Example 11 with SSLConfig
use of org.apache.drill.exec.ssl.SSLConfig in project drill by apache.
the class TestSSLConfig method testInvalidHadoopKeystore.
@Test
public void testInvalidHadoopKeystore() throws Exception {
Configuration hadoopConfig = new Configuration();
String hadoopSSLFileProp = MessageFormat.format(HADOOP_SSL_CONF_TPL_KEY, SSLConfig.Mode.SERVER.toString().toLowerCase());
hadoopConfig.set(hadoopSSLFileProp, "ssl-server-invalid.xml");
ConfigBuilder config = new ConfigBuilder();
config.put(ExecConstants.USER_SSL_ENABLED, true);
config.put(ExecConstants.SSL_USE_HADOOP_CONF, true);
SSLConfig sslv;
try {
sslv = new SSLConfigBuilder().config(config.build()).mode(SSLConfig.Mode.SERVER).initializeSSLContext(false).validateKeyStore(true).hadoopConfig(hadoopConfig).build();
fail();
} catch (Exception e) {
assertTrue(e instanceof DrillException);
}
}
Also used :
SSLConfig(org.apache.drill.exec.ssl.SSLConfig)
Configuration(org.apache.hadoop.conf.Configuration)
SSLConfigBuilder(org.apache.drill.exec.ssl.SSLConfigBuilder)
ConfigBuilder(org.apache.drill.test.ConfigBuilder)
SSLConfigBuilder(org.apache.drill.exec.ssl.SSLConfigBuilder)
DrillException(org.apache.drill.common.exceptions.DrillException)
DrillException(org.apache.drill.common.exceptions.DrillException)
Test(org.junit.Test)
BaseTest(org.apache.drill.test.BaseTest)
SecurityTest(org.apache.drill.categories.SecurityTest)
Example 12 with SSLConfig
use of org.apache.drill.exec.ssl.SSLConfig in project drill by apache.
the class TestSSLConfig method testForTrustStore.
@Test
public void testForTrustStore() throws Exception {
ConfigBuilder config = new ConfigBuilder();
config.put(ExecConstants.HTTP_TRUSTSTORE_PATH, "/root");
config.put(ExecConstants.HTTP_TRUSTSTORE_PASSWORD, "root");
config.put(ExecConstants.SSL_USE_HADOOP_CONF, false);
SSLConfig sslv = new SSLConfigBuilder().config(config.build()).mode(SSLConfig.Mode.SERVER).initializeSSLContext(false).validateKeyStore(true).build();
assertEquals(true, sslv.hasTrustStorePath());
assertEquals(true, sslv.hasTrustStorePassword());
assertEquals("/root", sslv.getTrustStorePath());
assertEquals("root", sslv.getTrustStorePassword());
}
Also used :
SSLConfig(org.apache.drill.exec.ssl.SSLConfig)
SSLConfigBuilder(org.apache.drill.exec.ssl.SSLConfigBuilder)
ConfigBuilder(org.apache.drill.test.ConfigBuilder)
SSLConfigBuilder(org.apache.drill.exec.ssl.SSLConfigBuilder)
Test(org.junit.Test)
BaseTest(org.apache.drill.test.BaseTest)
SecurityTest(org.apache.drill.categories.SecurityTest)
Example 13 with SSLConfig
use of org.apache.drill.exec.ssl.SSLConfig in project drill by apache.
the class TestSSLConfig method testMissingKeystorePassword.
@Test
public void testMissingKeystorePassword() throws Exception {
ConfigBuilder config = new ConfigBuilder();
config.put(ExecConstants.HTTP_KEYSTORE_PATH, "/root");
config.put(ExecConstants.HTTP_KEYSTORE_PASSWORD, "");
config.put(ExecConstants.SSL_USE_HADOOP_CONF, false);
config.put(ExecConstants.USER_SSL_ENABLED, true);
try {
SSLConfig sslv = new SSLConfigBuilder().config(config.build()).mode(SSLConfig.Mode.SERVER).initializeSSLContext(false).validateKeyStore(true).build();
fail();
// Expected
} catch (Exception e) {
assertTrue(e instanceof DrillException);
}
}
Also used :
SSLConfig(org.apache.drill.exec.ssl.SSLConfig)
SSLConfigBuilder(org.apache.drill.exec.ssl.SSLConfigBuilder)
ConfigBuilder(org.apache.drill.test.ConfigBuilder)
SSLConfigBuilder(org.apache.drill.exec.ssl.SSLConfigBuilder)
DrillException(org.apache.drill.common.exceptions.DrillException)
DrillException(org.apache.drill.common.exceptions.DrillException)
Test(org.junit.Test)
BaseTest(org.apache.drill.test.BaseTest)
SecurityTest(org.apache.drill.categories.SecurityTest)
Example 14 with SSLConfig
use of org.apache.drill.exec.ssl.SSLConfig in project drill by apache.
the class SslContextFactoryConfigurator method configureNewSslContextFactory.
/**
* Tries to apply ssl options configured by user. If provided configuration isn't valid,
* new self-signed certificate will be generated and used in sslContextFactory.
*
* @return new configured sslContextFactory
* @throws Exception when generation of self-signed certificate failed
*/
public SslContextFactory configureNewSslContextFactory() throws Exception {
SSLConfig sslConf = new SSLConfigBuilder().config(config).mode(SSLConfig.Mode.SERVER).initializeSSLContext(false).validateKeyStore(true).build();
final SslContextFactory sslContextFactory = new SslContextFactory();
if (sslConf.isSslValid()) {
useOptionsConfiguredByUser(sslContextFactory, sslConf);
} else {
useAutoGeneratedSelfSignedCertificate(sslContextFactory);
}
return sslContextFactory;
}
Also used :
SSLConfig(org.apache.drill.exec.ssl.SSLConfig)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
SSLConfigBuilder(org.apache.drill.exec.ssl.SSLConfigBuilder)
Aggregations
SSLConfig (org.apache.drill.exec.ssl.SSLConfig)14
SSLConfigBuilder (org.apache.drill.exec.ssl.SSLConfigBuilder)14
SecurityTest (org.apache.drill.categories.SecurityTest)12
ConfigBuilder (org.apache.drill.test.ConfigBuilder)12
Test (org.junit.Test)12
DrillException (org.apache.drill.common.exceptions.DrillException)8
BaseTest (org.apache.drill.test.BaseTest)6
Configuration (org.apache.hadoop.conf.Configuration)2
SslContextFactory (org.eclipse.jetty.util.ssl.SslContextFactory)2
BigInteger (java.math.BigInteger)1
KeyPair (java.security.KeyPair)1
KeyPairGenerator (java.security.KeyPairGenerator)1
KeyStore (java.security.KeyStore)1
SecureRandom (java.security.SecureRandom)1
X509Certificate (java.security.cert.X509Certificate)1
Date (java.util.Date)1
X500NameBuilder (org.bouncycastle.asn1.x500.X500NameBuilder)1
X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)1
JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)1
JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)1
