Return-Path: X-Original-To: apmail-geode-commits-archive@minotaur.apache.org Delivered-To: apmail-geode-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 825641840C for ; Wed, 30 Dec 2015 00:28:23 +0000 (UTC) Received: (qmail 65043 invoked by uid 500); 30 Dec 2015 00:28:23 -0000 Delivered-To: apmail-geode-commits-archive@geode.apache.org Received: (qmail 65011 invoked by uid 500); 30 Dec 2015 00:28:23 -0000 Mailing-List: contact commits-help@geode.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.incubator.apache.org Delivered-To: mailing list commits@geode.incubator.apache.org Received: (qmail 64999 invoked by uid 99); 30 Dec 2015 00:28:23 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Dec 2015 00:28:23 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id CC12F1A0176 for ; Wed, 30 Dec 2015 00:28:22 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.227 X-Spam-Level: * X-Spam-Status: No, score=1.227 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.554, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id GsLm3D141dd9 for ; Wed, 30 Dec 2015 00:28:10 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with SMTP id 99A9724D8E for ; Wed, 30 Dec 2015 00:28:02 +0000 (UTC) Received: (qmail 63270 invoked by uid 99); 30 Dec 2015 00:28:01 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Dec 2015 00:28:01 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 6A6F1E07E9; Wed, 30 Dec 2015 00:28:01 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: jensdeppe@apache.org To: commits@geode.incubator.apache.org Date: Wed, 30 Dec 2015 00:28:07 -0000 Message-Id: <4145e2d0e6984643913d3d69f629aa76@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [07/33] incubator-geode git commit: GEM-164: move the security tests in gemfire-test module inside the com.gemstone.gemfire.security packages to the open side. http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/java/templates/security/CredentialGenerator.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/templates/security/CredentialGenerator.java b/gemfire-core/src/test/java/templates/security/CredentialGenerator.java new file mode 100644 index 0000000..99d7e18 --- /dev/null +++ b/gemfire-core/src/test/java/templates/security/CredentialGenerator.java @@ -0,0 +1,343 @@ + +package templates.security; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +import java.security.Principal; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import com.gemstone.gemfire.security.AuthInitialize; +import com.gemstone.gemfire.security.Authenticator; + +/** + * Encapsulates obtaining valid and invalid credentials. Implementations will be + * for different kinds of authentication schemes. + * + * @author sumedh + * @since 5.5 + */ +public abstract class CredentialGenerator { + + /** + * Enumeration for various {@link CredentialGenerator} implementations. + * + * The following schemes are supported as of now: + * DummyAuthenticator, LdapUserAuthenticator, + * PKCSAuthenticator. In addition SSL socket mode with mutual + * authentication is also supported. + * + * To add a new authentication scheme the following needs to be done: + *
    + *
  • Add implementations for {@link AuthInitialize} and + * {@link Authenticator} classes for clients/peers.
    • + *
  • Add a new enumeration value for the scheme in this class. Notice the + * size of VALUES array and increase that if it is getting + * overflowed. Note the methods and fields for existing schemes and add for + * the new one in a similar manner.
    • + *
  • Add an implementation for {@link CredentialGenerator}.
    • + *
  • Modify the {@link CredentialGenerator.Factory#create} method to add + * creation of an instance of the new implementation for the + * ClassCode enumeration value.
    • + *
+ * All security dunit tests will automagically start testing the new + * implementation after this. + * + * @author sumedh + * @since 5.5 + */ + public static final class ClassCode { + + private static final byte ID_DUMMY = 1; + + private static final byte ID_LDAP = 2; + + private static final byte ID_PKCS = 3; + + private static final byte ID_SSL = 4; + + private static byte nextOrdinal = 0; + + private static final ClassCode[] VALUES = new ClassCode[10]; + + private static final Map CodeNameMap = new HashMap(); + + public static final ClassCode DUMMY = new ClassCode( + "templates.security.DummyAuthenticator.create", ID_DUMMY); + + public static final ClassCode LDAP = new ClassCode( + "templates.security.LdapUserAuthenticator.create", ID_LDAP); + + public static final ClassCode PKCS = new ClassCode( + "templates.security.PKCSAuthenticator.create", ID_PKCS); + + public static final ClassCode SSL = new ClassCode("SSL", ID_SSL); + + /** The name of this class. */ + private final String name; + + /** byte used as ordinal to represent this class */ + private final byte ordinal; + + /** + * One of the following: ID_DUMMY, ID_LDAP, ID_PKCS + */ + private final byte classType; + + /** Creates a new instance of class code. */ + private ClassCode(String name, byte classType) { + this.name = name; + this.classType = classType; + this.ordinal = nextOrdinal++; + VALUES[this.ordinal] = this; + CodeNameMap.put(name, this); + } + + public boolean isDummy() { + return (this.classType == ID_DUMMY); + } + + public boolean isLDAP() { + return (this.classType == ID_LDAP); + } + + public boolean isPKCS() { + return (this.classType == ID_PKCS); + } + + public boolean isSSL() { + return (this.classType == ID_SSL); + } + + /** + * Returns the ClassCode represented by specified ordinal. + */ + public static ClassCode fromOrdinal(byte ordinal) { + return VALUES[ordinal]; + } + + /** + * Returns the ClassCode represented by specified string. + */ + public static ClassCode parse(String operationName) { + return (ClassCode)CodeNameMap.get(operationName); + } + + /** + * Returns all the possible values. + */ + public static List getAll() { + List codes = new ArrayList(); + Iterator iter = CodeNameMap.values().iterator(); + while (iter.hasNext()) { + codes.add(iter.next()); + } + return codes; + } + + /** + * Returns the ordinal for this operation code. + * + * @return the ordinal of this operation. + */ + public byte toOrdinal() { + return this.ordinal; + } + + /** + * Returns a string representation for this operation. + * + * @return the name of this operation. + */ + final public String toString() { + return this.name; + } + + /** + * Indicates whether other object is same as this one. + * + * @return true if other object is same as this one. + */ + @Override + final public boolean equals(final Object obj) { + if (obj == this) { + return true; + } + if (!(obj instanceof ClassCode)) { + return false; + } + final ClassCode other = (ClassCode)obj; + return (other.ordinal == this.ordinal); + } + + /** + * Indicates whether other ClassCode is same as this one. + * + * @return true if other ClassCode is same as this one. + */ + final public boolean equals(final ClassCode opCode) { + return (opCode != null && opCode.ordinal == this.ordinal); + } + + /** + * Returns a hash code value for this ClassCode which is the + * same as its ordinal. + * + * @return the ordinal of this operation. + */ + @Override + final public int hashCode() { + return this.ordinal; + } + + } + + /** + * A set of properties that should be added to the Gemfire system properties + * before using the authentication module. + */ + private Properties sysProps = null; + + /** + * A set of properties that should be added to the java system properties + * before using the authentication module. + */ + protected Properties javaProps = null; + + /** + * A factory method to create a new instance of an {@link CredentialGenerator} + * for the given {@link ClassCode}. Caller is supposed to invoke + * {@link CredentialGenerator#init} immediately after obtaining the instance. + * + * @param classCode + * the ClassCode of the + * CredentialGenerator implementation + * + * @return an instance of CredentialGenerator for the given + * class code + */ + public static CredentialGenerator create(ClassCode classCode) { + switch (classCode.classType) { + // Removing dummy one to reduce test run times + // case ClassCode.ID_DUMMY: + // return new DummyCredentialGenerator(); + case ClassCode.ID_LDAP: + return new LdapUserCredentialGenerator(); + // case ClassCode.ID_SSL:ΓΈ + // return new SSLCredentialGenerator(); + case ClassCode.ID_PKCS: + return new PKCSCredentialGenerator(); + default: + return null; + } + } + + /** + * Initialize the credential generator. + * + * @throws IllegalArgumentException + * when there is a problem during initialization + */ + public void init() throws IllegalArgumentException { + this.sysProps = initialize(); + } + + /** + * Initialize the credential generator. This is provided separately from the + * {@link #init} method for convenience of implementations so that they do not + * need to store in {@link #sysProps}. The latter is convenient for the users + * who do not need to store these properties rather can obtain it later by + * invoking {@link #getSystemProperties} + * + * Required to be implemented by concrete classes that implement this abstract + * class. + * + * @return A set of extra properties that should be added to Gemfire system + * properties when not null. + * + * @throws IllegalArgumentException + * when there is a problem during initialization + */ + protected abstract Properties initialize() throws IllegalArgumentException; + + /** + * + * @return A set of extra properties that should be added to Gemfire system + * properties when not null. + */ + public Properties getSystemProperties() { + return this.sysProps; + } + + /** + * + * @return A set of extra properties that should be added to Gemfire system + * properties when not null. + */ + public Properties getJavaProperties() { + return this.javaProps; + } + + /** + * The {@link ClassCode} of this particular implementation. + * + * @return the ClassCode + */ + public abstract ClassCode classCode(); + + /** + * The name of the {@link AuthInitialize} factory function that should be used + * in conjunction with the credentials generated by this generator. + * + * @return name of the AuthInitialize factory function + */ + public abstract String getAuthInit(); + + /** + * The name of the {@link Authenticator} factory function that should be used + * in conjunction with the credentials generated by this generator. + * + * @return name of the Authenticator factory function + */ + public abstract String getAuthenticator(); + + /** + * Get a set of valid credentials generated using the given index. + */ + public abstract Properties getValidCredentials(int index); + + /** + * Get a set of valid credentials for the given {@link Principal}. + * + * @return credentials for the given Principal or null if none + * possible. + */ + public abstract Properties getValidCredentials(Principal principal); + + /** + * Get a set of invalid credentials generated using the given index. + */ + public abstract Properties getInvalidCredentials(int index); +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/java/templates/security/DummyAuthzCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/templates/security/DummyAuthzCredentialGenerator.java b/gemfire-core/src/test/java/templates/security/DummyAuthzCredentialGenerator.java new file mode 100644 index 0000000..5c27d60 --- /dev/null +++ b/gemfire-core/src/test/java/templates/security/DummyAuthzCredentialGenerator.java @@ -0,0 +1,142 @@ + +package templates.security; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +import java.security.Principal; +import java.util.HashSet; +import java.util.Properties; +import java.util.Set; + +import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; + +public class DummyAuthzCredentialGenerator extends AuthzCredentialGenerator { + + public static final byte READER_ROLE = 1; + + public static final byte WRITER_ROLE = 2; + + public static final byte ADMIN_ROLE = 3; + + private static Set readerOpsSet; + + private static Set writerOpsSet; + + static { + + readerOpsSet = new HashSet(); + for (int index = 0; index < DummyAuthorization.READER_OPS.length; index++) { + readerOpsSet.add(DummyAuthorization.READER_OPS[index]); + } + writerOpsSet = new HashSet(); + for (int index = 0; index < DummyAuthorization.WRITER_OPS.length; index++) { + writerOpsSet.add(DummyAuthorization.WRITER_OPS[index]); + } + } + + public DummyAuthzCredentialGenerator() { + } + + protected Properties init() throws IllegalArgumentException { + + if (!this.cGen.classCode().isDummy()) { + throw new IllegalArgumentException( + "DummyAuthorization module only works with DummyAuthenticator"); + } + return null; + } + + public ClassCode classCode() { + return ClassCode.DUMMY; + } + + public String getAuthorizationCallback() { + return "templates.security.DummyAuthorization.create"; + } + + public static byte getRequiredRole(OperationCode[] opCodes) { + + byte roleType = ADMIN_ROLE; + boolean requiresReader = true; + boolean requiresWriter = true; + + for (int opNum = 0; opNum < opCodes.length; opNum++) { + if (requiresReader && !readerOpsSet.contains(opCodes[opNum])) { + requiresReader = false; + } + if (requiresWriter && !writerOpsSet.contains(opCodes[opNum])) { + requiresWriter = false; + } + } + if (requiresReader) { + roleType = READER_ROLE; + } + else if (requiresWriter) { + roleType = WRITER_ROLE; + } + return roleType; + } + + private Principal getPrincipal(byte roleType, int index) { + + String[] admins = new String[] { "root", "admin", "administrator" }; + switch (roleType) { + case READER_ROLE: + return new UsernamePrincipal("reader" + index); + case WRITER_ROLE: + return new UsernamePrincipal("writer" + index); + default: + return new UsernamePrincipal(admins[index % admins.length]); + } + } + + protected Principal getAllowedPrincipal(OperationCode[] opCodes, + String[] regionNames, int index) { + + byte roleType = getRequiredRole(opCodes); + return getPrincipal(roleType, index); + } + + protected Principal getDisallowedPrincipal(OperationCode[] opCodes, + String[] regionNames, int index) { + + byte roleType = getRequiredRole(opCodes); + byte disallowedRoleType; + switch (roleType) { + case READER_ROLE: + disallowedRoleType = WRITER_ROLE; + break; + case WRITER_ROLE: + disallowedRoleType = READER_ROLE; + break; + default: + disallowedRoleType = READER_ROLE; + break; + } + return getPrincipal(disallowedRoleType, index); + } + + protected int getNumPrincipalTries(OperationCode[] opCodes, + String[] regionNames) { + return 5; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/java/templates/security/DummyCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/templates/security/DummyCredentialGenerator.java b/gemfire-core/src/test/java/templates/security/DummyCredentialGenerator.java new file mode 100644 index 0000000..af6c6eb --- /dev/null +++ b/gemfire-core/src/test/java/templates/security/DummyCredentialGenerator.java @@ -0,0 +1,90 @@ + +package templates.security; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +import java.security.Principal; +import java.util.Properties; + +public class DummyCredentialGenerator extends CredentialGenerator { + + public DummyCredentialGenerator() { + } + + protected Properties initialize() throws IllegalArgumentException { + return null; + } + + public ClassCode classCode() { + return ClassCode.DUMMY; + } + + public String getAuthInit() { + return "templates.security.UserPasswordAuthInit.create"; + } + + public String getAuthenticator() { + return "templates.security.DummyAuthenticator.create"; + } + + public Properties getValidCredentials(int index) { + + String[] validGroups = new String[] { "admin", "user", "reader", "writer" }; + String[] admins = new String[] { "root", "admin", "administrator" }; + + Properties props = new Properties(); + int groupNum = (index % validGroups.length); + String userName; + if (groupNum == 0) { + userName = admins[index % admins.length]; + } + else { + userName = validGroups[groupNum] + (index / validGroups.length); + } + props.setProperty(UserPasswordAuthInit.USER_NAME, userName); + props.setProperty(UserPasswordAuthInit.PASSWORD, userName); + return props; + } + + public Properties getValidCredentials(Principal principal) { + + String userName = principal.getName(); + if (DummyAuthenticator.testValidName(userName)) { + Properties props = new Properties(); + props.setProperty(UserPasswordAuthInit.USER_NAME, userName); + props.setProperty(UserPasswordAuthInit.PASSWORD, userName); + return props; + } + else { + throw new IllegalArgumentException("Dummy: [" + userName + + "] is not a valid user"); + } + } + + public Properties getInvalidCredentials(int index) { + + Properties props = new Properties(); + props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index); + props.setProperty(UserPasswordAuthInit.PASSWORD, "none"); + return props; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/java/templates/security/LdapUserCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/templates/security/LdapUserCredentialGenerator.java b/gemfire-core/src/test/java/templates/security/LdapUserCredentialGenerator.java new file mode 100644 index 0000000..816df63 --- /dev/null +++ b/gemfire-core/src/test/java/templates/security/LdapUserCredentialGenerator.java @@ -0,0 +1,158 @@ + +package templates.security; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +import java.security.Principal; +import java.util.Properties; + +import com.gemstone.gemfire.distributed.internal.DistributionConfig; +import com.gemstone.gemfire.internal.cache.tier.sockets.HandShake; +import com.gemstone.gemfire.util.test.TestUtil; + +import java.util.Random; + +public class LdapUserCredentialGenerator extends CredentialGenerator { + + private static final String USER_PREFIX = "gemfire"; + + private static boolean enableServerAuthentication = false; + + private boolean serverAuthEnabled = false; + + private static final Random prng = new Random(); + + private static final String[] algos = new String[] { "", "DESede", "AES:128", + "Blowfish:128" }; + + public LdapUserCredentialGenerator() { + // Toggle server authentication enabled for each test + // This is done instead of running all the tests with both + // server auth enabled/disabled to reduce test run time. + enableServerAuthentication = !enableServerAuthentication; + serverAuthEnabled = enableServerAuthentication; + } + + @Override + protected Properties initialize() throws IllegalArgumentException { + + Properties extraProps = new Properties(); + String ldapServer = System.getProperty("gf.ldap.server", "ldap"); + String ldapBaseDN = System.getProperty("gf.ldap.basedn", "ou=ldapTesting,dc=pune,dc=gemstone,dc=com"); + String ldapUseSSL = System.getProperty("gf.ldap.usessl"); + extraProps.setProperty(LdapUserAuthenticator.LDAP_SERVER_NAME, ldapServer); + extraProps.setProperty(LdapUserAuthenticator.LDAP_BASEDN_NAME, ldapBaseDN); + if (ldapUseSSL != null && ldapUseSSL.length() > 0) { + extraProps.setProperty(LdapUserAuthenticator.LDAP_SSL_NAME, ldapUseSSL); + } + if (serverAuthEnabled) { + String keyStoreFile = TestUtil.getResourcePath(LdapUserCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/gemfire1.keystore"); + extraProps.setProperty(HandShake.PRIVATE_KEY_FILE_PROP, keyStoreFile); + extraProps.setProperty(HandShake.PRIVATE_KEY_ALIAS_PROP, "gemfire1"); + extraProps.setProperty(HandShake.PRIVATE_KEY_PASSWD_PROP, "gemfire"); + } + return extraProps; + } + + @Override + public ClassCode classCode() { + return ClassCode.LDAP; + } + + @Override + public String getAuthInit() { + return "templates.security.UserPasswordAuthInit.create"; + } + + @Override + public String getAuthenticator() { + return "templates.security.LdapUserAuthenticator.create"; + } + + @Override + public Properties getValidCredentials(int index) { + + Properties props = new Properties(); + props.setProperty(UserPasswordAuthInit.USER_NAME, USER_PREFIX + + ((index % 10) + 1)); + props.setProperty(UserPasswordAuthInit.PASSWORD, USER_PREFIX + + ((index % 10) + 1)); + props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, + algos[prng.nextInt(algos.length)]); + if (serverAuthEnabled) { + String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile"); + props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile); + props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire"); + } + return props; + } + + @Override + public Properties getValidCredentials(Principal principal) { + + Properties props = null; + String userName = principal.getName(); + if (userName != null && userName.startsWith(USER_PREFIX)) { + boolean isValid; + try { + int suffix = Integer.parseInt(userName.substring(USER_PREFIX.length())); + isValid = (suffix >= 1 && suffix <= 10); + } + catch (Exception ex) { + isValid = false; + } + if (isValid) { + props = new Properties(); + props.setProperty(UserPasswordAuthInit.USER_NAME, userName); + props.setProperty(UserPasswordAuthInit.PASSWORD, userName); + } + } + if (props == null) { + throw new IllegalArgumentException("LDAP: [" + userName + + "] not a valid user"); + } + props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, + algos[prng.nextInt(algos.length)]); + if (serverAuthEnabled) { + String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile"); + props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile); + props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire"); + } + return props; + } + + @Override + public Properties getInvalidCredentials(int index) { + + Properties props = new Properties(); + props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index); + props.setProperty(UserPasswordAuthInit.PASSWORD, "none"); + props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, + algos[prng.nextInt(algos.length)]); + if (serverAuthEnabled) { + String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile"); + props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile); + props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire"); + } + return props; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/java/templates/security/PKCSCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/templates/security/PKCSCredentialGenerator.java b/gemfire-core/src/test/java/templates/security/PKCSCredentialGenerator.java new file mode 100644 index 0000000..fa4bf04 --- /dev/null +++ b/gemfire-core/src/test/java/templates/security/PKCSCredentialGenerator.java @@ -0,0 +1,110 @@ + +package templates.security; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +import java.security.Principal; +import java.security.Provider; +import java.security.Security; +import java.util.Properties; + +import com.gemstone.gemfire.util.test.TestUtil; + +/** + * @author kneeraj + * + */ +public class PKCSCredentialGenerator extends CredentialGenerator { + + public static String keyStoreDir = getKeyStoreDir(); + + public static boolean usesIBMJSSE; + + // Checks if the current JVM uses only IBM JSSE providers. + private static boolean usesIBMProviders() { + Provider[] providers = Security.getProviders(); + for (int index = 0; index < providers.length; ++index) { + if (!providers[index].getName().toLowerCase().startsWith("ibm")) { + return false; + } + } + return true; + } + + private static String getKeyStoreDir() { + usesIBMJSSE = usesIBMProviders(); + if (usesIBMJSSE) { + return "/lib/keys/ibm"; + } + else { + return "/lib/keys"; + } + } + + public ClassCode classCode() { + return ClassCode.PKCS; + } + + public String getAuthInit() { + return "templates.security.PKCSAuthInit.create"; + } + + public String getAuthenticator() { + return "templates.security.PKCSAuthenticator.create"; + } + + public Properties getInvalidCredentials(int index) { + Properties props = new Properties(); + String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire11.keystore"); + props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile); + props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire11"); + props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire"); + return props; + } + + public Properties getValidCredentials(int index) { + Properties props = new Properties(); + int aliasnum = (index % 10) + 1; + String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire" + aliasnum + ".keystore"); + props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile); + props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire" + aliasnum); + props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire"); + return props; + } + + public Properties getValidCredentials(Principal principal) { + Properties props = new Properties(); + String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + principal.getName() + ".keystore"); + props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile); + props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, principal.getName()); + props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire"); + return props; + } + + protected Properties initialize() throws IllegalArgumentException { + Properties props = new Properties(); + String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/publickeyfile"); + props.setProperty(PKCSAuthenticator.PUBLIC_KEY_FILE, keyStoreFile); + props.setProperty(PKCSAuthenticator.PUBLIC_KEYSTORE_PASSWORD, "gemfire"); + return props; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/java/templates/security/SSLCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/templates/security/SSLCredentialGenerator.java b/gemfire-core/src/test/java/templates/security/SSLCredentialGenerator.java new file mode 100644 index 0000000..09367a2 --- /dev/null +++ b/gemfire-core/src/test/java/templates/security/SSLCredentialGenerator.java @@ -0,0 +1,116 @@ + +package templates.security; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +import java.io.File; +import java.io.IOException; +import java.security.Principal; +import java.util.Properties; + +import com.gemstone.gemfire.security.AuthenticationFailedException; + +public class SSLCredentialGenerator extends CredentialGenerator { + + private File findTrustedJKS() { + File ssldir = new File(System.getProperty("JTESTS") + "/ssl"); + return new File(ssldir, "trusted.keystore"); + } + + private File findUntrustedJKS() { + File ssldir = new File(System.getProperty("JTESTS") + "/ssl"); + return new File(ssldir, "untrusted.keystore"); + } + + private Properties getValidJavaSSLProperties() { + File jks = findTrustedJKS(); + try { + Properties props = new Properties(); + props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath()); + props.setProperty("javax.net.ssl.trustStorePassword", "password"); + props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath()); + props.setProperty("javax.net.ssl.keyStorePassword", "password"); + return props; + } + catch (IOException ex) { + throw new AuthenticationFailedException( + "SSL: Exception while opening the key store: " + ex); + } + } + + private Properties getInvalidJavaSSLProperties() { + File jks = findUntrustedJKS(); + try { + Properties props = new Properties(); + props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath()); + props.setProperty("javax.net.ssl.trustStorePassword", "password"); + props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath()); + props.setProperty("javax.net.ssl.keyStorePassword", "password"); + return props; + } + catch (IOException ex) { + throw new AuthenticationFailedException( + "SSL: Exception while opening the key store: " + ex); + } + } + + private Properties getSSLProperties() { + Properties props = new Properties(); + props.setProperty("ssl-enabled", "true"); + props.setProperty("ssl-require-authentication", "true"); + props.setProperty("ssl-ciphers", "SSL_RSA_WITH_RC4_128_MD5"); + props.setProperty("ssl-protocols", "TLSv1"); + return props; + } + + protected Properties initialize() throws IllegalArgumentException { + this.javaProps = getValidJavaSSLProperties(); + return getSSLProperties(); + } + + public ClassCode classCode() { + return ClassCode.SSL; + } + + public String getAuthInit() { + return null; + } + + public String getAuthenticator() { + return null; + } + + public Properties getValidCredentials(int index) { + this.javaProps = getValidJavaSSLProperties(); + return getSSLProperties(); + } + + public Properties getValidCredentials(Principal principal) { + this.javaProps = getValidJavaSSLProperties(); + return getSSLProperties(); + } + + public Properties getInvalidCredentials(int index) { + this.javaProps = getInvalidJavaSSLProperties(); + return getSSLProperties(); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/java/templates/security/UserPasswordWithExtraPropsAuthInit.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/templates/security/UserPasswordWithExtraPropsAuthInit.java b/gemfire-core/src/test/java/templates/security/UserPasswordWithExtraPropsAuthInit.java new file mode 100644 index 0000000..56dbf7d --- /dev/null +++ b/gemfire-core/src/test/java/templates/security/UserPasswordWithExtraPropsAuthInit.java @@ -0,0 +1,76 @@ + +package templates.security; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +import java.util.Properties; +import java.util.Iterator; + +import com.gemstone.gemfire.distributed.DistributedMember; +import com.gemstone.gemfire.security.AuthInitialize; +import com.gemstone.gemfire.security.AuthenticationFailedException; + +/** + * An {@link AuthInitialize} implementation that obtains the user name and + * password as the credentials from the given set of properties. If + * keep-extra-props property exits, it will copy rest of the + * properties provided in getCredential props argument will also be + * copied as new credentials. + * + * @author Soubhik + * @since 5.5 + */ +public class UserPasswordWithExtraPropsAuthInit extends UserPasswordAuthInit { + + public static final String EXTRA_PROPS = "security-keep-extra-props"; + + public static final String SECURITY_PREFIX = "security-"; + + public static AuthInitialize create() { + return new UserPasswordWithExtraPropsAuthInit(); + } + + public UserPasswordWithExtraPropsAuthInit() { + super(); + } + + public Properties getCredentials(Properties props, DistributedMember server, + boolean isPeer) throws AuthenticationFailedException { + + Properties newProps = super.getCredentials(props, server, isPeer); + String extraProps = props.getProperty(EXTRA_PROPS); + if(extraProps != null) { + for(Iterator it = props.keySet().iterator(); it.hasNext();) { + String key = (String)it.next(); + if( key.startsWith(SECURITY_PREFIX) && + key.equalsIgnoreCase(USER_NAME) == false && + key.equalsIgnoreCase(PASSWORD) == false && + key.equalsIgnoreCase(EXTRA_PROPS) == false) { + newProps.setProperty(key, props.getProperty(key)); + } + } + this.securitylog.fine("got everything and now have: " + + newProps.keySet().toString()); + } + return newProps; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/java/templates/security/XmlAuthzCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/java/templates/security/XmlAuthzCredentialGenerator.java b/gemfire-core/src/test/java/templates/security/XmlAuthzCredentialGenerator.java new file mode 100644 index 0000000..6b3f171 --- /dev/null +++ b/gemfire-core/src/test/java/templates/security/XmlAuthzCredentialGenerator.java @@ -0,0 +1,262 @@ + +package templates.security; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +import java.security.Principal; +import java.util.HashSet; +import java.util.Properties; +import java.util.Set; + +import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; +import com.gemstone.gemfire.util.test.TestUtil; + +public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator { + + private static final String dummyXml = "authz-dummy.xml"; + + private static final String ldapXml = "authz-ldap.xml"; + + private static final String pkcsXml = "authz-pkcs.xml"; + + private static final String sslXml = "authz-ssl.xml"; + + private static final String[] QUERY_REGIONS = { "/Portfolios", "/Positions", + "/AuthRegion" }; + + public static OperationCode[] READER_OPS = { OperationCode.GET, + OperationCode.REGISTER_INTEREST, OperationCode.UNREGISTER_INTEREST, + OperationCode.KEY_SET, OperationCode.CONTAINS_KEY, OperationCode.EXECUTE_FUNCTION }; + + public static OperationCode[] WRITER_OPS = { OperationCode.PUT, + OperationCode.DESTROY, OperationCode.INVALIDATE, OperationCode.REGION_CLEAR }; + + public static OperationCode[] QUERY_OPS = { OperationCode.QUERY, + OperationCode.EXECUTE_CQ, OperationCode.STOP_CQ, OperationCode.CLOSE_CQ }; + + private static final byte READER_ROLE = 1; + + private static final byte WRITER_ROLE = 2; + + private static final byte QUERY_ROLE = 3; + + private static final byte ADMIN_ROLE = 4; + + private static Set readerOpsSet; + + private static Set writerOpsSet; + + private static Set queryOpsSet; + + private static Set queryRegionSet; + + static { + + readerOpsSet = new HashSet(); + for (int index = 0; index < READER_OPS.length; index++) { + readerOpsSet.add(READER_OPS[index]); + } + writerOpsSet = new HashSet(); + for (int index = 0; index < WRITER_OPS.length; index++) { + writerOpsSet.add(WRITER_OPS[index]); + } + queryOpsSet = new HashSet(); + for (int index = 0; index < QUERY_OPS.length; index++) { + queryOpsSet.add(QUERY_OPS[index]); + } + queryRegionSet = new HashSet(); + for (int index = 0; index < QUERY_REGIONS.length; index++) { + queryRegionSet.add(QUERY_REGIONS[index]); + } + } + + public XmlAuthzCredentialGenerator() { + } + + protected Properties init() throws IllegalArgumentException { + + Properties sysProps = new Properties(); + String dirName = "/lib/"; + if (this.cGen.classCode().isDummy()) { + String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + dummyXml); + sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename); + } + else if (this.cGen.classCode().isLDAP()) { + String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + ldapXml); + sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename); + } + // else if (this.cGen.classCode().isPKCS()) { + // sysProps + // .setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + pkcsXml); + // } + // else if (this.cGen.classCode().isSSL()) { + // sysProps + // .setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + sslXml); + // } + else { + throw new IllegalArgumentException( + "No XML defined for XmlAuthorization module to work with " + + this.cGen.getAuthenticator()); + } + return sysProps; + } + + public ClassCode classCode() { + return ClassCode.XML; + } + + public String getAuthorizationCallback() { + return "templates.security.XmlAuthorization.create"; + } + + private Principal getDummyPrincipal(byte roleType, int index) { + + String[] admins = new String[] { "root", "admin", "administrator" }; + int numReaders = 3; + int numWriters = 3; + + switch (roleType) { + case READER_ROLE: + return new UsernamePrincipal("reader" + (index % numReaders)); + case WRITER_ROLE: + return new UsernamePrincipal("writer" + (index % numWriters)); + case QUERY_ROLE: + return new UsernamePrincipal("reader" + ((index % 2) + 3)); + default: + return new UsernamePrincipal(admins[index % admins.length]); + } + } + + private Principal getLdapPrincipal(byte roleType, int index) { + + final String userPrefix = "gemfire"; + final int[] readerIndices = { 3, 4, 5 }; + final int[] writerIndices = { 6, 7, 8 }; + final int[] queryIndices = { 9, 10 }; + final int[] adminIndices = { 1, 2 }; + + switch (roleType) { + case READER_ROLE: + int readerIndex = readerIndices[index % readerIndices.length]; + return new UsernamePrincipal(userPrefix + readerIndex); + case WRITER_ROLE: + int writerIndex = writerIndices[index % writerIndices.length]; + return new UsernamePrincipal(userPrefix + writerIndex); + case QUERY_ROLE: + int queryIndex = queryIndices[index % queryIndices.length]; + return new UsernamePrincipal(userPrefix + queryIndex); + default: + int adminIndex = adminIndices[index % adminIndices.length]; + return new UsernamePrincipal(userPrefix + adminIndex); + } + } + + private byte getRequiredRole(OperationCode[] opCodes, String[] regionNames) { + + byte roleType = ADMIN_ROLE; + boolean requiresReader = true; + boolean requiresWriter = true; + boolean requiresQuery = true; + + for (int opNum = 0; opNum < opCodes.length; opNum++) { + OperationCode opCode = opCodes[opNum]; + if (requiresReader && !readerOpsSet.contains(opCode)) { + requiresReader = false; + } + if (requiresWriter && !writerOpsSet.contains(opCode)) { + requiresWriter = false; + } + if (requiresQuery && !queryOpsSet.contains(opCode)) { + requiresQuery = false; + } + } + if (requiresReader) { + roleType = READER_ROLE; + } + else if (requiresWriter) { + roleType = WRITER_ROLE; + } + else if (requiresQuery) { + if (regionNames != null && regionNames.length > 0) { + for (int index = 0; index < regionNames.length; index++) { + String regionName = XmlAuthorization + .normalizeRegionName(regionNames[index]); + if (requiresQuery && !queryRegionSet.contains(regionName)) { + requiresQuery = false; + break; + } + } + if (requiresQuery) { + roleType = QUERY_ROLE; + } + } + } + return roleType; + } + + protected Principal getAllowedPrincipal(OperationCode[] opCodes, + String[] regionNames, int index) { + + if (this.cGen.classCode().isDummy()) { + byte roleType = getRequiredRole(opCodes, regionNames); + return getDummyPrincipal(roleType, index); + } + else if (this.cGen.classCode().isLDAP()) { + byte roleType = getRequiredRole(opCodes, regionNames); + return getLdapPrincipal(roleType, index); + } + return null; + } + + protected Principal getDisallowedPrincipal(OperationCode[] opCodes, + String[] regionNames, int index) { + + byte roleType = getRequiredRole(opCodes, regionNames); + byte disallowedRoleType = READER_ROLE; + switch (roleType) { + case READER_ROLE: + disallowedRoleType = WRITER_ROLE; + break; + case WRITER_ROLE: + disallowedRoleType = READER_ROLE; + break; + case QUERY_ROLE: + disallowedRoleType = READER_ROLE; + break; + case ADMIN_ROLE: + disallowedRoleType = READER_ROLE; + break; + } + if (this.cGen.classCode().isDummy()) { + return getDummyPrincipal(disallowedRoleType, index); + } + else if (this.cGen.classCode().isLDAP()) { + return getLdapPrincipal(disallowedRoleType, index); + } + return null; + } + + protected int getNumPrincipalTries(OperationCode[] opCodes, + String[] regionNames) { + return 5; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/authz-dummy.xml ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/authz-dummy.xml b/gemfire-core/src/test/resources/lib/authz-dummy.xml new file mode 100644 index 0000000..7f73808 --- /dev/null +++ b/gemfire-core/src/test/resources/lib/authz-dummy.xml @@ -0,0 +1,126 @@ + + + + + + + + + reader0 + reader1 + reader2 + root + admin + administrator + + + + writer0 + writer1 + writer2 + root + admin + administrator + + + + root + admin + administrator + + + + reader3 + reader4 + + + + reader5 + reader6 + + + + reader5 + reader7 + + + + reader8 + + + + reader9 + + + + QUERY + EXECUTE_CQ + STOP_CQ + CLOSE_CQ + REGION_CREATE + REGION_DESTROY + + + + GET + REGISTER_INTEREST + UNREGISTER_INTEREST + KEY_SET + CONTAINS_KEY + EXECUTE_FUNCTION + + + + PUT + PUTALL + DESTROY + INVALIDATE + REGION_CLEAR + + + + QUERY + EXECUTE_CQ + STOP_CQ + CLOSE_CQ + + + + PUT + EXECUTE_FUNCTION + + + + PUT + EXECUTE_FUNCTION + + + + REGISTER_INTEREST + GET + + + + UNREGISTER_INTEREST + GET + + + http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/authz-ldap.xml ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/authz-ldap.xml b/gemfire-core/src/test/resources/lib/authz-ldap.xml new file mode 100644 index 0000000..e63c23b --- /dev/null +++ b/gemfire-core/src/test/resources/lib/authz-ldap.xml @@ -0,0 +1,85 @@ + + + + + + + + + gemfire1 + gemfire2 + gemfire3 + gemfire4 + gemfire5 + + + + gemfire1 + gemfire2 + gemfire6 + gemfire7 + gemfire8 + + + + gemfire1 + gemfire2 + + + + gemfire9 + gemfire10 + + + + QUERY + EXECUTE_CQ + STOP_CQ + CLOSE_CQ + REGION_CREATE + REGION_DESTROY + + + + GET + REGISTER_INTEREST + UNREGISTER_INTEREST + KEY_SET + CONTAINS_KEY + EXECUTE_FUNCTION + + + + PUT + PUTALL + DESTROY + INVALIDATE + REGION_CLEAR + + + + QUERY + EXECUTE_CQ + STOP_CQ + CLOSE_CQ + + + http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/authz-multiUser-dummy.xml ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/authz-multiUser-dummy.xml b/gemfire-core/src/test/resources/lib/authz-multiUser-dummy.xml new file mode 100644 index 0000000..0f3bbab --- /dev/null +++ b/gemfire-core/src/test/resources/lib/authz-multiUser-dummy.xml @@ -0,0 +1,106 @@ + + + + + + + + + user1 + user2 + root + admin + administrator + + + + user3 + user4 + root + admin + administrator + + + + user1 + user2 + root + admin + administrator + + + + user5 + user6 + + + + user7 + user8 + + + + user5 + user7 + + + + QUERY + EXECUTE_CQ + STOP_CQ + CLOSE_CQ + + + + GET + REGISTER_INTEREST + UNREGISTER_INTEREST + KEY_SET + CONTAINS_KEY + EXECUTE_FUNCTION + + + + PUT + PUTALL + DESTROY + INVALIDATE + REGION_CLEAR + + + + QUERY + EXECUTE_CQ + STOP_CQ + CLOSE_CQ + + + + REGISTER_INTEREST + GET + + + + UNREGISTER_INTEREST + GET + + + http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/authz-multiUser-ldap.xml ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/authz-multiUser-ldap.xml b/gemfire-core/src/test/resources/lib/authz-multiUser-ldap.xml new file mode 100644 index 0000000..a8e5392 --- /dev/null +++ b/gemfire-core/src/test/resources/lib/authz-multiUser-ldap.xml @@ -0,0 +1,83 @@ + + + + + + + + + gemfire1 + gemfire2 + gemfire3 + gemfire4 + gemfire5 + + + + gemfire1 + gemfire2 + gemfire6 + gemfire7 + gemfire8 + + + + gemfire1 + gemfire2 + + + + gemfire9 + gemfire10 + + + + QUERY + EXECUTE_CQ + STOP_CQ + CLOSE_CQ + + + + GET + REGISTER_INTEREST + UNREGISTER_INTEREST + KEY_SET + CONTAINS_KEY + EXECUTE_FUNCTION + + + + PUT + PUTALL + DESTROY + INVALIDATE + REGION_CLEAR + + + + QUERY + EXECUTE_CQ + STOP_CQ + CLOSE_CQ + + + http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/gemfire1.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/gemfire1.keystore b/gemfire-core/src/test/resources/lib/keys/gemfire1.keystore new file mode 100644 index 0000000..15270bb Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/gemfire1.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/gemfire10.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/gemfire10.keystore b/gemfire-core/src/test/resources/lib/keys/gemfire10.keystore new file mode 100644 index 0000000..bb6f827 Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/gemfire10.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/gemfire11.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/gemfire11.keystore b/gemfire-core/src/test/resources/lib/keys/gemfire11.keystore new file mode 100644 index 0000000..6839c74 Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/gemfire11.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/gemfire2.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/gemfire2.keystore b/gemfire-core/src/test/resources/lib/keys/gemfire2.keystore new file mode 100644 index 0000000..fcb7ab8 Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/gemfire2.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/gemfire3.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/gemfire3.keystore b/gemfire-core/src/test/resources/lib/keys/gemfire3.keystore new file mode 100644 index 0000000..19afc4b Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/gemfire3.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/gemfire4.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/gemfire4.keystore b/gemfire-core/src/test/resources/lib/keys/gemfire4.keystore new file mode 100644 index 0000000..c65916a Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/gemfire4.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/gemfire5.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/gemfire5.keystore b/gemfire-core/src/test/resources/lib/keys/gemfire5.keystore new file mode 100644 index 0000000..d738cca Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/gemfire5.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/gemfire6.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/gemfire6.keystore b/gemfire-core/src/test/resources/lib/keys/gemfire6.keystore new file mode 100644 index 0000000..1fea2d3 Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/gemfire6.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/gemfire7.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/gemfire7.keystore b/gemfire-core/src/test/resources/lib/keys/gemfire7.keystore new file mode 100644 index 0000000..7a3187c Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/gemfire7.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/gemfire8.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/gemfire8.keystore b/gemfire-core/src/test/resources/lib/keys/gemfire8.keystore new file mode 100644 index 0000000..a3bb886 Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/gemfire8.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/gemfire9.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/gemfire9.keystore b/gemfire-core/src/test/resources/lib/keys/gemfire9.keystore new file mode 100644 index 0000000..674b4e6 Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/gemfire9.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/ibm/gemfire1.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/ibm/gemfire1.keystore b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire1.keystore new file mode 100644 index 0000000..4f9120c Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire1.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/ibm/gemfire10.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/ibm/gemfire10.keystore b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire10.keystore new file mode 100644 index 0000000..0bd97d7 Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire10.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/ibm/gemfire11.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/ibm/gemfire11.keystore b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire11.keystore new file mode 100644 index 0000000..62ae3c7 Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire11.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/ibm/gemfire2.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/ibm/gemfire2.keystore b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire2.keystore new file mode 100644 index 0000000..c65bc81 Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire2.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/ibm/gemfire3.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/ibm/gemfire3.keystore b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire3.keystore new file mode 100644 index 0000000..b0796e0 Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire3.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/ibm/gemfire4.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/ibm/gemfire4.keystore b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire4.keystore new file mode 100644 index 0000000..9c94018 Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire4.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/ibm/gemfire5.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/ibm/gemfire5.keystore b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire5.keystore new file mode 100644 index 0000000..33f6937 Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire5.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/ibm/gemfire6.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/ibm/gemfire6.keystore b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire6.keystore new file mode 100644 index 0000000..568f674 Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire6.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/ibm/gemfire7.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/ibm/gemfire7.keystore b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire7.keystore new file mode 100644 index 0000000..80e2d80 Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire7.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/ibm/gemfire8.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/ibm/gemfire8.keystore b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire8.keystore new file mode 100644 index 0000000..a15def5 Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire8.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/ibm/gemfire9.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/ibm/gemfire9.keystore b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire9.keystore new file mode 100644 index 0000000..72087f3 Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/ibm/gemfire9.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/ibm/publickeyfile ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/ibm/publickeyfile b/gemfire-core/src/test/resources/lib/keys/ibm/publickeyfile new file mode 100644 index 0000000..1b13872 Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/ibm/publickeyfile differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/lib/keys/publickeyfile ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/lib/keys/publickeyfile b/gemfire-core/src/test/resources/lib/keys/publickeyfile new file mode 100644 index 0000000..9c2daa3 Binary files /dev/null and b/gemfire-core/src/test/resources/lib/keys/publickeyfile differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/resources/ssl/untrusted.keystore ---------------------------------------------------------------------- diff --git a/gemfire-core/src/test/resources/ssl/untrusted.keystore b/gemfire-core/src/test/resources/ssl/untrusted.keystore new file mode 100755 index 0000000..aa73eeb Binary files /dev/null and b/gemfire-core/src/test/resources/ssl/untrusted.keystore differ http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gradle/rat.gradle ---------------------------------------------------------------------- diff --git a/gradle/rat.gradle b/gradle/rat.gradle index 2068b88..cb6bdfb 100644 --- a/gradle/rat.gradle +++ b/gradle/rat.gradle @@ -40,7 +40,7 @@ rat { '**/.classpath', '**/.settings/**', '**/build-eclipse/**', - '*.iml', + '**/*.iml', '.idea/**', '**/tags',