Search in sources :

Example 11 with SSLConfig

use of org.apache.drill.exec.ssl.SSLConfig in project drill by apache.

the class TestSSLConfig method testInvalidHadoopKeystore.

@Test
public void testInvalidHadoopKeystore() throws Exception {
    Configuration hadoopConfig = new Configuration();
    String hadoopSSLFileProp = MessageFormat.format(HADOOP_SSL_CONF_TPL_KEY, SSLConfig.Mode.SERVER.toString().toLowerCase());
    hadoopConfig.set(hadoopSSLFileProp, "ssl-server-invalid.xml");
    ConfigBuilder config = new ConfigBuilder();
    config.put(ExecConstants.USER_SSL_ENABLED, true);
    config.put(ExecConstants.SSL_USE_HADOOP_CONF, true);
    SSLConfig sslv;
    try {
        sslv = new SSLConfigBuilder().config(config.build()).mode(SSLConfig.Mode.SERVER).initializeSSLContext(false).validateKeyStore(true).hadoopConfig(hadoopConfig).build();
        fail();
    } catch (Exception e) {
        assertTrue(e instanceof DrillException);
    }
}
Also used : SSLConfig(org.apache.drill.exec.ssl.SSLConfig) Configuration(org.apache.hadoop.conf.Configuration) SSLConfigBuilder(org.apache.drill.exec.ssl.SSLConfigBuilder) ConfigBuilder(org.apache.drill.test.ConfigBuilder) SSLConfigBuilder(org.apache.drill.exec.ssl.SSLConfigBuilder) DrillException(org.apache.drill.common.exceptions.DrillException) DrillException(org.apache.drill.common.exceptions.DrillException) Test(org.junit.Test) BaseTest(org.apache.drill.test.BaseTest) SecurityTest(org.apache.drill.categories.SecurityTest)

Example 12 with SSLConfig

use of org.apache.drill.exec.ssl.SSLConfig in project drill by apache.

the class TestSSLConfig method testForTrustStore.

@Test
public void testForTrustStore() throws Exception {
    ConfigBuilder config = new ConfigBuilder();
    config.put(ExecConstants.HTTP_TRUSTSTORE_PATH, "/root");
    config.put(ExecConstants.HTTP_TRUSTSTORE_PASSWORD, "root");
    config.put(ExecConstants.SSL_USE_HADOOP_CONF, false);
    SSLConfig sslv = new SSLConfigBuilder().config(config.build()).mode(SSLConfig.Mode.SERVER).initializeSSLContext(false).validateKeyStore(true).build();
    assertEquals(true, sslv.hasTrustStorePath());
    assertEquals(true, sslv.hasTrustStorePassword());
    assertEquals("/root", sslv.getTrustStorePath());
    assertEquals("root", sslv.getTrustStorePassword());
}
Also used : SSLConfig(org.apache.drill.exec.ssl.SSLConfig) SSLConfigBuilder(org.apache.drill.exec.ssl.SSLConfigBuilder) ConfigBuilder(org.apache.drill.test.ConfigBuilder) SSLConfigBuilder(org.apache.drill.exec.ssl.SSLConfigBuilder) Test(org.junit.Test) BaseTest(org.apache.drill.test.BaseTest) SecurityTest(org.apache.drill.categories.SecurityTest)

Example 13 with SSLConfig

use of org.apache.drill.exec.ssl.SSLConfig in project drill by apache.

the class TestSSLConfig method testMissingKeystorePassword.

@Test
public void testMissingKeystorePassword() throws Exception {
    ConfigBuilder config = new ConfigBuilder();
    config.put(ExecConstants.HTTP_KEYSTORE_PATH, "/root");
    config.put(ExecConstants.HTTP_KEYSTORE_PASSWORD, "");
    config.put(ExecConstants.SSL_USE_HADOOP_CONF, false);
    config.put(ExecConstants.USER_SSL_ENABLED, true);
    try {
        SSLConfig sslv = new SSLConfigBuilder().config(config.build()).mode(SSLConfig.Mode.SERVER).initializeSSLContext(false).validateKeyStore(true).build();
        fail();
    // Expected
    } catch (Exception e) {
        assertTrue(e instanceof DrillException);
    }
}
Also used : SSLConfig(org.apache.drill.exec.ssl.SSLConfig) SSLConfigBuilder(org.apache.drill.exec.ssl.SSLConfigBuilder) ConfigBuilder(org.apache.drill.test.ConfigBuilder) SSLConfigBuilder(org.apache.drill.exec.ssl.SSLConfigBuilder) DrillException(org.apache.drill.common.exceptions.DrillException) DrillException(org.apache.drill.common.exceptions.DrillException) Test(org.junit.Test) BaseTest(org.apache.drill.test.BaseTest) SecurityTest(org.apache.drill.categories.SecurityTest)

Example 14 with SSLConfig

use of org.apache.drill.exec.ssl.SSLConfig in project drill by apache.

the class SslContextFactoryConfigurator method configureNewSslContextFactory.

/**
 * Tries to apply ssl options configured by user. If provided configuration isn't valid,
 * new self-signed certificate will be generated and used in sslContextFactory.
 *
 * @return new configured sslContextFactory
 * @throws Exception when generation of self-signed certificate failed
 */
public SslContextFactory configureNewSslContextFactory() throws Exception {
    SSLConfig sslConf = new SSLConfigBuilder().config(config).mode(SSLConfig.Mode.SERVER).initializeSSLContext(false).validateKeyStore(true).build();
    final SslContextFactory sslContextFactory = new SslContextFactory();
    if (sslConf.isSslValid()) {
        useOptionsConfiguredByUser(sslContextFactory, sslConf);
    } else {
        useAutoGeneratedSelfSignedCertificate(sslContextFactory);
    }
    return sslContextFactory;
}
Also used : SSLConfig(org.apache.drill.exec.ssl.SSLConfig) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SSLConfigBuilder(org.apache.drill.exec.ssl.SSLConfigBuilder)

Aggregations

SSLConfig (org.apache.drill.exec.ssl.SSLConfig)14 SSLConfigBuilder (org.apache.drill.exec.ssl.SSLConfigBuilder)14 SecurityTest (org.apache.drill.categories.SecurityTest)12 ConfigBuilder (org.apache.drill.test.ConfigBuilder)12 Test (org.junit.Test)12 DrillException (org.apache.drill.common.exceptions.DrillException)8 BaseTest (org.apache.drill.test.BaseTest)6 Configuration (org.apache.hadoop.conf.Configuration)2 SslContextFactory (org.eclipse.jetty.util.ssl.SslContextFactory)2 BigInteger (java.math.BigInteger)1 KeyPair (java.security.KeyPair)1 KeyPairGenerator (java.security.KeyPairGenerator)1 KeyStore (java.security.KeyStore)1 SecureRandom (java.security.SecureRandom)1 X509Certificate (java.security.cert.X509Certificate)1 Date (java.util.Date)1 X500NameBuilder (org.bouncycastle.asn1.x500.X500NameBuilder)1 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)1 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)1 JcaX509v3CertificateBuilder (org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)1