You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@uima.apache.org by bu...@apache.org on 2015/12/22 23:28:28 UTC
svn commit: r1721467 - in /uima/sandbox/uima-ducc/trunk: src/main/resources/
uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/
uima-ducc-common/src/main/java/org/apache/uima/ducc/common/component/
uima-ducc-common/src/main/java/org/apache/uima/ducc...
Author: burn
Date: Tue Dec 22 22:28:27 2015
New Revision: 1721467
URL: http://svn.apache.org/viewvc?rev=1721467&view=rev
Log:
UIMA-4705 Support simulated users (test-mode) with the special security home by moving the
test-mode check and dirHome determination inside Crypto and simplifying some methods.
Modified:
uima/sandbox/uima-ducc/trunk/src/main/resources/default.ducc.properties
uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/CliBase.java
uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/component/AbstractDuccComponent.java
uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/crypto/Crypto.java
uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/main/DuccAdmin.java
uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/main/DuccRmAdmin.java
uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/test/java/org/apache/uima/ducc/common/test/CryptoTest.java
uima/sandbox/uima-ducc/trunk/uima-ducc-orchestrator/src/main/java/org/apache/uima/ducc/orchestrator/OrchestratorComponent.java
uima/sandbox/uima-ducc/trunk/uima-ducc-sm/src/main/java/org/apache/uima/ducc/sm/ServiceManagerComponent.java
Modified: uima/sandbox/uima-ducc/trunk/src/main/resources/default.ducc.properties
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/src/main/resources/default.ducc.properties?rev=1721467&r1=1721466&r2=1721467&view=diff
==============================================================================
--- uima/sandbox/uima-ducc/trunk/src/main/resources/default.ducc.properties (original)
+++ uima/sandbox/uima-ducc/trunk/src/main/resources/default.ducc.properties Tue Dec 22 22:28:27 2015
@@ -51,6 +51,10 @@ ducc.cluster.name=Apache UIMA-DUCC
# Specify location of private resources directory. UIMA-3892
ducc.private.resources = ${DUCC_HOME}/resources.private
+# Location of security home directory. When non-empty the userid is appended and it replaces the
+# default of <user.home> as the location of the keys used in request validation.
+ducc.security.home =
+
# Name any site-local jars
#ducc.local.jars =
Modified: uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/CliBase.java
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/CliBase.java?rev=1721467&r1=1721466&r2=1721467&view=diff
==============================================================================
--- uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/CliBase.java (original)
+++ uima/sandbox/uima-ducc/trunk/uima-ducc-cli/src/main/java/org/apache/uima/ducc/cli/CliBase.java Tue Dec 22 22:28:27 2015
@@ -198,8 +198,8 @@ public abstract class CliBase
if(property != null) {
String signatureRequiredProperty = property.trim().toLowerCase();
if(signatureRequiredProperty.equals("on")) {
- Crypto crypto = new Crypto(user,System.getProperty("user.home"));
- byte[] cypheredMessage = crypto.encrypt(user);
+ Crypto crypto = new Crypto(user, true);
+ byte[] cypheredMessage = crypto.getSignature();
cli_props.put(UiOption.Signature.pname(), cypheredMessage);
}
}
Modified: uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/component/AbstractDuccComponent.java
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/component/AbstractDuccComponent.java?rev=1721467&r1=1721466&r2=1721467&view=diff
==============================================================================
--- uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/component/AbstractDuccComponent.java (original)
+++ uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/component/AbstractDuccComponent.java Tue Dec 22 22:28:27 2015
@@ -43,13 +43,11 @@ import org.apache.camel.builder.RouteBui
import org.apache.uima.ducc.common.admin.event.DuccAdminEvent;
import org.apache.uima.ducc.common.admin.event.DuccAdminEventKill;
import org.apache.uima.ducc.common.crypto.Crypto;
-import org.apache.uima.ducc.common.crypto.Crypto.AccessType;
import org.apache.uima.ducc.common.exception.DuccComponentInitializationException;
import org.apache.uima.ducc.common.exception.DuccConfigurationException;
import org.apache.uima.ducc.common.main.DuccService;
import org.apache.uima.ducc.common.utils.DuccLogger;
import org.apache.uima.ducc.common.utils.DuccProperties;
-import org.apache.uima.ducc.common.utils.LinuxUtils;
import org.apache.uima.ducc.common.utils.Utils;
/**
@@ -268,16 +266,10 @@ public abstract class AbstractDuccCompon
byte[] auth_block= event.getAuthBlock();
try {
- String userHome = null;
- userHome = LinuxUtils.getUserHome(user);
-
- Crypto crypto = new Crypto(user, userHome,AccessType.READER);
- String signature = (String)crypto.decrypt(auth_block);
-
- if ( ! user.equals(signature )) {
+ Crypto crypto = new Crypto(user);
+ if (!crypto.isValid(auth_block)) {
return false;
}
-
} catch ( Throwable t ) {
logger.error(methodName, null, "Crypto failure:", t.toString());
return false;
Modified: uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/crypto/Crypto.java
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/crypto/Crypto.java?rev=1721467&r1=1721466&r2=1721467&view=diff
==============================================================================
--- uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/crypto/Crypto.java (original)
+++ uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/crypto/Crypto.java Tue Dec 22 22:28:27 2015
@@ -26,11 +26,16 @@ import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
+import java.io.IOException;
import java.io.ObjectInput;
import java.io.ObjectInputStream;
import java.io.ObjectOutput;
import java.io.ObjectOutputStream;
import java.math.BigInteger;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.attribute.PosixFilePermission;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
@@ -40,25 +45,21 @@ import java.security.PublicKey;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
+import java.util.Set;
import javax.crypto.Cipher;
-import org.apache.uima.ducc.common.RuntimeStreamsConsumer;
import org.apache.uima.ducc.common.utils.AlienFile;
import org.apache.uima.ducc.common.utils.DuccPropertiesResolver;
+import org.apache.uima.ducc.common.utils.LinuxUtils;
public class Crypto implements ICrypto {
private boolean traditional = false;
private String dirDotDucc = ".ducc";
- private String dirDotDuccPermissions = "0755";
- private String pubFilePermissions = "0755";
- private String pvtFilePermissions = "0700";
- private String securityHome = null;
-
- private String user;
+ private String user; // Owner of the request - the simulated requester when in test-mode
private String dirUserKeys;
private String filePvt;
private String filePub;
@@ -68,54 +69,71 @@ public class Crypto implements ICrypto {
private Cipher cipher;
- public enum AccessType {
- READER,
- WRITER,
- }
-
- public Crypto(String user, String dirHome) throws CryptoException {
- init(user,dirHome,dirDotDucc,AccessType.WRITER);
- }
-
- public Crypto(String user, String dirHome, AccessType accessType) throws CryptoException {
- init(user,dirHome,dirDotDucc,accessType);
- }
-
- public Crypto(String user, String dirHome, String dirSub) throws CryptoException {
- init(user,dirHome,dirSub,AccessType.WRITER);
- }
-
- public Crypto(String user, String dirHome, String dirSub, AccessType accessType) throws CryptoException {
- init(user,dirHome,dirSub,accessType);
- }
-
- private void resolveSecurityHome(String tgtUser, String dirHome) {
- securityHome = dirHome;
- String ducc_security_home = DuccPropertiesResolver.get(DuccPropertiesResolver.ducc_security_home);
- if(ducc_security_home != null) {
- StringBuffer sb = new StringBuffer();
- sb.append(ducc_security_home);
- if(!ducc_security_home.endsWith(File.separator)) {
- sb.append(File.separator);
- }
- sb.append(tgtUser);
- securityHome = sb.toString();
- }
- }
-
- private void init(String tgtUser, String dirHome, String dirSub, AccessType accessType) throws CryptoException {
- resolveSecurityHome(tgtUser, dirHome);
- user = tgtUser;
- dirUserKeys = securityHome+File.separator+dirSub;
+ /**
+ * Constructor for requesters
+ * - getSignature returns the the encrypted userid
+ *
+ * @param user - user making the request
+ * @param create - if true create the public & private keys if missing
+ * @throws CryptoException
+ */
+ public Crypto(String user, boolean create) throws CryptoException {
+ init(user, create);
+ }
+
+ /**
+ * Constructor for validators
+ * - use isValid to check that the decrypted signature matches the provided user id
+ *
+ * @param user - user claiming to make the request
+ * @throws CryptoException
+ */
+ public Crypto(String user) throws CryptoException {
+ init(user, false);
+ }
+
+ private void init(String user, boolean createRequest) throws CryptoException {
+
+ this.user = user;
+
+ // Check if in test mode with simulated users
+ String runmode = DuccPropertiesResolver.get(DuccPropertiesResolver.ducc_runmode);
+ boolean testMode = runmode != null && runmode.equals("Test");
+
+ // Get special security home directory if specified
+ // In test-mode (single-user) must use the current userid as the simulated user doesn't have a home
+ String dirHome = null;
+ String ducc_security_home = DuccPropertiesResolver.get(DuccPropertiesResolver.ducc_security_home);
+ if (ducc_security_home != null && !ducc_security_home.isEmpty()) {
+ String realUser = testMode ? System.getProperty("user.name") : user;
+ dirHome = ducc_security_home + File.separator + realUser;
+ }
+
+ if (createRequest) {
+ // Use the real user home if the special one not specified
+ if (dirHome == null) {
+ dirHome = System.getProperty("user.home");
+ }
+
+ } else {
+ // When validating a request ....
+ // If using the regular home directory get it from the shell as may not start with "/home"
+ // In test-mode will always run as the user that started DUCC so use that $HOME
+ if (dirHome == null) {
+ if (testMode) {
+ dirHome = System.getProperty("user.home");
+ } else {
+ dirHome = LinuxUtils.getUserHome(user);
+ }
+ }
+ }
+
+ dirUserKeys = dirHome+File.separator+dirDotDucc;
filePub = dirUserKeys+File.separator+"public.key";
filePvt = dirUserKeys+File.separator+"private.key";
- switch(accessType) {
- case READER:
- break;
- case WRITER:
+ if (createRequest) {
createKeys();
checkKeys();
- break;
}
try {
cipher = Cipher.getInstance(keyType);
@@ -125,31 +143,20 @@ public class Crypto implements ICrypto {
}
}
- public String getPublic() {
- return filePub;
- }
-
- public String getPrivate() {
- return filePvt;
- }
-
+ // Check if either file missing (should check that are normal files?)
private boolean isMissingKeys() {
- boolean retVal = false;
- try {
- checkFile(filePub);
- checkFile(filePvt);
- }
- catch(Exception e) {
- retVal = true;
- }
- return retVal;
+ if ((new File(filePvt)).exists() && (new File(filePub)).exists() ) {
+ return false;
+ } else {
+ return true;
+ }
}
private void createKeys() throws CryptoException {
try {
synchronized(Crypto.class) {
if(isMissingKeys()) {
- mkdir(dirUserKeys, dirDotDuccPermissions);
+ mkdir(dirUserKeys);
KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyType);
kpg.initialize(keySize);
KeyPair kp = kpg.genKeyPair();
@@ -164,8 +171,8 @@ public class Crypto implements ICrypto {
pvt = keyFactory.getKeySpec(kp.getPrivate(), RSAPrivateCrtKeySpec.class);
}
// </IBM JDK does not seem to support RSAPrivateKeySpec.class>
- putKeyToFile(filePub, pub.getModulus(), pub.getPublicExponent(),pubFilePermissions);
- putKeyToFile(filePvt, pvt.getModulus(), pvt.getPrivateExponent(),pvtFilePermissions);
+ putKeyToFile(filePub, pub.getModulus(), pub.getPublicExponent(), false);
+ putKeyToFile(filePvt, pvt.getModulus(), pvt.getPrivateExponent(), true);
}
}
}
@@ -177,77 +184,64 @@ public class Crypto implements ICrypto {
}
}
- private void checkDir(String fileName) throws CryptoException {
- File file = new File(fileName);
- if(!file.exists()) {
- throw new CryptoException("Directory does not exist: "+fileName);
- }
- }
+ private void checkKeys() throws CryptoException {
+ Path file = Paths.get(filePub);
+ if (!Files.exists(file)) {
+ throw new CryptoException("File does not exist: " + filePub);
+ }
+ file = Paths.get(filePvt);
+ if (!Files.exists(file)) {
+ throw new CryptoException("File does not exist: " + filePvt);
+ }
+ // Check that the private key file is readable only by the owner
+ try {
+ // Should be just owner-read
+ Set<PosixFilePermission> attrs = Files.getPosixFilePermissions(file);
+ if (attrs.size() == 1 && attrs.contains(PosixFilePermission.OWNER_READ)) {
+ return;
+ }
+ System.out.println("Correcting permissions for the private key");
+ setPermissions(filePvt, true, false);
+ attrs = Files.getPosixFilePermissions(file);
+ if (attrs.size() == 1 && attrs.contains(PosixFilePermission.OWNER_READ)) {
+ return;
+ }
+ throw new CryptoException("Unable to correct the invalid permissions for private key file " + filePvt);
+ } catch (IOException e) {
+ throw new CryptoException(e);
+ }
+ }
+
+ private void setPermissions(String fileName, boolean pvt, boolean dir) throws CryptoException {
+ // Since umask may be anything, turn off r/w access for everybody,
+ // make readable by all or just owner,
+ // if a directory make executable by all and writable by owner
+ File f = new File(fileName);
+ f.setReadable(false, false);
+ f.setWritable(false, false);
+ f.setReadable(true, pvt);
+ f.setWritable(dir, true);
+ f.setExecutable(dir, false);
+ }
- private void checkFile(String fileName) throws CryptoException {
- File file = new File(fileName);
- if(!file.exists()) {
- throw new CryptoException("File does not exist: "+fileName);
- }
- }
-
- private void checkKeys() throws CryptoException {
- checkDir(dirUserKeys);
- checkFile(filePvt);
- checkFile(filePub);
- }
-
- private void exec(String cmd) throws CryptoException {
- try {
- Process process;
- process = Runtime.getRuntime().exec(cmd);
- RuntimeStreamsConsumer errConsumer = new RuntimeStreamsConsumer(process.getErrorStream(), System.err);
- RuntimeStreamsConsumer outConsumer = new RuntimeStreamsConsumer(process.getErrorStream(), System.out);
- errConsumer.start();
- outConsumer.start();
- process.waitFor();
- errConsumer.join();
- outConsumer.join();
- }
- catch(Exception e) {
- throw new CryptoException(e);
- }
- }
-
- private void chmod(String fileName, String permissions) throws CryptoException {
- String osName = System.getProperty("os.name");
- if (osName.startsWith("Windows")) {
- // Windows is not supported for running
- // For building, some tests run through this code,
- // so we bypass doing the chmod on Windows environments
- return;
- }
- try {
- exec("chmod "+permissions+" "+fileName);
- }
- catch(Exception e) {
- throw new CryptoException(e);
- }
- }
-
- private void mkdir(String dir, String permissions) throws CryptoException {
+ private void mkdir(String dir) throws CryptoException {
try {
File file = new File(dir);
file.mkdirs();
- chmod(dirUserKeys, permissions);
+ setPermissions(dirUserKeys, false, true);
}
catch(Exception e) {
throw new CryptoException(e);
}
}
- private void putKeyToFile(String fileName, BigInteger mod, BigInteger exp, String permissions) throws CryptoException {
+ private void putKeyToFile(String fileName, BigInteger mod, BigInteger exp, boolean pvt) throws CryptoException {
try {
ObjectOutputStream oos = new ObjectOutputStream(new BufferedOutputStream(new FileOutputStream(fileName)));
try {
oos.writeObject(mod);
oos.writeObject(exp);
- chmod(fileName, permissions);
+ setPermissions(fileName, pvt, false);
}
finally {
oos.close();
@@ -258,14 +252,7 @@ public class Crypto implements ICrypto {
}
}
- public boolean isReadablePrivate() {
- boolean readable = false;
- File file = new File(filePvt);
- readable = file.canRead();
- return readable;
- }
-
- public boolean isReadablePublic() {
+ private boolean isReadablePublic() {
boolean readable = false;
File file = new File(filePub);
readable = file.canRead();
@@ -394,7 +381,15 @@ public class Crypto implements ICrypto {
}
}
-
+ public byte[] getSignature() throws CryptoException {
+ return encrypt(user);
+ }
+
+ public boolean isValid(byte[] signature) throws CryptoException {
+ String s = (String) decrypt(signature);
+ return user.equals(s);
+ }
+
public Object decrypt(byte[] byteArray) throws CryptoException {
try {
Key key = getPubicKeyFromFile();
@@ -406,4 +401,11 @@ public class Crypto implements ICrypto {
}
}
+ public static void main(String[] args) throws CryptoException {
+ String user = args.length > 1 ? args[1] : System.getProperty("user.name");
+ Crypto cr = new Crypto(user, true);
+ byte[] sig = cr.getSignature();
+ System.out.println("Valid signature: " + cr.isValid(sig));
+ }
+
}
Modified: uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/main/DuccAdmin.java
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/main/DuccAdmin.java?rev=1721467&r1=1721466&r2=1721467&view=diff
==============================================================================
--- uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/main/DuccAdmin.java (original)
+++ uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/main/DuccAdmin.java Tue Dec 22 22:28:27 2015
@@ -213,23 +213,22 @@ public class DuccAdmin extends AbstractD
* @throws Exception
*/
private void killAll() throws Exception {
- // send kill event to all Ducc components via Ducc Admin Channel. This
- // call is
- // non-blocking
- String user = System.getProperty("user.name");
- Crypto crypto = new Crypto(user,System.getProperty("user.home"));
- byte[] cypheredMessage = crypto.encrypt(user);
+ // send kill event to all Ducc components via Ducc Admin Channel.
+ // This call is non-blocking
+ String user = System.getProperty("user.name");
+ Crypto crypto = new Crypto(user, true);
+ byte[] cypheredMessage = crypto.getSignature();
dispatch(serializeAdminEvent(new DuccAdminEventKill(user, cypheredMessage)));
System.out.println("DuccAdmin sent Kill to all Ducc processes ...");
}
private void quiesceAgents(String nodes) throws Exception {
- String user = System.getProperty("user.name");
- Crypto crypto = new Crypto(user,System.getProperty("user.home"));
- byte[] cypheredMessage = crypto.encrypt(user);
+ String user = System.getProperty("user.name");
+ Crypto crypto = new Crypto(user, true);
+ byte[] cypheredMessage = crypto.getSignature();
- dispatch(serializeAdminEvent(new DuccAdminEventStopMetrics(nodes, user, cypheredMessage)));
+ dispatch(serializeAdminEvent(new DuccAdminEventStopMetrics(nodes, user, cypheredMessage)));
System.out.println("DuccAdmin sent Quiesce request to Ducc Agents ...");
}
/**
Modified: uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/main/DuccRmAdmin.java
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/main/DuccRmAdmin.java?rev=1721467&r1=1721466&r2=1721467&view=diff
==============================================================================
--- uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/main/DuccRmAdmin.java (original)
+++ uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/main/java/org/apache/uima/ducc/common/main/DuccRmAdmin.java Tue Dec 22 22:28:27 2015
@@ -317,11 +317,11 @@ public class DuccRmAdmin
public int run(String[] args)
throws Exception
{
-
+ // Construct the signature for the request
user = System.getProperty("user.name");
- Crypto crypto = new Crypto(user,System.getProperty("user.home"));
- cypheredMessage = crypto.encrypt(user);
-
+ Crypto crypto = new Crypto(user, true);
+ cypheredMessage = crypto.getSignature();
+
if ( args[0].equals("--varyoff")) {
if ( args.length < 2 ) usage("Missing node list");
RmAdminVaryReply reply = varyoff(args);
Modified: uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/test/java/org/apache/uima/ducc/common/test/CryptoTest.java
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/test/java/org/apache/uima/ducc/common/test/CryptoTest.java?rev=1721467&r1=1721466&r2=1721467&view=diff
==============================================================================
--- uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/test/java/org/apache/uima/ducc/common/test/CryptoTest.java (original)
+++ uima/sandbox/uima-ducc/trunk/uima-ducc-common/src/test/java/org/apache/uima/ducc/common/test/CryptoTest.java Tue Dec 22 22:28:27 2015
@@ -52,7 +52,7 @@ public class CryptoTest {
try {
String user = System.getProperty("user.name");
String home = System.getProperty("user.home");
- Crypto crypto = new Crypto(user,home);
+ Crypto crypto = new Crypto(user, true);
String message = "Hello DUCC!";
byte[] cypheredMessage = crypto.encrypt(message);
Properties properties = new Properties();
Modified: uima/sandbox/uima-ducc/trunk/uima-ducc-orchestrator/src/main/java/org/apache/uima/ducc/orchestrator/OrchestratorComponent.java
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-orchestrator/src/main/java/org/apache/uima/ducc/orchestrator/OrchestratorComponent.java?rev=1721467&r1=1721466&r2=1721467&view=diff
==============================================================================
--- uima/sandbox/uima-ducc/trunk/uima-ducc-orchestrator/src/main/java/org/apache/uima/ducc/orchestrator/OrchestratorComponent.java (original)
+++ uima/sandbox/uima-ducc/trunk/uima-ducc-orchestrator/src/main/java/org/apache/uima/ducc/orchestrator/OrchestratorComponent.java Tue Dec 22 22:28:27 2015
@@ -30,15 +30,12 @@ import org.apache.uima.ducc.common.boot.
import org.apache.uima.ducc.common.component.AbstractDuccComponent;
import org.apache.uima.ducc.common.config.CommonConfiguration;
import org.apache.uima.ducc.common.crypto.Crypto;
-import org.apache.uima.ducc.common.crypto.Crypto.AccessType;
import org.apache.uima.ducc.common.crypto.CryptoException;
import org.apache.uima.ducc.common.internationalization.Messages;
import org.apache.uima.ducc.common.main.DuccService;
import org.apache.uima.ducc.common.system.SystemState;
import org.apache.uima.ducc.common.utils.DuccLogger;
import org.apache.uima.ducc.common.utils.DuccLoggerComponents;
-import org.apache.uima.ducc.common.utils.DuccPropertiesResolver;
-import org.apache.uima.ducc.common.utils.LinuxUtils;
import org.apache.uima.ducc.common.utils.TimeStamp;
import org.apache.uima.ducc.common.utils.id.DuccId;
import org.apache.uima.ducc.orchestrator.OrchestratorConstants.StartType;
@@ -477,26 +474,11 @@ implements Orchestrator {
boolean retVal = true;
try {
if(orchestratorCommonArea.isSignatureRequired()) {
- retVal = false;
- String user = properties.getProperty(SpecificationProperties.key_user);
- String userHome = LinuxUtils.getUserHome(user);
- String runmode = DuccPropertiesResolver.getInstance().getProperty(DuccPropertiesResolver.ducc_runmode);
- if(runmode != null) {
- if(runmode.equals("Test")) {
- userHome = System.getProperty("user.home");
- }
- }
- Crypto crypto = new Crypto(user,userHome,AccessType.READER);
- logger.debug(methodName, null, "readable:"+crypto.isReadablePublic()+" "+"public:"+crypto.getPublic());
- String signature = (String)crypto.decrypt((byte[])properties.get(SpecificationProperties.key_signature));
- if(user.equals(signature)) {
- logger.debug(methodName, null, "user:"+user+" signature:"+signature+" valid:y");
- retVal = true;
- }
- else {
- logger.debug(methodName, null, "user:"+user+" signature:"+signature+" valid:n");
- //retVal = false;
- }
+ // Check that the signature is valid
+ String user = properties.getProperty(SpecificationProperties.key_user);
+ byte[] signature = (byte[]) properties.get(SpecificationProperties.key_signature);
+ Crypto crypto = new Crypto(user);
+ retVal = crypto.isValid(signature);
}
}
catch(Throwable t) {
Modified: uima/sandbox/uima-ducc/trunk/uima-ducc-sm/src/main/java/org/apache/uima/ducc/sm/ServiceManagerComponent.java
URL: http://svn.apache.org/viewvc/uima/sandbox/uima-ducc/trunk/uima-ducc-sm/src/main/java/org/apache/uima/ducc/sm/ServiceManagerComponent.java?rev=1721467&r1=1721466&r2=1721467&view=diff
==============================================================================
--- uima/sandbox/uima-ducc/trunk/uima-ducc-sm/src/main/java/org/apache/uima/ducc/sm/ServiceManagerComponent.java (original)
+++ uima/sandbox/uima-ducc/trunk/uima-ducc-sm/src/main/java/org/apache/uima/ducc/sm/ServiceManagerComponent.java Tue Dec 22 22:28:27 2015
@@ -35,7 +35,6 @@ import org.apache.uima.ducc.common.boot.
import org.apache.uima.ducc.common.boot.DuccDaemonRuntimeProperties.DaemonName;
import org.apache.uima.ducc.common.component.AbstractDuccComponent;
import org.apache.uima.ducc.common.crypto.Crypto;
-import org.apache.uima.ducc.common.crypto.Crypto.AccessType;
import org.apache.uima.ducc.common.main.DuccService;
import org.apache.uima.ducc.common.persistence.services.IStateServices;
import org.apache.uima.ducc.common.persistence.services.IStateServices.SvcMetaProps;
@@ -47,7 +46,6 @@ import org.apache.uima.ducc.common.utils
import org.apache.uima.ducc.common.utils.DuccCollectionUtils.DuccMapValueDifference;
import org.apache.uima.ducc.common.utils.DuccLogger;
import org.apache.uima.ducc.common.utils.DuccProperties;
-import org.apache.uima.ducc.common.utils.LinuxUtils;
import org.apache.uima.ducc.common.utils.MissingPropertyException;
import org.apache.uima.ducc.common.utils.SystemPropertyResolver;
import org.apache.uima.ducc.common.utils.Version;
@@ -736,21 +734,12 @@ public class ServiceManagerComponent
return System.getProperty("DUCC_HOME") + "/history/services-registry/";
}
- private boolean check_signature(String user, byte[] auth_block)
+ private boolean check_signature(String user, byte[] auth_block)
throws Throwable
{
- String userHome = null;
- if ( testmode ) {
- userHome = System.getProperty("user.home");
- } else {
- userHome = LinuxUtils.getUserHome(user);
- }
-
- Crypto crypto = new Crypto(user, userHome,AccessType.READER);
- String signature = (String)crypto.decrypt(auth_block);
-
- return user.equals(signature);
- }
+ Crypto crypto = new Crypto(user);
+ return crypto.isValid(auth_block);
+ }
private boolean validate_user(String action, AServiceRequest req)
{