/** * Returns the hdfs username for the user in this project * <p> * @param project * @param user * @return */ public String getHdfsUserName(Project project, Users user) { if (project == null || user == null) { return null; } return project.getName() + USER_NAME_DELIMITER + user.getUsername(); }
@TransactionAttribute(TransactionAttributeType.REQUIRES_NEW) public void deleteUserSpecificCertificates(Project project, Users user) throws CAException, IOException { String hdfsUsername = project.getName() + HdfsUsersController .USER_NAME_DELIMITER + user.getUsername(); ReentrantLock lock = certificatesMgmService.getOpensslLock(); try { lock.lock(); // Ordering here is important // *First* revoke and *then* delete the certificate opensslOperations.revokeCertificate(hdfsUsername, CertificateType.PROJECT_USER, true, false); opensslOperations.deleteUserCertificate(hdfsUsername); } finally { lock.unlock(); } certsFacade.removeUserProjectCerts(project.getName(), user.getUsername()); }
public CertPwDTO getProjectSpecificCertPw(Users user, String projectName, String keyStore) throws Exception { //Compare the sent certificate with the one in the database String keypw = HopsUtils.decrypt(user.getPassword(), userCertsFacade.findUserCert(projectName, user.getUsername()). getUserKeyPwd(), certificatesMgmService.getMasterEncryptionPassword()); String projectUser = projectName + HdfsUsersController.USER_NAME_DELIMITER + user.getUsername(); validateCert(Base64.decodeBase64(keyStore), keypw.toCharArray(), projectUser, true); CertPwDTO respDTO = new CertPwDTO(); respDTO.setKeyPw(keypw); respDTO.setTrustPw(keypw); return respDTO; }
@Override public SparkJob run() throws Exception { return new SparkJob(job, submitter, user, settings.getHadoopSymbolicLinkDir(), job.getProject().getName() + "__" + user.getUsername(), jobsMonitor, settings); } });
public String getKafkaCertPaths(Project project) { UserCerts userCert = userCerts.findUserCert(project.getName(), project. getOwner().getUsername()); //Check if the user certificate was actually retrieved if (userCert.getUserCert() != null && userCert.getUserCert().length > 0 && userCert.getUserKey() != null && userCert.getUserKey().length > 0) { File certDir = new File(settings.getHopsworksTrueTempCertDir() + "/" + project.getName()); if (!certDir.exists()) { try { certDir.mkdirs(); } catch (Exception ex) { } } try { FileOutputStream fos; fos = new FileOutputStream(certDir.getAbsolutePath() + "/keystore.jks"); fos.write(userCert.getUserKey()); fos.close(); fos = new FileOutputStream(certDir.getAbsolutePath() + "/truststore.jks"); fos.write(userCert.getUserCert()); fos.close(); } catch (Exception e) { } return certDir.getAbsolutePath(); } else { return null; } }
/** * Validates the provided password against the configured one * @param providedPassword Password to validate * @param userRequestedEmail User requested the password check * @throws IOException * @throws EncryptionMasterPasswordException */ @Lock(LockType.READ) @AccessTimeout(value = 3, unit = TimeUnit.SECONDS) public void checkPassword(String providedPassword, String userRequestedEmail) throws IOException, EncryptionMasterPasswordException { String sha = DigestUtils.sha256Hex(providedPassword); if (!getMasterEncryptionPassword().equals(sha)) { Users user = userFacade.findByEmail(userRequestedEmail); String logMsg = "*** Attempt to change master encryption password with wrong credentials"; if (user != null) { LOG.log(Level.INFO, logMsg + " by user <" + user.getUsername() + ">"); } else { LOG.log(Level.INFO, logMsg); } throw new EncryptionMasterPasswordException("Provided password is incorrect"); } }
HopsUtils.copyProjectUserCerts(project, user.getUsername(), settings.getHopsworksTmpCertDir(), null, certificateMaterializer, settings.getHopsRpcTls()); props.setProperty(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, settings.getHopsworksTmpCertDir() + File.separator + HopsUtils.getProjectTruststoreName(project.getName(), user.getUsername())); props.setProperty(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, certPassword); props.setProperty(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, settings.getHopsworksTmpCertDir() + File.separator + HopsUtils.getProjectKeystoreName(project.getName(), user.getUsername())); props.setProperty(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, certPassword); props.setProperty(SslConfigs.SSL_KEY_PASSWORD_CONFIG, certPassword); certificateMaterializer.removeCertificatesLocal(user.getUsername(), project.getName());
+ selectedUser.getUsername(); for (ProjectTeam p : project.getProjectTeamCollection()) { Users selectedUser = p.getUser(); String principalName = selectedProjectName + PROJECT_DELIMITER + selectedUser.getUsername(); TopicAcls topicAcl = getTopicAcl(topicName, principalName, permission_type, operation_type, host, role);
/** * Sends new activation key to the given user. * * @param user * @param req * @throws MessagingException */ public void sendNewValidationKey(Users user, HttpServletRequest req) throws MessagingException { if (user == null) { throw new IllegalArgumentException("User not set."); } String activationKey = SecurityUtils.getRandomPassword(RANDOM_PWD_LEN); emailBean.sendEmail(user.getEmail(), Message.RecipientType.TO, UserAccountsEmailMessages.ACCOUNT_REQUEST_SUBJECT, UserAccountsEmailMessages.buildMobileRequestMessageRest(settings.getVerificationEndpoint(), user.getUsername() + activationKey)); user.setValidationKey(activationKey); userFacade.update(user); }
+ jobs.getProject().getOwner().getUsername() + "__kstore.jks"; String t_certName = jobs.getProject().getName() + "__" + jobs.getProject().getOwner().getUsername() + "__tstore.jks"; File k_cert = new File(glassfishDomainDir + "/domain1/config/"
public void stopJob(Jobs job, Users user, String appid, String sessionId) throws IllegalStateException, IOException, NullPointerException, IllegalArgumentException { //First: some parameter checking. if (job == null) { throw new NullPointerException("Cannot stop a null job."); } else if (user == null) { throw new NullPointerException("Cannot stop a job as a null user."); } else if (job.getJobType() != JobType.FLINK) { throw new IllegalArgumentException( "Job configuration is not a Flink job configuration."); } else if (!isFlinkJarAvailable()) { throw new IllegalStateException("Flink is not installed on this system."); } FlinkJob flinkJob = new FlinkJob(job, submitter, user, settings.getHadoopSymbolicLinkDir(), settings.getFlinkDir(), settings.getFlinkConfDir(), settings.getFlinkConfFile(), settings.getFlinkUser(), job.getProject().getName() + "__" + user.getUsername(), settings.getHopsworksDomainDir(), jobsMonitor, settings, sessionId); submitter.stopExecution(flinkJob, appid); }
certificateMaterializer.forceRemoveLocalMaterial(user.getUsername(), project.getName(), null, true); if (settings.isPythonKernelEnabled()) { jupyterProcessFacade.removePythonKernelsForProject(project.getName());
kafkaController.removeProjectMemberFromTopics(project, userToBeRemoved); } catch (Exception ex) { String errorMsg = "Error while removing Kafka ACL for user " + userToBeRemoved.getUsername() + " from project " + project.getName(); LOGGER.log(Level.SEVERE, errorMsg, ex); ActivityFacade.FLAG_PROJECT, user, project); certificateMaterializer.forceRemoveLocalMaterial(userToBeRemoved.getUsername(), project.getName(), null, false); certificatesController.deleteUserSpecificCertificates(project, userToBeRemoved);
@TransactionAttribute(TransactionAttributeType.REQUIRES_NEW) public void deleteProjectCertificates(Project project) throws CAException, IOException { String projectName = project.getName(); ReentrantLock lock = certificatesMgmService.getOpensslLock(); try { lock.lock(); // Iterate through Project members and delete their certificates for (ProjectTeam team : project.getProjectTeamCollection()) { String certificateIdentifier = projectName + HdfsUsersController.USER_NAME_DELIMITER + team.getUser() .getUsername(); // Ordering here is important // *First* revoke and *then* delete the certificate opensslOperations.revokeCertificate(certificateIdentifier, CertificateType.PROJECT_USER, false, false); opensslOperations.deleteUserCertificate(certificateIdentifier); } opensslOperations.revokeCertificate(project.getProjectGenericUser(), CertificateType.PROJECT_USER, false, false); opensslOperations.deleteProjectCertificate(projectName); } finally { opensslOperations.createCRL(PKI.CAType.INTERMEDIATE); lock.unlock(); } // Remove project generic certificates used by Spark interpreter in // Zeppelin. User specific certificates are removed by the foreign key // constraint in the DB certsFacade.removeProjectGenericCertificates(project.getProjectGenericUser()); }
user.getUsername(), user.getAddress().getCountry(), user.getAddress().getCity(), userKeyPwd); LOG.log(Level.FINE, "Created project specific certificates for user: " + project.getName() + "__" + user.getUsername()); } finally { lock.unlock(); certsFacade.putUserCerts(project.getName(), user.getUsername(), encryptedKey); return new AsyncResult<>( new CertsResult(project.getName(), user.getUsername()));
monitor = runner.startAppMaster(services.getYarnClientService(), hdfsUser.getUserName(), jobs.getProject(), dfso, user.getUsername()); execution = services.getExecutionFacade().updateFilesToRemove(execution, runner.getFilesToRemove()); execution = services.getExecutionFacade().updateAppId(execution, monitor.getApplicationId().toString());
} catch (IOException | InterruptedException | ExecutionException | CAException e) { String failedUser = project.getName() + HdfsUsersController.USER_NAME_DELIMITER + newMember. getUsername(); LOGGER.log(Level.SEVERE, "Could not delete user certificates for user " + failedUser + ". Manual cleanup is needed!!! ", e);
try { for (Project project : projects) { UserCerts userCert = userCertsFacade.findUserCert(project.getName(), p.getUsername()); String masterEncryptionPassword = certificatesMgmService.getMasterEncryptionPassword(); String certPassword = HopsUtils.decrypt(oldPass, userCert.getUserKeyPwd(), masterEncryptionPassword);
UserAccountsEmailMessages.buildMobileRequestMessage(FormatUtils.getUserURL(req), user.getUsername() + user. getValidationKey()));
public UserDTO(Users user) { this.username = user.getUsername(); this.email = user.getEmail(); this.firstName = user.getFname(); this.lastName = user.getLname(); this.telephoneNum = user.getMobile(); if (user.getOrganization() != null) { this.orgName = user.getOrganization().getOrgName(); this.dep = user.getOrganization().getDepartment(); } if (user.getAddress() != null) { this.street = user.getAddress().getAddress2(); this.city = user.getAddress().getCity(); this.postCode = user.getAddress().getPostalcode(); this.country = user.getAddress().getCountry(); } this.maxNumProjects = user.getMaxNumProjects(); this.numCreatedProjects = user.getNumCreatedProjects(); this.twoFactor = user.getTwoFactor(); this.toursState = user.getToursState(); this.userAccountType = user.getMode().toString(); this.numActiveProjects = user.getNumActiveProjects(); numRemainingProjects = maxNumProjects-numCreatedProjects; }