http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessor.java deleted file mode 100644 index c42233a..0000000 --- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessor.java +++ /dev/null @@ -1,86 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.securequery; - -import org.apache.commons.codec.binary.Base64; -import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteEnvironment; -import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteContext; -import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor; -import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepStatus; -import org.apache.hadoop.gateway.util.urltemplate.Builder; -import org.apache.hadoop.gateway.util.urltemplate.Query; -import org.apache.hadoop.gateway.util.urltemplate.Template; - -import java.io.UnsupportedEncodingException; -import java.util.Map; -import java.util.StringTokenizer; - -public class SecureQueryDecodeProcessor implements UrlRewriteStepProcessor<SecureQueryDecodeDescriptor> { - - private static final String ENCODED_PARAMETER_NAME = "_"; - - @Override - public String getType() { - return SecureQueryDecodeDescriptor.STEP_NAME; - } - - @Override - public void initialize( UrlRewriteEnvironment environment, SecureQueryDecodeDescriptor descriptor ) throws Exception { - } - - @Override - public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception { - //TODO: Need some way to get a reference to the keystore service and the encryption key in particular. - Template currUrl = context.getCurrentUrl(); - Builder newUrl = new Builder( currUrl ); - Map<String,Query> map = newUrl.getQuery(); - Query query = map.remove( ENCODED_PARAMETER_NAME ); - if( query != null ) { - String value = query.getFirstValue().getPattern(); - value = decode( value ); - StringTokenizer outerParser = new StringTokenizer( value, "&" ); - while( outerParser.hasMoreTokens() ) { - String pair = outerParser.nextToken(); - StringTokenizer innerParser = new StringTokenizer( pair, "=" ); - if( innerParser.hasMoreTokens() ) { - String paramName = innerParser.nextToken(); - if( innerParser.hasMoreTokens() ) { - String paramValue = innerParser.nextToken(); - // Need to take out any existing query param. - // If we don't then someone could override something in the encoded param. - map.remove( paramName ); - newUrl.addQuery( paramName, "", paramValue, true ); - } else { - newUrl.addQuery( paramName, "", null, true ); - } - } - } - context.setCurrentUrl( newUrl.build() ); - } - return UrlRewriteStepStatus.SUCCESS; - } - - @Override - public void destroy() { - } - - private static String decode( String string ) throws UnsupportedEncodingException { - return new String( Base64.decodeBase64( string ), "UTF-8" ); - } - -}
http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptDescriptor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptDescriptor.java deleted file mode 100644 index 8db2070..0000000 --- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptDescriptor.java +++ /dev/null @@ -1,38 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.securequery; - -import org.apache.hadoop.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor; -import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase; - -public class SecureQueryDecryptDescriptor - extends UrlRewriteActionDescriptorBase - implements UrlRewriteActionDescriptor { - - static final String STEP_NAME = "decrypt-query"; - - public SecureQueryDecryptDescriptor() { - super( STEP_NAME ); - } - - @Override - public String getParam() { - return null; - } - -} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptProcessor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptProcessor.java deleted file mode 100644 index 0687cb4..0000000 --- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDecryptProcessor.java +++ /dev/null @@ -1,119 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.securequery; - -import org.apache.commons.codec.binary.Base64; -import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteEnvironment; -import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteContext; -import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor; -import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepStatus; -import org.apache.hadoop.gateway.services.GatewayServices; -import org.apache.hadoop.gateway.services.security.CryptoService; -import org.apache.hadoop.gateway.services.security.EncryptionResult; -import org.apache.hadoop.gateway.util.urltemplate.Builder; -import org.apache.hadoop.gateway.util.urltemplate.Query; -import org.apache.hadoop.gateway.util.urltemplate.Template; - -import java.io.UnsupportedEncodingException; -import java.util.Map; -import java.util.StringTokenizer; - -public class SecureQueryDecryptProcessor implements UrlRewriteStepProcessor<SecureQueryDecryptDescriptor> { - - private static final String ENCRYPTED_PARAMETER_NAME = "_"; - - private String clusterName; - private CryptoService cryptoService; - - @Override - public String getType() { - return SecureQueryDecryptDescriptor.STEP_NAME; - } - - @Override - public void initialize( UrlRewriteEnvironment environment, SecureQueryDecryptDescriptor descriptor ) throws Exception { - clusterName = environment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE ); - GatewayServices services = environment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE); - cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE); - } - - @Override - public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception { - //TODO: Need some way to get a reference to the keystore service and the encryption key in particular. - Template currUrl = context.getCurrentUrl(); - Builder newUrl = new Builder( currUrl ); - Map<String,Query> map = newUrl.getQuery(); - Query query = map.remove( ENCRYPTED_PARAMETER_NAME ); - UrlRewriteStepStatus status = UrlRewriteStepStatus.FAILURE; - status = getUrlRewriteStepStatus(context, newUrl, map, query, status); - return status; - } - - private UrlRewriteStepStatus getUrlRewriteStepStatus(UrlRewriteContext context, Builder newUrl, Map<String, Query> map, Query query, UrlRewriteStepStatus status) throws UnsupportedEncodingException { - if( query != null ) { - String value = query.getFirstValue().getPattern(); - value = decode( value ); - status = getUrlRewriteStepStatus(context, newUrl, map, status, value); - } - return status; - } - - private UrlRewriteStepStatus getUrlRewriteStepStatus(UrlRewriteContext context, Builder newUrl, Map<String, Query> map, UrlRewriteStepStatus status, String value) { - if( value != null ) { - StringTokenizer outerParser = new StringTokenizer( value, "&" ); - while( outerParser.hasMoreTokens() ) { - String pair = outerParser.nextToken(); - StringTokenizer innerParser = new StringTokenizer( pair, "=" ); - if( innerParser.hasMoreTokens() ) { - String paramName = innerParser.nextToken(); - if( innerParser.hasMoreTokens() ) { - String paramValue = innerParser.nextToken(); - // Need to remove from the clear parameters any param name in the encoded params. - // If we don't then someone could override something in the encoded param. - map.remove( paramName ); - newUrl.addQuery( paramName, "", paramValue, true ); - } else { - newUrl.addQuery( paramName, "", null, true ); - } - } - } - context.setCurrentUrl( newUrl.build() ); - context.getParameters().resolve( "gateway.name" ); - status = UrlRewriteStepStatus.SUCCESS; - } - return status; - } - - @Override - public void destroy() { - } - - String decode( String string ) throws UnsupportedEncodingException { - byte[] bytes = Base64.decodeBase64( string ); - EncryptionResult result = EncryptionResult.fromByteArray(bytes); - byte[] clear = cryptoService.decryptForCluster(clusterName, - "encryptQueryString", - result.cipher, - result.iv, - result.salt); - if (clear != null) { - return new String(clear); - } - return null; - } -} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDeploymentContributor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDeploymentContributor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDeploymentContributor.java deleted file mode 100644 index 33a0c85..0000000 --- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryDeploymentContributor.java +++ /dev/null @@ -1,113 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.securequery; - -import org.apache.hadoop.gateway.deploy.DeploymentContext; -import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor; -import org.apache.hadoop.gateway.deploy.ProviderDeploymentContributorBase; -import org.apache.hadoop.gateway.descriptor.FilterParamDescriptor; -import org.apache.hadoop.gateway.descriptor.ResourceDescriptor; -import org.apache.hadoop.gateway.i18n.messages.MessagesFactory; -import org.apache.hadoop.gateway.services.security.AliasService; -import org.apache.hadoop.gateway.services.security.AliasServiceException; -import org.apache.hadoop.gateway.topology.Provider; -import org.apache.hadoop.gateway.topology.Service; - -import java.util.List; - -public class SecureQueryDeploymentContributor - extends ProviderDeploymentContributorBase - implements ProviderDeploymentContributor { - - private static SecureQueryMessages log = MessagesFactory.get( SecureQueryMessages.class ); - public static final String PROVIDER_ROLE_NAME = "secure-query"; - public static final String PROVIDER_IMPL_NAME = "default"; - private AliasService as; - - @Override - public String getRole() { - return PROVIDER_ROLE_NAME; - } - - @Override - public String getName() { - return PROVIDER_IMPL_NAME; - } - - public void setAliasService(AliasService as) { - this.as = as; - } - - @Override - public void initializeContribution(DeploymentContext context) { - super.initializeContribution(context); - - String clusterName = context.getTopology().getName(); - - // we don't want to overwrite an existing alias from a previous topology deployment - // so we can't just blindly generateAlias here. - // this version of getPassword will generate a value for it only if missing - try { - this.as.getPasswordFromAliasForCluster(clusterName, "encryptQueryString", true); - } catch (AliasServiceException e) { - log.unableCreatePasswordForEncryption(e); - } - } - - @Override - public void contributeProvider( DeploymentContext context, Provider provider ) { - if( provider.isEnabled() ) { -// UrlRewriteRulesDescriptor rules = context.getDescriptor( REWRITE_ROLE_NAME ); -// if( rules != null ) { -// HostmapFunctionDescriptor func = rules.addFunction( HostmapFunctionDescriptor.FUNCTION_NAME ); -// if( func != null ) { -// Asset asset = createAsset( provider ); -// context.getWebArchive().addAsWebInfResource( -// asset, HostmapFunctionProcessor.DESCRIPTOR_DEFAULT_FILE_NAME ); -// func.config( HostmapFunctionProcessor.DESCRIPTOR_DEFAULT_LOCATION ); -// } -// } - } - } - -// private Asset createAsset( Provider provider ) { -// StringWriter buffer = new StringWriter(); -// PrintWriter writer = new PrintWriter( buffer ); -// for( Map.Entry<String,String> entry : provider.getParams().entrySet() ) { -// String externalHosts = entry.getKey(); -// String internalHosts = entry.getValue(); -// writer.print( externalHosts ); -// writer.print( "=" ); -// writer.println( internalHosts ) ; -// } -// writer.close(); -// String string = buffer.toString(); -// Asset asset = new StringAsset( string ); -// return asset; -// } - - @Override - public void contributeFilter( - DeploymentContext context, - Provider provider, - Service service, - ResourceDescriptor resource, - List<FilterParamDescriptor> params ) { - } - -} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeDescriptor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeDescriptor.java deleted file mode 100644 index a29be4e..0000000 --- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeDescriptor.java +++ /dev/null @@ -1,38 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.securequery; - -import org.apache.hadoop.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor; -import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase; - -public class SecureQueryEncodeDescriptor - extends UrlRewriteActionDescriptorBase - implements UrlRewriteActionDescriptor { - - static final String STEP_NAME = "encode-query"; - - public SecureQueryEncodeDescriptor() { - super( STEP_NAME ); - } - - @Override - public String getParam() { - return null; - } - -} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeProcessor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeProcessor.java deleted file mode 100644 index 0b32c05..0000000 --- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncodeProcessor.java +++ /dev/null @@ -1,77 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.securequery; - -import org.apache.commons.codec.binary.Base64; -import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteEnvironment; -import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteContext; -import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor; -import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepStatus; -import org.apache.hadoop.gateway.util.urltemplate.Parser; -import org.apache.hadoop.gateway.util.urltemplate.Template; - -public class SecureQueryEncodeProcessor - implements UrlRewriteStepProcessor<SecureQueryEncodeDescriptor> { - - private static final String ENCODED_PARAMETER_NAME = "_"; - - @Override - public String getType() { - return SecureQueryEncodeDescriptor.STEP_NAME; - } - - @Override - public void initialize( UrlRewriteEnvironment environment, SecureQueryEncodeDescriptor descriptor ) throws Exception { - } - - @Override - public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception { - //TODO: Need some way to get a reference to the keystore service and the encryption key in particular. - Template url = context.getCurrentUrl(); - String str = url.toString(); - String path = str; - String query = null; - int index = str.indexOf( '?' ); - if( index >= 0 ) { - path = str.substring( 0, index ); - if( index < str.length() ) { - query = str.substring( index + 1 ); - } - } - if( query != null ) { - query = Base64.encodeBase64String( query.getBytes( "UTF-8" ) ); - query = removeTrailingEquals( query ); - url = Parser.parseLiteral( path + "?" + ENCODED_PARAMETER_NAME +"=" + query ); - context.setCurrentUrl( url ); - } - return UrlRewriteStepStatus.SUCCESS; - } - - @Override - public void destroy() { - } - - private static String removeTrailingEquals( String s ) { - int i = s.length()-1; - while( i > 0 && s.charAt( i ) == '=' ) { - i--; - } - return s.substring( 0, i+1 ); - } - -} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptDescriptor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptDescriptor.java deleted file mode 100644 index 9f3d7b9..0000000 --- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptDescriptor.java +++ /dev/null @@ -1,38 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.securequery; - -import org.apache.hadoop.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor; -import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase; - -public class SecureQueryEncryptDescriptor - extends UrlRewriteActionDescriptorBase - implements UrlRewriteActionDescriptor { - - static final String STEP_NAME = "encrypt-query"; - - public SecureQueryEncryptDescriptor() { - super( STEP_NAME ); - } - - @Override - public String getParam() { - return null; - } - -} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptProcessor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptProcessor.java deleted file mode 100644 index fe587ba..0000000 --- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryEncryptProcessor.java +++ /dev/null @@ -1,84 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.securequery; - -import org.apache.commons.codec.binary.Base64; -import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteEnvironment; -import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteContext; -import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor; -import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepStatus; -import org.apache.hadoop.gateway.services.GatewayServices; -import org.apache.hadoop.gateway.services.security.CryptoService; -import org.apache.hadoop.gateway.services.security.EncryptionResult; -import org.apache.hadoop.gateway.util.urltemplate.Parser; -import org.apache.hadoop.gateway.util.urltemplate.Template; - -import java.io.UnsupportedEncodingException; - -public class SecureQueryEncryptProcessor - implements UrlRewriteStepProcessor<SecureQueryEncryptDescriptor> { - - private static final String ENCRYPTED_PARAMETER_NAME = "_"; - - private String clusterName; - private CryptoService cryptoService = null; - - @Override - public String getType() { - return SecureQueryEncryptDescriptor.STEP_NAME; - } - - @Override - public void initialize( UrlRewriteEnvironment environment, SecureQueryEncryptDescriptor descriptor ) throws Exception { - clusterName = environment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE ); - GatewayServices services = environment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE); - cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE); - } - - @Override - public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception { - //TODO: Need some way to get a reference to the keystore service and the encryption key in particular. - Template url = context.getCurrentUrl(); - String str = url.toString(); - String path = str; - String query = null; - int index = str.indexOf( '?' ); - if( index >= 0 ) { - path = str.substring( 0, index ); - if( index < str.length() ) { - query = str.substring( index + 1 ); - } - } - if( query != null ) { - query = encode( query ); - url = Parser.parseLiteral( path + "?" + ENCRYPTED_PARAMETER_NAME +"=" + query ); - context.setCurrentUrl( url ); - } - return UrlRewriteStepStatus.SUCCESS; - } - - @Override - public void destroy() { - } - - private String encode( String string ) throws UnsupportedEncodingException { - EncryptionResult result = cryptoService.encryptForCluster(clusterName, "encryptQueryString", string.getBytes("UTF-8")); - string = Base64.encodeBase64URLSafeString(result.toByteAray()); - return string; - } -} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryMessages.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryMessages.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryMessages.java deleted file mode 100644 index 27cadaa..0000000 --- a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/hadoop/gateway/securequery/SecureQueryMessages.java +++ /dev/null @@ -1,31 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.securequery; - -import org.apache.hadoop.gateway.i18n.messages.Message; -import org.apache.hadoop.gateway.i18n.messages.MessageLevel; -import org.apache.hadoop.gateway.i18n.messages.Messages; -import org.apache.hadoop.gateway.i18n.messages.StackTrace; - -@Messages(logger="org.apache.hadoop.gateway.securequery") -public interface SecureQueryMessages { - - @Message( level = MessageLevel.ERROR, text = "Failed to create or verify the presence of a password for query string encryption: {0}" ) - void unableCreatePasswordForEncryption(@StackTrace( level = MessageLevel.DEBUG ) Exception e); - -} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeDescriptor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeDescriptor.java new file mode 100644 index 0000000..069dc65 --- /dev/null +++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeDescriptor.java @@ -0,0 +1,38 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway.securequery; + +import org.apache.knox.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor; +import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase; + +public class SecureQueryDecodeDescriptor + extends UrlRewriteActionDescriptorBase + implements UrlRewriteActionDescriptor { + + static final String STEP_NAME = "decode-query"; + + public SecureQueryDecodeDescriptor() { + super( STEP_NAME ); + } + + @Override + public String getParam() { + return null; + } + +} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeProcessor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeProcessor.java new file mode 100644 index 0000000..c007021 --- /dev/null +++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecodeProcessor.java @@ -0,0 +1,87 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway.securequery; + +import org.apache.commons.codec.binary.Base64; +import org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment; +import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext; +import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor; +import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepStatus; +import org.apache.knox.gateway.util.urltemplate.Builder; +import org.apache.knox.gateway.util.urltemplate.Query; +import org.apache.knox.gateway.util.urltemplate.Template; + +import java.io.UnsupportedEncodingException; +import java.util.Map; +import java.util.StringTokenizer; + +public class SecureQueryDecodeProcessor implements + UrlRewriteStepProcessor<SecureQueryDecodeDescriptor> { + + private static final String ENCODED_PARAMETER_NAME = "_"; + + @Override + public String getType() { + return SecureQueryDecodeDescriptor.STEP_NAME; + } + + @Override + public void initialize( UrlRewriteEnvironment environment, SecureQueryDecodeDescriptor descriptor ) throws Exception { + } + + @Override + public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception { + //TODO: Need some way to get a reference to the keystore service and the encryption key in particular. + Template currUrl = context.getCurrentUrl(); + Builder newUrl = new Builder( currUrl ); + Map<String,Query> map = newUrl.getQuery(); + Query query = map.remove( ENCODED_PARAMETER_NAME ); + if( query != null ) { + String value = query.getFirstValue().getPattern(); + value = decode( value ); + StringTokenizer outerParser = new StringTokenizer( value, "&" ); + while( outerParser.hasMoreTokens() ) { + String pair = outerParser.nextToken(); + StringTokenizer innerParser = new StringTokenizer( pair, "=" ); + if( innerParser.hasMoreTokens() ) { + String paramName = innerParser.nextToken(); + if( innerParser.hasMoreTokens() ) { + String paramValue = innerParser.nextToken(); + // Need to take out any existing query param. + // If we don't then someone could override something in the encoded param. + map.remove( paramName ); + newUrl.addQuery( paramName, "", paramValue, true ); + } else { + newUrl.addQuery( paramName, "", null, true ); + } + } + } + context.setCurrentUrl( newUrl.build() ); + } + return UrlRewriteStepStatus.SUCCESS; + } + + @Override + public void destroy() { + } + + private static String decode( String string ) throws UnsupportedEncodingException { + return new String( Base64.decodeBase64( string ), "UTF-8" ); + } + +} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptDescriptor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptDescriptor.java new file mode 100644 index 0000000..f463fec --- /dev/null +++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptDescriptor.java @@ -0,0 +1,38 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway.securequery; + +import org.apache.knox.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor; +import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase; + +public class SecureQueryDecryptDescriptor + extends UrlRewriteActionDescriptorBase + implements UrlRewriteActionDescriptor { + + static final String STEP_NAME = "decrypt-query"; + + public SecureQueryDecryptDescriptor() { + super( STEP_NAME ); + } + + @Override + public String getParam() { + return null; + } + +} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptProcessor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptProcessor.java new file mode 100644 index 0000000..3cccc4d --- /dev/null +++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDecryptProcessor.java @@ -0,0 +1,120 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway.securequery; + +import org.apache.commons.codec.binary.Base64; +import org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment; +import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext; +import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor; +import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepStatus; +import org.apache.knox.gateway.services.GatewayServices; +import org.apache.knox.gateway.services.security.CryptoService; +import org.apache.knox.gateway.services.security.EncryptionResult; +import org.apache.knox.gateway.util.urltemplate.Builder; +import org.apache.knox.gateway.util.urltemplate.Query; +import org.apache.knox.gateway.util.urltemplate.Template; + +import java.io.UnsupportedEncodingException; +import java.util.Map; +import java.util.StringTokenizer; + +public class SecureQueryDecryptProcessor implements + UrlRewriteStepProcessor<SecureQueryDecryptDescriptor> { + + private static final String ENCRYPTED_PARAMETER_NAME = "_"; + + private String clusterName; + private CryptoService cryptoService; + + @Override + public String getType() { + return SecureQueryDecryptDescriptor.STEP_NAME; + } + + @Override + public void initialize( UrlRewriteEnvironment environment, SecureQueryDecryptDescriptor descriptor ) throws Exception { + clusterName = environment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE ); + GatewayServices services = environment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE); + cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE); + } + + @Override + public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception { + //TODO: Need some way to get a reference to the keystore service and the encryption key in particular. + Template currUrl = context.getCurrentUrl(); + Builder newUrl = new Builder( currUrl ); + Map<String,Query> map = newUrl.getQuery(); + Query query = map.remove( ENCRYPTED_PARAMETER_NAME ); + UrlRewriteStepStatus status = UrlRewriteStepStatus.FAILURE; + status = getUrlRewriteStepStatus(context, newUrl, map, query, status); + return status; + } + + private UrlRewriteStepStatus getUrlRewriteStepStatus(UrlRewriteContext context, Builder newUrl, Map<String, Query> map, Query query, UrlRewriteStepStatus status) throws UnsupportedEncodingException { + if( query != null ) { + String value = query.getFirstValue().getPattern(); + value = decode( value ); + status = getUrlRewriteStepStatus(context, newUrl, map, status, value); + } + return status; + } + + private UrlRewriteStepStatus getUrlRewriteStepStatus(UrlRewriteContext context, Builder newUrl, Map<String, Query> map, UrlRewriteStepStatus status, String value) { + if( value != null ) { + StringTokenizer outerParser = new StringTokenizer( value, "&" ); + while( outerParser.hasMoreTokens() ) { + String pair = outerParser.nextToken(); + StringTokenizer innerParser = new StringTokenizer( pair, "=" ); + if( innerParser.hasMoreTokens() ) { + String paramName = innerParser.nextToken(); + if( innerParser.hasMoreTokens() ) { + String paramValue = innerParser.nextToken(); + // Need to remove from the clear parameters any param name in the encoded params. + // If we don't then someone could override something in the encoded param. + map.remove( paramName ); + newUrl.addQuery( paramName, "", paramValue, true ); + } else { + newUrl.addQuery( paramName, "", null, true ); + } + } + } + context.setCurrentUrl( newUrl.build() ); + context.getParameters().resolve( "gateway.name" ); + status = UrlRewriteStepStatus.SUCCESS; + } + return status; + } + + @Override + public void destroy() { + } + + String decode( String string ) throws UnsupportedEncodingException { + byte[] bytes = Base64.decodeBase64( string ); + EncryptionResult result = EncryptionResult.fromByteArray(bytes); + byte[] clear = cryptoService.decryptForCluster(clusterName, + "encryptQueryString", + result.cipher, + result.iv, + result.salt); + if (clear != null) { + return new String(clear); + } + return null; + } +} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDeploymentContributor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDeploymentContributor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDeploymentContributor.java new file mode 100644 index 0000000..dead39f --- /dev/null +++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryDeploymentContributor.java @@ -0,0 +1,113 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway.securequery; + +import org.apache.knox.gateway.deploy.DeploymentContext; +import org.apache.knox.gateway.deploy.ProviderDeploymentContributor; +import org.apache.knox.gateway.deploy.ProviderDeploymentContributorBase; +import org.apache.knox.gateway.descriptor.FilterParamDescriptor; +import org.apache.knox.gateway.descriptor.ResourceDescriptor; +import org.apache.knox.gateway.i18n.messages.MessagesFactory; +import org.apache.knox.gateway.services.security.AliasService; +import org.apache.knox.gateway.services.security.AliasServiceException; +import org.apache.knox.gateway.topology.Provider; +import org.apache.knox.gateway.topology.Service; + +import java.util.List; + +public class SecureQueryDeploymentContributor + extends ProviderDeploymentContributorBase + implements ProviderDeploymentContributor { + + private static SecureQueryMessages log = MessagesFactory.get( SecureQueryMessages.class ); + public static final String PROVIDER_ROLE_NAME = "secure-query"; + public static final String PROVIDER_IMPL_NAME = "default"; + private AliasService as; + + @Override + public String getRole() { + return PROVIDER_ROLE_NAME; + } + + @Override + public String getName() { + return PROVIDER_IMPL_NAME; + } + + public void setAliasService(AliasService as) { + this.as = as; + } + + @Override + public void initializeContribution(DeploymentContext context) { + super.initializeContribution(context); + + String clusterName = context.getTopology().getName(); + + // we don't want to overwrite an existing alias from a previous topology deployment + // so we can't just blindly generateAlias here. + // this version of getPassword will generate a value for it only if missing + try { + this.as.getPasswordFromAliasForCluster(clusterName, "encryptQueryString", true); + } catch (AliasServiceException e) { + log.unableCreatePasswordForEncryption(e); + } + } + + @Override + public void contributeProvider( DeploymentContext context, Provider provider ) { + if( provider.isEnabled() ) { +// UrlRewriteRulesDescriptor rules = context.getDescriptor( REWRITE_ROLE_NAME ); +// if( rules != null ) { +// HostmapFunctionDescriptor func = rules.addFunction( HostmapFunctionDescriptor.FUNCTION_NAME ); +// if( func != null ) { +// Asset asset = createAsset( provider ); +// context.getWebArchive().addAsWebInfResource( +// asset, HostmapFunctionProcessor.DESCRIPTOR_DEFAULT_FILE_NAME ); +// func.config( HostmapFunctionProcessor.DESCRIPTOR_DEFAULT_LOCATION ); +// } +// } + } + } + +// private Asset createAsset( Provider provider ) { +// StringWriter buffer = new StringWriter(); +// PrintWriter writer = new PrintWriter( buffer ); +// for( Map.Entry<String,String> entry : provider.getParams().entrySet() ) { +// String externalHosts = entry.getKey(); +// String internalHosts = entry.getValue(); +// writer.print( externalHosts ); +// writer.print( "=" ); +// writer.println( internalHosts ) ; +// } +// writer.close(); +// String string = buffer.toString(); +// Asset asset = new StringAsset( string ); +// return asset; +// } + + @Override + public void contributeFilter( + DeploymentContext context, + Provider provider, + Service service, + ResourceDescriptor resource, + List<FilterParamDescriptor> params ) { + } + +} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeDescriptor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeDescriptor.java new file mode 100644 index 0000000..45f3ddc --- /dev/null +++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeDescriptor.java @@ -0,0 +1,38 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway.securequery; + +import org.apache.knox.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor; +import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase; + +public class SecureQueryEncodeDescriptor + extends UrlRewriteActionDescriptorBase + implements UrlRewriteActionDescriptor { + + static final String STEP_NAME = "encode-query"; + + public SecureQueryEncodeDescriptor() { + super( STEP_NAME ); + } + + @Override + public String getParam() { + return null; + } + +} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeProcessor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeProcessor.java new file mode 100644 index 0000000..b3aeb24 --- /dev/null +++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncodeProcessor.java @@ -0,0 +1,77 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway.securequery; + +import org.apache.commons.codec.binary.Base64; +import org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment; +import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext; +import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor; +import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepStatus; +import org.apache.knox.gateway.util.urltemplate.Parser; +import org.apache.knox.gateway.util.urltemplate.Template; + +public class SecureQueryEncodeProcessor + implements UrlRewriteStepProcessor<SecureQueryEncodeDescriptor> { + + private static final String ENCODED_PARAMETER_NAME = "_"; + + @Override + public String getType() { + return SecureQueryEncodeDescriptor.STEP_NAME; + } + + @Override + public void initialize( UrlRewriteEnvironment environment, SecureQueryEncodeDescriptor descriptor ) throws Exception { + } + + @Override + public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception { + //TODO: Need some way to get a reference to the keystore service and the encryption key in particular. + Template url = context.getCurrentUrl(); + String str = url.toString(); + String path = str; + String query = null; + int index = str.indexOf( '?' ); + if( index >= 0 ) { + path = str.substring( 0, index ); + if( index < str.length() ) { + query = str.substring( index + 1 ); + } + } + if( query != null ) { + query = Base64.encodeBase64String( query.getBytes( "UTF-8" ) ); + query = removeTrailingEquals( query ); + url = Parser.parseLiteral( path + "?" + ENCODED_PARAMETER_NAME +"=" + query ); + context.setCurrentUrl( url ); + } + return UrlRewriteStepStatus.SUCCESS; + } + + @Override + public void destroy() { + } + + private static String removeTrailingEquals( String s ) { + int i = s.length()-1; + while( i > 0 && s.charAt( i ) == '=' ) { + i--; + } + return s.substring( 0, i+1 ); + } + +} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptDescriptor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptDescriptor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptDescriptor.java new file mode 100644 index 0000000..23b79cf --- /dev/null +++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptDescriptor.java @@ -0,0 +1,38 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway.securequery; + +import org.apache.knox.gateway.filter.rewrite.ext.UrlRewriteActionDescriptor; +import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteActionDescriptorBase; + +public class SecureQueryEncryptDescriptor + extends UrlRewriteActionDescriptorBase + implements UrlRewriteActionDescriptor { + + static final String STEP_NAME = "encrypt-query"; + + public SecureQueryEncryptDescriptor() { + super( STEP_NAME ); + } + + @Override + public String getParam() { + return null; + } + +} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptProcessor.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptProcessor.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptProcessor.java new file mode 100644 index 0000000..5e44d20 --- /dev/null +++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryEncryptProcessor.java @@ -0,0 +1,84 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway.securequery; + +import org.apache.commons.codec.binary.Base64; +import org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment; +import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext; +import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor; +import org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepStatus; +import org.apache.knox.gateway.services.GatewayServices; +import org.apache.knox.gateway.services.security.CryptoService; +import org.apache.knox.gateway.services.security.EncryptionResult; +import org.apache.knox.gateway.util.urltemplate.Parser; +import org.apache.knox.gateway.util.urltemplate.Template; + +import java.io.UnsupportedEncodingException; + +public class SecureQueryEncryptProcessor + implements UrlRewriteStepProcessor<SecureQueryEncryptDescriptor> { + + private static final String ENCRYPTED_PARAMETER_NAME = "_"; + + private String clusterName; + private CryptoService cryptoService = null; + + @Override + public String getType() { + return SecureQueryEncryptDescriptor.STEP_NAME; + } + + @Override + public void initialize( UrlRewriteEnvironment environment, SecureQueryEncryptDescriptor descriptor ) throws Exception { + clusterName = environment.getAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE ); + GatewayServices services = environment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE); + cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE); + } + + @Override + public UrlRewriteStepStatus process( UrlRewriteContext context ) throws Exception { + //TODO: Need some way to get a reference to the keystore service and the encryption key in particular. + Template url = context.getCurrentUrl(); + String str = url.toString(); + String path = str; + String query = null; + int index = str.indexOf( '?' ); + if( index >= 0 ) { + path = str.substring( 0, index ); + if( index < str.length() ) { + query = str.substring( index + 1 ); + } + } + if( query != null ) { + query = encode( query ); + url = Parser.parseLiteral( path + "?" + ENCRYPTED_PARAMETER_NAME +"=" + query ); + context.setCurrentUrl( url ); + } + return UrlRewriteStepStatus.SUCCESS; + } + + @Override + public void destroy() { + } + + private String encode( String string ) throws UnsupportedEncodingException { + EncryptionResult result = cryptoService.encryptForCluster(clusterName, "encryptQueryString", string.getBytes("UTF-8")); + string = Base64.encodeBase64URLSafeString(result.toByteAray()); + return string; + } +} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryMessages.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryMessages.java b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryMessages.java new file mode 100644 index 0000000..62f0e9f --- /dev/null +++ b/gateway-provider-rewrite-step-secure-query/src/main/java/org/apache/knox/gateway/securequery/SecureQueryMessages.java @@ -0,0 +1,31 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.knox.gateway.securequery; + +import org.apache.knox.gateway.i18n.messages.Message; +import org.apache.knox.gateway.i18n.messages.MessageLevel; +import org.apache.knox.gateway.i18n.messages.Messages; +import org.apache.knox.gateway.i18n.messages.StackTrace; + +@Messages(logger="org.apache.hadoop.gateway.securequery") +public interface SecureQueryMessages { + + @Message( level = MessageLevel.ERROR, text = "Failed to create or verify the presence of a password for query string encryption: {0}" ) + void unableCreatePasswordForEncryption(@StackTrace( level = MessageLevel.DEBUG ) Exception e); + +} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor deleted file mode 100644 index 14ed327..0000000 --- a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.deploy.ProviderDeploymentContributor +++ /dev/null @@ -1,19 +0,0 @@ -########################################################################## -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -########################################################################## - -org.apache.hadoop.gateway.securequery.SecureQueryDeploymentContributor \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteStepDescriptor ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteStepDescriptor b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteStepDescriptor deleted file mode 100644 index c5f9376..0000000 --- a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteStepDescriptor +++ /dev/null @@ -1,22 +0,0 @@ -########################################################################## -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -########################################################################## - -org.apache.hadoop.gateway.securequery.SecureQueryEncodeDescriptor -org.apache.hadoop.gateway.securequery.SecureQueryDecodeDescriptor -org.apache.hadoop.gateway.securequery.SecureQueryEncryptDescriptor -org.apache.hadoop.gateway.securequery.SecureQueryDecryptDescriptor http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor deleted file mode 100644 index f216d77..0000000 --- a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteStepProcessor +++ /dev/null @@ -1,22 +0,0 @@ -########################################################################## -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -########################################################################## - -org.apache.hadoop.gateway.securequery.SecureQueryEncodeProcessor -org.apache.hadoop.gateway.securequery.SecureQueryDecodeProcessor -org.apache.hadoop.gateway.securequery.SecureQueryEncryptProcessor -org.apache.hadoop.gateway.securequery.SecureQueryDecryptProcessor http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor new file mode 100644 index 0000000..45705ad --- /dev/null +++ b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.deploy.ProviderDeploymentContributor @@ -0,0 +1,19 @@ +########################################################################## +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +########################################################################## + +org.apache.knox.gateway.securequery.SecureQueryDeploymentContributor \ No newline at end of file http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.api.UrlRewriteStepDescriptor ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.api.UrlRewriteStepDescriptor b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.api.UrlRewriteStepDescriptor new file mode 100644 index 0000000..4e7c21f --- /dev/null +++ b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.api.UrlRewriteStepDescriptor @@ -0,0 +1,22 @@ +########################################################################## +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +########################################################################## + +org.apache.knox.gateway.securequery.SecureQueryEncodeDescriptor +org.apache.knox.gateway.securequery.SecureQueryDecodeDescriptor +org.apache.knox.gateway.securequery.SecureQueryEncryptDescriptor +org.apache.knox.gateway.securequery.SecureQueryDecryptDescriptor http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor new file mode 100644 index 0000000..27f5951 --- /dev/null +++ b/gateway-provider-rewrite-step-secure-query/src/main/resources/META-INF/services/org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepProcessor @@ -0,0 +1,22 @@ +########################################################################## +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +########################################################################## + +org.apache.knox.gateway.securequery.SecureQueryEncodeProcessor +org.apache.knox.gateway.securequery.SecureQueryDecodeProcessor +org.apache.knox.gateway.securequery.SecureQueryEncryptProcessor +org.apache.knox.gateway.securequery.SecureQueryDecryptProcessor http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeDescriptorTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeDescriptorTest.java b/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeDescriptorTest.java deleted file mode 100644 index cb496e8..0000000 --- a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeDescriptorTest.java +++ /dev/null @@ -1,35 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.securequery; - -import org.junit.Test; - -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.hamcrest.MatcherAssert.assertThat; - -public class SecureQueryDecodeDescriptorTest { - - @Test - public void testGetAndSet() { - SecureQueryDecodeDescriptor descriptor = new SecureQueryDecodeDescriptor(); - assertThat( descriptor.type(), is( "decode-query" ) ); - assertThat( descriptor.getParam(), nullValue() ); - } - -} http://git-wip-us.apache.org/repos/asf/knox/blob/af9b0c3d/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessorTest.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessorTest.java b/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessorTest.java deleted file mode 100644 index b6a7c5c..0000000 --- a/gateway-provider-rewrite-step-secure-query/src/test/java/org/apache/hadoop/gateway/securequery/SecureQueryDecodeProcessorTest.java +++ /dev/null @@ -1,125 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.hadoop.gateway.securequery; - -import org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteEnvironment; -import org.apache.hadoop.gateway.filter.rewrite.spi.UrlRewriteContext; -import org.apache.hadoop.gateway.util.urltemplate.Parser; -import org.apache.hadoop.gateway.util.urltemplate.Template; -import org.easymock.Capture; -import org.easymock.EasyMock; -import org.junit.Test; -import sun.misc.BASE64Encoder; - -import java.io.IOException; -import java.net.URL; -import java.util.List; - -import static org.hamcrest.CoreMatchers.containsString; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.not; -import static org.hamcrest.MatcherAssert.assertThat; - -public class SecureQueryDecodeProcessorTest { - - @Test - public void testSimpleQueryDecode() throws Exception { - UrlRewriteEnvironment environment = new UrlRewriteEnvironment() { - @Override - public URL getResource( String name ) throws IOException { - return null; - } - - @Override - public <T> T getAttribute( String name ) { - return null; - } - - @Override - public List<String> resolve( String name ) { - return null; - } - }; - - BASE64Encoder encoder = new BASE64Encoder(); - String encQuery = encoder.encode( "test-query".getBytes("utf-8" ) ); - encQuery = encQuery.replaceAll( "\\=", "" ); - String inString = "http://host:0/root/path?_=" + encQuery; - Template inTemplate = Parser.parseLiteral( inString ); - - UrlRewriteContext context = EasyMock.createNiceMock( UrlRewriteContext.class ); - EasyMock.expect( context.getCurrentUrl() ).andReturn( inTemplate ); - Capture<Template> outTemplate = new Capture<Template>(); - context.setCurrentUrl( EasyMock.capture( outTemplate ) ); - EasyMock.replay( context ); - - SecureQueryDecodeDescriptor descriptor = new SecureQueryDecodeDescriptor(); - SecureQueryDecodeProcessor processor = new SecureQueryDecodeProcessor(); - processor.initialize( environment, descriptor ); - processor.process( context ); - - String outActual = outTemplate.getValue().toString(); - assertThat( outActual, is( "http://host:0/root/path?test-query" ) ); - } - - @Test - public void testDecodeQueryWithNonEncodedParams() throws Exception { - UrlRewriteEnvironment environment = new UrlRewriteEnvironment() { - @Override - public URL getResource( String name ) throws IOException { - return null; - } - - @Override - public <T> T getAttribute( String name ) { - return null; - } - - @Override - public List<String> resolve( String name ) { - return null; - } - }; - - BASE64Encoder encoder = new BASE64Encoder(); - String inQuery = "test-query=test-value"; - String encQuery = encoder.encode( inQuery.getBytes( "utf-8" ) ); - encQuery = encQuery.replaceAll( "\\=", "" ); - String inString = "http://host:0/root/path?_=" + encQuery + "&clear-param=clear-value"; - Template inTemplate = Parser.parseLiteral( inString ); - - UrlRewriteContext context = EasyMock.createNiceMock( UrlRewriteContext.class ); - EasyMock.expect( context.getCurrentUrl() ).andReturn( inTemplate ); - Capture<Template> outTemplate = new Capture<Template>(); - context.setCurrentUrl( EasyMock.capture( outTemplate ) ); - EasyMock.replay( context ); - - SecureQueryDecodeDescriptor descriptor = new SecureQueryDecodeDescriptor(); - SecureQueryDecodeProcessor processor = new SecureQueryDecodeProcessor(); - processor.initialize( environment, descriptor ); - processor.process( context ); - - String outActual = outTemplate.getValue().toString(); - assertThat( outActual, containsString( "http://host:0/root/path?" ) ); - assertThat( outActual, containsString( "test-query=test-value" ) ); - assertThat( outActual, containsString( "clear-param=clear-value" ) ); - assertThat( outActual, not( containsString( encQuery ) ) ); - } - - -}