You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by km...@apache.org on 2014/03/07 19:59:01 UTC
git commit: KNOX-302: Write out the gateway-identity certificate pem
file when set at startup or via knoxcli. Currently disabled.
Repository: knox
Updated Branches:
refs/heads/master f5f2ff438 -> a2905911d
KNOX-302: Write out the gateway-identity certificate pem file when set at startup or via knoxcli. Currently disabled.
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/a2905911
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/a2905911
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/a2905911
Branch: refs/heads/master
Commit: a2905911d9a7d1a92d18dbf29289927b7c402e6e
Parents: f5f2ff4
Author: Kevin Minder <ke...@hortonworks.com>
Authored: Fri Mar 7 13:58:56 2014 -0500
Committer: Kevin Minder <ke...@hortonworks.com>
Committed: Fri Mar 7 13:58:56 2014 -0500
----------------------------------------------------------------------
.../security/impl/DefaultKeystoreService.java | 1 +
.../services/security/impl/BaseKeystoreService.java | 16 ++++++++++++++++
2 files changed, 17 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/a2905911/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
index 207b5ad..be56a60 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
@@ -118,6 +118,7 @@ public class DefaultKeystoreService extends BaseKeystoreService implements Keyst
new java.security.cert.Certificate[]{cert});
writeKeystoreToFile(privateKS, new File( keyStoreDir + GATEWAY_KEYSTORE ));
+ //writeCertificateToFile( cert, new File( keyStoreDir + alias + ".pem" ) );
} catch (NoSuchAlgorithmException e) {
LOG.failedToAddSeflSignedCertForGateway( alias, e );
} catch (GeneralSecurityException e) {
http://git-wip-us.apache.org/repos/asf/knox/blob/a2905911/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/BaseKeystoreService.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/BaseKeystoreService.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/BaseKeystoreService.java
index 3abcb8e..a33bc7d 100644
--- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/BaseKeystoreService.java
+++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/BaseKeystoreService.java
@@ -17,6 +17,7 @@
*/
package org.apache.hadoop.gateway.services.security.impl;
+import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.gateway.i18n.GatewaySpiMessages;
import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
import org.apache.hadoop.gateway.services.security.KeystoreServiceException;
@@ -39,6 +40,8 @@ import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Date;
@@ -245,6 +248,19 @@ public class BaseKeystoreService {
return credential;
}
+ protected void writeCertificateToFile( Certificate cert, final File file ) throws CertificateEncodingException, IOException {
+ byte[] bytes = cert.getEncoded();
+ final FileOutputStream out = new FileOutputStream( file );
+ Base64 encoder = new Base64( 76, "\n".getBytes( "ASCII" ) );
+ try {
+ out.write( "-----BEGIN CERTIFICATE-----\n".getBytes( "ASCII" ) );
+ out.write( encoder.encodeToString( bytes ).getBytes( "ASCII" ) );
+ out.write( "-----END CERTIFICATE-----\n".getBytes( "ASCII" ) );
+ } finally {
+ out.close();
+ }
+ }
+
protected void writeKeystoreToFile(final KeyStore keyStore, final File file)
throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
// TODO: backup the keystore on disk before attempting a write and restore on failure