You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2015/10/26 21:39:57 UTC
knox git commit: KNOX-613 - Provide Credential Collector Abstraction
to Client Shell
Repository: knox
Updated Branches:
refs/heads/master 58ffaf213 -> 0a9f33b03
KNOX-613 - Provide Credential Collector Abstraction to Client Shell
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/0a9f33b0
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/0a9f33b0
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/0a9f33b0
Branch: refs/heads/master
Commit: 0a9f33b03ed57e37eaebba62db78ff948ea1aae3
Parents: 58ffaf2
Author: Larry McCay <lm...@hortonworks.com>
Authored: Mon Oct 26 16:33:54 2015 -0400
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Mon Oct 26 16:33:54 2015 -0400
----------------------------------------------------------------------
.../shell/AbstractCredentialCollector.java | 74 ++++++++++++++++++
.../AbstractJavaConsoleCredentialCollector.java | 66 ++++++++++++++++
.../shell/ClearInputCredentialCollector.java | 45 +++++++++++
.../shell/CredentialCollectionException.java | 34 ++++++++
.../gateway/shell/CredentialCollector.java | 29 +++++++
.../hadoop/gateway/shell/Credentials.java | 63 +++++++++++++++
.../shell/HiddenInputCredentialCollector.java | 45 +++++++++++
...che.hadoop.gateway.shell.CredentialCollector | 20 +++++
.../hadoop/gateway/security/PromptUtils.java | 82 ++++++++++++++++++++
.../gateway/security/UsernamePassword.java | 45 +++++++++++
10 files changed, 503 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/0a9f33b0/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/AbstractCredentialCollector.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/AbstractCredentialCollector.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/AbstractCredentialCollector.java
new file mode 100644
index 0000000..a0ef54b
--- /dev/null
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/AbstractCredentialCollector.java
@@ -0,0 +1,74 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.shell;
+
+import java.io.UnsupportedEncodingException;
+
+public abstract class AbstractCredentialCollector implements CredentialCollector {
+
+ protected String prompt;
+ protected String value;
+ private String name;
+
+ /**
+ *
+ */
+ public AbstractCredentialCollector() {
+ super();
+ }
+
+ public boolean validate() {
+ return true;
+ }
+
+ @Override
+ public String string() {
+ return value;
+ }
+
+ @Override
+ public char[] chars() {
+ return value.toCharArray();
+ }
+
+ @Override
+ public byte[] bytes() {
+ try {
+ return value.getBytes("UTF-8");
+ } catch (UnsupportedEncodingException e) {
+ System.out.println("Unsupported encoding.");
+ }
+ return null;
+ }
+
+ @Override
+ public void setPrompt(String prompt) {
+ this.prompt = prompt;
+ }
+
+ @Override
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ @Override
+ public String name() {
+ return name;
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/0a9f33b0/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/AbstractJavaConsoleCredentialCollector.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/AbstractJavaConsoleCredentialCollector.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/AbstractJavaConsoleCredentialCollector.java
new file mode 100644
index 0000000..a976cbe
--- /dev/null
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/AbstractJavaConsoleCredentialCollector.java
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.shell;
+
+import java.io.Console;
+
+/**
+ *
+ */
+public abstract class AbstractJavaConsoleCredentialCollector extends AbstractCredentialCollector {
+
+ public AbstractJavaConsoleCredentialCollector() {
+ super();
+ }
+
+ protected String collectClearCredential(String prompt) {
+ Console c = System.console();
+ if (c == null) {
+ System.err.println("No console.");
+ System.exit(1);
+ }
+
+ String username = c.readLine(prompt + ": ");
+ value = username;
+
+ return value;
+ }
+
+ protected String collectHiddenCredential(String prompt) {
+ char[] response = null;
+ Console c = System.console();
+ if (c == null) {
+ System.err.println("No console.");
+ System.exit(1);
+ }
+
+ response = c.readPassword(prompt + ": ");
+ value = new String(response);
+
+ return value;
+ }
+
+ @Override
+ public boolean validate() {
+ boolean rc = true;
+ if (value == null || value.isEmpty()) {
+ rc = false;
+ }
+ return rc;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/0a9f33b0/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/ClearInputCredentialCollector.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/ClearInputCredentialCollector.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/ClearInputCredentialCollector.java
new file mode 100644
index 0000000..49e086c
--- /dev/null
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/ClearInputCredentialCollector.java
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.shell;
+
+
+public class ClearInputCredentialCollector extends AbstractJavaConsoleCredentialCollector {
+ public static String COLLECTOR_TYPE = "ClearInput";
+ /* (non-Javadoc)
+ * @see org.apache.hadoop.gateway.shell.CredentialCollector#collect()
+ */
+ @Override
+ public void collect() throws CredentialCollectionException {
+ boolean valid = false;
+ while (!valid) {
+ collectClearCredential(prompt);
+ valid = validate();
+ if (!valid) {
+ System.out.println("** Must not be empty **");
+ }
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.hadoop.gateway.shell.CredentialCollector#name()
+ */
+ @Override
+ public String type() {
+ return COLLECTOR_TYPE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/0a9f33b0/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/CredentialCollectionException.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/CredentialCollectionException.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/CredentialCollectionException.java
new file mode 100644
index 0000000..f5f1b37
--- /dev/null
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/CredentialCollectionException.java
@@ -0,0 +1,34 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.shell;
+
+public class CredentialCollectionException extends Exception {
+ private static final long serialVersionUID = 1L;
+
+ public CredentialCollectionException(String string) {
+ super(string);
+ }
+
+ public CredentialCollectionException(String string, Exception e) {
+ super(string, e);
+ }
+
+ public CredentialCollectionException() {
+ super();
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/0a9f33b0/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/CredentialCollector.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/CredentialCollector.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/CredentialCollector.java
new file mode 100644
index 0000000..420c885
--- /dev/null
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/CredentialCollector.java
@@ -0,0 +1,29 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.shell;
+
+public interface CredentialCollector {
+ void collect() throws CredentialCollectionException;
+ String string();
+ char[] chars();
+ byte[] bytes();
+ String type();
+ String name();
+ void setPrompt(String prompt);
+ void setName(String name);
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/0a9f33b0/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Credentials.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Credentials.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Credentials.java
new file mode 100644
index 0000000..01aea70
--- /dev/null
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/Credentials.java
@@ -0,0 +1,63 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.shell;
+
+import java.util.ArrayList;
+import java.util.ServiceLoader;
+
+public class Credentials {
+ ArrayList<CredentialCollector> collectors = new ArrayList<CredentialCollector>();
+
+ public Credentials add(String collectorType, String prompt, String name)
+ throws CredentialCollectionException {
+ CredentialCollector collector = loadCredentialCollector(collectorType, prompt, name);
+ if (collector == null) {
+ throw new CredentialCollectionException("Invalid Collector Requested. Type: " + collectorType + " Name: " + name);
+ }
+ collector.setPrompt(prompt);
+ collector.setName(name);
+ collectors.add(collector);
+
+ return this;
+ }
+
+ public void collect() throws CredentialCollectionException {
+ for (CredentialCollector collector : collectors) {
+ collector.collect();
+ }
+ }
+
+ public CredentialCollector get(String name) {
+ for (CredentialCollector collector : collectors) {
+ if (collector.name().equals(name)) {
+ return collector;
+ }
+ }
+ return null;
+ }
+
+ private CredentialCollector loadCredentialCollector(String type, String prompt, String name) {
+ ServiceLoader<CredentialCollector> collectorsList = ServiceLoader.load(CredentialCollector.class);
+ for (CredentialCollector collector : collectorsList) {
+ if (collector.type().equals(type)) {
+ return collector;
+ }
+ }
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/0a9f33b0/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/HiddenInputCredentialCollector.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/HiddenInputCredentialCollector.java b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/HiddenInputCredentialCollector.java
new file mode 100644
index 0000000..6e350de
--- /dev/null
+++ b/gateway-shell/src/main/java/org/apache/hadoop/gateway/shell/HiddenInputCredentialCollector.java
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.shell;
+
+
+public class HiddenInputCredentialCollector extends AbstractJavaConsoleCredentialCollector {
+ public static String COLLECTOR_TYPE = "HiddenInput";
+ /* (non-Javadoc)
+ * @see org.apache.hadoop.gateway.shell.CredentialCollector#collect()
+ */
+ @Override
+ public void collect() throws CredentialCollectionException {
+ boolean valid = false;
+ while (!valid) {
+ collectHiddenCredential(prompt);
+ valid = validate();
+ if (!valid) {
+ System.out.println("** Must not be empty **");
+ }
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.hadoop.gateway.shell.CredentialCollector#name()
+ */
+ @Override
+ public String type() {
+ return COLLECTOR_TYPE;
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/0a9f33b0/gateway-shell/src/main/resources/META-INF/services/org.apache.hadoop.gateway.shell.CredentialCollector
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/resources/META-INF/services/org.apache.hadoop.gateway.shell.CredentialCollector b/gateway-shell/src/main/resources/META-INF/services/org.apache.hadoop.gateway.shell.CredentialCollector
new file mode 100644
index 0000000..eb6d5b8
--- /dev/null
+++ b/gateway-shell/src/main/resources/META-INF/services/org.apache.hadoop.gateway.shell.CredentialCollector
@@ -0,0 +1,20 @@
+##########################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+org.apache.hadoop.gateway.shell.ClearInputCredentialCollector
+org.apache.hadoop.gateway.shell.HiddenInputCredentialCollector
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/knox/blob/0a9f33b0/gateway-spi/src/main/java/org/apache/hadoop/gateway/security/PromptUtils.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/security/PromptUtils.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/security/PromptUtils.java
new file mode 100644
index 0000000..7768b27
--- /dev/null
+++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/security/PromptUtils.java
@@ -0,0 +1,82 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.security;
+
+import java.io.Console;
+import java.util.Arrays;
+
+import org.apache.hadoop.gateway.i18n.GatewaySpiMessages;
+import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
+
+public class PromptUtils {
+ private static GatewaySpiMessages LOG = MessagesFactory.get( GatewaySpiMessages.class );
+
+ public static char[] challengeUserForEstablishingMaterSecret() {
+ char[] response = null;
+ Console c = System.console();
+ if (c == null) {
+ LOG.unableToPromptForMasterUseKnoxCLI();
+ System.err.println("No console.");
+ System.exit(1);
+ }
+
+ boolean noMatch;
+ do {
+ char [] newPassword1 = c.readPassword("Enter master secret: ");
+ char [] newPassword2 = c.readPassword("Enter master secret again: ");
+ noMatch = ! Arrays.equals(newPassword1, newPassword2);
+ if (noMatch) {
+ c.format("Passwords don't match. Try again.%n");
+ } else {
+ response = Arrays.copyOf(newPassword1, newPassword1.length);
+ }
+ Arrays.fill(newPassword1, ' ');
+ Arrays.fill(newPassword2, ' ');
+ } while (noMatch);
+
+ return response;
+ }
+
+ public static UsernamePassword challengeUserNamePassword(String prompt1, String prompt2) {
+ UsernamePassword response = null;
+ Console c = System.console();
+ if (c == null) {
+ System.err.println("No console.");
+ System.exit(1);
+ }
+
+ String username = c.readLine(prompt1 + ": ");
+ char [] pwd = c.readPassword(prompt2 + ": ");
+ response = new UsernamePassword(username, pwd);
+
+ return response;
+ }
+
+ public static char[] challengeForPassword(String prompt) {
+ char[] response = null;
+ Console c = System.console();
+ if (c == null) {
+ System.err.println("No console.");
+ System.exit(1);
+ }
+
+ response = c.readPassword(prompt + ": ");
+
+ return response;
+ }
+}
http://git-wip-us.apache.org/repos/asf/knox/blob/0a9f33b0/gateway-spi/src/main/java/org/apache/hadoop/gateway/security/UsernamePassword.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/security/UsernamePassword.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/security/UsernamePassword.java
new file mode 100644
index 0000000..3c508db
--- /dev/null
+++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/security/UsernamePassword.java
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.gateway.security;
+
+public class UsernamePassword {
+ private String username;
+ private char[] password = null;
+
+ public UsernamePassword(String username, char[] password) {
+ super();
+ this.username = username;
+ this.password = password;
+ }
+
+ public String getUsername() {
+ return username;
+ }
+
+ public void setUsername(String username) {
+ this.username = username;
+ }
+
+ public char[] getPassword() {
+ return password;
+ }
+
+ public void setPassword(char[] password) {
+ this.password = password;
+ }
+}