Java Code Examples for org.apache.hadoop.security.ssl.KeyStoreTestUtil

The following examples show how to use org.apache.hadoop.security.ssl.KeyStoreTestUtil. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
@BeforeClass public static void setUp() throws Exception {
  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();
  conf = new OzoneConfiguration();
  keystoresDir = new File(BASEDIR).getAbsolutePath();
  sslConfDir = KeyStoreTestUtil.getClasspathDir(
      TestStorageContainerManagerHttpServer.class);
  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);
  connectionFactory =
      URLConnectionFactory.newDefaultURLConnectionFactory(conf);
  conf.set(OzoneConfigKeys.OZONE_CLIENT_HTTPS_KEYSTORE_RESOURCE_KEY,
      KeyStoreTestUtil.getClientSSLConfigFileName());
  conf.set(OzoneConfigKeys.OZONE_SERVER_HTTPS_KEYSTORE_RESOURCE_KEY,
      KeyStoreTestUtil.getServerSSLConfigFileName());
}
 
Example 2
@Before
public void setUp() throws Exception {
  OzoneConfiguration conf = new OzoneConfiguration();
  conf.set(HddsConfigKeys.OZONE_METADATA_DIRS, BASEDIR);
  conf.setBoolean(HddsConfigKeys.HDDS_BLOCK_TOKEN_ENABLED, true);
  // Create Ozone Master key pair.
  keyPair = KeyStoreTestUtil.generateKeyPair("RSA");
  expiryTime = Time.monotonicNow() + 60 * 60 * 24;
  // Create Ozone Master certificate (SCM CA issued cert) and key store.
  SecurityConfig securityConfig = new SecurityConfig(conf);
  x509Certificate = KeyStoreTestUtil
      .generateCertificate("CN=OzoneMaster", keyPair, 30, "SHA256withRSA");
  omCertSerialId = x509Certificate.getSerialNumber().toString();
  secretManager = new OzoneBlockTokenSecretManager(securityConfig,
      expiryTime, omCertSerialId);
  client = getCertificateClient(securityConfig);
  client.init();
  secretManager.start(client);
  tokenVerifier = new BlockTokenVerifier(securityConfig, client);

}
 
Example 3
Source Project: hadoop-ozone   Source File: TestOzoneManagerHttpServer.java    License: Apache License 2.0 6 votes vote down vote up
@BeforeClass public static void setUp() throws Exception {
  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();
  conf = new OzoneConfiguration();
  keystoresDir = new File(BASEDIR).getAbsolutePath();
  sslConfDir = KeyStoreTestUtil.getClasspathDir(
      TestOzoneManagerHttpServer.class);
  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);
  connectionFactory =
      URLConnectionFactory.newDefaultURLConnectionFactory(conf);
  conf.set(OzoneConfigKeys.OZONE_CLIENT_HTTPS_KEYSTORE_RESOURCE_KEY,
      KeyStoreTestUtil.getClientSSLConfigFileName());
  conf.set(OzoneConfigKeys.OZONE_SERVER_HTTPS_KEYSTORE_RESOURCE_KEY,
      KeyStoreTestUtil.getServerSSLConfigFileName());
}
 
Example 4
Source Project: hadoop   Source File: TestTimelineAuthenticationFilter.java    License: Apache License 2.0 6 votes vote down vote up
@AfterClass
public static void tearDown() throws Exception {
  if (testMiniKDC != null) {
    testMiniKDC.stop();
  }

  if (testTimelineServer != null) {
    testTimelineServer.stop();
  }

  if (withSsl) {
    KeyStoreTestUtil.cleanupSSLConfig(keystoresDir, sslConfDir);
    File base = new File(BASEDIR);
    FileUtil.fullyDelete(base);
  }
}
 
Example 5
Source Project: hadoop   Source File: TestTimelineWebServicesWithSSL.java    License: Apache License 2.0 6 votes vote down vote up
@BeforeClass
public static void setupServer() throws Exception {
  conf = new YarnConfiguration();
  conf.setBoolean(YarnConfiguration.TIMELINE_SERVICE_ENABLED, true);
  conf.setClass(YarnConfiguration.TIMELINE_SERVICE_STORE,
      MemoryTimelineStore.class, TimelineStore.class);
  conf.set(YarnConfiguration.YARN_HTTP_POLICY_KEY, "HTTPS_ONLY");

  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();
  keystoresDir = new File(BASEDIR).getAbsolutePath();
  sslConfDir =
      KeyStoreTestUtil.getClasspathDir(TestTimelineWebServicesWithSSL.class);

  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);
  conf.addResource("ssl-server.xml");
  conf.addResource("ssl-client.xml");

  timelineServer = new ApplicationHistoryServer();
  timelineServer.init(conf);
  timelineServer.start();
  store = timelineServer.getTimelineStore();
}
 
Example 6
Source Project: hadoop   Source File: TestNfs3HttpServer.java    License: Apache License 2.0 6 votes vote down vote up
@BeforeClass
public static void setUp() throws Exception {
  conf.set(DFSConfigKeys.DFS_HTTP_POLICY_KEY,
      HttpConfig.Policy.HTTP_AND_HTTPS.name());
  conf.set(NfsConfigKeys.NFS_HTTP_ADDRESS_KEY, "localhost:0");
  conf.set(NfsConfigKeys.NFS_HTTPS_ADDRESS_KEY, "localhost:0");
  // Use emphral port in case tests are running in parallel
  conf.setInt(NfsConfigKeys.DFS_NFS_SERVER_PORT_KEY, 0);
  conf.setInt(NfsConfigKeys.DFS_NFS_MOUNTD_PORT_KEY, 0);
  
  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();
  keystoresDir = new File(BASEDIR).getAbsolutePath();
  sslConfDir = KeyStoreTestUtil.getClasspathDir(TestNfs3HttpServer.class);
  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);

  cluster = new MiniDFSCluster.Builder(conf).numDataNodes(1).build();
  cluster.waitActive();
}
 
Example 7
Source Project: hadoop   Source File: TestHttpsFileSystem.java    License: Apache License 2.0 6 votes vote down vote up
@BeforeClass
public static void setUp() throws Exception {
  conf = new Configuration();
  conf.setBoolean(DFSConfigKeys.DFS_WEBHDFS_ENABLED_KEY, true);
  conf.set(DFSConfigKeys.DFS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTPS_ONLY.name());
  conf.set(DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_KEY, "localhost:0");
  conf.set(DFSConfigKeys.DFS_DATANODE_HTTPS_ADDRESS_KEY, "localhost:0");

  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();
  keystoresDir = new File(BASEDIR).getAbsolutePath();
  sslConfDir = KeyStoreTestUtil.getClasspathDir(TestHttpsFileSystem.class);

  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);

  cluster = new MiniDFSCluster.Builder(conf).numDataNodes(1).build();
  cluster.waitActive();
  OutputStream os = cluster.getFileSystem().create(new Path("/test"));
  os.write(23);
  os.close();
  InetSocketAddress addr = cluster.getNameNode().getHttpsAddress();
  nnAddr = NetUtils.getHostPortString(addr);
  conf.set(DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_KEY, nnAddr);
}
 
Example 8
Source Project: hadoop   Source File: SaslDataTransferTestCase.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Creates configuration for starting a secure cluster.
 *
 * @param dataTransferProtection supported QOPs
 * @return configuration for starting a secure cluster
 * @throws Exception if there is any failure
 */
protected HdfsConfiguration createSecureConfig(
    String dataTransferProtection) throws Exception {
  HdfsConfiguration conf = new HdfsConfiguration();
  SecurityUtil.setAuthenticationMethod(AuthenticationMethod.KERBEROS, conf);
  conf.set(DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, hdfsPrincipal);
  conf.set(DFS_NAMENODE_KEYTAB_FILE_KEY, keytab);
  conf.set(DFS_DATANODE_KERBEROS_PRINCIPAL_KEY, hdfsPrincipal);
  conf.set(DFS_DATANODE_KEYTAB_FILE_KEY, keytab);
  conf.set(DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY, spnegoPrincipal);
  conf.setBoolean(DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY, true);
  conf.set(DFS_DATA_TRANSFER_PROTECTION_KEY, dataTransferProtection);
  conf.set(DFS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTPS_ONLY.name());
  conf.set(DFS_NAMENODE_HTTPS_ADDRESS_KEY, "localhost:0");
  conf.set(DFS_DATANODE_HTTPS_ADDRESS_KEY, "localhost:0");
  conf.setInt(IPC_CLIENT_CONNECT_MAX_RETRIES_ON_SASL_KEY, 10);

  String keystoresDir = baseDir.getAbsolutePath();
  String sslConfDir = KeyStoreTestUtil.getClasspathDir(this.getClass());
  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);
  return conf;
}
 
Example 9
Source Project: streamx   Source File: TestWithSecureMiniDFSCluster.java    License: Apache License 2.0 6 votes vote down vote up
private Configuration createSecureConfig(String dataTransferProtection) throws Exception {
  HdfsConfiguration conf = new HdfsConfiguration();
  SecurityUtil.setAuthenticationMethod(UserGroupInformation.AuthenticationMethod.KERBEROS, conf);
  conf.set(DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, hdfsPrincipal);
  conf.set(DFS_NAMENODE_KEYTAB_FILE_KEY, keytab);
  conf.set(DFS_DATANODE_KERBEROS_PRINCIPAL_KEY, hdfsPrincipal);
  conf.set(DFS_DATANODE_KEYTAB_FILE_KEY, keytab);
  conf.set(DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY, spnegoPrincipal);
  conf.setBoolean(DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY, true);
  conf.set(DFS_DATA_TRANSFER_PROTECTION_KEY, dataTransferProtection);
  conf.set(DFS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTPS_ONLY.name());
  conf.set(DFS_NAMENODE_HTTPS_ADDRESS_KEY, "localhost:0");
  conf.set(DFS_DATANODE_HTTPS_ADDRESS_KEY, "localhost:0");
  conf.setInt(IPC_CLIENT_CONNECT_MAX_RETRIES_ON_SASL_KEY, 10);
  conf.set(DFS_ENCRYPT_DATA_TRANSFER_KEY,
           "true");//https://issues.apache.org/jira/browse/HDFS-7431
  String keystoresDir = baseDir.getAbsolutePath();
  String sslConfDir = KeyStoreTestUtil.getClasspathDir(this.getClass());
  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);
  return conf;
}
 
Example 10
Source Project: big-c   Source File: TestTimelineAuthenticationFilter.java    License: Apache License 2.0 6 votes vote down vote up
@AfterClass
public static void tearDown() throws Exception {
  if (testMiniKDC != null) {
    testMiniKDC.stop();
  }

  if (testTimelineServer != null) {
    testTimelineServer.stop();
  }

  if (withSsl) {
    KeyStoreTestUtil.cleanupSSLConfig(keystoresDir, sslConfDir);
    File base = new File(BASEDIR);
    FileUtil.fullyDelete(base);
  }
}
 
Example 11
Source Project: big-c   Source File: TestTimelineWebServicesWithSSL.java    License: Apache License 2.0 6 votes vote down vote up
@BeforeClass
public static void setupServer() throws Exception {
  conf = new YarnConfiguration();
  conf.setBoolean(YarnConfiguration.TIMELINE_SERVICE_ENABLED, true);
  conf.setClass(YarnConfiguration.TIMELINE_SERVICE_STORE,
      MemoryTimelineStore.class, TimelineStore.class);
  conf.set(YarnConfiguration.YARN_HTTP_POLICY_KEY, "HTTPS_ONLY");

  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();
  keystoresDir = new File(BASEDIR).getAbsolutePath();
  sslConfDir =
      KeyStoreTestUtil.getClasspathDir(TestTimelineWebServicesWithSSL.class);

  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);
  conf.addResource("ssl-server.xml");
  conf.addResource("ssl-client.xml");

  timelineServer = new ApplicationHistoryServer();
  timelineServer.init(conf);
  timelineServer.start();
  store = timelineServer.getTimelineStore();
}
 
Example 12
Source Project: big-c   Source File: TestNfs3HttpServer.java    License: Apache License 2.0 6 votes vote down vote up
@BeforeClass
public static void setUp() throws Exception {
  conf.set(DFSConfigKeys.DFS_HTTP_POLICY_KEY,
      HttpConfig.Policy.HTTP_AND_HTTPS.name());
  conf.set(NfsConfigKeys.NFS_HTTP_ADDRESS_KEY, "localhost:0");
  conf.set(NfsConfigKeys.NFS_HTTPS_ADDRESS_KEY, "localhost:0");
  // Use emphral port in case tests are running in parallel
  conf.setInt(NfsConfigKeys.DFS_NFS_SERVER_PORT_KEY, 0);
  conf.setInt(NfsConfigKeys.DFS_NFS_MOUNTD_PORT_KEY, 0);
  
  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();
  keystoresDir = new File(BASEDIR).getAbsolutePath();
  sslConfDir = KeyStoreTestUtil.getClasspathDir(TestNfs3HttpServer.class);
  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);

  cluster = new MiniDFSCluster.Builder(conf).numDataNodes(1).build();
  cluster.waitActive();
}
 
Example 13
Source Project: big-c   Source File: TestHttpsFileSystem.java    License: Apache License 2.0 6 votes vote down vote up
@BeforeClass
public static void setUp() throws Exception {
  conf = new Configuration();
  conf.setBoolean(DFSConfigKeys.DFS_WEBHDFS_ENABLED_KEY, true);
  conf.set(DFSConfigKeys.DFS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTPS_ONLY.name());
  conf.set(DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_KEY, "localhost:0");
  conf.set(DFSConfigKeys.DFS_DATANODE_HTTPS_ADDRESS_KEY, "localhost:0");

  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();
  keystoresDir = new File(BASEDIR).getAbsolutePath();
  sslConfDir = KeyStoreTestUtil.getClasspathDir(TestHttpsFileSystem.class);

  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);

  cluster = new MiniDFSCluster.Builder(conf).numDataNodes(1).build();
  cluster.waitActive();
  OutputStream os = cluster.getFileSystem().create(new Path("/test"));
  os.write(23);
  os.close();
  InetSocketAddress addr = cluster.getNameNode().getHttpsAddress();
  nnAddr = NetUtils.getHostPortString(addr);
  conf.set(DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_KEY, nnAddr);
}
 
Example 14
Source Project: big-c   Source File: SaslDataTransferTestCase.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Creates configuration for starting a secure cluster.
 *
 * @param dataTransferProtection supported QOPs
 * @return configuration for starting a secure cluster
 * @throws Exception if there is any failure
 */
protected HdfsConfiguration createSecureConfig(
    String dataTransferProtection) throws Exception {
  HdfsConfiguration conf = new HdfsConfiguration();
  SecurityUtil.setAuthenticationMethod(AuthenticationMethod.KERBEROS, conf);
  conf.set(DFS_NAMENODE_KERBEROS_PRINCIPAL_KEY, hdfsPrincipal);
  conf.set(DFS_NAMENODE_KEYTAB_FILE_KEY, keytab);
  conf.set(DFS_DATANODE_KERBEROS_PRINCIPAL_KEY, hdfsPrincipal);
  conf.set(DFS_DATANODE_KEYTAB_FILE_KEY, keytab);
  conf.set(DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY, spnegoPrincipal);
  conf.setBoolean(DFS_BLOCK_ACCESS_TOKEN_ENABLE_KEY, true);
  conf.set(DFS_DATA_TRANSFER_PROTECTION_KEY, dataTransferProtection);
  conf.set(DFS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTPS_ONLY.name());
  conf.set(DFS_NAMENODE_HTTPS_ADDRESS_KEY, "localhost:0");
  conf.set(DFS_DATANODE_HTTPS_ADDRESS_KEY, "localhost:0");
  conf.setInt(IPC_CLIENT_CONNECT_MAX_RETRIES_ON_SASL_KEY, 10);

  String keystoresDir = baseDir.getAbsolutePath();
  String sslConfDir = KeyStoreTestUtil.getClasspathDir(this.getClass());
  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);
  return conf;
}
 
Example 15
Source Project: knox   Source File: ShellTest.java    License: Apache License 2.0 6 votes vote down vote up
@BeforeClass
public static void setUpBeforeClass() throws Exception {
  nameNodeHttpPort = TestUtils.findFreePort();
  configuration = new HdfsConfiguration();
  baseDir = new File(KeyStoreTestUtil.getClasspathDir(ShellTest.class));
  System.setProperty(MiniDFSCluster.PROP_TEST_BUILD_DATA, baseDir.getAbsolutePath());
  miniDFSCluster = new MiniDFSCluster.Builder(configuration)
      .nameNodePort(TestUtils.findFreePort())
      .nameNodeHttpPort(nameNodeHttpPort)
      .numDataNodes(2)
      .format(true)
      .racks(null)
      .build();
  userName = UserGroupInformation.createUserForTesting("guest", new String[] {"users"}).getUserName();
  assertNotNull(userName);

  setupKnox();
}
 
Example 16
Source Project: hadoop-ozone   Source File: TestHddsSecureDatanodeInit.java    License: Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() throws Exception {
  testDir = GenericTestUtils.getRandomizedTestDir();
  conf = new OzoneConfiguration();
  conf.set(HddsConfigKeys.OZONE_METADATA_DIRS, testDir.getPath());
  //conf.set(ScmConfigKeys.OZONE_SCM_NAMES, "localhost");
  String volumeDir = testDir + "/disk1";
  conf.set(DFSConfigKeysLegacy.DFS_DATANODE_DATA_DIR_KEY, volumeDir);

  conf.setBoolean(OZONE_SECURITY_ENABLED_KEY, true);
  conf.setClass(OzoneConfigKeys.HDDS_DATANODE_PLUGINS_KEY,
      TestHddsDatanodeService.MockService.class,
      ServicePlugin.class);
  securityConfig = new SecurityConfig(conf);

  service = HddsDatanodeService.createHddsDatanodeService(args);
  dnLogs = GenericTestUtils.LogCapturer.captureLogs(getLogger());
  callQuietly(() -> {
    service.start(conf);
    return null;
  });
  callQuietly(() -> {
    service.initializeCertificateClient(conf);
    return null;
  });
  certCodec = new CertificateCodec(securityConfig, DN_COMPONENT);
  keyCodec = new KeyCodec(securityConfig, DN_COMPONENT);
  dnLogs.clearOutput();
  privateKey = service.getCertificateClient().getPrivateKey();
  publicKey = service.getCertificateClient().getPublicKey();
  X509Certificate x509Certificate = null;

  x509Certificate = KeyStoreTestUtil.generateCertificate(
      "CN=Test", new KeyPair(publicKey, privateKey), 10,
      securityConfig.getSignatureAlgo());
  certHolder = new X509CertificateHolder(x509Certificate.getEncoded());

}
 
Example 17
Source Project: hadoop-ozone   Source File: TestDefaultCertificateClient.java    License: Apache License 2.0 5 votes vote down vote up
private X509Certificate generateX509Cert(KeyPair keyPair) throws Exception {
  if (keyPair == null) {
    keyPair = generateKeyPairFiles();
  }
  return KeyStoreTestUtil.generateCertificate("CN=Test", keyPair, 30,
      omSecurityConfig.getSignatureAlgo());
}
 
Example 18
@BeforeClass
public static void setUp() throws Exception {
  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();
  expiryTime = Time.monotonicNow() + 60 * 60 * 24;

  // Create Ozone Master key pair.
  keyPair = KeyStoreTestUtil.generateKeyPair("RSA");
  // Create Ozone Master certificate (SCM CA issued cert) and key store.
  cert = KeyStoreTestUtil
      .generateCertificate("CN=OzoneMaster", keyPair, 30, "SHA256withRSA");
}
 
Example 19
@Test
public void testAsymmetricTokenPerf() throws NoSuchAlgorithmException,
    CertificateEncodingException, NoSuchProviderException,
    InvalidKeyException, SignatureException {
  final int testTokenCount = 1000;
  List<OzoneBlockTokenIdentifier> tokenIds = new ArrayList<>();
  List<byte[]> tokenPasswordAsym = new ArrayList<>();
  for (int i = 0; i < testTokenCount; i++) {
    tokenIds.add(generateTestToken());
  }

  KeyPair kp = KeyStoreTestUtil.generateKeyPair("RSA");

  // Create Ozone Master certificate (SCM CA issued cert) and key store
  X509Certificate certificate;
  certificate = KeyStoreTestUtil.generateCertificate("CN=OzoneMaster",
      kp, 30, "SHA256withRSA");

  long startTime = Time.monotonicNowNanos();
  for (int i = 0; i < testTokenCount; i++) {
    tokenPasswordAsym.add(
        signTokenAsymmetric(tokenIds.get(i), kp.getPrivate()));
  }
  long duration = Time.monotonicNowNanos() - startTime;
  LOG.info("Average token sign time with HmacSha256(RSA/1024 key) is {} ns",
      duration / testTokenCount);

  startTime = Time.monotonicNowNanos();
  for (int i = 0; i < testTokenCount; i++) {
    verifyTokenAsymmetric(tokenIds.get(i), tokenPasswordAsym.get(i),
        certificate);
  }
  duration = Time.monotonicNowNanos() - startTime;
  LOG.info("Average token verify time with HmacSha256(RSA/1024 key) "
      + "is {} ns", duration / testTokenCount);
}
 
Example 20
Source Project: hadoop-ozone   Source File: TestOzoneTokenIdentifier.java    License: Apache License 2.0 5 votes vote down vote up
private ConfigurationSource createConfiguration(boolean clientCert,
    boolean trustStore)
    throws Exception {
  OzoneConfiguration conf = new OzoneConfiguration();
  KeyStoreTestUtil.setupSSLConfig(KEYSTORES_DIR, sslConfsDir, conf,
      clientCert, trustStore, EXCLUDE_CIPHERS);
  sslConfsDir = KeyStoreTestUtil.getClasspathDir(TestSSLFactory.class);
  return conf;
}
 
Example 21
Source Project: hadoop-ozone   Source File: TestOzoneTokenIdentifier.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testAsymmetricTokenPerf() throws NoSuchAlgorithmException,
    CertificateEncodingException, NoSuchProviderException,
    InvalidKeyException, SignatureException {
  final int testTokenCount = 1000;
  List<OzoneTokenIdentifier> tokenIds = new ArrayList<>();
  List<byte[]> tokenPasswordAsym = new ArrayList<>();
  for (int i = 0; i < testTokenCount; i++) {
    tokenIds.add(generateTestToken());
  }

  KeyPair keyPair = KeyStoreTestUtil.generateKeyPair("RSA");

  // Create Ozone Master certificate (SCM CA issued cert) and key store
  X509Certificate cert;
  cert = KeyStoreTestUtil.generateCertificate("CN=OzoneMaster",
      keyPair, 30, "SHA256withRSA");

  long startTime = Time.monotonicNowNanos();
  for (int i = 0; i < testTokenCount; i++) {
    tokenPasswordAsym.add(
        signTokenAsymmetric(tokenIds.get(i), keyPair.getPrivate()));
  }
  long duration = Time.monotonicNowNanos() - startTime;
  LOG.info("Average token sign time with HmacSha256(RSA/1024 key) is {} ns",
      duration/testTokenCount);

  startTime = Time.monotonicNowNanos();
  for (int i = 0; i < testTokenCount; i++) {
    verifyTokenAsymmetric(tokenIds.get(i), tokenPasswordAsym.get(i), cert);
  }
  duration = Time.monotonicNowNanos() - startTime;
  LOG.info("Average token verify time with HmacSha256(RSA/1024 key) "
      + "is {} ns", duration/testTokenCount);
}
 
Example 22
/**
 * Helper function to create certificate client.
 * */
private CertificateClient setupCertificateClient() throws Exception {
  KeyPair keyPair = KeyStoreTestUtil.generateKeyPair("RSA");
  X509Certificate cert = KeyStoreTestUtil
      .generateCertificate("CN=OzoneMaster", keyPair, 30, "SHA256withRSA");

  return new OMCertificateClient(securityConfig) {
    @Override
    public X509Certificate getCertificate() {
      return cert;
    }

    @Override
    public PrivateKey getPrivateKey() {
      return keyPair.getPrivate();
    }

    @Override
    public PublicKey getPublicKey() {
      return keyPair.getPublic();
    }

    @Override
    public X509Certificate getCertificate(String serialId) {
      return cert;
    }
  };
}
 
Example 23
Source Project: hadoop-ozone   Source File: TestOzoneManagerBlockToken.java    License: Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() throws Exception {
  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();
  expiryTime = Time.monotonicNow() + 60 * 60 * 24;

  // Create Ozone Master key pair.
  keyPair = KeyStoreTestUtil.generateKeyPair("RSA");
  // Create Ozone Master certificate (SCM CA issued cert) and key store.
  cert = KeyStoreTestUtil
      .generateCertificate("CN=OzoneMaster", keyPair, 30, "SHA256withRSA");
}
 
Example 24
Source Project: hadoop-ozone   Source File: TestOzoneManagerBlockToken.java    License: Apache License 2.0 5 votes vote down vote up
@Test
public void testAsymmetricTokenPerf() throws NoSuchAlgorithmException,
    CertificateEncodingException, NoSuchProviderException,
    InvalidKeyException, SignatureException {
  final int testTokenCount = 1000;
  List<OzoneBlockTokenIdentifier> tokenIds = new ArrayList<>();
  List<byte[]> tokenPasswordAsym = new ArrayList<>();
  for (int i = 0; i < testTokenCount; i++) {
    tokenIds.add(generateTestToken());
  }

  KeyPair kp = KeyStoreTestUtil.generateKeyPair("RSA");

  // Create Ozone Master certificate (SCM CA issued cert) and key store
  X509Certificate omCert;
  omCert = KeyStoreTestUtil.generateCertificate("CN=OzoneMaster",
      kp, 30, "SHA256withRSA");

  long startTime = Time.monotonicNowNanos();
  for (int i = 0; i < testTokenCount; i++) {
    tokenPasswordAsym.add(
        signTokenAsymmetric(tokenIds.get(i), kp.getPrivate()));
  }
  long duration = Time.monotonicNowNanos() - startTime;
  LOG.info("Average token sign time with HmacSha256(RSA/1024 key) is {} ns",
      duration / testTokenCount);

  startTime = Time.monotonicNowNanos();
  for (int i = 0; i < testTokenCount; i++) {
    verifyTokenAsymmetric(tokenIds.get(i), tokenPasswordAsym.get(i), omCert);
  }
  duration = Time.monotonicNowNanos() - startTime;
  LOG.info("Average token verify time with HmacSha256(RSA/1024 key) "
      + "is {} ns", duration / testTokenCount);
}
 
Example 25
Source Project: hadoop   Source File: TestEncryptedShuffle.java    License: Apache License 2.0 5 votes vote down vote up
private void encryptedShuffleWithCerts(boolean useClientCerts)
  throws Exception {
  try {
    Configuration conf = new Configuration();
    String keystoresDir = new File(BASEDIR).getAbsolutePath();
    String sslConfsDir =
      KeyStoreTestUtil.getClasspathDir(TestEncryptedShuffle.class);
    KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfsDir, conf,
                                    useClientCerts);
    conf.setBoolean(MRConfig.SHUFFLE_SSL_ENABLED_KEY, true);
    startCluster(conf);
    FileSystem fs = FileSystem.get(getJobConf());
    Path inputDir = new Path("input");
    fs.mkdirs(inputDir);
    Writer writer =
      new OutputStreamWriter(fs.create(new Path(inputDir, "data.txt")));
    writer.write("hello");
    writer.close();

    Path outputDir = new Path("output", "output");

    JobConf jobConf = new JobConf(getJobConf());
    jobConf.setInt("mapred.map.tasks", 1);
    jobConf.setInt("mapred.map.max.attempts", 1);
    jobConf.setInt("mapred.reduce.max.attempts", 1);
    jobConf.set("mapred.input.dir", inputDir.toString());
    jobConf.set("mapred.output.dir", outputDir.toString());
    JobClient jobClient = new JobClient(jobConf);
    RunningJob runJob = jobClient.submitJob(jobConf);
    runJob.waitForCompletion();
    Assert.assertTrue(runJob.isComplete());
    Assert.assertTrue(runJob.isSuccessful());
  } finally {
    stopCluster();
  }
}
 
Example 26
Source Project: hadoop   Source File: TestNfs3HttpServer.java    License: Apache License 2.0 5 votes vote down vote up
@AfterClass
public static void tearDown() throws Exception {
  FileUtil.fullyDelete(new File(BASEDIR));
  if (cluster != null) {
    cluster.shutdown();
  }
  KeyStoreTestUtil.cleanupSSLConfig(keystoresDir, sslConfDir);
}
 
Example 27
Source Project: hadoop   Source File: TestHftpFileSystem.java    License: Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() throws Exception {
  config = new Configuration();
  cluster = new MiniDFSCluster.Builder(config).numDataNodes(2).build();
  blockPoolId = cluster.getNamesystem().getBlockPoolId();
  hftpUri = "hftp://"
      + config.get(DFSConfigKeys.DFS_NAMENODE_HTTP_ADDRESS_KEY);
  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();
  keystoresDir = new File(BASEDIR).getAbsolutePath();
  sslConfDir = KeyStoreTestUtil.getClasspathDir(TestHftpFileSystem.class);

  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, config, false);
}
 
Example 28
Source Project: hadoop   Source File: TestHftpFileSystem.java    License: Apache License 2.0 5 votes vote down vote up
@AfterClass
public static void tearDown() throws Exception {
  if (cluster != null) {
    cluster.shutdown();
  }
  FileUtil.fullyDelete(new File(BASEDIR));
  KeyStoreTestUtil.cleanupSSLConfig(keystoresDir, sslConfDir);
}
 
Example 29
Source Project: hadoop   Source File: TestNameNodeHttpServer.java    License: Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void setUp() throws Exception {
  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();
  conf = new Configuration();
  keystoresDir = new File(BASEDIR).getAbsolutePath();
  sslConfDir = KeyStoreTestUtil.getClasspathDir(TestNameNodeHttpServer.class);
  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);
  connectionFactory = URLConnectionFactory
      .newDefaultURLConnectionFactory(conf);
}
 
Example 30
Source Project: hadoop   Source File: TestNameNodeRespectsBindHostKeys.java    License: Apache License 2.0 5 votes vote down vote up
private static void setupSsl() throws Exception {
  Configuration conf = new Configuration();
  conf.setBoolean(DFSConfigKeys.DFS_WEBHDFS_ENABLED_KEY, true);
  conf.set(DFSConfigKeys.DFS_HTTP_POLICY_KEY, HttpConfig.Policy.HTTPS_ONLY.name());
  conf.set(DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_KEY, "localhost:0");
  conf.set(DFSConfigKeys.DFS_DATANODE_HTTPS_ADDRESS_KEY, "localhost:0");

  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  assertTrue(base.mkdirs());
  final String keystoresDir = new File(BASEDIR).getAbsolutePath();
  final String sslConfDir = KeyStoreTestUtil.getClasspathDir(TestNameNodeRespectsBindHostKeys.class);

  KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false);
}