You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oozie.apache.org by di...@apache.org on 2022/12/01 14:34:49 UTC
[oozie] branch master updated: OOZIE-3677 Oozie should accept a keyStoreType and trustStoreType property in oozie-site.xml (jmakai via dionusos)
This is an automated email from the ASF dual-hosted git repository.
dionusos pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/oozie.git
The following commit(s) were added to refs/heads/master by this push:
new efd0b17ac OOZIE-3677 Oozie should accept a keyStoreType and trustStoreType property in oozie-site.xml (jmakai via dionusos)
efd0b17ac is described below
commit efd0b17ac375a479fa34621bed4fe3ac360363bc
Author: Denes Bodo <di...@apache.org>
AuthorDate: Thu Dec 1 15:32:38 2022 +0100
OOZIE-3677 Oozie should accept a keyStoreType and trustStoreType property in oozie-site.xml (jmakai via dionusos)
---
release-log.txt | 1 +
.../apache/oozie/server/EmbeddedOozieServer.java | 27 +++++--
.../oozie/server/SSLServerConnectorFactory.java | 9 +++
.../oozie/server/TestEmbeddedOozieServer.java | 83 ++++++++++++++++++++--
.../server/TestSSLServerConnectorFactory.java | 18 ++++-
5 files changed, 128 insertions(+), 10 deletions(-)
diff --git a/release-log.txt b/release-log.txt
index 9f73a0652..8c658ef7b 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -1,5 +1,6 @@
-- Oozie 5.3.0 release (trunk - unreleased)
+OOZIE-3677 Oozie should accept a keyStoreType and trustStoreType property in oozie-site.xml (jmakai via dionusos)
OOZIE-3678 Reduce the number of NameNode access when starting the Yarn job (jmakai via dionusos)
OOZIE-3670 Actions can stuck while running in a Fork-Join workflow (jmakai via dionusos)
OOZIE-3676 Remove all non FIPS compliant encoding algorithms (jmakai via dionusos)
diff --git a/server/src/main/java/org/apache/oozie/server/EmbeddedOozieServer.java b/server/src/main/java/org/apache/oozie/server/EmbeddedOozieServer.java
index 76c1fd602..5cecf7cf2 100644
--- a/server/src/main/java/org/apache/oozie/server/EmbeddedOozieServer.java
+++ b/server/src/main/java/org/apache/oozie/server/EmbeddedOozieServer.java
@@ -52,8 +52,10 @@ import java.util.Objects;
public class EmbeddedOozieServer {
private static final Logger LOG = LoggerFactory.getLogger(EmbeddedOozieServer.class);
protected static final String OOZIE_HTTPS_TRUSTSTORE_FILE = "oozie.https.truststore.file";
+ protected static final String OOZIE_HTTPS_TRUSTSTORE_TYPE = "oozie.https.truststore.type";
protected static final String OOZIE_HTTPS_TRUSTSTORE_PASS = "oozie.https.truststore.pass";
protected static final String TRUSTSTORE_PATH_SYSTEM_PROPERTY = "javax.net.ssl.trustStore";
+ protected static final String TRUSTSTORE_TYPE_SYSTEM_PROPERTY = "javax.net.ssl.trustStoreType";
protected static final String TRUSTSTORE_PASS_SYSTEM_PROPERTY = "javax.net.ssl.trustStorePassword";
private static String contextPath;
protected Server server;
@@ -124,6 +126,7 @@ public class EmbeddedOozieServer {
HandlerCollection handlerCollection = new HandlerCollection();
setTrustStore();
+ setTrustStoreType();
setTrustStorePassword();
if (isSecured()) {
@@ -166,6 +169,21 @@ public class EmbeddedOozieServer {
}
}
+ /**
+ * set the truststore type from the config file, if is not set by the user
+ */
+ private void setTrustStoreType() {
+ if (System.getProperty(TRUSTSTORE_TYPE_SYSTEM_PROPERTY) == null) {
+ final String trustStoreType = conf.get(OOZIE_HTTPS_TRUSTSTORE_TYPE);
+ if (trustStoreType != null) {
+ LOG.info("Setting javax.net.ssl.trustStoreType from config file");
+ System.setProperty(TRUSTSTORE_TYPE_SYSTEM_PROPERTY, trustStoreType);
+ }
+ } else {
+ LOG.info("javax.net.ssl.trustStoreType is already set. The value from config file will be ignored");
+ }
+ }
+
/**
* set the truststore password from the config file, if is not set by the user
*/
@@ -259,7 +277,7 @@ public class EmbeddedOozieServer {
try {
shutdown();
} catch (final Exception e) {
- LOG.error(String.format("There were errors during shutdown. Error message: %s", e.getMessage()));
+ LOG.error("There were errors during shutdown.", e);
}
}
});
@@ -271,9 +289,8 @@ public class EmbeddedOozieServer {
EmbeddedOozieServer embeddedOozieServer = null;
try {
embeddedOozieServer = guiceInjector.getInstance(EmbeddedOozieServer.class);
- }
- catch (final ProvisionException ex) {
- LOG.error(ex.getMessage());
+ } catch (final ProvisionException ex) {
+ LOG.error("Failed to get EmbeddedOozieServer", ex);
System.exit(1);
}
@@ -282,7 +299,7 @@ public class EmbeddedOozieServer {
try {
embeddedOozieServer.start();
} catch (final Exception e) {
- LOG.error(String.format("Could not start EmbeddedOozieServer! Error message: %s", e.getMessage()));
+ LOG.error("Could not start EmbeddedOozieServer!", e);
System.exit(1);
}
embeddedOozieServer.join();
diff --git a/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java b/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java
index 89f54f422..3ba073a8e 100644
--- a/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java
+++ b/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java
@@ -45,6 +45,7 @@ class SSLServerConnectorFactory {
private static final Logger LOG = LoggerFactory.getLogger(SSLServerConnectorFactory.class);
public static final String OOZIE_HTTPS_KEYSTORE_PASS = "oozie.https.keystore.pass";
public static final String OOZIE_HTTPS_KEYSTORE_FILE = "oozie.https.keystore.file";
+ public static final String OOZIE_HTTPS_KEYSTORE_TYPE = "oozie.https.keystore.type";
public static final String OOZIE_HTTPS_EXCLUDE_PROTOCOLS = "oozie.https.exclude.protocols";
public static final String OOZIE_HTTPS_INCLUDE_PROTOCOLS = "oozie.https.include.protocols";
public static final String OOZIE_HTTPS_INCLUDE_CIPHER_SUITES = "oozie.https.include.cipher.suites";
@@ -83,6 +84,7 @@ class SSLServerConnectorFactory {
setExludeCipherSuites();
setKeyStoreFile();
+ setKeyStoreType();
setKeystorePass();
HttpConfiguration httpsConfiguration = getHttpsConfiguration();
@@ -146,6 +148,13 @@ class SSLServerConnectorFactory {
sslContextFactory.setKeyStorePath(keystoreFile);
}
+ private void setKeyStoreType() {
+ String keyStoreType = conf.get(OOZIE_HTTPS_KEYSTORE_TYPE);
+ if(keyStoreType != null) {
+ sslContextFactory.setKeyStoreType(keyStoreType);
+ }
+ }
+
private HttpConfiguration getHttpsConfiguration() {
HttpConfiguration https = new HttpConfigurationWrapper(conf).getDefaultHttpConfiguration();
https.setSecureScheme("https");
diff --git a/server/src/test/java/org/apache/oozie/server/TestEmbeddedOozieServer.java b/server/src/test/java/org/apache/oozie/server/TestEmbeddedOozieServer.java
index e144daea9..a2ce8a769 100644
--- a/server/src/test/java/org/apache/oozie/server/TestEmbeddedOozieServer.java
+++ b/server/src/test/java/org/apache/oozie/server/TestEmbeddedOozieServer.java
@@ -35,21 +35,26 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
+import org.mockito.Mockito;
import org.mockito.Spy;
import org.mockito.runners.MockitoJUnitRunner;
import java.io.IOException;
import java.net.URISyntaxException;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyInt;
-import static org.mockito.ArgumentMatchers.anyObject;
-import static org.mockito.ArgumentMatchers.isA;
+import static org.apache.oozie.server.EmbeddedOozieServer.OOZIE_HTTPS_TRUSTSTORE_TYPE;
+import static org.apache.oozie.server.EmbeddedOozieServer.TRUSTSTORE_TYPE_SYSTEM_PROPERTY;
+import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.anyInt;
+import static org.mockito.Matchers.anyObject;
+import static org.mockito.Matchers.isA;
import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.doNothing;
+import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.mockito.Mockito.when;
/**
* Server tests
@@ -176,4 +181,74 @@ public class TestEmbeddedOozieServer {
doReturn("INVALID_PORT").when(mockConfiguration).get("oozie.http.port");
embeddedOozieServer.setup();
}
+
+ @Test
+ public void testTrustStoreTypeSetFromConfigIfNotSetInSystemProperties()
+ throws ServiceException, IOException, URISyntaxException {
+
+ ConfigurationService configurationService = mock(ConfigurationService.class);
+ String truststoreType = "MY-TRUSTSTORE-TYPE";
+
+ // clearing system property
+ System.clearProperty(TRUSTSTORE_TYPE_SYSTEM_PROPERTY);
+
+ when(mockConfiguration.get(Mockito.eq(OOZIE_HTTPS_TRUSTSTORE_TYPE))).thenReturn(truststoreType);
+ when(configurationService.getConf()).thenReturn(mockConfiguration);
+ when(mockServices.get(Mockito.eq(ConfigurationService.class))).thenReturn(configurationService);
+
+ // when
+ embeddedOozieServer.setup();
+
+ // then
+ Assert.assertEquals(truststoreType, System.getProperty(TRUSTSTORE_TYPE_SYSTEM_PROPERTY));
+
+ // to satisfy test teardown
+ verify(mockJspHandler).setupWebAppContext(isA(WebAppContext.class));
+ }
+
+ @Test
+ public void testTrustStoreTypeNotSetFromConfigIfSetInSystemProperties()
+ throws ServiceException, IOException, URISyntaxException {
+
+ ConfigurationService configurationService = mock(ConfigurationService.class);
+ String truststoreTypeFromProperty = "MY-TRUSTSTORE-TYPE-PROPERTY";
+
+ // setting system property
+ System.setProperty(TRUSTSTORE_TYPE_SYSTEM_PROPERTY, truststoreTypeFromProperty);
+
+ when(configurationService.getConf()).thenReturn(mockConfiguration);
+ when(mockServices.get(Mockito.eq(ConfigurationService.class))).thenReturn(configurationService);
+
+ // when
+ embeddedOozieServer.setup();
+
+ // then
+ Assert.assertEquals(truststoreTypeFromProperty, System.getProperty(TRUSTSTORE_TYPE_SYSTEM_PROPERTY));
+
+ // to satisfy test teardown
+ verify(mockJspHandler).setupWebAppContext(isA(WebAppContext.class));
+ }
+
+
+ @Test
+ public void testTrustStoreTypeNotSetIfNotProvidedAtAll()
+ throws ServiceException, IOException, URISyntaxException {
+
+ ConfigurationService configurationService = mock(ConfigurationService.class);
+
+ // clearing system property
+ System.clearProperty(TRUSTSTORE_TYPE_SYSTEM_PROPERTY);
+
+ when(configurationService.getConf()).thenReturn(mockConfiguration);
+ when(mockServices.get(Mockito.eq(ConfigurationService.class))).thenReturn(configurationService);
+
+ // when
+ embeddedOozieServer.setup();
+
+ // then
+ Assert.assertNull(System.getProperty(TRUSTSTORE_TYPE_SYSTEM_PROPERTY));
+
+ // to satisfy test teardown
+ verify(mockJspHandler).setupWebAppContext(isA(WebAppContext.class));
+ }
}
diff --git a/server/src/test/java/org/apache/oozie/server/TestSSLServerConnectorFactory.java b/server/src/test/java/org/apache/oozie/server/TestSSLServerConnectorFactory.java
index 97052929a..e6b246ac8 100644
--- a/server/src/test/java/org/apache/oozie/server/TestSSLServerConnectorFactory.java
+++ b/server/src/test/java/org/apache/oozie/server/TestSSLServerConnectorFactory.java
@@ -29,6 +29,7 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
+
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Spy;
@@ -42,9 +43,11 @@ import static org.apache.oozie.server.SSLServerConnectorFactory.OOZIE_HTTPS_INCL
import static org.apache.oozie.server.SSLServerConnectorFactory.OOZIE_HTTPS_INCLUDE_PROTOCOLS;
import static org.apache.oozie.server.SSLServerConnectorFactory.OOZIE_HTTPS_KEYSTORE_FILE;
import static org.apache.oozie.server.SSLServerConnectorFactory.OOZIE_HTTPS_KEYSTORE_PASS;
+import static org.apache.oozie.server.SSLServerConnectorFactory.OOZIE_HTTPS_KEYSTORE_TYPE;
import static org.apache.oozie.util.ConfigUtils.OOZIE_HTTP_PORT;
import static org.junit.Assert.assertEquals;
-import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Matchers.anyString;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
@@ -65,6 +68,7 @@ public class TestSSLServerConnectorFactory {
@Before public void setUp() {
testConfig = new Configuration();
testConfig.set(OOZIE_HTTPS_KEYSTORE_FILE, "test_keystore_file");
+ testConfig.set(OOZIE_HTTPS_KEYSTORE_TYPE, "test_keystore_type");
testConfig.set(OOZIE_HTTPS_KEYSTORE_PASS, "keypass");
testConfig.set(OOZIE_HTTP_PORT, "11000");
testConfig.set(OOZIE_HTTP_REQUEST_HEADER_SIZE, "65536");
@@ -175,4 +179,16 @@ public class TestSSLServerConnectorFactory {
long actualMaxAge = factory.getHttpConfiguration().getCustomizer(SecureRequestCustomizer.class).getStsMaxAge();
assertEquals("HSTS max age mismatch", expectedMaxAge, actualMaxAge);
}
+
+ @Test
+ public void testKeyStoreTypeSetSelectedValue() {
+ String keyStoreType = "MY-KEYSTORE-TYPE";
+ testConfig.set(OOZIE_HTTPS_KEYSTORE_TYPE, keyStoreType);
+
+ // when
+ sslServerConnectorFactory.createSecureServerConnector(42, testConfig, mockServer);
+
+ // then
+ verify(mockSSLContextFactory).setKeyStoreType(eq(keyStoreType));
+ }
}