You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by bs...@apache.org on 2020/06/18 21:26:44 UTC
[geode] branch support/1.13 updated: GEODE-8277: acceptance test
certificates expired in Dockerized SNI acceptance tests (#5274)
This is an automated email from the ASF dual-hosted git repository.
bschuchardt pushed a commit to branch support/1.13
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/support/1.13 by this push:
new 3dc3237 GEODE-8277: acceptance test certificates expired in Dockerized SNI acceptance tests (#5274)
3dc3237 is described below
commit 3dc32370b8d0f734eb0889719bad8ce3f9ca420b
Author: Bruce Schuchardt <bs...@pivotal.io>
AuthorDate: Thu Jun 18 10:42:41 2020 -0700
GEODE-8277: acceptance test certificates expired in Dockerized SNI acceptance tests (#5274)
The old keystores have expired. I've generated 100 year keystores and added a
program to recreate them if necessary.
(cherry picked from commit a6640d71e1b2aca2f7f2f861508162f08691891d)
---
.../client/sni/GenerateSNIKeyAndTrustStores.java | 79 +++++++++++++++++++++
.../sni/geode-config/locator-maeve-keystore.jks | Bin 3525 -> 3529 bytes
.../geode-config/server-clementine-keystore.jks | Bin 3537 -> 3537 bytes
.../sni/geode-config/server-dolores-keystore.jks | Bin 3528 -> 3533 bytes
.../geode/client/sni/geode-config/truststore.jks | Bin 1126 -> 1129 bytes
.../org/apache/geode/cache/ssl/CertStores.java | 4 +-
6 files changed, 81 insertions(+), 2 deletions(-)
diff --git a/geode-assembly/src/acceptanceTest/java/org/apache/geode/client/sni/GenerateSNIKeyAndTrustStores.java b/geode-assembly/src/acceptanceTest/java/org/apache/geode/client/sni/GenerateSNIKeyAndTrustStores.java
new file mode 100644
index 0000000..1e5168c
--- /dev/null
+++ b/geode-assembly/src/acceptanceTest/java/org/apache/geode/client/sni/GenerateSNIKeyAndTrustStores.java
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.client.sni;
+
+import java.io.File;
+import java.net.InetAddress;
+import java.net.URL;
+
+import org.apache.geode.cache.ssl.CertStores;
+import org.apache.geode.cache.ssl.CertificateBuilder;
+import org.apache.geode.cache.ssl.CertificateMaterial;
+
+/**
+ * This program generates the trust and key stores used by SNI acceptance tests.
+ * The stores have a 100 year expiration date, but if you need to generate new ones
+ * use this program, modified as necessary to correct problems, to generate new
+ * stores.
+ */
+public class GenerateSNIKeyAndTrustStores {
+
+ public static void main(String... args) throws Exception {
+ new GenerateSNIKeyAndTrustStores().generateStores();
+ }
+
+ public void generateStores() throws Exception {
+ CertificateMaterial ca = new CertificateBuilder(365 * 100, "SHA256withRSA")
+ .commonName("Test CA")
+ .isCA()
+ .generate();
+
+ final String resourceFilename = "geode-config/gemfire.properties";
+ final URL resource = SingleServerSNIAcceptanceTest.class.getResource(resourceFilename);
+ String path = resource.getPath();
+ path = path.substring(0, path.length() - "gemfire.properties".length());
+
+ boolean trustStoreCreated = false;
+
+ for (String certName : new String[] {"locator-maeve", "server-clementine", "server-dolores"}) {
+ CertificateMaterial certificate = new CertificateBuilder(365 * 100, "SHA256withRSA")
+ .commonName(certName)
+ .issuedBy(ca)
+ .sanDnsName("geode") // for inside the docker container
+ .sanDnsName("localhost") // for inside the docker container
+ .sanIpAddress(InetAddress.getByName("0.0.0.0")) // for inside the docker container
+ .sanDnsName(certName) // for client endpoint validation
+ .generate();
+
+ CertStores store = new CertStores(certName);
+ store.withCertificate("locator-maeve", certificate);
+ store.trust("ca", ca);
+
+ File keyStoreFile = new File(path + certName + "-keystore.jks");
+ keyStoreFile.createNewFile();
+ store.createKeyStore(keyStoreFile.getAbsolutePath(), "geode");
+ System.out.println("created " + keyStoreFile.getAbsolutePath());
+
+ if (!trustStoreCreated) {
+ File trustStoreFile = new File(path + "truststore.jks");
+ trustStoreFile.createNewFile();
+ store.createTrustStore(trustStoreFile.getPath(), "geode");
+ System.out.println("created " + trustStoreFile.getAbsolutePath());
+ trustStoreCreated = true;
+ }
+ }
+ }
+
+}
diff --git a/geode-assembly/src/acceptanceTest/resources/org/apache/geode/client/sni/geode-config/locator-maeve-keystore.jks b/geode-assembly/src/acceptanceTest/resources/org/apache/geode/client/sni/geode-config/locator-maeve-keystore.jks
index 95caaec..ec2feb8 100644
Binary files a/geode-assembly/src/acceptanceTest/resources/org/apache/geode/client/sni/geode-config/locator-maeve-keystore.jks and b/geode-assembly/src/acceptanceTest/resources/org/apache/geode/client/sni/geode-config/locator-maeve-keystore.jks differ
diff --git a/geode-assembly/src/acceptanceTest/resources/org/apache/geode/client/sni/geode-config/server-clementine-keystore.jks b/geode-assembly/src/acceptanceTest/resources/org/apache/geode/client/sni/geode-config/server-clementine-keystore.jks
index 6716704..626269d 100644
Binary files a/geode-assembly/src/acceptanceTest/resources/org/apache/geode/client/sni/geode-config/server-clementine-keystore.jks and b/geode-assembly/src/acceptanceTest/resources/org/apache/geode/client/sni/geode-config/server-clementine-keystore.jks differ
diff --git a/geode-assembly/src/acceptanceTest/resources/org/apache/geode/client/sni/geode-config/server-dolores-keystore.jks b/geode-assembly/src/acceptanceTest/resources/org/apache/geode/client/sni/geode-config/server-dolores-keystore.jks
index f00aeac..54de8d6 100644
Binary files a/geode-assembly/src/acceptanceTest/resources/org/apache/geode/client/sni/geode-config/server-dolores-keystore.jks and b/geode-assembly/src/acceptanceTest/resources/org/apache/geode/client/sni/geode-config/server-dolores-keystore.jks differ
diff --git a/geode-assembly/src/acceptanceTest/resources/org/apache/geode/client/sni/geode-config/truststore.jks b/geode-assembly/src/acceptanceTest/resources/org/apache/geode/client/sni/geode-config/truststore.jks
index a7563df..a381a9a 100644
Binary files a/geode-assembly/src/acceptanceTest/resources/org/apache/geode/client/sni/geode-config/truststore.jks and b/geode-assembly/src/acceptanceTest/resources/org/apache/geode/client/sni/geode-config/truststore.jks differ
diff --git a/geode-junit/src/main/java/org/apache/geode/cache/ssl/CertStores.java b/geode-junit/src/main/java/org/apache/geode/cache/ssl/CertStores.java
index a72c2fe..9ee19a3 100644
--- a/geode-junit/src/main/java/org/apache/geode/cache/ssl/CertStores.java
+++ b/geode-junit/src/main/java/org/apache/geode/cache/ssl/CertStores.java
@@ -131,7 +131,7 @@ public class CertStores {
return sslConfigs;
}
- private void createTrustStore(String filename, String password)
+ public void createTrustStore(String filename, String password)
throws GeneralSecurityException, IOException {
KeyStore ks = KeyStore.getInstance("JKS");
try (InputStream in = Files.newInputStream(Paths.get(filename))) {
@@ -148,7 +148,7 @@ public class CertStores {
}
}
- private void createKeyStore(String filename, String password)
+ public void createKeyStore(String filename, String password)
throws GeneralSecurityException, IOException {
KeyStore ks = createEmptyKeyStore();