You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2013/09/21 18:24:49 UTC
git commit: KNOX-137 - add logging to AliasService when certificate
can not be found
Updated Branches:
refs/heads/master 3d2afec68 -> d3cc6164a
KNOX-137 - add logging to AliasService when certificate can not be found
Project: http://git-wip-us.apache.org/repos/asf/incubator-knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-knox/commit/d3cc6164
Tree: http://git-wip-us.apache.org/repos/asf/incubator-knox/tree/d3cc6164
Diff: http://git-wip-us.apache.org/repos/asf/incubator-knox/diff/d3cc6164
Branch: refs/heads/master
Commit: d3cc6164a6d8435fe2b5122c8913fd1a1f0a9574
Parents: 3d2afec
Author: Larry McCay <lm...@hortonworks.com>
Authored: Sat Sep 21 12:24:23 2013 -0400
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Sat Sep 21 12:24:23 2013 -0400
----------------------------------------------------------------------
.../main/java/org/apache/hadoop/gateway/GatewayMessages.java | 4 ++++
.../gateway/services/security/impl/DefaultAliasService.java | 5 ++++-
.../hadoop/gateway/services/security/impl/JettySSLService.java | 2 +-
3 files changed, 9 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/d3cc6164/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
index fc17fd4..539aa8a 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayMessages.java
@@ -25,6 +25,7 @@ import org.apache.hadoop.gateway.i18n.messages.StackTrace;
import java.io.File;
import java.net.URI;
+import java.security.KeyStoreException;
import java.util.Date;
import java.util.Map;
@@ -273,4 +274,7 @@ public interface GatewayMessages {
@Message( level = MessageLevel.INFO, text = "The Gateway SSL certificate is valid between: {0} and {1}." )
void certificateValidityPeriod(Date notBefore, Date notAfter);
+
+ @Message( level = MessageLevel.ERROR, text = "Unable to retrieve certificate for Gateway: {0}." )
+ void unableToRetrieveCertificateForGateway(KeyStoreException e);
}
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/d3cc6164/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultAliasService.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultAliasService.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultAliasService.java
index 4d38400..865a84a 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultAliasService.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultAliasService.java
@@ -22,12 +22,15 @@ import java.security.cert.Certificate;
import java.util.Map;
import java.util.Random;
+import org.apache.hadoop.gateway.GatewayMessages;
import org.apache.hadoop.gateway.config.GatewayConfig;
+import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
import org.apache.hadoop.gateway.services.ServiceLifecycleException;
import org.apache.hadoop.gateway.services.security.AliasService;
import org.apache.hadoop.gateway.services.security.KeystoreService;
public class DefaultAliasService implements AliasService {
+ private static final GatewayMessages LOG = MessagesFactory.get( GatewayMessages.class );
protected char[] chars = { 'a', 'b', 'c', 'd', 'e', 'f', 'g',
'h', 'j', 'k', 'm', 'n', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w',
@@ -119,7 +122,7 @@ public class DefaultAliasService implements AliasService {
try {
cert = this.keystoreService.getKeystoreForGateway().getCertificate(alias);
} catch (KeyStoreException e) {
- // TODO: log appropriately
+ LOG.unableToRetrieveCertificateForGateway(e);
// should we throw an exception?
}
return cert;
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/d3cc6164/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java
index 0e40e99..46df97c 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java
@@ -89,7 +89,7 @@ public class JettySSLService implements SSLService {
}
// let's log the hostname (CN) and cert expiry from the gateway's public cert to aid in SSL debugging
Certificate cert = as.getCertificateForGateway("gateway-identity");
- if (cert instanceof X509Certificate) {
+ if (cert != null && cert instanceof X509Certificate) {
X500Principal x500Principal = ((X509Certificate)cert).getSubjectX500Principal();
X500PrincipalParser parser = new X500PrincipalParser(x500Principal);
log.certificateHostNameForGateway(parser.getCN());