You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2013/09/19 14:59:29 UTC
git commit: KNOX-48 reenabled the use of encrypt/decrypt-query for
protecting query strings
Updated Branches:
refs/heads/master 249a56e89 -> 00e739dff
KNOX-48 reenabled the use of encrypt/decrypt-query for protecting query strings
Project: http://git-wip-us.apache.org/repos/asf/incubator-knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-knox/commit/00e739df
Tree: http://git-wip-us.apache.org/repos/asf/incubator-knox/tree/00e739df
Diff: http://git-wip-us.apache.org/repos/asf/incubator-knox/diff/00e739df
Branch: refs/heads/master
Commit: 00e739dffcd83a3b41be13dfdd80cbfb86853ce1
Parents: 249a56e
Author: Larry McCay <lm...@hortonworks.com>
Authored: Thu Sep 19 08:59:10 2013 -0400
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Thu Sep 19 08:59:10 2013 -0400
----------------------------------------------------------------------
.../SecureQueryDecryptProcessor.java | 6 +---
.../SecureQueryDeploymentContributor.java | 10 ++++--
.../SecureQueryEncryptProcessor.java | 8 ++---
.../SecureQueryEncodeProcessorTest.java | 16 ++++++++++
.../SecureQueryEncryptDecryptProcessorTest.java | 6 ++--
.../WebHdfsDeploymentContributor/rewrite.xml | 4 +--
.../services/security/EncryptionResult.java | 1 -
.../deploy/DeploymentFactoryFuncTest.java | 32 ++++++++++++++++++--
8 files changed, 62 insertions(+), 21 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/00e739df/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptProcessor.java
index 89ecd28..7cae01b 100644
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptProcessor.java
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptProcessor.java
@@ -48,10 +48,7 @@ public class SecureQueryDecryptProcessor implements UrlRewriteStepProcessor<Secu
@Override
public void initialize( UrlRewriteEnvironment environment, SecureQueryDecryptDescriptor descriptor ) throws Exception {
- List<String> values = environment.resolve( "cluster.name" );
- if( values != null && values.size() > 0 ) {
- this.clusterName = environment.resolve( "cluster.name" ).get( 0 );
- }
+ clusterName = environment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE );
GatewayServices services = environment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE);
}
@@ -102,7 +99,6 @@ public class SecureQueryDecryptProcessor implements UrlRewriteStepProcessor<Secu
result.iv,
result.salt);
if (clear != null) {
- System.out.println(new String(clear));
return new String(clear);
}
return null;
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/00e739df/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDeploymentContributor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDeploymentContributor.java
index b30a7b7..f534c1f 100644
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDeploymentContributor.java
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDeploymentContributor.java
@@ -51,10 +51,16 @@ public class SecureQueryDeploymentContributor
}
@Override
+ public void initializeContribution(DeploymentContext context) {
+ super.initializeContribution(context);
+
+ String clusterName = context.getTopology().getName();
+ this.as.generateAliasForCluster(clusterName, "encryptQueryString");
+ }
+
+ @Override
public void contributeProvider( DeploymentContext context, Provider provider ) {
if( provider.isEnabled() ) {
- String clusterName = context.getTopology().getName();
- this.as.generateAliasForCluster(clusterName, "encryptQueryString");
// UrlRewriteRulesDescriptor rules = context.getDescriptor( REWRITE_ROLE_NAME );
// if( rules != null ) {
// HostmapFunctionDescriptor func = rules.addFunction( HostmapFunctionDescriptor.FUNCTION_NAME );
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/00e739df/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptProcessor.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptProcessor.java
index e1ca48b..081978d 100644
--- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptProcessor.java
+++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptProcessor.java
@@ -29,7 +29,6 @@ import org.apache.hadoop.gateway.util.urltemplate.Parser;
import org.apache.hadoop.gateway.util.urltemplate.Template;
import java.io.UnsupportedEncodingException;
-import java.util.List;
public class SecureQueryEncryptProcessor
implements UrlRewriteStepProcessor<SecureQueryEncryptDescriptor> {
@@ -46,10 +45,7 @@ public class SecureQueryEncryptProcessor
@Override
public void initialize( UrlRewriteEnvironment environment, SecureQueryEncryptDescriptor descriptor ) throws Exception {
- List<String> values = environment.resolve( "cluster.name" );
- if( values != null && values.size() > 0 ) {
- this.clusterName = environment.resolve( "cluster.name" ).get( 0 );
- }
+ clusterName = environment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE );
GatewayServices services = environment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE);
}
@@ -82,7 +78,7 @@ public class SecureQueryEncryptProcessor
private String encode( String string ) throws UnsupportedEncodingException {
EncryptionResult result = cryptoService.encryptForCluster(clusterName, "encryptQueryString", string.getBytes("UTF-8"));
- string = Base64.encodeBase64String(result.toByteAray());
+ string = Base64.encodeBase64URLSafeString(result.toByteAray());
return string;
}
}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/00e739df/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeProcessorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeProcessorTest.java b/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeProcessorTest.java
index 4003be3..3a9fe73 100644
--- a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeProcessorTest.java
+++ b/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeProcessorTest.java
@@ -17,8 +17,14 @@
*/
package org.apache.hadoop.gateway.securequery;
+import java.util.Arrays;
+
import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteEnvironment;
import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteContext;
+import org.apache.hadoop.gateway.services.GatewayServices;
+import org.apache.hadoop.gateway.services.security.AliasService;
+import org.apache.hadoop.gateway.services.security.CryptoService;
+import org.apache.hadoop.gateway.services.security.impl.DefaultCryptoService;
import org.apache.hadoop.gateway.util.urltemplate.Parser;
import org.apache.hadoop.gateway.util.urltemplate.Template;
import org.easymock.Capture;
@@ -33,7 +39,17 @@ public class SecureQueryEncodeProcessorTest {
@Test
public void testSimpleQueryEncoding() throws Exception {
+ AliasService as = EasyMock.createNiceMock( AliasService.class );
+ String secret = "sdkjfhsdkjfhsdfs";
+ EasyMock.expect( as.getPasswordFromAliasForCluster("test-cluster-name", "encryptQueryString")).andReturn( secret.toCharArray() ).anyTimes();
+ CryptoService cryptoService = new DefaultCryptoService();
+ ((DefaultCryptoService)cryptoService).setAliasService(as);
+ GatewayServices gatewayServices = EasyMock.createNiceMock( GatewayServices.class );
+ EasyMock.expect( gatewayServices.getService( GatewayServices.CRYPTO_SERVICE ) ).andReturn( cryptoService );
+
UrlRewriteEnvironment environment = EasyMock.createNiceMock( UrlRewriteEnvironment.class );
+ EasyMock.expect( environment.getAttribute( GatewayServices.GATEWAY_SERVICES_ATTRIBUTE ) ).andReturn( gatewayServices ).anyTimes();
+ EasyMock.expect( environment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE ) ).andReturn( Arrays.asList( "test-cluster-name" ) ).anyTimes();
Template inTemplate = Parser.parse( "http://host:0/root/path?query" );
UrlRewriteContext context = EasyMock.createNiceMock( UrlRewriteContext.class );
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/00e739df/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptDecryptProcessorTest.java
----------------------------------------------------------------------
diff --git a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptDecryptProcessorTest.java b/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptDecryptProcessorTest.java
index 758c6fb..b2e6044 100644
--- a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptDecryptProcessorTest.java
+++ b/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptDecryptProcessorTest.java
@@ -58,7 +58,7 @@ public class SecureQueryEncryptDecryptProcessorTest {
UrlRewriteEnvironment encEnvironment = EasyMock.createNiceMock( UrlRewriteEnvironment.class );
EasyMock.expect( encEnvironment.getAttribute( GatewayServices.GATEWAY_SERVICES_ATTRIBUTE ) ).andReturn( gatewayServices ).anyTimes();
- EasyMock.expect( encEnvironment.resolve( "cluster.name" ) ).andReturn( Arrays.asList( "test-cluster-name" ) ).anyTimes();
+ EasyMock.expect( encEnvironment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE ) ).andReturn( "test-cluster-name" ).anyTimes();
UrlRewriteContext encContext = EasyMock.createNiceMock( UrlRewriteContext.class );
EasyMock.expect( encContext.getCurrentUrl() ).andReturn( origTemplate );
Capture<Template> encTemplate = new Capture<Template>();
@@ -85,9 +85,9 @@ public class SecureQueryEncryptDecryptProcessorTest {
UrlRewriteEnvironment decEnvironment = EasyMock.createNiceMock( UrlRewriteEnvironment.class );
EasyMock.expect( decEnvironment.getAttribute( GatewayServices.GATEWAY_SERVICES_ATTRIBUTE ) ).andReturn( gatewayServices ).anyTimes();
- EasyMock.expect( decEnvironment.resolve( "cluster.name" ) ).andReturn( Arrays.asList( "test-cluster-name" ) ).anyTimes();
+ EasyMock.expect( decEnvironment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE ) ).andReturn( "test-cluster-name" ).anyTimes();
Params decParams = EasyMock.createNiceMock( Params.class );
- EasyMock.expect( decParams.resolve( "cluster.name" ) ).andReturn( Arrays.asList("test-cluster-name") ).anyTimes();
+ EasyMock.expect( decParams.resolve( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE ) ).andReturn( Arrays.asList("test-cluster-name") ).anyTimes();
UrlRewriteContext decContext = EasyMock.createNiceMock( UrlRewriteContext.class );
EasyMock.expect( decContext.getCurrentUrl() ).andReturn( encTemplate.getValue() );
EasyMock.expect( decContext.getParameters() ).andReturn( decParams );
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/00e739df/gateway-service-hdfs/src/main/resources/org/apache/hadoop/gateway/hdfs/WebHdfsDeploymentContributor/rewrite.xml
----------------------------------------------------------------------
diff --git a/gateway-service-hdfs/src/main/resources/org/apache/hadoop/gateway/hdfs/WebHdfsDeploymentContributor/rewrite.xml b/gateway-service-hdfs/src/main/resources/org/apache/hadoop/gateway/hdfs/WebHdfsDeploymentContributor/rewrite.xml
index 0aa62e9..db6069b 100644
--- a/gateway-service-hdfs/src/main/resources/org/apache/hadoop/gateway/hdfs/WebHdfsDeploymentContributor/rewrite.xml
+++ b/gateway-service-hdfs/src/main/resources/org/apache/hadoop/gateway/hdfs/WebHdfsDeploymentContributor/rewrite.xml
@@ -28,7 +28,7 @@
<rule dir="OUT" name="WEBHDFS/webhdfs/outbound/namenode/headers/location">
<match pattern="{scheme}://{host}:{port}/{path=**}?{**}"/>
<rewrite template="{gateway.url}/datanode/api/v1/{path=**}?{scheme}?host={$hostmap(host)}?{port}?{**}"/>
- <encode-query/>
+ <encrypt-query/>
</rule>
<rule dir="IN" name="WEBHDFS/webhdfs/inbound/hdfs" pattern="hdfs:/{path=**}?{**}">
@@ -48,7 +48,7 @@
</rule>
<rule dir="IN" name="WEBHDFS/webhdfs/inbound/datanode">
- <decode-query/>
+ <decrypt-query/>
<match pattern="*://*:*/**/datanode/api/*/{path=**}?{scheme}?{host}?{port}?{**}"/>
<rewrite template="{scheme}://{host}:{port}/{path=**}?{**}"/>
</rule>
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/00e739df/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/EncryptionResult.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/EncryptionResult.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/EncryptionResult.java
index 7d95e7d..75ace04 100644
--- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/EncryptionResult.java
+++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/EncryptionResult.java
@@ -17,7 +17,6 @@
*/
package org.apache.hadoop.gateway.services.security;
-import java.io.UnsupportedEncodingException;
import java.nio.ByteBuffer;
public class EncryptionResult {
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/00e739df/gateway-test/src/test/java/org/apache/hadoop/gateway/deploy/DeploymentFactoryFuncTest.java
----------------------------------------------------------------------
diff --git a/gateway-test/src/test/java/org/apache/hadoop/gateway/deploy/DeploymentFactoryFuncTest.java b/gateway-test/src/test/java/org/apache/hadoop/gateway/deploy/DeploymentFactoryFuncTest.java
index fea5456..4198125 100644
--- a/gateway-test/src/test/java/org/apache/hadoop/gateway/deploy/DeploymentFactoryFuncTest.java
+++ b/gateway-test/src/test/java/org/apache/hadoop/gateway/deploy/DeploymentFactoryFuncTest.java
@@ -17,8 +17,11 @@
*/
package org.apache.hadoop.gateway.deploy;
+import org.apache.hadoop.gateway.GatewayTestConfig;
import org.apache.hadoop.gateway.config.GatewayConfig;
import org.apache.hadoop.gateway.config.impl.GatewayConfigImpl;
+import org.apache.hadoop.gateway.services.DefaultGatewayServices;
+import org.apache.hadoop.gateway.services.ServiceLifecycleException;
import org.apache.hadoop.gateway.topology.Provider;
import org.apache.hadoop.gateway.topology.ProviderParam;
import org.apache.hadoop.gateway.topology.Service;
@@ -32,9 +35,14 @@ import org.xml.sax.SAXException;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
+
+import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.core.IsEqual.equalTo;
@@ -44,7 +52,28 @@ public class DeploymentFactoryFuncTest {
@Test
public void testSimpleTopology() throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
- GatewayConfig config = new GatewayConfigImpl();
+ GatewayConfig config = new GatewayTestConfig();
+ File targetDir = new File( System.getProperty( "user.dir" ), "target" );
+ File gatewayDir = new File( targetDir, "gateway-home-" + UUID.randomUUID() );
+ gatewayDir.mkdirs();
+// File deployDir = new File( gatewayDir, config.getDeploymentDir() );
+ File deployDir = new File( gatewayDir, "clusters" );
+ deployDir.mkdirs();
+
+ ((GatewayTestConfig) config).setGatewayHomeDir( gatewayDir.getAbsolutePath() );
+ ((GatewayTestConfig) config).setDeploymentDir( "clusters" );
+
+ DefaultGatewayServices srvcs = new DefaultGatewayServices();
+ Map<String,String> options = new HashMap<String,String>();
+ options.put("persist-master", "false");
+ options.put("master", "password");
+ try {
+ DeploymentFactory.setGatewayServices(srvcs);
+ srvcs.init(config, options);
+ } catch (ServiceLifecycleException e) {
+ e.printStackTrace(); // I18N not required.
+ }
+
Topology topology = new Topology();
topology.setName( "test-cluster" );
Service service = new Service();
@@ -70,7 +99,6 @@ public class DeploymentFactoryFuncTest {
authorizer.setEnabled( true );
topology.addProvider( authorizer );
- DeploymentFactory.setGatewayServices( null );
WebArchive war = DeploymentFactory.createDeployment( config, topology );
//File dir = new File( System.getProperty( "user.dir" ) );
//File file = war.as( ExplodedExporter.class ).exportExploded( dir, "test-cluster.war" );