Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 02333200B92 for ; Wed, 14 Sep 2016 00:56:20 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 00927160ADC; Tue, 13 Sep 2016 22:56:20 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id C8659160ADA for ; Wed, 14 Sep 2016 00:56:17 +0200 (CEST) Received: (qmail 66346 invoked by uid 500); 13 Sep 2016 22:56:17 -0000 Mailing-List: contact commits-help@geode.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.incubator.apache.org Delivered-To: mailing list commits@geode.incubator.apache.org Received: (qmail 66337 invoked by uid 99); 13 Sep 2016 22:56:16 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Sep 2016 22:56:16 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 703FF1A9292 for ; Tue, 13 Sep 2016 22:56:16 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -4.646 X-Spam-Level: X-Spam-Status: No, score=-4.646 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426] autolearn=disabled Received: from mx2-lw-us.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id u-J1awhhgN1t for ; Tue, 13 Sep 2016 22:56:06 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with SMTP id 3D6675FC54 for ; Tue, 13 Sep 2016 22:56:04 +0000 (UTC) Received: (qmail 65511 invoked by uid 99); 13 Sep 2016 22:56:04 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Sep 2016 22:56:04 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 41DC2E07F4; Tue, 13 Sep 2016 22:56:04 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: hiteshkhamesra@apache.org To: commits@geode.incubator.apache.org Date: Tue, 13 Sep 2016 22:56:11 -0000 Message-Id: In-Reply-To: <5df883512d0449bca363c6f78141c64f@git.apache.org> References: <5df883512d0449bca363c6f78141c64f@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [09/15] incubator-geode git commit: GEODE-37 Renamed security related stuff archived-at: Tue, 13 Sep 2016 22:56:20 -0000 http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/generator/CredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/CredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/CredentialGenerator.java deleted file mode 100755 index 90584cd..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/CredentialGenerator.java +++ /dev/null @@ -1,333 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security.generator; - -import java.security.Principal; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Properties; - -import org.apache.logging.log4j.Logger; - -import com.gemstone.gemfire.internal.logging.LogService; -import com.gemstone.gemfire.security.AuthInitialize; -import com.gemstone.gemfire.security.Authenticator; -import com.gemstone.gemfire.security.templates.DummyAuthenticator; -import com.gemstone.gemfire.security.templates.LdapUserAuthenticator; -import com.gemstone.gemfire.security.templates.PKCSAuthenticator; - -/** - * Encapsulates obtaining valid and invalid credentials. Implementations will be - * for different kinds of authentication schemes. - * - * @since GemFire 5.5 - */ -public abstract class CredentialGenerator { - - private static final Logger logger = LogService.getLogger(); - - /** - * A set of properties that should be added to the Gemfire system properties - * before using the authentication module. - */ - private Properties systemProperties = null; - - /** - * A set of properties that should be added to the java system properties - * before using the authentication module. - */ - protected Properties javaProperties = null; - - /** - * A factory method to create a new instance of an {@link CredentialGenerator} - * for the given {@link ClassCode}. Caller is supposed to invoke - * {@link CredentialGenerator#init} immediately after obtaining the instance. - * - * @param classCode - * the {@code ClassCode} of the {@code CredentialGenerator} - * implementation - * - * @return an instance of {@code CredentialGenerator} for the given class - * code - */ - public static CredentialGenerator create(final ClassCode classCode) { - switch (classCode.classType) { - // Removing dummy one to reduce test run times - // case ClassCode.ID_DUMMY: - // return new DummyCredentialGenerator(); - case ClassCode.ID_LDAP: - return new LdapUserCredentialGenerator(); - // case ClassCode.ID_SSL:ΓΈ - // return new SSLCredentialGenerator(); - case ClassCode.ID_PKCS: - return new PKCSCredentialGenerator(); - default: - return null; - } - } - - /** - * Initialize the credential generator. - * - * @throws IllegalArgumentException when there is a problem during - * initialization - */ - public void init() throws IllegalArgumentException { - this.systemProperties = initialize(); - logger.info("Generating CredentialGenerator with {}", this.systemProperties); - } - - /** - * @return A set of extra properties that should be added to Gemfire system - * properties when not null. - */ - public Properties getSystemProperties() { - return this.systemProperties; - } - - /** - * @return A set of extra properties that should be added to Gemfire system - * properties when not null. - */ - public Properties getJavaProperties() { - return this.javaProperties; - } - - /** - * The {@link ClassCode} of this particular implementation. - * - * @return the {@code ClassCode} - */ - public abstract ClassCode classCode(); - - /** - * The name of the {@link AuthInitialize} factory function that should be used - * in conjunction with the credentials generated by this generator. - * - * @return name of the {@code AuthInitialize} factory function - */ - public abstract String getAuthInit(); - - /** - * The name of the {@link Authenticator} factory function that should be used - * in conjunction with the credentials generated by this generator. - * - * @return name of the {@code Authenticator} factory function - */ - public abstract String getAuthenticator(); - - /** - * Get a set of valid credentials generated using the given index. - */ - public abstract Properties getValidCredentials(final int index); - - /** - * Get a set of valid credentials for the given {@link Principal}. - * - * @return credentials for the given {@code Principal} or null if none - * possible. - */ - public abstract Properties getValidCredentials(final Principal principal); - - /** - * Get a set of invalid credentials generated using the given index. - */ - public abstract Properties getInvalidCredentials(final int index); - - /** - * Initialize the credential generator. This is provided separately from the - * {@link #init()} method for convenience of implementations so that they do not - * need to store in {@link #systemProperties}. The latter is convenient for the users - * who do not need to store these properties rather can obtain it later by - * invoking {@link #getSystemProperties()} - * - *

Required to be implemented by concrete classes that implement this abstract - * class. - * - * @return A set of extra properties that should be added to Gemfire system - * properties when not null. - * - * @throws IllegalArgumentException when there is a problem during - * initialization - */ - protected abstract Properties initialize() throws IllegalArgumentException; - - /** - * Enumeration for various {@link CredentialGenerator} implementations. - * - *

The following schemes are supported as of now: - * {@code DummyAuthenticator}, {@code LdapUserAuthenticator}, - * {@code PKCSAuthenticator}. In addition SSL socket mode with mutual - * authentication is also supported. - * - *

To add a new authentication scheme the following needs to be done: - *

    - *
  • Add implementations for {@link AuthInitialize} and - * {@link Authenticator} classes for clients/peers.
    • - *
  • Add a new enumeration value for the scheme in this class. Notice the - * size of {@code VALUES} array and increase that if it is getting - * overflowed. Note the methods and fields for existing schemes and add for - * the new one in a similar manner.
    • - *
  • Add an implementation for {@link CredentialGenerator}.
    • - *
  • Modify the CredentialGenerator.Factory#create [no such Factory exists] method to add - * creation of an instance of the new implementation for the - * {@code ClassCode} enumeration value.
    • - *
- * - *

All security dunit tests will automagically start testing the new - * implementation after this. - * - * @since GemFire 5.5 - */ - public static final class ClassCode { - - private static byte nextOrdinal = 0; - - private static final byte ID_DUMMY = 1; - private static final byte ID_LDAP = 2; - private static final byte ID_PKCS = 3; - private static final byte ID_SSL = 4; - - private static final ClassCode[] VALUES = new ClassCode[10]; - private static final Map CODE_NAME_MAP = new HashMap(); - - public static final ClassCode DUMMY = new ClassCode(DummyAuthenticator.class.getName() + ".create", ID_DUMMY); - public static final ClassCode LDAP = new ClassCode(LdapUserAuthenticator.class.getName() + ".create", ID_LDAP); - public static final ClassCode PKCS = new ClassCode(PKCSAuthenticator.class.getName() + ".create", ID_PKCS); - public static final ClassCode SSL = new ClassCode("SSL", ID_SSL); - - /** The name of this class. */ - private final String name; - - /** byte used as ordinal to represent this class */ - private final byte ordinal; - - /** - * One of the following: ID_DUMMY, ID_LDAP, ID_PKCS - */ - private final byte classType; - - /** Creates a new instance of class code. */ - private ClassCode(final String name, final byte classType) { - this.name = name; - this.classType = classType; - this.ordinal = nextOrdinal++; - VALUES[this.ordinal] = this; - CODE_NAME_MAP.put(name, this); - } - - public boolean isDummy() { - return this.classType == ID_DUMMY; - } - - public boolean isLDAP() { - return this.classType == ID_LDAP; - } - - public boolean isPKCS() { - return this.classType == ID_PKCS; - } - - public boolean isSSL() { - return this.classType == ID_SSL; - } - - /** - * Returns the {@code ClassCode} represented by specified ordinal. - */ - public static ClassCode fromOrdinal(final byte ordinal) { - return VALUES[ordinal]; - } - - /** - * Returns the {@code ClassCode} represented by specified string. - */ - public static ClassCode parse(final String operationName) { - return (ClassCode) CODE_NAME_MAP.get(operationName); - } - - /** - * Returns all the possible values. - */ - public static List getAll() { - final List codes = new ArrayList(); - for (Iterator iter = CODE_NAME_MAP.values().iterator(); iter.hasNext();) { - codes.add(iter.next()); - } - return codes; - } - - /** - * Returns the ordinal for this operation code. - * - * @return the ordinal of this operation. - */ - public byte toOrdinal() { - return this.ordinal; - } - - /** - * Returns a string representation for this operation. - * - * @return the name of this operation. - */ - @Override - public final String toString() { - return this.name; - } - - /** - * Indicates whether other object is same as this one. - * - * @return true if other object is same as this one. - */ - @Override - public final boolean equals(final Object obj) { - if (obj == this) { - return true; - } - if (!(obj instanceof ClassCode)) { - return false; - } - final ClassCode other = (ClassCode)obj; - return other.ordinal == this.ordinal; - } - - /** - * Indicates whether other {@code ClassCode} is same as this one. - * - * @return true if other {@code ClassCode} is same as this one. - */ - public final boolean equals(final ClassCode opCode) { - return opCode != null && opCode.ordinal == this.ordinal; - } - - /** - * Returns a hash code value for this {@code ClassCode} which is the - * same as its ordinal. - * - * @return the ordinal of this operation. - */ - @Override - public final int hashCode() { - return this.ordinal; - } - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyAuthzCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyAuthzCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyAuthzCredentialGenerator.java deleted file mode 100755 index 64fb84a..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyAuthzCredentialGenerator.java +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security.generator; - -import java.security.Principal; -import java.util.HashSet; -import java.util.Properties; -import java.util.Set; - -import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; -import com.gemstone.gemfire.security.templates.DummyAuthorization; -import com.gemstone.gemfire.security.templates.UsernamePrincipal; - -public class DummyAuthzCredentialGenerator extends AuthzCredentialGenerator { - - public static final byte READER_ROLE = 1; - public static final byte WRITER_ROLE = 2; - public static final byte ADMIN_ROLE = 3; - - private static Set readerOpsSet; - private static Set writerOpsSet; - - static { - readerOpsSet = new HashSet(); - for (int index = 0; index < DummyAuthorization.READER_OPS.length; index++) { - readerOpsSet.add(DummyAuthorization.READER_OPS[index]); - } - - writerOpsSet = new HashSet(); - for (int index = 0; index < DummyAuthorization.WRITER_OPS.length; index++) { - writerOpsSet.add(DummyAuthorization.WRITER_OPS[index]); - } - } - - public static byte getRequiredRole(final OperationCode[] opCodes) { - byte roleType = ADMIN_ROLE; - boolean requiresReader = true; - boolean requiresWriter = true; - - for (int opNum = 0; opNum < opCodes.length; opNum++) { - if (requiresReader && !readerOpsSet.contains(opCodes[opNum])) { - requiresReader = false; - } - if (requiresWriter && !writerOpsSet.contains(opCodes[opNum])) { - requiresWriter = false; - } - } - if (requiresReader) { - roleType = READER_ROLE; - } - else if (requiresWriter) { - roleType = WRITER_ROLE; - } - return roleType; - } - - @Override - protected Properties init() throws IllegalArgumentException { - if (!this.generator.classCode().isDummy()) { - throw new IllegalArgumentException("DummyAuthorization module only works with DummyAuthenticator"); - } - return null; - } - - @Override - public ClassCode classCode() { - return ClassCode.DUMMY; - } - - @Override - public String getAuthorizationCallback() { - return DummyAuthorization.class.getName() + ".create"; - } - - @Override - protected Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) { - final byte roleType = getRequiredRole(opCodes); - return getPrincipal(roleType, index); - } - - @Override - protected Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) { - byte roleType = getRequiredRole(opCodes); - byte disallowedRoleType; - switch (roleType) { - case READER_ROLE: - disallowedRoleType = WRITER_ROLE; - break; - case WRITER_ROLE: - disallowedRoleType = READER_ROLE; - break; - default: - disallowedRoleType = READER_ROLE; - break; - } - return getPrincipal(disallowedRoleType, index); - } - - @Override - protected int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames) { - return 5; - } - - private Principal getPrincipal(final byte roleType, final int index) { - String[] admins = new String[] { "root", "admin", "administrator" }; - switch (roleType) { - case READER_ROLE: - return new UsernamePrincipal("reader" + index); - case WRITER_ROLE: - return new UsernamePrincipal("writer" + index); - default: - return new UsernamePrincipal(admins[index % admins.length]); - } - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyCredentialGenerator.java deleted file mode 100755 index 77ffbd9..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyCredentialGenerator.java +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security.generator; - -import java.security.Principal; -import java.util.Properties; - -import com.gemstone.gemfire.security.templates.DummyAuthenticator; -import com.gemstone.gemfire.security.templates.UserPasswordAuthInit; - -public class DummyCredentialGenerator extends CredentialGenerator { - - @Override - protected Properties initialize() throws IllegalArgumentException { - return null; - } - - @Override - public ClassCode classCode() { - return ClassCode.DUMMY; - } - - @Override - public String getAuthInit() { - return UserPasswordAuthInit.class.getName() + ".create"; - } - - @Override - public String getAuthenticator() { - return DummyAuthenticator.class.getName() + ".create"; - } - - @Override - public Properties getValidCredentials(final int index) { - final String[] validGroups = new String[] { "admin", "user", "reader", "writer" }; - final String[] admins = new String[] { "root", "admin", "administrator" }; - - final Properties props = new Properties(); - final int groupNum = index % validGroups.length; - - String userName; - if (groupNum == 0) { - userName = admins[index % admins.length]; - } else { - userName = validGroups[groupNum] + (index / validGroups.length); - } - - props.setProperty(UserPasswordAuthInit.USER_NAME, userName); - props.setProperty(UserPasswordAuthInit.PASSWORD, userName); - return props; - } - - @Override - public Properties getValidCredentials(final Principal principal) { - final String userName = principal.getName(); - - if (DummyAuthenticator.checkValidName(userName)) { - Properties props = new Properties(); - props.setProperty(UserPasswordAuthInit.USER_NAME, userName); - props.setProperty(UserPasswordAuthInit.PASSWORD, userName); - return props; - - } else { - throw new IllegalArgumentException("Dummy: [" + userName + "] is not a valid user"); - } - } - - @Override - public Properties getInvalidCredentials(int index) { - Properties props = new Properties(); - props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index); - props.setProperty(UserPasswordAuthInit.PASSWORD, "none"); - return props; - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/generator/LdapUserCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/LdapUserCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/LdapUserCredentialGenerator.java deleted file mode 100755 index 7cde86d..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/LdapUserCredentialGenerator.java +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security.generator; - -import com.gemstone.gemfire.distributed.internal.DistributionConfig; -import com.gemstone.gemfire.internal.cache.tier.sockets.HandShake; -import com.gemstone.gemfire.internal.logging.LogService; -import com.gemstone.gemfire.security.templates.LdapUserAuthenticator; -import com.gemstone.gemfire.security.templates.UserPasswordAuthInit; -import com.gemstone.gemfire.test.dunit.Assert; -import com.gemstone.gemfire.util.test.TestUtil; -import org.apache.logging.log4j.Logger; - -import java.security.Principal; -import java.util.Properties; -import java.util.Random; - -import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; - -public class LdapUserCredentialGenerator extends CredentialGenerator { - - private static final Logger logger = LogService.getLogger(); - - private static final String USER_PREFIX = "gemfire"; - private static final Random RANDOM = new Random(); - private static final String[] CIPHERS = new String[] { "", "DESede", "AES:128", "Blowfish:128" }; - - private static boolean enableServerAuthentication = false; - - private boolean serverAuthEnabled = false; - - public LdapUserCredentialGenerator() { - // Toggle server authentication enabled for each test - // This is done instead of running all the tests with both - // server auth enabled/disabled to reduce test run time. - enableServerAuthentication = !enableServerAuthentication; - this.serverAuthEnabled = enableServerAuthentication; - } - - @Override - protected Properties initialize() throws IllegalArgumentException { - final String ldapServer = System.getProperty("gf.ldap.server", "ldap"); - final String ldapBaseDN = System.getProperty("gf.ldap.basedn", "ou=ldapTesting,dc=pune,dc=gemstone,dc=com"); - final String ldapUseSSL = System.getProperty("gf.ldap.usessl"); - - final Properties extraProps = new Properties(); - extraProps.setProperty(LdapUserAuthenticator.LDAP_SERVER_NAME, ldapServer); - extraProps.setProperty(LdapUserAuthenticator.LDAP_BASEDN_NAME, ldapBaseDN); - - if (ldapUseSSL != null && ldapUseSSL.length() > 0) { - extraProps.setProperty(LdapUserAuthenticator.LDAP_SSL_NAME, ldapUseSSL); - } - - if (serverAuthEnabled) { - String keyStoreFile = TestUtil.getResourcePath(LdapUserCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/gemfire1.keystore"); - extraProps.setProperty(HandShake.PRIVATE_KEY_FILE_PROP, keyStoreFile); - extraProps.setProperty(HandShake.PRIVATE_KEY_ALIAS_PROP, DistributionConfig.GEMFIRE_PREFIX); - extraProps.setProperty(HandShake.PRIVATE_KEY_PASSWD_PROP, "gemfire"); - } - - Assert.assertNotNull(extraProps.getProperty(LdapUserAuthenticator.LDAP_BASEDN_NAME)); - - logger.info("Generating LdapUserCredentialGenerator with {}", extraProps); - - return extraProps; - } - - @Override - public ClassCode classCode() { - return ClassCode.LDAP; - } - - @Override - public String getAuthInit() { - return UserPasswordAuthInit.class.getName() + ".create"; - } - - @Override - public String getAuthenticator() { - return LdapUserAuthenticator.class.getName() + ".create"; - } - - @Override - public Properties getValidCredentials(final int index) { - final Properties props = new Properties(); - props.setProperty(UserPasswordAuthInit.USER_NAME, USER_PREFIX + ((index % 10) + 1)); - props.setProperty(UserPasswordAuthInit.PASSWORD, USER_PREFIX + ((index % 10) + 1)); - props.setProperty(SECURITY_CLIENT_DHALGO, CIPHERS[RANDOM.nextInt(CIPHERS.length)]); - - if (serverAuthEnabled) { - final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile"); - props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile); - props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire"); - } - - return props; - } - - @Override - public Properties getValidCredentials(final Principal principal) { - Properties props = null; - final String userName = principal.getName(); - - if (userName != null && userName.startsWith(USER_PREFIX)) { - boolean isValid; - - try { - final int suffix = Integer.parseInt(userName.substring(USER_PREFIX.length())); - isValid = (suffix >= 1 && suffix <= 10); - } catch (Exception ex) { - isValid = false; - } - - if (isValid) { - props = new Properties(); - props.setProperty(UserPasswordAuthInit.USER_NAME, userName); - props.setProperty(UserPasswordAuthInit.PASSWORD, userName); - } - } - - if (props == null) { - throw new IllegalArgumentException("LDAP: [" + userName + "] not a valid user"); - } - - props.setProperty(SECURITY_CLIENT_DHALGO, CIPHERS[RANDOM.nextInt(CIPHERS.length)]); - - if (serverAuthEnabled) { - final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile"); - props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile); - props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire"); - } - - return props; - } - - @Override - public Properties getInvalidCredentials(final int index) { - final Properties props = new Properties(); - props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index); - props.setProperty(UserPasswordAuthInit.PASSWORD, "none"); - props.setProperty(SECURITY_CLIENT_DHALGO, CIPHERS[RANDOM.nextInt(CIPHERS.length)]); - - if (serverAuthEnabled) { - final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile"); - props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile); - props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire"); - } - - return props; - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/generator/PKCSCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/PKCSCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/PKCSCredentialGenerator.java deleted file mode 100755 index 09381b8..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/PKCSCredentialGenerator.java +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security.generator; - -import java.security.Principal; -import java.security.Provider; -import java.security.Security; -import java.util.Properties; - -import com.gemstone.gemfire.security.templates.PKCSAuthInit; -import com.gemstone.gemfire.security.templates.PKCSAuthenticator; -import com.gemstone.gemfire.util.test.TestUtil; - -public class PKCSCredentialGenerator extends CredentialGenerator { - - public static String keyStoreDir = getKeyStoreDir(); - public static boolean usesIBMJSSE; - - // Checks if the current JVM uses only IBM JSSE providers. - private static boolean usesIBMProviders() { - final Provider[] providers = Security.getProviders(); - for (int index = 0; index < providers.length; ++index) { - if (!providers[index].getName().toLowerCase().startsWith("ibm")) { - return false; - } - } - return true; - } - - private static String getKeyStoreDir() { - usesIBMJSSE = usesIBMProviders(); - if (usesIBMJSSE) { - return "/com/gemstone/gemfire/security/generator/keys/ibm"; - } else { - return "/com/gemstone/gemfire/security/generator/keys"; - } - } - - @Override - protected Properties initialize() throws IllegalArgumentException { - final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/publickeyfile"); - - final Properties props = new Properties(); - props.setProperty(PKCSAuthenticator.PUBLIC_KEY_FILE, keyStoreFile); - props.setProperty(PKCSAuthenticator.PUBLIC_KEYSTORE_PASSWORD, "gemfire"); - - return props; - } - - @Override - public ClassCode classCode() { - return ClassCode.PKCS; - } - - @Override - public String getAuthInit() { - return PKCSAuthInit.class.getName() + ".create"; - } - - @Override - public String getAuthenticator() { - return PKCSAuthenticator.class.getName() + ".create"; - } - - @Override - public Properties getInvalidCredentials(int index) { - final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire11.keystore"); - - final Properties props = new Properties(); - props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile); - props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire11"); - props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire"); - - return props; - } - - @Override - public Properties getValidCredentials(int index) { - final int aliasnum = (index % 10) + 1; - final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire" + aliasnum + ".keystore"); - - final Properties props = new Properties(); - props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile); - props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire" + aliasnum); - props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire"); - - return props; - } - - @Override - public Properties getValidCredentials(Principal principal) { - final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + principal.getName() + ".keystore"); - - final Properties props = new Properties(); - props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile); - props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, principal.getName()); - props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire"); - - return props; - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/generator/SSLCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/SSLCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/SSLCredentialGenerator.java deleted file mode 100755 index 6b6e3de..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/SSLCredentialGenerator.java +++ /dev/null @@ -1,123 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security.generator; - -import com.gemstone.gemfire.internal.logging.LogService; -import com.gemstone.gemfire.security.AuthenticationFailedException; -import org.apache.logging.log4j.Logger; - -import java.io.File; -import java.io.IOException; -import java.security.Principal; -import java.util.Properties; - -import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; - -public class SSLCredentialGenerator extends CredentialGenerator { - - private static final Logger logger = LogService.getLogger(); - - @Override - protected Properties initialize() throws IllegalArgumentException { - this.javaProperties = getValidJavaSSLProperties(); - return getSSLProperties(); - } - - @Override - public ClassCode classCode() { - return ClassCode.SSL; - } - - @Override - public String getAuthInit() { - return null; - } - - @Override - public String getAuthenticator() { - return null; - } - - @Override - public Properties getValidCredentials(int index) { - this.javaProperties = getValidJavaSSLProperties(); - return getSSLProperties(); - } - - @Override - public Properties getValidCredentials(final Principal principal) { - this.javaProperties = getValidJavaSSLProperties(); - return getSSLProperties(); - } - - @Override - public Properties getInvalidCredentials(final int index) { - this.javaProperties = getInvalidJavaSSLProperties(); - return getSSLProperties(); - } - - private File findTrustedJKS() { - final File ssldir = new File(System.getProperty("JTESTS") + "/ssl"); - return new File(ssldir, "trusted.keystore"); - } - - private File findUntrustedJKS() { - final File ssldir = new File(System.getProperty("JTESTS") + "/ssl"); - return new File(ssldir, "untrusted.keystore"); - } - - private Properties getValidJavaSSLProperties() { - final File jks = findTrustedJKS(); - - try { - final Properties props = new Properties(); - props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath()); - props.setProperty("javax.net.ssl.trustStorePassword", "password"); - props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath()); - props.setProperty("javax.net.ssl.keyStorePassword", "password"); - return props; - - } catch (IOException ex) { - throw new AuthenticationFailedException("SSL: Exception while opening the key store: " + ex.getMessage(), ex); - } - } - - private Properties getInvalidJavaSSLProperties() { - final File jks = findUntrustedJKS(); - - try { - final Properties props = new Properties(); - props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath()); - props.setProperty("javax.net.ssl.trustStorePassword", "password"); - props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath()); - props.setProperty("javax.net.ssl.keyStorePassword", "password"); - return props; - - } catch (IOException ex) { - throw new AuthenticationFailedException("SSL: Exception while opening the key store: " + ex.getMessage(), ex); - } - } - - private Properties getSSLProperties() { - Properties props = new Properties(); - props.setProperty(CLUSTER_SSL_CIPHERS, "true"); - props.setProperty(CLUSTER_SSL_REQUIRE_AUTHENTICATION, "true"); - props.setProperty(CLUSTER_SSL_CIPHERS, "SSL_RSA_WITH_3DES_EDE_CBC_SHA"); - props.setProperty(CLUSTER_SSL_PROTOCOLS, "TLSv1"); - return props; - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/generator/UserPasswordWithExtraPropsAuthInit.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/UserPasswordWithExtraPropsAuthInit.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/UserPasswordWithExtraPropsAuthInit.java deleted file mode 100755 index 1240533..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/UserPasswordWithExtraPropsAuthInit.java +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security.generator; - -import com.gemstone.gemfire.distributed.DistributedMember; -import com.gemstone.gemfire.distributed.internal.DistributionConfig; -import com.gemstone.gemfire.security.AuthInitialize; -import com.gemstone.gemfire.security.AuthenticationFailedException; -import com.gemstone.gemfire.security.templates.UserPasswordAuthInit; - -import java.util.Iterator; -import java.util.Properties; - -/** - * An {@link AuthInitialize} implementation that obtains the user name and - * password as the credentials from the given set of properties. If - * keep-extra-props property exits, it will copy rest of the - * properties provided in getCredential props argument will also be - * copied as new credentials. - * - * @since GemFire 5.5 - */ -public class UserPasswordWithExtraPropsAuthInit extends UserPasswordAuthInit { - - public static final String SECURITY_PREFIX = DistributionConfig.SECURITY_PREFIX_NAME; - public static final String EXTRA_PROPS = "security-keep-extra-props"; - - public static AuthInitialize create() { - return new UserPasswordWithExtraPropsAuthInit(); - } - - public UserPasswordWithExtraPropsAuthInit() { - super(); - } - - @Override - public Properties getCredentials(final Properties securityProperties, final DistributedMember server, final boolean isPeer) throws AuthenticationFailedException { - final Properties securityPropertiesCopy = super.getCredentials(securityProperties, server, isPeer); - final String extraProps = securityProperties.getProperty(EXTRA_PROPS); - - if (extraProps != null) { - for (Iterator it = securityProperties.keySet().iterator(); it.hasNext();) { - final String key = (String) it.next(); - if (key.startsWith(SECURITY_PREFIX) && - key.equalsIgnoreCase(USER_NAME) == false && - key.equalsIgnoreCase(PASSWORD) == false && - key.equalsIgnoreCase(EXTRA_PROPS) == false) { - securityPropertiesCopy.setProperty(key, securityProperties.getProperty(key)); - } - } - this.securityLogWriter.fine("got everything and now have: " + securityPropertiesCopy.keySet().toString()); - } - - return securityPropertiesCopy; - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/generator/XmlAuthzCredentialGenerator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/XmlAuthzCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/XmlAuthzCredentialGenerator.java deleted file mode 100755 index 7dcf5ae..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/XmlAuthzCredentialGenerator.java +++ /dev/null @@ -1,257 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security.generator; - -import java.security.Principal; -import java.util.HashSet; -import java.util.Properties; -import java.util.Set; - -import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; -import com.gemstone.gemfire.security.templates.UsernamePrincipal; -import com.gemstone.gemfire.security.templates.XmlAuthorization; -import com.gemstone.gemfire.util.test.TestUtil; - -public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator { - - private static final String dummyXml = "authz-dummy.xml"; - private static final String ldapXml = "authz-ldap.xml"; - private static final String pkcsXml = "authz-pkcs.xml"; - private static final String sslXml = "authz-ssl.xml"; - - private static final String[] QUERY_REGIONS = { "/Portfolios", "/Positions", "/AuthRegion" }; - - public static OperationCode[] READER_OPS = { - OperationCode.GET, - OperationCode.REGISTER_INTEREST, - OperationCode.UNREGISTER_INTEREST, - OperationCode.KEY_SET, - OperationCode.CONTAINS_KEY, - OperationCode.EXECUTE_FUNCTION }; - - public static OperationCode[] WRITER_OPS = { - OperationCode.PUT, - OperationCode.DESTROY, - OperationCode.INVALIDATE, - OperationCode.REGION_CLEAR }; - - public static OperationCode[] QUERY_OPS = { - OperationCode.QUERY, - OperationCode.EXECUTE_CQ, - OperationCode.STOP_CQ, - OperationCode.CLOSE_CQ }; - - private static final byte READER_ROLE = 1; - private static final byte WRITER_ROLE = 2; - private static final byte QUERY_ROLE = 3; - private static final byte ADMIN_ROLE = 4; - - private static Set readerOpsSet; - private static Set writerOpsSet; - private static Set queryOpsSet; - private static Set queryRegionSet; - - static { - readerOpsSet = new HashSet(); - for (int index = 0; index < READER_OPS.length; index++) { - readerOpsSet.add(READER_OPS[index]); - } - - writerOpsSet = new HashSet(); - for (int index = 0; index < WRITER_OPS.length; index++) { - writerOpsSet.add(WRITER_OPS[index]); - } - - queryOpsSet = new HashSet(); - for (int index = 0; index < QUERY_OPS.length; index++) { - queryOpsSet.add(QUERY_OPS[index]); - } - - queryRegionSet = new HashSet(); - for (int index = 0; index < QUERY_REGIONS.length; index++) { - queryRegionSet.add(QUERY_REGIONS[index]); - } - } - - @Override - protected Properties init() throws IllegalArgumentException { - final Properties sysProps = new Properties(); - final String dirName = "/com/gemstone/gemfire/security/generator/"; - - if (this.generator.classCode().isDummy()) { - final String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + dummyXml); - sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename); - - } else if (this.generator.classCode().isLDAP()) { - final String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + ldapXml); - sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename); - - // } else if (this.generator.classCode().isPKCS()) { - // sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + pkcsXml); - // } - // } else if (this.generator.classCode().isSSL()) { - // sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + sslXml); - // } - - } else { - throw new IllegalArgumentException("No XML defined for XmlAuthorization module to work with " + this.generator.getAuthenticator()); - } - return sysProps; - } - - @Override - public ClassCode classCode() { - return ClassCode.XML; - } - - @Override - public String getAuthorizationCallback() { - return XmlAuthorization.class.getName() + ".create"; - } - - private Principal getDummyPrincipal(final byte roleType, final int index) { - final String[] admins = new String[] { "root", "admin", "administrator" }; - final int numReaders = 3; - final int numWriters = 3; - - switch (roleType) { - case READER_ROLE: - return new UsernamePrincipal("reader" + (index % numReaders)); - case WRITER_ROLE: - return new UsernamePrincipal("writer" + (index % numWriters)); - case QUERY_ROLE: - return new UsernamePrincipal("reader" + ((index % 2) + 3)); - default: - return new UsernamePrincipal(admins[index % admins.length]); - } - } - - @Override - protected Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) { - if (this.generator.classCode().isDummy()) { - final byte roleType = getRequiredRole(opCodes, regionNames); - return getDummyPrincipal(roleType, index); - - } else if (this.generator.classCode().isLDAP()) { - final byte roleType = getRequiredRole(opCodes, regionNames); - return getLdapPrincipal(roleType, index); - } - - return null; - } - - @Override - protected Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) { - final byte roleType = getRequiredRole(opCodes, regionNames); - - byte disallowedRoleType = READER_ROLE; - switch (roleType) { - case READER_ROLE: - disallowedRoleType = WRITER_ROLE; - break; - case WRITER_ROLE: - disallowedRoleType = READER_ROLE; - break; - case QUERY_ROLE: - disallowedRoleType = READER_ROLE; - break; - case ADMIN_ROLE: - disallowedRoleType = READER_ROLE; - break; - } - - if (this.generator.classCode().isDummy()) { - return getDummyPrincipal(disallowedRoleType, index); - - } else if (this.generator.classCode().isLDAP()) { - return getLdapPrincipal(disallowedRoleType, index); - } - - return null; - } - - @Override - protected int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames) { - return 5; - } - - private Principal getLdapPrincipal(final byte roleType, final int index) { - final String userPrefix = "gemfire"; - final int[] readerIndices = { 3, 4, 5 }; - final int[] writerIndices = { 6, 7, 8 }; - final int[] queryIndices = { 9, 10 }; - final int[] adminIndices = { 1, 2 }; - - switch (roleType) { - case READER_ROLE: - int readerIndex = readerIndices[index % readerIndices.length]; - return new UsernamePrincipal(userPrefix + readerIndex); - case WRITER_ROLE: - int writerIndex = writerIndices[index % writerIndices.length]; - return new UsernamePrincipal(userPrefix + writerIndex); - case QUERY_ROLE: - int queryIndex = queryIndices[index % queryIndices.length]; - return new UsernamePrincipal(userPrefix + queryIndex); - default: - int adminIndex = adminIndices[index % adminIndices.length]; - return new UsernamePrincipal(userPrefix + adminIndex); - } - } - - private byte getRequiredRole(final OperationCode[] opCodes, final String[] regionNames) { - byte roleType = ADMIN_ROLE; - boolean requiresReader = true; - boolean requiresWriter = true; - boolean requiresQuery = true; - - for (int opNum = 0; opNum < opCodes.length; opNum++) { - final OperationCode opCode = opCodes[opNum]; - if (requiresReader && !readerOpsSet.contains(opCode)) { - requiresReader = false; - } - if (requiresWriter && !writerOpsSet.contains(opCode)) { - requiresWriter = false; - } - if (requiresQuery && !queryOpsSet.contains(opCode)) { - requiresQuery = false; - } - } - - if (requiresReader) { - roleType = READER_ROLE; - - } else if (requiresWriter) { - roleType = WRITER_ROLE; - - } else if (requiresQuery) { - if (regionNames != null && regionNames.length > 0) { - for (int index = 0; index < regionNames.length; index++) { - final String regionName = XmlAuthorization.normalizeRegionName(regionNames[index]); - if (requiresQuery && !queryRegionSet.contains(regionName)) { - requiresQuery = false; - break; - } - } - if (requiresQuery) { - roleType = QUERY_ROLE; - } - } - } - - return roleType; - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/DummyAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/DummyAuthenticator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/DummyAuthenticator.java deleted file mode 100755 index f086b67..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/DummyAuthenticator.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security.templates; - -import java.security.Principal; -import java.util.Properties; - -import com.gemstone.gemfire.LogWriter; -import com.gemstone.gemfire.distributed.DistributedMember; -import com.gemstone.gemfire.security.AuthenticationFailedException; -import com.gemstone.gemfire.security.Authenticator; - -/** - * A dummy implementation of the {@link Authenticator} interface that expects a - * user name and password allowing authentication depending on the format of the - * user name. - * - * @since GemFire 5.5 - */ -public class DummyAuthenticator implements Authenticator { - - public static Authenticator create() { - return new DummyAuthenticator(); - } - - public static boolean checkValidName(final String userName) { - return userName.startsWith("user") || - userName.startsWith("reader") || - userName.startsWith("writer") || - userName.equals("admin") || - userName.equals("root") || - userName.equals("administrator"); - } - - @Override - public void init(final Properties securityProperties, final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException { - } - - @Override - public Principal authenticate(final Properties credentials, final DistributedMember member) throws AuthenticationFailedException { - final String userName = credentials.getProperty(UserPasswordAuthInit.USER_NAME); - if (userName == null) { - throw new AuthenticationFailedException("DummyAuthenticator: user name property [" + UserPasswordAuthInit.USER_NAME + "] not provided"); - } - - final String password = credentials.getProperty(UserPasswordAuthInit.PASSWORD); - if (password == null) { - throw new AuthenticationFailedException( "DummyAuthenticator: password property [" + UserPasswordAuthInit.PASSWORD + "] not provided"); - } - - if (userName.equals(password) && checkValidName(userName)) { - return new UsernamePrincipal(userName); - } else { - throw new AuthenticationFailedException("DummyAuthenticator: Invalid user name [" + userName + "], password supplied."); - } - } - - @Override - public void close() { - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/DummyAuthorization.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/DummyAuthorization.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/DummyAuthorization.java deleted file mode 100755 index df08676..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/DummyAuthorization.java +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security.templates; - -import java.security.Principal; -import java.util.HashSet; -import java.util.Set; - -import com.gemstone.gemfire.LogWriter; -import com.gemstone.gemfire.cache.Cache; -import com.gemstone.gemfire.cache.operations.OperationContext; -import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode; -import com.gemstone.gemfire.distributed.DistributedMember; -import com.gemstone.gemfire.security.AccessControl; -import com.gemstone.gemfire.security.NotAuthorizedException; - -/** - * A dummy implementation of the {@code AccessControl} interface that - * allows authorization depending on the format of the {@code Principal} - * string. - * - * @since GemFire 5.5 - */ -public class DummyAuthorization implements AccessControl { - - private Set allowedOps; - private DistributedMember remoteMember; - private LogWriter securityLogWriter; - - public static final OperationCode[] READER_OPS = { - OperationCode.GET, - OperationCode.QUERY, - OperationCode.EXECUTE_CQ, - OperationCode.CLOSE_CQ, - OperationCode.STOP_CQ, - OperationCode.REGISTER_INTEREST, - OperationCode.UNREGISTER_INTEREST, - OperationCode.KEY_SET, - OperationCode.CONTAINS_KEY, - OperationCode.EXECUTE_FUNCTION }; - - public static final OperationCode[] WRITER_OPS = { - OperationCode.PUT, - OperationCode.PUTALL, - OperationCode.DESTROY, - OperationCode.INVALIDATE, - OperationCode.REGION_CLEAR }; - - public static AccessControl create() { - return new DummyAuthorization(); - } - - public DummyAuthorization() { - this.allowedOps = new HashSet(20); - } - - @Override - public void init(final Principal principal, final DistributedMember remoteMember, final Cache cache) throws NotAuthorizedException { - if (principal != null) { - - final String name = principal.getName().toLowerCase(); - - if (name != null) { - - if (name.equals("root") || name.equals("admin") || name.equals("administrator")) { - addReaderOps(); - addWriterOps(); - this.allowedOps.add(OperationCode.REGION_CREATE); - this.allowedOps.add(OperationCode.REGION_DESTROY); - - } else if (name.startsWith("writer")) { - addWriterOps(); - - } else if (name.startsWith("reader")) { - addReaderOps(); - } - - } - } - - this.remoteMember = remoteMember; - this.securityLogWriter = cache.getSecurityLogger(); - } - - @Override - public boolean authorizeOperation(String regionName, OperationContext context) { - final OperationCode opCode = context.getOperationCode(); - this.securityLogWriter.fine("Invoked authorize operation for [" + opCode + "] in region [" + regionName + "] for client: " + remoteMember); - return this.allowedOps.contains(opCode); - } - - @Override - public void close() { - this.allowedOps.clear(); - } - - private void addReaderOps() { - for (int index = 0; index < READER_OPS.length; index++) { - this.allowedOps.add(READER_OPS[index]); - } - } - - private void addWriterOps() { - for (int index = 0; index < WRITER_OPS.length; index++) { - this.allowedOps.add(WRITER_OPS[index]); - } - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/FunctionSecurityPrmsHolder.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/FunctionSecurityPrmsHolder.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/FunctionSecurityPrmsHolder.java deleted file mode 100755 index 275a4ad..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/FunctionSecurityPrmsHolder.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security.templates; - -import java.util.Set; - -/** - * This is a sample class for objects which hold information of the authorized - * function names and authorized value for the {@code optimizeForWrite}. - * - * @since GemFire 6.0 - */ -public class FunctionSecurityPrmsHolder { - - private final Boolean optimizeForWrite; - private final Set functionIds; - private final Set keySet; - - public FunctionSecurityPrmsHolder(final Boolean optimizeForWrite, final Set functionIds, final Set keySet) { - this.optimizeForWrite = optimizeForWrite; - this.functionIds = functionIds; - this.keySet = keySet; - } - - public Boolean isOptimizeForWrite() { - return this.optimizeForWrite; - } - - public Set getFunctionIds() { - return this.functionIds; - } - - public Set getKeySet() { - return this.keySet; - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/LdapUserAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/LdapUserAuthenticator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/LdapUserAuthenticator.java deleted file mode 100755 index a9e875e..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/LdapUserAuthenticator.java +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security.templates; - -import java.security.Principal; -import java.util.Properties; -import javax.naming.Context; -import javax.naming.directory.DirContext; -import javax.naming.directory.InitialDirContext; - -import org.apache.logging.log4j.Logger; - -import com.gemstone.gemfire.LogWriter; -import com.gemstone.gemfire.distributed.DistributedMember; -import com.gemstone.gemfire.internal.logging.LogService; -import com.gemstone.gemfire.security.AuthenticationFailedException; -import com.gemstone.gemfire.security.Authenticator; - -/** - * An implementation of {@link Authenticator} that uses LDAP. - * - * @since GemFire 5.5 - */ -public class LdapUserAuthenticator implements Authenticator { - - private static final Logger logger = LogService.getLogger(); - - public static final String LDAP_SERVER_NAME = "security-ldap-server"; - public static final String LDAP_BASEDN_NAME = "security-ldap-basedn"; - public static final String LDAP_SSL_NAME = "security-ldap-usessl"; - - private String ldapServer = null; - private String baseDomainName = null; - private String ldapUrlScheme = null; - - public static Authenticator create() { - return new LdapUserAuthenticator(); - } - - @Override - public void init(final Properties securityProps, final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException { - logger.info("Initializing LdapUserAuthenticator with {}", securityProps); - - this.ldapServer = securityProps.getProperty(LDAP_SERVER_NAME); - if (this.ldapServer == null || this.ldapServer.length() == 0) { - throw new AuthenticationFailedException("LdapUserAuthenticator: LDAP server property [" + LDAP_SERVER_NAME + "] not specified"); - } - - this.baseDomainName = securityProps.getProperty(LDAP_BASEDN_NAME); - if (this.baseDomainName == null || this.baseDomainName.length() == 0) { - throw new AuthenticationFailedException("LdapUserAuthenticator: LDAP base DN property [" + LDAP_BASEDN_NAME + "] not specified"); - } - - final String sslName = securityProps.getProperty(LDAP_SSL_NAME); - if (sslName != null && sslName.toLowerCase().equals("true")) { - this.ldapUrlScheme = "ldaps://"; - } else { - this.ldapUrlScheme = "ldap://"; - } - } - - @Override - public Principal authenticate(final Properties credentials, final DistributedMember member) { - final String userName = credentials.getProperty(UserPasswordAuthInit.USER_NAME); - if (userName == null) { - throw new AuthenticationFailedException("LdapUserAuthenticator: user name property [" + UserPasswordAuthInit.USER_NAME + "] not provided"); - } - - String password = credentials.getProperty(UserPasswordAuthInit.PASSWORD); - if (password == null) { - password = ""; - } - - final Properties env = new Properties(); - env.put(Context.INITIAL_CONTEXT_FACTORY, com.sun.jndi.ldap.LdapCtxFactory.class.getName()); - env.put(Context.PROVIDER_URL, this.ldapUrlScheme + this.ldapServer + '/' + this.baseDomainName); - env.put(Context.SECURITY_PRINCIPAL, "uid=" + userName + "," + this.baseDomainName); - env.put(Context.SECURITY_CREDENTIALS, password); - - try { - final DirContext ctx = new InitialDirContext(env); - ctx.close(); - } catch (Exception e) { - throw new AuthenticationFailedException("LdapUserAuthenticator: Failure with provided username, password combination for user name: " + userName, e); - } - - return new UsernamePrincipal(userName); - } - - @Override - public void close() { - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSAuthInit.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSAuthInit.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSAuthInit.java deleted file mode 100755 index f58d305..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSAuthInit.java +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security.templates; - -import java.io.FileInputStream; -import java.security.Key; -import java.security.KeyStore; -import java.security.PrivateKey; -import java.security.Signature; -import java.security.cert.X509Certificate; -import java.util.Properties; - -import org.apache.logging.log4j.Logger; - -import com.gemstone.gemfire.LogWriter; -import com.gemstone.gemfire.distributed.DistributedMember; -import com.gemstone.gemfire.internal.logging.LogService; -import com.gemstone.gemfire.security.AuthInitialize; -import com.gemstone.gemfire.security.AuthenticationFailedException; - -/** - * An {@link AuthInitialize} implementation that obtains the digital signature - * for use with PKCS scheme on server from the given set of properties. - * - * To use this class the {@code security-client-auth-init} property should be - * set to the fully qualified name the static {@code create} function - * viz. {@code com.gemstone.gemfire.security.templates.PKCSAuthInit.create} - * - * @since GemFire 5.5 - */ -public class PKCSAuthInit implements AuthInitialize { - - private static final Logger logger = LogService.getLogger(); - - public static final String KEYSTORE_FILE_PATH = "security-keystorepath"; - public static final String KEYSTORE_ALIAS = "security-alias"; - public static final String KEYSTORE_PASSWORD = "security-keystorepass"; - public static final String SIGNATURE_DATA = "security-signature"; - - protected LogWriter systemLogWriter; - protected LogWriter securityLogWriter; - - public static AuthInitialize create() { - return new PKCSAuthInit(); - } - - @Override - public void init(final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException { - this.systemLogWriter = systemLogWriter; - this.securityLogWriter = securityLogWriter; - } - - @Override - public Properties getCredentials(final Properties securityProperties, final DistributedMember server, final boolean isPeer) throws AuthenticationFailedException { - final String keyStorePath = securityProperties.getProperty(KEYSTORE_FILE_PATH); - if (keyStorePath == null) { - throw new AuthenticationFailedException("PKCSAuthInit: key-store file path property [" + KEYSTORE_FILE_PATH + "] not set."); - } - - final String alias = securityProperties.getProperty(KEYSTORE_ALIAS); - if (alias == null) { - throw new AuthenticationFailedException("PKCSAuthInit: key alias name property [" + KEYSTORE_ALIAS + "] not set."); - } - - final String keyStorePass = securityProperties.getProperty(KEYSTORE_PASSWORD); - - try { - final KeyStore ks = KeyStore.getInstance("PKCS12"); - final char[] passPhrase = (keyStorePass != null ? keyStorePass.toCharArray() : null); - final FileInputStream certificatefile = new FileInputStream(keyStorePath); - - try { - ks.load(certificatefile, passPhrase); - } finally { - certificatefile.close(); - } - - final Key key = ks.getKey(alias, passPhrase); - - if (key instanceof PrivateKey) { - final PrivateKey privKey = (PrivateKey)key; - final X509Certificate cert = (X509Certificate)ks.getCertificate(alias); - final Signature sig = Signature.getInstance(cert.getSigAlgName()); - - sig.initSign(privKey); - sig.update(alias.getBytes("UTF-8")); - final byte[] signatureBytes = sig.sign(); - - final Properties newprops = new Properties(); - newprops.put(KEYSTORE_ALIAS, alias); - newprops.put(SIGNATURE_DATA, signatureBytes); - return newprops; - - } else { - throw new AuthenticationFailedException("PKCSAuthInit: " + "Failed to load private key from the given file: " + keyStorePath); - } - - } catch (Exception ex) { - throw new AuthenticationFailedException("PKCSAuthInit: Exception while getting credentials: " + ex, ex); - } - } - - @Override - public void close() { - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSAuthenticator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSAuthenticator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSAuthenticator.java deleted file mode 100755 index ac5939d..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSAuthenticator.java +++ /dev/null @@ -1,158 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security.templates; - -import java.io.FileInputStream; -import java.security.KeyStore; -import java.security.NoSuchAlgorithmException; -import java.security.Principal; -import java.security.Signature; -import java.security.cert.Certificate; -import java.security.cert.X509Certificate; -import java.security.spec.InvalidKeySpecException; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Map; -import java.util.Properties; - -import org.apache.logging.log4j.Logger; - -import com.gemstone.gemfire.LogWriter; -import com.gemstone.gemfire.distributed.DistributedMember; -import com.gemstone.gemfire.internal.logging.LogService; -import com.gemstone.gemfire.security.AuthenticationFailedException; -import com.gemstone.gemfire.security.Authenticator; - -/** - * An implementation of {@link Authenticator} that uses PKCS. - */ -public class PKCSAuthenticator implements Authenticator { - - private static final Logger logger = LogService.getLogger(); - - public static final String PUBLIC_KEY_FILE = "security-publickey-filepath"; - public static final String PUBLIC_KEYSTORE_PASSWORD = "security-publickey-pass"; - - private String pubKeyFilePath; - private String pubKeyPass; - private Map aliasCertificateMap; - - private LogWriter systemLogWriter; - private LogWriter securityLogWriter; - - public static Authenticator create() { - return new PKCSAuthenticator(); - } - - @Override - public void init(final Properties securityProperties, final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException { - this.systemLogWriter = systemLogWriter; - this.securityLogWriter = securityLogWriter; - - this.pubKeyFilePath = securityProperties.getProperty(PUBLIC_KEY_FILE); - if (this.pubKeyFilePath == null) { - throw new AuthenticationFailedException("PKCSAuthenticator: property " + PUBLIC_KEY_FILE + " not specified as the public key file."); - } - - this.pubKeyPass = securityProperties.getProperty(PUBLIC_KEYSTORE_PASSWORD); - this.aliasCertificateMap = new HashMap(); - - populateMap(); - } - - @Override - public Principal authenticate(final Properties credentials, final DistributedMember member) throws AuthenticationFailedException { - final String alias = (String)credentials.get(PKCSAuthInit.KEYSTORE_ALIAS); - if (alias == null || alias.length() <= 0) { - throw new AuthenticationFailedException("No alias received"); - } - - try { - final X509Certificate cert = getCertificate(alias); - if (cert == null) { - throw newException("No certificate found for alias:" + alias); - } - - final byte[] signatureBytes = (byte[])credentials.get(PKCSAuthInit.SIGNATURE_DATA); - if (signatureBytes == null) { - throw newException("signature data property [" + PKCSAuthInit.SIGNATURE_DATA + "] not provided"); - } - - final Signature sig = Signature.getInstance(cert.getSigAlgName()); - sig.initVerify(cert); - sig.update(alias.getBytes("UTF-8")); - - if (!sig.verify(signatureBytes)) { - throw newException("verification of client signature failed"); - } - - return new PKCSPrincipal(alias); - - } catch (Exception ex) { - throw newException(ex.toString(), ex); - } - } - - @Override - public void close() { - } - - private void populateMap() { - try { - final KeyStore keyStore = KeyStore.getInstance("JKS"); - final char[] passPhrase = this.pubKeyPass != null ? this.pubKeyPass.toCharArray() : null; - final FileInputStream keyStoreFile = new FileInputStream(this.pubKeyFilePath); - - try { - keyStore.load(keyStoreFile, passPhrase); - } finally { - keyStoreFile.close(); - } - - for (Enumeration e = keyStore.aliases(); e.hasMoreElements();) { - final Object alias = e.nextElement(); - final Certificate cert = keyStore.getCertificate((String)alias); - if (cert instanceof X509Certificate) { - this.aliasCertificateMap.put(alias, cert); - } - } - - } catch (Exception e) { - throw new AuthenticationFailedException("Exception while getting public keys: " + e.getMessage(), e); - } - } - - private AuthenticationFailedException newException(final String message, final Exception cause) { - final String fullMessage = "PKCSAuthenticator: Authentication of client failed due to: " + message; - if (cause != null) { - return new AuthenticationFailedException(fullMessage, cause); - } else { - return new AuthenticationFailedException(fullMessage); - } - } - - private AuthenticationFailedException newException(final String message) { - return newException(message, null); - } - - private X509Certificate getCertificate(final String alias) throws NoSuchAlgorithmException, InvalidKeySpecException { - if (this.aliasCertificateMap.containsKey(alias)) { - return (X509Certificate) this.aliasCertificateMap.get(alias); - } - return null; - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSPrincipal.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSPrincipal.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSPrincipal.java deleted file mode 100755 index 4a6c45e..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSPrincipal.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.gemstone.gemfire.security.templates; - -import java.io.Serializable; -import java.security.Principal; - -public class PKCSPrincipal implements Principal, Serializable { - - private final String alias; - - public PKCSPrincipal(final String alias) { - this.alias = alias; - } - - @Override - public String getName() { - return this.alias; - } - - @Override - public String toString() { - return this.alias; - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSPrincipalTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSPrincipalTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSPrincipalTest.java deleted file mode 100644 index 95cd99c..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/PKCSPrincipalTest.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security.templates; - -import static org.assertj.core.api.Assertions.*; - -import java.io.Serializable; - -import org.apache.commons.lang.SerializationUtils; -import org.junit.Test; -import org.junit.experimental.categories.Category; - -import com.gemstone.gemfire.test.junit.categories.SecurityTest; -import com.gemstone.gemfire.test.junit.categories.UnitTest; - -/** - * Unit tests for {@link PKCSPrincipal} - */ -@Category({ UnitTest.class, SecurityTest.class }) -public class PKCSPrincipalTest { - - @Test - public void isSerializable() throws Exception { - assertThat(PKCSPrincipal.class).isInstanceOf(Serializable.class); - } - - @Test - public void canBeSerialized() throws Exception { - String name = "jsmith"; - PKCSPrincipal instance = new PKCSPrincipal(name); - - PKCSPrincipal cloned = (PKCSPrincipal) SerializationUtils.clone(instance); - - assertThat(cloned.getName()).isEqualTo(name); - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UserPasswordAuthInit.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UserPasswordAuthInit.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UserPasswordAuthInit.java deleted file mode 100755 index 76c6987..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UserPasswordAuthInit.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security.templates; - -import java.util.Properties; - -import com.gemstone.gemfire.LogWriter; -import com.gemstone.gemfire.distributed.DistributedMember; -import com.gemstone.gemfire.security.AuthInitialize; -import com.gemstone.gemfire.security.AuthenticationFailedException; - -/** - * An {@link AuthInitialize} implementation that obtains the user name and - * password as the credentials from the given set of properties. - * - * To use this class the {@code security-client-auth-init} property should be - * set to the fully qualified name the static {@code create} method - * viz. {@code com.gemstone.gemfire.security.templates.UserPasswordAuthInit.create} - * - * @since GemFire 5.5 - */ -public class UserPasswordAuthInit implements AuthInitialize { - - public static final String USER_NAME = "security-username"; - public static final String PASSWORD = "security-password"; - - protected LogWriter systemLogWriter; - protected LogWriter securityLogWriter; - - public static AuthInitialize create() { - return new UserPasswordAuthInit(); - } - - @Override - public void init(final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException { - this.systemLogWriter = systemLogWriter; - this.securityLogWriter = securityLogWriter; - } - - @Override - public Properties getCredentials(final Properties securityProperties, final DistributedMember server, final boolean isPeer) throws AuthenticationFailedException { - String userName = securityProperties.getProperty(USER_NAME); - if (userName == null) { - throw new AuthenticationFailedException("UserPasswordAuthInit: user name property [" + USER_NAME + "] not set."); - } - - String password = securityProperties.getProperty(PASSWORD); - if (password == null) { - password = ""; - } - - Properties securityPropertiesCopy = new Properties(); - securityPropertiesCopy.setProperty(USER_NAME, userName); - securityPropertiesCopy.setProperty(PASSWORD, password); - return securityPropertiesCopy; - } - - @Override - public void close() { - } -} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UsernamePrincipal.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UsernamePrincipal.java b/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UsernamePrincipal.java deleted file mode 100755 index 4eefe46..0000000 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/templates/UsernamePrincipal.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.gemstone.gemfire.security.templates; - -import java.io.Serializable; -import java.security.Principal; - -/** - * An implementation of {@link Principal} class for a simple user name. - * - * @since GemFire 5.5 - */ -public class UsernamePrincipal implements Principal, Serializable { - - private final String userName; - - public UsernamePrincipal(final String userName) { - this.userName = userName; - } - - @Override - public String getName() { - return this.userName; - } - - @Override - public String toString() { - return this.userName; - } -}