Examples with CertificateSignRequest.getEncodedString org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString used on opensource projects

Search in sources :

Example 1 with CertificateSignRequest.getEncodedString

use of org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString in project ozone by apache.

the class TestDefaultCAServer method testRequestCertificate.

/**
 * The most important test of this test suite. This tests that we are able
 * to create a Test CA, creates it own self-Signed CA and then issue a
 * certificate based on a CSR.
 * @throws SCMSecurityException - on ERROR.
 * @throws ExecutionException - on ERROR.
 * @throws InterruptedException - on ERROR.
 * @throws NoSuchProviderException - on ERROR.
 * @throws NoSuchAlgorithmException - on ERROR.
 */
@Test
public void testRequestCertificate() throws IOException, ExecutionException, InterruptedException, NoSuchProviderException, NoSuchAlgorithmException {
    String scmId = RandomStringUtils.randomAlphabetic(4);
    String clusterId = RandomStringUtils.randomAlphabetic(4);
    KeyPair keyPair = new HDDSKeyGenerator(conf).generateKey();
    PKCS10CertificationRequest csr = new CertificateSignRequest.Builder().addDnsName("hadoop.apache.org").addIpAddress("8.8.8.8").addServiceName("OzoneMarketingCluster002").setCA(false).setClusterID(clusterId).setScmID(scmId).setSubject("Ozone Cluster").setConfiguration(conf).setKey(keyPair).build();
    // Let us convert this to a string to mimic the common use case.
    String csrString = CertificateSignRequest.getEncodedString(csr);
    CertificateServer testCA = new DefaultCAServer("testCA", clusterId, scmId, caStore, new DefaultProfile(), Paths.get(SCM_CA_CERT_STORAGE_DIR, SCM_CA_PATH).toString());
    testCA.init(new SecurityConfig(conf), SELF_SIGNED_CA);
    Future<X509CertificateHolder> holder = testCA.requestCertificate(csrString, CertificateApprover.ApprovalType.TESTING_AUTOMATIC, SCM);
    // Right now our calls are synchronous. Eventually this will have to wait.
    assertTrue(holder.isDone());
    assertNotNull(holder.get());
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) DefaultProfile(org.apache.hadoop.hdds.security.x509.certificate.authority.PKIProfiles.DefaultProfile) KeyPair(java.security.KeyPair) HDDSKeyGenerator(org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) Test(org.junit.Test)

Example 2 with CertificateSignRequest.getEncodedString

use of org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString in project ozone by apache.

the class TestDefaultCAServer method testRevokeCertificates.

@Test
public void testRevokeCertificates() throws Exception {
    String scmId = RandomStringUtils.randomAlphabetic(4);
    String clusterId = RandomStringUtils.randomAlphabetic(4);
    Date now = new Date();
    CertificateServer testCA = new DefaultCAServer("testCA", clusterId, scmId, caStore, new DefaultProfile(), Paths.get(SCM_CA_CERT_STORAGE_DIR, SCM_CA_PATH).toString());
    testCA.init(new SecurityConfig(conf), SELF_SIGNED_CA);
    KeyPair keyPair = new HDDSKeyGenerator(conf).generateKey();
    PKCS10CertificationRequest csr = new CertificateSignRequest.Builder().addDnsName("hadoop.apache.org").addIpAddress("8.8.8.8").setCA(false).setSubject("testCA").setConfiguration(conf).setKey(keyPair).build();
    // Let us convert this to a string to mimic the common use case.
    String csrString = CertificateSignRequest.getEncodedString(csr);
    Future<X509CertificateHolder> holder = testCA.requestCertificate(csrString, CertificateApprover.ApprovalType.TESTING_AUTOMATIC, OM);
    X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(holder.get());
    List<BigInteger> serialIDs = new ArrayList<>();
    serialIDs.add(certificate.getSerialNumber());
    Future<Optional<Long>> revoked = testCA.revokeCertificates(serialIDs, CRLReason.lookup(CRLReason.keyCompromise), now);
    // Revoking a valid certificate complete successfully without errors.
    assertTrue(revoked.isDone());
    // Revoking empty list of certificates should throw an error.
    LambdaTestUtils.intercept(ExecutionException.class, "Certificates " + "cannot be null", () -> {
        Future<Optional<Long>> result = testCA.revokeCertificates(Collections.emptyList(), CRLReason.lookup(CRLReason.keyCompromise), now);
        result.isDone();
        result.get();
    });
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) DefaultProfile(org.apache.hadoop.hdds.security.x509.certificate.authority.PKIProfiles.DefaultProfile) KeyPair(java.security.KeyPair) HDDSKeyGenerator(org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator) Optional(java.util.Optional) ArrayList(java.util.ArrayList) Date(java.util.Date) LocalDate(java.time.LocalDate) X509Certificate(java.security.cert.X509Certificate) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) CertificateSignRequest(org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest) Test(org.junit.Test)

Example 3 with CertificateSignRequest.getEncodedString

use of org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString in project ozone by apache.

the class TestDefaultCAServer method testRequestCertificateWithInvalidSubjectFailure.

@Test
public void testRequestCertificateWithInvalidSubjectFailure() throws Exception {
    KeyPair keyPair = new HDDSKeyGenerator(conf).generateKey();
    PKCS10CertificationRequest csr = new CertificateSignRequest.Builder().addDnsName("hadoop.apache.org").addIpAddress("8.8.8.8").setCA(false).setScmID("wrong one").setClusterID("223432rf").setSubject("Ozone Cluster").setConfiguration(conf).setKey(keyPair).build();
    // Let us convert this to a string to mimic the common use case.
    String csrString = CertificateSignRequest.getEncodedString(csr);
    CertificateServer testCA = new DefaultCAServer("testCA", RandomStringUtils.randomAlphabetic(4), RandomStringUtils.randomAlphabetic(4), caStore, new DefaultProfile(), Paths.get(SCM_CA_CERT_STORAGE_DIR, SCM_CA_PATH).toString());
    testCA.init(new SecurityConfig(conf), SELF_SIGNED_CA);
    LambdaTestUtils.intercept(ExecutionException.class, "ScmId and " + "ClusterId in CSR subject are incorrect", () -> {
        Future<X509CertificateHolder> holder = testCA.requestCertificate(csrString, CertificateApprover.ApprovalType.TESTING_AUTOMATIC, OM);
        holder.isDone();
        holder.get();
    });
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) DefaultProfile(org.apache.hadoop.hdds.security.x509.certificate.authority.PKIProfiles.DefaultProfile) KeyPair(java.security.KeyPair) HDDSKeyGenerator(org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) CertificateSignRequest(org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest) Test(org.junit.Test)

Example 4 with CertificateSignRequest.getEncodedString

use of org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest.getEncodedString in project ozone by apache.

the class TestDefaultCAServer method testRequestCertificateWithInvalidSubject.

/**
 * Tests that we are able
 * to create a Test CA, creates it own self-Signed CA and then issue a
 * certificate based on a CSR when scmId and clusterId are not set in
 * csr subject.
 * @throws SCMSecurityException - on ERROR.
 * @throws ExecutionException - on ERROR.
 * @throws InterruptedException - on ERROR.
 * @throws NoSuchProviderException - on ERROR.
 * @throws NoSuchAlgorithmException - on ERROR.
 */
@Test
public void testRequestCertificateWithInvalidSubject() throws IOException, ExecutionException, InterruptedException, NoSuchProviderException, NoSuchAlgorithmException {
    KeyPair keyPair = new HDDSKeyGenerator(conf).generateKey();
    PKCS10CertificationRequest csr = new CertificateSignRequest.Builder().addDnsName("hadoop.apache.org").addIpAddress("8.8.8.8").setCA(false).setSubject("Ozone Cluster").setConfiguration(conf).setKey(keyPair).build();
    // Let us convert this to a string to mimic the common use case.
    String csrString = CertificateSignRequest.getEncodedString(csr);
    CertificateServer testCA = new DefaultCAServer("testCA", RandomStringUtils.randomAlphabetic(4), RandomStringUtils.randomAlphabetic(4), caStore, new DefaultProfile(), Paths.get(SCM_CA_CERT_STORAGE_DIR, SCM_CA_PATH).toString());
    testCA.init(new SecurityConfig(conf), SELF_SIGNED_CA);
    Future<X509CertificateHolder> holder = testCA.requestCertificate(csrString, CertificateApprover.ApprovalType.TESTING_AUTOMATIC, OM);
    // Right now our calls are synchronous. Eventually this will have to wait.
    assertTrue(holder.isDone());
    assertNotNull(holder.get());
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) DefaultProfile(org.apache.hadoop.hdds.security.x509.certificate.authority.PKIProfiles.DefaultProfile) KeyPair(java.security.KeyPair) HDDSKeyGenerator(org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) CertificateSignRequest(org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest) Test(org.junit.Test)

Aggregations

KeyPair (java.security.KeyPair)4 SecurityConfig (org.apache.hadoop.hdds.security.x509.SecurityConfig)4 DefaultProfile (org.apache.hadoop.hdds.security.x509.certificate.authority.PKIProfiles.DefaultProfile)4 HDDSKeyGenerator (org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator)4 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)4 PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)4 Test (org.junit.Test)4 CertificateSignRequest (org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest)3 BigInteger (java.math.BigInteger)1 X509Certificate (java.security.cert.X509Certificate)1 LocalDate (java.time.LocalDate)1 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 Optional (java.util.Optional)1 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial