You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by ar...@apache.org on 2013/09/24 02:57:44 UTC
svn commit: r1525759 - in
/hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common: ./
src/main/docs/ src/main/java/ src/main/java/org/apache/hadoop/fs/shell/
src/main/java/org/apache/hadoop/security/ssl/ src/site/apt/ src/test/core/
src/t...
Author: arp
Date: Tue Sep 24 00:57:43 2013
New Revision: 1525759
URL: http://svn.apache.org/r1525759
Log:
Merging r1525409 through r1525758 from trunk to branch HDFS-2832
Modified:
hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/CHANGES.txt (contents, props changed)
hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/main/docs/ (props changed)
hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/main/java/ (props changed)
hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/SetReplication.java
hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/FileBasedKeyStoresFactory.java
hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/site/apt/FileSystemShell.apt.vm
hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/test/core/ (props changed)
hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/KeyStoreTestUtil.java
hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestSSLFactory.java
hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/test/resources/testConf.xml
Modified: hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1525759&r1=1525758&r2=1525759&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/CHANGES.txt (original)
+++ hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/CHANGES.txt Tue Sep 24 00:57:43 2013
@@ -499,6 +499,9 @@ Release 2.1.1-beta - 2013-09-23
HADOOP-9961. versions of a few transitive dependencies diverged between hadoop
subprojects. (rvs via tucu)
+ HADOOP-9977. Hadoop services won't start with different keypass and
+ keystorepass when https is enabled. (cnauroth)
+
Release 2.1.0-beta - 2013-08-22
INCOMPATIBLE CHANGES
Propchange: hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/CHANGES.txt
------------------------------------------------------------------------------
Merged /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt:r1525409-1525758
Propchange: hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/main/docs/
------------------------------------------------------------------------------
Merged /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/docs:r1525409-1525758
Propchange: hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/main/java/
------------------------------------------------------------------------------
Merged /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java:r1525409-1525758
Modified: hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/SetReplication.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/SetReplication.java?rev=1525759&r1=1525758&r2=1525759&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/SetReplication.java (original)
+++ hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/shell/SetReplication.java Tue Sep 24 00:57:43 2013
@@ -39,11 +39,14 @@ class SetReplication extends FsCommand {
}
public static final String NAME = "setrep";
- public static final String USAGE = "[-R] [-w] <rep> <path/file> ...";
+ public static final String USAGE = "[-R] [-w] <rep> <path> ...";
public static final String DESCRIPTION =
- "Set the replication level of a file.\n" +
- "The -R flag requests a recursive change of replication level\n" +
- "for an entire tree.";
+ "Set the replication level of a file. If <path> is a directory\n" +
+ "then the command recursively changes the replication factor of\n" +
+ "all files under the directory tree rooted at <path>.\n" +
+ "The -w flag requests that the command wait for the replication\n" +
+ "to complete. This can potentially take a very long time.\n" +
+ "The -R flag is accepted for backwards compatibility. It has no effect.";
protected short newRep = 0;
protected List<PathData> waitList = new LinkedList<PathData>();
@@ -54,7 +57,7 @@ class SetReplication extends FsCommand {
CommandFormat cf = new CommandFormat(2, Integer.MAX_VALUE, "R", "w");
cf.parse(args);
waitOpt = cf.getOpt("w");
- setRecursive(cf.getOpt("R"));
+ setRecursive(true);
try {
newRep = Short.parseShort(args.removeFirst());
@@ -126,4 +129,4 @@ class SetReplication extends FsCommand {
out.println(" done");
}
}
-}
\ No newline at end of file
+}
Modified: hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/FileBasedKeyStoresFactory.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/FileBasedKeyStoresFactory.java?rev=1525759&r1=1525758&r2=1525759&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/FileBasedKeyStoresFactory.java (original)
+++ hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/FileBasedKeyStoresFactory.java Tue Sep 24 00:57:43 2013
@@ -53,6 +53,8 @@ public class FileBasedKeyStoresFactory i
"ssl.{0}.keystore.location";
public static final String SSL_KEYSTORE_PASSWORD_TPL_KEY =
"ssl.{0}.keystore.password";
+ public static final String SSL_KEYSTORE_KEYPASSWORD_TPL_KEY =
+ "ssl.{0}.keystore.keypassword";
public static final String SSL_KEYSTORE_TYPE_TPL_KEY =
"ssl.{0}.keystore.type";
@@ -136,7 +138,7 @@ public class FileBasedKeyStoresFactory i
conf.get(resolvePropertyName(mode, SSL_KEYSTORE_TYPE_TPL_KEY),
DEFAULT_KEYSTORE_TYPE);
KeyStore keystore = KeyStore.getInstance(keystoreType);
- String keystorePassword = null;
+ String keystoreKeyPassword = null;
if (requireClientCert || mode == SSLFactory.Mode.SERVER) {
String locationProperty =
resolvePropertyName(mode, SSL_KEYSTORE_LOCATION_TPL_KEY);
@@ -147,11 +149,17 @@ public class FileBasedKeyStoresFactory i
}
String passwordProperty =
resolvePropertyName(mode, SSL_KEYSTORE_PASSWORD_TPL_KEY);
- keystorePassword = conf.get(passwordProperty, "");
+ String keystorePassword = conf.get(passwordProperty, "");
if (keystorePassword.isEmpty()) {
throw new GeneralSecurityException("The property '" + passwordProperty +
"' has not been set in the ssl configuration file.");
}
+ String keyPasswordProperty =
+ resolvePropertyName(mode, SSL_KEYSTORE_KEYPASSWORD_TPL_KEY);
+ // Key password defaults to the same value as store password for
+ // compatibility with legacy configurations that did not use a separate
+ // configuration property for key password.
+ keystoreKeyPassword = conf.get(keyPasswordProperty, keystorePassword);
LOG.debug(mode.toString() + " KeyStore: " + keystoreLocation);
InputStream is = new FileInputStream(keystoreLocation);
@@ -167,8 +175,8 @@ public class FileBasedKeyStoresFactory i
KeyManagerFactory keyMgrFactory = KeyManagerFactory
.getInstance(SSLFactory.SSLCERTIFICATE);
- keyMgrFactory.init(keystore, (keystorePassword != null) ?
- keystorePassword.toCharArray() : null);
+ keyMgrFactory.init(keystore, (keystoreKeyPassword != null) ?
+ keystoreKeyPassword.toCharArray() : null);
keyManagers = keyMgrFactory.getKeyManagers();
//trust store
Modified: hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/site/apt/FileSystemShell.apt.vm
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/site/apt/FileSystemShell.apt.vm?rev=1525759&r1=1525758&r2=1525759&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/site/apt/FileSystemShell.apt.vm (original)
+++ hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/site/apt/FileSystemShell.apt.vm Tue Sep 24 00:57:43 2013
@@ -381,17 +381,22 @@ rmr
setrep
- Usage: <<<hdfs dfs -setrep [-R] <path> >>>
+ Usage: <<<hdfs dfs -setrep [-R] [-w] <numRepicas> <path> >>>
- Changes the replication factor of a file.
+ Changes the replication factor of a file. If <path> is a directory then
+ the command recursively changes the replication factor of all files under
+ the directory tree rooted at <path>.
Options:
- * The -R option will recursively increase the replication factor of files within a directory.
+ * The -w flag requests that the command wait for the replication
+ to complete. This can potentially take a very long time.
+
+ * The -R flag is accepted for backwards compatibility. It has no effect.
Example:
- * <<<hdfs dfs -setrep -w 3 -R /user/hadoop/dir1>>>
+ * <<<hdfs dfs -setrep -w 3 /user/hadoop/dir1>>>
Exit Code:
Propchange: hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/test/core/
------------------------------------------------------------------------------
Merged /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/test/core:r1525409-1525758
Modified: hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/KeyStoreTestUtil.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/KeyStoreTestUtil.java?rev=1525759&r1=1525758&r2=1525759&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/KeyStoreTestUtil.java (original)
+++ hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/KeyStoreTestUtil.java Tue Sep 24 00:57:43 2013
@@ -145,6 +145,28 @@ public class KeyStoreTestUtil {
saveKeyStore(ks, filename, password);
}
+ /**
+ * Creates a keystore with a single key and saves it to a file.
+ *
+ * @param filename String file to save
+ * @param password String store password to set on keystore
+ * @param keyPassword String key password to set on key
+ * @param alias String alias to use for the key
+ * @param privateKey Key to save in keystore
+ * @param cert Certificate to use as certificate chain associated to key
+ * @throws GeneralSecurityException for any error with the security APIs
+ * @throws IOException if there is an I/O error saving the file
+ */
+ public static void createKeyStore(String filename,
+ String password, String keyPassword, String alias,
+ Key privateKey, Certificate cert)
+ throws GeneralSecurityException, IOException {
+ KeyStore ks = createEmptyKeyStore();
+ ks.setKeyEntry(alias, privateKey, keyPassword.toCharArray(),
+ new Certificate[]{cert});
+ saveKeyStore(ks, filename, password);
+ }
+
public static void createTrustStore(String filename,
String password, String alias,
Certificate cert)
@@ -178,6 +200,19 @@ public class KeyStoreTestUtil {
f.delete();
}
+ /**
+ * Performs complete setup of SSL configuration in preparation for testing an
+ * SSLFactory. This includes keys, certs, keystores, truststores, the server
+ * SSL configuration file, the client SSL configuration file, and the master
+ * configuration file read by the SSLFactory.
+ *
+ * @param keystoresDir String directory to save keystores
+ * @param sslConfDir String directory to save SSL configuration files
+ * @param conf Configuration master configuration to be used by an SSLFactory,
+ * which will be mutated by this method
+ * @param useClientCert boolean true to make the client present a cert in the
+ * SSL handshake
+ */
public static void setupSSLConfig(String keystoresDir, String sslConfDir,
Configuration conf, boolean useClientCert)
throws Exception {
@@ -213,58 +248,115 @@ public class KeyStoreTestUtil {
KeyStoreTestUtil.createTrustStore(trustKS, trustPassword, certs);
- Configuration clientSSLConf = new Configuration(false);
- clientSSLConf.set(FileBasedKeyStoresFactory.resolvePropertyName(
- SSLFactory.Mode.CLIENT,
- FileBasedKeyStoresFactory.SSL_KEYSTORE_LOCATION_TPL_KEY), clientKS);
- clientSSLConf.set(FileBasedKeyStoresFactory.resolvePropertyName(
- SSLFactory.Mode.CLIENT,
- FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY), clientPassword);
- clientSSLConf.set(FileBasedKeyStoresFactory.resolvePropertyName(
- SSLFactory.Mode.CLIENT,
- FileBasedKeyStoresFactory.SSL_TRUSTSTORE_LOCATION_TPL_KEY), trustKS);
- clientSSLConf.set(FileBasedKeyStoresFactory.resolvePropertyName(
- SSLFactory.Mode.CLIENT,
- FileBasedKeyStoresFactory.SSL_TRUSTSTORE_PASSWORD_TPL_KEY), trustPassword);
- clientSSLConf.set(FileBasedKeyStoresFactory.resolvePropertyName(
- SSLFactory.Mode.CLIENT,
- FileBasedKeyStoresFactory.SSL_TRUSTSTORE_RELOAD_INTERVAL_TPL_KEY), "1000");
+ Configuration clientSSLConf = createClientSSLConfig(clientKS, clientPassword,
+ clientPassword, trustKS);
+ Configuration serverSSLConf = createServerSSLConfig(serverKS, serverPassword,
+ serverPassword, trustKS);
- Configuration serverSSLConf = new Configuration(false);
- serverSSLConf.set(FileBasedKeyStoresFactory.resolvePropertyName(
- SSLFactory.Mode.SERVER,
- FileBasedKeyStoresFactory.SSL_KEYSTORE_LOCATION_TPL_KEY), serverKS);
- serverSSLConf.set(FileBasedKeyStoresFactory.resolvePropertyName(
- SSLFactory.Mode.SERVER,
- FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY), serverPassword);
- serverSSLConf.set(FileBasedKeyStoresFactory.resolvePropertyName(
- SSLFactory.Mode.SERVER,
- FileBasedKeyStoresFactory.SSL_TRUSTSTORE_LOCATION_TPL_KEY), trustKS);
- serverSSLConf.set(FileBasedKeyStoresFactory.resolvePropertyName(
- SSLFactory.Mode.SERVER,
- FileBasedKeyStoresFactory.SSL_TRUSTSTORE_PASSWORD_TPL_KEY), trustPassword);
- serverSSLConf.set(FileBasedKeyStoresFactory.resolvePropertyName(
- SSLFactory.Mode.SERVER,
- FileBasedKeyStoresFactory.SSL_TRUSTSTORE_RELOAD_INTERVAL_TPL_KEY), "1000");
+ saveConfig(sslClientConfFile, clientSSLConf);
+ saveConfig(sslServerConfFile, serverSSLConf);
- Writer writer = new FileWriter(sslClientConfFile);
- try {
- clientSSLConf.writeXml(writer);
- } finally {
- writer.close();
+ conf.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, "ALLOW_ALL");
+ conf.set(SSLFactory.SSL_CLIENT_CONF_KEY, sslClientConfFile.getName());
+ conf.set(SSLFactory.SSL_SERVER_CONF_KEY, sslServerConfFile.getName());
+ conf.setBoolean(SSLFactory.SSL_REQUIRE_CLIENT_CERT_KEY, useClientCert);
+ }
+
+ /**
+ * Creates SSL configuration for a client.
+ *
+ * @param clientKS String client keystore file
+ * @param password String store password, or null to avoid setting store
+ * password
+ * @param keyPassword String key password, or null to avoid setting key
+ * password
+ * @param trustKS String truststore file
+ * @return Configuration for client SSL
+ */
+ public static Configuration createClientSSLConfig(String clientKS,
+ String password, String keyPassword, String trustKS) {
+ Configuration clientSSLConf = createSSLConfig(SSLFactory.Mode.CLIENT,
+ clientKS, password, keyPassword, trustKS);
+ return clientSSLConf;
+ }
+
+ /**
+ * Creates SSL configuration for a server.
+ *
+ * @param serverKS String server keystore file
+ * @param password String store password, or null to avoid setting store
+ * password
+ * @param keyPassword String key password, or null to avoid setting key
+ * password
+ * @param trustKS String truststore file
+ * @return Configuration for server SSL
+ */
+ public static Configuration createServerSSLConfig(String serverKS,
+ String password, String keyPassword, String trustKS) throws IOException {
+ Configuration serverSSLConf = createSSLConfig(SSLFactory.Mode.SERVER,
+ serverKS, password, keyPassword, trustKS);
+ return serverSSLConf;
+ }
+
+ /**
+ * Creates SSL configuration.
+ *
+ * @param mode SSLFactory.Mode mode to configure
+ * @param keystore String keystore file
+ * @param password String store password, or null to avoid setting store
+ * password
+ * @param keyPassword String key password, or null to avoid setting key
+ * password
+ * @param trustKS String truststore file
+ * @return Configuration for SSL
+ */
+ private static Configuration createSSLConfig(SSLFactory.Mode mode,
+ String keystore, String password, String keyPassword, String trustKS) {
+ String trustPassword = "trustP";
+
+ Configuration sslConf = new Configuration(false);
+ if (keystore != null) {
+ sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
+ FileBasedKeyStoresFactory.SSL_KEYSTORE_LOCATION_TPL_KEY), keystore);
+ }
+ if (password != null) {
+ sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
+ FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY), password);
}
+ if (keyPassword != null) {
+ sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
+ FileBasedKeyStoresFactory.SSL_KEYSTORE_KEYPASSWORD_TPL_KEY),
+ keyPassword);
+ }
+ if (trustKS != null) {
+ sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
+ FileBasedKeyStoresFactory.SSL_TRUSTSTORE_LOCATION_TPL_KEY), trustKS);
+ }
+ if (trustPassword != null) {
+ sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
+ FileBasedKeyStoresFactory.SSL_TRUSTSTORE_PASSWORD_TPL_KEY),
+ trustPassword);
+ }
+ sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
+ FileBasedKeyStoresFactory.SSL_TRUSTSTORE_RELOAD_INTERVAL_TPL_KEY), "1000");
- writer = new FileWriter(sslServerConfFile);
+ return sslConf;
+ }
+
+ /**
+ * Saves configuration to a file.
+ *
+ * @param file File to save
+ * @param conf Configuration contents to write to file
+ * @throws IOException if there is an I/O error saving the file
+ */
+ public static void saveConfig(File file, Configuration conf)
+ throws IOException {
+ Writer writer = new FileWriter(file);
try {
- serverSSLConf.writeXml(writer);
+ conf.writeXml(writer);
} finally {
writer.close();
}
-
- conf.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, "ALLOW_ALL");
- conf.set(SSLFactory.SSL_CLIENT_CONF_KEY, sslClientConfFile.getName());
- conf.set(SSLFactory.SSL_SERVER_CONF_KEY, sslServerConfFile.getName());
- conf.setBoolean(SSLFactory.SSL_REQUIRE_CLIENT_CERT_KEY, useClientCert);
}
-
}
Modified: hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestSSLFactory.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestSSLFactory.java?rev=1525759&r1=1525758&r2=1525759&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestSSLFactory.java (original)
+++ hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestSSLFactory.java Tue Sep 24 00:57:43 2013
@@ -29,12 +29,19 @@ import javax.net.ssl.HttpsURLConnection;
import java.io.File;
import java.net.URL;
import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Map;
public class TestSSLFactory {
private static final String BASEDIR =
System.getProperty("test.build.dir", "target/test-dir") + "/" +
TestSSLFactory.class.getSimpleName();
+ private static final String KEYSTORES_DIR =
+ new File(BASEDIR).getAbsolutePath();
+ private String sslConfsDir;
@BeforeClass
public static void setUp() throws Exception {
@@ -46,18 +53,16 @@ public class TestSSLFactory {
private Configuration createConfiguration(boolean clientCert)
throws Exception {
Configuration conf = new Configuration();
- String keystoresDir = new File(BASEDIR).getAbsolutePath();
- String sslConfsDir = KeyStoreTestUtil.getClasspathDir(TestSSLFactory.class);
- KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfsDir, conf, clientCert);
+ KeyStoreTestUtil.setupSSLConfig(KEYSTORES_DIR, sslConfsDir, conf,
+ clientCert);
return conf;
}
@After
@Before
public void cleanUp() throws Exception {
- String keystoresDir = new File(BASEDIR).getAbsolutePath();
- String sslConfsDir = KeyStoreTestUtil.getClasspathDir(TestSSLFactory.class);
- KeyStoreTestUtil.cleanupSSLConfig(keystoresDir, sslConfsDir);
+ sslConfsDir = KeyStoreTestUtil.getClasspathDir(TestSSLFactory.class);
+ KeyStoreTestUtil.cleanupSSLConfig(KEYSTORES_DIR, sslConfsDir);
}
@Test(expected = IllegalStateException.class)
@@ -181,4 +186,90 @@ public class TestSSLFactory {
}
}
+ @Test
+ public void testServerDifferentPasswordAndKeyPassword() throws Exception {
+ checkSSLFactoryInitWithPasswords(SSLFactory.Mode.SERVER, "password",
+ "keyPassword", "password", "keyPassword");
+ }
+
+ @Test
+ public void testServerKeyPasswordDefaultsToPassword() throws Exception {
+ checkSSLFactoryInitWithPasswords(SSLFactory.Mode.SERVER, "password",
+ "password", "password", null);
+ }
+
+ @Test
+ public void testClientDifferentPasswordAndKeyPassword() throws Exception {
+ checkSSLFactoryInitWithPasswords(SSLFactory.Mode.CLIENT, "password",
+ "keyPassword", "password", "keyPassword");
+ }
+
+ @Test
+ public void testClientKeyPasswordDefaultsToPassword() throws Exception {
+ checkSSLFactoryInitWithPasswords(SSLFactory.Mode.CLIENT, "password",
+ "password", "password", null);
+ }
+
+ /**
+ * Checks that SSLFactory initialization is successful with the given
+ * arguments. This is a helper method for writing test cases that cover
+ * different combinations of settings for the store password and key password.
+ * It takes care of bootstrapping a keystore, a truststore, and SSL client or
+ * server configuration. Then, it initializes an SSLFactory. If no exception
+ * is thrown, then initialization was successful.
+ *
+ * @param mode SSLFactory.Mode mode to test
+ * @param password String store password to set on keystore
+ * @param keyPassword String key password to set on keystore
+ * @param confPassword String store password to set in SSL config file, or null
+ * to avoid setting in SSL config file
+ * @param confKeyPassword String key password to set in SSL config file, or
+ * null to avoid setting in SSL config file
+ * @throws Exception for any error
+ */
+ private void checkSSLFactoryInitWithPasswords(SSLFactory.Mode mode,
+ String password, String keyPassword, String confPassword,
+ String confKeyPassword) throws Exception {
+ String keystore = new File(KEYSTORES_DIR, "keystore.jks").getAbsolutePath();
+ String truststore = new File(KEYSTORES_DIR, "truststore.jks")
+ .getAbsolutePath();
+ String trustPassword = "trustP";
+
+ // Create keys, certs, keystore, and truststore.
+ KeyPair keyPair = KeyStoreTestUtil.generateKeyPair("RSA");
+ X509Certificate cert = KeyStoreTestUtil.generateCertificate("CN=Test",
+ keyPair, 30, "SHA1withRSA");
+ KeyStoreTestUtil.createKeyStore(keystore, password, keyPassword, "Test",
+ keyPair.getPrivate(), cert);
+ Map<String, X509Certificate> certs = Collections.singletonMap("server",
+ cert);
+ KeyStoreTestUtil.createTrustStore(truststore, trustPassword, certs);
+
+ // Create SSL configuration file, for either server or client.
+ final String sslConfFileName;
+ final Configuration sslConf;
+ if (mode == SSLFactory.Mode.SERVER) {
+ sslConfFileName = "ssl-server.xml";
+ sslConf = KeyStoreTestUtil.createServerSSLConfig(keystore, confPassword,
+ confKeyPassword, truststore);
+ } else {
+ sslConfFileName = "ssl-client.xml";
+ sslConf = KeyStoreTestUtil.createClientSSLConfig(keystore, confPassword,
+ confKeyPassword, truststore);
+ }
+ KeyStoreTestUtil.saveConfig(new File(sslConfsDir, sslConfFileName), sslConf);
+
+ // Create the master configuration for use by the SSLFactory, which by
+ // default refers to the ssl-server.xml or ssl-client.xml created above.
+ Configuration conf = new Configuration();
+ conf.setBoolean(SSLFactory.SSL_REQUIRE_CLIENT_CERT_KEY, true);
+
+ // Try initializing an SSLFactory.
+ SSLFactory sslFactory = new SSLFactory(mode, conf);
+ try {
+ sslFactory.init();
+ } finally {
+ sslFactory.destroy();
+ }
+ }
}
Modified: hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/test/resources/testConf.xml
URL: http://svn.apache.org/viewvc/hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/test/resources/testConf.xml?rev=1525759&r1=1525758&r2=1525759&view=diff
==============================================================================
--- hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/test/resources/testConf.xml (original)
+++ hadoop/common/branches/HDFS-2832/hadoop-common-project/hadoop-common/src/test/resources/testConf.xml Tue Sep 24 00:57:43 2013
@@ -601,16 +601,28 @@
<comparators>
<comparator>
<type>RegexpComparator</type>
- <expected-output>^-setrep \[-R\] \[-w\] <rep> <path/file> \.\.\.:( |\t)*Set the replication level of a file.( )*</expected-output>
+ <expected-output>^-setrep \[-R\] \[-w\] <rep> <path> \.\.\.:( |\t)*Set the replication level of a file. If <path> is a directory( )*</expected-output>
</comparator>
<comparator>
<type>RegexpComparator</type>
- <expected-output>^( |\t)*The -R flag requests a recursive change of replication level( )*</expected-output>
+ <expected-output>^( |\t)*then the command recursively changes the replication factor of( )*</expected-output>
</comparator>
<comparator>
<type>RegexpComparator</type>
- <expected-output>^( |\t)*for an entire tree.( )*</expected-output>
+ <expected-output>^( |\t)*all files under the directory tree rooted at <path>\.( )*</expected-output>
</comparator>
+ <comparator>
+ <type>RegexpComparator</type>
+ <expected-output>^( |\t)*The -w flag requests that the command wait for the replication( )*</expected-output>
+ </comparator>
+ <comparator>
+ <type>RegexpComparator</type>
+ <expected-output>^( |\t)*to complete. This can potentially take a very long time\.( )*</expected-output>
+ </comparator>
+ <comparator>
+ <type>RegexpComparator</type>
+ <expected-output>^( |\t)*The -R flag is accepted for backwards compatibility\. It has no effect\.( )*</expected-output>
+ </comparator>
</comparators>
</test>