/// <exception cref="System.Exception"/> public virtual void TestDecryptWithKeyVersionNameKeyMismatch() { Configuration conf = new Configuration(); KeyProvider kp = new UserProvider.Factory().CreateProvider(new URI("user:///"), conf ); KeyAuthorizationKeyProvider.KeyACLs mock = Org.Mockito.Mockito.Mock <KeyAuthorizationKeyProvider.KeyACLs >(); Org.Mockito.Mockito.When(mock.IsACLPresent("testKey", KeyAuthorizationKeyProvider.KeyOpType .Management)).ThenReturn(true); Org.Mockito.Mockito.When(mock.IsACLPresent("testKey", KeyAuthorizationKeyProvider.KeyOpType .GenerateEek)).ThenReturn(true); Org.Mockito.Mockito.When(mock.IsACLPresent("testKey", KeyAuthorizationKeyProvider.KeyOpType .DecryptEek)).ThenReturn(true); Org.Mockito.Mockito.When(mock.IsACLPresent("testKey", KeyAuthorizationKeyProvider.KeyOpType .All)).ThenReturn(true); UserGroupInformation u1 = UserGroupInformation.CreateRemoteUser("u1"); UserGroupInformation u2 = UserGroupInformation.CreateRemoteUser("u2"); UserGroupInformation u3 = UserGroupInformation.CreateRemoteUser("u3"); UserGroupInformation sudo = UserGroupInformation.CreateRemoteUser("sudo"); Org.Mockito.Mockito.When(mock.HasAccessToKey("testKey", u1, KeyAuthorizationKeyProvider.KeyOpType .Management)).ThenReturn(true); Org.Mockito.Mockito.When(mock.HasAccessToKey("testKey", u2, KeyAuthorizationKeyProvider.KeyOpType .GenerateEek)).ThenReturn(true); Org.Mockito.Mockito.When(mock.HasAccessToKey("testKey", u3, KeyAuthorizationKeyProvider.KeyOpType .DecryptEek)).ThenReturn(true); Org.Mockito.Mockito.When(mock.HasAccessToKey("testKey", sudo, KeyAuthorizationKeyProvider.KeyOpType .All)).ThenReturn(true); KeyProviderCryptoExtension kpExt = new KeyAuthorizationKeyProvider(KeyProviderCryptoExtension .CreateKeyProviderCryptoExtension(kp), mock); sudo.DoAs(new _PrivilegedExceptionAction_247(conf, kpExt)); }
public virtual void TestCreateKey() { Configuration conf = new Configuration(); KeyProvider kp = new UserProvider.Factory().CreateProvider(new URI("user:///"), conf ); KeyAuthorizationKeyProvider.KeyACLs mock = Org.Mockito.Mockito.Mock <KeyAuthorizationKeyProvider.KeyACLs >(); Org.Mockito.Mockito.When(mock.IsACLPresent("foo", KeyAuthorizationKeyProvider.KeyOpType .Management)).ThenReturn(true); UserGroupInformation u1 = UserGroupInformation.CreateRemoteUser("u1"); Org.Mockito.Mockito.When(mock.HasAccessToKey("foo", u1, KeyAuthorizationKeyProvider.KeyOpType .Management)).ThenReturn(true); KeyProviderCryptoExtension kpExt = new KeyAuthorizationKeyProvider(KeyProviderCryptoExtension .CreateKeyProviderCryptoExtension(kp), mock); u1.DoAs(new _PrivilegedExceptionAction_62(kpExt, conf)); // "bar" key not configured // Ignore // Unauthorized User UserGroupInformation.CreateRemoteUser("badGuy").DoAs(new _PrivilegedExceptionAction_87 (kpExt, conf)); }
public virtual void ContextInitialized(ServletContextEvent sce) { try { string confDir = Runtime.GetProperty(KMSConfiguration.KmsConfigDir); if (confDir == null) { throw new RuntimeException("System property '" + KMSConfiguration.KmsConfigDir + "' not defined"); } kmsConf = KMSConfiguration.GetKMSConf(); InitLogging(confDir); Log.Info("-------------------------------------------------------------"); Log.Info(" Java runtime version : {}", Runtime.GetProperty("java.runtime.version" )); Log.Info(" KMS Hadoop Version: " + VersionInfo.GetVersion()); Log.Info("-------------------------------------------------------------"); kmsAcls = new KMSACLs(); kmsAcls.StartReloader(); metricRegistry = new MetricRegistry(); jmxReporter = JmxReporter.ForRegistry(metricRegistry).Build(); jmxReporter.Start(); generateEEKCallsMeter = metricRegistry.Register(GenerateEekMeter, new Meter()); decryptEEKCallsMeter = metricRegistry.Register(DecryptEekMeter, new Meter()); adminCallsMeter = metricRegistry.Register(AdminCallsMeter, new Meter()); keyCallsMeter = metricRegistry.Register(KeyCallsMeter, new Meter()); invalidCallsMeter = metricRegistry.Register(InvalidCallsMeter, new Meter()); unauthorizedCallsMeter = metricRegistry.Register(UnauthorizedCallsMeter, new Meter ()); unauthenticatedCallsMeter = metricRegistry.Register(UnauthenticatedCallsMeter, new Meter()); kmsAudit = new KMSAudit(kmsConf.GetLong(KMSConfiguration.KmsAuditAggregationWindow , KMSConfiguration.KmsAuditAggregationWindowDefault)); // this is required for the the JMXJsonServlet to work properly. // the JMXJsonServlet is behind the authentication filter, // thus the '*' ACL. sce.GetServletContext().SetAttribute(HttpServer2.ConfContextAttribute, kmsConf); sce.GetServletContext().SetAttribute(HttpServer2.AdminsAcl, new AccessControlList (AccessControlList.WildcardAclValue)); // intializing the KeyProvider string providerString = kmsConf.Get(KMSConfiguration.KeyProviderUri); if (providerString == null) { throw new InvalidOperationException("No KeyProvider has been defined"); } KeyProvider keyProvider = KeyProviderFactory.Get(new URI(providerString), kmsConf ); if (kmsConf.GetBoolean(KMSConfiguration.KeyCacheEnable, KMSConfiguration.KeyCacheEnableDefault )) { long keyTimeOutMillis = kmsConf.GetLong(KMSConfiguration.KeyCacheTimeoutKey, KMSConfiguration .KeyCacheTimeoutDefault); long currKeyTimeOutMillis = kmsConf.GetLong(KMSConfiguration.CurrKeyCacheTimeoutKey , KMSConfiguration.CurrKeyCacheTimeoutDefault); keyProvider = new CachingKeyProvider(keyProvider, keyTimeOutMillis, currKeyTimeOutMillis ); } Log.Info("Initialized KeyProvider " + keyProvider); keyProviderCryptoExtension = KeyProviderCryptoExtension.CreateKeyProviderCryptoExtension (keyProvider); keyProviderCryptoExtension = new EagerKeyGeneratorKeyProviderCryptoExtension(kmsConf , keyProviderCryptoExtension); if (kmsConf.GetBoolean(KMSConfiguration.KeyAuthorizationEnable, KMSConfiguration. KeyAuthorizationEnableDefault)) { keyProviderCryptoExtension = new KeyAuthorizationKeyProvider(keyProviderCryptoExtension , kmsAcls); } Log.Info("Initialized KeyProviderCryptoExtension " + keyProviderCryptoExtension); int defaultBitlength = kmsConf.GetInt(KeyProvider.DefaultBitlengthName, KeyProvider .DefaultBitlength); Log.Info("Default key bitlength is {}", defaultBitlength); Log.Info("KMS Started"); } catch (Exception ex) { System.Console.Out.WriteLine(); System.Console.Out.WriteLine("ERROR: Hadoop KMS could not be started"); System.Console.Out.WriteLine(); System.Console.Out.WriteLine("REASON: " + ex.ToString()); System.Console.Out.WriteLine(); System.Console.Out.WriteLine("Stacktrace:"); System.Console.Out.WriteLine("---------------------------------------------------" ); Runtime.PrintStackTrace(ex, System.Console.Out); System.Console.Out.WriteLine("---------------------------------------------------" ); System.Console.Out.WriteLine(); System.Environment.Exit(1); } }