HADOOP-17699. Remove hardcoded SunX509 usage from SSLFactory. (#3016)
This commit is contained in:
parent
110cda3de6
commit
86729e130f
@ -273,8 +273,8 @@ public void init(SSLFactory.Mode mode)
|
|||||||
} else {
|
} else {
|
||||||
KeyStore keystore = KeyStore.getInstance(keystoreType);
|
KeyStore keystore = KeyStore.getInstance(keystoreType);
|
||||||
keystore.load(null, null);
|
keystore.load(null, null);
|
||||||
KeyManagerFactory keyMgrFactory = KeyManagerFactory
|
KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(
|
||||||
.getInstance(SSLFactory.SSLCERTIFICATE);
|
SSLFactory.KEY_MANAGER_SSLCERTIFICATE);
|
||||||
|
|
||||||
keyMgrFactory.init(keystore, null);
|
keyMgrFactory.init(keystore, null);
|
||||||
keyManagers = keyMgrFactory.getKeyManagers();
|
keyManagers = keyMgrFactory.getKeyManagers();
|
||||||
|
@ -143,7 +143,7 @@ private X509ExtendedKeyManager loadKeyManager(Path path)
|
|||||||
LOG.debug(" Loaded KeyStore: " + path.toFile().getAbsolutePath());
|
LOG.debug(" Loaded KeyStore: " + path.toFile().getAbsolutePath());
|
||||||
|
|
||||||
KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(
|
KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(
|
||||||
SSLFactory.SSLCERTIFICATE);
|
SSLFactory.KEY_MANAGER_SSLCERTIFICATE);
|
||||||
keyMgrFactory.init(keystore,
|
keyMgrFactory.init(keystore,
|
||||||
(keyPassword != null) ? keyPassword.toCharArray() : null);
|
(keyPassword != null) ? keyPassword.toCharArray() : null);
|
||||||
for (KeyManager candidate: keyMgrFactory.getKeyManagers()) {
|
for (KeyManager candidate: keyMgrFactory.getKeyManagers()) {
|
||||||
|
@ -136,8 +136,8 @@ X509TrustManager loadTrustManager(Path path)
|
|||||||
in.close();
|
in.close();
|
||||||
}
|
}
|
||||||
|
|
||||||
TrustManagerFactory trustManagerFactory =
|
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
|
||||||
TrustManagerFactory.getInstance(SSLFactory.SSLCERTIFICATE);
|
SSLFactory.TRUST_MANAGER_SSLCERTIFICATE);
|
||||||
trustManagerFactory.init(ks);
|
trustManagerFactory.init(ks);
|
||||||
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
|
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
|
||||||
for (TrustManager trustManager1 : trustManagers) {
|
for (TrustManager trustManager1 : trustManagers) {
|
||||||
|
@ -25,14 +25,16 @@
|
|||||||
import org.apache.hadoop.util.StringUtils;
|
import org.apache.hadoop.util.StringUtils;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import static org.apache.hadoop.util.PlatformName.IBM_JAVA;
|
import static org.apache.hadoop.util.PlatformName.JAVA_VENDOR_NAME;
|
||||||
|
|
||||||
import javax.net.ssl.HostnameVerifier;
|
import javax.net.ssl.HostnameVerifier;
|
||||||
import javax.net.ssl.HttpsURLConnection;
|
import javax.net.ssl.HttpsURLConnection;
|
||||||
|
import javax.net.ssl.KeyManagerFactory;
|
||||||
import javax.net.ssl.SSLContext;
|
import javax.net.ssl.SSLContext;
|
||||||
import javax.net.ssl.SSLEngine;
|
import javax.net.ssl.SSLEngine;
|
||||||
import javax.net.ssl.SSLServerSocketFactory;
|
import javax.net.ssl.SSLServerSocketFactory;
|
||||||
import javax.net.ssl.SSLSocketFactory;
|
import javax.net.ssl.SSLSocketFactory;
|
||||||
|
import javax.net.ssl.TrustManagerFactory;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.net.HttpURLConnection;
|
import java.net.HttpURLConnection;
|
||||||
import java.security.GeneralSecurityException;
|
import java.security.GeneralSecurityException;
|
||||||
@ -99,7 +101,13 @@ public enum Mode { CLIENT, SERVER }
|
|||||||
public static final String SSL_SERVER_EXCLUDE_CIPHER_LIST =
|
public static final String SSL_SERVER_EXCLUDE_CIPHER_LIST =
|
||||||
"ssl.server.exclude.cipher.list";
|
"ssl.server.exclude.cipher.list";
|
||||||
|
|
||||||
public static final String SSLCERTIFICATE = IBM_JAVA?"ibmX509":"SunX509";
|
public static final String KEY_MANAGER_SSLCERTIFICATE =
|
||||||
|
JAVA_VENDOR_NAME.contains("IBM") ? "ibmX509" :
|
||||||
|
KeyManagerFactory.getDefaultAlgorithm();
|
||||||
|
|
||||||
|
public static final String TRUST_MANAGER_SSLCERTIFICATE =
|
||||||
|
JAVA_VENDOR_NAME.contains("IBM") ? "ibmX509" :
|
||||||
|
TrustManagerFactory.getDefaultAlgorithm();
|
||||||
|
|
||||||
public static final String KEYSTORES_FACTORY_CLASS_KEY =
|
public static final String KEYSTORES_FACTORY_CLASS_KEY =
|
||||||
"hadoop.ssl.keystores.factory.class";
|
"hadoop.ssl.keystores.factory.class";
|
||||||
|
@ -17,6 +17,8 @@
|
|||||||
*/
|
*/
|
||||||
package org.apache.hadoop.security.ssl;
|
package org.apache.hadoop.security.ssl;
|
||||||
|
|
||||||
|
import static java.security.Security.getProperty;
|
||||||
|
import static java.security.Security.setProperty;
|
||||||
import static org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.SSL_TRUSTSTORE_LOCATION_TPL_KEY;
|
import static org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.SSL_TRUSTSTORE_LOCATION_TPL_KEY;
|
||||||
import static org.apache.hadoop.security.ssl.KeyStoreTestUtil.TRUST_STORE_PASSWORD_DEFAULT;
|
import static org.apache.hadoop.security.ssl.KeyStoreTestUtil.TRUST_STORE_PASSWORD_DEFAULT;
|
||||||
import static org.apache.hadoop.security.ssl.SSLFactory.Mode.CLIENT;
|
import static org.apache.hadoop.security.ssl.SSLFactory.Mode.CLIENT;
|
||||||
@ -367,6 +369,20 @@ public void invalidHostnameVerifier() throws Exception {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testDifferentAlgorithm() throws Exception {
|
||||||
|
Configuration conf = createConfiguration(false, true);
|
||||||
|
String currAlg = getProperty("ssl.KeyManagerFactory.algorithm");
|
||||||
|
setProperty("ssl.KeyManagerFactory.algorithm", "PKIX");
|
||||||
|
SSLFactory sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf);
|
||||||
|
try {
|
||||||
|
sslFactory.init();
|
||||||
|
} finally {
|
||||||
|
sslFactory.destroy();
|
||||||
|
setProperty("ssl.KeyManagerFactory.algorithm", currAlg);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testConnectionConfigurator() throws Exception {
|
public void testConnectionConfigurator() throws Exception {
|
||||||
Configuration conf = createConfiguration(false, true);
|
Configuration conf = createConfiguration(false, true);
|
||||||
|
Loading…
Reference in New Issue
Block a user