use of org.apache.drill.exec.ssl.SSLConfigBuilder in project drill by axbaretto.
the class TestSSLConfig method testInvalidHadoopKeystore.
@Test
public void testInvalidHadoopKeystore() throws Exception {
Configuration hadoopConfig = new Configuration();
String hadoopSSLFileProp = MessageFormat.format(HADOOP_SSL_CONF_TPL_KEY, SSLConfig.Mode.SERVER.toString().toLowerCase());
hadoopConfig.set(hadoopSSLFileProp, "ssl-server-invalid.xml");
ConfigBuilder config = new ConfigBuilder();
config.put(ExecConstants.USER_SSL_ENABLED, true);
config.put(ExecConstants.SSL_USE_HADOOP_CONF, true);
SSLConfig sslv;
try {
sslv = new SSLConfigBuilder().config(config.build()).mode(SSLConfig.Mode.SERVER).initializeSSLContext(false).validateKeyStore(true).hadoopConfig(hadoopConfig).build();
fail();
} catch (Exception e) {
assertTrue(e instanceof DrillException);
}
}
use of org.apache.drill.exec.ssl.SSLConfigBuilder in project drill by apache.
the class TestSSLConfig method testMissingKeystorePath.
@Test
public void testMissingKeystorePath() throws Exception {
ConfigBuilder config = new ConfigBuilder();
config.put(ExecConstants.HTTP_KEYSTORE_PATH, "");
config.put(ExecConstants.HTTP_KEYSTORE_PASSWORD, "root");
config.put(ExecConstants.SSL_USE_HADOOP_CONF, false);
config.put(ExecConstants.USER_SSL_ENABLED, true);
try {
SSLConfig sslv = new SSLConfigBuilder().config(config.build()).mode(SSLConfig.Mode.SERVER).initializeSSLContext(false).validateKeyStore(true).build();
fail();
// Expected
} catch (Exception e) {
assertTrue(e instanceof DrillException);
}
}
use of org.apache.drill.exec.ssl.SSLConfigBuilder in project drill by apache.
the class TestSSLConfig method testForBackwardCompatability.
@Test
public void testForBackwardCompatability() throws Exception {
ConfigBuilder config = new ConfigBuilder();
config.put("javax.net.ssl.keyStore", "/root");
config.put("javax.net.ssl.keyStorePassword", "root");
SSLConfig sslv = new SSLConfigBuilder().config(config.build()).mode(SSLConfig.Mode.SERVER).initializeSSLContext(false).validateKeyStore(true).build();
assertEquals("/root", sslv.getKeyStorePath());
assertEquals("root", sslv.getKeyStorePassword());
}
use of org.apache.drill.exec.ssl.SSLConfigBuilder in project drill by apache.
the class TestSSLConfig method testForKeystoreConfig.
@Test
public void testForKeystoreConfig() throws Exception {
ConfigBuilder config = new ConfigBuilder();
config.put(ExecConstants.HTTP_KEYSTORE_PATH, "/root");
config.put(ExecConstants.HTTP_KEYSTORE_PASSWORD, "root");
try {
SSLConfig sslv = new SSLConfigBuilder().config(config.build()).mode(SSLConfig.Mode.SERVER).initializeSSLContext(false).validateKeyStore(true).build();
assertEquals("/root", sslv.getKeyStorePath());
assertEquals("root", sslv.getKeyStorePassword());
} catch (Exception e) {
fail();
}
}
use of org.apache.drill.exec.ssl.SSLConfigBuilder in project drill by axbaretto.
the class WebServer method createHttpsConnector.
/**
* Create an HTTPS connector for given jetty server instance. If the admin has specified keystore/truststore settings
* they will be used else a self-signed certificate is generated and used.
*
* @return Initialized {@link ServerConnector} for HTTPS connections.
* @throws Exception
*/
private ServerConnector createHttpsConnector(int port, int acceptors, int selectors) throws Exception {
logger.info("Setting up HTTPS connector for web server");
final SslContextFactory sslContextFactory = new SslContextFactory();
SSLConfig ssl = new SSLConfigBuilder().config(config).mode(SSLConfig.Mode.SERVER).initializeSSLContext(false).validateKeyStore(true).build();
if (ssl.isSslValid()) {
logger.info("Using configured SSL settings for web server");
sslContextFactory.setKeyStorePath(ssl.getKeyStorePath());
sslContextFactory.setKeyStorePassword(ssl.getKeyStorePassword());
sslContextFactory.setKeyManagerPassword(ssl.getKeyPassword());
if (ssl.hasTrustStorePath()) {
sslContextFactory.setTrustStorePath(ssl.getTrustStorePath());
if (ssl.hasTrustStorePassword()) {
sslContextFactory.setTrustStorePassword(ssl.getTrustStorePassword());
}
}
} else {
logger.info("Using generated self-signed SSL settings for web server");
final SecureRandom random = new SecureRandom();
// Generate a private-public key pair
final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024, random);
final KeyPair keyPair = keyPairGenerator.generateKeyPair();
final DateTime now = DateTime.now();
// Create builder for certificate attributes
final X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.OU, "Apache Drill (auth-generated)").addRDN(BCStyle.O, "Apache Software Foundation (auto-generated)").addRDN(BCStyle.CN, workManager.getContext().getEndpoint().getAddress());
final Date notBefore = now.minusMinutes(1).toDate();
final Date notAfter = now.plusYears(5).toDate();
final BigInteger serialNumber = new BigInteger(128, random);
// Create a certificate valid for 5years from now.
final X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(// attributes
nameBuilder.build(), serialNumber, notBefore, notAfter, nameBuilder.build(), keyPair.getPublic());
// Sign the certificate using the private key
final ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
final X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner));
// Check the validity
certificate.checkValidity(now.toDate());
// Make sure the certificate is self-signed.
certificate.verify(certificate.getPublicKey());
// Generate a random password for keystore protection
final String keyStorePasswd = RandomStringUtils.random(20);
final KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, null);
keyStore.setKeyEntry("DrillAutoGeneratedCert", keyPair.getPrivate(), keyStorePasswd.toCharArray(), new java.security.cert.Certificate[] { certificate });
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyStorePassword(keyStorePasswd);
}
final HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.addCustomizer(new SecureRequestCustomizer());
// SSL Connector
final ServerConnector sslConnector = new ServerConnector(embeddedJetty, null, null, null, acceptors, selectors, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
sslConnector.setPort(port);
return sslConnector;
}
Aggregations