You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@asterixdb.apache.org by mh...@apache.org on 2019/03/02 21:21:06 UTC
[asterixdb] branch master updated: [ASTERIXDB-2490][NET] Allow
Private Key Entries With Password
This is an automated email from the ASF dual-hosted git repository.
mhubail pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/asterixdb.git
The following commit(s) were added to refs/heads/master by this push:
new 3f118df [ASTERIXDB-2490][NET] Allow Private Key Entries With Password
3f118df is described below
commit 3f118df7ef651a52d28458c4197b52aff0115a5c
Author: Murtadha Hubail <mh...@apache.org>
AuthorDate: Sat Mar 2 03:59:23 2019 +0300
[ASTERIXDB-2490][NET] Allow Private Key Entries With Password
- user model changes: no
- storage format changes: no
- interface changes: no
Details:
- Currently, it is assumed that private key entries will always
have a blank password. This change changes that by using the
keystore passed password as the private key entry password.
- Ensure trust store password property is set to to allow the
usage of password protected trust stores.
- Fix NCConfig keyStorePath/trustStorePath setter to set the
values for the current node.
- Update test cases private key entries to have password.
Change-Id: I204aa31006c6d3db65909248e55dd901029887fe
Reviewed-on: https://asterix-gerrit.ics.uci.edu/3239
Sonar-Qube: Jenkins <je...@fulliautomatix.ics.uci.edu>
Integration-Tests: Jenkins <je...@fulliautomatix.ics.uci.edu>
Tested-by: Jenkins <je...@fulliautomatix.ics.uci.edu>
Contrib: Jenkins <je...@fulliautomatix.ics.uci.edu>
Reviewed-by: Michael Blow <mb...@apache.org>
---
.../asterix-app/src/test/resources/security/cc/cc.jks | Bin 2310 -> 2310 bytes
.../asterix-app/src/test/resources/security/cc/cc.p12 | Bin 2565 -> 2565 bytes
.../src/test/resources/security/nc1/asterix_nc1.jks | Bin 2320 -> 2320 bytes
.../src/test/resources/security/nc1/asterix_nc1.p12 | Bin 2573 -> 2573 bytes
.../src/test/resources/security/nc2/asterix_nc2.jks | Bin 2322 -> 2322 bytes
.../src/test/resources/security/nc2/asterix_nc2.p12 | Bin 2573 -> 2573 bytes
.../hyracks/control/common/controllers/NCConfig.java | 4 ++--
.../hyracks/ipc/security/NetworkSecurityManager.java | 3 ++-
8 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/asterixdb/asterix-app/src/test/resources/security/cc/cc.jks b/asterixdb/asterix-app/src/test/resources/security/cc/cc.jks
index 242d615..7aca187 100644
Binary files a/asterixdb/asterix-app/src/test/resources/security/cc/cc.jks and b/asterixdb/asterix-app/src/test/resources/security/cc/cc.jks differ
diff --git a/asterixdb/asterix-app/src/test/resources/security/cc/cc.p12 b/asterixdb/asterix-app/src/test/resources/security/cc/cc.p12
index 855170f..751bb8e 100644
Binary files a/asterixdb/asterix-app/src/test/resources/security/cc/cc.p12 and b/asterixdb/asterix-app/src/test/resources/security/cc/cc.p12 differ
diff --git a/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.jks b/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.jks
index d6d3844..ecbde7e 100644
Binary files a/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.jks and b/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.jks differ
diff --git a/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.p12 b/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.p12
index 315da67..0736eae 100644
Binary files a/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.p12 and b/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.p12 differ
diff --git a/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.jks b/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.jks
index 90c5591..df4f83f 100644
Binary files a/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.jks and b/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.jks differ
diff --git a/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.p12 b/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.p12
index c93b7c9..4839db9 100644
Binary files a/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.p12 and b/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.p12 differ
diff --git a/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-common/src/main/java/org/apache/hyracks/control/common/controllers/NCConfig.java b/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-common/src/main/java/org/apache/hyracks/control/common/controllers/NCConfig.java
index acfa394..3619cbb 100644
--- a/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-common/src/main/java/org/apache/hyracks/control/common/controllers/NCConfig.java
+++ b/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-common/src/main/java/org/apache/hyracks/control/common/controllers/NCConfig.java
@@ -565,7 +565,7 @@ public class NCConfig extends ControllerConfig {
}
public void setKeyStorePath(String keyStorePath) {
- configManager.set(Option.KEY_STORE_PATH, keyStorePath);
+ configManager.set(nodeId, Option.KEY_STORE_PATH, keyStorePath);
}
public String getTrustStorePath() {
@@ -573,6 +573,6 @@ public class NCConfig extends ControllerConfig {
}
public void setTrustStorePath(String keyStorePath) {
- configManager.set(CCConfig.Option.TRUST_STORE_PATH, keyStorePath);
+ configManager.set(nodeId, Option.TRUST_STORE_PATH, keyStorePath);
}
}
diff --git a/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java b/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
index 310eee5..0c8d429 100644
--- a/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
+++ b/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
@@ -43,6 +43,7 @@ public class NetworkSecurityManager implements INetworkSecurityManager {
this.config = config;
if (config.isSslEnabled()) {
System.setProperty("javax.net.ssl.trustStore", config.getTrustStoreFile().getAbsolutePath());
+ System.setProperty("javax.net.ssl.trustStorePassword", config.getKeyStorePassword());
}
sslSocketFactory = new SslSocketChannelFactory(this);
}
@@ -58,7 +59,7 @@ public class NetworkSecurityManager implements INetworkSecurityManager {
final String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(defaultAlgorithm);
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm);
- keyManagerFactory.init(engineKeyStore, "".toCharArray());
+ keyManagerFactory.init(engineKeyStore, password);
final KeyStore trustStore = loadTrustStoreFromFile(password);
trustManagerFactory.init(trustStore);
SSLContext ctx = SSLContext.getInstance(TSL_VERSION);