Skip to content
Permalink
Browse files
encrypt doris password (#41)
  • Loading branch information
liruixl committed Apr 12, 2022
1 parent 533b267 commit 3b32660f4f53fb06ddcd50f3f8b36db687c61592
Showing 11 changed files with 47 additions and 23 deletions.
@@ -59,6 +59,7 @@
import org.apache.doris.stack.service.BaseService;
import org.apache.doris.stack.service.config.ConfigConstant;
import org.apache.doris.stack.service.construct.MetadataService;
import org.apache.doris.stack.util.CredsUtil;
import org.apache.doris.stack.util.ListUtil;
import org.apache.doris.stack.util.UuidUtil;

@@ -201,6 +202,8 @@ public ClusterInfoEntity validateCluster(ClusterCreateReq createReq) throws Exce
log.info("Verify that the Palo cluster is available");
ClusterInfoEntity entity = new ClusterInfoEntity();
entity.updateByClusterInfo(createReq);
// encrypt passwd
entity.setPasswd(CredsUtil.aesEncrypt(entity.getPasswd()));
// Just verify whether the Doris HTTP interface can be accessed
try {
paloLoginClient.loginPalo(entity);
@@ -349,6 +352,7 @@ private void updateAccessInfo(ClusterCreateReq clusterAccessInfo,
validateCluster(clusterAccessInfo);

clusterInfo.updateByClusterInfo(clusterAccessInfo);
clusterInfo.setPasswd(CredsUtil.aesEncrypt(clusterInfo.getPasswd()));
clusterInfo.setStatus(ClusterInfoEntity.AppClusterStatus.NORMAL.name());

// Initialize the correspondence between permission group and Doris virtual user
@@ -429,7 +433,7 @@ public NewUserSpaceInfo getById(CoreUserEntity user, int spaceId) throws Excepti
private void setClusterStatus(ClusterInfoEntity clusterInfo) {
try {
jdbcClient.testConnetion(clusterInfo.getAddress(), clusterInfo.getQueryPort(),
ConstantDef.MYSQL_DEFAULT_SCHEMA, clusterInfo.getUser(), clusterInfo.getPasswd());
ConstantDef.MYSQL_DEFAULT_SCHEMA, clusterInfo.getUser(), CredsUtil.tryAesDecrypt(clusterInfo.getPasswd()));
clusterInfo.setStatus(ClusterInfoEntity.AppClusterStatus.NORMAL.name());
} catch (Exception e) {
clusterInfo.setStatus(ClusterInfoEntity.AppClusterStatus.ABNORMAL.name());
@@ -584,7 +588,7 @@ private void initGroupPaloUser(ClusterInfoEntity clusterInfo) throws Exception {
String password = queryClient.createUser(ConstantDef.DORIS_DEFAULT_NS, ConstantDef.MYSQL_DEFAULT_SCHEMA,
clusterInfo, userName);
allUserGroup.setPaloUserName(userName);
allUserGroup.setPassword(password);
allUserGroup.setPassword(CredsUtil.aesEncrypt(password));

groupRoleRepository.save(allUserGroup);
log.debug("save palo user for group");
@@ -33,6 +33,7 @@
import org.apache.doris.stack.entity.CoreUserEntity;
import org.apache.doris.stack.entity.ResourceNodeEntity;
import org.apache.doris.stack.model.request.control.DorisClusterModuleResourceConfig;
import org.apache.doris.stack.util.CredsUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@@ -129,7 +130,7 @@ private ModelControlResponse handleCreateAndStartResourceClusterEvent(CoreUserEn
List<String> nodeIps = new ArrayList<>();

Statement stmt = jdbcClient.getStatement(clusterInfo.getAddress(), clusterInfo.getQueryPort(),
clusterInfo.getUser(), clusterInfo.getPasswd());
clusterInfo.getUser(), CredsUtil.aesDecrypt(clusterInfo.getPasswd()));
Set<String> feNodeIps = jdbcClient.getFeOrBeIps(stmt, "'/frontends';");
log.debug("The node list IP of Doris cluster Fe is {}", feNodeIps);

@@ -34,9 +34,9 @@
public class CredsUtil {

/**
* Encrypt Key
* AES must be 128 bits
*/
* Encrypt Key
* AES must be 128 bits
*/
private static final String ENCRYPT_KEY = "12dfA67887iyW321";

private static final String ALGORITHM_STR = "AES/ECB/PKCS5Padding";
@@ -196,4 +196,17 @@ public static String aesDecrypt(String encryptStr) throws Exception {
return decryptPassword;
}

/**
* AES decrypt
*
* @param encryptStr
* @return decrypt string if the encryptStr is de
*/
public static String tryAesDecrypt(String encryptStr) throws Exception {
try {
return aesDecrypt(encryptStr);
} catch (Exception e) {
return encryptStr;
}
}
}
@@ -27,6 +27,7 @@
import com.alibaba.fastjson.JSON;
import com.google.common.collect.Maps;

import org.apache.doris.stack.util.CredsUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@@ -54,7 +55,7 @@ private DorisNodes getDorisNodes(ClusterInfoEntity entity, String url) throws Ex
log.debug("Send get doris node list request, url is {}.", url);
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
setAuthHeaders(headers, entity.getUser(), CredsUtil.tryAesDecrypt(entity.getPasswd()));

PaloResponseEntity response = poolManager.doGet(url, headers);
if (response.getCode() != REQUEST_SUCCESS_CODE) {
@@ -30,6 +30,7 @@
import org.apache.doris.stack.exception.PaloRequestException;
import com.google.common.collect.Maps;
import lombok.extern.slf4j.Slf4j;
import org.apache.doris.stack.util.CredsUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.multipart.MultipartFile;
@@ -68,7 +69,7 @@ public LocalFileInfo uploadLocalFile(String ns, String db, String table,
headers.put("Content-Type", contentType);
String[] array = contentType.split(";");
String[] boundary = array[1].split("=");
setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
setAuthHeaders(headers, entity.getUser(), CredsUtil.tryAesDecrypt(entity.getPasswd()));

PaloResponseEntity response = poolManager.uploadFile(url, file, headers, otherParams, boundary[1]);

@@ -102,7 +103,7 @@ public LocalFileSubmitResult submitFileImport(String ns, String db, String table
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
setPostHeaders(headers);
setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
setAuthHeaders(headers, entity.getUser(), CredsUtil.tryAesDecrypt(entity.getPasswd()));
headers.put("label", importReq.getName());

StringBuffer columnNameBuffer = new StringBuffer();
@@ -145,7 +146,7 @@ public void deleteLocalFile(String ns, String db, String table, int fileId, Stri

Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
setAuthHeaders(headers, entity.getUser(), CredsUtil.tryAesDecrypt(entity.getPasswd()));
PaloResponseEntity response = poolManager.doDelete(url, headers);
if (response.getCode() != REQUEST_SUCCESS_CODE) {
log.error("delete file error:" + response.getData());
@@ -164,7 +165,7 @@ public HdfsFilePreview getHdfsPreview(HdfsFilePreviewReq req, ClusterInfoEntity
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
setPostHeaders(headers);
setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
setAuthHeaders(headers, entity.getUser(), CredsUtil.tryAesDecrypt(entity.getPasswd()));

PaloResponseEntity response = poolManager.doPost(url, headers, req);
if (response.getCode() != REQUEST_SUCCESS_CODE) {
@@ -28,6 +28,7 @@
import com.alibaba.fastjson.JSONException;
import com.google.common.collect.Maps;

import org.apache.doris.stack.util.CredsUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@@ -50,7 +51,7 @@ public Object forwardGet(String url, ClusterInfoEntity entity) throws Exception

Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
setAuthHeaders(headers, entity.getUser(), CredsUtil.tryAesDecrypt(entity.getPasswd()));
PaloResponseEntity response;
try {
response = poolManager.doGet(url, headers);
@@ -69,7 +70,7 @@ public Object forwardPost(String url, String requestBody, ClusterInfoEntity enti

Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
setAuthHeaders(headers, entity.getUser(), CredsUtil.tryAesDecrypt(entity.getPasswd()));
headers.put("Content-Type", "application/json");
PaloResponseEntity response;
try {
@@ -83,11 +84,11 @@ public Object forwardPost(String url, String requestBody, ClusterInfoEntity enti
return ResponseEntityBuilder.ok(JSON.parse(response.getData()));
}

public boolean doesFeMonitorExist(ClusterInfoEntity entity) {
public boolean doesFeMonitorExist(ClusterInfoEntity entity) throws Exception {
String url = "http://" + entity.getAddress() + ":" + entity.getHttpPort() + FE_MONITOR_CHECK_API;
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
setAuthHeaders(headers, entity.getUser(), CredsUtil.tryAesDecrypt(entity.getPasswd()));
PaloResponseEntity response;
try {
response = poolManager.doGet(url, headers);
@@ -22,6 +22,7 @@
import org.apache.doris.stack.exception.PaloRequestException;
import com.google.common.collect.Maps;
import lombok.extern.slf4j.Slf4j;
import org.apache.doris.stack.util.CredsUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@@ -44,7 +45,7 @@ public boolean loginPalo(ClusterInfoEntity entity) throws Exception {
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
setPostHeaders(headers);
setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
setAuthHeaders(headers, entity.getUser(), CredsUtil.tryAesDecrypt(entity.getPasswd()));

PaloResponseEntity response = poolManager.doPost(url, headers, null);
if (response.getCode() != LOGIN_SUCCESS_CODE) {
@@ -24,6 +24,7 @@
import org.apache.doris.stack.exception.PaloRequestException;
import com.google.common.collect.Maps;
import lombok.extern.slf4j.Slf4j;
import org.apache.doris.stack.util.CredsUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@@ -55,7 +56,7 @@ public List<String> getDatabaseList(String nsName, ClusterInfoEntity entity) thr
log.debug("Send get database list request, url is {}.", url);
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
setAuthHeaders(headers, entity.getUser(), CredsUtil.tryAesDecrypt(entity.getPasswd()));
PaloResponseEntity response = poolManager.doGet(url, headers);
if (response.getCode() != REQUEST_SUCCESS_CODE) {
throw new PaloRequestException("Get Database list by ns error.");
@@ -92,7 +93,7 @@ public List<String> getTableList(String nsName, String dbName, ClusterInfoEntity
log.debug("Send get table list request, url is {}.", url);
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
setAuthHeaders(headers, entity.getUser(), CredsUtil.tryAesDecrypt(entity.getPasswd()));

PaloResponseEntity response = poolManager.doGet(url, headers);
if (response.getCode() != REQUEST_SUCCESS_CODE) {
@@ -102,7 +103,7 @@ public List<String> getTableList(String nsName, String dbName, ClusterInfoEntity
}

public TableSchemaInfo.TableSchema getTableBaseSchema(String ns, String db, String table,
ClusterInfoEntity entity) throws Exception {
ClusterInfoEntity entity) throws Exception {
TableSchemaInfo result = getTableSchema(ns, db, table, entity);
TableSchemaInfo.TableSchema tableSchema = result.getSchemaInfo().getSchemaMap().get(table);
return tableSchema;
@@ -131,7 +132,7 @@ public TableSchemaInfo getTableSchema(String ns, String db, String table,
log.debug("Send get table schema request, url is {}.", url);
Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
setAuthHeaders(headers, entity.getUser(), CredsUtil.tryAesDecrypt(entity.getPasswd()));

PaloResponseEntity response = poolManager.doGet(url, headers);
if (response.getCode() != REQUEST_SUCCESS_CODE) {
@@ -24,6 +24,7 @@
import org.apache.doris.stack.entity.ClusterInfoEntity;
import lombok.extern.slf4j.Slf4j;

import org.apache.doris.stack.util.CredsUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@@ -119,7 +120,7 @@ public double countSQL(String sql, String ns, String db, ClusterInfoEntity entit
public NativeQueryResp executeSQL(String sql, String ns, String db, ClusterInfoEntity entity) throws Exception {

Statement stmt = jdbcClient.getStatement(entity.getAddress(), entity.getQueryPort(),
entity.getUser(), entity.getPasswd(), db);
entity.getUser(), CredsUtil.tryAesDecrypt(entity.getPasswd()), db);
try {
NativeQueryResp res = executeSql(stmt, sql);
return res;
@@ -24,6 +24,7 @@
import org.apache.doris.stack.exception.PaloRequestException;
import com.google.common.collect.Maps;
import lombok.extern.slf4j.Slf4j;
import org.apache.doris.stack.util.CredsUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@@ -49,7 +50,7 @@ public ClusterOverviewInfo getClusterInfo(ClusterInfoEntity entity) throws Excep

Map<String, String> headers = Maps.newHashMap();
setHeaders(headers);
setAuthHeaders(headers, entity.getUser(), entity.getPasswd());
setAuthHeaders(headers, entity.getUser(), CredsUtil.tryAesDecrypt(entity.getPasswd()));

PaloResponseEntity response = poolManager.doGet(url, headers);
if (response.getCode() != REQUEST_SUCCESS_CODE) {
@@ -75,7 +75,6 @@ public class ClusterInfoEntity {

/**
* Doris user password
* TODO:The subsequent storage shall be encrypted to prevent the leakage of password information
*/
@Column(length = 100)
private String passwd;

0 comments on commit 3b32660

Please sign in to comment.