You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by mo...@apache.org on 2017/09/01 13:17:30 UTC
[32/64] [partial] knox git commit: KNOX-998 - Refactoring save 1
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessor.java
deleted file mode 100644
index c42233a..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessor.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteEnvironment;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteContext;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepStatus;
-import org.apache.hadoop.gateway.util.urltemplate.Builder;
-import org.apache.hadoop.gateway.util.urltemplate.Query;
-import org.apache.hadoop.gateway.util.urltemplate.Template;
-
-import java.io.UnsupportedEncodingException;
-import java.util.Map;
-import java.util.StringTokenizer;
-
-public class SecureQueryDecodeProcessor implements UrlRewriteStepProcessor<SecureQueryDecodeDescriptor> {
-
- private static final String ENCODED_PARAMETER_NAME = "_";
-
- @Override
- public String getType() {
- return SecureQueryDecodeDescriptor.STEP_NAME;
- }
-
- @Override
- public void initialize( UrlRewriteEnvironment environment, SecureQueryDecodeDescriptor descriptor ) throws Exception {
- }
-
- @Override
- public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception {
- //TODO: Need some way to get a reference to the keystore service and the encryption key in particular.
- Template currUrl = context.getCurrentUrl();
- Builder newUrl = new Builder( currUrl );
- Map<String,Query> map = newUrl.getQuery();
- Query query = map.remove( ENCODED_PARAMETER_NAME );
- if( query != null ) {
- String value = query.getFirstValue().getPattern();
- value = decode( value );
- StringTokenizer outerParser = new StringTokenizer( value, "&" );
- while( outerParser.hasMoreTokens() ) {
- String pair = outerParser.nextToken();
- StringTokenizer innerParser = new StringTokenizer( pair, "=" );
- if( innerParser.hasMoreTokens() ) {
- String paramName = innerParser.nextToken();
- if( innerParser.hasMoreTokens() ) {
- String paramValue = innerParser.nextToken();
- // Need to take out any existing query param.
- // If we don't then someone could override something in the encoded param.
- map.remove( paramName );
- newUrl.addQuery( paramName, "", paramValue, true );
- } else {
- newUrl.addQuery( paramName, "", null, true );
- }
- }
- }
- context.setCurrentUrl( newUrl.build() );
- }
- return UrlRewriteStepStatus.SUCCESS;
- }
-
- @Override
- public void destroy() {
- }
-
- private static String decode( String string ) throws UnsupportedEncodingException {
- return new String( Base64.decodeBase64( string ), "UTF-8" );
- }
-
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptDescriptor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptDescriptor.java
deleted file mode 100644
index 8db2070..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptDescriptor.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.hadoop.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase;
-
-public class SecureQueryDecryptDescriptor
- extends UrlRewriteActionDescriptorBase
- implements UrlRewriteActionDescriptor {
-
- static final String STEP_NAME = "decrypt-query";
-
- public SecureQueryDecryptDescriptor() {
- super( STEP_NAME );
- }
-
- @Override
- public String getParam() {
- return null;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptProcessor.java
deleted file mode 100644
index 0687cb4..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptProcessor.java
+++ /dev/null
@@ -1,119 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteEnvironment;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteContext;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepStatus;
-import org.apache.hadoop.gateway.services.GatewayServices;
-import org.apache.hadoop.gateway.services.security.CryptoService;
-import org.apache.hadoop.gateway.services.security.EncryptionResult;
-import org.apache.hadoop.gateway.util.urltemplate.Builder;
-import org.apache.hadoop.gateway.util.urltemplate.Query;
-import org.apache.hadoop.gateway.util.urltemplate.Template;
-
-import java.io.UnsupportedEncodingException;
-import java.util.Map;
-import java.util.StringTokenizer;
-
-public class SecureQueryDecryptProcessor implements UrlRewriteStepProcessor<SecureQueryDecryptDescriptor> {
-
- private static final String ENCRYPTED_PARAMETER_NAME = "_";
-
- private String clusterName;
- private CryptoService cryptoService;
-
- @Override
- public String getType() {
- return SecureQueryDecryptDescriptor.STEP_NAME;
- }
-
- @Override
- public void initialize( UrlRewriteEnvironment environment, SecureQueryDecryptDescriptor descriptor ) throws Exception {
- clusterName = environment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE );
- GatewayServices services = environment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
- cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE);
- }
-
- @Override
- public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception {
- //TODO: Need some way to get a reference to the keystore service and the encryption key in particular.
- Template currUrl = context.getCurrentUrl();
- Builder newUrl = new Builder( currUrl );
- Map<String,Query> map = newUrl.getQuery();
- Query query = map.remove( ENCRYPTED_PARAMETER_NAME );
- UrlRewriteStepStatus status = UrlRewriteStepStatus.FAILURE;
- status = getUrlRewriteStepStatus(context, newUrl, map, query, status);
- return status;
- }
-
- private UrlRewriteStepStatus getUrlRewriteStepStatus(UrlRewriteContext context, Builder newUrl, Map<String, Query> map, Query query, UrlRewriteStepStatus status) throws UnsupportedEncodingException {
- if( query != null ) {
- String value = query.getFirstValue().getPattern();
- value = decode( value );
- status = getUrlRewriteStepStatus(context, newUrl, map, status, value);
- }
- return status;
- }
-
- private UrlRewriteStepStatus getUrlRewriteStepStatus(UrlRewriteContext context, Builder newUrl, Map<String, Query> map, UrlRewriteStepStatus status, String value) {
- if( value != null ) {
- StringTokenizer outerParser = new StringTokenizer( value, "&" );
- while( outerParser.hasMoreTokens() ) {
- String pair = outerParser.nextToken();
- StringTokenizer innerParser = new StringTokenizer( pair, "=" );
- if( innerParser.hasMoreTokens() ) {
- String paramName = innerParser.nextToken();
- if( innerParser.hasMoreTokens() ) {
- String paramValue = innerParser.nextToken();
- // Need to remove from the clear parameters any param name in the encoded params.
- // If we don't then someone could override something in the encoded param.
- map.remove( paramName );
- newUrl.addQuery( paramName, "", paramValue, true );
- } else {
- newUrl.addQuery( paramName, "", null, true );
- }
- }
- }
- context.setCurrentUrl( newUrl.build() );
- context.getParameters().resolve( "gateway.name" );
- status = UrlRewriteStepStatus.SUCCESS;
- }
- return status;
- }
-
- @Override
- public void destroy() {
- }
-
- String decode( String string ) throws UnsupportedEncodingException {
- byte[] bytes = Base64.decodeBase64( string );
- EncryptionResult result = EncryptionResult.fromByteArray(bytes);
- byte[] clear = cryptoService.decryptForCluster(clusterName,
- "encryptQueryString",
- result.cipher,
- result.iv,
- result.salt);
- if (clear != null) {
- return new String(clear);
- }
- return null;
- }
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDeploymentContributor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDeploymentContributor.java
deleted file mode 100644
index 33a0c85..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDeploymentContributor.java
+++ /dev/null
@@ -1,113 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.hadoop.gateway.deploy.DeploymentContext;
-import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor;
-import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributorBase;
-import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor;
-import org.apache.hadoop.gateway.descriptor.ResourceDescriptor;
-import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
-import org.apache.hadoop.gateway.services.security.AliasService;
-import org.apache.hadoop.gateway.services.security.AliasServiceException;
-import org.apache.hadoop.gateway.topology.Provider;
-import org.apache.hadoop.gateway.topology.Service;
-
-import java.util.List;
-
-public class SecureQueryDeploymentContributor
- extends ProviderDeploymentContributorBase
- implements ProviderDeploymentContributor {
-
- private static SecureQueryMessages log = MessagesFactory.get( SecureQueryMessages.class );
- public static final String PROVIDER_ROLE_NAME = "secure-query";
- public static final String PROVIDER_IMPL_NAME = "default";
- private AliasService as;
-
- @Override
- public String getRole() {
- return PROVIDER_ROLE_NAME;
- }
-
- @Override
- public String getName() {
- return PROVIDER_IMPL_NAME;
- }
-
- public void setAliasService(AliasService as) {
- this.as = as;
- }
-
- @Override
- public void initializeContribution(DeploymentContext context) {
- super.initializeContribution(context);
-
- String clusterName = context.getTopology().getName();
-
- // we don't want to overwrite an existing alias from a previous topology deployment
- // so we can't just blindly generateAlias here.
- // this version of getPassword will generate a value for it only if missing
- try {
- this.as.getPasswordFromAliasForCluster(clusterName, "encryptQueryString", true);
- } catch (AliasServiceException e) {
- log.unableCreatePasswordForEncryption(e);
- }
- }
-
- @Override
- public void contributeProvider( DeploymentContext context, Provider provider ) {
- if( provider.isEnabled() ) {
-// UrlRewriteRulesDescriptor rules = context.getDescriptor( REWRITE_ROLE_NAME );
-// if( rules != null ) {
-// HostmapFunctionDescriptor func = rules.addFunction( HostmapFunctionDescriptor.FUNCTION_NAME );
-// if( func != null ) {
-// Asset asset = createAsset( provider );
-// context.getWebArchive().addAsWebInfResource(
-// asset, HostmapFunctionProcessor.DESCRIPTOR_DEFAULT_FILE_NAME );
-// func.config( HostmapFunctionProcessor.DESCRIPTOR_DEFAULT_LOCATION );
-// }
-// }
- }
- }
-
-// private Asset createAsset( Provider provider ) {
-// StringWriter buffer = new StringWriter();
-// PrintWriter writer = new PrintWriter( buffer );
-// for( Map.Entry<String,String> entry : provider.getParams().entrySet() ) {
-// String externalHosts = entry.getKey();
-// String internalHosts = entry.getValue();
-// writer.print( externalHosts );
-// writer.print( "=" );
-// writer.println( internalHosts ) ;
-// }
-// writer.close();
-// String string = buffer.toString();
-// Asset asset = new StringAsset( string );
-// return asset;
-// }
-
- @Override
- public void contributeFilter(
- DeploymentContext context,
- Provider provider,
- Service service,
- ResourceDescriptor resource,
- List<FilterParamDescriptor> params ) {
- }
-
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeDescriptor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeDescriptor.java
deleted file mode 100644
index a29be4e..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeDescriptor.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.hadoop.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase;
-
-public class SecureQueryEncodeDescriptor
- extends UrlRewriteActionDescriptorBase
- implements UrlRewriteActionDescriptor {
-
- static final String STEP_NAME = "encode-query";
-
- public SecureQueryEncodeDescriptor() {
- super( STEP_NAME );
- }
-
- @Override
- public String getParam() {
- return null;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeProcessor.java
deleted file mode 100644
index 0b32c05..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeProcessor.java
+++ /dev/null
@@ -1,77 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteEnvironment;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteContext;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepStatus;
-import org.apache.hadoop.gateway.util.urltemplate.Parser;
-import org.apache.hadoop.gateway.util.urltemplate.Template;
-
-public class SecureQueryEncodeProcessor
- implements UrlRewriteStepProcessor<SecureQueryEncodeDescriptor> {
-
- private static final String ENCODED_PARAMETER_NAME = "_";
-
- @Override
- public String getType() {
- return SecureQueryEncodeDescriptor.STEP_NAME;
- }
-
- @Override
- public void initialize( UrlRewriteEnvironment environment, SecureQueryEncodeDescriptor descriptor ) throws Exception {
- }
-
- @Override
- public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception {
- //TODO: Need some way to get a reference to the keystore service and the encryption key in particular.
- Template url = context.getCurrentUrl();
- String str = url.toString();
- String path = str;
- String query = null;
- int index = str.indexOf( '?' );
- if( index >= 0 ) {
- path = str.substring( 0, index );
- if( index < str.length() ) {
- query = str.substring( index + 1 );
- }
- }
- if( query != null ) {
- query = Base64.encodeBase64String( query.getBytes( "UTF-8" ) );
- query = removeTrailingEquals( query );
- url = Parser.parseLiteral( path + "?" + ENCODED_PARAMETER_NAME +"=" + query );
- context.setCurrentUrl( url );
- }
- return UrlRewriteStepStatus.SUCCESS;
- }
-
- @Override
- public void destroy() {
- }
-
- private static String removeTrailingEquals( String s ) {
- int i = s.length()-1;
- while( i > 0 && s.charAt( i ) == '=' ) {
- i--;
- }
- return s.substring( 0, i+1 );
- }
-
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptDescriptor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptDescriptor.java
deleted file mode 100644
index 9f3d7b9..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptDescriptor.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.hadoop.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase;
-
-public class SecureQueryEncryptDescriptor
- extends UrlRewriteActionDescriptorBase
- implements UrlRewriteActionDescriptor {
-
- static final String STEP_NAME = "encrypt-query";
-
- public SecureQueryEncryptDescriptor() {
- super( STEP_NAME );
- }
-
- @Override
- public String getParam() {
- return null;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptProcessor.java
deleted file mode 100644
index fe587ba..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptProcessor.java
+++ /dev/null
@@ -1,84 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteEnvironment;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteContext;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepStatus;
-import org.apache.hadoop.gateway.services.GatewayServices;
-import org.apache.hadoop.gateway.services.security.CryptoService;
-import org.apache.hadoop.gateway.services.security.EncryptionResult;
-import org.apache.hadoop.gateway.util.urltemplate.Parser;
-import org.apache.hadoop.gateway.util.urltemplate.Template;
-
-import java.io.UnsupportedEncodingException;
-
-public class SecureQueryEncryptProcessor
- implements UrlRewriteStepProcessor<SecureQueryEncryptDescriptor> {
-
- private static final String ENCRYPTED_PARAMETER_NAME = "_";
-
- private String clusterName;
- private CryptoService cryptoService = null;
-
- @Override
- public String getType() {
- return SecureQueryEncryptDescriptor.STEP_NAME;
- }
-
- @Override
- public void initialize( UrlRewriteEnvironment environment, SecureQueryEncryptDescriptor descriptor ) throws Exception {
- clusterName = environment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE );
- GatewayServices services = environment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
- cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE);
- }
-
- @Override
- public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception {
- //TODO: Need some way to get a reference to the keystore service and the encryption key in particular.
- Template url = context.getCurrentUrl();
- String str = url.toString();
- String path = str;
- String query = null;
- int index = str.indexOf( '?' );
- if( index >= 0 ) {
- path = str.substring( 0, index );
- if( index < str.length() ) {
- query = str.substring( index + 1 );
- }
- }
- if( query != null ) {
- query = encode( query );
- url = Parser.parseLiteral( path + "?" + ENCRYPTED_PARAMETER_NAME +"=" + query );
- context.setCurrentUrl( url );
- }
- return UrlRewriteStepStatus.SUCCESS;
- }
-
- @Override
- public void destroy() {
- }
-
- private String encode( String string ) throws UnsupportedEncodingException {
- EncryptionResult result = cryptoService.encryptForCluster(clusterName, "encryptQueryString", string.getBytes("UTF-8"));
- string = Base64.encodeBase64URLSafeString(result.toByteAray());
- return string;
- }
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryMessages.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryMessages.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryMessages.java
deleted file mode 100644
index 27cadaa..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryMessages.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.hadoop.gateway.i18n.messages.Message;
-import org.apache.hadoop.gateway.i18n.messages.MessageLevel;
-import org.apache.hadoop.gateway.i18n.messages.Messages;
-import org.apache.hadoop.gateway.i18n.messages.StackTrace;
-
-@Messages(logger="org.apache.hadoop.gateway.securequery")
-public interface SecureQueryMessages {
-
- @Message( level = MessageLevel.ERROR, text = "Failed to create or verify the presence of a password for query string encryption: {0}" )
- void unableCreatePasswordForEncryption(@StackTrace( level = MessageLevel.DEBUG ) Exception e);
-
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeDescriptor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeDescriptor.java
new file mode 100644
index 0000000..069dc65
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeDescriptor.java
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.knox.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase;
+
+public class SecureQueryDecodeDescriptor
+ extends UrlRewriteActionDescriptorBase
+ implements UrlRewriteActionDescriptor {
+
+ static final String STEP_NAME = "decode-query";
+
+ public SecureQueryDecodeDescriptor() {
+ super( STEP_NAME );
+ }
+
+ @Override
+ public String getParam() {
+ return null;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeProcessor.java
new file mode 100644
index 0000000..c007021
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeProcessor.java
@@ -0,0 +1,87 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepStatus;
+import org.apache.knox.gateway.util.urltemplate.Builder;
+import org.apache.knox.gateway.util.urltemplate.Query;
+import org.apache.knox.gateway.util.urltemplate.Template;
+
+import java.io.UnsupportedEncodingException;
+import java.util.Map;
+import java.util.StringTokenizer;
+
+public class SecureQueryDecodeProcessor implements
+ UrlRewriteStepProcessor<SecureQueryDecodeDescriptor> {
+
+ private static final String ENCODED_PARAMETER_NAME = "_";
+
+ @Override
+ public String getType() {
+ return SecureQueryDecodeDescriptor.STEP_NAME;
+ }
+
+ @Override
+ public void initialize( UrlRewriteEnvironment environment, SecureQueryDecodeDescriptor descriptor ) throws Exception {
+ }
+
+ @Override
+ public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception {
+ //TODO: Need some way to get a reference to the keystore service and the encryption key in particular.
+ Template currUrl = context.getCurrentUrl();
+ Builder newUrl = new Builder( currUrl );
+ Map<String,Query> map = newUrl.getQuery();
+ Query query = map.remove( ENCODED_PARAMETER_NAME );
+ if( query != null ) {
+ String value = query.getFirstValue().getPattern();
+ value = decode( value );
+ StringTokenizer outerParser = new StringTokenizer( value, "&" );
+ while( outerParser.hasMoreTokens() ) {
+ String pair = outerParser.nextToken();
+ StringTokenizer innerParser = new StringTokenizer( pair, "=" );
+ if( innerParser.hasMoreTokens() ) {
+ String paramName = innerParser.nextToken();
+ if( innerParser.hasMoreTokens() ) {
+ String paramValue = innerParser.nextToken();
+ // Need to take out any existing query param.
+ // If we don't then someone could override something in the encoded param.
+ map.remove( paramName );
+ newUrl.addQuery( paramName, "", paramValue, true );
+ } else {
+ newUrl.addQuery( paramName, "", null, true );
+ }
+ }
+ }
+ context.setCurrentUrl( newUrl.build() );
+ }
+ return UrlRewriteStepStatus.SUCCESS;
+ }
+
+ @Override
+ public void destroy() {
+ }
+
+ private static String decode( String string ) throws UnsupportedEncodingException {
+ return new String( Base64.decodeBase64( string ), "UTF-8" );
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptDescriptor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptDescriptor.java
new file mode 100644
index 0000000..f463fec
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptDescriptor.java
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.knox.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase;
+
+public class SecureQueryDecryptDescriptor
+ extends UrlRewriteActionDescriptorBase
+ implements UrlRewriteActionDescriptor {
+
+ static final String STEP_NAME = "decrypt-query";
+
+ public SecureQueryDecryptDescriptor() {
+ super( STEP_NAME );
+ }
+
+ @Override
+ public String getParam() {
+ return null;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptProcessor.java
new file mode 100644
index 0000000..3cccc4d
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptProcessor.java
@@ -0,0 +1,120 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepStatus;
+import org.apache.knox.gateway.services.GatewayServices;
+import org.apache.knox.gateway.services.security.CryptoService;
+import org.apache.knox.gateway.services.security.EncryptionResult;
+import org.apache.knox.gateway.util.urltemplate.Builder;
+import org.apache.knox.gateway.util.urltemplate.Query;
+import org.apache.knox.gateway.util.urltemplate.Template;
+
+import java.io.UnsupportedEncodingException;
+import java.util.Map;
+import java.util.StringTokenizer;
+
+public class SecureQueryDecryptProcessor implements
+ UrlRewriteStepProcessor<SecureQueryDecryptDescriptor> {
+
+ private static final String ENCRYPTED_PARAMETER_NAME = "_";
+
+ private String clusterName;
+ private CryptoService cryptoService;
+
+ @Override
+ public String getType() {
+ return SecureQueryDecryptDescriptor.STEP_NAME;
+ }
+
+ @Override
+ public void initialize( UrlRewriteEnvironment environment, SecureQueryDecryptDescriptor descriptor ) throws Exception {
+ clusterName = environment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE );
+ GatewayServices services = environment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
+ cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE);
+ }
+
+ @Override
+ public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception {
+ //TODO: Need some way to get a reference to the keystore service and the encryption key in particular.
+ Template currUrl = context.getCurrentUrl();
+ Builder newUrl = new Builder( currUrl );
+ Map<String,Query> map = newUrl.getQuery();
+ Query query = map.remove( ENCRYPTED_PARAMETER_NAME );
+ UrlRewriteStepStatus status = UrlRewriteStepStatus.FAILURE;
+ status = getUrlRewriteStepStatus(context, newUrl, map, query, status);
+ return status;
+ }
+
+ private UrlRewriteStepStatus getUrlRewriteStepStatus(UrlRewriteContext context, Builder newUrl, Map<String, Query> map, Query query, UrlRewriteStepStatus status) throws UnsupportedEncodingException {
+ if( query != null ) {
+ String value = query.getFirstValue().getPattern();
+ value = decode( value );
+ status = getUrlRewriteStepStatus(context, newUrl, map, status, value);
+ }
+ return status;
+ }
+
+ private UrlRewriteStepStatus getUrlRewriteStepStatus(UrlRewriteContext context, Builder newUrl, Map<String, Query> map, UrlRewriteStepStatus status, String value) {
+ if( value != null ) {
+ StringTokenizer outerParser = new StringTokenizer( value, "&" );
+ while( outerParser.hasMoreTokens() ) {
+ String pair = outerParser.nextToken();
+ StringTokenizer innerParser = new StringTokenizer( pair, "=" );
+ if( innerParser.hasMoreTokens() ) {
+ String paramName = innerParser.nextToken();
+ if( innerParser.hasMoreTokens() ) {
+ String paramValue = innerParser.nextToken();
+ // Need to remove from the clear parameters any param name in the encoded params.
+ // If we don't then someone could override something in the encoded param.
+ map.remove( paramName );
+ newUrl.addQuery( paramName, "", paramValue, true );
+ } else {
+ newUrl.addQuery( paramName, "", null, true );
+ }
+ }
+ }
+ context.setCurrentUrl( newUrl.build() );
+ context.getParameters().resolve( "gateway.name" );
+ status = UrlRewriteStepStatus.SUCCESS;
+ }
+ return status;
+ }
+
+ @Override
+ public void destroy() {
+ }
+
+ String decode( String string ) throws UnsupportedEncodingException {
+ byte[] bytes = Base64.decodeBase64( string );
+ EncryptionResult result = EncryptionResult.fromByteArray(bytes);
+ byte[] clear = cryptoService.decryptForCluster(clusterName,
+ "encryptQueryString",
+ result.cipher,
+ result.iv,
+ result.salt);
+ if (clear != null) {
+ return new String(clear);
+ }
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDeploymentContributor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDeploymentContributor.java
new file mode 100644
index 0000000..dead39f
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDeploymentContributor.java
@@ -0,0 +1,113 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.knox.gateway.deploy.DeploymentContext;
+import org.apache.knox.gateway.deploy.ProviderDeploymentContributor;
+import org.apache.knox.gateway.deploy.ProviderDeploymentContributorBase;
+import org.apache.knox.gateway.descriptor.FilterParamDescriptor;
+import org.apache.knox.gateway.descriptor.ResourceDescriptor;
+import org.apache.knox.gateway.i18n.messages.MessagesFactory;
+import org.apache.knox.gateway.services.security.AliasService;
+import org.apache.knox.gateway.services.security.AliasServiceException;
+import org.apache.knox.gateway.topology.Provider;
+import org.apache.knox.gateway.topology.Service;
+
+import java.util.List;
+
+public class SecureQueryDeploymentContributor
+ extends ProviderDeploymentContributorBase
+ implements ProviderDeploymentContributor {
+
+ private static SecureQueryMessages log = MessagesFactory.get( SecureQueryMessages.class );
+ public static final String PROVIDER_ROLE_NAME = "secure-query";
+ public static final String PROVIDER_IMPL_NAME = "default";
+ private AliasService as;
+
+ @Override
+ public String getRole() {
+ return PROVIDER_ROLE_NAME;
+ }
+
+ @Override
+ public String getName() {
+ return PROVIDER_IMPL_NAME;
+ }
+
+ public void setAliasService(AliasService as) {
+ this.as = as;
+ }
+
+ @Override
+ public void initializeContribution(DeploymentContext context) {
+ super.initializeContribution(context);
+
+ String clusterName = context.getTopology().getName();
+
+ // we don't want to overwrite an existing alias from a previous topology deployment
+ // so we can't just blindly generateAlias here.
+ // this version of getPassword will generate a value for it only if missing
+ try {
+ this.as.getPasswordFromAliasForCluster(clusterName, "encryptQueryString", true);
+ } catch (AliasServiceException e) {
+ log.unableCreatePasswordForEncryption(e);
+ }
+ }
+
+ @Override
+ public void contributeProvider( DeploymentContext context, Provider provider ) {
+ if( provider.isEnabled() ) {
+// UrlRewriteRulesDescriptor rules = context.getDescriptor( REWRITE_ROLE_NAME );
+// if( rules != null ) {
+// HostmapFunctionDescriptor func = rules.addFunction( HostmapFunctionDescriptor.FUNCTION_NAME );
+// if( func != null ) {
+// Asset asset = createAsset( provider );
+// context.getWebArchive().addAsWebInfResource(
+// asset, HostmapFunctionProcessor.DESCRIPTOR_DEFAULT_FILE_NAME );
+// func.config( HostmapFunctionProcessor.DESCRIPTOR_DEFAULT_LOCATION );
+// }
+// }
+ }
+ }
+
+// private Asset createAsset( Provider provider ) {
+// StringWriter buffer = new StringWriter();
+// PrintWriter writer = new PrintWriter( buffer );
+// for( Map.Entry<String,String> entry : provider.getParams().entrySet() ) {
+// String externalHosts = entry.getKey();
+// String internalHosts = entry.getValue();
+// writer.print( externalHosts );
+// writer.print( "=" );
+// writer.println( internalHosts ) ;
+// }
+// writer.close();
+// String string = buffer.toString();
+// Asset asset = new StringAsset( string );
+// return asset;
+// }
+
+ @Override
+ public void contributeFilter(
+ DeploymentContext context,
+ Provider provider,
+ Service service,
+ ResourceDescriptor resource,
+ List<FilterParamDescriptor> params ) {
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeDescriptor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeDescriptor.java
new file mode 100644
index 0000000..45f3ddc
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeDescriptor.java
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.knox.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase;
+
+public class SecureQueryEncodeDescriptor
+ extends UrlRewriteActionDescriptorBase
+ implements UrlRewriteActionDescriptor {
+
+ static final String STEP_NAME = "encode-query";
+
+ public SecureQueryEncodeDescriptor() {
+ super( STEP_NAME );
+ }
+
+ @Override
+ public String getParam() {
+ return null;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeProcessor.java
new file mode 100644
index 0000000..b3aeb24
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeProcessor.java
@@ -0,0 +1,77 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepStatus;
+import org.apache.knox.gateway.util.urltemplate.Parser;
+import org.apache.knox.gateway.util.urltemplate.Template;
+
+public class SecureQueryEncodeProcessor
+ implements UrlRewriteStepProcessor<SecureQueryEncodeDescriptor> {
+
+ private static final String ENCODED_PARAMETER_NAME = "_";
+
+ @Override
+ public String getType() {
+ return SecureQueryEncodeDescriptor.STEP_NAME;
+ }
+
+ @Override
+ public void initialize( UrlRewriteEnvironment environment, SecureQueryEncodeDescriptor descriptor ) throws Exception {
+ }
+
+ @Override
+ public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception {
+ //TODO: Need some way to get a reference to the keystore service and the encryption key in particular.
+ Template url = context.getCurrentUrl();
+ String str = url.toString();
+ String path = str;
+ String query = null;
+ int index = str.indexOf( '?' );
+ if( index >= 0 ) {
+ path = str.substring( 0, index );
+ if( index < str.length() ) {
+ query = str.substring( index + 1 );
+ }
+ }
+ if( query != null ) {
+ query = Base64.encodeBase64String( query.getBytes( "UTF-8" ) );
+ query = removeTrailingEquals( query );
+ url = Parser.parseLiteral( path + "?" + ENCODED_PARAMETER_NAME +"=" + query );
+ context.setCurrentUrl( url );
+ }
+ return UrlRewriteStepStatus.SUCCESS;
+ }
+
+ @Override
+ public void destroy() {
+ }
+
+ private static String removeTrailingEquals( String s ) {
+ int i = s.length()-1;
+ while( i > 0 && s.charAt( i ) == '=' ) {
+ i--;
+ }
+ return s.substring( 0, i+1 );
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptDescriptor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptDescriptor.java
new file mode 100644
index 0000000..23b79cf
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptDescriptor.java
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.knox.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase;
+
+public class SecureQueryEncryptDescriptor
+ extends UrlRewriteActionDescriptorBase
+ implements UrlRewriteActionDescriptor {
+
+ static final String STEP_NAME = "encrypt-query";
+
+ public SecureQueryEncryptDescriptor() {
+ super( STEP_NAME );
+ }
+
+ @Override
+ public String getParam() {
+ return null;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptProcessor.java
new file mode 100644
index 0000000..5e44d20
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptProcessor.java
@@ -0,0 +1,84 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor;
+import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepStatus;
+import org.apache.knox.gateway.services.GatewayServices;
+import org.apache.knox.gateway.services.security.CryptoService;
+import org.apache.knox.gateway.services.security.EncryptionResult;
+import org.apache.knox.gateway.util.urltemplate.Parser;
+import org.apache.knox.gateway.util.urltemplate.Template;
+
+import java.io.UnsupportedEncodingException;
+
+public class SecureQueryEncryptProcessor
+ implements UrlRewriteStepProcessor<SecureQueryEncryptDescriptor> {
+
+ private static final String ENCRYPTED_PARAMETER_NAME = "_";
+
+ private String clusterName;
+ private CryptoService cryptoService = null;
+
+ @Override
+ public String getType() {
+ return SecureQueryEncryptDescriptor.STEP_NAME;
+ }
+
+ @Override
+ public void initialize( UrlRewriteEnvironment environment, SecureQueryEncryptDescriptor descriptor ) throws Exception {
+ clusterName = environment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE );
+ GatewayServices services = environment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
+ cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE);
+ }
+
+ @Override
+ public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception {
+ //TODO: Need some way to get a reference to the keystore service and the encryption key in particular.
+ Template url = context.getCurrentUrl();
+ String str = url.toString();
+ String path = str;
+ String query = null;
+ int index = str.indexOf( '?' );
+ if( index >= 0 ) {
+ path = str.substring( 0, index );
+ if( index < str.length() ) {
+ query = str.substring( index + 1 );
+ }
+ }
+ if( query != null ) {
+ query = encode( query );
+ url = Parser.parseLiteral( path + "?" + ENCRYPTED_PARAMETER_NAME +"=" + query );
+ context.setCurrentUrl( url );
+ }
+ return UrlRewriteStepStatus.SUCCESS;
+ }
+
+ @Override
+ public void destroy() {
+ }
+
+ private String encode( String string ) throws UnsupportedEncodingException {
+ EncryptionResult result = cryptoService.encryptForCluster(clusterName, "encryptQueryString", string.getBytes("UTF-8"));
+ string = Base64.encodeBase64URLSafeString(result.toByteAray());
+ return string;
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryMessages.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryMessages.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryMessages.java
new file mode 100644
index 0000000..62f0e9f
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryMessages.java
@@ -0,0 +1,31 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.securequery;
+
+import org.apache.knox.gateway.i18n.messages.Message;
+import org.apache.knox.gateway.i18n.messages.MessageLevel;
+import org.apache.knox.gateway.i18n.messages.Messages;
+import org.apache.knox.gateway.i18n.messages.StackTrace;
+
+@Messages(logger="org.apache.hadoop.gateway.securequery")
+public interface SecureQueryMessages {
+
+ @Message( level = MessageLevel.ERROR, text = "Failed to create or verify the presence of a password for query string encryption: {0}" )
+ void unableCreatePasswordForEncryption(@StackTrace( level = MessageLevel.DEBUG ) Exception e);
+
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
deleted file mode 100644
index 14ed327..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor
+++ /dev/null
@@ -1,19 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-
-org.apache.hadoop.gateway.securequery.SecureQueryDeploymentContributor
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteStepDescriptor
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteStepDescriptor b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteStepDescriptor
deleted file mode 100644
index c5f9376..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteStepDescriptor
+++ /dev/null
@@ -1,22 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-
-org.apache.hadoop.gateway.securequery.SecureQueryEncodeDescriptor
-org.apache.hadoop.gateway.securequery.SecureQueryDecodeDescriptor
-org.apache.hadoop.gateway.securequery.SecureQueryEncryptDescriptor
-org.apache.hadoop.gateway.securequery.SecureQueryDecryptDescriptor
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor
deleted file mode 100644
index f216d77..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor
+++ /dev/null
@@ -1,22 +0,0 @@
-##########################################################################
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-##########################################################################
-
-org.apache.hadoop.gateway.securequery.SecureQueryEncodeProcessor
-org.apache.hadoop.gateway.securequery.SecureQueryDecodeProcessor
-org.apache.hadoop.gateway.securequery.SecureQueryEncryptProcessor
-org.apache.hadoop.gateway.securequery.SecureQueryDecryptProcessor
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
new file mode 100644
index 0000000..45705ad
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor
@@ -0,0 +1,19 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.knox.gateway.securequery.SecureQueryDeploymentContributor
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.api.UrlRewriteStepDescriptor
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.api.UrlRewriteStepDescriptor b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.api.UrlRewriteStepDescriptor
new file mode 100644
index 0000000..4e7c21f
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.api.UrlRewriteStepDescriptor
@@ -0,0 +1,22 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.knox.gateway.securequery.SecureQueryEncodeDescriptor
+org.apache.knox.gateway.securequery.SecureQueryDecodeDescriptor
+org.apache.knox.gateway.securequery.SecureQueryEncryptDescriptor
+org.apache.knox.gateway.securequery.SecureQueryDecryptDescriptor
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor
new file mode 100644
index 0000000..27f5951
--- /dev/null
+++ b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor
@@ -0,0 +1,22 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.knox.gateway.securequery.SecureQueryEncodeProcessor
+org.apache.knox.gateway.securequery.SecureQueryDecodeProcessor
+org.apache.knox.gateway.securequery.SecureQueryEncryptProcessor
+org.apache.knox.gateway.securequery.SecureQueryDecryptProcessor
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeDescriptorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeDescriptorTest.java b/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeDescriptorTest.java
deleted file mode 100644
index cb496e8..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeDescriptorTest.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.junit.Test;
-
-import static org.hamcrest.CoreMatchers.is;
-import static org.hamcrest.CoreMatchers.nullValue;
-import static org.hamcrest.MatcherAssert.assertThat;
-
-public class SecureQueryDecodeDescriptorTest {
-
- @Test
- public void testGetAndSet() {
- SecureQueryDecodeDescriptor descriptor = new SecureQueryDecodeDescriptor();
- assertThat( descriptor.type(), is( "decode-query" ) );
- assertThat( descriptor.getParam(), nullValue() );
- }
-
-}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessorTest.java b/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessorTest.java
deleted file mode 100644
index b6a7c5c..0000000
--- a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessorTest.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.hadoop.gateway.securequery;
-
-import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteEnvironment;
-import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteContext;
-import org.apache.hadoop.gateway.util.urltemplate.Parser;
-import org.apache.hadoop.gateway.util.urltemplate.Template;
-import org.easymock.Capture;
-import org.easymock.EasyMock;
-import org.junit.Test;
-import sun.misc.BASE64Encoder;
-
-import java.io.IOException;
-import java.net.URL;
-import java.util.List;
-
-import static org.hamcrest.CoreMatchers.containsString;
-import static org.hamcrest.CoreMatchers.is;
-import static org.hamcrest.CoreMatchers.not;
-import static org.hamcrest.MatcherAssert.assertThat;
-
-public class SecureQueryDecodeProcessorTest {
-
- @Test
- public void testSimpleQueryDecode() throws Exception {
- UrlRewriteEnvironment environment = new UrlRewriteEnvironment() {
- @Override
- public URL getResource( String name ) throws IOException {
- return null;
- }
-
- @Override
- public <T> T getAttribute( String name ) {
- return null;
- }
-
- @Override
- public List<String> resolve( String name ) {
- return null;
- }
- };
-
- BASE64Encoder encoder = new BASE64Encoder();
- String encQuery = encoder.encode( "test-query".getBytes("utf-8" ) );
- encQuery = encQuery.replaceAll( "\\=", "" );
- String inString = "http://host:0/root/path?_=" + encQuery;
- Template inTemplate = Parser.parseLiteral( inString );
-
- UrlRewriteContext context = EasyMock.createNiceMock( UrlRewriteContext.class );
- EasyMock.expect( context.getCurrentUrl() ).andReturn( inTemplate );
- Capture<Template> outTemplate = new Capture<Template>();
- context.setCurrentUrl( EasyMock.capture( outTemplate ) );
- EasyMock.replay( context );
-
- SecureQueryDecodeDescriptor descriptor = new SecureQueryDecodeDescriptor();
- SecureQueryDecodeProcessor processor = new SecureQueryDecodeProcessor();
- processor.initialize( environment, descriptor );
- processor.process( context );
-
- String outActual = outTemplate.getValue().toString();
- assertThat( outActual, is( "http://host:0/root/path?test-query" ) );
- }
-
- @Test
- public void testDecodeQueryWithNonEncodedParams() throws Exception {
- UrlRewriteEnvironment environment = new UrlRewriteEnvironment() {
- @Override
- public URL getResource( String name ) throws IOException {
- return null;
- }
-
- @Override
- public <T> T getAttribute( String name ) {
- return null;
- }
-
- @Override
- public List<String> resolve( String name ) {
- return null;
- }
- };
-
- BASE64Encoder encoder = new BASE64Encoder();
- String inQuery = "test-query=test-value";
- String encQuery = encoder.encode( inQuery.getBytes( "utf-8" ) );
- encQuery = encQuery.replaceAll( "\\=", "" );
- String inString = "http://host:0/root/path?_=" + encQuery + "&clear-param=clear-value";
- Template inTemplate = Parser.parseLiteral( inString );
-
- UrlRewriteContext context = EasyMock.createNiceMock( UrlRewriteContext.class );
- EasyMock.expect( context.getCurrentUrl() ).andReturn( inTemplate );
- Capture<Template> outTemplate = new Capture<Template>();
- context.setCurrentUrl( EasyMock.capture( outTemplate ) );
- EasyMock.replay( context );
-
- SecureQueryDecodeDescriptor descriptor = new SecureQueryDecodeDescriptor();
- SecureQueryDecodeProcessor processor = new SecureQueryDecodeProcessor();
- processor.initialize( environment, descriptor );
- processor.process( context );
-
- String outActual = outTemplate.getValue().toString();
- assertThat( outActual, containsString( "http://host:0/root/path?" ) );
- assertThat( outActual, containsString( "test-query=test-value" ) );
- assertThat( outActual, containsString( "clear-param=clear-value" ) );
- assertThat( outActual, not( containsString( encQuery ) ) );
- }
-
-
-}