Modified: accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/CredentialHelper.java URL: http://svn.apache.org/viewvc/accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/CredentialHelper.java?rev=1451401&r1=1451400&r2=1451401&view=diff ============================================================================== --- accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/CredentialHelper.java (original) +++ accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/CredentialHelper.java Thu Feb 28 22:31:00 2013 @@ -24,9 +24,9 @@ import java.nio.ByteBuffer; import java.nio.charset.Charset; import org.apache.accumulo.core.client.AccumuloSecurityException; -import org.apache.accumulo.core.security.thrift.Credential; import org.apache.accumulo.core.security.thrift.SecurityErrorCode; -import org.apache.accumulo.core.security.tokens.SecurityToken; +import org.apache.accumulo.core.security.thrift.TCredentials; +import org.apache.accumulo.core.security.tokens.AuthenticationToken; import org.apache.commons.codec.binary.Base64; import org.apache.commons.io.output.ByteArrayOutputStream; import org.apache.log4j.Logger; @@ -37,30 +37,16 @@ import org.apache.thrift.TSerializer; public class CredentialHelper { static Logger log = Logger.getLogger(CredentialHelper.class); - /** - * @param principal - * @param token - * @param instanceID - * @return A proper Credential object which can be deserialized by the server - */ - public static Credential create(String principal, SecurityToken token, String instanceID) throws AccumuloSecurityException { - String className = token.getClass().getCanonicalName(); - return new Credential(principal, className, ByteBuffer.wrap(toBytes(token)), instanceID); - } - - /** - * @param cred - * @return A serialized Credential as a Base64 encoded String - */ - public static String asBase64String(Credential cred) throws AccumuloSecurityException { + public static TCredentials create(String principal, AuthenticationToken token, String instanceID) throws AccumuloSecurityException { + String className = token.getClass().getName(); + return new TCredentials(principal, className, ByteBuffer.wrap(toBytes(token)), instanceID); + } + + public static String asBase64String(TCredentials cred) throws AccumuloSecurityException { return new String(Base64.encodeBase64(asByteArray(cred)), Charset.forName("UTF-8")); } - /** - * @param cred - * @return a serialized Credential - */ - public static byte[] asByteArray(Credential cred) throws AccumuloSecurityException { + public static byte[] asByteArray(TCredentials cred) throws AccumuloSecurityException { TSerializer ts = new TSerializer(); try { return ts.serialize(cred); @@ -71,22 +57,14 @@ public class CredentialHelper { } } - /** - * @param string - * @return - */ - public static Credential fromBase64String(String string) throws AccumuloSecurityException { + public static TCredentials fromBase64String(String string) throws AccumuloSecurityException { return fromByteArray(Base64.decodeBase64(string.getBytes(Charset.forName("UTF-8")))); } - /** - * @param decodeBase64 - * @return - */ - private static Credential fromByteArray(byte[] decodeBase64) throws AccumuloSecurityException { + private static TCredentials fromByteArray(byte[] decodeBase64) throws AccumuloSecurityException { TDeserializer td = new TDeserializer(); try { - Credential toRet = new Credential(); + TCredentials toRet = new TCredentials(); td.deserialize(toRet, decodeBase64); return toRet; } catch (TException e) { @@ -96,23 +74,11 @@ public class CredentialHelper { } } - /** - * @param toAuth - * @return - * @throws AccumuloSecurityException - */ - public static SecurityToken extractToken(Credential toAuth) throws AccumuloSecurityException { - return extractToken(toAuth.tokenClass, toAuth.getToken()); - } - - /** - * @param systemPrincipal - * @param systemToken - * @param instanceID - * @param b - * @return - */ - public static Credential createSquelchError(String principal, SecurityToken token, String instanceID) { + public static AuthenticationToken extractToken(TCredentials toAuth) throws AccumuloSecurityException { + return extractToken(toAuth.tokenClassName, toAuth.getToken()); + } + + public static TCredentials createSquelchError(String principal, AuthenticationToken token, String instanceID) { try { return create(principal, token, instanceID); } catch (AccumuloSecurityException e) { @@ -121,21 +87,11 @@ public class CredentialHelper { } } - /** - * @param token - * @return - * @throws AccumuloSecurityException - */ - public static String tokenAsBase64(SecurityToken token) throws AccumuloSecurityException { + public static String tokenAsBase64(AuthenticationToken token) throws AccumuloSecurityException { return new String(Base64.encodeBase64(toBytes(token)), Charset.forName("UTF-8")); } - /** - * @param token - * @return - * @throws AccumuloSecurityException - */ - private static byte[] toBytes(SecurityToken token) throws AccumuloSecurityException { + private static byte[] toBytes(AuthenticationToken token) throws AccumuloSecurityException { try { ByteArrayOutputStream bais = new ByteArrayOutputStream(); token.write(new DataOutputStream(bais)); @@ -148,18 +104,12 @@ public class CredentialHelper { } } - - /** - * @param tokenClass - * @param token - * @return - * @throws AccumuloSecurityException - */ - public static SecurityToken extractToken(String tokenClass, byte[] token) throws AccumuloSecurityException { + + public static AuthenticationToken extractToken(String tokenClass, byte[] token) throws AccumuloSecurityException { try { Object obj = Class.forName(tokenClass).newInstance(); - if (obj instanceof SecurityToken) { - SecurityToken toRet = (SecurityToken) obj; + if (obj instanceof AuthenticationToken) { + AuthenticationToken toRet = (AuthenticationToken) obj; toRet.readFields(new DataInputStream(new ByteArrayInputStream(token))); return toRet; }
Modified: accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleFactory.java URL: http://svn.apache.org/viewvc/accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleFactory.java?rev=1451401&r1=1451400&r2=1451401&view=diff ============================================================================== --- accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleFactory.java (original) +++ accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/crypto/CryptoModuleFactory.java Thu Feb 28 22:31:00 2013 @@ -28,7 +28,10 @@ import org.apache.log4j.Logger; /** * This factory module exists to assist other classes in loading crypto modules. + * + * @deprecated This feature is experimental and may go away in future versions. */ +@Deprecated public class CryptoModuleFactory { private static Logger log = Logger.getLogger(CryptoModuleFactory.class); @@ -40,14 +43,12 @@ public class CryptoModuleFactory { * @return a class implementing the CryptoModule interface. It will *never* return null; rather, it will return a class which obeys the interface but makes no * changes to the underlying data. */ - - @SuppressWarnings("deprecation") public static CryptoModule getCryptoModule(AccumuloConfiguration conf) { String cryptoModuleClassname = conf.get(Property.CRYPTO_MODULE_CLASS); return getCryptoModule(cryptoModuleClassname); } - @SuppressWarnings({"rawtypes", "deprecation"}) + @SuppressWarnings({"rawtypes"}) public static CryptoModule getCryptoModule(String cryptoModuleClassname) { log.debug(String.format("About to instantiate crypto module %s", cryptoModuleClassname)); @@ -172,37 +173,46 @@ public class CryptoModuleFactory { return context; } + @Override public SecretKeyEncryptionStrategyContext getNewContext() { return new SecretKeyEncryptionStrategyContext() { + @Override public byte[] getPlaintextSecretKey() { return plaintextSecretKey; } + @Override public void setPlaintextSecretKey(byte[] plaintextSecretKey) { this.plaintextSecretKey = plaintextSecretKey; } + @Override public byte[] getEncryptedSecretKey() { return encryptedSecretKey; } + @Override public void setEncryptedSecretKey(byte[] encryptedSecretKey) { this.encryptedSecretKey = encryptedSecretKey; } + @Override public String getOpaqueKeyEncryptionKeyID() { return opaqueKeyEncryptionKeyID; } + @Override public void setOpaqueKeyEncryptionKeyID(String opaqueKeyEncryptionKeyID) { this.opaqueKeyEncryptionKeyID = opaqueKeyEncryptionKeyID; } + @Override public Map<String,String> getContext() { return context; } + @Override public void setContext(Map<String,String> context) { this.context = context; } @@ -216,7 +226,6 @@ public class CryptoModuleFactory { } - @SuppressWarnings("deprecation") private static class NullCryptoModule implements CryptoModule { @Override Modified: accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModule.java URL: http://svn.apache.org/viewvc/accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModule.java?rev=1451401&r1=1451400&r2=1451401&view=diff ============================================================================== --- accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModule.java (original) +++ accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/crypto/DefaultCryptoModule.java Thu Feb 28 22:31:00 2013 @@ -44,9 +44,9 @@ import org.apache.log4j.Logger; * This class contains the gritty details around setting up encrypted streams for reading and writing the log file. It obeys the interface CryptoModule, which * other developers can implement to change out this logic as necessary. * + * @deprecated This feature is experimental and may go away in future versions. */ - -@SuppressWarnings("deprecation") +@Deprecated public class DefaultCryptoModule implements CryptoModule { // This is how *I* like to format my variable declarations. Your mileage may vary. Modified: accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/handler/Authenticator.java URL: http://svn.apache.org/viewvc/accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/handler/Authenticator.java?rev=1451401&r1=1451400&r2=1451401&view=diff ============================================================================== --- accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/handler/Authenticator.java (original) +++ accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/handler/Authenticator.java Thu Feb 28 22:31:00 2013 @@ -19,8 +19,8 @@ package org.apache.accumulo.core.securit import java.util.Properties; import org.apache.accumulo.core.client.AccumuloSecurityException; -import org.apache.accumulo.core.security.tokens.SecurityToken; +import org.apache.accumulo.core.security.tokens.AuthenticationToken; public interface Authenticator { - public SecurityToken login(Properties properties) throws AccumuloSecurityException; + public AuthenticationToken login(Properties properties) throws AccumuloSecurityException; } Modified: accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/handler/InsecureAuthenticator.java URL: http://svn.apache.org/viewvc/accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/handler/InsecureAuthenticator.java?rev=1451401&r1=1451400&r2=1451401&view=diff ============================================================================== --- accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/handler/InsecureAuthenticator.java (original) +++ accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/handler/InsecureAuthenticator.java Thu Feb 28 22:31:00 2013 @@ -20,7 +20,7 @@ import java.util.Properties; import org.apache.accumulo.core.client.AccumuloSecurityException; import org.apache.accumulo.core.security.tokens.NullToken; -import org.apache.accumulo.core.security.tokens.SecurityToken; +import org.apache.accumulo.core.security.tokens.AuthenticationToken; /** * @@ -28,7 +28,7 @@ import org.apache.accumulo.core.security public class InsecureAuthenticator implements Authenticator { @Override - public SecurityToken login(Properties properties) throws AccumuloSecurityException { + public AuthenticationToken login(Properties properties) throws AccumuloSecurityException { return new NullToken(); } Modified: accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/handler/ZKAuthenticator.java URL: http://svn.apache.org/viewvc/accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/handler/ZKAuthenticator.java?rev=1451401&r1=1451400&r2=1451401&view=diff ============================================================================== --- accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/handler/ZKAuthenticator.java (original) +++ accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/handler/ZKAuthenticator.java Thu Feb 28 22:31:00 2013 @@ -16,13 +16,12 @@ */ package org.apache.accumulo.core.security.handler; -import java.nio.charset.Charset; import java.util.Properties; import org.apache.accumulo.core.client.AccumuloSecurityException; import org.apache.accumulo.core.security.thrift.SecurityErrorCode; +import org.apache.accumulo.core.security.tokens.AuthenticationToken; import org.apache.accumulo.core.security.tokens.PasswordToken; -import org.apache.accumulo.core.security.tokens.SecurityToken; /** * @@ -30,9 +29,9 @@ import org.apache.accumulo.core.security public class ZKAuthenticator implements Authenticator { @Override - public SecurityToken login(Properties properties) throws AccumuloSecurityException{ + public AuthenticationToken login(Properties properties) throws AccumuloSecurityException { if (properties.containsKey("password")) - return new PasswordToken().setPassword(properties.getProperty("password").getBytes(Charset.forName("UTF-8"))); + return new PasswordToken(properties.getProperty("password")); throw new AccumuloSecurityException(properties.getProperty("user"), SecurityErrorCode.INSUFFICIENT_PROPERTIES); } } Modified: accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/thrift/AuthInfo.java URL: http://svn.apache.org/viewvc/accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/thrift/AuthInfo.java?rev=1451401&r1=1451400&r2=1451401&view=diff ============================================================================== --- accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/thrift/AuthInfo.java (original) +++ accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/thrift/AuthInfo.java Thu Feb 28 22:31:00 2013 @@ -47,8 +47,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** - * * @Deprecated since 1.5 - * * + * @deprecated since 1.5 */ @SuppressWarnings("all") public class AuthInfo implements org.apache.thrift.TBase<AuthInfo, AuthInfo._Fields>, java.io.Serializable, Cloneable { private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("AuthInfo"); Modified: accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/tokens/NullToken.java URL: http://svn.apache.org/viewvc/accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/tokens/NullToken.java?rev=1451401&r1=1451400&r2=1451401&view=diff ============================================================================== --- accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/tokens/NullToken.java (original) +++ accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/tokens/NullToken.java Thu Feb 28 22:31:00 2013 @@ -25,7 +25,7 @@ import javax.security.auth.DestroyFailed /** * */ -public class NullToken implements SecurityToken { +public class NullToken implements AuthenticationToken { @Override public void readFields(DataInput arg0) throws IOException { Modified: accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/tokens/PasswordToken.java URL: http://svn.apache.org/viewvc/accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/tokens/PasswordToken.java?rev=1451401&r1=1451400&r2=1451401&view=diff ============================================================================== --- accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/tokens/PasswordToken.java (original) +++ accumulo/branches/1.5/core/src/main/java/org/apache/accumulo/core/security/tokens/PasswordToken.java Thu Feb 28 22:31:00 2013 @@ -19,24 +19,54 @@ package org.apache.accumulo.core.securit import java.io.DataInput; import java.io.DataOutput; import java.io.IOException; +import java.nio.ByteBuffer; import java.util.Arrays; import javax.security.auth.DestroyFailedException; +import org.apache.accumulo.core.Constants; +import org.apache.accumulo.core.util.ByteBufferUtil; +import org.apache.hadoop.io.Writable; import org.apache.hadoop.io.WritableUtils; -public class PasswordToken implements SecurityToken { +public class PasswordToken implements AuthenticationToken { private byte[] password = null; public byte[] getPassword() { return password; } - - public PasswordToken setPassword(byte[] password) { - this.password = password; - return this; + + /** + * Constructor for use with {@link Writable}. Call {@link #readFields(DataInput)}. + */ + public PasswordToken() {} + + /** + * Constructs a token from a copy of the password. Destroying the argument after construction will not destroy the copy in this token, and destroying this + * token will only destroy the copy held inside this token, not the argument. + * + * Password tokens created with this constructor will store the password as UTF-8 bytes. + */ + public PasswordToken(CharSequence password) { + this.password = password.toString().getBytes(Constants.UTF8); } - + + /** + * Constructs a token from a copy of the password. Destroying the argument after construction will not destroy the copy in this token, and destroying this + * token will only destroy the copy held inside this token, not the argument. + */ + public PasswordToken(byte[] password) { + this.password = Arrays.copyOf(password, password.length); + } + + /** + * Constructs a token from a copy of the password. Destroying the argument after construction will not destroy the copy in this token, and destroying this + * token will only destroy the copy held inside this token, not the argument. + */ + public PasswordToken(ByteBuffer password) { + this.password = ByteBufferUtil.toBytes(password); + } + @Override public void readFields(DataInput arg0) throws IOException { password = WritableUtils.readCompressedByteArray(arg0); @@ -46,23 +76,23 @@ public class PasswordToken implements Se public void write(DataOutput arg0) throws IOException { WritableUtils.writeCompressedByteArray(arg0, password); } - + @Override public void destroy() throws DestroyFailedException { - Arrays.fill(password, (byte)0x00); + Arrays.fill(password, (byte) 0x00); password = null; } - + @Override public boolean isDestroyed() { - return password==null; + return password == null; } - + @Override public int hashCode() { return Arrays.hashCode(password); } - + @Override public boolean equals(Object obj) { if (this == obj) @@ -72,12 +102,11 @@ public class PasswordToken implements Se if (!(obj instanceof PasswordToken)) return false; PasswordToken other = (PasswordToken) obj; - if (!Arrays.equals(password, other.password)) - return false; - return true; + return Arrays.equals(password, other.password); } + @Override public PasswordToken clone() { - return new PasswordToken().setPassword(Arrays.copyOf(password, password.length)); + return new PasswordToken(password); } }
