HADOOP-10847. Remove the usage of sun.security.x509.* in testing code. Contributed by Pascal Oliva.

This commit is contained in:
Haohui Mai 2014-11-04 10:52:05 -08:00
parent 85da71c2d3
commit 1eed102023
4 changed files with 41 additions and 42 deletions

View File

@ -369,6 +369,9 @@ Release 2.7.0 - UNRELEASED
HADOOP-6857. FsShell should report raw disk usage including replication HADOOP-6857. FsShell should report raw disk usage including replication
factor. (Byron Wong via shv) factor. (Byron Wong via shv)
HADOOP-10847. Remove the usage of sun.security.x509.* in testing code.
(Pascal Oliva via wheat9)
OPTIMIZATIONS OPTIMIZATIONS
BUG FIXES BUG FIXES

View File

@ -280,6 +280,11 @@
<groupId>org.apache.commons</groupId> <groupId>org.apache.commons</groupId>
<artifactId>commons-compress</artifactId> <artifactId>commons-compress</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk16</artifactId>
<scope>test</scope>
</dependency>
</dependencies> </dependencies>
<build> <build>

View File

@ -24,18 +24,6 @@
import org.apache.hadoop.security.alias.CredentialProviderFactory; import org.apache.hadoop.security.alias.CredentialProviderFactory;
import org.apache.hadoop.security.alias.JavaKeyStoreProvider; import org.apache.hadoop.security.alias.JavaKeyStoreProvider;
import sun.security.x509.AlgorithmId;
import sun.security.x509.CertificateAlgorithmId;
import sun.security.x509.CertificateIssuerName;
import sun.security.x509.CertificateSerialNumber;
import sun.security.x509.CertificateSubjectName;
import sun.security.x509.CertificateValidity;
import sun.security.x509.CertificateVersion;
import sun.security.x509.CertificateX509Key;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;
import java.io.File; import java.io.File;
import java.io.FileOutputStream; import java.io.FileOutputStream;
import java.io.FileWriter; import java.io.FileWriter;
@ -57,6 +45,15 @@
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.security.InvalidKeyException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.x509.X509V1CertificateGenerator;
public class KeyStoreTestUtil { public class KeyStoreTestUtil {
public static String getClasspathDir(Class klass) throws Exception { public static String getClasspathDir(Class klass) throws Exception {
@ -68,50 +65,38 @@ public static String getClasspathDir(Class klass) throws Exception {
return baseDir; return baseDir;
} }
@SuppressWarnings("deprecation")
/** /**
* Create a self-signed X.509 Certificate. * Create a self-signed X.509 Certificate.
* From http://bfo.com/blog/2011/03/08/odds_and_ends_creating_a_new_x_509_certificate.html.
* *
* @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB" * @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
* @param pair the KeyPair * @param pair the KeyPair
* @param days how many days from now the Certificate is valid for * @param days how many days from now the Certificate is valid for
* @param algorithm the signing algorithm, eg "SHA1withRSA" * @param algorithm the signing algorithm, eg "SHA1withRSA"
* @return the self-signed certificate * @return the self-signed certificate
* @throws IOException thrown if an IO error ocurred.
* @throws GeneralSecurityException thrown if an Security error ocurred.
*/ */
public static X509Certificate generateCertificate(String dn, KeyPair pair, public static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm)
int days, String algorithm) throws CertificateEncodingException,
throws GeneralSecurityException, IOException { InvalidKeyException,
PrivateKey privkey = pair.getPrivate(); IllegalStateException,
X509CertInfo info = new X509CertInfo(); NoSuchProviderException, NoSuchAlgorithmException, SignatureException{
Date from = new Date(); Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000l); Date to = new Date(from.getTime() + days * 86400000l);
CertificateValidity interval = new CertificateValidity(from, to);
BigInteger sn = new BigInteger(64, new SecureRandom()); BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name(dn); KeyPair keyPair = pair;
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal dnName = new X500Principal(dn);
info.set(X509CertInfo.VALIDITY, interval); certGen.setSerialNumber(sn);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn)); certGen.setIssuerDN(dnName);
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner)); certGen.setNotBefore(from);
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner)); certGen.setNotAfter(to);
info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic())); certGen.setSubjectDN(dnName);
info certGen.setPublicKey(keyPair.getPublic());
.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); certGen.setSignatureAlgorithm(algorithm);
AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
// Sign the cert to identify the algorithm that's used. X509Certificate cert = certGen.generate(pair.getPrivate());
X509CertImpl cert = new X509CertImpl(info);
cert.sign(privkey, algorithm);
// Update the algorith, and resign.
algo = (AlgorithmId) cert.get(X509CertImpl.SIG_ALG);
info
.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM,
algo);
cert = new X509CertImpl(info);
cert.sign(privkey, algorithm);
return cert; return cert;
} }

View File

@ -900,6 +900,12 @@
<artifactId>curator-test</artifactId> <artifactId>curator-test</artifactId>
<version>2.6.0</version> <version>2.6.0</version>
</dependency> </dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk16</artifactId>
<version>1.46</version>
<scope>test</scope>
</dependency>
</dependencies> </dependencies>
</dependencyManagement> </dependencyManagement>