Search in sources :

Example 1 with ContainerTokenSecretManager

use of org.apache.hadoop.hdds.security.token.ContainerTokenSecretManager in project ozone by apache.

the class TestSecureOzoneContainer method setup.

@Before
public void setup() throws Exception {
    DefaultMetricsSystem.setMiniClusterMode(true);
    ExitUtils.disableSystemExit();
    conf = new OzoneConfiguration();
    String ozoneMetaPath = GenericTestUtils.getTempPath("ozoneMeta");
    conf.set(OZONE_METADATA_DIRS, ozoneMetaPath);
    secConfig = new SecurityConfig(conf);
    caClient = new CertificateClientTestImpl(conf);
    secretManager = new ContainerTokenSecretManager(new SecurityConfig(conf), TimeUnit.DAYS.toMillis(1), caClient.getCertificate().getSerialNumber().toString());
}
Also used : SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) CertificateClientTestImpl(org.apache.hadoop.ozone.client.CertificateClientTestImpl) OzoneConfiguration(org.apache.hadoop.hdds.conf.OzoneConfiguration) ContainerTokenSecretManager(org.apache.hadoop.hdds.security.token.ContainerTokenSecretManager) Before(org.junit.Before)

Example 2 with ContainerTokenSecretManager

use of org.apache.hadoop.hdds.security.token.ContainerTokenSecretManager in project ozone by apache.

the class StorageContainerManager method createContainerTokenSecretManager.

private ContainerTokenSecretManager createContainerTokenSecretManager(OzoneConfiguration conf) throws IOException {
    long expiryTime = conf.getTimeDuration(HddsConfigKeys.HDDS_BLOCK_TOKEN_EXPIRY_TIME, HddsConfigKeys.HDDS_BLOCK_TOKEN_EXPIRY_TIME_DEFAULT, TimeUnit.MILLISECONDS);
    // root CA cert.
    if (scmCertificateClient == null) {
        Preconditions.checkState(!scmStorageConfig.checkPrimarySCMIdInitialized());
        String certSerialNumber;
        try {
            certSerialNumber = getScmCertificateServer().getCACertificate().getSerialNumber().toString();
        } catch (CertificateException ex) {
            LOG.error("Get CA Certificate failed", ex);
            throw new IOException(ex);
        } catch (IOException ex) {
            LOG.error("Get CA Certificate failed", ex);
            throw ex;
        }
        scmCertificateClient = new SCMCertificateClient(securityConfig, certSerialNumber, SCM_ROOT_CA_COMPONENT_NAME);
    }
    String certId = scmCertificateClient.getCertificate().getSerialNumber().toString();
    return new ContainerTokenSecretManager(securityConfig, expiryTime, certId);
}
Also used : SCMCertificateClient(org.apache.hadoop.hdds.security.x509.certificate.client.SCMCertificateClient) CertificateException(java.security.cert.CertificateException) UncheckedIOException(java.io.UncheckedIOException) IOException(java.io.IOException) ContainerTokenSecretManager(org.apache.hadoop.hdds.security.token.ContainerTokenSecretManager)

Example 3 with ContainerTokenSecretManager

use of org.apache.hadoop.hdds.security.token.ContainerTokenSecretManager in project ozone by apache.

the class TestSecureContainerServer method setup.

@BeforeClass
public static void setup() throws Exception {
    DefaultMetricsSystem.setMiniClusterMode(true);
    ExitUtils.disableSystemExit();
    CONF.set(HddsConfigKeys.HDDS_METADATA_DIR_NAME, TEST_DIR);
    CONF.setBoolean(OZONE_SECURITY_ENABLED_KEY, true);
    CONF.setBoolean(HDDS_BLOCK_TOKEN_ENABLED, true);
    caClient = new CertificateClientTestImpl(CONF);
    String certSerialId = caClient.getCertificate().getSerialNumber().toString();
    SecurityConfig secConf = new SecurityConfig(CONF);
    long tokenLifetime = TimeUnit.HOURS.toMillis(1);
    blockTokenSecretManager = new OzoneBlockTokenSecretManager(secConf, tokenLifetime, certSerialId);
    blockTokenSecretManager.start(caClient);
    containerTokenSecretManager = new ContainerTokenSecretManager(secConf, tokenLifetime, certSerialId);
    containerTokenSecretManager.start(caClient);
}
Also used : CertificateClientTestImpl(org.apache.hadoop.ozone.client.CertificateClientTestImpl) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) OzoneBlockTokenSecretManager(org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager) ContainerTokenSecretManager(org.apache.hadoop.hdds.security.token.ContainerTokenSecretManager) BeforeClass(org.junit.BeforeClass)

Aggregations

ContainerTokenSecretManager (org.apache.hadoop.hdds.security.token.ContainerTokenSecretManager)3 SecurityConfig (org.apache.hadoop.hdds.security.x509.SecurityConfig)2 CertificateClientTestImpl (org.apache.hadoop.ozone.client.CertificateClientTestImpl)2 IOException (java.io.IOException)1 UncheckedIOException (java.io.UncheckedIOException)1 CertificateException (java.security.cert.CertificateException)1 OzoneConfiguration (org.apache.hadoop.hdds.conf.OzoneConfiguration)1 SCMCertificateClient (org.apache.hadoop.hdds.security.x509.certificate.client.SCMCertificateClient)1 OzoneBlockTokenSecretManager (org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager)1 Before (org.junit.Before)1 BeforeClass (org.junit.BeforeClass)1