You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ma...@apache.org on 2013/06/27 20:16:06 UTC
svn commit: r1497482 - in /incubator/ambari/trunk/ambari-server/src:
main/python/ambari-server.py test/python/TestAmbaryServer.py
Author: mahadev
Date: Thu Jun 27 18:16:06 2013
New Revision: 1497482
URL: http://svn.apache.org/r1497482
Log:
AMBARI-2511. NPE in AmbariServer startup with HTTPS configured. (Dmitry Sen via mahadev)
Modified:
incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py
incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py
Modified: incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py?rev=1497482&r1=1497481&r2=1497482&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py (original)
+++ incubator/ambari/trunk/ambari-server/src/main/python/ambari-server.py Thu Jun 27 18:16:06 2013
@@ -39,6 +39,7 @@ import socket
import datetime
import socket
import tempfile
+import random
# debug settings
VERBOSE = False
@@ -93,6 +94,7 @@ RECURSIVE_RM_CMD = 'rm -rf {0}'
# openssl command
EXPRT_KSTR_CMD = "openssl pkcs12 -export -in {0} -inkey {1} -certfile {0} -out {3} -password pass:{2} -passin pass:{2}"
+CHANGE_KEY_PWD_CND = 'openssl rsa -in {0} -des3 -out {0}.secured -passout pass:{1}'
# constants
STACK_NAME_VER_SEP = "-"
@@ -161,6 +163,7 @@ SSL_CERT_FILE_NAME = "ca.crt"
SSL_KEY_FILE_NAME = "ca.key"
SSL_KEYSTORE_FILE_NAME = "keystore.p12"
SSL_KEY_PASSWORD_FILE_NAME = "pass.txt"
+SSL_KEY_PASSWORD_LENGTH = 50
DEFAULT_SSL_API_PORT = 8443
JDBC_RCA_PASSWORD_ALIAS = "ambari.db.password"
@@ -2707,12 +2710,24 @@ def import_cert_and_key(security_server_
import_key_path = get_validated_filepath_input(\
"Please enter path to Private Key: ", "Private Key not found")
pem_password = get_validated_string_input("Please enter password for private key: ", "", None, None, True)
- keystoreFilePath = os.path.join(security_server_keys_dir,\
- SSL_KEYSTORE_FILE_NAME)
- passFilePath = os.path.join(security_server_keys_dir,\
- SSL_KEY_PASSWORD_FILE_NAME)
- retcode, out, err = run_os_command(EXPRT_KSTR_CMD.format(import_cert_path,\
- import_key_path, pem_password, keystoreFilePath))
+
+ #jetty requires private key files with non-empty key passwords
+ retcode = 0
+ err = ''
+ if not pem_password:
+ #print message here
+ pem_password = generate_random_string()
+ retcode, out, err = run_os_command(CHANGE_KEY_PWD_CND.format(
+ import_key_path, pem_password))
+ import_key_path += '.secured'
+
+ if retcode == 0:
+ keystoreFilePath = os.path.join(security_server_keys_dir,\
+ SSL_KEYSTORE_FILE_NAME)
+ passFilePath = os.path.join(security_server_keys_dir,\
+ SSL_KEY_PASSWORD_FILE_NAME)
+ retcode, out, err = run_os_command(EXPRT_KSTR_CMD.format(import_cert_path,\
+ import_key_path, pem_password, keystoreFilePath))
if retcode == 0:
print 'Importing and saving certificate...done.'
@@ -2734,7 +2749,10 @@ def import_cert_and_key(security_server_
def import_file_to_keystore(source, destination):
shutil.copy(source, destination)
set_file_permissions(destination, "660", read_ambari_user(), "root", False)
-
+
+def generate_random_string(length=SSL_KEY_PASSWORD_LENGTH):
+ chars = string.digits + string.ascii_letters
+ return ''.join(random.choice(chars) for x in range(length))
def get_validated_filepath_input(prompt, description, default=None):
input = False
Modified: incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py
URL: http://svn.apache.org/viewvc/incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py?rev=1497482&r1=1497481&r2=1497482&view=diff
==============================================================================
--- incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py (original)
+++ incubator/ambari/trunk/ambari-server/src/test/python/TestAmbaryServer.py Thu Jun 27 18:16:06 2013
@@ -1116,26 +1116,63 @@ class TestAmbariServer(TestCase):
os_path_join_mock, run_os_command_mock,\
open_mock, import_file_to_keystore_mock,\
set_file_permissions_mock, read_ambari_user_mock):
- get_validated_string_input_mock.return_value = "password"
- get_validated_filepath_input_mock.side_effect = \
+ get_validated_string_input_mock.return_value = "password"
+ get_validated_filepath_input_mock.side_effect = \
["cert_file_path","key_file_path"]
- os_path_join_mock.side_effect = ["cert_file_path","key_file_path",\
+ os_path_join_mock.side_effect = ["cert_file_path","key_file_path",\
"keystore_cert_file_path",\
"keystore_cert_key_file_path",]
- run_os_command_mock.return_value = (0, "", "")
- om = open_mock.return_value
- expect_import_file_to_keystore = "[call('cert_file_path',"+\
+ run_os_command_mock.return_value = (0, "", "")
+ om = open_mock.return_value
+ expect_import_file_to_keystore = "[call('cert_file_path',"+\
" 'keystore_cert_file_path'),\n"+\
" call('key_file_path',"+\
" 'keystore_cert_key_file_path')]"
- ambari_server.import_cert_and_key("key_dir")
- self.assertTrue(get_validated_filepath_input_mock.call_count == 2)
- self.assertTrue(get_validated_string_input_mock.called)
- self.assertTrue(os_path_join_mock.call_count == 4)
- self.assertTrue(set_file_permissions_mock.call_count == 2)
- self.assertEqual(str(import_file_to_keystore_mock.call_args_list),\
- expect_import_file_to_keystore)
+ ambari_server.import_cert_and_key("key_dir")
+ self.assertTrue(get_validated_filepath_input_mock.call_count == 2)
+ self.assertTrue(get_validated_string_input_mock.called)
+ self.assertTrue(os_path_join_mock.call_count == 4)
+ self.assertTrue(set_file_permissions_mock.call_count == 2)
+ self.assertEqual(str(import_file_to_keystore_mock.call_args_list),\
+ expect_import_file_to_keystore)
+
+ @patch.object(ambari_server, "generate_random_string")
+ @patch.object(ambari_server, "read_ambari_user")
+ @patch.object(ambari_server, "set_file_permissions")
+ @patch.object(ambari_server, "import_file_to_keystore")
+ @patch("__builtin__.open")
+ @patch.object(ambari_server, "run_os_command")
+ @patch("os.path.join")
+ @patch.object(ambari_server, "get_validated_filepath_input")
+ @patch.object(ambari_server, "get_validated_string_input")
+ def test_import_cert_and_key_with_empty_password(self, \
+ get_validated_string_input_mock, get_validated_filepath_input_mock,\
+ os_path_join_mock, run_os_command_mock, open_mock, \
+ import_file_to_keystore_mock, set_file_permissions_mock,
+ read_ambari_user_mock, generate_random_string_mock):
+
+ get_validated_string_input_mock.return_value = ""
+ get_validated_filepath_input_mock.side_effect =\
+ ["cert_file_path","key_file_path"]
+ os_path_join_mock.side_effect = ["cert_file_path","key_file_path",\
+ "keystore_cert_file_path",\
+ "keystore_cert_key_file_path",]
+ run_os_command_mock.return_value = (0, "", "")
+
+ expect_import_file_to_keystore = "[call('cert_file_path',"+\
+ " 'keystore_cert_file_path'),\n"+\
+ " call('key_file_path.secured',"+\
+ " 'keystore_cert_key_file_path')]"
+
+ ambari_server.import_cert_and_key("key_dir")
+ self.assertEquals(get_validated_filepath_input_mock.call_count, 2)
+ self.assertTrue(get_validated_string_input_mock.called)
+ self.assertEquals(os_path_join_mock.call_count, 4)
+ self.assertEquals(set_file_permissions_mock.call_count, 2)
+ self.assertEqual(str(import_file_to_keystore_mock.call_args_list),\
+ expect_import_file_to_keystore)
+ self.assertTrue(generate_random_string_mock.called)
@patch.object(ambari_server, "run_os_command")
@patch("__builtin__.open")
@@ -3021,6 +3058,14 @@ class TestAmbariServer(TestCase):
self.assertTrue(read_password_method.called)
sys.stdout = sys.__stdout__
+
+ def test_generate_random_string(self):
+ random_str_len = 100
+ str1 = ambari_server.generate_random_string(random_str_len)
+ self.assertTrue(len(str1) == random_str_len)
+
+ str2 = ambari_server.generate_random_string(random_str_len)
+ self.assertTrue(str1 != str2)