You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by km...@apache.org on 2014/03/07 19:59:01 UTC

git commit: KNOX-302: Write out the gateway-identity certificate pem file when set at startup or via knoxcli. Currently disabled.

Repository: knox
Updated Branches:
  refs/heads/master f5f2ff438 -> a2905911d


KNOX-302: Write out the gateway-identity certificate pem file when set at startup or via knoxcli.  Currently disabled.


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/a2905911
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/a2905911
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/a2905911

Branch: refs/heads/master
Commit: a2905911d9a7d1a92d18dbf29289927b7c402e6e
Parents: f5f2ff4
Author: Kevin Minder <ke...@hortonworks.com>
Authored: Fri Mar 7 13:58:56 2014 -0500
Committer: Kevin Minder <ke...@hortonworks.com>
Committed: Fri Mar 7 13:58:56 2014 -0500

----------------------------------------------------------------------
 .../security/impl/DefaultKeystoreService.java       |  1 +
 .../services/security/impl/BaseKeystoreService.java | 16 ++++++++++++++++
 2 files changed, 17 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/a2905911/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
index 207b5ad..be56a60 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/DefaultKeystoreService.java
@@ -118,6 +118,7 @@ public class DefaultKeystoreService extends BaseKeystoreService implements Keyst
           new java.security.cert.Certificate[]{cert});  
       
       writeKeystoreToFile(privateKS, new File( keyStoreDir + GATEWAY_KEYSTORE  ));
+      //writeCertificateToFile( cert, new File( keyStoreDir + alias + ".pem" ) );
     } catch (NoSuchAlgorithmException e) {
       LOG.failedToAddSeflSignedCertForGateway( alias, e );
     } catch (GeneralSecurityException e) {

http://git-wip-us.apache.org/repos/asf/knox/blob/a2905911/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/BaseKeystoreService.java
----------------------------------------------------------------------
diff --git a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/BaseKeystoreService.java b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/BaseKeystoreService.java
index 3abcb8e..a33bc7d 100644
--- a/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/BaseKeystoreService.java
+++ b/gateway-spi/src/main/java/org/apache/hadoop/gateway/services/security/impl/BaseKeystoreService.java
@@ -17,6 +17,7 @@
  */
 package org.apache.hadoop.gateway.services.security.impl;
 
+import org.apache.commons.codec.binary.Base64;
 import org.apache.hadoop.gateway.i18n.GatewaySpiMessages;
 import org.apache.hadoop.gateway.i18n.messages.MessagesFactory;
 import org.apache.hadoop.gateway.services.security.KeystoreServiceException;
@@ -39,6 +40,8 @@ import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.SecureRandom;
 import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.Date;
@@ -245,6 +248,19 @@ public class BaseKeystoreService {
     return credential;
   }
 
+  protected void writeCertificateToFile( Certificate cert, final File file ) throws CertificateEncodingException, IOException {
+    byte[] bytes = cert.getEncoded();
+    final FileOutputStream out = new FileOutputStream( file );
+    Base64 encoder = new Base64( 76, "\n".getBytes( "ASCII" ) );
+    try {
+      out.write( "-----BEGIN CERTIFICATE-----\n".getBytes( "ASCII" ) );
+      out.write( encoder.encodeToString( bytes ).getBytes( "ASCII" ) );
+      out.write( "-----END CERTIFICATE-----\n".getBytes( "ASCII" ) );
+    } finally {
+      out.close();
+    }
+  }
+
   protected void writeKeystoreToFile(final KeyStore keyStore, final File file)
       throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
      // TODO: backup the keystore on disk before attempting a write and restore on failure