You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2013/09/19 23:40:18 UTC
git commit: add cert generation modes via system property for POC of
various approaches
Updated Branches:
refs/heads/master 00e739dff -> afe298efe
add cert generation modes via system property for POC of various approaches
Project: http://git-wip-us.apache.org/repos/asf/incubator-knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-knox/commit/afe298ef
Tree: http://git-wip-us.apache.org/repos/asf/incubator-knox/tree/afe298ef
Diff: http://git-wip-us.apache.org/repos/asf/incubator-knox/diff/afe298ef
Branch: refs/heads/master
Commit: afe298efe8da57c6791ccd009a0c0dfbe1ff2e0d
Parents: 00e739d
Author: Larry McCay <lm...@hortonworks.com>
Authored: Thu Sep 19 17:39:37 2013 -0400
Committer: Larry McCay <lm...@hortonworks.com>
Committed: Thu Sep 19 17:39:37 2013 -0400
----------------------------------------------------------------------
.../security/impl/DefaultKeystoreService.java | 34 +++++++++++++++++++-
1 file changed, 33 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-knox/blob/afe298ef/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
index 6dd10bb..167b8e2 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
@@ -29,6 +29,7 @@ import org.apache.hadoop.gateway.services.security.KeystoreServiceException;
import java.io.File;
import java.io.IOException;
+import java.net.InetAddress;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
@@ -39,14 +40,20 @@ import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
+import java.text.MessageFormat;
import java.util.Map;
public class DefaultKeystoreService extends BaseKeystoreService implements KeystoreService, Service {
+ private static final String dnTemplate = "CN={0},OU=Test,O=Hadoop,L=Test,ST=Test,C=US";
private static final String TEST_CERT_DN = "CN=hadoop.gateway,OU=Test,O=Hadoop,L=Test,ST=Test,C=US";
private static final String CREDENTIALS_SUFFIX = "-credentials.jceks";
private static final String GATEWAY_KEYSTORE = "gateway.jks";
+ private static final String CERT_GEN_MODE = "hadoop.gateway.cert.gen.mode";
+ private static final String CERT_GEN_MODE_HADOOP_GATEWAY = "hadoop.gateway";
+ private static final String CERT_GEN_MODE_LOCALHOST = "localhost";
+ private static final String CERT_GEN_MODE_HOSTNAME = "hostname";
private static GatewayMessages LOG = MessagesFactory.get( GatewayMessages.class );
private static GatewayResources RES = ResourcesFactory.get( GatewayResources.class );
@@ -89,7 +96,24 @@ public class DefaultKeystoreService extends BaseKeystoreService implements Keyst
keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024);
KeyPair KPair = keyPairGenerator.generateKeyPair();
- X509Certificate cert = generateCertificate(TEST_CERT_DN, KPair, 365, "SHA1withRSA");
+ String certGenMode = System.getProperty(CERT_GEN_MODE, CERT_GEN_MODE_LOCALHOST);
+ X509Certificate cert = null;
+ if (certGenMode.equals(CERT_GEN_MODE_HADOOP_GATEWAY)) {
+ String dn = buildDistinguishedName("hadoop.gateway");
+ cert = generateCertificate(dn, KPair, 365, "SHA1withRSA");
+ }
+ else if(certGenMode.equals(CERT_GEN_MODE_LOCALHOST)) {
+ String dn = buildDistinguishedName("localhost");
+ cert = generateCertificate(dn, KPair, 365, "SHA1withRSA");
+ }
+ else if(certGenMode.equals(CERT_GEN_MODE_HOSTNAME)) {
+ String dn = buildDistinguishedName(InetAddress.getLocalHost().getHostName());
+ cert = generateCertificate(dn, KPair, 365, "SHA1withRSA");
+ }
+ else {
+ String dn = buildDistinguishedName("localhost");
+ cert = generateCertificate(dn, KPair, 365, "SHA1withRSA");
+ }
KeyStore privateKS = getKeystoreForGateway();
privateKS.setKeyEntry(alias, KPair.getPrivate(),
@@ -105,6 +129,14 @@ public class DefaultKeystoreService extends BaseKeystoreService implements Keyst
LOG.failedToAddSeflSignedCertForGateway( alias, e );
}
}
+
+ private String buildDistinguishedName(String hostname) {
+ MessageFormat headerFormatter = new MessageFormat(dnTemplate);
+ String[] paramArray = new String[1];
+ paramArray[0] = hostname;
+ String dn = headerFormatter.format(paramArray);
+ return dn;
+ }
@Override
public void createCredentialStoreForCluster(String clusterName) {