AMBARI-9014. Design admin principal session expiration handling API call (rlevas)

ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosAdminAuthenticationException.java

@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.serveraction.kerberos;
+
+/**
+ * KerberosAdminAuthenticationException is a KerberosOperationException thrown in the event a the
+ * administrative credentials failed to validate while authenticating with the KDC.
+ */
+public class KerberosAdminAuthenticationException extends KerberosOperationException {
+
+  /**
+   * Creates a new KerberosAdminAuthenticationException with a message
+   *
+   * @param message a String containing the message indicating the reason for this exception
+   */
+  public KerberosAdminAuthenticationException(String message) {
+    super(message);
+  }
+
+  /**
+   * Creates a new KerberosAdminAuthenticationException with a message and a cause
+   *
+   * @param message a String containing the message indicating the reason for this exception
+   * @param cause   a Throwable declaring the previously thrown Throwable that led to this exception
+   */
+  public KerberosAdminAuthenticationException(String message, Throwable cause) {
+    super(message, cause);
+  }
+}

ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosKDCConnectionException.java

@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.serveraction.kerberos;
+
+/**
+ * KerberosKDCConnectionException is a KerberosOperationException thrown in the event a connection
+ * to the KDC was not able to be made.
+ */
+public class KerberosKDCConnectionException extends KerberosOperationException {
+
+  /**
+   * Creates a new KerberosKDCConnectionException with a message
+   *
+   * @param message a String containing the message indicating the reason for this exception
+   */
+  public KerberosKDCConnectionException(String message) {
+    super(message);
+  }
+
+  /**
+   * Creates a new KerberosKDCConnectionException with a message and a cause
+   *
+   * @param message a String containing the message indicating the reason for this exception
+   * @param cause   a Throwable declaring the previously thrown Throwable that led to this exception
+   */
+  public KerberosKDCConnectionException(String message, Throwable cause) {
+    super(message, cause);
+  }
+}

ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosLDAPContainerException.java

@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.serveraction.kerberos;
+
+/**
+ * KerberosLDAPContainerException is a KerberosOperationException thrown in the event a connection
+ * to the KDC was not able to be made.
+ */
+public class KerberosLDAPContainerException extends KerberosOperationException {
+
+  /**
+   * Creates a new KerberosLDAPContainerException with a message
+   *
+   * @param message a String containing the message indicating the reason for this exception
+   */
+  public KerberosLDAPContainerException(String message) {
+    super(message);
+  }
+
+  /**
+   * Creates a new KerberosLDAPContainerException with a message and a cause
+   *
+   * @param message a String containing the message indicating the reason for this exception
+   * @param cause   a Throwable declaring the previously thrown Throwable that led to this exception
+   */
+  public KerberosLDAPContainerException(String message, Throwable cause) {
+    super(message, cause);
+  }
+}

ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationException.java

@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.serveraction.kerberos;
+
+/**
+ * KerberosOperationException is an Exception implementation that is thrown in the even an error
+ * occurs while executing a Kerberos-related operation.
+ * <p/>
+ * Classes may extend this class to specialize on specific Kerberos-related error conditions.
+ */
+public class KerberosOperationException extends Exception {
+
+  /**
+   * Creates a new KerberosOperationException with a message
+   *
+   * @param message a String containing the message indicating the reason for this exception
+   */
+  public KerberosOperationException(String message) {
+    super(message);
+  }
+
+  /**
+   * Creates a new KerberosOperationException with a message and a cause
+   *
+   * @param message a String containing the message indicating the reason for this exception
+   * @param cause   a Throwable declaring the previously thrown Throwable that led to this exception
+   */
+  public KerberosOperationException(String message, Throwable cause) {
+    super(message, cause);
+  }
+}

ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosRealmException.java

@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.serveraction.kerberos;
+
+/**
+ * KerberosRealmException is a KerberosOperationException thrown in the event a connection
+ * to the KDC was not able to be made due to an unexpected realm.
+ * <p/>
+ * This can happen, for example, if the krb5.conf file does not have an entry in it for the realm.
+ */
+public class KerberosRealmException extends KerberosOperationException {
+  /**
+   * Creates a new KerberosRealmException with a message
+   *
+   * @param message a String containing the message indicating the reason for this exception
+   */
+  public KerberosRealmException(String message) {
+    super(message);
+  }
+
+  /**
+   * Creates a new KerberosRealmException with a message and a cause
+   *
+   * @param message a String containing the message indicating the reason for this exception
+   * @param cause   a Throwable declaring the previously thrown Throwable that led to this exception
+   */
+  public KerberosRealmException(String message, Throwable cause) {
+    super(message, cause);
+  }
+}

ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/TrustingSSLSocketFactory.java

@@ -0,0 +1,100 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.serveraction.kerberos;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.SecureRandom;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+public class TrustingSSLSocketFactory extends SSLSocketFactory {
+  private SSLSocketFactory socketFactory;
+
+  public TrustingSSLSocketFactory() {
+    try {
+      SSLContext ctx = SSLContext.getInstance("TLS");
+      ctx.init(null, new TrustManager[]{new LenientTrustManager()}, new SecureRandom());
+      socketFactory = ctx.getSocketFactory();
+    } catch (Exception ex) {
+      ex.printStackTrace(System.err);  /* handle exception */
+    }
+  }
+
+  public static SocketFactory getDefault() {
+    return new TrustingSSLSocketFactory();
+  }
+
+  @Override
+  public String[] getDefaultCipherSuites() {
+    return socketFactory.getDefaultCipherSuites();
+  }
+
+  @Override
+  public String[] getSupportedCipherSuites() {
+    return socketFactory.getSupportedCipherSuites();
+  }
+
+  @Override
+  public Socket createSocket(Socket socket, String string, int i, boolean bln) throws IOException {
+    return socketFactory.createSocket(socket, string, i, bln);
+  }
+
+  @Override
+  public Socket createSocket(String string, int i) throws IOException, UnknownHostException {
+    return socketFactory.createSocket(string, i);
+  }
+
+  @Override
+  public Socket createSocket(String string, int i, InetAddress ia, int i1) throws IOException, UnknownHostException {
+    return socketFactory.createSocket(string, i, ia, i1);
+  }
+
+  @Override
+  public Socket createSocket(InetAddress ia, int i) throws IOException {
+    return socketFactory.createSocket(ia, i);
+  }
+
+  @Override
+  public Socket createSocket(InetAddress ia, int i, InetAddress ia1, int i1) throws IOException {
+    return socketFactory.createSocket(ia, i, ia1, i1);
+  }
+
+
+  public static class LenientTrustManager implements X509TrustManager {
+    public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
+      // do nothing
+    }
+
+    public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
+      // do nothing
+    }
+
+    public X509Certificate[] getAcceptedIssuers() {
+      return new java.security.cert.X509Certificate[0];
+    }
+  }
+}