You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@flume.apache.org by rg...@apache.org on 2023/03/22 07:20:31 UTC

[flume] branch trunk updated: FLUME-3460 - create new certs that don't use DSA

This is an automated email from the ASF dual-hosted git repository.

rgoers pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/flume.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 53b6e2804 FLUME-3460 - create new certs that don't use DSA
53b6e2804 is described below

commit 53b6e28040124f70b47d8595aab6a3b603590388
Author: Ralph Goers <rg...@apache.org>
AuthorDate: Wed Mar 22 00:20:17 2023 -0700

    FLUME-3460 - create new certs that don't use DSA
---
 flume-ng-core/src/test/resources/certs/gencerts.sh |  31 +++++++++++++++++++++
 flume-ng-core/src/test/resources/certs/rootca.conf |   9 ++++++
 flume-ng-core/src/test/resources/certs/server.conf |   9 ++++++
 flume-ng-core/src/test/resources/keystorefile.jks  | Bin 1294 -> 3518 bytes
 .../src/test/resources/server.flume-crt.pem        |  17 +++++++++++
 .../src/test/resources/server.flume-keystore.p12   | Bin 0 -> 2447 bytes
 flume-ng-core/src/test/resources/server.flume.pem  |  23 +++++++++++++++
 .../src/test/resources/truststorefile.jks          | Bin 887 -> 775 bytes
 8 files changed, 89 insertions(+)

diff --git a/flume-ng-core/src/test/resources/certs/gencerts.sh b/flume-ng-core/src/test/resources/certs/gencerts.sh
new file mode 100755
index 000000000..0fb0263de
--- /dev/null
+++ b/flume-ng-core/src/test/resources/certs/gencerts.sh
@@ -0,0 +1,31 @@
+mkdir tmp
+rm ../truststorefile.jks
+rm ../keystorefile.jks
+rm ../server.flume-keystore.p12
+# Create the CA key and certificate
+openssl req -config rootca.conf -new -x509 -nodes -keyout tmp/flume-cacert.key -out tmp/flume-ca.crt -days 10960
+# Create the trust store and import the certificate
+keytool -keystore ../truststorefile.jks -storetype jks -importcert -file 'tmp/flume-ca.crt' -keypass password -storepass password -alias flume-cacert -noprompt
+#Import the root certificate
+keytool -keystore ../keystorefile.jks -alias flume-ca -importcert -file tmp/flume-ca.crt -keypass password -storepass password -noprompt
+# Create the client private key in the client key store
+keytool -genkeypair -keyalg RSA -alias client -keystore ../keystorefile.jks -storepass password -keypass password -validity 10960 -keysize 2048 -dname "CN=client.flume, C=US"
+# Create a signing request for the client                         #
+keytool -keystore ../keystorefile.jks -alias client -certreq -file tmp/client.csr -keypass password -storepass password
+# Sign the client certificate
+openssl x509 -req -CA 'tmp/flume-ca.crt' -CAkey 'tmp/flume-cacert.key' -in tmp/client.csr -out tmp/client.crt_signed -days 10960 -CAcreateserial -passin pass:password
+# Verify the signed certificate
+openssl verify -CAfile 'tmp/flume-ca.crt' tmp/client.crt_signed
+#Import the client's signed certificate
+keytool -keystore ../keystorefile.jks -alias client -importcert -file tmp/client.crt_signed -keypass password -storepass password -noprompt
+#Verify the keystore
+keytool -list -v -keystore ../keystorefile.jks -storepass password
+# Create the server private key in the server key store
+keytool -genkeypair -keyalg RSA -alias server -keystore ../server.flume-keystore.p12 -storepass password -storetype PKCS12 -keypass password -validity 10960 -keysize 2048 -dname "CN=server.flume, C=US"
+# Create a signing request for the server                         #
+keytool -keystore ../server.flume-keystore.p12 -alias server -certreq -file tmp/server.csr -keypass password -storepass password
+# Sign the server certificate
+openssl x509 -req -CA 'tmp/flume-ca.crt' -CAkey 'tmp/flume-cacert.key' -in tmp/server.csr -out ../server.flume-crt.pem -days 10960 -CAcreateserial -passin pass:password
+# Extract the private key
+openssl pkcs12 -in ../server.flume-keystore.p12 -passin pass:password -nokeys -out ../server.flume.pem
+rm -rf tmp
diff --git a/flume-ng-core/src/test/resources/certs/rootca.conf b/flume-ng-core/src/test/resources/certs/rootca.conf
new file mode 100644
index 000000000..722e9c39b
--- /dev/null
+++ b/flume-ng-core/src/test/resources/certs/rootca.conf
@@ -0,0 +1,9 @@
+[ req ]
+distinguished_name = CA_DN 
+prompt             = no
+output_password    = password
+default_bits       = 2048
+
+[ CA_DN ]
+C  = US
+CN = flume-ca
diff --git a/flume-ng-core/src/test/resources/certs/server.conf b/flume-ng-core/src/test/resources/certs/server.conf
new file mode 100644
index 000000000..7a9fb5835
--- /dev/null
+++ b/flume-ng-core/src/test/resources/certs/server.conf
@@ -0,0 +1,9 @@
+[ req ]
+distinguished_name = CA_DN 
+prompt             = no
+output_password    = password
+default_bits       = 2048
+
+[ CA_DN ]
+C  = US
+CN = server.flume
diff --git a/flume-ng-core/src/test/resources/keystorefile.jks b/flume-ng-core/src/test/resources/keystorefile.jks
index 20ac6a816..d62e95792 100644
Binary files a/flume-ng-core/src/test/resources/keystorefile.jks and b/flume-ng-core/src/test/resources/keystorefile.jks differ
diff --git a/flume-ng-core/src/test/resources/server.flume-crt.pem b/flume-ng-core/src/test/resources/server.flume-crt.pem
new file mode 100644
index 000000000..9e3774427
--- /dev/null
+++ b/flume-ng-core/src/test/resources/server.flume-crt.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwjCCAaoCCQD8AQyla5FbDjANBgkqhkiG9w0BAQsFADAgMQswCQYDVQQGEwJV
+UzERMA8GA1UEAwwIZmx1bWUtY2EwIBcNMjMwMzIyMDAyODM0WhgPMjA1MzAzMjQw
+MDI4MzRaMCQxCzAJBgNVBAYTAlVTMRUwEwYDVQQDEwxzZXJ2ZXIuZmx1bWUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEEAUShlX2lWDYiEgcZL1JzWFw
+auNkdxOGo1DtD3YaZdrU1GS2UwspLm0qcSFEF1Sx6uVTABdgjZGnxJLSTJkabVu/
+iMuP+EQrE/4AWJoyuuaYMSG0EGeP+mttTtLHYyt/k9NJkABYxFZkNqdDuo+lF/Vs
+QdW3icym0vqMwiIvE+VKw9j3F+zFZizfx6MiBH0uuNrXHFCNUg52/cbeyiXO1mks
+yruOV+PF8/44zAepjLWiJgp7Wo6ejXmLvR+k68RwB5V7fXrzPYueM9GQDmLffkdO
+ZhrcafiRFGlzWSmC820Eb2b5+cVnm96XAlUXE5ao5o58oMmcufMnJ5k2UbFJAgMB
+AAEwDQYJKoZIhvcNAQELBQADggEBAHBGpqraT39aw/HVrJdmpsw8CwSmdiir+NYk
+5PprbIKAyf/P/9ObKcqesO8d8CQZVvzzm+Ok2rgcALDIl/TbbAVUPizIrN4AiH+Z
+BPOqDFF4taWkw73iMDiq61QS8SpJIOxxmL8PsK5eefuABrpumnVgW5X9BT/uMIqW
+NOwiyII3NVvtlErcdAL/ZTYWc3S8CEWVRc88ZpIBSLB4/tqQbPM+m+ZtYMSKi3Sh
+ugOjonPuteeQqu6R7HRYOajepKdGe048Moq90v0IrDI8v+rbezLFpEWOnG0fUDEq
+LfA9l7e/q1ukXRW4ccJWZWXLrZbEbX5hJeTlyYhHciwB5jfueMM=
+-----END CERTIFICATE-----
diff --git a/flume-ng-core/src/test/resources/server.flume-keystore.p12 b/flume-ng-core/src/test/resources/server.flume-keystore.p12
new file mode 100644
index 000000000..da51f355d
Binary files /dev/null and b/flume-ng-core/src/test/resources/server.flume-keystore.p12 differ
diff --git a/flume-ng-core/src/test/resources/server.flume.pem b/flume-ng-core/src/test/resources/server.flume.pem
new file mode 100644
index 000000000..6bc71ed79
--- /dev/null
+++ b/flume-ng-core/src/test/resources/server.flume.pem
@@ -0,0 +1,23 @@
+Bag Attributes
+    friendlyName: server
+    localKeyID: 54 69 6D 65 20 31 36 37 39 34 34 34 39 31 33 33 33 39 
+subject=/C=US/CN=server.flume
+issuer=/C=US/CN=server.flume
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAdGgAwIBAgIEMlDgqzANBgkqhkiG9w0BAQsFADAkMQswCQYDVQQGEwJV
+UzEVMBMGA1UEAxMMc2VydmVyLmZsdW1lMCAXDTIzMDMyMjAwMjgzM1oYDzIwNTMw
+MzI0MDAyODMzWjAkMQswCQYDVQQGEwJVUzEVMBMGA1UEAxMMc2VydmVyLmZsdW1l
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBAFEoZV9pVg2IhIHGS9
+Sc1hcGrjZHcThqNQ7Q92GmXa1NRktlMLKS5tKnEhRBdUserlUwAXYI2Rp8SS0kyZ
+Gm1bv4jLj/hEKxP+AFiaMrrmmDEhtBBnj/prbU7Sx2Mrf5PTSZAAWMRWZDanQ7qP
+pRf1bEHVt4nMptL6jMIiLxPlSsPY9xfsxWYs38ejIgR9Lrja1xxQjVIOdv3G3sol
+ztZpLMq7jlfjxfP+OMwHqYy1oiYKe1qOno15i70fpOvEcAeVe3168z2LnjPRkA5i
+335HTmYa3Gn4kRRpc1kpgvNtBG9m+fnFZ5velwJVFxOWqOaOfKDJnLnzJyeZNlGx
+SQIDAQABoyEwHzAdBgNVHQ4EFgQUClD6FZ+qPIFrtBaz0swRTtWt1WEwDQYJKoZI
+hvcNAQELBQADggEBALuX9E+tRWvvA9uULj9Iq+k9iUNMQzkmyzXGu7hY46ZU9lx+
+fNnLZq82zz9rHq8IhK4HsLIsPCLfNeXwG/TNR4zUHKI53lzkburxgu76soMUDbHX
+8udyUgrs0YjQcppw6IOOmlZtgNeF2nu7jeoXrCaA07yXzehAqukHv7glWaV3oORc
+rDkZvHfJ2G7hPbUYYIeouJsbG9rNukNPOY9JEYGFYzDxZ8hlFt7Lp/icbdpjFGDV
+tkMtPpVz59B47j/Kk/k5zxaDLnD42svL8GByyM5UxvAqAlYnfMKiZqXfY0JbCpMC
+e9Z5xOyt9F8NLFyjRsmBlJD61LuLb8hAZK/Ho70=
+-----END CERTIFICATE-----
diff --git a/flume-ng-core/src/test/resources/truststorefile.jks b/flume-ng-core/src/test/resources/truststorefile.jks
index a98c4907e..a0c3a49ac 100644
Binary files a/flume-ng-core/src/test/resources/truststorefile.jks and b/flume-ng-core/src/test/resources/truststorefile.jks differ