Search in sources :

Example 11 with HDDSKeyGenerator

use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.

the class TestCertificateClientInit method setUp.

@Before
public void setUp() throws Exception {
    OzoneConfiguration config = new OzoneConfiguration();
    final String path = GenericTestUtils.getTempPath(UUID.randomUUID().toString());
    metaDirPath = Paths.get(path, "test");
    config.set(HDDS_METADATA_DIR_NAME, metaDirPath.toString());
    securityConfig = new SecurityConfig(config);
    keyGenerator = new HDDSKeyGenerator(securityConfig);
    keyPair = keyGenerator.generateKey();
    x509Certificate = getX509Certificate();
    certSerialId = x509Certificate.getSerialNumber().toString();
    dnCertificateClient = new DNCertificateClient(securityConfig, certSerialId);
    omCertificateClient = new OMCertificateClient(securityConfig, certSerialId);
    dnKeyCodec = new KeyCodec(securityConfig, DN_COMPONENT);
    omKeyCodec = new KeyCodec(securityConfig, OM_COMPONENT);
    Files.createDirectories(securityConfig.getKeyLocation(DN_COMPONENT));
    Files.createDirectories(securityConfig.getKeyLocation(OM_COMPONENT));
}
Also used : HDDSKeyGenerator(org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) OzoneConfiguration(org.apache.hadoop.hdds.conf.OzoneConfiguration) KeyCodec(org.apache.hadoop.hdds.security.x509.keys.KeyCodec) Before(org.junit.Before)

Example 12 with HDDSKeyGenerator

use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.

the class DefaultCAServer method generateKeys.

/**
 * Generates a KeyPair for the Certificate.
 *
 * @param securityConfig - SecurityConfig.
 * @return Key Pair.
 * @throws NoSuchProviderException  - on Error.
 * @throws NoSuchAlgorithmException - on Error.
 * @throws IOException              - on Error.
 */
private KeyPair generateKeys(SecurityConfig securityConfig) throws NoSuchProviderException, NoSuchAlgorithmException, IOException {
    HDDSKeyGenerator keyGenerator = new HDDSKeyGenerator(securityConfig);
    KeyPair keys = keyGenerator.generateKey();
    KeyCodec keyPEMWriter = new KeyCodec(securityConfig, componentName);
    keyPEMWriter.writeKey(keys);
    return keys;
}
Also used : KeyPair(java.security.KeyPair) HDDSKeyGenerator(org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator) KeyCodec(org.apache.hadoop.hdds.security.x509.keys.KeyCodec)

Example 13 with HDDSKeyGenerator

use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.

the class TestDefaultProfile method setUp.

@Before
public void setUp() throws Exception {
    configuration = new OzoneConfiguration();
    configuration.set(OZONE_METADATA_DIRS, temporaryFolder.newFolder().toString());
    securityConfig = new SecurityConfig(configuration);
    defaultProfile = new DefaultProfile();
    testApprover = new MockApprover(defaultProfile, securityConfig);
    keyPair = new HDDSKeyGenerator(securityConfig).generateKey();
}
Also used : DefaultProfile(org.apache.hadoop.hdds.security.x509.certificate.authority.PKIProfiles.DefaultProfile) HDDSKeyGenerator(org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) OzoneConfiguration(org.apache.hadoop.hdds.conf.OzoneConfiguration) Before(org.junit.Before)

Example 14 with HDDSKeyGenerator

use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.

the class TestCRLCodec method writeTempCert.

/**
 * Test method for generating temporary cert and persisting into tmp folder.
 *
 * @throws NoSuchProviderException
 * @throws NoSuchAlgorithmException
 * @throws IOException
 */
private void writeTempCert() throws NoSuchProviderException, NoSuchAlgorithmException, IOException {
    HDDSKeyGenerator keyGenerator = new HDDSKeyGenerator(conf);
    keyPair = keyGenerator.generateKey();
    X509CertificateHolder cert = SelfSignedCertificate.newBuilder().setSubject(RandomStringUtils.randomAlphabetic(4)).setClusterID(RandomStringUtils.randomAlphabetic(4)).setScmID(RandomStringUtils.randomAlphabetic(4)).setBeginDate(LocalDate.now()).setEndDate(LocalDate.now().plus(1, ChronoUnit.DAYS)).setConfiguration(keyGenerator.getSecurityConfig().getConfiguration()).setKey(keyPair).makeCA().build();
    CertificateCodec codec = new CertificateCodec(securityConfig, COMPONENT);
    String pemString = codec.getPEMEncodedString(cert);
    basePath = new File(String.valueOf(securityConfig.getCertificateLocation("scm")));
    if (!basePath.exists()) {
        Assert.assertTrue(basePath.mkdirs());
    }
    codec.writeCertificate(basePath.toPath(), TMP_CERT_FILE_NAME, pemString, false);
}
Also used : HDDSKeyGenerator(org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) File(java.io.File)

Example 15 with HDDSKeyGenerator

use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.

the class TestDefaultCAServer method testRevokeCertificates.

@Test
public void testRevokeCertificates() throws Exception {
    String scmId = RandomStringUtils.randomAlphabetic(4);
    String clusterId = RandomStringUtils.randomAlphabetic(4);
    Date now = new Date();
    CertificateServer testCA = new DefaultCAServer("testCA", clusterId, scmId, caStore, new DefaultProfile(), Paths.get(SCM_CA_CERT_STORAGE_DIR, SCM_CA_PATH).toString());
    testCA.init(new SecurityConfig(conf), SELF_SIGNED_CA);
    KeyPair keyPair = new HDDSKeyGenerator(conf).generateKey();
    PKCS10CertificationRequest csr = new CertificateSignRequest.Builder().addDnsName("hadoop.apache.org").addIpAddress("8.8.8.8").setCA(false).setSubject("testCA").setConfiguration(conf).setKey(keyPair).build();
    // Let us convert this to a string to mimic the common use case.
    String csrString = CertificateSignRequest.getEncodedString(csr);
    Future<X509CertificateHolder> holder = testCA.requestCertificate(csrString, CertificateApprover.ApprovalType.TESTING_AUTOMATIC, OM);
    X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(holder.get());
    List<BigInteger> serialIDs = new ArrayList<>();
    serialIDs.add(certificate.getSerialNumber());
    Future<Optional<Long>> revoked = testCA.revokeCertificates(serialIDs, CRLReason.lookup(CRLReason.keyCompromise), now);
    // Revoking a valid certificate complete successfully without errors.
    assertTrue(revoked.isDone());
    // Revoking empty list of certificates should throw an error.
    LambdaTestUtils.intercept(ExecutionException.class, "Certificates " + "cannot be null", () -> {
        Future<Optional<Long>> result = testCA.revokeCertificates(Collections.emptyList(), CRLReason.lookup(CRLReason.keyCompromise), now);
        result.isDone();
        result.get();
    });
}
Also used : PKCS10CertificationRequest(org.bouncycastle.pkcs.PKCS10CertificationRequest) DefaultProfile(org.apache.hadoop.hdds.security.x509.certificate.authority.PKIProfiles.DefaultProfile) KeyPair(java.security.KeyPair) HDDSKeyGenerator(org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator) Optional(java.util.Optional) ArrayList(java.util.ArrayList) Date(java.util.Date) LocalDate(java.time.LocalDate) X509Certificate(java.security.cert.X509Certificate) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) CertificateSignRequest(org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest) Test(org.junit.Test)

Aggregations

HDDSKeyGenerator (org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator)25 KeyPair (java.security.KeyPair)17 Test (org.junit.Test)17 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)13 SecurityConfig (org.apache.hadoop.hdds.security.x509.SecurityConfig)11 PKCS10CertificationRequest (org.bouncycastle.pkcs.PKCS10CertificationRequest)10 CertificateSignRequest (org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest)9 DefaultProfile (org.apache.hadoop.hdds.security.x509.certificate.authority.PKIProfiles.DefaultProfile)6 LocalDate (java.time.LocalDate)5 KeyCodec (org.apache.hadoop.hdds.security.x509.keys.KeyCodec)5 X509Certificate (java.security.cert.X509Certificate)4 OzoneConfiguration (org.apache.hadoop.hdds.conf.OzoneConfiguration)4 Before (org.junit.Before)4 File (java.io.File)3 IOException (java.io.IOException)3 SelfSignedCertificate (org.apache.hadoop.hdds.security.x509.certificates.utils.SelfSignedCertificate)3 Extension (org.bouncycastle.asn1.x509.Extension)3 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)3 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2