コード例 #1
0
  private void setupStandardMocks() throws Exception {
    Map<String, List<String>> externalGroups = new HashMap<>();
    externalGroups.put(
        EzSecurityConstant.EZ_INTERNAL_PROJECT,
        Lists.newArrayList(EzSecurityConstant.EZ_INTERNAL_ADMIN_GROUP));
    EzSecurityPrincipal principal = new EzSecurityPrincipal();
    principal.setPrincipal(POC).setName(POC);

    expect(
            mockPool.getClient(
                InternalNameServiceConstants.SERVICE_NAME, InternalNameService.Client.class))
        .andReturn(insClientMock)
        .anyTimes();
    expect(
            mockPool.getClient(
                EzSecurityRegistrationConstants.SERVICE_NAME, EzSecurityRegistration.Client.class))
        .andReturn(regClientMock)
        .anyTimes();

    expect(mockPool.getSecurityId(EzSecurityRegistrationConstants.SERVICE_NAME))
        .andReturn("")
        .anyTimes();
    expect(mockPool.getSecurityId(EzDeployServiceConstants.SERVICE_NAME)).andReturn("").anyTimes();

    expect(securityClientMock.fetchTokenForProxiedUser()).andReturn(ezTokenMock).anyTimes();
    expect(securityClientMock.fetchTokenForProxiedUser("")).andReturn(ezTokenMock).anyTimes();

    expect(insClientMock.getAppById("48454c4c4f-20-574f524c44", ezTokenMock))
        .andReturn(getApplication());

    expect(ezTokenMock.getExternalProjectGroups()).andReturn(externalGroups).anyTimes();
    expect(ezTokenMock.getTokenPrincipal()).andReturn(principal).anyTimes();
    mockPool.returnToPool(insClientMock);
    expectLastCall().anyTimes();
    mockPool.returnToPool(regClientMock);
    expectLastCall().anyTimes();
  }
コード例 #2
0
  public void run()
      throws TException, EzSecurityTokenException, UserNotFoundException, IOException,
          AppNotRegisteredException {
    Properties config;
    try {
      config =
          new EzConfiguration(new DirectoryConfigurationLoader(new File(this.config).toPath()))
              .getProperties();
    } catch (EzConfigurationLoaderException e) {
      try {
        config = new EzConfiguration(new ClasspathConfigurationLoader()).getProperties();
      } catch (EzConfigurationLoaderException e1) {
        throw new RuntimeException("Unable to load EzConfiguration");
      }
    }

    if (config.get(EzBakePropertyConstants.ZOOKEEPER_CONNECTION_STRING) == null) {
      config.setProperty(EzBakePropertyConstants.ZOOKEEPER_CONNECTION_STRING, this.zoo);
    }
    if (config.get(EzBakePropertyConstants.EZBAKE_CERTIFICATES_DIRECTORY) == null) {
      config.setProperty(EzBakePropertyConstants.EZBAKE_CERTIFICATES_DIRECTORY, this.sslDir);
    }
    if (config.get(EzBakePropertyConstants.EZBAKE_SECURITY_ID) == null) {
      config.setProperty(EzBakePropertyConstants.EZBAKE_SECURITY_ID, this.appId);
    }

    EzbakeSecurityClient client = new EzbakeSecurityClient(config);

    switch (this.request) {
      case User:
        EzSecurityToken usertoken =
            client.fetchTokenForProxiedUser(issuedTokenPrincipal(dn), this.target);
        if (this.outputFile != null) {
          writeTokenToFile(this.outputFile, usertoken);
        }
        break;
      case App:
        EzSecurityToken appToken = client.fetchAppToken(dn);
        if (this.outputFile != null) {
          writeTokenToFile(this.outputFile, appToken);
        }
        break;
      case DN:
        ProxyTokenRequest req = new ProxyTokenRequest();
        req.setX509(new X509Info(dn));
        req.setValidity(
            new ValidityCaveats("EFE", "EzSecurity", System.currentTimeMillis() + 1000, ""));

        EzSecurity.Client c = client.getClient();
        ProxyTokenResponse principal = c.requestProxyToken(req);
        client.returnClient(c);

        System.out.println(principal.getToken());
        System.out.println(principal.getSignature());
        break;
      case PROXY_DN:
        ProxyTokenRequest proxyReq = new ProxyTokenRequest();
        proxyReq.setX509(new X509Info(dn));
        proxyReq.setValidity(
            new ValidityCaveats("EFE", "EzSecurity", System.currentTimeMillis() + 1000, ""));
        proxyReq.getValidity().setIssuedTime(System.currentTimeMillis());

        EzSecurity.Client pc = client.getClient();
        ProxyTokenResponse presp = pc.requestProxyToken(proxyReq);
        client.returnClient(pc);

        System.out.println(presp.getToken());
        System.out.println(presp.getSignature());
        break;
    }
    Closeables.close(client, true);
  }
コード例 #3
0
 @Override
 public void close() throws IOException {
   if (security != null) {
     security.close();
   }
 }
コード例 #4
0
  protected Optional<SecureMessage> decrypt(String topic, SecureMessage message)
      throws IOException {
    RSAKeyCrypto crypto = topicKeys.get(topic);
    Optional<SecureMessage> decryptedPayload = Optional.absent();
    try {
      if (message.isSetKey()) {
        if (crypto != null && crypto.hasPrivate()) {
          Visibility visibility = message.getVisibility();
          EzSecurityTokenWrapper token = security.fetchAppToken();
          if (PermissionUtils.getPermissions(token.getAuthorizations(), visibility, true)
              .contains(Permission.READ)) {
            // Decrypt the symmetric key
            byte[] symmetricKey = crypto.decrypt(message.getKey());

            // Use the symmetric key to decrypt the message
            SecretKey key = new SecretKeySpec(symmetricKey, ALGO);
            Cipher cipher = Cipher.getInstance(ALGO);
            cipher.init(Cipher.DECRYPT_MODE, key);
            decryptedPayload =
                Optional.of(
                    new SecureMessage(
                        visibility, ByteBuffer.wrap(cipher.doFinal(message.getContent()))));
          } else {
            log.warn(
                "Pipeline is not authorized to read message with visibility of {}, dropping message.",
                visibility);
          }
        } else {
          String error =
              "No private key found for broadcaster topic ["
                  + topic
                  + "]. Cannot decrypt messages. Please re-initialize the broadcaster with a private key to receive messages.";
          log.error(error);
          throw new RuntimeException(error);
        }
      } else {
        log.debug("Message was not encrypted, or no key was set");
      }
    } catch (IllegalBlockSizeException | InvalidKeyException | BadPaddingException e) {
      log.error("Encryption not set up properly, this error is fatal.", e);
      throw new RuntimeException(e);
    } catch (BadArgumentException e) {
      log.error(
          String.format(
              "Visibility string %s not valid, message cannot be decrypted.",
              message.getVisibility().getFormalVisibility()),
          e);
      throw new IOException(e);
    } catch (NoSuchAlgorithmException e) {
      log.error("Incorrect algorithm used to initialize crypto", e);
      throw new RuntimeException(e);
    } catch (NoSuchPaddingException e) {
      log.error("Incorrect padding used to initialize crypto", e);
      throw new RuntimeException(e);
    } catch (PKeyCryptoException e) {
      log.error("Invalid crypto object", e);
      throw new RuntimeException(e);
    } catch (EzSecurityTokenException e) {
      log.error("Could not retrieve token from security service", e);
      throw new RuntimeException(e);
    }
    return decryptedPayload;
  }