You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2016/03/08 18:44:38 UTC
ambari git commit: AMBARI-15316. Kerberos: Provide SHA256 or SHA512
options for template principal digest (rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk be7bafec2 -> 1986078f7
AMBARI-15316. Kerberos: Provide SHA256 or SHA512 options for template principal digest (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/1986078f
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/1986078f
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/1986078f
Branch: refs/heads/trunk
Commit: 1986078f78e545eefc64f5315304ccebbb6dbae8
Parents: be7bafe
Author: Robert Levas <rl...@hortonworks.com>
Authored: Tue Mar 8 12:44:24 2016 -0500
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Tue Mar 8 12:44:24 2016 -0500
----------------------------------------------------------------------
.../kerberos/ADKerberosOperationHandler.java | 2 +
.../ADKerberosOperationHandlerTest.java | 72 ++++++++++++++++++--
2 files changed, 70 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/1986078f/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
index a1e1544..deea158 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandler.java
@@ -269,6 +269,8 @@ public class ADKerberosOperationHandler extends KerberosOperationHandler {
context.put("is_service", service);
context.put("container_dn", this.principalContainerDn);
context.put("principal_digest", DigestUtils.sha1Hex(deconstructedPrincipal.getNormalizedPrincipal()));
+ context.put("principal_digest_256", DigestUtils.sha256Hex(deconstructedPrincipal.getNormalizedPrincipal()));
+ context.put("principal_digest_512", DigestUtils.sha512Hex(deconstructedPrincipal.getNormalizedPrincipal()));
Map<String, Object> data = processCreateTemplate(context);
http://git-wip-us.apache.org/repos/asf/ambari/blob/1986078f/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
index 0622807..52cd372 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java
@@ -200,6 +200,7 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
.andAnswer(new IAnswer<NamingEnumeration<SearchResult>>() {
@Override
public NamingEnumeration<SearchResult> answer() throws Throwable {
+ @SuppressWarnings("unchecked")
NamingEnumeration<SearchResult> result = createNiceMock(NamingEnumeration.class);
expect(result.hasMore()).andReturn(false).once();
replay(result);
@@ -238,14 +239,15 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
}
};
- Capture<Name> capturedName = new Capture<Name>(CaptureType.ALL);
- Capture<Attributes> capturedAttributes = new Capture<Attributes>(CaptureType.ALL);
+ Capture<Name> capturedName = newCapture(CaptureType.ALL);
+ Capture<Attributes> capturedAttributes = newCapture(CaptureType.ALL);
ADKerberosOperationHandler handler = createMockBuilder(ADKerberosOperationHandler.class)
.addMockedMethod(ADKerberosOperationHandler.class.getDeclaredMethod("createInitialLdapContext", Properties.class, Control[].class))
.addMockedMethod(ADKerberosOperationHandler.class.getDeclaredMethod("createSearchControls"))
.createNiceMock();
+ @SuppressWarnings("unchecked")
NamingEnumeration<SearchResult> searchResult = createNiceMock(NamingEnumeration.class);
expect(searchResult.hasMore()).andReturn(false).once();
@@ -366,14 +368,15 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
}
};
- Capture<Name> capturedName = new Capture<Name>();
- Capture<Attributes> capturedAttributes = new Capture<Attributes>();
+ Capture<Name> capturedName = newCapture();
+ Capture<Attributes> capturedAttributes = newCapture();
ADKerberosOperationHandler handler = createMockBuilder(ADKerberosOperationHandler.class)
.addMockedMethod(ADKerberosOperationHandler.class.getDeclaredMethod("createInitialLdapContext", Properties.class, Control[].class))
.addMockedMethod(ADKerberosOperationHandler.class.getDeclaredMethod("createSearchControls"))
.createNiceMock();
+ @SuppressWarnings("unchecked")
NamingEnumeration<SearchResult> searchResult = createNiceMock(NamingEnumeration.class);
expect(searchResult.hasMore()).andReturn(false).once();
@@ -438,7 +441,68 @@ public class ADKerberosOperationHandlerTest extends KerberosOperationHandlerTest
Assert.assertNotNull(attributes.get("userAccountControl"));
Assert.assertEquals("66048", attributes.get("userAccountControl").get());
+ }
+
+ @Test
+ public void testDigests() throws Exception {
+ PrincipalKeyCredential kc = new PrincipalKeyCredential(DEFAULT_ADMIN_PRINCIPAL, DEFAULT_ADMIN_PASSWORD);
+ Map<String, String> kerberosEnvMap = new HashMap<String, String>();
+ kerberosEnvMap.put(ADKerberosOperationHandler.KERBEROS_ENV_LDAP_URL, DEFAULT_LDAP_URL);
+ kerberosEnvMap.put(ADKerberosOperationHandler.KERBEROS_ENV_PRINCIPAL_CONTAINER_DN, DEFAULT_PRINCIPAL_CONTAINER_DN);
+ kerberosEnvMap.put(ADKerberosOperationHandler.KERBEROS_ENV_AD_CREATE_ATTRIBUTES_TEMPLATE, "" +
+ "{" +
+ "\"principal_digest\": \"$principal_digest\"," +
+ "\"principal_digest_256\": \"$principal_digest_256\"," +
+ "\"principal_digest_512\": \"$principal_digest_512\"" +
+ "}"
+ );
+
+ Capture<Attributes> capturedAttributes = newCapture();
+
+ ADKerberosOperationHandler handler = createMockBuilder(ADKerberosOperationHandler.class)
+ .addMockedMethod(ADKerberosOperationHandler.class.getDeclaredMethod("createInitialLdapContext", Properties.class, Control[].class))
+ .addMockedMethod(ADKerberosOperationHandler.class.getDeclaredMethod("createSearchControls"))
+ .createNiceMock();
+
+ @SuppressWarnings("unchecked")
+ NamingEnumeration<SearchResult> searchResult = createNiceMock(NamingEnumeration.class);
+ expect(searchResult.hasMore()).andReturn(false).once();
+
+ LdapContext ldapContext = createNiceMock(LdapContext.class);
+ expect(ldapContext.search(anyObject(String.class), anyObject(String.class), anyObject(SearchControls.class)))
+ .andReturn(searchResult)
+ .once();
+
+ expect(ldapContext.createSubcontext(anyObject(Name.class), capture(capturedAttributes)))
+ .andReturn(createNiceMock(DirContext.class))
+ .once();
+
+ expect(handler.createInitialLdapContext(anyObject(Properties.class), anyObject(Control[].class)))
+ .andReturn(ldapContext)
+ .once();
+
+ expect(handler.createSearchControls()).andAnswer(new IAnswer<SearchControls>() {
+ @Override
+ public SearchControls answer() throws Throwable {
+ SearchControls searchControls = createNiceMock(SearchControls.class);
+ replay(searchControls);
+ return searchControls;
+ }
+ }).once();
+
+ replayAll();
+
+ handler.open(kc, DEFAULT_REALM, kerberosEnvMap);
+ handler.createPrincipal("nn/c6501.ambari.apache.org", "secret", true);
+ handler.close();
+
+ Attributes attributes = capturedAttributes.getValue();
+
+ Assert.assertNotNull(attributes);
+ Assert.assertEquals("995e1580db28198e7fda1417ab5d894c877937d2", attributes.get("principal_digest").get());
+ Assert.assertEquals("b65bc066d11ac8b1beb31dc84035d9c204736f823decf8dfedda05a30e4ae410", attributes.get("principal_digest_256").get());
+ Assert.assertEquals("f48de28bc0467d764f5b04dbf04d35ff329a80277614be35eda0d0deed7f1c074cc5b0e0dc361130fdb078e09eb0ca545b9c653388192508ef382af89bd3a80c", attributes.get("principal_digest_512").get());
}
/**