Example 1 with ScmNodeDetailsProto
use of org.apache.hadoop.hdds.protocol.proto.HddsProtos.ScmNodeDetailsProto in project ozone by apache.
the class HASecurityUtils method getRootCASignedSCMCert.
/**
* For bootstrapped SCM get sub-ca signed certificate and root CA
* certificate using scm security client and store it using certificate
* client.
*/
private static void getRootCASignedSCMCert(CertificateClient client, OzoneConfiguration config, SCMStorageConfig scmStorageConfig, InetSocketAddress scmAddress) {
try {
// Generate CSR.
PKCS10CertificationRequest csr = generateCSR(client, scmStorageConfig, config, scmAddress);
ScmNodeDetailsProto scmNodeDetailsProto = ScmNodeDetailsProto.newBuilder().setClusterId(scmStorageConfig.getClusterID()).setHostName(scmAddress.getHostName()).setScmNodeId(scmStorageConfig.getScmId()).build();
// Create SCM security client.
SCMSecurityProtocolClientSideTranslatorPB secureScmClient = HddsServerUtil.getScmSecurityClientWithFixedDuration(config);
// Get SCM sub CA cert.
SCMGetCertResponseProto response = secureScmClient.getSCMCertChain(scmNodeDetailsProto, getEncodedString(csr));
String pemEncodedCert = response.getX509Certificate();
// Store SCM sub CA and root CA certificate.
if (response.hasX509CACertificate()) {
String pemEncodedRootCert = response.getX509CACertificate();
client.storeCertificate(pemEncodedRootCert, true, true);
client.storeCertificate(pemEncodedCert, true);
X509Certificate certificate = CertificateCodec.getX509Certificate(pemEncodedCert);
persistSubCACertificate(config, client, CertificateCodec.getCertificateHolder(certificate));
// Persist scm cert serial ID.
scmStorageConfig.setScmCertSerialId(certificate.getSerialNumber().toString());
} else {
throw new RuntimeException("Unable to retrieve SCM certificate chain");
}
} catch (IOException | CertificateException e) {
LOG.error("Error while fetching/storing SCM signed certificate.", e);
throw new RuntimeException(e);
}
}
Also used :
PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest)
SCMSecurityProtocolClientSideTranslatorPB(org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolClientSideTranslatorPB)
SCMGetCertResponseProto(org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCertResponseProto)
CertificateException(java.security.cert.CertificateException)
CertificateSignRequest.getEncodedString(org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
ScmNodeDetailsProto(org.apache.hadoop.hdds.protocol.proto.HddsProtos.ScmNodeDetailsProto)
Aggregations
IOException (java.io.IOException)1
CertificateException (java.security.cert.CertificateException)1
X509Certificate (java.security.cert.X509Certificate)1
ScmNodeDetailsProto (org.apache.hadoop.hdds.protocol.proto.HddsProtos.ScmNodeDetailsProto)1
SCMGetCertResponseProto (org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos.SCMGetCertResponseProto)1
SCMSecurityProtocolClientSideTranslatorPB (org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolClientSideTranslatorPB)1
CertificateSignRequest.getEncodedString (org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString)1
PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)1
