/** * Create warning message related to initial password, if appropriate. * * ACCUMULO-2907 Remove unnecessary security warning from console message unless its actually * appropriate. The warning message should only be displayed when the value of * <code>instance.security.authenticator</code> differs between the SiteConfiguration and the * DefaultConfiguration values. * * @return String containing warning portion of console message. */ private String getInitialPasswordWarning(SiteConfiguration siteConfig) { String optionalWarning; Property authenticatorProperty = Property.INSTANCE_SECURITY_AUTHENTICATOR; if (siteConfig.get(authenticatorProperty).equals(authenticatorProperty.getDefaultValue())) optionalWarning = ": "; else optionalWarning = " (this may not be applicable for your security setup): "; return optionalWarning; }
/** * Create a Volume with the given FileSystem that writes to the default path * * @param fs * A FileSystem to write to * @return A Volume instance writing to the given FileSystem in the default path */ @SuppressWarnings("deprecation") public static <T extends FileSystem> Volume create(T fs, AccumuloConfiguration acuconf) { String dfsDir = acuconf.get(Property.INSTANCE_DFS_DIR); return new VolumeImpl(fs, dfsDir == null ? Property.INSTANCE_DFS_DIR.getDefaultValue() : dfsDir); }
Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION.getDefaultValue())) {
private ClientProperty(Property prop) { this(prop.getKey(), prop.getDefaultValue(), prop.getType(), prop.getDescription()); }
if (port != 0) { if (port < 1024 || port > 65535) { log.error("Invalid port number {}; Using default {}", port, property.getDefaultValue()); ports[0] = Integer.parseInt(property.getDefaultValue()); } else { ports[0] = port;
private String getRootUserName(SiteConfiguration siteConfig, Opts opts) throws IOException { final String keytab = siteConfig.get(Property.GENERAL_KERBEROS_KEYTAB); if (keytab.equals(Property.GENERAL_KERBEROS_KEYTAB.getDefaultValue()) || !siteConfig.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) { return DEFAULT_ROOT_USER; } ConsoleReader c = getConsoleReader(); c.println("Running against secured HDFS"); if (opts.rootUser != null) { return opts.rootUser; } do { String user = c.readLine("Principal (user) to grant administrative privileges to : "); if (user == null) { // should not happen System.exit(1); } if (!user.isEmpty()) { return user; } } while (true); }
if (!Property.MONITOR_SSL_KEYPASS.getDefaultValue().equals(keyPass)) { sslContextFactory.setKeyManagerPassword(keyPass); if (!Property.MONITOR_SSL_INCLUDE_CIPHERS.getDefaultValue().equals(includedCiphers)) { sslContextFactory.setIncludeCipherSuites(StringUtils.split(includedCiphers, ',')); if (!Property.MONITOR_SSL_EXCLUDE_CIPHERS.getDefaultValue().equals(excludedCiphers)) { sslContextFactory.setExcludeCipherSuites(StringUtils.split(excludedCiphers, ','));
@Override public AppenderSkeleton apply(MonitorLocation loc) { int defaultPort = Integer.parseUnsignedInt(Property.MONITOR_LOG4J_PORT.getDefaultValue()); HostAndPort remote = HostAndPort.fromString(loc.getLocation()); SocketAppender socketAppender = new SocketAppender(); socketAppender.setApplication(System.getProperty("accumulo.application", "unknown")); socketAppender.setRemoteHost(remote.getHost()); socketAppender.setPort(remote.getPortOrDefault(defaultPort)); return socketAppender; } }
return false; if (sconf.get(Property.INSTANCE_SECRET).equals(Property.INSTANCE_SECRET.getDefaultValue())) { ConsoleReader c = getConsoleReader(); c.beep();
try { final boolean isDefaultTokenType = conf.get(Property.TRACE_TOKEN_TYPE) .equals(Property.TRACE_TOKEN_TYPE.getDefaultValue()); String principal = conf.get(Property.TRACE_USER); if (conf.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) {
@SuppressWarnings("deprecation") private String getFullPathToKey(CryptoModuleParameters params) { String pathToKeyName = params.getAllOptions() .get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_KEY_LOCATION.getKey()); String instanceDirectory = params.getAllOptions().get(Property.INSTANCE_DFS_DIR.getKey()); if (pathToKeyName == null) { pathToKeyName = Property.CRYPTO_DEFAULT_KEY_STRATEGY_KEY_LOCATION.getDefaultValue(); } if (instanceDirectory == null) { instanceDirectory = Property.INSTANCE_DFS_DIR.getDefaultValue(); } if (!pathToKeyName.startsWith("/")) { pathToKeyName = "/" + pathToKeyName; } String fullPath = instanceDirectory + pathToKeyName; return fullPath; }
@SuppressWarnings("deprecation") private String getFullPathToKey(CryptoModuleParameters params) { String pathToKeyName = params.getAllOptions() .get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_KEY_LOCATION.getKey()); String instanceDirectory = params.getAllOptions().get(Property.INSTANCE_DFS_DIR.getKey()); if (pathToKeyName == null) { pathToKeyName = Property.CRYPTO_DEFAULT_KEY_STRATEGY_KEY_LOCATION.getDefaultValue(); } if (instanceDirectory == null) { instanceDirectory = Property.INSTANCE_DFS_DIR.getDefaultValue(); } if (!pathToKeyName.startsWith("/")) { pathToKeyName = "/" + pathToKeyName; } String fullPath = instanceDirectory + pathToKeyName; return fullPath; }
/** * Create a Volume with the given FileSystem that writes to the default path * * @param fs * A FileSystem to write to * @return A Volume instance writing to the given FileSystem in the default path */ @SuppressWarnings("deprecation") public static <T extends FileSystem> Volume create(T fs, AccumuloConfiguration acuconf) { String dfsDir = acuconf.get(Property.INSTANCE_DFS_DIR); return new VolumeImpl(fs, null == dfsDir ? Property.INSTANCE_DFS_DIR.getDefaultValue() : dfsDir); }
public synchronized void ensureSecretKeyCacheInitialized(CryptoModuleParameters context) throws IOException { if (initialized) { return; } // First identify if the KEK already exists pathToKeyName = getFullPathToKey(context); if (pathToKeyName == null || pathToKeyName.equals("")) { pathToKeyName = Property.CRYPTO_DEFAULT_KEY_STRATEGY_KEY_LOCATION.getDefaultValue(); } // TODO ACCUMULO-2530 Ensure volumes a properly supported Path pathToKey = new Path(pathToKeyName); FileSystem fs = FileSystem.get(CachedConfiguration.getInstance()); DataInputStream in = null; try { if (!fs.exists(pathToKey)) { initializeKeyEncryptionKey(fs, pathToKey, context); } in = fs.open(pathToKey); int keyEncryptionKeyLength = in.readInt(); keyEncryptionKey = new byte[keyEncryptionKeyLength]; in.readFully(keyEncryptionKey); initialized = true; } catch (IOException e) { log.error("Could not initialize key encryption cache", e); } finally { IOUtils.closeQuietly(in); } }
@SuppressWarnings("deprecation") @Override public CryptoModuleParameters decryptSecretKey(CryptoModuleParameters params) { String hdfsURI = params.getAllOptions().get(Property.INSTANCE_DFS_URI.getKey()); if (hdfsURI == null) { hdfsURI = Property.INSTANCE_DFS_URI.getDefaultValue(); } String pathToKeyName = getFullPathToKey(params); Path pathToKey = new Path(pathToKeyName); try { // TODO ACCUMULO-2530 Ensure volumes a properly supported FileSystem fs = FileSystem.get(CachedConfiguration.getInstance()); doKeyEncryptionOperation(Cipher.UNWRAP_MODE, params, pathToKeyName, pathToKey, fs); } catch (IOException e) { log.error("{}", e.getMessage(), e); throw new RuntimeException(e); } return params; }
@SuppressWarnings("deprecation") @Override public CryptoModuleParameters encryptSecretKey(CryptoModuleParameters params) { String hdfsURI = params.getAllOptions().get(Property.INSTANCE_DFS_URI.getKey()); if (hdfsURI == null) { hdfsURI = Property.INSTANCE_DFS_URI.getDefaultValue(); } String fullPath = getFullPathToKey(params); Path pathToKey = new Path(fullPath); try { // TODO ACCUMULO-2530 Ensure volumes a properly supported FileSystem fs = FileSystem.get(CachedConfiguration.getInstance()); doKeyEncryptionOperation(Cipher.WRAP_MODE, params, fullPath, pathToKey, fs); } catch (IOException e) { log.error("{}", e.getMessage(), e); throw new RuntimeException(e); } return params; }
private ClientProperty(Property prop) { this(prop.getKey(), prop.getDefaultValue(), prop.getType(), prop.getDescription()); accumuloProperty = prop; }
@SuppressWarnings("deprecation") public UserImpersonation(AccumuloConfiguration conf) { proxyUsers = new HashMap<>(); // Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION is treated as the "new config style" // switch final String userConfig = conf.get(Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION); if (!Property.INSTANCE_RPC_SASL_ALLOWED_USER_IMPERSONATION.getDefaultValue() .equals(userConfig)) { String hostConfig = conf.get(Property.INSTANCE_RPC_SASL_ALLOWED_HOST_IMPERSONATION); parseOnelineConfiguration(userConfig, hostConfig); } else { // Otherwise, assume the old-style parseMultiPropertyConfiguration( conf.getAllPropertiesWithPrefix(Property.INSTANCE_RPC_SASL_PROXYUSERS)); } }
protected void configureForSsl(MiniAccumuloConfigImpl cfg, File folder) { Map<String,String> siteConfig = cfg.getSiteConfig(); if (TRUE.equals(siteConfig.get(Property.INSTANCE_RPC_SSL_ENABLED.getKey()))) { // already enabled; don't mess with it return; } File sslDir = new File(folder, "ssl"); assertTrue(sslDir.mkdirs() || sslDir.isDirectory()); File rootKeystoreFile = new File(sslDir, "root-" + cfg.getInstanceName() + ".jks"); File localKeystoreFile = new File(sslDir, "local-" + cfg.getInstanceName() + ".jks"); File publicTruststoreFile = new File(sslDir, "public-" + cfg.getInstanceName() + ".jks"); final String rootKeystorePassword = "root_keystore_password", truststorePassword = "truststore_password"; try { new CertUtils(Property.RPC_SSL_KEYSTORE_TYPE.getDefaultValue(), "o=Apache Accumulo,cn=MiniAccumuloCluster", "RSA", 2048, "sha1WithRSAEncryption") .createAll(rootKeystoreFile, localKeystoreFile, publicTruststoreFile, cfg.getInstanceName(), rootKeystorePassword, cfg.getRootPassword(), truststorePassword); } catch (Exception e) { throw new RuntimeException("error creating MAC keystore", e); } siteConfig.put(Property.INSTANCE_RPC_SSL_ENABLED.getKey(), "true"); siteConfig.put(Property.RPC_SSL_KEYSTORE_PATH.getKey(), localKeystoreFile.getAbsolutePath()); siteConfig.put(Property.RPC_SSL_KEYSTORE_PASSWORD.getKey(), cfg.getRootPassword()); siteConfig.put(Property.RPC_SSL_TRUSTSTORE_PATH.getKey(), publicTruststoreFile.getAbsolutePath()); siteConfig.put(Property.RPC_SSL_TRUSTSTORE_PASSWORD.getKey(), truststorePassword); cfg.setSiteConfig(siteConfig); }
private String getRootUserName(Opts opts) throws IOException { AccumuloConfiguration conf = SiteConfiguration.getInstance(); final String keytab = conf.get(Property.GENERAL_KERBEROS_KEYTAB); if (keytab.equals(Property.GENERAL_KERBEROS_KEYTAB.getDefaultValue()) || !conf.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) { return DEFAULT_ROOT_USER; } ConsoleReader c = getConsoleReader(); c.println("Running against secured HDFS"); if (null != opts.rootUser) { return opts.rootUser; } do { String user = c.readLine("Principal (user) to grant administrative privileges to : "); if (user == null) { // should not happen System.exit(1); } if (!user.isEmpty()) { return user; } } while (true); }