You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2013/09/21 18:24:49 UTC

git commit: KNOX-137 - add logging to AliasService when certificate can not be found

Updated Branches:
  refs/heads/master 3d2afec68 -> d3cc6164a


KNOX-137 - add logging to AliasService when certificate can not be found

Project: http://git-wip-us.apache.org/repos/asf/incubator-knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-knox/commit/d3cc6164
Tree: http://git-wip-us.apache.org/repos/asf/incubator-knox/tree/d3cc6164
Diff: http://git-wip-us.apache.org/repos/asf/incubator-knox/diff/d3cc6164

Branch: refs/heads/master
Commit: d3cc6164a6d8435fe2b5122c8913fd1a1f0a9574
Parents: 3d2afec
Author: Larry McCay <lm...@hortonworks.com>
Authored: Sat Sep 21 12:24:23 2013 -0400
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Sat Sep 21 12:24:23 2013 -0400

----------------------------------------------------------------------
 .../main/java/org/apache/hadoop/gateway/GatewayMessages.java    | 4 ++++
 .../gateway/services/security/impl/DefaultAliasService.java     | 5 ++++-
 .../hadoop/gateway/services/security/impl/JettySSLService.java  | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/d3cc6164/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
index fc17fd4..539aa8a 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
@@ -25,6 +25,7 @@ import org.apache.hadoop.gateway.i18n.messages.StackTrace;
 
 import java.io.File;
 import java.net.URI;
+import java.security.KeyStoreException;
 import java.util.Date;
 import java.util.Map;
 
@@ -273,4 +274,7 @@ public interface GatewayMessages {
 
   @Message( level = MessageLevel.INFO, text = "The Gateway SSL certificate is valid between: {0} and {1}." )
   void certificateValidityPeriod(Date notBefore, Date notAfter);
+
+  @Message( level = MessageLevel.ERROR, text = "Unable to retrieve certificate for Gateway: {0}." )
+  void unableToRetrieveCertificateForGateway(KeyStoreException e);
 }

http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/d3cc6164/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultAliasService.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultAliasService.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultAliasService.java
index 4d38400..865a84a 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultAliasService.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultAliasService.java
@@ -22,12 +22,15 @@ import java.security.cert.Certificate;
 import java.util.Map;
 import java.util.Random;
 
+import org.apache.hadoop.gateway.GatewayMessages;
 import org.apache.hadoop.gateway.config.GatewayConfig;
+import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
 import org.apache.hadoop.gateway.services.ServiceLifecycleException;
 import org.apache.hadoop.gateway.services.security.AliasService;
 import org.apache.hadoop.gateway.services.security.KeystoreService;
 
 public class DefaultAliasService implements AliasService {
+  private static final GatewayMessages LOG = MessagesFactory.get( GatewayMessages.class ); 
 
   protected char[] chars = { 'a', 'b', 'c', 'd', 'e', 'f', 'g',
   'h', 'j', 'k', 'm', 'n', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w',
@@ -119,7 +122,7 @@ public class DefaultAliasService implements AliasService {
     try {
       cert = this.keystoreService.getKeystoreForGateway().getCertificate(alias);
     } catch (KeyStoreException e) {
-      // TODO: log appropriately
+      LOG.unableToRetrieveCertificateForGateway(e);
       // should we throw an exception?
     }
     return cert;

http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/d3cc6164/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java
index 0e40e99..46df97c 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java
@@ -89,7 +89,7 @@ public class JettySSLService implements SSLService {
       }
       // let's log the hostname (CN) and cert expiry from the gateway's public cert to aid in SSL debugging
       Certificate cert = as.getCertificateForGateway("gateway-identity");
-      if (cert instanceof X509Certificate) {
+      if (cert != null && cert instanceof X509Certificate) {
         X500Principal x500Principal = ((X509Certificate)cert).getSubjectX500Principal();
         X500PrincipalParser parser = new X500PrincipalParser(x500Principal);
         log.certificateHostNameForGateway(parser.getCN());