Examples with HDDSKeyGenerator org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator used on opensource projects

Example 6 with HDDSKeyGenerator

use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.

the class TestKeyCodec method init.

@Before
public void init() throws IOException {
    configuration = new OzoneConfiguration();
    prefix = temporaryFolder.newFolder().toString();
    configuration.set(HDDS_METADATA_DIR_NAME, prefix);
    keyGenerator = new HDDSKeyGenerator(configuration);
    securityConfig = new SecurityConfig(configuration);
    component = "test_component";
}

Example 7 with HDDSKeyGenerator

use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.

the class TestRootCertificate method testCACert.

@Test
public void testCACert() throws SCMSecurityException, NoSuchProviderException, NoSuchAlgorithmException, IOException, CertificateException {
    LocalDate notBefore = LocalDate.now();
    LocalDate notAfter = notBefore.plus(365, ChronoUnit.DAYS);
    String clusterID = UUID.randomUUID().toString();
    String scmID = UUID.randomUUID().toString();
    String subject = "testRootCert";
    HDDSKeyGenerator keyGen = new HDDSKeyGenerator(securityConfig.getConfiguration());
    KeyPair keyPair = keyGen.generateKey();
    SelfSignedCertificate.Builder builder = SelfSignedCertificate.newBuilder().setBeginDate(notBefore).setEndDate(notAfter).setClusterID(clusterID).setScmID(scmID).setSubject(subject).setKey(keyPair).setConfiguration(conf).makeCA();
    try {
        DomainValidator validator = DomainValidator.getInstance();
        // Add all valid ips.
        OzoneSecurityUtil.getValidInetsForCurrentHost().forEach(ip -> {
            builder.addIpAddress(ip.getHostAddress());
            if (validator.isValid(ip.getCanonicalHostName())) {
                builder.addDnsName(ip.getCanonicalHostName());
            }
        });
    } catch (IOException e) {
        throw new org.apache.hadoop.hdds.security.x509.exceptions.CertificateException("Error while adding ip to CA self signed certificate", e, CSR_ERROR);
    }
    X509CertificateHolder certificateHolder = builder.build();
    // This time we asked for a CertificateServer Certificate, make sure that
    // extension is
    // present and valid.
    Extension basicExt = certificateHolder.getExtension(Extension.basicConstraints);
    Assert.assertNotNull(basicExt);
    Assert.assertTrue(basicExt.isCritical());
    // Since this code assigns ONE for the root certificate, we check if the
    // serial number is the expected number.
    Assert.assertEquals(certificateHolder.getSerialNumber(), BigInteger.ONE);
    CertificateCodec codec = new CertificateCodec(securityConfig, "scm");
    String pemString = codec.getPEMEncodedString(certificateHolder);
    File basePath = temporaryFolder.newFolder();
    if (!basePath.exists()) {
        Assert.assertTrue(basePath.mkdirs());
    }
    codec.writeCertificate(basePath.toPath(), "pemcertificate.crt", pemString, false);
    X509CertificateHolder loadedCert = codec.readCertificate(basePath.toPath(), "pemcertificate.crt");
    assertNotNull(loadedCert);
    assertEquals(certificateHolder.getSerialNumber(), loadedCert.getSerialNumber());
}

Example 8 with HDDSKeyGenerator

use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.

the class TestSecureOzoneCluster method generateKeyPair.

private void generateKeyPair() throws Exception {
    HDDSKeyGenerator keyGenerator = new HDDSKeyGenerator(conf);
    KeyPair keyPair = keyGenerator.generateKey();
    KeyCodec pemWriter = new KeyCodec(new SecurityConfig(conf), COMPONENT);
    pemWriter.writeKey(keyPair, true);
}

Example 9 with HDDSKeyGenerator

use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.

the class TestDelegationToken method generateKeyPair.

private void generateKeyPair() throws Exception {
    HDDSKeyGenerator keyGenerator = new HDDSKeyGenerator(conf);
    KeyPair keyPair = keyGenerator.generateKey();
    KeyCodec pemWriter = new KeyCodec(new SecurityConfig(conf), COMPONENT);
    pemWriter.writeKey(keyPair, true);
}

Example 10 with HDDSKeyGenerator

use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.

the class TestDefaultProfile method testVerifyCertificateInvalidKeys.

/**
 * Test invalid keys fail in the validation.
 *
 * @throws SCMSecurityException      - on Error.
 * @throws PKCSException             - on Error.
 * @throws OperatorCreationException - on Error.
 * @throws NoSuchProviderException   - on Error.
 * @throws NoSuchAlgorithmException  - on Error.
 */
@Test
public void testVerifyCertificateInvalidKeys() throws SCMSecurityException, PKCSException, OperatorCreationException, NoSuchProviderException, NoSuchAlgorithmException {
    KeyPair newKeyPair = new HDDSKeyGenerator(securityConfig).generateKey();
    KeyPair wrongKey = new KeyPair(keyPair.getPublic(), newKeyPair.getPrivate());
    PKCS10CertificationRequest csr = new CertificateSignRequest.Builder().addDnsName("hadoop.apache.org").addIpAddress("8.8.8.8").setCA(false).setClusterID("ClusterID").setScmID("SCMID").setSubject("Ozone Cluster").setConfiguration(configuration).setKey(wrongKey).build();
    // Signature verification should fail here, since the public/private key
    // does not match.
    assertFalse(testApprover.verifyPkcs10Request(csr));
}