You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by mg...@apache.org on 2017/02/27 09:30:28 UTC
ambari git commit: AMBARI-20193 Log Search Portal is not working with
HTTPS with it's own created Key Store (mgergely)
Repository: ambari
Updated Branches:
refs/heads/trunk 2fc354e5c -> eb784aaa1
AMBARI-20193 Log Search Portal is not working with HTTPS with it's own created Key Store (mgergely)
Change-Id: I94555222f16dec59a5be80e273a9fbc25e47ba68
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/eb784aaa
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/eb784aaa
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/eb784aaa
Branch: refs/heads/trunk
Commit: eb784aaa1f21f98982a405ab2da5f0e659f96102
Parents: 2fc354e
Author: Miklos Gergely <mg...@hortonworks.com>
Authored: Mon Feb 27 10:30:21 2017 +0100
Committer: Miklos Gergely <mg...@hortonworks.com>
Committed: Mon Feb 27 10:30:21 2017 +0100
----------------------------------------------------------------------
.../java/org/apache/ambari/logsearch/util/SSLUtil.java | 7 +++++--
ambari-logsearch/docker/bin/start.sh | 12 +++++++-----
ambari-logsearch/docker/logsearch-docker.sh | 2 +-
.../docker/test-config/logsearch/logsearch-env.sh | 4 ++--
4 files changed, 15 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/eb784aaa/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java
index ea3474f..d4b6544 100644
--- a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java
+++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java
@@ -26,6 +26,7 @@ import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.hadoop.conf.Configuration;
+import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
@@ -289,7 +290,9 @@ public class SSLUtil {
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
BcContentSignerBuilder sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
- SubjectPublicKeyInfo pubKey = new SubjectPublicKeyInfo(sigAlgId, rsaPublicKey.getEncoded());
+ ASN1InputStream publicKeyStream = new ASN1InputStream(rsaPublicKey.getEncoded());
+ SubjectPublicKeyInfo pubKey = SubjectPublicKeyInfo.getInstance(publicKeyStream.readObject());
+ publicKeyStream.close();
X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder(
new X500Name("CN=" + domainName + ", OU=None, O=None L=None, C=None"),
@@ -304,7 +307,7 @@ public class SSLUtil {
X509CertificateHolder certificateHolder = v3CertBuilder.build(contentSigner);
- JcaX509CertificateConverter certConverter = new JcaX509CertificateConverter();
+ JcaX509CertificateConverter certConverter = new JcaX509CertificateConverter().setProvider("BC");
return certConverter.getCertificate(certificateHolder);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/eb784aaa/ambari-logsearch/docker/bin/start.sh
----------------------------------------------------------------------
diff --git a/ambari-logsearch/docker/bin/start.sh b/ambari-logsearch/docker/bin/start.sh
index 4c60981..f9e0e8d 100644
--- a/ambari-logsearch/docker/bin/start.sh
+++ b/ambari-logsearch/docker/bin/start.sh
@@ -59,11 +59,13 @@ function create_config() {
}
function generate_keys() {
- IP=`hostname --ip-address`
- echo "generating stores for IP: $IP"
- mkdir /root/config/ssl
- keytool -genkeypair -alias logsearch -keyalg RSA -keysize 2048 -keypass bigdata -storepass bigdata -validity 9999 -keystore /root/config/ssl/logsearch.keyStore.jks -ext SAN=DNS:localhost,IP:127.0.0.1,IP:$IP -dname "CN=Common Name, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country" -rfc
- cp /root/config/ssl/logsearch.keyStore.jks /root/config/ssl/logsearch.trustStore.jks
+ if [ $GENERATE_KEYSTORE_AT_START == 'true' ]
+ then
+ IP=`hostname --ip-address`
+ echo "generating stores for IP: $IP"
+ mkdir -p /etc/ambari-logsearch-portal/conf/keys/
+ keytool -genkeypair -alias logsearch -keyalg RSA -keysize 2048 -keypass bigdata -storepass bigdata -validity 9999 -keystore /etc/ambari-logsearch-portal/conf/keys/logsearch.jks -ext SAN=DNS:localhost,IP:127.0.0.1,IP:$IP -dname "CN=Common Name, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country" -rfc
+ fi
}
function start_solr() {
http://git-wip-us.apache.org/repos/asf/ambari/blob/eb784aaa/ambari-logsearch/docker/logsearch-docker.sh
----------------------------------------------------------------------
diff --git a/ambari-logsearch/docker/logsearch-docker.sh b/ambari-logsearch/docker/logsearch-docker.sh
index 76994ee..a2df90f 100755
--- a/ambari-logsearch/docker/logsearch-docker.sh
+++ b/ambari-logsearch/docker/logsearch-docker.sh
@@ -57,7 +57,7 @@ function setup_profile() {
AMBARI_LOCATION=$HOME/prj/ambari
MAVEN_REPOSITORY_LOCATION=$HOME/.m2
LOGSEARCH_EXPOSED_PORTS="-p 8886:8886 -p 61888:61888 -p 5005:5005 -p 5006:5006"
-LOGSEARCH_ENV_OPTS="-e LOGFEEDER_DEBUG_SUSPEND=n -e LOGSEARCH_DEBUG_SUSPEND=n -e COMPONENT_LOG=logsearch -e LOGSEARCH_HTTPS_ENABLED=false -e LOGSEARCH_SOLR_SSL_ENABLED=false"
+LOGSEARCH_ENV_OPTS="-e LOGFEEDER_DEBUG_SUSPEND=n -e LOGSEARCH_DEBUG_SUSPEND=n -e COMPONENT_LOG=logsearch -e LOGSEARCH_HTTPS_ENABLED=false -e LOGSEARCH_SOLR_SSL_ENABLED=false -e GENERATE_KEYSTORE_AT_START=false"
LOGSEARCH_VOLUME_OPTS="-v $AMBARI_LOCATION/ambari-logsearch/docker/test-logs:/root/test-logs -v $AMBARI_LOCATION/ambari-logsearch/docker/test-config:/root/test-config"
http://git-wip-us.apache.org/repos/asf/ambari/blob/eb784aaa/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh
----------------------------------------------------------------------
diff --git a/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh b/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh
index 8d92e20..0565bd7 100644
--- a/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh
+++ b/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh
@@ -36,7 +36,7 @@ export LOGSEARCH_DEBUG=true
export LOGSEARCH_DEBUG_PORT=5005
export LOGSEARCH_SSL="true"
-export LOGSEARCH_KEYSTORE_LOCATION=/root/config/ssl/logsearch.keyStore.jks
+export LOGSEARCH_KEYSTORE_LOCATION=/etc/ambari-logsearch-portal/conf/keys/logsearch.jks
export LOGSEARCH_KEYSTORE_TYPE=jks
-export LOGSEARCH_TRUSTSTORE_LOCATION=/root/config/ssl/logsearch.trustStore.jks
+export LOGSEARCH_TRUSTSTORE_LOCATION=/etc/ambari-logsearch-portal/conf/keys/logsearch.jks
export LOGSEARCH_TRUSTSTORE_TYPE=jks