You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2013/09/19 23:40:18 UTC

git commit: add cert generation modes via system property for POC of various approaches

Updated Branches:
  refs/heads/master 00e739dff -> afe298efe


add cert generation modes via system property for POC of various approaches

Project: http://git-wip-us.apache.org/repos/asf/incubator-knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-knox/commit/afe298ef
Tree: http://git-wip-us.apache.org/repos/asf/incubator-knox/tree/afe298ef
Diff: http://git-wip-us.apache.org/repos/asf/incubator-knox/diff/afe298ef

Branch: refs/heads/master
Commit: afe298efe8da57c6791ccd009a0c0dfbe1ff2e0d
Parents: 00e739d
Author: Larry McCay <lm...@hortonworks.com>
Authored: Thu Sep 19 17:39:37 2013 -0400
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Thu Sep 19 17:39:37 2013 -0400

----------------------------------------------------------------------
 .../security/impl/DefaultKeystoreService.java   | 34 +++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/afe298ef/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
index 6dd10bb..167b8e2 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
@@ -29,6 +29,7 @@ import org.apache.hadoop.gateway.services.security.KeystoreServiceException;
 
 import java.io.File;
 import java.io.IOException;
+import java.net.InetAddress;
 import java.security.GeneralSecurityException;
 import java.security.Key;
 import java.security.KeyPair;
@@ -39,14 +40,20 @@ import java.security.NoSuchAlgorithmException;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.text.MessageFormat;
 import java.util.Map;
 
 
 public class DefaultKeystoreService extends BaseKeystoreService implements KeystoreService, Service {
 
+  private static final String dnTemplate = "CN={0},OU=Test,O=Hadoop,L=Test,ST=Test,C=US";
   private static final String TEST_CERT_DN = "CN=hadoop.gateway,OU=Test,O=Hadoop,L=Test,ST=Test,C=US";
   private static final String CREDENTIALS_SUFFIX = "-credentials.jceks";
   private static final String GATEWAY_KEYSTORE = "gateway.jks";
+  private static final String CERT_GEN_MODE = "hadoop.gateway.cert.gen.mode";
+  private static final String CERT_GEN_MODE_HADOOP_GATEWAY = "hadoop.gateway";
+  private static final String CERT_GEN_MODE_LOCALHOST = "localhost";
+  private static final String CERT_GEN_MODE_HOSTNAME = "hostname";
   private static GatewayMessages LOG = MessagesFactory.get( GatewayMessages.class );
   private static GatewayResources RES = ResourcesFactory.get( GatewayResources.class );
 
@@ -89,7 +96,24 @@ public class DefaultKeystoreService extends BaseKeystoreService implements Keyst
       keyPairGenerator = KeyPairGenerator.getInstance("RSA");
       keyPairGenerator.initialize(1024);  
       KeyPair KPair = keyPairGenerator.generateKeyPair();
-      X509Certificate cert = generateCertificate(TEST_CERT_DN, KPair, 365, "SHA1withRSA");
+      String certGenMode = System.getProperty(CERT_GEN_MODE, CERT_GEN_MODE_LOCALHOST);
+      X509Certificate cert = null;
+      if (certGenMode.equals(CERT_GEN_MODE_HADOOP_GATEWAY)) {
+        String dn = buildDistinguishedName("hadoop.gateway");
+        cert = generateCertificate(dn, KPair, 365, "SHA1withRSA");
+      }
+      else if(certGenMode.equals(CERT_GEN_MODE_LOCALHOST)) {
+        String dn = buildDistinguishedName("localhost");
+        cert = generateCertificate(dn, KPair, 365, "SHA1withRSA");
+      }
+      else if(certGenMode.equals(CERT_GEN_MODE_HOSTNAME)) {
+        String dn = buildDistinguishedName(InetAddress.getLocalHost().getHostName());
+        cert = generateCertificate(dn, KPair, 365, "SHA1withRSA");
+      }
+      else {
+        String dn = buildDistinguishedName("localhost");
+        cert = generateCertificate(dn, KPair, 365, "SHA1withRSA");
+      }
 
       KeyStore privateKS = getKeystoreForGateway();
       privateKS.setKeyEntry(alias, KPair.getPrivate(),  
@@ -105,6 +129,14 @@ public class DefaultKeystoreService extends BaseKeystoreService implements Keyst
       LOG.failedToAddSeflSignedCertForGateway( alias, e );
     }  
   }
+
+  private String buildDistinguishedName(String hostname) {
+    MessageFormat headerFormatter = new MessageFormat(dnTemplate);
+    String[] paramArray = new String[1];
+    paramArray[0] = hostname;
+    String dn = headerFormatter.format(paramArray);
+    return dn;
+  }
   
   @Override
   public void createCredentialStoreForCluster(String clusterName) {