You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@asterixdb.apache.org by mh...@apache.org on 2019/03/02 21:21:06 UTC

[asterixdb] branch master updated: [ASTERIXDB-2490][NET] Allow Private Key Entries With Password

This is an automated email from the ASF dual-hosted git repository.

mhubail pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/asterixdb.git


The following commit(s) were added to refs/heads/master by this push:
     new 3f118df  [ASTERIXDB-2490][NET] Allow Private Key Entries With Password
3f118df is described below

commit 3f118df7ef651a52d28458c4197b52aff0115a5c
Author: Murtadha Hubail <mh...@apache.org>
AuthorDate: Sat Mar 2 03:59:23 2019 +0300

    [ASTERIXDB-2490][NET] Allow Private Key Entries With Password
    
    - user model changes: no
    - storage format changes: no
    - interface changes: no
    
    Details:
    - Currently, it is assumed that private key entries will always
      have a blank password. This change changes that by using the
      keystore passed password as the private key entry password.
    - Ensure trust store password property is set to to allow the
      usage of password protected trust stores.
    - Fix NCConfig keyStorePath/trustStorePath setter to set the
      values for the current node.
    - Update test cases private key entries to have password.
    
    Change-Id: I204aa31006c6d3db65909248e55dd901029887fe
    Reviewed-on: https://asterix-gerrit.ics.uci.edu/3239
    Sonar-Qube: Jenkins <je...@fulliautomatix.ics.uci.edu>
    Integration-Tests: Jenkins <je...@fulliautomatix.ics.uci.edu>
    Tested-by: Jenkins <je...@fulliautomatix.ics.uci.edu>
    Contrib: Jenkins <je...@fulliautomatix.ics.uci.edu>
    Reviewed-by: Michael Blow <mb...@apache.org>
---
 .../asterix-app/src/test/resources/security/cc/cc.jks | Bin 2310 -> 2310 bytes
 .../asterix-app/src/test/resources/security/cc/cc.p12 | Bin 2565 -> 2565 bytes
 .../src/test/resources/security/nc1/asterix_nc1.jks   | Bin 2320 -> 2320 bytes
 .../src/test/resources/security/nc1/asterix_nc1.p12   | Bin 2573 -> 2573 bytes
 .../src/test/resources/security/nc2/asterix_nc2.jks   | Bin 2322 -> 2322 bytes
 .../src/test/resources/security/nc2/asterix_nc2.p12   | Bin 2573 -> 2573 bytes
 .../hyracks/control/common/controllers/NCConfig.java  |   4 ++--
 .../hyracks/ipc/security/NetworkSecurityManager.java  |   3 ++-
 8 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/asterixdb/asterix-app/src/test/resources/security/cc/cc.jks b/asterixdb/asterix-app/src/test/resources/security/cc/cc.jks
index 242d615..7aca187 100644
Binary files a/asterixdb/asterix-app/src/test/resources/security/cc/cc.jks and b/asterixdb/asterix-app/src/test/resources/security/cc/cc.jks differ
diff --git a/asterixdb/asterix-app/src/test/resources/security/cc/cc.p12 b/asterixdb/asterix-app/src/test/resources/security/cc/cc.p12
index 855170f..751bb8e 100644
Binary files a/asterixdb/asterix-app/src/test/resources/security/cc/cc.p12 and b/asterixdb/asterix-app/src/test/resources/security/cc/cc.p12 differ
diff --git a/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.jks b/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.jks
index d6d3844..ecbde7e 100644
Binary files a/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.jks and b/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.jks differ
diff --git a/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.p12 b/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.p12
index 315da67..0736eae 100644
Binary files a/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.p12 and b/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.p12 differ
diff --git a/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.jks b/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.jks
index 90c5591..df4f83f 100644
Binary files a/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.jks and b/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.jks differ
diff --git a/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.p12 b/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.p12
index c93b7c9..4839db9 100644
Binary files a/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.p12 and b/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.p12 differ
diff --git a/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-common/src/main/java/org/apache/hyracks/control/common/controllers/NCConfig.java b/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-common/src/main/java/org/apache/hyracks/control/common/controllers/NCConfig.java
index acfa394..3619cbb 100644
--- a/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-common/src/main/java/org/apache/hyracks/control/common/controllers/NCConfig.java
+++ b/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-common/src/main/java/org/apache/hyracks/control/common/controllers/NCConfig.java
@@ -565,7 +565,7 @@ public class NCConfig extends ControllerConfig {
     }
 
     public void setKeyStorePath(String keyStorePath) {
-        configManager.set(Option.KEY_STORE_PATH, keyStorePath);
+        configManager.set(nodeId, Option.KEY_STORE_PATH, keyStorePath);
     }
 
     public String getTrustStorePath() {
@@ -573,6 +573,6 @@ public class NCConfig extends ControllerConfig {
     }
 
     public void setTrustStorePath(String keyStorePath) {
-        configManager.set(CCConfig.Option.TRUST_STORE_PATH, keyStorePath);
+        configManager.set(nodeId, Option.TRUST_STORE_PATH, keyStorePath);
     }
 }
diff --git a/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java b/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
index 310eee5..0c8d429 100644
--- a/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
+++ b/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
@@ -43,6 +43,7 @@ public class NetworkSecurityManager implements INetworkSecurityManager {
         this.config = config;
         if (config.isSslEnabled()) {
             System.setProperty("javax.net.ssl.trustStore", config.getTrustStoreFile().getAbsolutePath());
+            System.setProperty("javax.net.ssl.trustStorePassword", config.getKeyStorePassword());
         }
         sslSocketFactory = new SslSocketChannelFactory(this);
     }
@@ -58,7 +59,7 @@ public class NetworkSecurityManager implements INetworkSecurityManager {
             final String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
             KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(defaultAlgorithm);
             TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm);
-            keyManagerFactory.init(engineKeyStore, "".toCharArray());
+            keyManagerFactory.init(engineKeyStore, password);
             final KeyStore trustStore = loadTrustStoreFromFile(password);
             trustManagerFactory.init(trustStore);
             SSLContext ctx = SSLContext.getInstance(TSL_VERSION);