You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@slider.apache.org by go...@apache.org on 2017/09/12 21:17:06 UTC
incubator-slider git commit: SLIDER-1248 Insecure random number
generator
Repository: incubator-slider
Updated Branches:
refs/heads/develop 7992f422b -> 5696c7de3
SLIDER-1248 Insecure random number generator
Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/5696c7de
Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/5696c7de
Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/5696c7de
Branch: refs/heads/develop
Commit: 5696c7de39cadfdc70b4d7fe574f2b42987c61c8
Parents: 7992f42
Author: Gour Saha <go...@apache.org>
Authored: Tue Sep 12 14:16:40 2017 -0700
Committer: Gour Saha <go...@apache.org>
Committed: Tue Sep 12 14:16:40 2017 -0700
----------------------------------------------------------------------
.../apache/slider/core/conf/AggregateConf.java | 11 +++--
.../server/services/security/SecurityUtils.java | 45 ++++++++++++++------
.../services/security/TestSecurityUtils.java | 41 ++++++++++++++++++
3 files changed, 79 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/5696c7de/slider-core/src/main/java/org/apache/slider/core/conf/AggregateConf.java
----------------------------------------------------------------------
diff --git a/slider-core/src/main/java/org/apache/slider/core/conf/AggregateConf.java b/slider-core/src/main/java/org/apache/slider/core/conf/AggregateConf.java
index 18c3156..d65d820 100644
--- a/slider-core/src/main/java/org/apache/slider/core/conf/AggregateConf.java
+++ b/slider-core/src/main/java/org/apache/slider/core/conf/AggregateConf.java
@@ -18,16 +18,16 @@
package org.apache.slider.core.conf;
-import org.apache.commons.lang.RandomStringUtils;
+import java.io.IOException;
+
import org.apache.commons.lang.StringUtils;
import org.apache.slider.common.SliderKeys;
import org.apache.slider.core.exceptions.BadConfigException;
+import org.apache.slider.server.services.security.SecurityUtils;
import org.codehaus.jackson.annotate.JsonIgnore;
import org.codehaus.jackson.annotate.JsonIgnoreProperties;
import org.codehaus.jackson.map.annotate.JsonSerialize;
-import java.io.IOException;
-
/**
* Aggregate Configuration.
*
@@ -162,10 +162,9 @@ public final class AggregateConf {
@JsonIgnore
public String getPassphrase() {
if (passphrase == null) {
- passphrase = RandomStringUtils.randomAlphanumeric(
- Integer.valueOf(SliderKeys.PASS_LEN));
+ passphrase = SecurityUtils
+ .randomAlphanumeric(Integer.valueOf(SliderKeys.PASS_LEN));
}
-
return passphrase;
}
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/5696c7de/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java b/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java
index 5fadb46..0c94156 100644
--- a/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java
+++ b/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java
@@ -16,8 +16,11 @@
*/
package org.apache.slider.server.services.security;
+import java.io.File;
+import java.io.IOException;
+import java.security.SecureRandom;
+
import org.apache.commons.io.FileUtils;
-import org.apache.commons.lang.RandomStringUtils;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.RawLocalFileSystem;
import org.apache.hadoop.fs.permission.FsAction;
@@ -28,15 +31,6 @@ import org.apache.slider.core.conf.MapOperations;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.io.File;
-import java.io.IOException;
-//import java.nio.file.Files;
-//import java.nio.file.Path;
-//import java.nio.file.Paths;
-//import java.nio.file.attribute.PosixFilePermission;
-//import java.nio.file.attribute.PosixFilePermissions;
-
-
/**
*
*/
@@ -82,10 +76,37 @@ public class SecurityUtils {
+ "basicConstraints = CA:true\n";
private static final String PASS_TOKEN = "pass:";
+ public static final String UPPER = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ public static final String LOWER = UPPER.toLowerCase();
+ public static final String DIGITS = "0123456789";
+ public static final String ALPHANUM = UPPER + LOWER + DIGITS;
+ public static final char[] ALPHANUM_ARRAY = ALPHANUM.toCharArray();
+
private static String keystorePass;
private static String securityDir;
private static boolean keystoreLocationSpecified;
+ /**
+ * Generate a string with alpha-numeric characters using a cryptographically
+ * secure PRNG.
+ *
+ * @param length
+ * the length of the requested string
+ * @throws NegativeArraySizeException
+ * if length is negative
+ * @return alpha-numeric string
+ */
+ public static String randomAlphanumeric(int length) {
+ StringBuilder buffer = new StringBuilder(length);
+ SecureRandom secureRandom = new SecureRandom();
+ for (int i = 0; i < length; i++) {
+ double number = secureRandom.nextDouble();
+ int b = ((int) (number * ALPHANUM_ARRAY.length));
+ buffer.append(ALPHANUM_ARRAY[b]);
+ }
+ return buffer.toString();
+ }
+
public static void logOpenSslExitCode(String command, int exitCode) {
if (exitCode == 0) {
LOG.info(getOpenSslCommandResult(command, exitCode));
@@ -209,8 +230,8 @@ public class SecurityUtils {
String password = null;
if (!passFile.exists()) {
LOG.info("Generating keystore password");
- password = RandomStringUtils.randomAlphanumeric(
- Integer.valueOf(SliderKeys.PASS_LEN));
+ password = SecurityUtils
+ .randomAlphanumeric(Integer.valueOf(SliderKeys.PASS_LEN));
if (persistPassword) {
try {
FileUtils.writeStringToFile(passFile, password);
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/5696c7de/slider-core/src/test/java/org/apache/slider/server/services/security/TestSecurityUtils.java
----------------------------------------------------------------------
diff --git a/slider-core/src/test/java/org/apache/slider/server/services/security/TestSecurityUtils.java b/slider-core/src/test/java/org/apache/slider/server/services/security/TestSecurityUtils.java
new file mode 100644
index 0000000..1bb9ad0
--- /dev/null
+++ b/slider-core/src/test/java/org/apache/slider/server/services/security/TestSecurityUtils.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.slider.server.services.security;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class TestSecurityUtils {
+
+ @Test
+ public void testRandomAlphanumeric() throws Exception {
+ int passLength = 50;
+ String password = SecurityUtils.randomAlphanumeric(passLength);
+ Assert.assertEquals(
+ "Returned string length does not match requested length", passLength,
+ password.length());
+
+ // 0 length
+ password = SecurityUtils.randomAlphanumeric(0);
+ Assert.assertTrue("Returned string should be empty", password.isEmpty());
+ }
+
+ @Test(expected = NegativeArraySizeException.class)
+ public void testRandomAlphanumericException() throws Exception {
+ SecurityUtils.randomAlphanumeric(-1);
+ }
+}