You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@slider.apache.org by jm...@apache.org on 2015/01/13 18:03:58 UTC
incubator-slider git commit: SLIDER-753 add configuration for cert
request
Repository: incubator-slider
Updated Branches:
refs/heads/develop e2c605150 -> 68d57cf2a
SLIDER-753 add configuration for cert request
Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/68d57cf2
Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/68d57cf2
Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/68d57cf2
Branch: refs/heads/develop
Commit: 68d57cf2a9958b45c8f1678b1c72bb9b1a04d422
Parents: e2c6051
Author: Jon Maron <jm...@hortonworks.com>
Authored: Tue Jan 13 12:03:30 2015 -0500
Committer: Jon Maron <jm...@hortonworks.com>
Committed: Tue Jan 13 12:03:30 2015 -0500
----------------------------------------------------------------------
.../services/security/CertificateManager.java | 2 +-
.../server/services/security/SecurityUtils.java | 60 ++++++++++++++++++--
2 files changed, 56 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/68d57cf2/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java
----------------------------------------------------------------------
diff --git a/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java b/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java
index 1fd899c..812f39f 100644
--- a/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java
+++ b/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java
@@ -42,7 +42,7 @@ public class CertificateManager {
private static final String GEN_SRVR_KEY = "openssl genrsa -des3 " +
"-passout pass:{0} -out {1}/{2} 4096 ";
private static final String GEN_SRVR_REQ = "openssl req -passin pass:{0} " +
- "-new -key {1}/{2} -out {1}/{5} -batch";
+ "-new -key {1}/{2} -out {1}/{5} -config {1}/ca.config -batch";
private static final String SIGN_SRVR_CRT = "openssl ca -create_serial " +
"-out {1}/{3} -days 365 -keyfile {1}/{2} -key {0} -selfsign " +
"-extensions jdk7_ca -config {1}/ca.config -batch " +
http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/68d57cf2/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java b/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java
index ecbb637..d525058 100644
--- a/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java
+++ b/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java
@@ -44,10 +44,12 @@ public class SecurityUtils {
private static final Logger LOG =
LoggerFactory.getLogger(SecurityUtils.class);
- private static String CA_CONFIG_CONTENTS ="[ ca ]\n"
+ private static String CA_CONFIG_CONTENTS = "HOME = .\n"
+ + "RANDFILE = $ENV::HOME/.rnd\n\n"
+ + "[ ca ]\n"
+ "default_ca = CA_CLIENT\n"
+ "[ CA_CLIENT ]\n"
- + "dir\t\t = ${SEC_DIR}/db\n"
+ + "dir = ${SEC_DIR}/db\n"
+ "certs = $dir/certs\n"
+ "new_certs_dir = $dir/newcerts\n"
+ "\n"
@@ -62,16 +64,64 @@ public class SecurityUtils {
+ "\n"
+ "[ policy_anything ]\n"
+ "countryName = optional\n"
- + "stateOrProvinceName = optional \n"
+ + "stateOrProvinceName = optional\n"
+ "localityName = optional\n"
+ "organizationName = optional\n"
+ "organizationalUnitName = optional\n"
- + "commonName = optional \n"
- + "emailAddress = optional \n"
+ + "commonName = optional\n"
+ + "emailAddress = optional\n"
+ "\n"
+ + "[ req ]\n"
+ + "default_bits = 2048\n"
+ + "default_md = sha1\n"
+ + "default_keyfile = privkey.pem\n"
+ + "distinguished_name = req_distinguished_name\n"
+ + "attributes = req_attributes\n"
+ + "x509_extensions = v3_ca# The extentions to add to the self signed cert\n"
+ + "\n"
+ + "string_mask = utf8only\n"
+ + "\n"
+ + "[ req_distinguished_name ]\n"
+ + "countryName = Country Name (2 letter code)\n"
+ + "countryName_default = XX\n"
+ + "countryName_min = 2\n"
+ + "countryName_max = 2\n"
+ + "\n"
+ + "stateOrProvinceName = State or Province Name (full name)\n"
+ + "stateOrProvinceName_default= Default Province\n"
+ + "\n"
+ + "localityName= Locality Name (eg, city)\n"
+ + "localityName_default= Default City\n"
+ + "\n"
+ + "0.organizationName= Organization Name (eg, company)\n"
+ + "0.organizationName_default= Default Company Ltd\n"
+ + "\n"
+ + "\n"
+ + "organizationalUnitName= Organizational Unit Name (eg, section)\n"
+ + "organizationalUnitName_default=\n"
+ + "\n"
+ + "commonName= Common Name (eg, your name or your server\\'s hostname)\n"
+ + "commonName_max= 64\n"
+ + "\n"
+ + "emailAddress= Email Address\n"
+ + "emailAddress_max= 64\n"
+ + "\n"
+ + "\n"
+ + "[ req_attributes ]\n"
+ + "challengePassword= A challenge password\n"
+ + "challengePassword_min= 4\n"
+ + "challengePassword_max= 20\n"
+ + "\n"
+ + "unstructuredName= An optional company name\n"
+ "[ jdk7_ca ]\n"
+ "subjectKeyIdentifier = hash\n"
+ "authorityKeyIdentifier = keyid:always,issuer:always\n"
+ + "basicConstraints = CA:true\n"
+ + "[ v3_ca ]\n"
+ + "subjectKeyIdentifier=hash\n"
+ + "\n"
+ + "authorityKeyIdentifier=keyid:always,issuer:always\n"
+ + "\n"
+ "basicConstraints = CA:true";
private static final String PASS_TOKEN = "pass:";