Repository: ambari Updated Branches: refs/heads/trunk efe79f015 -> 3d445e739
AMBARI-9014. Design admin principal session expiration handling API call (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/3d445e73 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/3d445e73 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/3d445e73 Branch: refs/heads/trunk Commit: 3d445e739019815d51233114dac5cb5889dd0896 Parents: efe79f0 Author: Robert Levas <[email protected]> Authored: Tue Jan 13 13:29:15 2015 -0500 Committer: Robert Levas <[email protected]> Committed: Tue Jan 13 13:29:15 2015 -0500 ---------------------------------------------------------------------- .../KerberosAdminAuthenticationException.java | 45 +++++++++ .../KerberosKDCConnectionException.java | 45 +++++++++ .../KerberosLDAPContainerException.java | 45 +++++++++ .../kerberos/KerberosOperationException.java | 47 +++++++++ .../kerberos/KerberosRealmException.java | 46 +++++++++ .../kerberos/TrustingSSLSocketFactory.java | 100 +++++++++++++++++++ 6 files changed, 328 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/3d445e73/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosAdminAuthenticationException.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosAdminAuthenticationException.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosAdminAuthenticationException.java new file mode 100644 index 0000000..d85f57c --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosAdminAuthenticationException.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.serveraction.kerberos; + +/** + * KerberosAdminAuthenticationException is a KerberosOperationException thrown in the event a the + * administrative credentials failed to validate while authenticating with the KDC. + */ +public class KerberosAdminAuthenticationException extends KerberosOperationException { + + /** + * Creates a new KerberosAdminAuthenticationException with a message + * + * @param message a String containing the message indicating the reason for this exception + */ + public KerberosAdminAuthenticationException(String message) { + super(message); + } + + /** + * Creates a new KerberosAdminAuthenticationException with a message and a cause + * + * @param message a String containing the message indicating the reason for this exception + * @param cause a Throwable declaring the previously thrown Throwable that led to this exception + */ + public KerberosAdminAuthenticationException(String message, Throwable cause) { + super(message, cause); + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/3d445e73/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosKDCConnectionException.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosKDCConnectionException.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosKDCConnectionException.java new file mode 100644 index 0000000..a908eb9 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosKDCConnectionException.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.serveraction.kerberos; + +/** + * KerberosKDCConnectionException is a KerberosOperationException thrown in the event a connection + * to the KDC was not able to be made. + */ +public class KerberosKDCConnectionException extends KerberosOperationException { + + /** + * Creates a new KerberosKDCConnectionException with a message + * + * @param message a String containing the message indicating the reason for this exception + */ + public KerberosKDCConnectionException(String message) { + super(message); + } + + /** + * Creates a new KerberosKDCConnectionException with a message and a cause + * + * @param message a String containing the message indicating the reason for this exception + * @param cause a Throwable declaring the previously thrown Throwable that led to this exception + */ + public KerberosKDCConnectionException(String message, Throwable cause) { + super(message, cause); + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/3d445e73/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosLDAPContainerException.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosLDAPContainerException.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosLDAPContainerException.java new file mode 100644 index 0000000..f9ed50d --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosLDAPContainerException.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.serveraction.kerberos; + +/** + * KerberosLDAPContainerException is a KerberosOperationException thrown in the event a connection + * to the KDC was not able to be made. + */ +public class KerberosLDAPContainerException extends KerberosOperationException { + + /** + * Creates a new KerberosLDAPContainerException with a message + * + * @param message a String containing the message indicating the reason for this exception + */ + public KerberosLDAPContainerException(String message) { + super(message); + } + + /** + * Creates a new KerberosLDAPContainerException with a message and a cause + * + * @param message a String containing the message indicating the reason for this exception + * @param cause a Throwable declaring the previously thrown Throwable that led to this exception + */ + public KerberosLDAPContainerException(String message, Throwable cause) { + super(message, cause); + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/3d445e73/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationException.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationException.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationException.java new file mode 100644 index 0000000..8d9f9b9 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationException.java @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.serveraction.kerberos; + +/** + * KerberosOperationException is an Exception implementation that is thrown in the even an error + * occurs while executing a Kerberos-related operation. + * <p/> + * Classes may extend this class to specialize on specific Kerberos-related error conditions. + */ +public class KerberosOperationException extends Exception { + + /** + * Creates a new KerberosOperationException with a message + * + * @param message a String containing the message indicating the reason for this exception + */ + public KerberosOperationException(String message) { + super(message); + } + + /** + * Creates a new KerberosOperationException with a message and a cause + * + * @param message a String containing the message indicating the reason for this exception + * @param cause a Throwable declaring the previously thrown Throwable that led to this exception + */ + public KerberosOperationException(String message, Throwable cause) { + super(message, cause); + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/3d445e73/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosRealmException.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosRealmException.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosRealmException.java new file mode 100644 index 0000000..4696f2d --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosRealmException.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.serveraction.kerberos; + +/** + * KerberosRealmException is a KerberosOperationException thrown in the event a connection + * to the KDC was not able to be made due to an unexpected realm. + * <p/> + * This can happen, for example, if the krb5.conf file does not have an entry in it for the realm. + */ +public class KerberosRealmException extends KerberosOperationException { + /** + * Creates a new KerberosRealmException with a message + * + * @param message a String containing the message indicating the reason for this exception + */ + public KerberosRealmException(String message) { + super(message); + } + + /** + * Creates a new KerberosRealmException with a message and a cause + * + * @param message a String containing the message indicating the reason for this exception + * @param cause a Throwable declaring the previously thrown Throwable that led to this exception + */ + public KerberosRealmException(String message, Throwable cause) { + super(message, cause); + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/3d445e73/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/TrustingSSLSocketFactory.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/TrustingSSLSocketFactory.java b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/TrustingSSLSocketFactory.java new file mode 100644 index 0000000..73478c3 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/TrustingSSLSocketFactory.java @@ -0,0 +1,100 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.serveraction.kerberos; + +import javax.net.SocketFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; +import java.security.SecureRandom; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +public class TrustingSSLSocketFactory extends SSLSocketFactory { + private SSLSocketFactory socketFactory; + + public TrustingSSLSocketFactory() { + try { + SSLContext ctx = SSLContext.getInstance("TLS"); + ctx.init(null, new TrustManager[]{new LenientTrustManager()}, new SecureRandom()); + socketFactory = ctx.getSocketFactory(); + } catch (Exception ex) { + ex.printStackTrace(System.err); /* handle exception */ + } + } + + public static SocketFactory getDefault() { + return new TrustingSSLSocketFactory(); + } + + @Override + public String[] getDefaultCipherSuites() { + return socketFactory.getDefaultCipherSuites(); + } + + @Override + public String[] getSupportedCipherSuites() { + return socketFactory.getSupportedCipherSuites(); + } + + @Override + public Socket createSocket(Socket socket, String string, int i, boolean bln) throws IOException { + return socketFactory.createSocket(socket, string, i, bln); + } + + @Override + public Socket createSocket(String string, int i) throws IOException, UnknownHostException { + return socketFactory.createSocket(string, i); + } + + @Override + public Socket createSocket(String string, int i, InetAddress ia, int i1) throws IOException, UnknownHostException { + return socketFactory.createSocket(string, i, ia, i1); + } + + @Override + public Socket createSocket(InetAddress ia, int i) throws IOException { + return socketFactory.createSocket(ia, i); + } + + @Override + public Socket createSocket(InetAddress ia, int i, InetAddress ia1, int i1) throws IOException { + return socketFactory.createSocket(ia, i, ia1, i1); + } + + + public static class LenientTrustManager implements X509TrustManager { + public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException { + // do nothing + } + + public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException { + // do nothing + } + + public X509Certificate[] getAcceptedIssuers() { + return new java.security.cert.X509Certificate[0]; + } + } +} \ No newline at end of file
