Search in sources :

Example 1 with InitResponse

use of org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient.InitResponse in project ozone by apache.

the class TestCertificateClientInit method testInitOzoneManager.

@Test
public void testInitOzoneManager() throws Exception {
    if (pvtKeyPresent) {
        omKeyCodec.writePrivateKey(keyPair.getPrivate());
    } else {
        FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(OM_COMPONENT).toString(), securityConfig.getPrivateKeyFileName()).toFile());
    }
    if (pubKeyPresent) {
        if (omCertificateClient.getPublicKey() == null) {
            omKeyCodec.writePublicKey(keyPair.getPublic());
        }
    } else {
        FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(OM_COMPONENT).toString(), securityConfig.getPublicKeyFileName()).toFile());
    }
    if (certPresent) {
        CertificateCodec codec = new CertificateCodec(securityConfig, OM_COMPONENT);
        codec.writeCertificate(new X509CertificateHolder(x509Certificate.getEncoded()));
    } else {
        FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(OM_COMPONENT).toString(), securityConfig.getCertificateFileName()).toFile());
    }
    InitResponse response = omCertificateClient.init();
    if (pvtKeyPresent && pubKeyPresent && !certPresent) {
        assertTrue(response.equals(RECOVER));
    } else {
        assertTrue(response.equals(expectedResult));
    }
    if (!response.equals(FAILURE)) {
        assertTrue(OzoneSecurityUtil.checkIfFileExist(securityConfig.getKeyLocation(OM_COMPONENT), securityConfig.getPrivateKeyFileName()));
        assertTrue(OzoneSecurityUtil.checkIfFileExist(securityConfig.getKeyLocation(OM_COMPONENT), securityConfig.getPublicKeyFileName()));
    }
}
Also used : InitResponse(org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient.InitResponse) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) CertificateCodec(org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec) Test(org.junit.Test)

Example 2 with InitResponse

use of org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient.InitResponse in project ozone by apache.

the class TestCertificateClientInit method testInitDatanode.

@Test
public void testInitDatanode() throws Exception {
    if (pvtKeyPresent) {
        dnKeyCodec.writePrivateKey(keyPair.getPrivate());
    } else {
        FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(DN_COMPONENT).toString(), securityConfig.getPrivateKeyFileName()).toFile());
    }
    if (pubKeyPresent) {
        if (dnCertificateClient.getPublicKey() == null) {
            dnKeyCodec.writePublicKey(keyPair.getPublic());
        }
    } else {
        FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(DN_COMPONENT).toString(), securityConfig.getPublicKeyFileName()).toFile());
    }
    if (certPresent) {
        CertificateCodec codec = new CertificateCodec(securityConfig, DN_COMPONENT);
        codec.writeCertificate(new X509CertificateHolder(x509Certificate.getEncoded()));
    } else {
        FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(DN_COMPONENT).toString(), securityConfig.getCertificateFileName()).toFile());
    }
    InitResponse response = dnCertificateClient.init();
    assertTrue(response.equals(expectedResult));
    if (!response.equals(FAILURE)) {
        assertTrue(OzoneSecurityUtil.checkIfFileExist(securityConfig.getKeyLocation(DN_COMPONENT), securityConfig.getPrivateKeyFileName()));
        assertTrue(OzoneSecurityUtil.checkIfFileExist(securityConfig.getKeyLocation(DN_COMPONENT), securityConfig.getPublicKeyFileName()));
    }
}
Also used : InitResponse(org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient.InitResponse) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) CertificateCodec(org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec) Test(org.junit.Test)

Example 3 with InitResponse

use of org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient.InitResponse in project ozone by apache.

the class HASecurityUtils method initializeSecurity.

/**
 * Initialize Security which generates public, private key pair and get SCM
 * signed certificate and persist to local disk.
 * @param scmStorageConfig
 * @param conf
 * @param scmAddress
 * @throws IOException
 */
public static void initializeSecurity(SCMStorageConfig scmStorageConfig, OzoneConfiguration conf, InetSocketAddress scmAddress, boolean primaryscm) throws IOException {
    LOG.info("Initializing secure StorageContainerManager.");
    CertificateClient certClient = new SCMCertificateClient(new SecurityConfig(conf));
    InitResponse response = certClient.init();
    LOG.info("Init response: {}", response);
    switch(response) {
        case SUCCESS:
            LOG.info("Initialization successful.");
            break;
        case GETCERT:
            if (!primaryscm) {
                getRootCASignedSCMCert(certClient, conf, scmStorageConfig, scmAddress);
            } else {
                getPrimarySCMSelfSignedCert(certClient, conf, scmStorageConfig, scmAddress);
            }
            LOG.info("Successfully stored SCM signed certificate.");
            break;
        case FAILURE:
            LOG.error("SCM security initialization failed.");
            throw new RuntimeException("OM security initialization failed.");
        case RECOVER:
            LOG.error("SCM security initialization failed. SCM certificate is " + "missing.");
            throw new RuntimeException("SCM security initialization failed.");
        default:
            LOG.error("SCM security initialization failed. Init response: {}", response);
            throw new RuntimeException("SCM security initialization failed.");
    }
}
Also used : SCMCertificateClient(org.apache.hadoop.hdds.security.x509.certificate.client.SCMCertificateClient) CertificateClient(org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient) SCMCertificateClient(org.apache.hadoop.hdds.security.x509.certificate.client.SCMCertificateClient) InitResponse(org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient.InitResponse) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig)

Aggregations

InitResponse (org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient.InitResponse)3 CertificateCodec (org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec)2 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)2 Test (org.junit.Test)2 SecurityConfig (org.apache.hadoop.hdds.security.x509.SecurityConfig)1 CertificateClient (org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient)1 SCMCertificateClient (org.apache.hadoop.hdds.security.x509.certificate.client.SCMCertificateClient)1