ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject [1/2] ambari git commit: AMBARI-13292. Kerberos: Retain KDC admin credentials (rlevas)
Date Wed, 07 Oct 2015 16:56:21 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.1 880224fa8 -> e8de8f2a8


http://git-wip-us.apache.org/repos/asf/ambari/blob/e8de8f2a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
index 7144ad0..97e1b7e 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/KerberosHelperTest.java
@@ -33,6 +33,7 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import java.util.concurrent.TimeUnit;
 
 import javax.persistence.EntityManager;
 
@@ -56,9 +57,12 @@ import org.apache.ambari.server.controller.spi.ResourceProvider;
 import org.apache.ambari.server.metadata.RoleCommandOrder;
 import org.apache.ambari.server.orm.DBAccessor;
 import org.apache.ambari.server.security.SecurityHelper;
+import org.apache.ambari.server.security.credential.PrincipalKeyCredential;
+import org.apache.ambari.server.security.encryption.CredentialStoreService;
+import org.apache.ambari.server.security.encryption.CredentialStoreServiceImpl;
+import org.apache.ambari.server.security.encryption.CredentialStoreType;
 import org.apache.ambari.server.serveraction.kerberos.KDCType;
 import org.apache.ambari.server.serveraction.kerberos.KerberosConfigDataFileWriterFactory;
-import org.apache.ambari.server.serveraction.kerberos.KerberosCredential;
 import org.apache.ambari.server.serveraction.kerberos.KerberosInvalidConfigurationException;
 import org.apache.ambari.server.serveraction.kerberos.KerberosMissingAdminCredentialsException;
 import org.apache.ambari.server.serveraction.kerberos.KerberosOperationException;
@@ -129,8 +133,8 @@ public class KerberosHelperTest extends EasyMockSupport {
     expect(kerberosOperationHandlerFactory.getKerberosOperationHandler(KDCType.MIT_KDC))
         .andReturn(new KerberosOperationHandler() {
           @Override
-          public void open(KerberosCredential administratorCredentials, String defaultRealm, Map<String, String> kerberosConfiguration) throws KerberosOperationException {
-            setAdministratorCredentials(administratorCredentials);
+          public void open(PrincipalKeyCredential administratorCredentials, String defaultRealm, Map<String, String> kerberosConfiguration) throws KerberosOperationException {
+            setAdministratorCredential(administratorCredentials);
             setDefaultRealm(defaultRealm);
             setOpen(true);
           }
@@ -187,6 +191,7 @@ public class KerberosHelperTest extends EasyMockSupport {
         bind(KerberosConfigDataFileWriterFactory.class).toInstance(kerberosConfigDataFileWriterFactory);
         bind(StackManagerFactory.class).toInstance(createNiceMock(StackManagerFactory.class));
         bind(KerberosHelper.class).to(KerberosHelperImpl.class);
+        bind(CredentialStoreService.class).to(CredentialStoreServiceImpl.class);
       }
     });
 
@@ -196,6 +201,11 @@ public class KerberosHelperTest extends EasyMockSupport {
     StageUtils.setTopologyManager(topologyManager);
     expect(topologyManager.getProjectedTopology()).andReturn(
         Collections.<String, Collection<String>>emptyMap()).anyTimes();
+
+    CredentialStoreService credentialStoreService = injector.getInstance(CredentialStoreService.class);
+    if (!credentialStoreService.isInitialized(CredentialStoreType.TEMPORARY)) {
+      ((CredentialStoreServiceImpl) credentialStoreService).initializeTemporaryCredentialStore(10, TimeUnit.MINUTES, false);
+    }
   }
 
   @After
@@ -258,22 +268,22 @@ public class KerberosHelperTest extends EasyMockSupport {
 
   @Test
   public void testEnableKerberos() throws Exception {
-    testEnableKerberos(new KerberosCredential("principal", "password".toCharArray(), "keytab"), "mit-kdc", "true", true, false);
+    testEnableKerberos(new PrincipalKeyCredential("principal", "password"), "mit-kdc", "true", true, false);
   }
 
   @Test
   public void testEnableKerberos_ManageIdentitiesFalseKdcNone() throws Exception {
-    testEnableKerberos(new KerberosCredential("principal", "password".toCharArray(), "keytab"), "none", "false", true, false);
+    testEnableKerberos(new PrincipalKeyCredential("principal", "password"), "none", "false", true, false);
   }
 
   @Test(expected = AmbariException.class)
   public void testEnableKerberos_ManageIdentitiesTrueKdcNone() throws Exception {
-    testEnableKerberos(new KerberosCredential("principal", "password".toCharArray(), "keytab"), "none", "true", true, false);
+    testEnableKerberos(new PrincipalKeyCredential("principal", "password"), "none", "true", true, false);
   }
 
   @Test(expected = KerberosInvalidConfigurationException.class)
   public void testEnableKerberos_ManageIdentitiesTrueKdcNull() throws Exception {
-    testEnableKerberos(new KerberosCredential("principal", "password".toCharArray(), "keytab"), null, "true", true, false);
+    testEnableKerberos(new PrincipalKeyCredential("principal", "password"), null, "true", true, false);
   }
 
   @Test(expected = KerberosMissingAdminCredentialsException.class)
@@ -289,7 +299,7 @@ public class KerberosHelperTest extends EasyMockSupport {
   @Test(expected = KerberosMissingAdminCredentialsException.class)
   public void testEnableKerberosInvalidCredentials() throws Exception {
     try {
-      testEnableKerberos(new KerberosCredential("invalid_principal", "password".toCharArray(), "keytab"), "mit-kdc", "true", true, false);
+      testEnableKerberos(new PrincipalKeyCredential("invalid_principal", "password"), "mit-kdc", "true", true, false);
     } catch (IllegalArgumentException e) {
       Assert.assertTrue(e.getMessage().startsWith("Invalid KDC administrator credentials"));
       throw e;
@@ -298,17 +308,17 @@ public class KerberosHelperTest extends EasyMockSupport {
 
   @Test
   public void testEnableKerberos_GetKerberosDescriptorFromCluster() throws Exception {
-    testEnableKerberos(new KerberosCredential("principal", "password".toCharArray(), "keytab"), "mit-kdc", "true", true, false);
+    testEnableKerberos(new PrincipalKeyCredential("principal", "password"), "mit-kdc", "true", true, false);
   }
 
   @Test
   public void testEnableKerberos_GetKerberosDescriptorFromStack() throws Exception {
-    testEnableKerberos(new KerberosCredential("principal", "password".toCharArray(), "keytab"), "mit-kdc", "true", false, true);
+    testEnableKerberos(new PrincipalKeyCredential("principal", "password"), "mit-kdc", "true", false, true);
   }
 
   @Test
   public void testEnsureIdentities() throws Exception {
-    testEnsureIdentities(new KerberosCredential("principal", "password".toCharArray(), "keytab"));
+    testEnsureIdentities(new PrincipalKeyCredential("principal", "password"));
   }
 
   @Test(expected = KerberosMissingAdminCredentialsException.class)
@@ -324,15 +334,16 @@ public class KerberosHelperTest extends EasyMockSupport {
   @Test(expected = KerberosMissingAdminCredentialsException.class)
   public void testEnsureIdentitiesInvalidCredentials() throws Exception {
     try {
-      testEnsureIdentities(new KerberosCredential("invalid_principal", "password".toCharArray(), "keytab"));
+      testEnsureIdentities(new PrincipalKeyCredential("invalid_principal", "password"));
     } catch (IllegalArgumentException e) {
       Assert.assertTrue(e.getMessage().startsWith("Invalid KDC administrator credentials"));
       throw e;
     }
   }
+
   @Test
   public void testDeleteIdentities() throws Exception {
-    testDeleteIdentities(new KerberosCredential("principal", "password".toCharArray(), "keytab"));
+    testDeleteIdentities(new PrincipalKeyCredential("principal", "password"));
   }
 
   @Test(expected = KerberosMissingAdminCredentialsException.class)
@@ -348,7 +359,7 @@ public class KerberosHelperTest extends EasyMockSupport {
   @Test(expected = KerberosMissingAdminCredentialsException.class)
   public void testDeleteIdentitiesInvalidCredentials() throws Exception {
     try {
-      testDeleteIdentities(new KerberosCredential("invalid_principal", "password".toCharArray(), "keytab"));
+      testDeleteIdentities(new PrincipalKeyCredential("invalid_principal", "password"));
     } catch (IllegalArgumentException e) {
       Assert.assertTrue(e.getMessage().startsWith("Invalid KDC administrator credentials"));
       throw e;
@@ -382,37 +393,37 @@ public class KerberosHelperTest extends EasyMockSupport {
 
   @Test
   public void testRegenerateKeytabsValidateRequestStageContainer() throws Exception {
-    testRegenerateKeytabs(new KerberosCredential("principal", "password".toCharArray(), "keytab"), true, false);
+    testRegenerateKeytabs(new PrincipalKeyCredential("principal", "password"), true, false);
   }
 
   @Test
   public void testRegenerateKeytabsValidateSkipInvalidHost() throws Exception {
-    testRegenerateKeytabs(new KerberosCredential("principal", "password".toCharArray(), "keytab"), true, true);
+    testRegenerateKeytabs(new PrincipalKeyCredential("principal", "password"), true, true);
   }
 
   @Test
   public void testRegenerateKeytabs() throws Exception {
-    testRegenerateKeytabs(new KerberosCredential("principal", "password".toCharArray(), "keytab"), false, false);
+    testRegenerateKeytabs(new PrincipalKeyCredential("principal", "password"), false, false);
   }
 
   @Test
   public void testDisableKerberos() throws Exception {
-    testDisableKerberos(new KerberosCredential("principal", "password".toCharArray(), "keytab"), false, true);
+    testDisableKerberos(new PrincipalKeyCredential("principal", "password"), false, true);
   }
 
   @Test
   public void testCreateTestIdentity_ManageIdentitiesDefault() throws Exception {
-    testCreateTestIdentity(new KerberosCredential("principal", "password".toCharArray(), "keytab"), null);
+    testCreateTestIdentity(new PrincipalKeyCredential("principal", "password"), null);
   }
 
   @Test
   public void testCreateTestIdentity_ManageIdentitiesTrue() throws Exception {
-    testCreateTestIdentity(new KerberosCredential("principal", "password".toCharArray(), "keytab"), Boolean.TRUE);
+    testCreateTestIdentity(new PrincipalKeyCredential("principal", "password"), Boolean.TRUE);
   }
 
   @Test
   public void testCreateTestIdentity_ManageIdentitiesFalse() throws Exception {
-    testCreateTestIdentity(new KerberosCredential("principal", "password".toCharArray(), "keytab"), Boolean.FALSE);
+    testCreateTestIdentity(new PrincipalKeyCredential("principal", "password"), Boolean.FALSE);
   }
 
   @Test(expected = KerberosMissingAdminCredentialsException.class)
@@ -432,7 +443,7 @@ public class KerberosHelperTest extends EasyMockSupport {
 
   @Test
   public void testDeleteTestIdentity() throws Exception {
-    testDeleteTestIdentity(new KerberosCredential("principal", "password".toCharArray(), "keytab"));
+    testDeleteTestIdentity(new PrincipalKeyCredential("principal", "password"));
   }
 
   @Test(expected = IllegalArgumentException.class)
@@ -560,7 +571,7 @@ public class KerberosHelperTest extends EasyMockSupport {
         }
       });
     }});
-    
+
     hostIdentities = identities.get("host2");
     Assert.assertNotNull(hostIdentities);
     Assert.assertEquals(2, hostIdentities.size());
@@ -597,7 +608,8 @@ public class KerberosHelperTest extends EasyMockSupport {
           put("keytab_cachable", false);
         }
       });
-    }});  }
+    }});
+  }
 
   @Test
   public void testGetActiveIdentities_SingleServiceSingleHost() throws Exception {
@@ -822,7 +834,7 @@ public class KerberosHelperTest extends EasyMockSupport {
 
     Assert.assertEquals(expectedDataMap.size(), identities.size());
 
-    for(KerberosIdentityDescriptor identity: identities) {
+    for (KerberosIdentityDescriptor identity : identities) {
       Map<String, Object> expectedData = expectedDataMap.get(identity.getName());
 
       Assert.assertNotNull(expectedData);
@@ -847,7 +859,7 @@ public class KerberosHelperTest extends EasyMockSupport {
   }
 
 
-  private void testEnableKerberos(final KerberosCredential kerberosCredential,
+  private void testEnableKerberos(final PrincipalKeyCredential PrincipalKeyCredential,
                                   String kdcType,
                                   String manageIdentities, boolean getClusterDescriptor,
                                   boolean getStackDescriptor) throws Exception {
@@ -906,7 +918,7 @@ public class KerberosHelperTest extends EasyMockSupport {
     expect(serviceKerberos.getName()).andReturn(Service.Type.KERBEROS.name()).anyTimes();
     expect(serviceKerberos.getServiceComponents())
         .andReturn(Collections.singletonMap(Role.KERBEROS_CLIENT.name(), serviceComponentKerberosClient))
-            .times(1);
+        .times(1);
     serviceKerberos.setSecurityState(SecurityState.SECURED_KERBEROS);
     expectLastCall().once();
 
@@ -971,7 +983,7 @@ public class KerberosHelperTest extends EasyMockSupport {
         Arrays.asList(schKerberosClient)
     ).once();
 
-    if(identitiesManaged) {
+    if (identitiesManaged) {
       final Clusters clusters = injector.getInstance(Clusters.class);
       expect(clusters.getHost("host1"))
           .andReturn(host)
@@ -1027,7 +1039,7 @@ public class KerberosHelperTest extends EasyMockSupport {
     requestStageContainer.addStages(anyObject(List.class));
     expectLastCall().once();
 
-    if(identitiesManaged) {
+    if (identitiesManaged) {
       // Create Principals Stage
       expect(requestStageContainer.getLastStageId()).andReturn(-1L).anyTimes();
       expect(requestStageContainer.getId()).andReturn(1L).once();
@@ -1061,13 +1073,16 @@ public class KerberosHelperTest extends EasyMockSupport {
     // Needed by infrastructure
     metaInfo.init();
 
-    kerberosHelper.setKDCCredentials(kerberosCredential);
+    CredentialStoreService credentialStoreService = injector.getInstance(CredentialStoreService.class);
+    credentialStoreService.setCredential(cluster.getClusterName(), KerberosHelper.KDC_ADMINISTRATOR_CREDENTIAL_ALIAS,
+        PrincipalKeyCredential, CredentialStoreType.TEMPORARY);
+
     kerberosHelper.toggleKerberos(cluster, SecurityType.KERBEROS, requestStageContainer, null);
 
     verifyAll();
   }
 
-  private void testDisableKerberos(final KerberosCredential kerberosCredential,
+  private void testDisableKerberos(final PrincipalKeyCredential PrincipalKeyCredential,
                                    boolean getClusterDescriptor,
                                    boolean getStackDescriptor) throws Exception {
 
@@ -1264,13 +1279,16 @@ public class KerberosHelperTest extends EasyMockSupport {
     // Needed by infrastructure
     metaInfo.init();
 
-    kerberosHelper.setKDCCredentials(kerberosCredential);
+    CredentialStoreService credentialStoreService = injector.getInstance(CredentialStoreService.class);
+    credentialStoreService.setCredential(cluster.getClusterName(), KerberosHelper.KDC_ADMINISTRATOR_CREDENTIAL_ALIAS,
+        PrincipalKeyCredential, CredentialStoreType.TEMPORARY);
+
     kerberosHelper.toggleKerberos(cluster, SecurityType.NONE, requestStageContainer, true);
 
     verifyAll();
   }
 
-  private void testRegenerateKeytabs(final KerberosCredential kerberosCredential, boolean mockRequestStageContainer, final boolean testInvalidHost) throws Exception {
+  private void testRegenerateKeytabs(final PrincipalKeyCredential PrincipalKeyCredential, boolean mockRequestStageContainer, final boolean testInvalidHost) throws Exception {
 
     KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class);
 
@@ -1305,7 +1323,7 @@ public class KerberosHelperTest extends EasyMockSupport {
     final ServiceComponentHost schKerberosClientInvalid;
     final ServiceComponentHost sch1a;
     final Host hostInvalid;
-    if(testInvalidHost) {
+    if (testInvalidHost) {
       schKerberosClientInvalid = createMock(ServiceComponentHost.class);
       expect(schKerberosClientInvalid.getServiceName()).andReturn(Service.Type.KERBEROS.name()).anyTimes();
       expect(schKerberosClientInvalid.getServiceComponentName()).andReturn(Role.KERBEROS_CLIENT.name()).anyTimes();
@@ -1323,8 +1341,7 @@ public class KerberosHelperTest extends EasyMockSupport {
       hostInvalid = createNiceMock(Host.class);
       expect(hostInvalid.getHostName()).andReturn("host1").anyTimes();
       expect(hostInvalid.getState()).andReturn(HostState.HEALTHY).anyTimes();
-    }
-    else {
+    } else {
       schKerberosClientInvalid = null;
       hostInvalid = null;
     }
@@ -1334,7 +1351,7 @@ public class KerberosHelperTest extends EasyMockSupport {
     map.put("host1", schKerberosClient);
     expect(serviceComponentKerberosClient.getName()).andReturn(Role.KERBEROS_CLIENT.name()).anyTimes();
 
-    if(testInvalidHost) {
+    if (testInvalidHost) {
       map.put("host2", schKerberosClientInvalid);
     }
 
@@ -1483,7 +1500,10 @@ public class KerberosHelperTest extends EasyMockSupport {
     // Needed by infrastructure
     metaInfo.init();
 
-    kerberosHelper.setKDCCredentials(kerberosCredential);
+    CredentialStoreService credentialStoreService = injector.getInstance(CredentialStoreService.class);
+    credentialStoreService.setCredential(cluster.getClusterName(), KerberosHelper.KDC_ADMINISTRATOR_CREDENTIAL_ALIAS,
+        PrincipalKeyCredential, CredentialStoreType.TEMPORARY);
+
     Assert.assertNotNull(kerberosHelper.executeCustomOperations(cluster, Collections.singletonMap("regenerate_keytabs", "true"), requestStageContainer, true));
 
     verifyAll();
@@ -1642,7 +1662,7 @@ public class KerberosHelperTest extends EasyMockSupport {
     // Needed by infrastructure
     injector.getInstance(AmbariMetaInfo.class).init();
     Map existingConfigs = new HashMap<String, Map<String, String>>();
-    existingConfigs.put("kerberos-env", new HashMap<String,String>());
+    existingConfigs.put("kerberos-env", new HashMap<String, String>());
 
     kerberosHelper.setAuthToLocalRules(kerberosDescriptor, cluster, "EXAMPLE.COM", existingConfigs, kerberosConfigurations);
 
@@ -1653,55 +1673,55 @@ public class KerberosHelperTest extends EasyMockSupport {
     configs = kerberosConfigurations.get("");
     assertNotNull(configs);
     assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" +
-        "RULE:[2:$1@$0](principal1@EXAMPLE.COM)s/.*/principal1_user/\n" +
-        "RULE:[2:$1@$0](principal2@EXAMPLE.COM)s/.*/principal2_user/\n" +
-        "RULE:[2:$1@$0](principal3@EXAMPLE.COM)s/.*/principal3_user/\n" +
-        "DEFAULT",
+            "RULE:[2:$1@$0](principal1@EXAMPLE.COM)s/.*/principal1_user/\n" +
+            "RULE:[2:$1@$0](principal2@EXAMPLE.COM)s/.*/principal2_user/\n" +
+            "RULE:[2:$1@$0](principal3@EXAMPLE.COM)s/.*/principal3_user/\n" +
+            "DEFAULT",
         configs.get("default"));
     assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" +
-        "RULE:[2:$1@$0](principal1@EXAMPLE.COM)s/.*/principal1_user/\n" +
-        "RULE:[2:$1@$0](principal2@EXAMPLE.COM)s/.*/principal2_user/\n" +
-        "RULE:[2:$1@$0](principal3@EXAMPLE.COM)s/.*/principal3_user/\n" +
-        "DEFAULT",
+            "RULE:[2:$1@$0](principal1@EXAMPLE.COM)s/.*/principal1_user/\n" +
+            "RULE:[2:$1@$0](principal2@EXAMPLE.COM)s/.*/principal2_user/\n" +
+            "RULE:[2:$1@$0](principal3@EXAMPLE.COM)s/.*/principal3_user/\n" +
+            "DEFAULT",
         configs.get("explicit_multiple_lines"));
     assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\\\n" +
-        "RULE:[2:$1@$0](principal1@EXAMPLE.COM)s/.*/principal1_user/\\\n" +
-        "RULE:[2:$1@$0](principal2@EXAMPLE.COM)s/.*/principal2_user/\\\n" +
-        "RULE:[2:$1@$0](principal3@EXAMPLE.COM)s/.*/principal3_user/\\\n" +
-        "DEFAULT",
+            "RULE:[2:$1@$0](principal1@EXAMPLE.COM)s/.*/principal1_user/\\\n" +
+            "RULE:[2:$1@$0](principal2@EXAMPLE.COM)s/.*/principal2_user/\\\n" +
+            "RULE:[2:$1@$0](principal3@EXAMPLE.COM)s/.*/principal3_user/\\\n" +
+            "DEFAULT",
         configs.get("explicit_multiple_lines_escaped"));
     assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// " +
-        "RULE:[2:$1@$0](principal1@EXAMPLE.COM)s/.*/principal1_user/ " +
-        "RULE:[2:$1@$0](principal2@EXAMPLE.COM)s/.*/principal2_user/ " +
-        "RULE:[2:$1@$0](principal3@EXAMPLE.COM)s/.*/principal3_user/ " +
-        "DEFAULT",
+            "RULE:[2:$1@$0](principal1@EXAMPLE.COM)s/.*/principal1_user/ " +
+            "RULE:[2:$1@$0](principal2@EXAMPLE.COM)s/.*/principal2_user/ " +
+            "RULE:[2:$1@$0](principal3@EXAMPLE.COM)s/.*/principal3_user/ " +
+            "DEFAULT",
         configs.get("explicit_single_line"));
 
     configs = kerberosConfigurations.get("service-site");
     assertNotNull(configs);
     assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" +
-        "RULE:[2:$1@$0](principal1@EXAMPLE.COM)s/.*/principal1_user/\n" +
-        "RULE:[2:$1@$0](principal2@EXAMPLE.COM)s/.*/principal2_user/\n" +
-        "RULE:[2:$1@$0](principal3@EXAMPLE.COM)s/.*/principal3_user/\n" +
-        "DEFAULT",
+            "RULE:[2:$1@$0](principal1@EXAMPLE.COM)s/.*/principal1_user/\n" +
+            "RULE:[2:$1@$0](principal2@EXAMPLE.COM)s/.*/principal2_user/\n" +
+            "RULE:[2:$1@$0](principal3@EXAMPLE.COM)s/.*/principal3_user/\n" +
+            "DEFAULT",
         configs.get("default"));
     assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\n" +
-        "RULE:[2:$1@$0](principal1@EXAMPLE.COM)s/.*/principal1_user/\n" +
-        "RULE:[2:$1@$0](principal2@EXAMPLE.COM)s/.*/principal2_user/\n" +
-        "RULE:[2:$1@$0](principal3@EXAMPLE.COM)s/.*/principal3_user/\n" +
-        "DEFAULT",
+            "RULE:[2:$1@$0](principal1@EXAMPLE.COM)s/.*/principal1_user/\n" +
+            "RULE:[2:$1@$0](principal2@EXAMPLE.COM)s/.*/principal2_user/\n" +
+            "RULE:[2:$1@$0](principal3@EXAMPLE.COM)s/.*/principal3_user/\n" +
+            "DEFAULT",
         configs.get("explicit_multiple_lines"));
     assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\\\n" +
-        "RULE:[2:$1@$0](principal1@EXAMPLE.COM)s/.*/principal1_user/\\\n" +
-        "RULE:[2:$1@$0](principal2@EXAMPLE.COM)s/.*/principal2_user/\\\n" +
-        "RULE:[2:$1@$0](principal3@EXAMPLE.COM)s/.*/principal3_user/\\\n" +
-        "DEFAULT",
+            "RULE:[2:$1@$0](principal1@EXAMPLE.COM)s/.*/principal1_user/\\\n" +
+            "RULE:[2:$1@$0](principal2@EXAMPLE.COM)s/.*/principal2_user/\\\n" +
+            "RULE:[2:$1@$0](principal3@EXAMPLE.COM)s/.*/principal3_user/\\\n" +
+            "DEFAULT",
         configs.get("explicit_multiple_lines_escaped"));
     assertEquals("RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// " +
-        "RULE:[2:$1@$0](principal1@EXAMPLE.COM)s/.*/principal1_user/ " +
-        "RULE:[2:$1@$0](principal2@EXAMPLE.COM)s/.*/principal2_user/ " +
-        "RULE:[2:$1@$0](principal3@EXAMPLE.COM)s/.*/principal3_user/ " +
-        "DEFAULT",
+            "RULE:[2:$1@$0](principal1@EXAMPLE.COM)s/.*/principal1_user/ " +
+            "RULE:[2:$1@$0](principal2@EXAMPLE.COM)s/.*/principal2_user/ " +
+            "RULE:[2:$1@$0](principal3@EXAMPLE.COM)s/.*/principal3_user/ " +
+            "DEFAULT",
         configs.get("explicit_single_line"));
   }
 
@@ -1771,7 +1791,7 @@ public class KerberosHelperTest extends EasyMockSupport {
     expect(metaInfo.getKerberosDescriptor("HDP", "2.2")).andReturn(kerberosDescriptor).once();
   }
 
-  private void testEnsureIdentities(final KerberosCredential kerberosCredential) throws Exception {
+  private void testEnsureIdentities(final PrincipalKeyCredential PrincipalKeyCredential) throws Exception {
     KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class);
 
     final ServiceComponentHost schKerberosClient = createMock(ServiceComponentHost.class);
@@ -2007,13 +2027,16 @@ public class KerberosHelperTest extends EasyMockSupport {
     serviceComponentFilter.put("SERVICE3", Collections.singleton("COMPONENT3"));
     serviceComponentFilter.put("SERVICE1", null);
 
-    kerberosHelper.setKDCCredentials(kerberosCredential);
+    CredentialStoreService credentialStoreService = injector.getInstance(CredentialStoreService.class);
+    credentialStoreService.setCredential(cluster.getClusterName(), KerberosHelper.KDC_ADMINISTRATOR_CREDENTIAL_ALIAS,
+        PrincipalKeyCredential, CredentialStoreType.TEMPORARY);
+
     kerberosHelper.ensureIdentities(cluster, serviceComponentFilter, identityFilter, null, requestStageContainer, true);
 
     verifyAll();
   }
 
-  private void testDeleteIdentities(final KerberosCredential kerberosCredential) throws Exception {
+  private void testDeleteIdentities(final PrincipalKeyCredential PrincipalKeyCredential) throws Exception {
     KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class);
 
     final ServiceComponentHost schKerberosClient = createMock(ServiceComponentHost.class);
@@ -2208,13 +2231,16 @@ public class KerberosHelperTest extends EasyMockSupport {
     serviceComponentFilter.put("SERVICE3", Collections.singleton("COMPONENT3"));
     serviceComponentFilter.put("SERVICE1", null);
 
-    kerberosHelper.setKDCCredentials(kerberosCredential);
+    CredentialStoreService credentialStoreService = injector.getInstance(CredentialStoreService.class);
+    credentialStoreService.setCredential(cluster.getClusterName(), KerberosHelper.KDC_ADMINISTRATOR_CREDENTIAL_ALIAS,
+        PrincipalKeyCredential, CredentialStoreType.TEMPORARY);
+
     kerberosHelper.deleteIdentities(cluster, serviceComponentFilter, identityFilter, requestStageContainer, true);
 
     verifyAll();
   }
 
-  private void testCreateTestIdentity(final KerberosCredential kerberosCredential, Boolean manageIdentities) throws Exception {
+  private void testCreateTestIdentity(final PrincipalKeyCredential PrincipalKeyCredential, Boolean manageIdentities) throws Exception {
     KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class);
     boolean managingIdentities = !Boolean.FALSE.equals(manageIdentities);
 
@@ -2236,7 +2262,7 @@ public class KerberosHelperTest extends EasyMockSupport {
     final Config krb5ConfConfig = createMock(Config.class);
     expect(krb5ConfConfig.getProperties()).andReturn(krb5ConfProperties).anyTimes();
 
-    final Map<String,Object> attributeMap = new HashMap<String, Object>();
+    final Map<String, Object> attributeMap = new HashMap<String, Object>();
 
     final Cluster cluster = createNiceMock(Cluster.class);
     expect(cluster.getDesiredConfigByType("krb5-conf")).andReturn(krb5ConfConfig).anyTimes();
@@ -2245,7 +2271,7 @@ public class KerberosHelperTest extends EasyMockSupport {
     // This is a STRICT mock to help ensure that the end result is what we want.
     final RequestStageContainer requestStageContainer = createStrictMock(RequestStageContainer.class);
 
-    if(managingIdentities) {
+    if (managingIdentities) {
       final Host host = createNiceMock(Host.class);
       expect(host.getHostName()).andReturn("host1").anyTimes();
       expect(host.getState()).andReturn(HostState.HEALTHY).anyTimes();
@@ -2420,7 +2446,9 @@ public class KerberosHelperTest extends EasyMockSupport {
     injector.getInstance(AmbariMetaInfo.class).init();
 
     Map<String, String> commandParamsStage = new HashMap<String, String>();
-    kerberosHelper.setKDCCredentials(kerberosCredential);
+    CredentialStoreService credentialStoreService = injector.getInstance(CredentialStoreService.class);
+    credentialStoreService.setCredential(cluster.getClusterName(), KerberosHelper.KDC_ADMINISTRATOR_CREDENTIAL_ALIAS,
+        PrincipalKeyCredential, CredentialStoreType.TEMPORARY);
     kerberosHelper.createTestIdentity(cluster, commandParamsStage, requestStageContainer);
 
     verifyAll();
@@ -2435,7 +2463,7 @@ public class KerberosHelperTest extends EasyMockSupport {
     }
   }
 
-  private void testDeleteTestIdentity(final KerberosCredential kerberosCredential) throws Exception {
+  private void testDeleteTestIdentity(final PrincipalKeyCredential PrincipalKeyCredential) throws Exception {
     KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class);
 
     final ServiceComponentHost schKerberosClient = createMock(ServiceComponentHost.class);
@@ -2615,7 +2643,9 @@ public class KerberosHelperTest extends EasyMockSupport {
     commandParamsStage.put("principal_name", "${cluster-env/smokeuser}@${realm}");
     commandParamsStage.put("keytab_file", "${keytab_dir}/kerberos.service_check.keytab");
 
-    kerberosHelper.setKDCCredentials(kerberosCredential);
+    CredentialStoreService credentialStoreService = injector.getInstance(CredentialStoreService.class);
+    credentialStoreService.setCredential(cluster.getClusterName(), KerberosHelper.KDC_ADMINISTRATOR_CREDENTIAL_ALIAS,
+        PrincipalKeyCredential, CredentialStoreType.TEMPORARY);
     kerberosHelper.deleteTestIdentity(cluster, commandParamsStage, requestStageContainer);
 
     verifyAll();
@@ -2734,7 +2764,7 @@ public class KerberosHelperTest extends EasyMockSupport {
     final Clusters clusters = injector.getInstance(Clusters.class);
     expect(clusters.getCluster(clusterName)).andReturn(cluster).times(1);
 
-    if(hostName == null) {
+    if (hostName == null) {
       expect(clusters.getHostsForCluster(clusterName))
           .andReturn(hostMap)
           .once();
@@ -2837,7 +2867,7 @@ public class KerberosHelperTest extends EasyMockSupport {
     expect(serviceDescriptor2.getIdentities(true)).andReturn(null).anyTimes();
 
     final KerberosDescriptor kerberosDescriptor = createMock(KerberosDescriptor.class);
-    expect(kerberosDescriptor.getProperties()).andReturn(new HashMap<String, String>(){
+    expect(kerberosDescriptor.getProperties()).andReturn(new HashMap<String, String>() {
       {
         put("realm", "EXAMPLE.COM");
       }

http://git-wip-us.apache.org/repos/asf/ambari/blob/e8de8f2a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
index 815209d..0622807 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
@@ -19,6 +19,7 @@
 package org.apache.ambari.server.serveraction.kerberos;
 
 import junit.framework.Assert;
+import org.apache.ambari.server.security.credential.PrincipalKeyCredential;
 import org.easymock.Capture;
 import org.easymock.CaptureType;
 import org.easymock.IAnswer;
@@ -54,7 +55,7 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
   @Test(expected = KerberosKDCConnectionException.class)
   public void testOpenExceptionLdapUrlNotProvided() throws Exception {
     KerberosOperationHandler handler = new ADKerberosOperationHandler();
-    KerberosCredential kc = new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD.toCharArray(), null);
+    PrincipalKeyCredential kc = new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD);
     Map<String, String> kerberosEnvMap = new HashMap<String, String>() {
       {
         put(ADKerberosOperationHandler.KERBEROS_ENV_PRINCIPAL_CONTAINER_DN, DEFAULT_PRINCIPAL_CONTAINER_DN);
@@ -67,7 +68,7 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
   @Test(expected = KerberosLDAPContainerException.class)
   public void testOpenExceptionPrincipalContainerDnNotProvided() throws Exception {
     KerberosOperationHandler handler = new ADKerberosOperationHandler();
-    KerberosCredential kc = new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD.toCharArray(), null);
+    PrincipalKeyCredential kc = new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD);
     Map<String, String> kerberosEnvMap = new HashMap<String, String>() {
       {
         put(ADKerberosOperationHandler.KERBEROS_ENV_LDAP_URL, DEFAULT_LDAP_URL);
@@ -92,7 +93,7 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
 
   @Test(expected = KerberosAdminAuthenticationException.class)
   public void testTestAdministratorCredentialsIncorrectAdminPassword() throws Exception {
-    KerberosCredential kc = new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, "wrong".toCharArray(), null);
+    PrincipalKeyCredential kc = new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, "wrong");
     Map<String, String> kerberosEnvMap = new HashMap<String, String>() {
       {
         put(ADKerberosOperationHandler.KERBEROS_ENV_LDAP_URL, DEFAULT_LDAP_URL);
@@ -120,7 +121,7 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
 
   @Test(expected = KerberosAdminAuthenticationException.class)
   public void testTestAdministratorCredentialsIncorrectAdminPrincipal() throws Exception {
-    KerberosCredential kc = new KerberosCredential("wrong", DEFAULT_ADMIN_PASSWORD.toCharArray(), null);
+    PrincipalKeyCredential kc = new PrincipalKeyCredential("wrong", DEFAULT_ADMIN_PASSWORD);
     Map<String, String> kerberosEnvMap = new HashMap<String, String>() {
       {
         put(ADKerberosOperationHandler.KERBEROS_ENV_LDAP_URL, DEFAULT_LDAP_URL);
@@ -148,7 +149,7 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
 
   @Test(expected = KerberosKDCConnectionException.class)
   public void testTestAdministratorCredentialsKDCConnectionException() throws Exception {
-    KerberosCredential kc = new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD.toCharArray(), null);
+    PrincipalKeyCredential kc = new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD);
     Map<String, String> kerberosEnvMap = new HashMap<String, String>() {
       {
         put(ADKerberosOperationHandler.KERBEROS_ENV_LDAP_URL, "invalid");
@@ -177,7 +178,7 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
 
   @Test
   public void testTestAdministratorCredentialsSuccess() throws Exception {
-    KerberosCredential kc = new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD.toCharArray(), null);
+    PrincipalKeyCredential kc = new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD);
     Map<String, String> kerberosEnvMap = new HashMap<String, String>() {
       {
         put(ADKerberosOperationHandler.KERBEROS_ENV_LDAP_URL, DEFAULT_LDAP_URL);
@@ -229,7 +230,7 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
 
   @Test
   public void testProcessCreateTemplateDefault() throws Exception {
-    KerberosCredential kc = new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD.toCharArray(), null);
+    PrincipalKeyCredential kc = new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD);
     Map<String, String> kerberosEnvMap = new HashMap<String, String>() {
       {
         put(ADKerberosOperationHandler.KERBEROS_ENV_LDAP_URL, DEFAULT_LDAP_URL);
@@ -338,7 +339,7 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
 
   @Test
   public void testProcessCreateTemplateCustom() throws Exception {
-    KerberosCredential kc = new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD.toCharArray(), null);
+    PrincipalKeyCredential kc = new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD);
     Map<String, String> kerberosEnvMap = new HashMap<String, String>() {
       {
         put(ADKerberosOperationHandler.KERBEROS_ENV_LDAP_URL, DEFAULT_LDAP_URL);
@@ -475,7 +476,7 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
       containerDN = DEFAULT_PRINCIPAL_CONTAINER_DN;
     }
 
-    KerberosCredential credentials = new KerberosCredential(principal, password.toCharArray(), null);
+    PrincipalKeyCredential credentials = new PrincipalKeyCredential(principal, password);
     Map<String, String> kerberosEnvMap = new HashMap<String, String>();
 
     kerberosEnvMap.put(ADKerberosOperationHandler.KERBEROS_ENV_LDAP_URL, ldapUrl);
@@ -544,4 +545,4 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
 
     handler.close();
   }
-}
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/e8de8f2a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java
deleted file mode 100644
index 99fac6d..0000000
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosCredentialTest.java
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.serveraction.kerberos;
-
-import junit.framework.Assert;
-import org.apache.ambari.server.AmbariException;
-import org.eclipse.persistence.internal.helper.Helper;
-import org.junit.Test;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import static org.junit.Assert.*;
-
-public class KerberosCredentialTest {
-
-  @Test
-  public void testFromMap() throws Exception {
-    KerberosCredential kerberosCredential;
-    Map<String, Object> attributes = new HashMap<String, Object>();
-    attributes.put(KerberosCredential.KEY_NAME_PRINCIPAL, "admin/admin@EXAMPLE.COM");
-    attributes.put(KerberosCredential.KEY_NAME_KEYTAB, "bogus_base64-encoded_data");
-
-    attributes.put("kerberos_admin/" + KerberosCredential.KEY_NAME_PRINCIPAL, "admin/admin@FOOBAR.COM");
-    attributes.put("kerberos_admin/" + KerberosCredential.KEY_NAME_PASSWORD, "t0p_s3cr3t");
-
-    // Test with an empty prefix
-    kerberosCredential = KerberosCredential.fromMap(attributes, "");
-    Assert.assertNotNull(kerberosCredential);
-    Assert.assertEquals("admin/admin@EXAMPLE.COM", kerberosCredential.getPrincipal());
-    Assert.assertNull(kerberosCredential.getPassword());
-    Assert.assertEquals("bogus_base64-encoded_data", kerberosCredential.getKeytab());
-
-    // Test with a NULL prefix
-    kerberosCredential = KerberosCredential.fromMap(attributes, null);
-    Assert.assertNotNull(kerberosCredential);
-    Assert.assertEquals("admin/admin@EXAMPLE.COM", kerberosCredential.getPrincipal());
-    Assert.assertNull(kerberosCredential.getPassword());
-    Assert.assertEquals("bogus_base64-encoded_data", kerberosCredential.getKeytab());
-
-    // Test with a prefix
-    kerberosCredential = KerberosCredential.fromMap(attributes, "kerberos_admin/");
-    Assert.assertNotNull(kerberosCredential);
-    Assert.assertEquals("admin/admin@FOOBAR.COM", kerberosCredential.getPrincipal());
-    Assert.assertEquals("t0p_s3cr3t", String.valueOf(kerberosCredential.getPassword()));
-    Assert.assertNull(kerberosCredential.getKeytab());
-
-    // Test with a prefix that does not resolve to any existing keys
-    kerberosCredential = KerberosCredential.fromMap(attributes, "invalid/");
-    Assert.assertNull(kerberosCredential);
-  }
-
-  @Test
-  public void testEncryptAndDecrypt() throws Exception {
-    byte[] key = "This is my key".getBytes();
-    KerberosCredential credential;
-    String cipherText;
-    KerberosCredential decryptedCredential;
-
-    credential = new KerberosCredential("admin/admin@FOOBAR.COM", "t0p_s3cr3t".toCharArray(), null);
-    cipherText = credential.encrypt(key);
-    Assert.assertNotNull(cipherText);
-
-    // Test a successful case
-    decryptedCredential = KerberosCredential.decrypt(cipherText, key);
-    Assert.assertNotNull(decryptedCredential);
-    Assert.assertEquals(credential.getPrincipal(), decryptedCredential.getPrincipal());
-    Assert.assertEquals(String.valueOf(credential.getPassword()), String.valueOf(decryptedCredential.getPassword()));
-    Assert.assertEquals(credential.getKeytab(), decryptedCredential.getKeytab());
-
-    // Test an invalid key
-    try {
-      decryptedCredential = KerberosCredential.decrypt(cipherText, "not the key".getBytes());
-      Assert.fail("Should have thrown AmbariException");
-    } catch (AmbariException e) {
-      // this is expected
-    }
-
-    // Test an invalid cipher text
-    try {
-      decryptedCredential = KerberosCredential.decrypt("I am not encrypted data", key);
-      Assert.fail("Should have thrown AmbariException");
-    } catch (AmbariException e) {
-      // this is expected
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/ambari/blob/e8de8f2a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java
index b91bbbc..09160d8 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java
@@ -19,6 +19,7 @@
 package org.apache.ambari.server.serveraction.kerberos;
 
 import junit.framework.Assert;
+import org.apache.ambari.server.security.credential.PrincipalKeyCredential;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.directory.server.kerberos.shared.keytab.Keytab;
 import org.apache.directory.server.kerberos.shared.keytab.KeytabEntry;
@@ -267,40 +268,32 @@ public abstract class KerberosOperationHandlerTest extends EasyMockSupport {
   public void testAdminCredentialsNullPrincipal() throws KerberosOperationException {
     KerberosOperationHandler handler = createHandler();
 
-    KerberosCredential credentials = new KerberosCredential(null, "password".toCharArray(), null);
-    handler.setAdministratorCredentials(credentials);
+    PrincipalKeyCredential credentials = new PrincipalKeyCredential(null, "password");
+    handler.setAdministratorCredential(credentials);
   }
 
   @Test(expected = KerberosAdminAuthenticationException.class)
   public void testAdminCredentialsEmptyPrincipal() throws KerberosOperationException {
     KerberosOperationHandler handler = createHandler();
 
-    KerberosCredential credentials = new KerberosCredential("", "password".toCharArray(), null);
-    handler.setAdministratorCredentials(credentials);
+    PrincipalKeyCredential credentials = new PrincipalKeyCredential("", "password");
+    handler.setAdministratorCredential(credentials);
   }
 
   @Test(expected = KerberosAdminAuthenticationException.class)
   public void testAdminCredentialsNullCredential() throws KerberosOperationException {
     KerberosOperationHandler handler = createHandler();
 
-    KerberosCredential credentials = new KerberosCredential("principal", null, null);
-    handler.setAdministratorCredentials(credentials);
+    PrincipalKeyCredential credentials = new PrincipalKeyCredential("principal", (char[])null);
+    handler.setAdministratorCredential(credentials);
   }
 
   @Test(expected = KerberosAdminAuthenticationException.class)
   public void testAdminCredentialsEmptyCredential1() throws KerberosOperationException {
     KerberosOperationHandler handler = createHandler();
 
-    KerberosCredential credentials = new KerberosCredential("principal", "".toCharArray(), null);
-    handler.setAdministratorCredentials(credentials);
-  }
-
-  @Test(expected = KerberosAdminAuthenticationException.class)
-  public void testAdminCredentialsEmptyCredential2() throws KerberosOperationException {
-    KerberosOperationHandler handler = createHandler();
-
-    KerberosCredential credentials = new KerberosCredential("principal", null, "");
-    handler.setAdministratorCredentials(credentials);
+    PrincipalKeyCredential credentials = new PrincipalKeyCredential("principal", "");
+    handler.setAdministratorCredential(credentials);
   }
 
   @Test
@@ -351,8 +344,8 @@ public abstract class KerberosOperationHandlerTest extends EasyMockSupport {
     KerberosOperationHandler handler = new KerberosOperationHandler() {
 
       @Override
-      public void open(KerberosCredential administratorCredentials, String defaultRealm, Map<String, String> kerberosConfiguration) throws KerberosOperationException {
-        setAdministratorCredentials(administratorCredentials);
+      public void open(PrincipalKeyCredential administratorCredentials, String defaultRealm, Map<String, String> kerberosConfiguration) throws KerberosOperationException {
+        setAdministratorCredential(administratorCredentials);
         setDefaultRealm(defaultRealm);
         setExecutableSearchPaths("/usr/bin, /usr/kerberos/bin, /usr/sbin");
       }
@@ -383,7 +376,7 @@ public abstract class KerberosOperationHandlerTest extends EasyMockSupport {
       }
     };
 
-    handler.open(new KerberosCredential("admin/admin", "hadoop".toCharArray(), null), "EXAMPLE.COM", null);
+    handler.open(new PrincipalKeyCredential("admin/admin", "hadoop"), "EXAMPLE.COM", null);
     return handler;
   }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/e8de8f2a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java
index 64a1ebd..ce97f25 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java
@@ -30,9 +30,11 @@ import org.apache.ambari.server.actionmanager.HostRoleStatus;
 import org.apache.ambari.server.agent.CommandReport;
 import org.apache.ambari.server.agent.ExecutionCommand;
 import org.apache.ambari.server.controller.KerberosHelper;
+import org.apache.ambari.server.security.credential.PrincipalKeyCredential;
 import org.apache.ambari.server.state.Cluster;
 import org.apache.ambari.server.state.Clusters;
 import org.apache.ambari.server.state.stack.OsFamily;
+import org.easymock.EasyMock;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -43,10 +45,7 @@ import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 
-import static org.easymock.EasyMock.createNiceMock;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.replay;
-import static org.easymock.EasyMock.verify;
+import static org.easymock.EasyMock.*;
 import static org.mockito.Matchers.anyString;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
@@ -186,8 +185,8 @@ public class KerberosServerActionTest {
   @Test
   public void testProcessIdentitiesSuccess() throws Exception {
     KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class);
-    expect(kerberosHelper.getKDCCredentials())
-        .andReturn(new KerberosCredential("principal", "password".toCharArray(), null))
+    expect(kerberosHelper.getKDCAdministratorCredentials(EasyMock.anyObject(String.class)))
+        .andReturn(new PrincipalKeyCredential("principal", "password"))
         .anyTimes();
 
     replay(kerberosHelper);
@@ -208,8 +207,8 @@ public class KerberosServerActionTest {
   @Test
   public void testProcessIdentitiesFail() throws Exception {
     KerberosHelper kerberosHelper = injector.getInstance(KerberosHelper.class);
-    expect(kerberosHelper.getKDCCredentials())
-        .andReturn(new KerberosCredential("principal", "password".toCharArray(), null))
+    expect(kerberosHelper.getKDCAdministratorCredentials(EasyMock.anyObject(String.class)))
+        .andReturn(new PrincipalKeyCredential("principal", "password"))
         .anyTimes();
 
     replay(kerberosHelper);

http://git-wip-us.apache.org/repos/asf/ambari/blob/e8de8f2a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
index 1c59610..5c882ba 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandlerTest.java
@@ -26,6 +26,7 @@ import junit.framework.Assert;
 
 import org.apache.ambari.server.AmbariException;
 import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.security.credential.PrincipalKeyCredential;
 import org.apache.ambari.server.state.Clusters;
 import org.apache.ambari.server.state.stack.OsFamily;
 import org.apache.ambari.server.utils.ShellCommandUtil;
@@ -83,7 +84,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
   @Test
   public void testSetPrincipalPasswordExceptions() throws Exception {
     MITKerberosOperationHandler handler = injector.getInstance(MITKerberosOperationHandler.class);
-    handler.open(new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD.toCharArray(), null), DEFAULT_REALM, KERBEROS_ENV_MAP);
+    handler.open(new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD), DEFAULT_REALM, KERBEROS_ENV_MAP);
 
     try {
       handler.setPrincipalPassword(DEFAULT_ADMIN_PRINCIPAL, null);
@@ -139,7 +140,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
     replay(handler, result1, result2);
 
-    handler.open(new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD.toCharArray(), null), DEFAULT_REALM, KERBEROS_ENV_MAP);
+    handler.open(new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD), DEFAULT_REALM, KERBEROS_ENV_MAP);
     handler.createPrincipal(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD, false);
 
     verify(handler, result1, result2);
@@ -150,7 +151,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
   @Test
   public void testCreateServicePrincipal_Exceptions() throws Exception {
     MITKerberosOperationHandler handler = new MITKerberosOperationHandler();
-    handler.open(new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD.toCharArray(), null), DEFAULT_REALM, KERBEROS_ENV_MAP);
+    handler.open(new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD), DEFAULT_REALM, KERBEROS_ENV_MAP);
 
     try {
       handler.createPrincipal(DEFAULT_ADMIN_PRINCIPAL, null, false);
@@ -209,7 +210,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
     replayAll();
 
-    handler.open(new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD.toCharArray(), null), DEFAULT_REALM, KERBEROS_ENV_MAP);
+    handler.open(new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD), DEFAULT_REALM, KERBEROS_ENV_MAP);
     handler.testAdministratorCredentials();
     handler.close();
   }
@@ -242,7 +243,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
     replayAll();
 
-    handler.open(new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD.toCharArray(), null), DEFAULT_REALM, KERBEROS_ENV_MAP);
+    handler.open(new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD), DEFAULT_REALM, KERBEROS_ENV_MAP);
     handler.testAdministratorCredentials();
     handler.close();
   }
@@ -275,7 +276,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
     replayAll();
 
-    handler.open(new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD.toCharArray(), null), DEFAULT_REALM, KERBEROS_ENV_MAP);
+    handler.open(new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD), DEFAULT_REALM, KERBEROS_ENV_MAP);
     handler.testAdministratorCredentials();
     handler.close();
   }
@@ -308,7 +309,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
     replayAll();
 
-    handler.open(new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD.toCharArray(), null), DEFAULT_REALM, KERBEROS_ENV_MAP);
+    handler.open(new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD), DEFAULT_REALM, KERBEROS_ENV_MAP);
     handler.testAdministratorCredentials();
     handler.close();
   }
@@ -341,7 +342,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
     replayAll();
 
-    handler.open(new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD.toCharArray(), null), DEFAULT_REALM, KERBEROS_ENV_MAP);
+    handler.open(new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD), DEFAULT_REALM, KERBEROS_ENV_MAP);
     handler.testAdministratorCredentials();
     handler.close();
   }
@@ -374,7 +375,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
     replayAll();
 
-    handler.open(new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD.toCharArray(), null), DEFAULT_REALM, KERBEROS_ENV_MAP);
+    handler.open(new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD), DEFAULT_REALM, KERBEROS_ENV_MAP);
     handler.testAdministratorCredentials();
     handler.close();
   }
@@ -407,7 +408,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
     replayAll();
 
-    handler.open(new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD.toCharArray(), null), DEFAULT_REALM, KERBEROS_ENV_MAP);
+    handler.open(new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD), DEFAULT_REALM, KERBEROS_ENV_MAP);
     Assert.assertFalse(handler.testAdministratorCredentials());
     handler.close();
   }
@@ -460,7 +461,7 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
 
     replayAll();
 
-    handler.open(new KerberosCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD.toCharArray(), null), DEFAULT_REALM, KERBEROS_ENV_MAP);
+    handler.open(new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD), DEFAULT_REALM, KERBEROS_ENV_MAP);
     handler.testAdministratorCredentials();
     handler.close();
   }
@@ -485,10 +486,10 @@ public class MITKerberosOperationHandlerTest extends KerberosOperationHandlerTes
       realm = DEFAULT_REALM;
     }
 
-    KerberosCredential credentials = new KerberosCredential(principal, password.toCharArray(), null);
+    PrincipalKeyCredential credentials = new PrincipalKeyCredential(principal, password);
 
     handler.open(credentials, realm, KERBEROS_ENV_MAP);
     handler.testAdministratorCredentials();
     handler.close();
   }
-}
+}
\ No newline at end of file


Mime
View raw message