org.apache.hadoop.security.ssl.SSLFactory Java Examples

The following examples show how to use org.apache.hadoop.security.ssl.SSLFactory. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KerberosWebHDFSConnection2.java    From Transwarp-Sample-Code with MIT License 6 votes vote down vote up
public KerberosWebHDFSConnection2(String httpfsUrl, String principal, String password)  {
        this.httpfsUrl = httpfsUrl;
        this.principal = principal;
        this.password = password;

        Configuration conf = new Configuration();
        conf.addResource("conf/hdfs-site.xml");
        conf.addResource("conf/core-site.xml");
        newToken = new AuthenticatedURL.Token();

        KerberosAuthenticator ka = new KerberosAuthenticator();
        ConnectionConfigurator connectionConfigurator = new SSLFactory(SSLFactory.Mode.CLIENT,conf);
        ka.setConnectionConfigurator(connectionConfigurator);

        try{
            URL url = new URL(httpfsUrl);
            ka.authenticate(url,newToken);
        }catch(Exception e){
            e.printStackTrace();
        }


         this.authenticatedURL = new AuthenticatedURL(ka,connectionConfigurator);
//        this.authenticatedURL = new AuthenticatedURL(
//                new KerberosAuthenticator2(principal, password));
    }
 
Example #2
Source File: TestHBaseTestingUtility.java    From hbase with Apache License 2.0 6 votes vote down vote up
@Test
public void testMiniClusterWithSSLOn() throws Exception {
  final String BASEDIR = System.getProperty("test.build.dir",
      "target/test-dir") + "/" + TestHBaseTestingUtility.class.getSimpleName();
  String sslConfDir = KeyStoreTestUtil.getClasspathDir(TestHBaseTestingUtility.class);
  String keystoresDir = new File(BASEDIR).getAbsolutePath();

  HBaseTestingUtility hbt = new HBaseTestingUtility();
  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();

  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, hbt.getConfiguration(), false);

  hbt.getConfiguration().set("hbase.ssl.enabled", "true");
  hbt.getConfiguration().addResource(hbt.getConfiguration().get(SSLFactory.SSL_CLIENT_CONF_KEY));
  hbt.getConfiguration().addResource(hbt.getConfiguration().get(SSLFactory.SSL_SERVER_CONF_KEY));

  MiniHBaseCluster cluster = hbt.startMiniCluster();
  try {
    assertEquals(1, cluster.getLiveRegionServerThreads().size());
  } finally {
    hbt.shutdownMiniCluster();
  }
}
 
Example #3
Source File: TajoPullServerService.java    From tajo with Apache License 2.0 5 votes vote down vote up
public HttpChannelInitializer(TajoConf conf) throws Exception {
  PullServer = new PullServer(conf);
  if (conf.getBoolVar(ConfVars.SHUFFLE_SSL_ENABLED_KEY)) {
    sslFactory = new SSLFactory(SSLFactory.Mode.SERVER, conf);
    sslFactory.init();
  }
}
 
Example #4
Source File: ShuffleHandler.java    From tez with Apache License 2.0 5 votes vote down vote up
public HttpPipelineFactory(Configuration conf, Timer timer) throws Exception {
  SHUFFLE = getShuffle(conf);
  if (conf.getBoolean(SHUFFLE_SSL_ENABLED_KEY,
                      SHUFFLE_SSL_ENABLED_DEFAULT)) {
    LOG.info("Encrypted shuffle is enabled.");
    sslFactory = new SSLFactory(SSLFactory.Mode.SERVER, conf);
    sslFactory.init();
  }
  this.idleStateHandler = new IdleStateHandler(timer, 0, connectionKeepAliveTimeOut, 0);
}
 
Example #5
Source File: PullServerAuxService.java    From incubator-tajo with Apache License 2.0 5 votes vote down vote up
public HttpPipelineFactory(Configuration conf) throws Exception {
  PullServer = new PullServer(conf);
  if (conf.getBoolean(ConfVars.SHUFFLE_SSL_ENABLED_KEY.varname,
      ConfVars.SHUFFLE_SSL_ENABLED_KEY.defaultBoolVal)) {
    sslFactory = new SSLFactory(SSLFactory.Mode.SERVER, conf);
    sslFactory.init();
  }
}
 
Example #6
Source File: TajoPullServerService.java    From incubator-tajo with Apache License 2.0 5 votes vote down vote up
public HttpPipelineFactory(Configuration conf) throws Exception {
  PullServer = new PullServer(conf);
  if (conf.getBoolean(ConfVars.SHUFFLE_SSL_ENABLED_KEY.varname,
      ConfVars.SHUFFLE_SSL_ENABLED_KEY.defaultBoolVal)) {
    sslFactory = new SSLFactory(SSLFactory.Mode.SERVER, conf);
    sslFactory.init();
  }
}
 
Example #7
Source File: HttpServer2.java    From knox with Apache License 2.0 5 votes vote down vote up
/**
 * Load SSL properties from the SSL configuration.
 */
@SuppressForbidden
private void loadSSLConfiguration() throws IOException {
  if (sslConf == null) {
    return;
  }
  needsClientAuth = sslConf.getBoolean(
      SSLFactory.SSL_SERVER_NEED_CLIENT_AUTH,
      SSLFactory.SSL_SERVER_NEED_CLIENT_AUTH_DEFAULT);
  keyStore = sslConf.getTrimmed(SSLFactory.SSL_SERVER_KEYSTORE_LOCATION);
  if (keyStore == null || keyStore.isEmpty()) {
    throw new IOException(String.format("Property %s not specified",
        SSLFactory.SSL_SERVER_KEYSTORE_LOCATION));
  }
  keyStorePassword = getPasswordString(sslConf,
      SSLFactory.SSL_SERVER_KEYSTORE_PASSWORD);
  if (keyStorePassword == null) {
    throw new IOException(String.format("Property %s not specified",
        SSLFactory.SSL_SERVER_KEYSTORE_PASSWORD));
  }
  keyStoreType = sslConf.get(SSLFactory.SSL_SERVER_KEYSTORE_TYPE,
      SSLFactory.SSL_SERVER_KEYSTORE_TYPE_DEFAULT);
  keyPassword = getPasswordString(sslConf,
      SSLFactory.SSL_SERVER_KEYSTORE_KEYPASSWORD);
  trustStore = sslConf.get(SSLFactory.SSL_SERVER_TRUSTSTORE_LOCATION);
  trustStorePassword = getPasswordString(sslConf,
      SSLFactory.SSL_SERVER_TRUSTSTORE_PASSWORD);
  trustStoreType = sslConf.get(SSLFactory.SSL_SERVER_TRUSTSTORE_TYPE,
      SSLFactory.SSL_SERVER_TRUSTSTORE_TYPE_DEFAULT);
  excludeCiphers = sslConf.get(SSLFactory.SSL_SERVER_EXCLUDE_CIPHER_LIST);
}
 
Example #8
Source File: HttpServer2.java    From knox with Apache License 2.0 5 votes vote down vote up
/**
 * Load SSL properties from the SSL configuration.
 */
@SuppressForbidden
private void loadSSLConfiguration() throws IOException {
  if (sslConf == null) {
    return;
  }
  needsClientAuth = sslConf.getBoolean(
      SSLFactory.SSL_SERVER_NEED_CLIENT_AUTH,
      SSLFactory.SSL_SERVER_NEED_CLIENT_AUTH_DEFAULT);
  keyStore = sslConf.getTrimmed(SSLFactory.SSL_SERVER_KEYSTORE_LOCATION);
  if (keyStore == null || keyStore.isEmpty()) {
    throw new IOException(String.format("Property %s not specified",
        SSLFactory.SSL_SERVER_KEYSTORE_LOCATION));
  }
  keyStorePassword = getPasswordString(sslConf,
      SSLFactory.SSL_SERVER_KEYSTORE_PASSWORD);
  if (keyStorePassword == null) {
    throw new IOException(String.format("Property %s not specified",
        SSLFactory.SSL_SERVER_KEYSTORE_PASSWORD));
  }
  keyStoreType = sslConf.get(SSLFactory.SSL_SERVER_KEYSTORE_TYPE,
      SSLFactory.SSL_SERVER_KEYSTORE_TYPE_DEFAULT);
  keyPassword = getPasswordString(sslConf,
      SSLFactory.SSL_SERVER_KEYSTORE_KEYPASSWORD);
  trustStore = sslConf.get(SSLFactory.SSL_SERVER_TRUSTSTORE_LOCATION);
  trustStorePassword = getPasswordString(sslConf,
      SSLFactory.SSL_SERVER_TRUSTSTORE_PASSWORD);
  trustStoreType = sslConf.get(SSLFactory.SSL_SERVER_TRUSTSTORE_TYPE,
      SSLFactory.SSL_SERVER_TRUSTSTORE_TYPE_DEFAULT);
  excludeCiphers = sslConf.get(SSLFactory.SSL_SERVER_EXCLUDE_CIPHER_LIST);
}
 
Example #9
Source File: KeyStoreTestUtil.java    From hbase with Apache License 2.0 5 votes vote down vote up
/**
 * Creates SSL configuration.
 *
 * @param mode SSLFactory.Mode mode to configure
 * @param keystore String keystore file
 * @param password String store password, or null to avoid setting store
 *   password
 * @param keyPassword String key password, or null to avoid setting key
 *   password
 * @param trustKS String truststore file
 * @return Configuration for SSL
 */
private static Configuration createSSLConfig(SSLFactory.Mode mode,
    String keystore, String password, String keyPassword, String trustKS) {
  String trustPassword = "trustP";

  Configuration sslConf = new Configuration(false);
  if (keystore != null) {
    sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
      FileBasedKeyStoresFactory.SSL_KEYSTORE_LOCATION_TPL_KEY), keystore);
  }
  if (password != null) {
    sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
      FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY), password);
  }
  if (keyPassword != null) {
    sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
      FileBasedKeyStoresFactory.SSL_KEYSTORE_KEYPASSWORD_TPL_KEY),
      keyPassword);
  }
  if (trustKS != null) {
    sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
      FileBasedKeyStoresFactory.SSL_TRUSTSTORE_LOCATION_TPL_KEY), trustKS);
  }
  if (trustPassword != null) {
    sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
      FileBasedKeyStoresFactory.SSL_TRUSTSTORE_PASSWORD_TPL_KEY),
      trustPassword);
  }
  sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
    FileBasedKeyStoresFactory.SSL_TRUSTSTORE_RELOAD_INTERVAL_TPL_KEY), "1000");

  return sslConf;
}
 
Example #10
Source File: TestSSLHttpServer.java    From hbase with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setup() throws Exception {

  HTU = new HBaseCommonTestingUtility();
  serverConf = HTU.getConfiguration();

  serverConf.setInt(HttpServer.HTTP_MAX_THREADS, TestHttpServer.MAX_THREADS);

  keystoresDir = new File(HTU.getDataTestDir("keystore").toString());
  keystoresDir.mkdirs();

  sslConfDir = KeyStoreTestUtil.getClasspathDir(TestSSLHttpServer.class);

  KeyStoreTestUtil.setupSSLConfig(keystoresDir.getAbsolutePath(), sslConfDir, serverConf, false);
  Configuration clientConf = new Configuration(false);
  clientConf.addResource(serverConf.get(SSLFactory.SSL_CLIENT_CONF_KEY));
  serverConf.addResource(serverConf.get(SSLFactory.SSL_SERVER_CONF_KEY));
  clientConf.set(SSLFactory.SSL_CLIENT_CONF_KEY, serverConf.get(SSLFactory.SSL_CLIENT_CONF_KEY));
  
  clientSslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, clientConf);
  clientSslFactory.init();

  server = new HttpServer.Builder()
    .setName("test")
    .addEndpoint(new URI("https://localhost"))
    .setConf(serverConf)
    .keyPassword(HBaseConfiguration.getPassword(serverConf, "ssl.server.keystore.keypassword",
      null))
    .keyStore(serverConf.get("ssl.server.keystore.location"),
      HBaseConfiguration.getPassword(serverConf, "ssl.server.keystore.password", null),
      clientConf.get("ssl.server.keystore.type", "jks"))
    .trustStore(serverConf.get("ssl.server.truststore.location"),
      HBaseConfiguration.getPassword(serverConf, "ssl.server.truststore.password", null),
      serverConf.get("ssl.server.truststore.type", "jks")).build();
  server.addUnprivilegedServlet("echo", "/echo", TestHttpServer.EchoServlet.class);
  server.start();
  baseUrl = new URL("https://"
    + NetUtils.getHostPortString(server.getConnectorAddress(0)));
  LOG.info("HTTP server started: " + baseUrl);
}
 
Example #11
Source File: TestLogLevel.java    From hbase with Apache License 2.0 5 votes vote down vote up
/**
 * Get the SSL configuration.
 * This method is copied from KeyStoreTestUtil#getSslConfig() in Hadoop.
 * @return {@link Configuration} instance with ssl configs loaded.
 * @param conf to pull client/server SSL settings filename from
 */
private static Configuration getSslConfig(Configuration conf){
  Configuration sslConf = new Configuration(false);
  String sslServerConfFile = conf.get(SSLFactory.SSL_SERVER_CONF_KEY);
  String sslClientConfFile =  conf.get(SSLFactory.SSL_CLIENT_CONF_KEY);
  sslConf.addResource(sslServerConfFile);
  sslConf.addResource(sslClientConfFile);
  sslConf.set(SSLFactory.SSL_SERVER_CONF_KEY, sslServerConfFile);
  sslConf.set(SSLFactory.SSL_CLIENT_CONF_KEY, sslClientConfFile);
  return sslConf;
}
 
Example #12
Source File: TajoPullServerService.java    From tajo with Apache License 2.0 5 votes vote down vote up
public HttpChannelInitializer(TajoConf conf) throws Exception {
  PullServer = new PullServer(conf);
  if (conf.getBoolVar(ConfVars.SHUFFLE_SSL_ENABLED_KEY)) {
    sslFactory = new SSLFactory(SSLFactory.Mode.SERVER, conf);
    sslFactory.init();
  }
}
 
Example #13
Source File: HttpServer2.java    From hadoop-ozone with Apache License 2.0 5 votes vote down vote up
/**
 * Load SSL properties from the SSL configuration.
 */
private void loadSSLConfiguration() throws IOException {
  if (sslConf == null) {
    return;
  }
  needsClientAuth = sslConf.getBoolean(
      SSLFactory.SSL_SERVER_NEED_CLIENT_AUTH,
      SSLFactory.SSL_SERVER_NEED_CLIENT_AUTH_DEFAULT);
  keyStore = sslConf.getTrimmed(SSLFactory.SSL_SERVER_KEYSTORE_LOCATION);
  if (keyStore == null || keyStore.isEmpty()) {
    throw new IOException(String.format("Property %s not specified",
        SSLFactory.SSL_SERVER_KEYSTORE_LOCATION));
  }
  keyStorePassword = getPasswordString(sslConf,
      SSLFactory.SSL_SERVER_KEYSTORE_PASSWORD);
  if (keyStorePassword == null) {
    throw new IOException(String.format("Property %s not specified",
        SSLFactory.SSL_SERVER_KEYSTORE_PASSWORD));
  }
  keyStoreType = sslConf.get(SSLFactory.SSL_SERVER_KEYSTORE_TYPE,
      SSLFactory.SSL_SERVER_KEYSTORE_TYPE_DEFAULT);
  keyPassword = getPasswordString(sslConf,
      SSLFactory.SSL_SERVER_KEYSTORE_KEYPASSWORD);
  trustStore = sslConf.get(SSLFactory.SSL_SERVER_TRUSTSTORE_LOCATION);
  trustStorePassword = getPasswordString(sslConf,
      SSLFactory.SSL_SERVER_TRUSTSTORE_PASSWORD);
  trustStoreType = sslConf.get(SSLFactory.SSL_SERVER_TRUSTSTORE_TYPE,
      SSLFactory.SSL_SERVER_TRUSTSTORE_TYPE_DEFAULT);
  excludeCiphers = sslConf.get(SSLFactory.SSL_SERVER_EXCLUDE_CIPHER_LIST);
}
 
Example #14
Source File: BaseSecurityTest.java    From incubator-atlas with Apache License 2.0 5 votes vote down vote up
protected PropertiesConfiguration getSSLConfiguration(String providerUrl) {
    String projectBaseDirectory = System.getProperty("projectBaseDir");
    final PropertiesConfiguration configuration = new PropertiesConfiguration();
    configuration.setProperty("atlas.services.enabled", false);
    configuration.setProperty(TLS_ENABLED, true);
    configuration.setProperty(TRUSTSTORE_FILE_KEY, projectBaseDirectory + "/webapp/target/atlas.keystore");
    configuration.setProperty(KEYSTORE_FILE_KEY, projectBaseDirectory + "/webapp/target/atlas.keystore");
    configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
    configuration.setProperty(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY,
            SSLHostnameVerifier.DEFAULT_AND_LOCALHOST.toString());
    return  configuration;
}
 
Example #15
Source File: HttpServer2.java    From lucene-solr with Apache License 2.0 5 votes vote down vote up
/**
 * Load SSL properties from the SSL configuration.
 */
private void loadSSLConfiguration() throws IOException {
  if (sslConf == null) {
    return;
  }
  needsClientAuth = sslConf.getBoolean(
      SSLFactory.SSL_SERVER_NEED_CLIENT_AUTH,
      SSLFactory.SSL_SERVER_NEED_CLIENT_AUTH_DEFAULT);
  keyStore = sslConf.getTrimmed(SSLFactory.SSL_SERVER_KEYSTORE_LOCATION);
  if (keyStore == null || keyStore.isEmpty()) {
    throw new IOException(String.format(Locale.ROOT, "Property %s not specified",
        SSLFactory.SSL_SERVER_KEYSTORE_LOCATION));
  }
  keyStorePassword = getPasswordString(sslConf,
      SSLFactory.SSL_SERVER_KEYSTORE_PASSWORD);
  if (keyStorePassword == null) {
    throw new IOException(String.format(Locale.ROOT, "Property %s not specified",
        SSLFactory.SSL_SERVER_KEYSTORE_PASSWORD));
  }
  keyStoreType = sslConf.get(SSLFactory.SSL_SERVER_KEYSTORE_TYPE,
      SSLFactory.SSL_SERVER_KEYSTORE_TYPE_DEFAULT);
  keyPassword = getPasswordString(sslConf,
      SSLFactory.SSL_SERVER_KEYSTORE_KEYPASSWORD);
  trustStore = sslConf.get(SSLFactory.SSL_SERVER_TRUSTSTORE_LOCATION);
  trustStorePassword = getPasswordString(sslConf,
      SSLFactory.SSL_SERVER_TRUSTSTORE_PASSWORD);
  trustStoreType = sslConf.get(SSLFactory.SSL_SERVER_TRUSTSTORE_TYPE,
      SSLFactory.SSL_SERVER_TRUSTSTORE_TYPE_DEFAULT);
  excludeCiphers = sslConf.get(SSLFactory.SSL_SERVER_EXCLUDE_CIPHER_LIST);
}
 
Example #16
Source File: TestHttpCookieFlag.java    From big-c with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() throws Exception {
  Configuration conf = new Configuration();
  conf.set(HttpServer2.FILTER_INITIALIZER_PROPERTY,
          DummyFilterInitializer.class.getName());

  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();
  keystoresDir = new File(BASEDIR).getAbsolutePath();
  sslConfDir = KeyStoreTestUtil.getClasspathDir(TestSSLHttpServer.class);

  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);
  Configuration sslConf = new Configuration(false);
  sslConf.addResource("ssl-server.xml");
  sslConf.addResource("ssl-client.xml");

  clientSslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, sslConf);
  clientSslFactory.init();

  server = new HttpServer2.Builder()
          .setName("test")
          .addEndpoint(new URI("http://localhost"))
          .addEndpoint(new URI("https://localhost"))
          .setConf(conf)
          .keyPassword(sslConf.get("ssl.server.keystore.keypassword"))
          .keyStore(sslConf.get("ssl.server.keystore.location"),
                  sslConf.get("ssl.server.keystore.password"),
                  sslConf.get("ssl.server.keystore.type", "jks"))
          .trustStore(sslConf.get("ssl.server.truststore.location"),
                  sslConf.get("ssl.server.truststore.password"),
                  sslConf.get("ssl.server.truststore.type", "jks")).build();
  server.addServlet("echo", "/echo", TestHttpServer.EchoServlet.class);
  server.start();
}
 
Example #17
Source File: TestSSLHttpServer.java    From big-c with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setup() throws Exception {
  conf = new Configuration();
  conf.setInt(HttpServer2.HTTP_MAX_THREADS, 10);

  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();
  keystoresDir = new File(BASEDIR).getAbsolutePath();
  sslConfDir = KeyStoreTestUtil.getClasspathDir(TestSSLHttpServer.class);

  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);
  Configuration sslConf = new Configuration(false);
  sslConf.addResource("ssl-server.xml");
  sslConf.addResource("ssl-client.xml");

  clientSslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, sslConf);
  clientSslFactory.init();

  server = new HttpServer2.Builder()
      .setName("test")
      .addEndpoint(new URI("https://localhost"))
      .setConf(conf)
      .keyPassword(sslConf.get("ssl.server.keystore.keypassword"))
      .keyStore(sslConf.get("ssl.server.keystore.location"),
          sslConf.get("ssl.server.keystore.password"),
          sslConf.get("ssl.server.keystore.type", "jks"))
      .trustStore(sslConf.get("ssl.server.truststore.location"),
          sslConf.get("ssl.server.truststore.password"),
          sslConf.get("ssl.server.truststore.type", "jks")).build();
  server.addServlet("echo", "/echo", TestHttpServer.EchoServlet.class);
  server.addServlet("longheader", "/longheader", LongHeaderServlet.class);
  server.start();
  baseUrl = new URL("https://"
      + NetUtils.getHostPortString(server.getConnectorAddress(0)));
  LOG.info("HTTP server started: " + baseUrl);
}
 
Example #18
Source File: ShuffleHandler.java    From big-c with Apache License 2.0 5 votes vote down vote up
public HttpPipelineFactory(Configuration conf) throws Exception {
  SHUFFLE = getShuffle(conf);
  if (conf.getBoolean(MRConfig.SHUFFLE_SSL_ENABLED_KEY,
                      MRConfig.SHUFFLE_SSL_ENABLED_DEFAULT)) {
    LOG.info("Encrypted shuffle is enabled.");
    sslFactory = new SSLFactory(SSLFactory.Mode.SERVER, conf);
    sslFactory.init();
  }
}
 
Example #19
Source File: TestHttpCookieFlag.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() throws Exception {
  Configuration conf = new Configuration();
  conf.set(HttpServer2.FILTER_INITIALIZER_PROPERTY,
          DummyFilterInitializer.class.getName());

  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();
  keystoresDir = new File(BASEDIR).getAbsolutePath();
  sslConfDir = KeyStoreTestUtil.getClasspathDir(TestSSLHttpServer.class);

  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);
  Configuration sslConf = new Configuration(false);
  sslConf.addResource("ssl-server.xml");
  sslConf.addResource("ssl-client.xml");

  clientSslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, sslConf);
  clientSslFactory.init();

  server = new HttpServer2.Builder()
          .setName("test")
          .addEndpoint(new URI("http://localhost"))
          .addEndpoint(new URI("https://localhost"))
          .setConf(conf)
          .keyPassword(sslConf.get("ssl.server.keystore.keypassword"))
          .keyStore(sslConf.get("ssl.server.keystore.location"),
                  sslConf.get("ssl.server.keystore.password"),
                  sslConf.get("ssl.server.keystore.type", "jks"))
          .trustStore(sslConf.get("ssl.server.truststore.location"),
                  sslConf.get("ssl.server.truststore.password"),
                  sslConf.get("ssl.server.truststore.type", "jks")).build();
  server.addServlet("echo", "/echo", TestHttpServer.EchoServlet.class);
  server.start();
}
 
Example #20
Source File: TestSSLHttpServer.java    From hadoop with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setup() throws Exception {
  conf = new Configuration();
  conf.setInt(HttpServer2.HTTP_MAX_THREADS, 10);

  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();
  keystoresDir = new File(BASEDIR).getAbsolutePath();
  sslConfDir = KeyStoreTestUtil.getClasspathDir(TestSSLHttpServer.class);

  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);
  Configuration sslConf = new Configuration(false);
  sslConf.addResource("ssl-server.xml");
  sslConf.addResource("ssl-client.xml");

  clientSslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, sslConf);
  clientSslFactory.init();

  server = new HttpServer2.Builder()
      .setName("test")
      .addEndpoint(new URI("https://localhost"))
      .setConf(conf)
      .keyPassword(sslConf.get("ssl.server.keystore.keypassword"))
      .keyStore(sslConf.get("ssl.server.keystore.location"),
          sslConf.get("ssl.server.keystore.password"),
          sslConf.get("ssl.server.keystore.type", "jks"))
      .trustStore(sslConf.get("ssl.server.truststore.location"),
          sslConf.get("ssl.server.truststore.password"),
          sslConf.get("ssl.server.truststore.type", "jks")).build();
  server.addServlet("echo", "/echo", TestHttpServer.EchoServlet.class);
  server.addServlet("longheader", "/longheader", LongHeaderServlet.class);
  server.start();
  baseUrl = new URL("https://"
      + NetUtils.getHostPortString(server.getConnectorAddress(0)));
  LOG.info("HTTP server started: " + baseUrl);
}
 
Example #21
Source File: ShuffleHandler.java    From hadoop with Apache License 2.0 5 votes vote down vote up
public HttpPipelineFactory(Configuration conf) throws Exception {
  SHUFFLE = getShuffle(conf);
  if (conf.getBoolean(MRConfig.SHUFFLE_SSL_ENABLED_KEY,
                      MRConfig.SHUFFLE_SSL_ENABLED_DEFAULT)) {
    LOG.info("Encrypted shuffle is enabled.");
    sslFactory = new SSLFactory(SSLFactory.Mode.SERVER, conf);
    sslFactory.init();
  }
}
 
Example #22
Source File: SecureClientUtils.java    From atlas with Apache License 2.0 5 votes vote down vote up
public  URLConnectionClientHandler getUrlConnectionClientHandler() {
    return new URLConnectionClientHandler(new HttpURLConnectionFactory() {
        @Override
        public HttpURLConnection getHttpURLConnection(URL url)
                throws IOException {
            HttpURLConnection connection = (HttpURLConnection) url.openConnection();

            if (connection instanceof HttpsURLConnection) {
                LOG.debug("Attempting to configure HTTPS connection using client "
                        + "configuration");
                final SSLFactory factory;
                final SSLSocketFactory sf;
                final HostnameVerifier hv;

                try {
                    Configuration conf = new Configuration();
                    conf.addResource(conf.get(SSLFactory.SSL_CLIENT_CONF_KEY, SecurityProperties.SSL_CLIENT_PROPERTIES));
                    UserGroupInformation.setConfiguration(conf);

                    HttpsURLConnection c = (HttpsURLConnection) connection;
                    factory = getSSLFactory(conf);
                    sf = factory.createSSLSocketFactory();
                    hv = factory.getHostnameVerifier();
                    c.setSSLSocketFactory(sf);
                    c.setHostnameVerifier(hv);
                } catch (Exception e) {
                    LOG.info("Unable to configure HTTPS connection from "
                            + "configuration.  Leveraging JDK properties.");
                }
            }
            return connection;
        }
    });
}
 
Example #23
Source File: BaseSecurityTest.java    From atlas with Apache License 2.0 5 votes vote down vote up
protected PropertiesConfiguration getSSLConfiguration(String providerUrl) {
    String projectBaseDirectory = System.getProperty("projectBaseDir");
    final PropertiesConfiguration configuration = new PropertiesConfiguration();
    configuration.setProperty("atlas.services.enabled", false);
    configuration.setProperty(TLS_ENABLED, true);
    configuration.setProperty(TRUSTSTORE_FILE_KEY, projectBaseDirectory + "/webapp/target/atlas.keystore");
    configuration.setProperty(KEYSTORE_FILE_KEY, projectBaseDirectory + "/webapp/target/atlas.keystore");
    configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl);
    configuration.setProperty(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY,
            SSLHostnameVerifier.DEFAULT_AND_LOCALHOST.toString());
    return  configuration;
}
 
Example #24
Source File: KMSClientProvider.java    From big-c with Apache License 2.0 4 votes vote down vote up
public KMSClientProvider(URI uri, Configuration conf) throws IOException {
  super(conf);
  kmsUrl = createServiceURL(extractKMSPath(uri));
  if ("https".equalsIgnoreCase(new URL(kmsUrl).getProtocol())) {
    sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf);
    try {
      sslFactory.init();
    } catch (GeneralSecurityException ex) {
      throw new IOException(ex);
    }
  }
  int timeout = conf.getInt(TIMEOUT_ATTR, DEFAULT_TIMEOUT);
  authRetry = conf.getInt(AUTH_RETRY, DEFAULT_AUTH_RETRY);
  configurator = new TimeoutConnConfigurator(timeout, sslFactory);
  encKeyVersionQueue =
      new ValueQueue<KeyProviderCryptoExtension.EncryptedKeyVersion>(
          conf.getInt(
              CommonConfigurationKeysPublic.KMS_CLIENT_ENC_KEY_CACHE_SIZE,
              CommonConfigurationKeysPublic.
                  KMS_CLIENT_ENC_KEY_CACHE_SIZE_DEFAULT),
          conf.getFloat(
              CommonConfigurationKeysPublic.
                  KMS_CLIENT_ENC_KEY_CACHE_LOW_WATERMARK,
              CommonConfigurationKeysPublic.
                  KMS_CLIENT_ENC_KEY_CACHE_LOW_WATERMARK_DEFAULT),
          conf.getInt(
              CommonConfigurationKeysPublic.
                  KMS_CLIENT_ENC_KEY_CACHE_EXPIRY_MS,
              CommonConfigurationKeysPublic.
                  KMS_CLIENT_ENC_KEY_CACHE_EXPIRY_DEFAULT),
          conf.getInt(
              CommonConfigurationKeysPublic.
                  KMS_CLIENT_ENC_KEY_CACHE_NUM_REFILL_THREADS,
              CommonConfigurationKeysPublic.
                  KMS_CLIENT_ENC_KEY_CACHE_NUM_REFILL_THREADS_DEFAULT),
          new EncryptedQueueRefiller());
  authToken = new DelegationTokenAuthenticatedURL.Token();
  actualUgi =
      (UserGroupInformation.getCurrentUser().getAuthenticationMethod() ==
      UserGroupInformation.AuthenticationMethod.PROXY) ? UserGroupInformation
          .getCurrentUser().getRealUser() : UserGroupInformation
          .getCurrentUser();
}
 
Example #25
Source File: KeyStoreTestUtil.java    From hbase with Apache License 2.0 4 votes vote down vote up
/**
 * Performs complete setup of SSL configuration in preparation for testing an
 * SSLFactory.  This includes keys, certs, keystores, truststores, the server
 * SSL configuration file, the client SSL configuration file, and the master
 * configuration file read by the SSLFactory.
 *
 * @param keystoresDir String directory to save keystores
 * @param sslConfDir String directory to save SSL configuration files
 * @param conf Configuration master configuration to be used by an SSLFactory,
 *   which will be mutated by this method
 * @param useClientCert boolean true to make the client present a cert in the
 *   SSL handshake
 */
public static void setupSSLConfig(String keystoresDir, String sslConfDir,
                                  Configuration conf, boolean useClientCert)
  throws Exception {
  String clientKS = keystoresDir + "/clientKS.jks";
  String clientPassword = "clientP";
  String serverKS = keystoresDir + "/serverKS.jks";
  String serverPassword = "serverP";
  String trustKS = keystoresDir + "/trustKS.jks";
  String trustPassword = "trustP";

  File sslClientConfFile = new File(
      sslConfDir + "/ssl-client-" + System.nanoTime() + "-" + HBaseCommonTestingUtility
          .getRandomUUID() + ".xml");
  File sslServerConfFile = new File(
      sslConfDir + "/ssl-server-" + System.nanoTime() + "-" + HBaseCommonTestingUtility
          .getRandomUUID() + ".xml");

  Map<String, X509Certificate> certs = new HashMap<>();

  if (useClientCert) {
    KeyPair cKP = KeyStoreTestUtil.generateKeyPair("RSA");
    X509Certificate cCert =
      KeyStoreTestUtil.generateCertificate("CN=localhost, O=client", cKP, 30,
                                           "SHA1withRSA");
    KeyStoreTestUtil.createKeyStore(clientKS, clientPassword, "client",
                                    cKP.getPrivate(), cCert);
    certs.put("client", cCert);
  }

  KeyPair sKP = KeyStoreTestUtil.generateKeyPair("RSA");
  X509Certificate sCert =
    KeyStoreTestUtil.generateCertificate("CN=localhost, O=server", sKP, 30,
                                         "SHA1withRSA");
  KeyStoreTestUtil.createKeyStore(serverKS, serverPassword, "server",
                                  sKP.getPrivate(), sCert);
  certs.put("server", sCert);

  KeyStoreTestUtil.createTrustStore(trustKS, trustPassword, certs);

  Configuration clientSSLConf = createClientSSLConfig(clientKS, clientPassword,
    clientPassword, trustKS);
  Configuration serverSSLConf = createServerSSLConfig(serverKS, serverPassword,
    serverPassword, trustKS);

  saveConfig(sslClientConfFile, clientSSLConf);
  saveConfig(sslServerConfFile, serverSSLConf);

  conf.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, "ALLOW_ALL");
  conf.set(SSLFactory.SSL_CLIENT_CONF_KEY, sslClientConfFile.getName());
  conf.set(SSLFactory.SSL_SERVER_CONF_KEY, sslServerConfFile.getName());
  conf.set("dfs.https.server.keystore.resource", sslServerConfFile.getName());


  conf.setBoolean(SSLFactory.SSL_REQUIRE_CLIENT_CERT_KEY, useClientCert);
}
 
Example #26
Source File: KMSClientProvider.java    From hadoop with Apache License 2.0 4 votes vote down vote up
public KMSClientProvider(URI uri, Configuration conf) throws IOException {
  super(conf);
  kmsUrl = createServiceURL(extractKMSPath(uri));
  if ("https".equalsIgnoreCase(new URL(kmsUrl).getProtocol())) {
    sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf);
    try {
      sslFactory.init();
    } catch (GeneralSecurityException ex) {
      throw new IOException(ex);
    }
  }
  int timeout = conf.getInt(TIMEOUT_ATTR, DEFAULT_TIMEOUT);
  authRetry = conf.getInt(AUTH_RETRY, DEFAULT_AUTH_RETRY);
  configurator = new TimeoutConnConfigurator(timeout, sslFactory);
  encKeyVersionQueue =
      new ValueQueue<KeyProviderCryptoExtension.EncryptedKeyVersion>(
          conf.getInt(
              CommonConfigurationKeysPublic.KMS_CLIENT_ENC_KEY_CACHE_SIZE,
              CommonConfigurationKeysPublic.
                  KMS_CLIENT_ENC_KEY_CACHE_SIZE_DEFAULT),
          conf.getFloat(
              CommonConfigurationKeysPublic.
                  KMS_CLIENT_ENC_KEY_CACHE_LOW_WATERMARK,
              CommonConfigurationKeysPublic.
                  KMS_CLIENT_ENC_KEY_CACHE_LOW_WATERMARK_DEFAULT),
          conf.getInt(
              CommonConfigurationKeysPublic.
                  KMS_CLIENT_ENC_KEY_CACHE_EXPIRY_MS,
              CommonConfigurationKeysPublic.
                  KMS_CLIENT_ENC_KEY_CACHE_EXPIRY_DEFAULT),
          conf.getInt(
              CommonConfigurationKeysPublic.
                  KMS_CLIENT_ENC_KEY_CACHE_NUM_REFILL_THREADS,
              CommonConfigurationKeysPublic.
                  KMS_CLIENT_ENC_KEY_CACHE_NUM_REFILL_THREADS_DEFAULT),
          new EncryptedQueueRefiller());
  authToken = new DelegationTokenAuthenticatedURL.Token();
  actualUgi =
      (UserGroupInformation.getCurrentUser().getAuthenticationMethod() ==
      UserGroupInformation.AuthenticationMethod.PROXY) ? UserGroupInformation
          .getCurrentUser().getRealUser() : UserGroupInformation
          .getCurrentUser();
}
 
Example #27
Source File: KeyStoreTestUtil.java    From hbase with Apache License 2.0 3 votes vote down vote up
/**
 * Creates SSL configuration for a client.
 *
 * @param clientKS String client keystore file
 * @param password String store password, or null to avoid setting store
 *   password
 * @param keyPassword String key password, or null to avoid setting key
 *   password
 * @param trustKS String truststore file
 * @return Configuration for client SSL
 */
public static Configuration createClientSSLConfig(String clientKS,
    String password, String keyPassword, String trustKS) {
  Configuration clientSSLConf = createSSLConfig(SSLFactory.Mode.CLIENT,
    clientKS, password, keyPassword, trustKS);
  return clientSSLConf;
}
 
Example #28
Source File: KeyStoreTestUtil.java    From hbase with Apache License 2.0 3 votes vote down vote up
/**
 * Creates SSL configuration for a server.
 *
 * @param serverKS String server keystore file
 * @param password String store password, or null to avoid setting store
 *   password
 * @param keyPassword String key password, or null to avoid setting key
 *   password
 * @param trustKS String truststore file
 * @return Configuration for server SSL
 */
public static Configuration createServerSSLConfig(String serverKS,
    String password, String keyPassword, String trustKS) throws IOException {
  Configuration serverSSLConf = createSSLConfig(SSLFactory.Mode.SERVER,
    serverKS, password, keyPassword, trustKS);
  return serverSSLConf;
}