Repository: incubator-slider Updated Branches: refs/heads/develop 7992f422b -> 5696c7de3
SLIDER-1248 Insecure random number generator Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/5696c7de Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/5696c7de Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/5696c7de Branch: refs/heads/develop Commit: 5696c7de39cadfdc70b4d7fe574f2b42987c61c8 Parents: 7992f42 Author: Gour Saha <gourks...@apache.org> Authored: Tue Sep 12 14:16:40 2017 -0700 Committer: Gour Saha <gourks...@apache.org> Committed: Tue Sep 12 14:16:40 2017 -0700 ---------------------------------------------------------------------- .../apache/slider/core/conf/AggregateConf.java | 11 +++-- .../server/services/security/SecurityUtils.java | 45 ++++++++++++++------ .../services/security/TestSecurityUtils.java | 41 ++++++++++++++++++ 3 files changed, 79 insertions(+), 18 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/5696c7de/slider-core/src/main/java/org/apache/slider/core/conf/AggregateConf.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/core/conf/AggregateConf.java b/slider-core/src/main/java/org/apache/slider/core/conf/AggregateConf.java index 18c3156..d65d820 100644 --- a/slider-core/src/main/java/org/apache/slider/core/conf/AggregateConf.java +++ b/slider-core/src/main/java/org/apache/slider/core/conf/AggregateConf.java @@ -18,16 +18,16 @@ package org.apache.slider.core.conf; -import org.apache.commons.lang.RandomStringUtils; +import java.io.IOException; + import org.apache.commons.lang.StringUtils; import org.apache.slider.common.SliderKeys; import org.apache.slider.core.exceptions.BadConfigException; +import org.apache.slider.server.services.security.SecurityUtils; import org.codehaus.jackson.annotate.JsonIgnore; import org.codehaus.jackson.annotate.JsonIgnoreProperties; import org.codehaus.jackson.map.annotate.JsonSerialize; -import java.io.IOException; - /** * Aggregate Configuration. * @@ -162,10 +162,9 @@ public final class AggregateConf { @JsonIgnore public String getPassphrase() { if (passphrase == null) { - passphrase = RandomStringUtils.randomAlphanumeric( - Integer.valueOf(SliderKeys.PASS_LEN)); + passphrase = SecurityUtils + .randomAlphanumeric(Integer.valueOf(SliderKeys.PASS_LEN)); } - return passphrase; } http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/5696c7de/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java b/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java index 5fadb46..0c94156 100644 --- a/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java +++ b/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java @@ -16,8 +16,11 @@ */ package org.apache.slider.server.services.security; +import java.io.File; +import java.io.IOException; +import java.security.SecureRandom; + import org.apache.commons.io.FileUtils; -import org.apache.commons.lang.RandomStringUtils; import org.apache.hadoop.fs.Path; import org.apache.hadoop.fs.RawLocalFileSystem; import org.apache.hadoop.fs.permission.FsAction; @@ -28,15 +31,6 @@ import org.apache.slider.core.conf.MapOperations; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.io.File; -import java.io.IOException; -//import java.nio.file.Files; -//import java.nio.file.Path; -//import java.nio.file.Paths; -//import java.nio.file.attribute.PosixFilePermission; -//import java.nio.file.attribute.PosixFilePermissions; - - /** * */ @@ -82,10 +76,37 @@ public class SecurityUtils { + "basicConstraints = CA:true\n"; private static final String PASS_TOKEN = "pass:"; + public static final String UPPER = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; + public static final String LOWER = UPPER.toLowerCase(); + public static final String DIGITS = "0123456789"; + public static final String ALPHANUM = UPPER + LOWER + DIGITS; + public static final char[] ALPHANUM_ARRAY = ALPHANUM.toCharArray(); + private static String keystorePass; private static String securityDir; private static boolean keystoreLocationSpecified; + /** + * Generate a string with alpha-numeric characters using a cryptographically + * secure PRNG. + * + * @param length + * the length of the requested string + * @throws NegativeArraySizeException + * if length is negative + * @return alpha-numeric string + */ + public static String randomAlphanumeric(int length) { + StringBuilder buffer = new StringBuilder(length); + SecureRandom secureRandom = new SecureRandom(); + for (int i = 0; i < length; i++) { + double number = secureRandom.nextDouble(); + int b = ((int) (number * ALPHANUM_ARRAY.length)); + buffer.append(ALPHANUM_ARRAY[b]); + } + return buffer.toString(); + } + public static void logOpenSslExitCode(String command, int exitCode) { if (exitCode == 0) { LOG.info(getOpenSslCommandResult(command, exitCode)); @@ -209,8 +230,8 @@ public class SecurityUtils { String password = null; if (!passFile.exists()) { LOG.info("Generating keystore password"); - password = RandomStringUtils.randomAlphanumeric( - Integer.valueOf(SliderKeys.PASS_LEN)); + password = SecurityUtils + .randomAlphanumeric(Integer.valueOf(SliderKeys.PASS_LEN)); if (persistPassword) { try { FileUtils.writeStringToFile(passFile, password); http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/5696c7de/slider-core/src/test/java/org/apache/slider/server/services/security/TestSecurityUtils.java ---------------------------------------------------------------------- diff --git a/slider-core/src/test/java/org/apache/slider/server/services/security/TestSecurityUtils.java b/slider-core/src/test/java/org/apache/slider/server/services/security/TestSecurityUtils.java new file mode 100644 index 0000000..1bb9ad0 --- /dev/null +++ b/slider-core/src/test/java/org/apache/slider/server/services/security/TestSecurityUtils.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.slider.server.services.security; + +import org.junit.Assert; +import org.junit.Test; + +public class TestSecurityUtils { + + @Test + public void testRandomAlphanumeric() throws Exception { + int passLength = 50; + String password = SecurityUtils.randomAlphanumeric(passLength); + Assert.assertEquals( + "Returned string length does not match requested length", passLength, + password.length()); + + // 0 length + password = SecurityUtils.randomAlphanumeric(0); + Assert.assertTrue("Returned string should be empty", password.isEmpty()); + } + + @Test(expected = NegativeArraySizeException.class) + public void testRandomAlphanumericException() throws Exception { + SecurityUtils.randomAlphanumeric(-1); + } +}