public static KeystoreBuilder newStore() { return new KeystoreBuilder(); }
public CommonsHttpTransport(Settings settings, String host) { this(settings, new SecureSettings(settings), host); }
public void saveKeystore(OutputStream outputStream) throws EsHadoopSecurityException, IOException { try { keyStore.store(outputStream, protection.getPassword()); } catch (KeyStoreException e) { throw new EsHadoopSecurityException("Could not persist keystore", e); } catch (NoSuchAlgorithmException e) { throw new EsHadoopSecurityException("Could not persist keystore", e); } catch (CertificateException e) { throw new EsHadoopSecurityException("Could not persist keystore", e); } }
@Test public void testStoreLoad() throws Exception { KeystoreWrapper keystoreWrapper = KeystoreWrapper.newStore().build(); keystoreWrapper.setSecureSetting("key", "swordfish"); assertThat(keystoreWrapper.getSecureSetting("key"), is("swordfish")); ByteArrayOutputStream stream = new ByteArrayOutputStream(1024); keystoreWrapper.saveKeystore(stream); byte[] data = stream.toByteArray(); ByteArrayInputStream inputStream = new ByteArrayInputStream(data); KeystoreWrapper loaded = KeystoreWrapper.loadStore(inputStream).build(); assertThat(loaded.getSecureSetting("key"), is("swordfish")); } }
@Test public void testSetValue() throws Exception { KeystoreWrapper keystoreWrapper = KeystoreWrapper.newStore().build(); keystoreWrapper.setSecureSetting("key", "swordfish"); assertThat(keystoreWrapper.getSecureSetting("key"), is("swordfish")); }
@Test public void listKeystoreEmpty() throws Exception { BytesArray storeData = new BytesArray(128); KeystoreWrapper.newStore().build().saveKeystore(new FastByteArrayOutputStream(storeData)); TestPrompt console = new TestPrompt(); KeytoolHarness keytool = new KeytoolHarness(console, Keytool.Command.LIST, true, storeData); assertThat(keytool.run(null, false, false), equalTo(0)); assertThat(console.getOutput(), equalTo("")); assertThat(console.hasInputLeft(), is(false)); assertThat(keytool.ksExists(), is(true)); assertThat(keytool.fileBytes.length(), is(not(0))); }
@Test public void addExistingKeyCancel() throws Exception { BytesArray storeData = new BytesArray(128); KeystoreWrapper ks = KeystoreWrapper.newStore().build(); ks.setSecureSetting("test.password.1", "blah"); ks.saveKeystore(new FastByteArrayOutputStream(storeData)); TestPrompt console = new TestPrompt(); console.addInput("n"); KeytoolHarness keytool = new KeytoolHarness(console, Keytool.Command.ADD, true, storeData); assertThat(keytool.run("test.password.1", false, false), equalTo(0)); assertThat(console.getOutput(), equalTo("Exiting without modifying keystore\n")); assertThat(console.hasInputLeft(), is(false)); assertThat(keytool.ksExists(), is(true)); assertThat(keytool.fileBytes.length(), is(not(0))); }
@Test public void testEmptyKeystore() throws Exception { assertThat(KeystoreWrapper.newStore().build().getSecureSetting("anything"), is(nullValue())); }
public SecureSettings(Settings settings) { this.settings = settings; String keystoreLocation = settings.getProperty(ConfigurationOptions.ES_KEYSTORE_LOCATION); if (keystoreLocation != null) { KeystoreBuilder builder = KeystoreWrapper.loadStore(keystoreLocation); try { this.keystoreWrapper = builder.build(); } catch (EsHadoopSecurityException e) { throw new EsHadoopException("Could not load keystore", e); } catch (IOException e) { throw new EsHadoopException("Could not load keystore", e); } } else { this.keystoreWrapper = null; } }
public void saveKeystore(String path) throws EsHadoopSecurityException, IOException { OutputStream stream = null; try { stream = new FileOutputStream(new File(path)); saveKeystore(stream); } finally { if (stream != null) { stream.close(); } } }
/** * * @param key property name * @return secure property value or null */ public String getSecureProperty(String key) { String value = null; if (keystoreWrapper != null) { try { value = keystoreWrapper.getSecureSetting(key); } catch (EsHadoopSecurityException e) { throw new EsHadoopException("Could not read secure setting [" + key + "]", e); } } if (value == null) { value = settings.getProperty(key); } return value; } }
SSLSocketFactory(Settings settings, SecureSettings secureSettings) { sslProtocol = settings.getNetworkSSLProtocol(); keyStoreLocation = settings.getNetworkSSLKeyStoreLocation(); keyStorePass = secureSettings.getSecureProperty(ConfigurationOptions.ES_NET_SSL_KEYSTORE_PASS); keyStoreType = settings.getNetworkSSLKeyStoreType(); trustStoreLocation = settings.getNetworkSSLTrustStoreLocation(); trustStorePass = secureSettings.getSecureProperty(ConfigurationOptions.ES_NET_SSL_TRUST_STORE_PASS); trust = (settings.getNetworkSSLAcceptSelfSignedCert() ? new SelfSignedStrategy() : null); }
@Test public void addKey() throws Exception { BytesArray storeData = new BytesArray(128); KeystoreWrapper ks = KeystoreWrapper.newStore().build(); ks.saveKeystore(new FastByteArrayOutputStream(storeData)); TestPrompt console = new TestPrompt(); console.addInput("blahh"); KeytoolHarness keytool = new KeytoolHarness(console, Keytool.Command.ADD, true, storeData); assertThat(keytool.run("test.password.1", false, false), equalTo(0)); assertThat(console.getOutput(), equalTo("")); assertThat(console.hasInputLeft(), is(false)); assertThat(keytool.ksExists(), is(true)); assertThat(keytool.fileBytes.length(), is(not(0))); ks = KeystoreWrapper.loadStore(new FastByteArrayInputStream(keytool.fileBytes)).build(); assertThat(ks.getSecureSetting("test.password.1"), equalTo("blahh")); }
@Test public void removeMissingKey() throws Exception { BytesArray storeData = new BytesArray(128); KeystoreWrapper ks = KeystoreWrapper.newStore().build(); ks.saveKeystore(new FastByteArrayOutputStream(storeData)); TestPrompt console = new TestPrompt(); KeytoolHarness keytool = new KeytoolHarness(console, Keytool.Command.REMOVE, true, storeData); assertThat(keytool.run("test.password.1", false, false), equalTo(6)); assertThat(console.getOutput(), equalTo("ERROR: Setting [test.password.1] does not exist in the keystore.\n")); assertThat(console.hasInputLeft(), is(false)); assertThat(keytool.ksExists(), is(true)); assertThat(keytool.fileBytes.length(), is(not(0))); }
public void removeSecureSetting(String alias) throws EsHadoopSecurityException { try { keyStore.deleteEntry(alias); } catch (KeyStoreException e) { throw new EsHadoopSecurityException(String.format("Could not delete secret key (alias : [%s]) from keystore", alias), e); } }
public static KeystoreBuilder loadStore(String path) { return new KeystoreBuilder(path); }
public boolean containsEntry(String alias) throws EsHadoopSecurityException { try { return keyStore.containsAlias(alias); } catch (KeyStoreException e) { throw new EsHadoopSecurityException(String.format("Could not read existence of alias [%s]", alias), e); } }
public static KeystoreBuilder loadStore(InputStream stream) { return new KeystoreBuilder(stream); }
public List<String> listEntries() throws EsHadoopSecurityException { try { List<String> entries = new ArrayList<String>(keyStore.size()); Enumeration<String> aliases = keyStore.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); entries.add(alias); } return entries; } catch (KeyStoreException e) { throw new EsHadoopSecurityException("Could not read aliases from keystore", e); } }
public void setSecureSetting(String alias, String key) throws EsHadoopSecurityException { SecretKey spec = new SecretKeySpec(key.getBytes(), AES); KeyStore.SecretKeyEntry entry = new KeyStore.SecretKeyEntry(spec); try { keyStore.setEntry(alias, entry, protection); } catch (KeyStoreException e) { throw new EsHadoopSecurityException(String.format("Could not store secret key (alias : [%s]) in keystore", alias), e); } }