Revert "ATLAS-3667 : Option to store Ldap/AD bind password in jceks keystore file"

This reverts commit 2a9b1ff1.

Revert "ATLAS-3667 : Option to store Ldap/AD bind password in jceks keystore file"
27dc446d · nixonrodrigues · 2a9b1ff1 · 27dc446d · 27dc446d
Commit 27dc446d authored Mar 24, 2020 by nixonrodrigues
Showing with 3 additions and 52 deletions

ApplicationProperties.java ...src/main/java/org/apache/atlas/ApplicationProperties.java +0 -29

CredentialProviderUtility.java ...java/org/apache/atlas/util/CredentialProviderUtility.java +3 -23

No files found.
--- a/intg/src/main/java/org/apache/atlas/ApplicationProperties.java
+++ b/intg/src/main/java/org/apache/atlas/ApplicationProperties.java
@@ -18,7 +18,6 @@
 package org.apache.atlas;
 import org.apache.atlas.security.InMemoryJAASConfiguration;
-import org.apache.atlas.security.SecurityUtil;
 import org.apache.commons.configuration.Configuration;
 import org.apache.commons.configuration.ConfigurationConverter;
 import org.apache.commons.configuration.ConfigurationException;
@@ -57,10 +56,6 @@ public final class ApplicationProperties extends PropertiesConfiguration {
    public static final String  STORAGE_BACKEND_HBASE           = "hbase";
    public static final String  STORAGE_BACKEND_HBASE2          = "hbase2";
    public static final String  INDEX_BACKEND_SOLR              = "solr";
-    public static final String  LDAP_TYPE                       =  "atlas.authentication.method.ldap.type";
-    public static final String  LDAP_AD_BIND_PASSWORD           =  "atlas.authentication.method.ldap.ad.bind.password";
-    public static final String  LDAP_BIND_PASSWORD              =  "atlas.authentication.method.ldap.bind.password";
-    public static final String  MASK_LDAP_PASSWORD              =  "*****";
    public static final String  DEFAULT_GRAPHDB_BACKEND         = GRAPHBD_BACKEND_JANUS;
    public static final boolean DEFAULT_SOLR_WAIT_SEARCHER      = true;
    public static final boolean DEFAULT_INDEX_MAP_NAME          = false;
@@ -140,8 +135,6 @@ public final class ApplicationProperties extends PropertiesConfiguration {
            appProperties.setDefaults();
-            setLdapPasswordFromKeystore(appProperties);
            Configuration configuration = appProperties.interpolatedConfiguration();
            logConfiguration(configuration);
@@ -276,28 +269,6 @@ public final class ApplicationProperties extends PropertiesConfiguration {
        return inStr;
    }
-    private static void setLdapPasswordFromKeystore(Configuration configuration) {
-        try {
-            if (configuration.getString(LDAP_TYPE).equalsIgnoreCase("ldap")) {
-                String maskPasssword = configuration.getString(LDAP_BIND_PASSWORD);
-                if (MASK_LDAP_PASSWORD.equals(maskPasssword)) {
-                    String password = SecurityUtil.getPassword(configuration, LDAP_BIND_PASSWORD);
-                    configuration.clearProperty(LDAP_BIND_PASSWORD);
-                    configuration.addProperty(LDAP_BIND_PASSWORD, password);
-                }
-            } else if (configuration.getString(LDAP_TYPE).equalsIgnoreCase("ad")) {
-                String maskPasssword = configuration.getString(LDAP_AD_BIND_PASSWORD);
-                if (MASK_LDAP_PASSWORD.equals(maskPasssword)) {
-                    String password = SecurityUtil.getPassword(configuration, LDAP_AD_BIND_PASSWORD);
-                    configuration.clearProperty(LDAP_AD_BIND_PASSWORD);
-                    configuration.addProperty(LDAP_AD_BIND_PASSWORD, password);
-                }
-            }
-        } catch (Exception e) {
-            LOG.info("Error in getting secure password : {} ", e);
-        }
-    }
    private void setDefaults() {
        AtlasRunMode runMode = AtlasRunMode.valueOf(getString(ATLAS_RUN_MODE, DEFAULT_ATLAS_RUN_MODE.name()));

--- a/webapp/src/main/java/org/apache/atlas/util/CredentialProviderUtility.java
+++ b/webapp/src/main/java/org/apache/atlas/util/CredentialProviderUtility.java
@@ -28,6 +28,7 @@ import org.apache.hadoop.security.alias.CredentialProviderFactory;
 import java.io.Console;
 import java.io.IOException;
 import java.util.Arrays;
 import static org.apache.atlas.security.SecurityProperties.KEYSTORE_PASSWORD_KEY;
 import static org.apache.atlas.security.SecurityProperties.SERVER_CERT_PASSWORD_KEY;
 import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY;
@@ -39,6 +40,7 @@ import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_K
 */
 public class CredentialProviderUtility {
    private static final String[] KEYS = new String[] { KEYSTORE_PASSWORD_KEY, TRUSTSTORE_PASSWORD_KEY, SERVER_CERT_PASSWORD_KEY };
    public static abstract class TextDevice {
        public abstract void printf(String fmt, Object... params);
@@ -73,17 +75,11 @@ public class CredentialProviderUtility {
        try {
            CommandLine cmd                    = new DefaultParser().parse(createOptions(), args);
            boolean     generatePasswordOption = cmd.hasOption("g");
-            String      key                    = cmd.getOptionValue("k");
-            char[]      cred                   = null;
-            String      providerPath           = cmd.getOptionValue("f");
-            if (cmd.hasOption("p")) {
-                cred = cmd.getOptionValue("p").toCharArray();
-            }
            if (generatePasswordOption) {
                String userName = cmd.getOptionValue("u");
                String password = cmd.getOptionValue("p");
                if (userName != null && password != null) {
                    String  encryptedPassword = UserDao.encrypt(password);
                    boolean silentOption      = cmd.hasOption("s");
@@ -99,20 +95,6 @@ public class CredentialProviderUtility {
                return;
            }
-            if (key != null && cred != null && providerPath != null) {
-                if (!StringUtils.isEmpty(String.valueOf(cred))) {
-                    Configuration conf = new Configuration(false);
-                    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerPath);
-                    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
-                    provider.createCredentialEntry(key, cred);
-                    provider.flush();
-                    System.out.println("Password is stored in Credential Provider");
-                } else {
-                    System.out.println("Please enter a valid password");
-                }
-                return;
-            }
        } catch (Exception e) {
            System.out.println("Exception while generatePassword  " + e.getMessage());
            return;
@@ -152,8 +134,6 @@ public class CredentialProviderUtility {
    private static Options createOptions() {
        Options options = new Options();
-        options.addOption("k", "ldapkey", true, "key");
-        options.addOption("f", "ldapPath", true, "path");
        options.addOption("g", "generatePassword", false, "Generate Password");
        options.addOption("s", "silent", false, "Silent");
        options.addOption("u", "username", true, "UserName");