Examples of org.apache.hadoop.gateway.services.security.AliasService

• org.apache.hadoop.gateway.services.security.AliasService

public class SecureQueryEncodeProcessorTest {

  @Test
  public void testSimpleQueryEncoding() throws Exception {
    AliasService as = EasyMock.createNiceMock( AliasService.class );
    String secret = "sdkjfhsdkjfhsdfs";
    EasyMock.expect( as.getPasswordFromAliasForCluster("test-cluster-name", "encryptQueryString")).andReturn( secret.toCharArray() ).anyTimes();
    CryptoService cryptoService = new DefaultCryptoService();
    ((DefaultCryptoService)cryptoService).setAliasService(as);
    GatewayServices gatewayServices = EasyMock.createNiceMock( GatewayServices.class );
    EasyMock.expect( gatewayServices.getService( GatewayServices.CRYPTO_SERVICE ) ).andReturn( cryptoService );

//    EasyMock.expect( context.getDescriptor( "rewrite" ) ).andReturn( rewriteRules ).anyTimes();
    EasyMock.expect( context.getWebArchive() ).andReturn( webArchive ).anyTimes();
    EasyMock.expect( context.getTopology() ).andReturn( topology ).anyTimes();
    EasyMock.replay( context );

    AliasService as = EasyMock.createNiceMock( AliasService.class );
    CryptoService cryptoService = new DefaultCryptoService();
    ((DefaultCryptoService)cryptoService).setAliasService(as);

    GatewayServices gatewayServices = EasyMock.createNiceMock( GatewayServices.class );
    EasyMock.expect( gatewayServices.getService( GatewayServices.CRYPTO_SERVICE ) ).andReturn( cryptoService ).anyTimes();

    Query query;
    Template origTemplate = Parser.parse( "http://host:0/path/file?query-param-name=query-param-value" );

    // Test encryption.  Results are left in encTemplate

    AliasService as = EasyMock.createNiceMock( AliasService.class );
    String secret = "sdkjfhsdkjfhsdfs";
    EasyMock.expect( as.getPasswordFromAliasForCluster("test-cluster-name", "encryptQueryString")).andReturn( secret.toCharArray() ).anyTimes();
    CryptoService cryptoService = new DefaultCryptoService();
    ((DefaultCryptoService)cryptoService).setAliasService(as);
    GatewayServices gatewayServices = EasyMock.createNiceMock( GatewayServices.class );
    EasyMock.expect( gatewayServices.getService( GatewayServices.CRYPTO_SERVICE ) ).andReturn( cryptoService );

    UrlRewriteEnvironment encEnvironment = EasyMock.createNiceMock( UrlRewriteEnvironment.class );
    EasyMock.expect( encEnvironment.getAttribute( GatewayServices.GATEWAY_SERVICES_ATTRIBUTE ) ).andReturn( gatewayServices ).anyTimes();
    EasyMock.expect( encEnvironment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE ) ).andReturn( "test-cluster-name" ).anyTimes();
    UrlRewriteContext encContext = EasyMock.createNiceMock( UrlRewriteContext.class );
    EasyMock.expect( encContext.getCurrentUrl() ).andReturn( origTemplate );
    Capture<Template> encTemplate = new Capture<Template>();
    encContext.setCurrentUrl( EasyMock.capture( encTemplate ) );
    EasyMock.replay( gatewayServices, as, encEnvironment, encContext );

    SecureQueryEncryptDescriptor descriptor = new SecureQueryEncryptDescriptor();
    SecureQueryEncryptProcessor processor = new SecureQueryEncryptProcessor();
    processor.initialize( encEnvironment, descriptor );
    processor.process( encContext );

    assertThat( encTemplate, notNullValue() );
    query = encTemplate.getValue().getQuery().get( "_" );
    assertThat( query.getFirstValue().getPattern().length(), greaterThan( 1 ) );
    query = encTemplate.getValue().getQuery().get( "query-param-name" );
    assertThat( query, nullValue() );

    // Test decryption.  Results are left in decTemplate.

    gatewayServices = EasyMock.createNiceMock( GatewayServices.class );
    EasyMock.expect( gatewayServices.getService( GatewayServices.CRYPTO_SERVICE ) ).andReturn( cryptoService );
    as = EasyMock.createNiceMock( AliasService.class );
    EasyMock.expect( as.getPasswordFromAliasForCluster("test-cluster-name", "encryptQueryString")).andReturn( secret.toCharArray() ).anyTimes();

    UrlRewriteEnvironment decEnvironment = EasyMock.createNiceMock( UrlRewriteEnvironment.class );
    EasyMock.expect( decEnvironment.getAttribute( GatewayServices.GATEWAY_SERVICES_ATTRIBUTE ) ).andReturn( gatewayServices ).anyTimes();
    EasyMock.expect( decEnvironment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE ) ).andReturn( "test-cluster-name" ).anyTimes();
    Params decParams = EasyMock.createNiceMock( Params.class );

    public abstract void execute() throws Exception;

    public abstract String getUsage();

    protected AliasService getAliasService() {
      AliasService as = services.getService(GatewayServices.ALIAS_SERVICE);
      return as;
    }

   /* (non-Javadoc)
    * @see org.apache.hadoop.gateway.util.KnoxCLI.Command#execute()
    */
   @Override
   public void execute() throws Exception {
     AliasService as = getAliasService();

     if (cluster == null) {
       cluster = "__gateway";
     }
     out.println("Listing aliases for: " + cluster);
     List<String> aliases = as.getAliasesForCluster(cluster);
     for (String alias : aliases) {
       out.println(alias);
     }
     out.println("\n" + aliases.size() + " items.");
   }

    */
   @Override
   public void execute() throws Exception {
     KeystoreService ks = getKeystoreService();

     AliasService as = getAliasService();

     if (ks != null) {
       try {
         if (!ks.isCredentialStoreForClusterAvailable(GATEWAY_CREDENTIAL_STORE_NAME)) {
//           log.creatingCredentialStoreForGateway();
           ks.createCredentialStoreForCluster(GATEWAY_CREDENTIAL_STORE_NAME);
         }
         else {
//           log.credentialStoreForGatewayFoundNotCreating();
         }
         as.generateAliasForCluster(GATEWAY_CREDENTIAL_STORE_NAME, GATEWAY_IDENTITY_PASSPHRASE);
       } catch (KeystoreServiceException e) {
         throw new ServiceLifecycleException("Keystore was not loaded properly - the provided (or persisted) master secret may not match the password for the keystore.", e);
       }

       try {
         if (!ks.isKeystoreForGatewayAvailable()) {
//           log.creatingKeyStoreForGateway();
           ks.createKeystoreForGateway();
         }
         else {
//           log.keyStoreForGatewayFoundNotCreating();
         }
         char[] passphrase = as.getPasswordFromAliasForCluster(GATEWAY_CREDENTIAL_STORE_NAME, GATEWAY_IDENTITY_PASSPHRASE);
         ks.addSelfSignedCertForGateway("gateway-identity", passphrase, hostname);
//         logAndValidateCertificate();
         out.println("Certificate gateway-identity has been successfully created.");
       } catch (KeystoreServiceException e) {
         throw new ServiceLifecycleException("Keystore was not loaded properly - the provided (or persisted) master secret may not match the password for the keystore.", e);

   /* (non-Javadoc)
    * @see org.apache.hadoop.gateway.util.KnoxCLI.Command#execute()
    */
   @Override
   public void execute() throws Exception {
     AliasService as = getAliasService();
     if (cluster == null) {
       cluster = "__gateway";
     }
     if (value != null) {
       as.addAliasForCluster(cluster, name, value);
       out.println(name + " has been successfully created.");
     }
     else {
       if (generate.equals("true")) {
         as.generateAliasForCluster(cluster, name);
         out.println(name + " has been successfully generated.");
       }
       else {
         throw new IllegalArgumentException("No value has been set. " +
             "Consider setting --generate or --value.");

   /* (non-Javadoc)
    * @see org.apache.hadoop.gateway.util.KnoxCLI.Command#execute()
    */
   @Override
   public void execute() throws Exception {
     AliasService as = getAliasService();
     if (as != null) {
       if (cluster == null) {
         cluster = "__gateway";
       }
       as.removeAliasForCluster(cluster, name);
       out.println(name + " has been successfully deleted.");
     }
   }

   */
  private List<String> getCredentialsList() {
    GatewayServices services = (GatewayServices)request.getServletContext().
        getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
    String clusterName = (String) request.getServletContext().getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE);
    AliasService as = services.getService(GatewayServices.ALIAS_SERVICE);
    List<String> aliases = as.getAliasesForCluster(clusterName);
    return aliases;
  }

   */
  private CredentialValue getCredentialValueForAlias(String alias) {
    GatewayServices services = (GatewayServices)request.getServletContext().
        getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
    String clusterName = (String) request.getServletContext().getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE);
    AliasService as = services.getService(GatewayServices.ALIAS_SERVICE);
    char[] credential = as.getPasswordFromAliasForCluster(clusterName, alias);
    if (credential != null) {
      return new CredentialValue(alias, new String(credential));
    }
    return null;
  }