From af7b7667f52869d88fd99738ea7e1affeccb60ce Mon Sep 17 00:00:00 2001 From: Suresh Srinivas Date: Tue, 26 Mar 2013 18:57:47 +0000 Subject: [PATCH] HADOOP-9430. TestSSLFactory fails on IBM JVM. Contributed by Amir Sanjar. git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1461268 13f79535-47bb-0310-9956-ffa450edef68 --- hadoop-common-project/hadoop-common/CHANGES.txt | 2 ++ .../apache/hadoop/security/ssl/FileBasedKeyStoresFactory.java | 4 +++- .../apache/hadoop/security/ssl/ReloadingX509TrustManager.java | 4 ++-- .../main/java/org/apache/hadoop/security/ssl/SSLFactory.java | 3 +++ 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index f25f91cf2e..ad2b336fb3 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -592,6 +592,8 @@ Release 2.0.5-beta - UNRELEASED HADOOP-9299. kerberos name resolution is kicking in even when kerberos is not configured (daryn) + HADOOP-9430. TestSSLFactory fails on IBM JVM. (Amir Sanjar via suresh) + Release 2.0.4-alpha - UNRELEASED INCOMPATIBLE CHANGES diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/FileBasedKeyStoresFactory.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/FileBasedKeyStoresFactory.java index 9560caf7ed..c6a7c6d5ee 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/FileBasedKeyStoresFactory.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/FileBasedKeyStoresFactory.java @@ -164,7 +164,9 @@ public void init(SSLFactory.Mode mode) } else { keystore.load(null, null); } - KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance("SunX509"); + KeyManagerFactory keyMgrFactory = KeyManagerFactory + .getInstance(SSLFactory.SSLCERTIFICATE); + keyMgrFactory.init(keystore, (keystorePassword != null) ? keystorePassword.toCharArray() : null); keyManagers = keyMgrFactory.getKeyManagers(); diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/ReloadingX509TrustManager.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/ReloadingX509TrustManager.java index 58cdf00175..1b2494093d 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/ReloadingX509TrustManager.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/ReloadingX509TrustManager.java @@ -169,8 +169,8 @@ X509TrustManager loadTrustManager() in.close(); } - TrustManagerFactory trustManagerFactory = - TrustManagerFactory.getInstance("SunX509"); + TrustManagerFactory trustManagerFactory = + TrustManagerFactory.getInstance(SSLFactory.SSLCERTIFICATE); trustManagerFactory.init(ks); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); for (TrustManager trustManager1 : trustManagers) { diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java index 4234e3fc76..7f82f6aab3 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java @@ -58,6 +58,9 @@ public static enum Mode { CLIENT, SERVER } "hadoop.ssl.client.conf"; public static final String SSL_SERVER_CONF_KEY = "hadoop.ssl.server.conf"; + private static final boolean IBMJAVA = + System.getProperty("java.vendor").contains("IBM"); + public static final String SSLCERTIFICATE = IBMJAVA?"ibmX509":"SunX509"; public static final boolean DEFAULT_SSL_REQUIRE_CLIENT_CERT = false;