@Override public boolean equals(Object obj) { if (obj == null || !(obj instanceof Credentials)) return false; Credentials other = Credentials.class.cast(obj); boolean pEq = getPrincipal() == null ? (other.getPrincipal() == null) : (getPrincipal().equals(other.getPrincipal())); if (!pEq) return false; return getToken() == null ? (other.getToken() == null) : (getToken().equals(other.getToken())); }
/** * Converts the serialized form to an instance of {@link Credentials}. The original serialized * form will not be affected. * * @param serializedForm * serialized form of credentials * @return deserialized credentials */ public static final Credentials deserialize(String serializedForm) { String[] split = serializedForm.split(":", 3); String principal = split[0].equals("-") ? null : new String(Base64.getDecoder().decode(split[0]), UTF_8); String tokenType = split[1].equals("-") ? null : new String(Base64.getDecoder().decode(split[1]), UTF_8); AuthenticationToken token = null; if (!split[2].equals("-")) { byte[] tokenBytes = Base64.getDecoder().decode(split[2]); token = AuthenticationTokenSerializer.deserialize(tokenType, tokenBytes); } return new Credentials(principal, token); }
public SystemCredentials(String instanceID, String principal, AuthenticationToken token) { super(principal, token); AS_THRIFT = super.toThrift(instanceID); }
@Override public int hashCode() { return getPrincipal() == null ? 0 : getPrincipal().hashCode(); }
SecurityErrorCode.INVALID_INSTANCEID); Credentials creds = Credentials.fromThrift(credentials); if (!context.getCredentials().getToken().equals(creds.getToken())) { log.debug("With SASL enabled, System AuthenticationTokens did not match."); throw new ThriftSecurityException(creds.getPrincipal(), SecurityErrorCode.BAD_CREDENTIALS); if (!(context.getCredentials().equals(creds))) { log.debug("Provided credentials did not match server's expected" + " credentials. Expected {} but got {}", context.getCredentials(), creds); throw new ThriftSecurityException(creds.getPrincipal(), SecurityErrorCode.BAD_CREDENTIALS); if (!authenticator.userExists(creds.getPrincipal())) { if (!authenticator.authenticateUser(creds.getPrincipal(), creds.getToken())) { throw new ThriftSecurityException(creds.getPrincipal(), SecurityErrorCode.BAD_CREDENTIALS);
Credentials creds = Credentials.deserialize(fileScanner.nextLine()); if (principal.equals(creds.getPrincipal())) { return creds.getToken();
public boolean authenticateUser(TCredentials credentials, TCredentials toAuth) throws ThriftSecurityException { canAskAboutUser(credentials, toAuth.getPrincipal()); // User is already authenticated from canAskAboutUser if (credentials.equals(toAuth)) return true; try { Credentials toCreds = Credentials.fromThrift(toAuth); if (isKerberos) { // If we have kerberos credentials for a user from the network but no account // in the system, we need to make one before proceeding if (!authenticator.userExists(toCreds.getPrincipal())) { createUser(credentials, toCreds, Authorizations.EMPTY); } // Likely that the KerberosAuthenticator will fail as we don't have the credentials for the // other user, // we only have our own Kerberos credentials. } return authenticator.authenticateUser(toCreds.getPrincipal(), toCreds.getToken()); } catch (AccumuloSecurityException e) { throw e.asThriftException(); } }
@Override public AuthenticationToken getAuthenticationToken() { return getCredentials().getToken(); }
@Override public void changeLocalUserPassword(final String principal, final PasswordToken token) throws AccumuloException, AccumuloSecurityException { checkArgument(principal != null, "principal is null"); checkArgument(token != null, "token is null"); final Credentials toChange = new Credentials(principal, token); executeVoid(client -> client.changeLocalUserPassword(Tracer.traceInfo(), context.rpcCreds(), principal, ByteBuffer.wrap(token.getPassword()))); if (context.getCredentials().getPrincipal().equals(principal)) { context.setCredentials(toChange); } }
@Override public boolean authenticateUser(final String principal, final AuthenticationToken token) throws AccumuloException, AccumuloSecurityException { checkArgument(principal != null, "principal is null"); checkArgument(token != null, "token is null"); final Credentials toAuth = new Credentials(principal, token); return execute(client -> client.authenticateUser(Tracer.traceInfo(), context.rpcCreds(), toAuth.toThrift(context.getInstanceID()))); }
@Override public String getPrincipal() { return getCredentials().getPrincipal(); }
public boolean isSystemUser(TCredentials credentials) { return context.getCredentials().getToken().getClass().getName() .equals(credentials.getTokenClassName()); }
@Override public String toString() { return getClass().getName() + ":" + getPrincipal() + ":" + (getToken() == null ? null : getToken().getClass().getName()) + ":<hidden>"; } }
@Override public void createUser(TCredentials credentials, Credentials newUser, Authorizations authorizations) throws ThriftSecurityException { try { super.createUser(credentials, newUser, authorizations); audit(credentials, CREATE_USER_AUDIT_TEMPLATE, newUser.getPrincipal(), authorizations); } catch (ThriftSecurityException ex) { audit(credentials, ex, CREATE_USER_AUDIT_TEMPLATE, newUser.getPrincipal(), authorizations); throw ex; } }
private boolean shouldAudit(TCredentials credentials) { return !context.getCredentials().getToken().getClass().getName() .equals(credentials.getTokenClassName()); }
@Override public void changeLocalUserPassword(TInfo tinfo, TCredentials credentials, String principal, ByteBuffer password) throws ThriftSecurityException { PasswordToken token = new PasswordToken(password); Credentials toChange = new Credentials(principal, token); security.changePassword(credentials, toChange); }
/** * Converts the current object to a serialized form. The object returned from this contains a * non-destroyable version of the {@link AuthenticationToken}, so references to it should be * tightly controlled. * * @return serialized form of these credentials */ public final String serialize() { return (getPrincipal() == null ? "-" : Base64.getEncoder().encodeToString(getPrincipal().getBytes(UTF_8))) + ":" + (getToken() == null ? "-" : Base64.getEncoder().encodeToString(getToken().getClass().getName().getBytes(UTF_8))) + ":" + (getToken() == null ? "-" : Base64.getEncoder() .encodeToString(AuthenticationTokenSerializer.serialize(getToken()))); }
@Override public void changePassword(TCredentials credentials, Credentials newInfo) throws ThriftSecurityException { try { super.changePassword(credentials, newInfo); audit(credentials, CHANGE_PASSWORD_AUDIT_TEMPLATE, newInfo.getPrincipal()); } catch (ThriftSecurityException ex) { audit(credentials, ex, CHANGE_PASSWORD_AUDIT_TEMPLATE, newInfo.getPrincipal()); throw ex; } }
public AuthenticationToken getAuthenticationToken() { ensureOpen(); return getCredentials().getToken(); }