use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.
the class TestKeyCodec method init.
@Before
public void init() throws IOException {
configuration = new OzoneConfiguration();
prefix = temporaryFolder.newFolder().toString();
configuration.set(HDDS_METADATA_DIR_NAME, prefix);
keyGenerator = new HDDSKeyGenerator(configuration);
securityConfig = new SecurityConfig(configuration);
component = "test_component";
}
use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.
the class TestRootCertificate method testCACert.
@Test
public void testCACert() throws SCMSecurityException, NoSuchProviderException, NoSuchAlgorithmException, IOException, CertificateException {
LocalDate notBefore = LocalDate.now();
LocalDate notAfter = notBefore.plus(365, ChronoUnit.DAYS);
String clusterID = UUID.randomUUID().toString();
String scmID = UUID.randomUUID().toString();
String subject = "testRootCert";
HDDSKeyGenerator keyGen = new HDDSKeyGenerator(securityConfig.getConfiguration());
KeyPair keyPair = keyGen.generateKey();
SelfSignedCertificate.Builder builder = SelfSignedCertificate.newBuilder().setBeginDate(notBefore).setEndDate(notAfter).setClusterID(clusterID).setScmID(scmID).setSubject(subject).setKey(keyPair).setConfiguration(conf).makeCA();
try {
DomainValidator validator = DomainValidator.getInstance();
// Add all valid ips.
OzoneSecurityUtil.getValidInetsForCurrentHost().forEach(ip -> {
builder.addIpAddress(ip.getHostAddress());
if (validator.isValid(ip.getCanonicalHostName())) {
builder.addDnsName(ip.getCanonicalHostName());
}
});
} catch (IOException e) {
throw new org.apache.hadoop.hdds.security.x509.exceptions.CertificateException("Error while adding ip to CA self signed certificate", e, CSR_ERROR);
}
X509CertificateHolder certificateHolder = builder.build();
// This time we asked for a CertificateServer Certificate, make sure that
// extension is
// present and valid.
Extension basicExt = certificateHolder.getExtension(Extension.basicConstraints);
Assert.assertNotNull(basicExt);
Assert.assertTrue(basicExt.isCritical());
// Since this code assigns ONE for the root certificate, we check if the
// serial number is the expected number.
Assert.assertEquals(certificateHolder.getSerialNumber(), BigInteger.ONE);
CertificateCodec codec = new CertificateCodec(securityConfig, "scm");
String pemString = codec.getPEMEncodedString(certificateHolder);
File basePath = temporaryFolder.newFolder();
if (!basePath.exists()) {
Assert.assertTrue(basePath.mkdirs());
}
codec.writeCertificate(basePath.toPath(), "pemcertificate.crt", pemString, false);
X509CertificateHolder loadedCert = codec.readCertificate(basePath.toPath(), "pemcertificate.crt");
assertNotNull(loadedCert);
assertEquals(certificateHolder.getSerialNumber(), loadedCert.getSerialNumber());
}
use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.
the class TestSecureOzoneCluster method generateKeyPair.
private void generateKeyPair() throws Exception {
HDDSKeyGenerator keyGenerator = new HDDSKeyGenerator(conf);
KeyPair keyPair = keyGenerator.generateKey();
KeyCodec pemWriter = new KeyCodec(new SecurityConfig(conf), COMPONENT);
pemWriter.writeKey(keyPair, true);
}
use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.
the class TestDelegationToken method generateKeyPair.
private void generateKeyPair() throws Exception {
HDDSKeyGenerator keyGenerator = new HDDSKeyGenerator(conf);
KeyPair keyPair = keyGenerator.generateKey();
KeyCodec pemWriter = new KeyCodec(new SecurityConfig(conf), COMPONENT);
pemWriter.writeKey(keyPair, true);
}
use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.
the class TestDefaultProfile method testVerifyCertificateInvalidKeys.
/**
* Test invalid keys fail in the validation.
*
* @throws SCMSecurityException - on Error.
* @throws PKCSException - on Error.
* @throws OperatorCreationException - on Error.
* @throws NoSuchProviderException - on Error.
* @throws NoSuchAlgorithmException - on Error.
*/
@Test
public void testVerifyCertificateInvalidKeys() throws SCMSecurityException, PKCSException, OperatorCreationException, NoSuchProviderException, NoSuchAlgorithmException {
KeyPair newKeyPair = new HDDSKeyGenerator(securityConfig).generateKey();
KeyPair wrongKey = new KeyPair(keyPair.getPublic(), newKeyPair.getPrivate());
PKCS10CertificationRequest csr = new CertificateSignRequest.Builder().addDnsName("hadoop.apache.org").addIpAddress("8.8.8.8").setCA(false).setClusterID("ClusterID").setScmID("SCMID").setSubject("Ozone Cluster").setConfiguration(configuration).setKey(wrongKey).build();
// Signature verification should fail here, since the public/private key
// does not match.
assertFalse(testApprover.verifyPkcs10Request(csr));
}
Aggregations