use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.
the class TestCertificateClientInit method setUp.
@Before
public void setUp() throws Exception {
OzoneConfiguration config = new OzoneConfiguration();
final String path = GenericTestUtils.getTempPath(UUID.randomUUID().toString());
metaDirPath = Paths.get(path, "test");
config.set(HDDS_METADATA_DIR_NAME, metaDirPath.toString());
securityConfig = new SecurityConfig(config);
keyGenerator = new HDDSKeyGenerator(securityConfig);
keyPair = keyGenerator.generateKey();
x509Certificate = getX509Certificate();
certSerialId = x509Certificate.getSerialNumber().toString();
dnCertificateClient = new DNCertificateClient(securityConfig, certSerialId);
omCertificateClient = new OMCertificateClient(securityConfig, certSerialId);
dnKeyCodec = new KeyCodec(securityConfig, DN_COMPONENT);
omKeyCodec = new KeyCodec(securityConfig, OM_COMPONENT);
Files.createDirectories(securityConfig.getKeyLocation(DN_COMPONENT));
Files.createDirectories(securityConfig.getKeyLocation(OM_COMPONENT));
}
use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.
the class DefaultCAServer method generateKeys.
/**
* Generates a KeyPair for the Certificate.
*
* @param securityConfig - SecurityConfig.
* @return Key Pair.
* @throws NoSuchProviderException - on Error.
* @throws NoSuchAlgorithmException - on Error.
* @throws IOException - on Error.
*/
private KeyPair generateKeys(SecurityConfig securityConfig) throws NoSuchProviderException, NoSuchAlgorithmException, IOException {
HDDSKeyGenerator keyGenerator = new HDDSKeyGenerator(securityConfig);
KeyPair keys = keyGenerator.generateKey();
KeyCodec keyPEMWriter = new KeyCodec(securityConfig, componentName);
keyPEMWriter.writeKey(keys);
return keys;
}
use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.
the class TestDefaultProfile method setUp.
@Before
public void setUp() throws Exception {
configuration = new OzoneConfiguration();
configuration.set(OZONE_METADATA_DIRS, temporaryFolder.newFolder().toString());
securityConfig = new SecurityConfig(configuration);
defaultProfile = new DefaultProfile();
testApprover = new MockApprover(defaultProfile, securityConfig);
keyPair = new HDDSKeyGenerator(securityConfig).generateKey();
}
use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.
the class TestCRLCodec method writeTempCert.
/**
* Test method for generating temporary cert and persisting into tmp folder.
*
* @throws NoSuchProviderException
* @throws NoSuchAlgorithmException
* @throws IOException
*/
private void writeTempCert() throws NoSuchProviderException, NoSuchAlgorithmException, IOException {
HDDSKeyGenerator keyGenerator = new HDDSKeyGenerator(conf);
keyPair = keyGenerator.generateKey();
X509CertificateHolder cert = SelfSignedCertificate.newBuilder().setSubject(RandomStringUtils.randomAlphabetic(4)).setClusterID(RandomStringUtils.randomAlphabetic(4)).setScmID(RandomStringUtils.randomAlphabetic(4)).setBeginDate(LocalDate.now()).setEndDate(LocalDate.now().plus(1, ChronoUnit.DAYS)).setConfiguration(keyGenerator.getSecurityConfig().getConfiguration()).setKey(keyPair).makeCA().build();
CertificateCodec codec = new CertificateCodec(securityConfig, COMPONENT);
String pemString = codec.getPEMEncodedString(cert);
basePath = new File(String.valueOf(securityConfig.getCertificateLocation("scm")));
if (!basePath.exists()) {
Assert.assertTrue(basePath.mkdirs());
}
codec.writeCertificate(basePath.toPath(), TMP_CERT_FILE_NAME, pemString, false);
}
use of org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator in project ozone by apache.
the class TestDefaultCAServer method testRevokeCertificates.
@Test
public void testRevokeCertificates() throws Exception {
String scmId = RandomStringUtils.randomAlphabetic(4);
String clusterId = RandomStringUtils.randomAlphabetic(4);
Date now = new Date();
CertificateServer testCA = new DefaultCAServer("testCA", clusterId, scmId, caStore, new DefaultProfile(), Paths.get(SCM_CA_CERT_STORAGE_DIR, SCM_CA_PATH).toString());
testCA.init(new SecurityConfig(conf), SELF_SIGNED_CA);
KeyPair keyPair = new HDDSKeyGenerator(conf).generateKey();
PKCS10CertificationRequest csr = new CertificateSignRequest.Builder().addDnsName("hadoop.apache.org").addIpAddress("8.8.8.8").setCA(false).setSubject("testCA").setConfiguration(conf).setKey(keyPair).build();
// Let us convert this to a string to mimic the common use case.
String csrString = CertificateSignRequest.getEncodedString(csr);
Future<X509CertificateHolder> holder = testCA.requestCertificate(csrString, CertificateApprover.ApprovalType.TESTING_AUTOMATIC, OM);
X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(holder.get());
List<BigInteger> serialIDs = new ArrayList<>();
serialIDs.add(certificate.getSerialNumber());
Future<Optional<Long>> revoked = testCA.revokeCertificates(serialIDs, CRLReason.lookup(CRLReason.keyCompromise), now);
// Revoking a valid certificate complete successfully without errors.
assertTrue(revoked.isDone());
// Revoking empty list of certificates should throw an error.
LambdaTestUtils.intercept(ExecutionException.class, "Certificates " + "cannot be null", () -> {
Future<Optional<Long>> result = testCA.revokeCertificates(Collections.emptyList(), CRLReason.lookup(CRLReason.keyCompromise), now);
result.isDone();
result.get();
});
}
Aggregations