use of org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient.InitResponse in project ozone by apache.
the class TestCertificateClientInit method testInitOzoneManager.
@Test
public void testInitOzoneManager() throws Exception {
if (pvtKeyPresent) {
omKeyCodec.writePrivateKey(keyPair.getPrivate());
} else {
FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(OM_COMPONENT).toString(), securityConfig.getPrivateKeyFileName()).toFile());
}
if (pubKeyPresent) {
if (omCertificateClient.getPublicKey() == null) {
omKeyCodec.writePublicKey(keyPair.getPublic());
}
} else {
FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(OM_COMPONENT).toString(), securityConfig.getPublicKeyFileName()).toFile());
}
if (certPresent) {
CertificateCodec codec = new CertificateCodec(securityConfig, OM_COMPONENT);
codec.writeCertificate(new X509CertificateHolder(x509Certificate.getEncoded()));
} else {
FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(OM_COMPONENT).toString(), securityConfig.getCertificateFileName()).toFile());
}
InitResponse response = omCertificateClient.init();
if (pvtKeyPresent && pubKeyPresent && !certPresent) {
assertTrue(response.equals(RECOVER));
} else {
assertTrue(response.equals(expectedResult));
}
if (!response.equals(FAILURE)) {
assertTrue(OzoneSecurityUtil.checkIfFileExist(securityConfig.getKeyLocation(OM_COMPONENT), securityConfig.getPrivateKeyFileName()));
assertTrue(OzoneSecurityUtil.checkIfFileExist(securityConfig.getKeyLocation(OM_COMPONENT), securityConfig.getPublicKeyFileName()));
}
}
use of org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient.InitResponse in project ozone by apache.
the class TestCertificateClientInit method testInitDatanode.
@Test
public void testInitDatanode() throws Exception {
if (pvtKeyPresent) {
dnKeyCodec.writePrivateKey(keyPair.getPrivate());
} else {
FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(DN_COMPONENT).toString(), securityConfig.getPrivateKeyFileName()).toFile());
}
if (pubKeyPresent) {
if (dnCertificateClient.getPublicKey() == null) {
dnKeyCodec.writePublicKey(keyPair.getPublic());
}
} else {
FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(DN_COMPONENT).toString(), securityConfig.getPublicKeyFileName()).toFile());
}
if (certPresent) {
CertificateCodec codec = new CertificateCodec(securityConfig, DN_COMPONENT);
codec.writeCertificate(new X509CertificateHolder(x509Certificate.getEncoded()));
} else {
FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(DN_COMPONENT).toString(), securityConfig.getCertificateFileName()).toFile());
}
InitResponse response = dnCertificateClient.init();
assertTrue(response.equals(expectedResult));
if (!response.equals(FAILURE)) {
assertTrue(OzoneSecurityUtil.checkIfFileExist(securityConfig.getKeyLocation(DN_COMPONENT), securityConfig.getPrivateKeyFileName()));
assertTrue(OzoneSecurityUtil.checkIfFileExist(securityConfig.getKeyLocation(DN_COMPONENT), securityConfig.getPublicKeyFileName()));
}
}
use of org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient.InitResponse in project ozone by apache.
the class HASecurityUtils method initializeSecurity.
/**
* Initialize Security which generates public, private key pair and get SCM
* signed certificate and persist to local disk.
* @param scmStorageConfig
* @param conf
* @param scmAddress
* @throws IOException
*/
public static void initializeSecurity(SCMStorageConfig scmStorageConfig, OzoneConfiguration conf, InetSocketAddress scmAddress, boolean primaryscm) throws IOException {
LOG.info("Initializing secure StorageContainerManager.");
CertificateClient certClient = new SCMCertificateClient(new SecurityConfig(conf));
InitResponse response = certClient.init();
LOG.info("Init response: {}", response);
switch(response) {
case SUCCESS:
LOG.info("Initialization successful.");
break;
case GETCERT:
if (!primaryscm) {
getRootCASignedSCMCert(certClient, conf, scmStorageConfig, scmAddress);
} else {
getPrimarySCMSelfSignedCert(certClient, conf, scmStorageConfig, scmAddress);
}
LOG.info("Successfully stored SCM signed certificate.");
break;
case FAILURE:
LOG.error("SCM security initialization failed.");
throw new RuntimeException("OM security initialization failed.");
case RECOVER:
LOG.error("SCM security initialization failed. SCM certificate is " + "missing.");
throw new RuntimeException("SCM security initialization failed.");
default:
LOG.error("SCM security initialization failed. Init response: {}", response);
throw new RuntimeException("SCM security initialization failed.");
}
}
Aggregations