the key isn't there assertEquals(null, provider.getCredentialEntry( LdapGroupsMapping.BIND_PASSWORD_KEY)); assertEquals(null, provider.getCredentialEntry (LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY)); // create new aliases try { provider.createCredentialEntry( LdapGroupsMapping.BIND_PASSWORD_KEY, bindpass); provider.createCredentialEntry( LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY, storepass); provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } // make sure we get back the right key assertArrayEquals(bindpass, provider.getCredentialEntry( LdapGroupsMapping.BIND_PASSWORD_KEY).getCredential()); assertArrayEquals(storepass, provider.getCredentialEntry( LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY).getCredential()); LdapGroupsMapping mapping = new LdapGroupsMapping(); Assert.assertEquals("bindpass", mapping.getPassword(conf, LdapGroupsMapping.BIND_PASSWORD_KEY, "")); Assert.assertEquals("storepass", mapping.getPassword(conf, LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY, "")); // let's make sure that a password that doesn't exist returns an // empty string as currently expected and used to trigger a call to // extract password Assert.assertEquals("", mapping.getPassword(conf,"invalid-alias", "")); }
/** * Loads properties from s3mapreducecp-default.xml into configuration object * * @return Configuration which includes properties from s3mapreducecp-default.xml */ private static Configuration getDefaultConf(S3MapReduceCpOptions options) { Configuration config = new S3MapReduceCpConfiguration(); config.addResource(S3MAPREDUCECP_DEFAULT_XML); if (options.getCredentialsProvider() != null) { config.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, options.getCredentialsProvider().toString()); } return config; }
protected Configuration provisionCredentialsForSSL() throws IOException, Exception { File testDir = new File(System.getProperty("test.build.data", "target/test-dir")); Configuration conf = new Configuration(); final Path jksPath = new Path(testDir.toString(), "test.jks"); final String ourUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); File file = new File(testDir, "test.jks"); file.delete(); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'}; char[] trustpass = {'t', 'r', 'u', 's', 't', 'p', 'a', 's', 's'}; // ensure that we get nulls when the key isn't there assertEquals(null, provider.getCredentialEntry( WebAppUtils.WEB_APP_KEY_PASSWORD_KEY)); assertEquals(null, provider.getCredentialEntry( WebAppUtils.WEB_APP_KEYSTORE_PASSWORD_KEY)); assertEquals(null, provider.getCredentialEntry( WebAppUtils.WEB_APP_TRUSTSTORE_PASSWORD_KEY)); // create new aliases try { provider.createCredentialEntry( WebAppUtils.WEB_APP_KEY_PASSWORD_KEY, keypass); provider.createCredentialEntry( WebAppUtils.WEB_APP_KEYSTORE_PASSWORD_KEY, storepass); provider.createCredentialEntry( WebAppUtils.WEB_APP_TRUSTSTORE_PASSWORD_KEY, trustpass); // write out so that it can be found in checks provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } // make sure we get back the right key directly from api assertArrayEquals(keypass, provider.getCredentialEntry( WebAppUtils.WEB_APP_KEY_PASSWORD_KEY).getCredential()); assertArrayEquals(storepass, provider.getCredentialEntry( WebAppUtils.WEB_APP_KEYSTORE_PASSWORD_KEY).getCredential()); assertArrayEquals(trustpass, provider.getCredentialEntry( WebAppUtils.WEB_APP_TRUSTSTORE_PASSWORD_KEY).getCredential()); return conf; }
@Test public void testGetPassword() throws Exception { File testDir = new File(System.getProperty("test.build.data", "target/test-dir")); Configuration conf = new Configuration(); final Path jksPath = new Path(testDir.toString(), "test.jks"); final String ourUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); File file = new File(testDir, "test.jks"); file.delete(); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'}; char[] trustpass = {'t', 'r', 'u', 's', 't', 'p', 'a', 's', 's'}; // ensure that we get nulls when the key isn't there assertEquals(null, provider.getCredentialEntry( DFS_SERVER_HTTPS_KEYPASSWORD_KEY)); assertEquals(null, provider.getCredentialEntry( DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY)); assertEquals(null, provider.getCredentialEntry( DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY)); // create new aliases try { provider.createCredentialEntry( DFS_SERVER_HTTPS_KEYPASSWORD_KEY, keypass); provider.createCredentialEntry( DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY, storepass); provider.createCredentialEntry( DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY, trustpass); // write out so that it can be found in checks provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } // make sure we get back the right key directly from api assertArrayEquals(keypass, provider.getCredentialEntry( DFS_SERVER_HTTPS_KEYPASSWORD_KEY).getCredential()); assertArrayEquals(storepass, provider.getCredentialEntry( DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY).getCredential()); assertArrayEquals(trustpass, provider.getCredentialEntry( DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY).getCredential()); // use WebAppUtils as would be used by loadSslConfiguration Assert.assertEquals("keypass", DFSUtil.getPassword(conf, DFS_SERVER_HTTPS_KEYPASSWORD_KEY)); Assert.assertEquals("storepass", DFSUtil.getPassword(conf, DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY)); Assert.assertEquals("trustpass", DFSUtil.getPassword(conf, DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY)); // let's make sure that a password that doesn't exist returns null Assert.assertEquals(null, DFSUtil.getPassword(conf,"invalid-alias")); }
/**\ * Returns a credential provider for the entered JKS path. * @param textDevice the system console. * @return the Credential provider * @throws IOException */ private static CredentialProvider getCredentialProvider(TextDevice textDevice) throws IOException { String providerPath = textDevice.readLine("Please enter the full path to the credential provider:"); if (providerPath != null) { Configuration conf = new Configuration(false); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerPath); return CredentialProviderFactory.getProviders(conf).get(0); } return null; }
protected void setupCredentials() throws Exception { Configuration conf = new Configuration(false); File file = new File(jksPath.toUri().getPath()); file.delete(); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); // create new aliases try { char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass); char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass); char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'}; provider.createCredentialEntry("ssl.client.truststore.password", trustpass2); char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass); // write out so that it can be found in checks provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } }
protected void setupCredentials() throws Exception { Configuration conf = new Configuration(false); File file = new File(jksPath.toUri().getPath()); file.delete(); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); // create new aliases try { char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; provider.createCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY, storepass); char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; provider.createCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY, trustpass); char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'}; provider.createCredentialEntry("ssl.client.truststore.password", trustpass2); char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; provider.createCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY, certpass); // write out so that it can be found in checks provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } }
protected void setupCredentials() throws Exception { Configuration conf = new Configuration(false); File file = new File(jksPath.toUri().getPath()); file.delete(); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); // create new aliases try { char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass); char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass); char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass); // write out so that it can be found in checks provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } }
private String getPassword(Properties properties) throws IOException, InterpreterException { if (isNotEmpty(properties.getProperty(PASSWORD_KEY))) { return properties.getProperty(PASSWORD_KEY); } else if (isNotEmpty(properties.getProperty(JDBC_JCEKS_FILE)) && isNotEmpty(properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY))) { try { Configuration configuration = new Configuration(); configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, properties.getProperty(JDBC_JCEKS_FILE)); CredentialProvider provider = CredentialProviderFactory.getProviders(configuration).get(0); CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry(properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY)); if (credEntry != null) { return new String(credEntry.getCredential()); } else { throw new InterpreterException("Failed to retrieve password from JCEKS from key: " + properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY)); } } catch (Exception e) { logger.error("Failed to retrieve password from JCEKS \n" + "For file: " + properties.getProperty(JDBC_JCEKS_FILE) + "\nFor key: " + properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY), e); throw e; } } return null; }
public static void provisionPasswordsToCredentialProvider() throws Exception { File testDir = GenericTestUtils.getTestDir(); Configuration conf = new Configuration(); final Path jksPath = new Path(testDir.toString(), "test.jks"); final String ourUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); File file = new File(testDir, "test.jks"); file.delete(); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'}; // create new aliases try { provider.createCredentialEntry( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY), storepass); provider.createCredentialEntry( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_KEYSTORE_KEYPASSWORD_TPL_KEY), keypass); // write out so that it can be found in checks provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } }
public static char[] getPassword(String credentialProvider, String alias) throws IOException { Configuration conf = new Configuration(); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, credentialProvider); return conf.getPassword(alias); }
/** * There are certain integrations of the credential provider API in * which a recursive dependency between the provider and the hadoop * filesystem abstraction causes a problem. These integration points * need to leverage this utility method to remove problematic provider * types from the existing provider path within the configuration. * * @param config the existing configuration with provider path * @param fileSystemClass the class which providers must be compatible * @return Configuration clone with new provider path */ public static Configuration excludeIncompatibleCredentialProviders( Configuration config, Class<? extends FileSystem> fileSystemClass) throws IOException { String providerPath = config.get( CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH); if (providerPath == null) { return config; } StringBuffer newProviderPath = new StringBuffer(); String[] providers = providerPath.split(","); Path path = null; for (String provider: providers) { try { path = unnestUri(new URI(provider)); Class<? extends FileSystem> clazz = null; try { String scheme = path.toUri().getScheme(); clazz = FileSystem.getFileSystemClass(scheme, config); } catch (IOException ioe) { // not all providers are filesystem based // for instance user:/// will not be able to // have a filesystem class associated with it. if (newProviderPath.length() > 0) { newProviderPath.append(","); } newProviderPath.append(provider); } if (clazz != null) { if (fileSystemClass.isAssignableFrom(clazz)) { LOG.debug("Filesystem based provider" + " excluded from provider path due to recursive dependency: " + provider); } else { if (newProviderPath.length() > 0) { newProviderPath.append(","); } newProviderPath.append(provider); } } } catch (URISyntaxException e) { LOG.warn("Credential Provider URI is invalid." + provider); } } String effectivePath = newProviderPath.toString(); if (effectivePath.equals(providerPath)) { return config; } Configuration conf = new Configuration(config); if (effectivePath.equals("")) { conf.unset(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH); } else { conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, effectivePath); } return conf; }
@Before public void setupLibJarPath() throws Exception { conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, credentialsProvider.toString()); when(job.waitForCompletion(anyBoolean())).thenReturn(true); when(executor.exec(any(Configuration.class), any(S3MapReduceCpOptions.class))).thenReturn(job); }
@Test public void testEnterValidValues() throws Exception { Path testPath = null; try { testPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); } catch (IOException e) { e.printStackTrace(); } new File(testPath.toUri().getPath()).delete(); final Path finalTestPath = testPath; CredentialProviderUtility.textDevice = new CredentialProviderUtility.TextDevice() { @Override public void printf(String fmt, Object... params) { System.out.print(String.format(fmt, params)); } public String readLine(String fmt, Object... args) { return JavaKeyStoreProvider.SCHEME_NAME + "://file/" + finalTestPath.toString(); } @Override public char[] readPassword(String fmt, Object... args) { return defaultPass; } }; CredentialProviderUtility.main(new String[]{}); String providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + testPath.toUri(); Configuration conf = new Configuration(false); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); CredentialProvider.CredentialEntry entry = provider.getCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY); assertCredentialEntryCorrect(entry); entry = provider.getCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY); assertCredentialEntryCorrect(entry); entry = provider.getCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY); assertCredentialEntryCorrect(entry); }
@Test public void testEnterEmptyValues() throws Exception { Path testPath = null; try { testPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); } catch (IOException e) { e.printStackTrace(); } new File(testPath.toUri().getPath()).delete(); final Path finalTestPath = testPath; CredentialProviderUtility.textDevice = new CredentialProviderUtility.TextDevice() { private Random random = new Random(); @Override public void printf(String fmt, Object... params) { System.out.print(String.format(fmt, params)); } public String readLine(String fmt, Object... args) { return JavaKeyStoreProvider.SCHEME_NAME + "://file/" + finalTestPath.toString(); } @Override public char[] readPassword(String fmt, Object... args) { List<char[]> responses = new ArrayList<>(); responses.add(new char[0]); responses.add(defaultPass); int size = responses.size(); int item = random.nextInt(size); return responses.get(item); } }; CredentialProviderUtility.main(new String[]{}); String providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + testPath.toUri(); Configuration conf = new Configuration(false); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); CredentialProvider.CredentialEntry entry = provider.getCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY); assertCredentialEntryCorrect(entry); entry = provider.getCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY); assertCredentialEntryCorrect(entry); entry = provider.getCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY); assertCredentialEntryCorrect(entry); }
@Test public void testEnterMismatchedValues() throws Exception { Path testPath = null; try { testPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); } catch (IOException e) { e.printStackTrace(); } new File(testPath.toUri().getPath()).delete(); final Path finalTestPath = testPath; CredentialProviderUtility.textDevice = new CredentialProviderUtility.TextDevice() { int i = 0; @Override public void printf(String fmt, Object... params) { System.out.print(String.format(fmt, params)); } public String readLine(String fmt, Object... args) { return JavaKeyStoreProvider.SCHEME_NAME + "://file/" + finalTestPath.toString(); } @Override public char[] readPassword(String fmt, Object... args) { List<char[]> responses = new ArrayList<>(); responses.add(defaultPass); responses.add(new char[]{'b', 'a', 'd', 'p', 'a', 's', 's'}); responses.add(defaultPass); int item = i % 3; i++; return responses.get(item); } }; CredentialProviderUtility.main(new String[]{}); String providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + testPath.toUri(); Configuration conf = new Configuration(false); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); CredentialProvider.CredentialEntry entry = provider.getCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY); assertCredentialEntryCorrect(entry); entry = provider.getCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY); assertCredentialEntryCorrect(entry); entry = provider.getCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY); assertCredentialEntryCorrect(entry); }
@Test public void testOverwriteValues() throws Exception { Path testPath = null; try { testPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); } catch (IOException e) { e.printStackTrace(); } new File(testPath.toUri().getPath()).delete(); final Path finalTestPath = testPath; CredentialProviderUtility.textDevice = new CredentialProviderUtility.TextDevice() { @Override public void printf(String fmt, Object... params) { System.out.print(String.format(fmt, params)); } public String readLine(String fmt, Object... args) { return JavaKeyStoreProvider.SCHEME_NAME + "://file/" + finalTestPath.toString(); } @Override public char[] readPassword(String fmt, Object... args) { return defaultPass; } }; CredentialProviderUtility.main(new String[]{}); // now attempt to overwrite values CredentialProviderUtility.textDevice = new CredentialProviderUtility.TextDevice() { int i = 0; @Override public void printf(String fmt, Object... params) { System.out.print(String.format(fmt, params)); } public String readLine(String fmt, Object... args) { return i++ == 0 ? JavaKeyStoreProvider.SCHEME_NAME + "://file/" + finalTestPath.toString() : "y"; } @Override public char[] readPassword(String fmt, Object... args) { return new char[]{'n', 'e', 'w', 'p', 'a', 's', 's'}; } }; CredentialProviderUtility.main(new String[]{}); String providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + testPath.toUri(); Configuration conf = new Configuration(false); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); char[] newpass = "newpass".toCharArray(); CredentialProvider.CredentialEntry entry = provider.getCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY); assertCredentialEntryCorrect(entry, newpass); entry = provider.getCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY); assertCredentialEntryCorrect(entry, newpass); entry = provider.getCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY); assertCredentialEntryCorrect(entry, newpass); }
