solr/core/src/test/org/apache/solr/security/hadoop/KerberosUtils.java - lucene-solr - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.solr.security.hadoop;

 import java.io.File;
 import java.io.OutputStream;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;

 import org.apache.solr.cloud.KerberosTestServices;

 /**
  * A utility class which provides common functionality required to test kerberos integration.
  */
 public class KerberosUtils {
   /**
    * This method sets up Hadoop mini-kdc along with relevant Kerberos configuration files
    * (e.g. jaas.conf) as well as system properties.
    *
    * @param baseDir The directory path which should be used by the Hadoop mini-kdc
    * @return An instance of {@link KerberosTestServices}
    * @throws Exception in case of errors.
    */
   static KerberosTestServices setupMiniKdc(Path baseDir) throws Exception {
     System.setProperty("solr.jaas.debug", "true");
     Path kdcDir = baseDir.resolve("minikdc");
     String solrClientPrincipal = "solr";
     String solrAltClientPrincipal = "solr_alt"; // An alternate principal that can be handled differently by authz tests
     File keytabFile = kdcDir.resolve("keytabs").toFile();
     KerberosTestServices tmp = KerberosTestServices.builder()
             .withKdc(kdcDir.toFile())
             .withJaasConfiguration(solrClientPrincipal, keytabFile, "SolrClient")
             .build();
     String solrServerPrincipal = "HTTP/127.0.0.1";
     tmp.start();
     tmp.getKdc().createPrincipal(keytabFile, solrServerPrincipal, solrAltClientPrincipal, solrClientPrincipal);

     String appName = "SolrClient";
     String jaas = appName + " {\n"
             + " com.sun.security.auth.module.Krb5LoginModule required\n"
             + " useKeyTab=true\n"
             + " keyTab=\"" + keytabFile.getAbsolutePath() + "\"\n"
             + " storeKey=true\n"
             + " useTicketCache=false\n"
             + " doNotPrompt=true\n"
             + " debug=true\n"
             + " principal=\"" + solrClientPrincipal + "\";\n"
             + "};";

     Path jaasFile = kdcDir.resolve("jaas-client.conf");
     try (OutputStream os = Files.newOutputStream(jaasFile)) {
       os.write(jaas.getBytes(StandardCharsets.UTF_8));
     }
     System.setProperty("java.security.auth.login.config", jaasFile.toString());
     System.setProperty("solr.kerberos.jaas.appname", appName);

     System.setProperty("solr.kerberos.principal", solrServerPrincipal);
     System.setProperty("solr.kerberos.keytab", keytabFile.getAbsolutePath());
     // Extracts 127.0.0.1 from HTTP/127.0.0.1@EXAMPLE.COM
     System.setProperty("solr.kerberos.name.rules", "RULE:[1:$1@$0](.*EXAMPLE.COM)s/@.*//"
             + "\nRULE:[2:$2@$0](.*EXAMPLE.COM)s/@.*//"
             + "\nDEFAULT"
     );

     return tmp;
   }

   /**
    * This method stops the Hadoop mini-kdc instance as well as cleanup relevant Java system properties.
    *
    * @param kerberosTestServices An instance of Hadoop mini-kdc
    */
   public static void cleanupMiniKdc(KerberosTestServices kerberosTestServices) {
     System.clearProperty("java.security.auth.login.config");
     System.clearProperty("solr.kerberos.principal");
     System.clearProperty("solr.kerberos.keytab");
     System.clearProperty("solr.kerberos.name.rules");
     System.clearProperty("solr.jaas.debug");
     if (kerberosTestServices != null) {
       kerberosTestServices.stop();
     }
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.solr.security.hadoop;

	import java.io.File;
	import java.io.OutputStream;
	import java.nio.charset.StandardCharsets;
	import java.nio.file.Files;
	import java.nio.file.Path;

	import org.apache.solr.cloud.KerberosTestServices;

	/**
	* A utility class which provides common functionality required to test kerberos integration.
	*/
	public class KerberosUtils {
	/**
	* This method sets up Hadoop mini-kdc along with relevant Kerberos configuration files
	* (e.g. jaas.conf) as well as system properties.
	*
	* @param baseDir The directory path which should be used by the Hadoop mini-kdc
	* @return An instance of {@link KerberosTestServices}
	* @throws Exception in case of errors.
	*/
	static KerberosTestServices setupMiniKdc(Path baseDir) throws Exception {
	System.setProperty("solr.jaas.debug", "true");
	Path kdcDir = baseDir.resolve("minikdc");
	String solrClientPrincipal = "solr";
	String solrAltClientPrincipal = "solr_alt"; // An alternate principal that can be handled differently by authz tests
	File keytabFile = kdcDir.resolve("keytabs").toFile();
	KerberosTestServices tmp = KerberosTestServices.builder()
	.withKdc(kdcDir.toFile())
	.withJaasConfiguration(solrClientPrincipal, keytabFile, "SolrClient")
	.build();
	String solrServerPrincipal = "HTTP/127.0.0.1";
	tmp.start();
	tmp.getKdc().createPrincipal(keytabFile, solrServerPrincipal, solrAltClientPrincipal, solrClientPrincipal);

	String appName = "SolrClient";
	String jaas = appName + " {\n"
	+ " com.sun.security.auth.module.Krb5LoginModule required\n"
	+ " useKeyTab=true\n"
	+ " keyTab=\"" + keytabFile.getAbsolutePath() + "\"\n"
	+ " storeKey=true\n"
	+ " useTicketCache=false\n"
	+ " doNotPrompt=true\n"
	+ " debug=true\n"
	+ " principal=\"" + solrClientPrincipal + "\";\n"
	+ "};";

	Path jaasFile = kdcDir.resolve("jaas-client.conf");
	try (OutputStream os = Files.newOutputStream(jaasFile)) {
	os.write(jaas.getBytes(StandardCharsets.UTF_8));
	}
	System.setProperty("java.security.auth.login.config", jaasFile.toString());
	System.setProperty("solr.kerberos.jaas.appname", appName);

	System.setProperty("solr.kerberos.principal", solrServerPrincipal);
	System.setProperty("solr.kerberos.keytab", keytabFile.getAbsolutePath());
	// Extracts 127.0.0.1 from HTTP/127.0.0.1@EXAMPLE.COM
	System.setProperty("solr.kerberos.name.rules", "RULE:[1:$1@$0](.EXAMPLE.COM)s/@.//"
	+ "\nRULE:[2:$2@$0](.EXAMPLE.COM)s/@.//"
	+ "\nDEFAULT"
	);

	return tmp;
	}

	/**
	* This method stops the Hadoop mini-kdc instance as well as cleanup relevant Java system properties.
	*
	* @param kerberosTestServices An instance of Hadoop mini-kdc
	*/
	public static void cleanupMiniKdc(KerberosTestServices kerberosTestServices) {
	System.clearProperty("java.security.auth.login.config");
	System.clearProperty("solr.kerberos.principal");
	System.clearProperty("solr.kerberos.keytab");
	System.clearProperty("solr.kerberos.name.rules");
	System.clearProperty("solr.jaas.debug");
	if (kerberosTestServices != null) {
	kerberosTestServices.stop();
	}
	}
	}