Examples with KeyCodec org.apache.hadoop.hdds.security.x509.keys.KeyCodec used on opensource projects

Search in sources :

Example 1 with KeyCodec

use of org.apache.hadoop.hdds.security.x509.keys.KeyCodec in project ozone by apache.

the class TestSecureOzoneManager method testSecureOmInitFailures.

/**
 * Test failure cases for secure OM initialization.
 */
@Test
public void testSecureOmInitFailures() throws Exception {
    PrivateKey privateKey;
    PublicKey publicKey;
    LogCapturer omLogs = LogCapturer.captureLogs(OzoneManager.getLogger());
    OMStorage omStorage = new OMStorage(conf);
    omStorage.setClusterId(clusterId);
    omStorage.setOmId(omId);
    omLogs.clearOutput();
    // Case 1: When keypair as well as certificate is missing. Initial keypair
    // boot-up. Get certificate will fail when SCM is not running.
    SecurityConfig securityConfig = new SecurityConfig(conf);
    CertificateClient client = new OMCertificateClient(securityConfig, omStorage.getOmCertSerialId());
    Assert.assertEquals(CertificateClient.InitResponse.GETCERT, client.init());
    privateKey = client.getPrivateKey();
    publicKey = client.getPublicKey();
    Assert.assertNotNull(client.getPrivateKey());
    Assert.assertNotNull(client.getPublicKey());
    Assert.assertNull(client.getCertificate());
    // Case 2: If key pair already exist than response should be RECOVER.
    client = new OMCertificateClient(securityConfig, omStorage.getOmCertSerialId());
    Assert.assertEquals(CertificateClient.InitResponse.RECOVER, client.init());
    Assert.assertNotNull(client.getPrivateKey());
    Assert.assertNotNull(client.getPublicKey());
    Assert.assertNull(client.getCertificate());
    // Case 3: When public key as well as certificate is missing.
    client = new OMCertificateClient(securityConfig);
    FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(COMPONENT).toString(), securityConfig.getPublicKeyFileName()).toFile());
    Assert.assertEquals(CertificateClient.InitResponse.FAILURE, client.init());
    Assert.assertNotNull(client.getPrivateKey());
    Assert.assertNull(client.getPublicKey());
    Assert.assertNull(client.getCertificate());
    // Case 4: When private key and certificate is missing.
    client = new OMCertificateClient(securityConfig);
    KeyCodec keyCodec = new KeyCodec(securityConfig, COMPONENT);
    keyCodec.writePublicKey(publicKey);
    FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(COMPONENT).toString(), securityConfig.getPrivateKeyFileName()).toFile());
    Assert.assertEquals(CertificateClient.InitResponse.FAILURE, client.init());
    Assert.assertNull(client.getPrivateKey());
    Assert.assertNotNull(client.getPublicKey());
    Assert.assertNull(client.getCertificate());
    // Case 5: When only certificate is present.
    FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(COMPONENT).toString(), securityConfig.getPublicKeyFileName()).toFile());
    CertificateCodec certCodec = new CertificateCodec(securityConfig, COMPONENT);
    X509Certificate x509Certificate = KeyStoreTestUtil.generateCertificate("CN=Test", new KeyPair(publicKey, privateKey), 10, securityConfig.getSignatureAlgo());
    certCodec.writeCertificate(new X509CertificateHolder(x509Certificate.getEncoded()));
    client = new OMCertificateClient(securityConfig, x509Certificate.getSerialNumber().toString());
    omStorage.setOmCertSerialId(x509Certificate.getSerialNumber().toString());
    Assert.assertEquals(CertificateClient.InitResponse.FAILURE, client.init());
    Assert.assertNull(client.getPrivateKey());
    Assert.assertNull(client.getPublicKey());
    Assert.assertNotNull(client.getCertificate());
    // Case 6: When private key and certificate is present.
    client = new OMCertificateClient(securityConfig, x509Certificate.getSerialNumber().toString());
    FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(COMPONENT).toString(), securityConfig.getPublicKeyFileName()).toFile());
    keyCodec.writePrivateKey(privateKey);
    Assert.assertEquals(CertificateClient.InitResponse.SUCCESS, client.init());
    Assert.assertNotNull(client.getPrivateKey());
    Assert.assertNotNull(client.getPublicKey());
    Assert.assertNotNull(client.getCertificate());
    // Case 7 When keypair and certificate is present.
    client = new OMCertificateClient(securityConfig, x509Certificate.getSerialNumber().toString());
    Assert.assertEquals(CertificateClient.InitResponse.SUCCESS, client.init());
    Assert.assertNotNull(client.getPrivateKey());
    Assert.assertNotNull(client.getPublicKey());
    Assert.assertNotNull(client.getCertificate());
}
Also used : OMCertificateClient(org.apache.hadoop.hdds.security.x509.certificate.client.OMCertificateClient) CertificateClient(org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient) KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) PublicKey(java.security.PublicKey) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) LogCapturer(org.apache.ozone.test.GenericTestUtils.LogCapturer) CertificateCodec(org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec) KeyCodec(org.apache.hadoop.hdds.security.x509.keys.KeyCodec) OMCertificateClient(org.apache.hadoop.hdds.security.x509.certificate.client.OMCertificateClient) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 2 with KeyCodec

use of org.apache.hadoop.hdds.security.x509.keys.KeyCodec in project ozone by apache.

the class TestDefaultCertificateClient method setUp.

@Before
public void setUp() throws Exception {
    OzoneConfiguration config = new OzoneConfiguration();
    config.setStrings(OZONE_SCM_NAMES, "localhost");
    config.setInt(IPC_CLIENT_CONNECT_MAX_RETRIES_KEY, 2);
    final String omPath = GenericTestUtils.getTempPath(UUID.randomUUID().toString());
    final String dnPath = GenericTestUtils.getTempPath(UUID.randomUUID().toString());
    omMetaDirPath = Paths.get(omPath, "test");
    dnMetaDirPath = Paths.get(dnPath, "test");
    config.set(HDDS_METADATA_DIR_NAME, omMetaDirPath.toString());
    omSecurityConfig = new SecurityConfig(config);
    config.set(HDDS_METADATA_DIR_NAME, dnMetaDirPath.toString());
    dnSecurityConfig = new SecurityConfig(config);
    keyGenerator = new HDDSKeyGenerator(omSecurityConfig);
    omKeyCodec = new KeyCodec(omSecurityConfig, OM_COMPONENT);
    dnKeyCodec = new KeyCodec(dnSecurityConfig, DN_COMPONENT);
    Files.createDirectories(omSecurityConfig.getKeyLocation(OM_COMPONENT));
    Files.createDirectories(dnSecurityConfig.getKeyLocation(DN_COMPONENT));
    x509Certificate = generateX509Cert(null);
    certSerialId = x509Certificate.getSerialNumber().toString();
    getCertClient();
}
Also used : HDDSKeyGenerator(org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) OzoneConfiguration(org.apache.hadoop.hdds.conf.OzoneConfiguration) CertificateCodec.getPEMEncodedString(org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec.getPEMEncodedString) KeyCodec(org.apache.hadoop.hdds.security.x509.keys.KeyCodec) Before(org.junit.Before)

Example 3 with KeyCodec

use of org.apache.hadoop.hdds.security.x509.keys.KeyCodec in project ozone by apache.

the class TestKeyCodec method testReWriteKey.

/**
 * Assert key rewrite fails without force option.
 *
 * @throws IOException - on I/O failure.
 */
@Test
public void testReWriteKey() throws Exception {
    KeyPair kp = keyGenerator.generateKey();
    KeyCodec pemWriter = new KeyCodec(securityConfig, component);
    SecurityConfig secConfig = pemWriter.getSecurityConfig();
    pemWriter.writeKey(kp);
    // Assert that rewriting of keys throws exception with valid messages.
    LambdaTestUtils.intercept(IOException.class, "Private Key file already exists.", () -> pemWriter.writeKey(kp));
    FileUtils.deleteQuietly(Paths.get(secConfig.getKeyLocation(component).toString() + "/" + secConfig.getPrivateKeyFileName()).toFile());
    LambdaTestUtils.intercept(IOException.class, "Public Key file already exists.", () -> pemWriter.writeKey(kp));
    FileUtils.deleteQuietly(Paths.get(secConfig.getKeyLocation(component).toString() + "/" + secConfig.getPublicKeyFileName()).toFile());
    // Should succeed now as both public and private key are deleted.
    pemWriter.writeKey(kp);
    // Should succeed with overwrite flag as true.
    pemWriter.writeKey(kp, true);
}
Also used : KeyPair(java.security.KeyPair) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) Test(org.junit.Test)

Example 4 with KeyCodec

use of org.apache.hadoop.hdds.security.x509.keys.KeyCodec in project ozone by apache.

the class TestSecureOzoneCluster method generateKeyPair.

private void generateKeyPair() throws Exception {
    HDDSKeyGenerator keyGenerator = new HDDSKeyGenerator(conf);
    KeyPair keyPair = keyGenerator.generateKey();
    KeyCodec pemWriter = new KeyCodec(new SecurityConfig(conf), COMPONENT);
    pemWriter.writeKey(keyPair, true);
}
Also used : KeyPair(java.security.KeyPair) HDDSKeyGenerator(org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) KeyCodec(org.apache.hadoop.hdds.security.x509.keys.KeyCodec)

Example 5 with KeyCodec

use of org.apache.hadoop.hdds.security.x509.keys.KeyCodec in project ozone by apache.

the class TestDelegationToken method generateKeyPair.

private void generateKeyPair() throws Exception {
    HDDSKeyGenerator keyGenerator = new HDDSKeyGenerator(conf);
    KeyPair keyPair = keyGenerator.generateKey();
    KeyCodec pemWriter = new KeyCodec(new SecurityConfig(conf), COMPONENT);
    pemWriter.writeKey(keyPair, true);
}
Also used : KeyPair(java.security.KeyPair) HDDSKeyGenerator(org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator) SecurityConfig(org.apache.hadoop.hdds.security.x509.SecurityConfig) KeyCodec(org.apache.hadoop.hdds.security.x509.keys.KeyCodec)

Aggregations

SecurityConfig (org.apache.hadoop.hdds.security.x509.SecurityConfig)7 KeyCodec (org.apache.hadoop.hdds.security.x509.keys.KeyCodec)7 KeyPair (java.security.KeyPair)6 HDDSKeyGenerator (org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator)5 OzoneConfiguration (org.apache.hadoop.hdds.conf.OzoneConfiguration)3 X509Certificate (java.security.cert.X509Certificate)2 CertificateCodec (org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec)2 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)2 Before (org.junit.Before)2 Test (org.junit.Test)2 PrivateKey (java.security.PrivateKey)1 PublicKey (java.security.PublicKey)1 CertificateClient (org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient)1 OMCertificateClient (org.apache.hadoop.hdds.security.x509.certificate.client.OMCertificateClient)1 CertificateCodec.getPEMEncodedString (org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec.getPEMEncodedString)1 LogCapturer (org.apache.ozone.test.GenericTestUtils.LogCapturer)1 BeforeClass (org.junit.BeforeClass)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial