Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id BEF37200C0E for ; Wed, 1 Feb 2017 21:39:06 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id BD7C2160B46; Wed, 1 Feb 2017 20:39:06 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 93EE5160B41 for ; Wed, 1 Feb 2017 21:39:05 +0100 (CET) Received: (qmail 22341 invoked by uid 500); 1 Feb 2017 20:39:04 -0000 Mailing-List: contact commits-help@ranger.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ranger.apache.org Delivered-To: mailing list commits@ranger.apache.org Received: (qmail 22332 invoked by uid 99); 1 Feb 2017 20:39:04 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Feb 2017 20:39:04 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 799FEDFBDB; Wed, 1 Feb 2017 20:39:04 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: vel@apache.org To: commits@ranger.apache.org Message-Id: <8275b19f787c417ba9a00105a70a8ae1@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: ranger git commit: RANGER-1336 : audit based policy that has no policy item are not exported in CSV file Date: Wed, 1 Feb 2017 20:39:04 +0000 (UTC) archived-at: Wed, 01 Feb 2017 20:39:06 -0000 Repository: ranger Updated Branches: refs/heads/master ed6488361 -> 7fe9290b1 RANGER-1336 : audit based policy that has no policy item are not exported in CSV file Signed-off-by: Velmurugan Periasamy Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/7fe9290b Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/7fe9290b Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/7fe9290b Branch: refs/heads/master Commit: 7fe9290b174121025960535ebccb2b0d91e1855e Parents: ed64883 Author: Gautam Borad Authored: Tue Jan 31 10:13:29 2017 +0530 Committer: Velmurugan Periasamy Committed: Wed Feb 1 15:30:03 2017 -0500 ---------------------------------------------------------------------- .../hadoop/crypto/key/RangerMasterKey.java | 22 ++- .../crypto/key/kms/server/KMSMetricUtil.java | 178 +++++++++---------- .../org/apache/ranger/biz/ServiceDBStore.java | 89 ++++++---- 3 files changed, 152 insertions(+), 137 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/7fe9290b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java ---------------------------------------------------------------------- diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java index 021685c..009bcf4 100755 --- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java +++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerMasterKey.java @@ -205,10 +205,13 @@ public class RangerMasterKey implements RangerKMSMKI{ } private byte[] encryptKey(byte[] data, PBEKeySpec keyspec) throws Throwable { SecretKey key = getPasswordKey(keyspec); - PBEParameterSpec paramSpec = new PBEParameterSpec(keyspec.getSalt(), keyspec.getIterationCount()); - Cipher c = Cipher.getInstance(key.getAlgorithm()); - c.init(Cipher.ENCRYPT_MODE, key,paramSpec); - return c.doFinal(data); + if(keyspec != null && keyspec.getSalt() != null){ + PBEParameterSpec paramSpec = new PBEParameterSpec(keyspec.getSalt(), keyspec.getIterationCount()); + Cipher c = Cipher.getInstance(key.getAlgorithm()); + c.init(Cipher.ENCRYPT_MODE, key,paramSpec); + return c.doFinal(data); + } + return null; } private SecretKey getPasswordKey(PBEKeySpec keyspec) throws Throwable { SecretKeyFactory factory = SecretKeyFactory.getInstance(PBE_ALGO); @@ -216,10 +219,13 @@ public class RangerMasterKey implements RangerKMSMKI{ } private byte[] decryptKey(byte[] encrypted, PBEKeySpec keyspec) throws Throwable { SecretKey key = getPasswordKey(keyspec); - PBEParameterSpec paramSpec = new PBEParameterSpec(keyspec.getSalt(), keyspec.getIterationCount()); - Cipher c = Cipher.getInstance(key.getAlgorithm()); - c.init(Cipher.DECRYPT_MODE, key, paramSpec); - return c.doFinal(encrypted); + if(keyspec != null && keyspec.getSalt() != null){ + PBEParameterSpec paramSpec = new PBEParameterSpec(keyspec.getSalt(), keyspec.getIterationCount()); + Cipher c = Cipher.getInstance(key.getAlgorithm()); + c.init(Cipher.DECRYPT_MODE, key, paramSpec); + return c.doFinal(encrypted); + } + return null; } private SecretKey getMasterKeyFromBytes(byte[] keyData) throws Throwable { return new SecretKeySpec(keyData, MK_CIPHER); http://git-wip-us.apache.org/repos/asf/ranger/blob/7fe9290b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java ---------------------------------------------------------------------- diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java index 22fb03c..71ebb8d 100644 --- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java +++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMetricUtil.java @@ -58,112 +58,102 @@ public class KMSMetricUtil { @SuppressWarnings("static-access") private void getKMSMetricCalculation(String caseValue) { - logger.info("Metric Type : " + caseValue); - try - { + logger.info("Metric Type : " + caseValue); + try { switch (caseValue.toLowerCase()) { - case "hsmenabled": - try { - KMSConfiguration kmsConfig = new KMSConfiguration(); - if(kmsConfig != null && kmsConfig.getACLsConf() != null) { - String hsmEnabledValue = kmsConfig.getACLsConf().get(HSM_ENABLED); - Map hsmEnabledMap = new HashMap(); - if(hsmEnabledValue != null){ - hsmEnabledMap.put("HSMEnabled", hsmEnabledValue); - Gson gson = new GsonBuilder().create(); - final String jsonHSMEnabled = gson.toJson(hsmEnabledMap); - System.out.println(jsonHSMEnabled); - } else { - hsmEnabledMap.put("HSMEnabled", ""); - Gson gson = new GsonBuilder().create(); - final String jsonHSMEnabled = gson.toJson(hsmEnabledMap); - System.out.println(jsonHSMEnabled); - } + case "hsmenabled": + try { + KMSConfiguration kmsConfig = new KMSConfiguration(); + if (kmsConfig != null && kmsConfig.getACLsConf() != null) { + String hsmEnabledValue = kmsConfig.getACLsConf().get(HSM_ENABLED); + Map hsmEnabledMap = new HashMap(); + if (hsmEnabledValue != null) { + hsmEnabledMap.put("hsmEnabled", hsmEnabledValue); + Gson gson = new GsonBuilder().create(); + final String jsonHSMEnabled = gson.toJson(hsmEnabledMap); + System.out.println(jsonHSMEnabled); + } else { + hsmEnabledMap.put("hsmEnabled", ""); + Gson gson = new GsonBuilder().create(); + final String jsonHSMEnabled = gson.toJson(hsmEnabledMap); + System.out.println(jsonHSMEnabled); } } - catch (Exception e) { - logger.error("Error calculating KMSMetric for HSM enabled : "+e.getMessage()); - } - break; - case "encryptedkey": - try { - KMSWebApp kmsWebAppEncryptedKey = new KMSWebApp(); - if(kmsWebAppEncryptedKey != null){ - kmsWebAppEncryptedKey.contextInitialized(null); - KeyProviderCryptoExtension keyProvider = kmsWebAppEncryptedKey.getKeyProvider(); - if(keyProvider != null && keyProvider.getKeys() != null){ - Integer encryptedKeyCount = keyProvider.getKeys().size(); - if(encryptedKeyCount != null){ - Map encryptedKeyCountValueMap = new HashMap(); - encryptedKeyCountValueMap.put("encryptedKeycount", encryptedKeyCount); - Gson gson = new GsonBuilder().create(); - final String jsonEncKeycount = gson.toJson(encryptedKeyCountValueMap); - System.out.println(jsonEncKeycount); - }else{ - Map encryptedKeyCountValueMap = new HashMap(); - encryptedKeyCountValueMap.put("encryptedKeycount",""); - Gson gson = new GsonBuilder().create(); - final String jsonEncKeycount = gson.toJson(encryptedKeyCountValueMap); - System.out.println(jsonEncKeycount); - } - - } - kmsWebAppEncryptedKey.contextDestroyed(null); - } + } catch (Exception e) { + logger.error("Error calculating KMSMetric for HSM enabled : " + e.getMessage()); + } + break; + case "encryptedkey": + try { + KMSWebApp kmsWebAppEncryptedKey = new KMSWebApp(); + if (kmsWebAppEncryptedKey != null) { + kmsWebAppEncryptedKey.contextInitialized(null); + KeyProviderCryptoExtension keyProvider = kmsWebAppEncryptedKey.getKeyProvider(); + if (keyProvider != null && keyProvider.getKeys() != null) { + Integer encryptedKeyCount = keyProvider.getKeys().size(); + Map encryptedKeyCountValueMap = new HashMap(); + encryptedKeyCountValueMap.put("encryptedKeyCount", encryptedKeyCount); + Gson gson = new GsonBuilder().create(); + final String jsonEncKeycount = gson.toJson(encryptedKeyCountValueMap); + System.out.println(jsonEncKeycount); + } else { + Map encryptedKeyCountValueMap = new HashMap(); + encryptedKeyCountValueMap.put("encryptedKeyCount", ""); + Gson gson = new GsonBuilder().create(); + final String jsonEncKeycount = gson.toJson(encryptedKeyCountValueMap); + System.out.println(jsonEncKeycount); + } + kmsWebAppEncryptedKey.contextDestroyed(null); } - catch(Exception e){ - logger.error("Error calculating KMSMetric for encrypted key count: "+e.getMessage()); - } - break; - case "encryptedkeybyalgorithm": - try { - KMSWebApp kmsWebApp = new KMSWebApp(); - if(kmsWebApp != null) - { - kmsWebApp.contextInitialized(null); - KeyProviderCryptoExtension keyProvider = kmsWebApp.getKeyProvider(); - if(keyProvider != null && keyProvider.getKeys() != null){ - List keyList = new ArrayList(); - keyList.addAll(keyProvider.getKeys()); - if(keyList != null){ - Map encryptedKeyByAlgorithmCountMap = new HashMap(); + } catch (Exception e) { + logger.error("Error calculating KMSMetric for encrypted key count: " + e.getMessage()); + } + break; + case "encryptedkeybyalgorithm": + try { + KMSWebApp kmsWebApp = new KMSWebApp(); + if (kmsWebApp != null) { + kmsWebApp.contextInitialized(null); + KeyProviderCryptoExtension keyProvider = kmsWebApp.getKeyProvider(); + if (keyProvider != null && keyProvider.getKeys() != null) { + List keyList = new ArrayList(); + keyList.addAll(keyProvider.getKeys()); + if (keyList != null) { + Map encryptedKeyByAlgorithmCountMap = new HashMap(); int count = 0; for (int i = 0; i < keyList.size(); i++) { - String algorithmName = keyProvider.getMetadata(keyList.get(i)).getCipher(); - if(encryptedKeyByAlgorithmCountMap.containsKey(algorithmName)) { - count = encryptedKeyByAlgorithmCountMap.get(algorithmName); - count += 1; - encryptedKeyByAlgorithmCountMap.put(algorithmName, count); - } - else { - encryptedKeyByAlgorithmCountMap.put(algorithmName, 1); - } + String algorithmName = keyProvider.getMetadata(keyList.get(i)).getCipher(); + if (encryptedKeyByAlgorithmCountMap.containsKey(algorithmName)) { + count = encryptedKeyByAlgorithmCountMap.get(algorithmName); + count += 1; + encryptedKeyByAlgorithmCountMap.put(algorithmName, count); + } else { + encryptedKeyByAlgorithmCountMap.put(algorithmName, 1); + } } Gson gson = new GsonBuilder().create(); final String jsonEncKeyByAlgo = gson.toJson(encryptedKeyByAlgorithmCountMap); System.out.println(jsonEncKeyByAlgo); - } - kmsWebApp.contextDestroyed(null); - }else{ - Map encryptedKeyByAlgorithmCountMap = new HashMap(); - encryptedKeyByAlgorithmCountMap.put("encryptedkeybyalgorithm", " "); - Gson gson = new GsonBuilder().create(); - final String jsonEncKeyByAlgo = gson.toJson(encryptedKeyByAlgorithmCountMap); - System.out.println(jsonEncKeyByAlgo); - } + } + kmsWebApp.contextDestroyed(null); + } else { + Map encryptedKeyByAlgorithmCountMap = new HashMap(); + encryptedKeyByAlgorithmCountMap.put("encryptedKeyByAlgorithm", ""); + Gson gson = new GsonBuilder().create(); + final String jsonEncKeyByAlgo = gson.toJson(encryptedKeyByAlgorithmCountMap); + System.out.println(jsonEncKeyByAlgo); } - } - catch (IOException e) { - logger.error("Error calculating KMSMetric for encrypted key by algorithm : "+e.getMessage()); } - break; - default: - System.out.println("type: Incorrect Arguments usage : For KMSMetric Usage: metric -type hsmenabled | encryptedkey | encryptedkeybyalgorithm"); - break; - } - } - catch (Exception e) { - logger.error("Error calculating KMSMetric : "+e.getMessage()); + } catch (IOException e) { + logger.error("Error calculating KMSMetric for encrypted key by algorithm : " + e.getMessage()); + } + break; + default: + System.out.println("type: Incorrect Arguments usage : For KMSMetric Usage: metric -type hsmenabled | encryptedkey | encryptedkeybyalgorithm"); + break; + } + } catch (Exception e) { + logger.error("Error calculating KMSMetric : " + e.getMessage()); } } } http://git-wip-us.apache.org/repos/asf/ranger/blob/7fe9290b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 9a4e571..cb67b6a 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -1980,7 +1980,7 @@ public class ServiceDBStore extends AbstractServiceStore { String timeStamp = new SimpleDateFormat("yyyyMMdd_HHmmss").format(new Date()); CSVFileName = "Ranger_Policies_" + timeStamp + ".csv"; out = response.getOutputStream(); - StringBuffer sb = writeCSV(policies, CSVFileName, response); + StringBuilder sb = writeCSV(policies, CSVFileName, response); IOUtils.write(sb.toString(), out, "UTF-8"); } catch (Exception e) { LOG.error("Error while generating report file " + CSVFileName, e); @@ -3244,12 +3244,12 @@ public class ServiceDBStore extends AbstractServiceStore { } } - private StringBuffer writeCSV(List policies, String cSVFileName, HttpServletResponse response) { + private StringBuilder writeCSV(List policies, String cSVFileName, HttpServletResponse response) { response.setContentType("text/csv"); final String COMMA_DELIMITER = "|"; final String LINE_SEPARATOR = "\n"; final String FILE_HEADER = "ID|Name|Resources|Groups|Users|Accesses|Service Type|Status"; - StringBuffer csvBuffer = new StringBuffer(); + StringBuilder csvBuffer = new StringBuilder(); csvBuffer.append(FILE_HEADER); csvBuffer.append(LINE_SEPARATOR); for (RangerPolicy policy : policies) { @@ -3401,9 +3401,7 @@ public class ServiceDBStore extends AbstractServiceStore { csvBuffer.append(COMMA_DELIMITER); csvBuffer.append(LINE_SEPARATOR); } - } - - else { + } else { Map resources = policy.getResources(); if (resources != null) { for (Entry resource : resources.entrySet()) { @@ -3417,39 +3415,59 @@ public class ServiceDBStore extends AbstractServiceStore { resourceKeyVal = resKeyVal.toString(); resourceKeyVal = resourceKeyVal.substring(1); - for (RangerPolicyItem policyItem : policyItems) { - groups = null; - users = null; - accesses = null; - groupNames = ""; - userNames = ""; - accessType = ""; - groups = policyItem.getGroups(); - users = policyItem.getUsers(); - accesses = policyItem.getAccesses(); - - if (CollectionUtils.isNotEmpty(accesses)) { - for (RangerPolicyItemAccess access : accesses) { - accessType = accessType + access.getType().replace("#", "").replace("|","") + "#"; + if (CollectionUtils.isNotEmpty(policyItems)) { + for (RangerPolicyItem policyItem : policyItems) { + groups = null; + users = null; + accesses = null; + groupNames = ""; + userNames = ""; + accessType = ""; + groups = policyItem.getGroups(); + users = policyItem.getUsers(); + accesses = policyItem.getAccesses(); + + if (CollectionUtils.isNotEmpty(accesses)) { + for (RangerPolicyItemAccess access : accesses) { + accessType = accessType + access.getType().replace("#", "").replace("|", "") + "#"; + } + accessType = accessType.substring(0, accessType.lastIndexOf("#")); } - accessType = accessType.substring(0, accessType.lastIndexOf("#")); - } - if (CollectionUtils.isNotEmpty(groups)) { - for (String group : groups){ - group=group.replace("|", ""); - group=group.replace("#", ""); - groupNames=groupNames+group+ "#"; + if (CollectionUtils.isNotEmpty(groups)) { + for (String group : groups) { + group = group.replace("|", ""); + group = group.replace("#", ""); + groupNames = groupNames + group + "#"; + } + groupNames = groupNames.substring(0, groupNames.lastIndexOf("#")); } - groupNames = groupNames.substring(0, groupNames.lastIndexOf("#")); - } - if (CollectionUtils.isNotEmpty(users)) { - for (String user : users){ - user=user.replace("|", ""); - user=user.replace("#", ""); - userNames=userNames +user + "#"; + if (CollectionUtils.isNotEmpty(users)) { + for (String user : users) { + user = user.replace("|", ""); + user = user.replace("#", ""); + userNames = userNames + user + "#"; + } + userNames = userNames.substring(0, userNames.lastIndexOf("#")); } - userNames=userNames.substring(0,userNames.lastIndexOf("#")); + csvBuffer.append(policyId); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(policyName); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(resourceKeyVal); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(groupNames); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(userNames); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(accessType); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(ServiceType); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(policyStatus); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(LINE_SEPARATOR); } + } else { csvBuffer.append(policyId); csvBuffer.append(COMMA_DELIMITER); csvBuffer.append(policyName); @@ -3502,6 +3520,7 @@ public class ServiceDBStore extends AbstractServiceStore { try { out = response.getOutputStream(); + response.setStatus(HttpServletResponse.SC_OK); IOUtils.write(json, out, "UTF-8"); } catch (Exception e) { LOG.error("Error while exporting json file " + jsonFileName, e);