Java Code Examples for org.apache.hadoop.security.ssl.KeyStoreTestUtil#generateCertificate()
The following examples show how to use
org.apache.hadoop.security.ssl.KeyStoreTestUtil#generateCertificate() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TestOzoneBlockTokenSecretManager.java From hadoop-ozone with Apache License 2.0 | 6 votes |
@Before public void setUp() throws Exception { OzoneConfiguration conf = new OzoneConfiguration(); conf.set(HddsConfigKeys.OZONE_METADATA_DIRS, BASEDIR); conf.setBoolean(HddsConfigKeys.HDDS_BLOCK_TOKEN_ENABLED, true); // Create Ozone Master key pair. keyPair = KeyStoreTestUtil.generateKeyPair("RSA"); expiryTime = Time.monotonicNow() + 60 * 60 * 24; // Create Ozone Master certificate (SCM CA issued cert) and key store. SecurityConfig securityConfig = new SecurityConfig(conf); x509Certificate = KeyStoreTestUtil .generateCertificate("CN=OzoneMaster", keyPair, 30, "SHA256withRSA"); omCertSerialId = x509Certificate.getSerialNumber().toString(); secretManager = new OzoneBlockTokenSecretManager(securityConfig, expiryTime, omCertSerialId); client = getCertificateClient(securityConfig); client.init(); secretManager.start(client); tokenVerifier = new BlockTokenVerifier(securityConfig, client); }
Example 2
Source File: TestHddsSecureDatanodeInit.java From hadoop-ozone with Apache License 2.0 | 5 votes |
@BeforeClass public static void setUp() throws Exception { testDir = GenericTestUtils.getRandomizedTestDir(); conf = new OzoneConfiguration(); conf.set(HddsConfigKeys.OZONE_METADATA_DIRS, testDir.getPath()); //conf.set(ScmConfigKeys.OZONE_SCM_NAMES, "localhost"); String volumeDir = testDir + "/disk1"; conf.set(DFSConfigKeysLegacy.DFS_DATANODE_DATA_DIR_KEY, volumeDir); conf.setBoolean(OZONE_SECURITY_ENABLED_KEY, true); conf.setClass(OzoneConfigKeys.HDDS_DATANODE_PLUGINS_KEY, TestHddsDatanodeService.MockService.class, ServicePlugin.class); securityConfig = new SecurityConfig(conf); service = HddsDatanodeService.createHddsDatanodeService(args); dnLogs = GenericTestUtils.LogCapturer.captureLogs(getLogger()); callQuietly(() -> { service.start(conf); return null; }); callQuietly(() -> { service.initializeCertificateClient(conf); return null; }); certCodec = new CertificateCodec(securityConfig, DN_COMPONENT); keyCodec = new KeyCodec(securityConfig, DN_COMPONENT); dnLogs.clearOutput(); privateKey = service.getCertificateClient().getPrivateKey(); publicKey = service.getCertificateClient().getPublicKey(); X509Certificate x509Certificate = null; x509Certificate = KeyStoreTestUtil.generateCertificate( "CN=Test", new KeyPair(publicKey, privateKey), 10, securityConfig.getSignatureAlgo()); certHolder = new X509CertificateHolder(x509Certificate.getEncoded()); }
Example 3
Source File: TestDefaultCertificateClient.java From hadoop-ozone with Apache License 2.0 | 5 votes |
private X509Certificate generateX509Cert(KeyPair keyPair) throws Exception { if (keyPair == null) { keyPair = generateKeyPairFiles(); } return KeyStoreTestUtil.generateCertificate("CN=Test", keyPair, 30, omSecurityConfig.getSignatureAlgo()); }
Example 4
Source File: TestOzoneBlockTokenIdentifier.java From hadoop-ozone with Apache License 2.0 | 5 votes |
@BeforeClass public static void setUp() throws Exception { File base = new File(BASEDIR); FileUtil.fullyDelete(base); base.mkdirs(); expiryTime = Time.monotonicNow() + 60 * 60 * 24; // Create Ozone Master key pair. keyPair = KeyStoreTestUtil.generateKeyPair("RSA"); // Create Ozone Master certificate (SCM CA issued cert) and key store. cert = KeyStoreTestUtil .generateCertificate("CN=OzoneMaster", keyPair, 30, "SHA256withRSA"); }
Example 5
Source File: TestOzoneBlockTokenIdentifier.java From hadoop-ozone with Apache License 2.0 | 5 votes |
@Test public void testAsymmetricTokenPerf() throws NoSuchAlgorithmException, CertificateEncodingException, NoSuchProviderException, InvalidKeyException, SignatureException { final int testTokenCount = 1000; List<OzoneBlockTokenIdentifier> tokenIds = new ArrayList<>(); List<byte[]> tokenPasswordAsym = new ArrayList<>(); for (int i = 0; i < testTokenCount; i++) { tokenIds.add(generateTestToken()); } KeyPair kp = KeyStoreTestUtil.generateKeyPair("RSA"); // Create Ozone Master certificate (SCM CA issued cert) and key store X509Certificate certificate; certificate = KeyStoreTestUtil.generateCertificate("CN=OzoneMaster", kp, 30, "SHA256withRSA"); long startTime = Time.monotonicNowNanos(); for (int i = 0; i < testTokenCount; i++) { tokenPasswordAsym.add( signTokenAsymmetric(tokenIds.get(i), kp.getPrivate())); } long duration = Time.monotonicNowNanos() - startTime; LOG.info("Average token sign time with HmacSha256(RSA/1024 key) is {} ns", duration / testTokenCount); startTime = Time.monotonicNowNanos(); for (int i = 0; i < testTokenCount; i++) { verifyTokenAsymmetric(tokenIds.get(i), tokenPasswordAsym.get(i), certificate); } duration = Time.monotonicNowNanos() - startTime; LOG.info("Average token verify time with HmacSha256(RSA/1024 key) " + "is {} ns", duration / testTokenCount); }
Example 6
Source File: TestOzoneTokenIdentifier.java From hadoop-ozone with Apache License 2.0 | 5 votes |
@Test public void testAsymmetricTokenPerf() throws NoSuchAlgorithmException, CertificateEncodingException, NoSuchProviderException, InvalidKeyException, SignatureException { final int testTokenCount = 1000; List<OzoneTokenIdentifier> tokenIds = new ArrayList<>(); List<byte[]> tokenPasswordAsym = new ArrayList<>(); for (int i = 0; i < testTokenCount; i++) { tokenIds.add(generateTestToken()); } KeyPair keyPair = KeyStoreTestUtil.generateKeyPair("RSA"); // Create Ozone Master certificate (SCM CA issued cert) and key store X509Certificate cert; cert = KeyStoreTestUtil.generateCertificate("CN=OzoneMaster", keyPair, 30, "SHA256withRSA"); long startTime = Time.monotonicNowNanos(); for (int i = 0; i < testTokenCount; i++) { tokenPasswordAsym.add( signTokenAsymmetric(tokenIds.get(i), keyPair.getPrivate())); } long duration = Time.monotonicNowNanos() - startTime; LOG.info("Average token sign time with HmacSha256(RSA/1024 key) is {} ns", duration/testTokenCount); startTime = Time.monotonicNowNanos(); for (int i = 0; i < testTokenCount; i++) { verifyTokenAsymmetric(tokenIds.get(i), tokenPasswordAsym.get(i), cert); } duration = Time.monotonicNowNanos() - startTime; LOG.info("Average token verify time with HmacSha256(RSA/1024 key) " + "is {} ns", duration/testTokenCount); }
Example 7
Source File: TestOzoneDelegationTokenSecretManager.java From hadoop-ozone with Apache License 2.0 | 5 votes |
/** * Helper function to create certificate client. * */ private CertificateClient setupCertificateClient() throws Exception { KeyPair keyPair = KeyStoreTestUtil.generateKeyPair("RSA"); X509Certificate cert = KeyStoreTestUtil .generateCertificate("CN=OzoneMaster", keyPair, 30, "SHA256withRSA"); return new OMCertificateClient(securityConfig) { @Override public X509Certificate getCertificate() { return cert; } @Override public PrivateKey getPrivateKey() { return keyPair.getPrivate(); } @Override public PublicKey getPublicKey() { return keyPair.getPublic(); } @Override public X509Certificate getCertificate(String serialId) { return cert; } }; }
Example 8
Source File: TestOzoneManagerBlockToken.java From hadoop-ozone with Apache License 2.0 | 5 votes |
@BeforeClass public static void setUp() throws Exception { File base = new File(BASEDIR); FileUtil.fullyDelete(base); base.mkdirs(); expiryTime = Time.monotonicNow() + 60 * 60 * 24; // Create Ozone Master key pair. keyPair = KeyStoreTestUtil.generateKeyPair("RSA"); // Create Ozone Master certificate (SCM CA issued cert) and key store. cert = KeyStoreTestUtil .generateCertificate("CN=OzoneMaster", keyPair, 30, "SHA256withRSA"); }
Example 9
Source File: TestOzoneManagerBlockToken.java From hadoop-ozone with Apache License 2.0 | 5 votes |
@Test public void testAsymmetricTokenPerf() throws NoSuchAlgorithmException, CertificateEncodingException, NoSuchProviderException, InvalidKeyException, SignatureException { final int testTokenCount = 1000; List<OzoneBlockTokenIdentifier> tokenIds = new ArrayList<>(); List<byte[]> tokenPasswordAsym = new ArrayList<>(); for (int i = 0; i < testTokenCount; i++) { tokenIds.add(generateTestToken()); } KeyPair kp = KeyStoreTestUtil.generateKeyPair("RSA"); // Create Ozone Master certificate (SCM CA issued cert) and key store X509Certificate omCert; omCert = KeyStoreTestUtil.generateCertificate("CN=OzoneMaster", kp, 30, "SHA256withRSA"); long startTime = Time.monotonicNowNanos(); for (int i = 0; i < testTokenCount; i++) { tokenPasswordAsym.add( signTokenAsymmetric(tokenIds.get(i), kp.getPrivate())); } long duration = Time.monotonicNowNanos() - startTime; LOG.info("Average token sign time with HmacSha256(RSA/1024 key) is {} ns", duration / testTokenCount); startTime = Time.monotonicNowNanos(); for (int i = 0; i < testTokenCount; i++) { verifyTokenAsymmetric(tokenIds.get(i), tokenPasswordAsym.get(i), omCert); } duration = Time.monotonicNowNanos() - startTime; LOG.info("Average token verify time with HmacSha256(RSA/1024 key) " + "is {} ns", duration / testTokenCount); }
Example 10
Source File: TestCertificateClientInit.java From hadoop-ozone with Apache License 2.0 | 4 votes |
private X509Certificate getX509Certificate() throws Exception { return KeyStoreTestUtil.generateCertificate( "CN=Test", keyPair, 10, securityConfig.getSignatureAlgo()); }
Example 11
Source File: TestSecureOzoneManager.java From hadoop-ozone with Apache License 2.0 | 4 votes |
/** * Test failure cases for secure OM initialization. */ @Test public void testSecureOmInitFailures() throws Exception { PrivateKey privateKey; PublicKey publicKey; LogCapturer omLogs = LogCapturer.captureLogs(OzoneManager.getLogger()); OMStorage omStorage = new OMStorage(conf); omStorage.setClusterId(clusterId); omStorage.setScmId(scmId); omStorage.setOmId(omId); omLogs.clearOutput(); // Case 1: When keypair as well as certificate is missing. Initial keypair // boot-up. Get certificate will fail when SCM is not running. SecurityConfig securityConfig = new SecurityConfig(conf); CertificateClient client = new OMCertificateClient(securityConfig, omStorage.getOmCertSerialId()); Assert.assertEquals(CertificateClient.InitResponse.GETCERT, client.init()); privateKey = client.getPrivateKey(); publicKey = client.getPublicKey(); Assert.assertNotNull(client.getPrivateKey()); Assert.assertNotNull(client.getPublicKey()); Assert.assertNull(client.getCertificate()); // Case 2: If key pair already exist than response should be RECOVER. client = new OMCertificateClient(securityConfig, omStorage.getOmCertSerialId()); Assert.assertEquals(CertificateClient.InitResponse.RECOVER, client.init()); Assert.assertNotNull(client.getPrivateKey()); Assert.assertNotNull(client.getPublicKey()); Assert.assertNull(client.getCertificate()); // Case 3: When public key as well as certificate is missing. client = new OMCertificateClient(securityConfig); FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(COMPONENT) .toString(), securityConfig.getPublicKeyFileName()).toFile()); Assert.assertEquals(CertificateClient.InitResponse.FAILURE, client.init()); Assert.assertNotNull(client.getPrivateKey()); Assert.assertNull(client.getPublicKey()); Assert.assertNull(client.getCertificate()); // Case 4: When private key and certificate is missing. client = new OMCertificateClient(securityConfig); KeyCodec keyCodec = new KeyCodec(securityConfig, COMPONENT); keyCodec.writePublicKey(publicKey); FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(COMPONENT) .toString(), securityConfig.getPrivateKeyFileName()).toFile()); Assert.assertEquals(CertificateClient.InitResponse.FAILURE, client.init()); Assert.assertNull(client.getPrivateKey()); Assert.assertNotNull(client.getPublicKey()); Assert.assertNull(client.getCertificate()); // Case 5: When only certificate is present. FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(COMPONENT) .toString(), securityConfig.getPublicKeyFileName()).toFile()); CertificateCodec certCodec = new CertificateCodec(securityConfig, COMPONENT); X509Certificate x509Certificate = KeyStoreTestUtil.generateCertificate( "CN=Test", new KeyPair(publicKey, privateKey), 10, securityConfig.getSignatureAlgo()); certCodec.writeCertificate(new X509CertificateHolder( x509Certificate.getEncoded())); client = new OMCertificateClient(securityConfig, x509Certificate.getSerialNumber().toString()); omStorage.setOmCertSerialId(x509Certificate.getSerialNumber().toString()); Assert.assertEquals(CertificateClient.InitResponse.FAILURE, client.init()); Assert.assertNull(client.getPrivateKey()); Assert.assertNull(client.getPublicKey()); Assert.assertNotNull(client.getCertificate()); // Case 6: When private key and certificate is present. client = new OMCertificateClient(securityConfig, x509Certificate.getSerialNumber().toString()); FileUtils.deleteQuietly(Paths.get(securityConfig.getKeyLocation(COMPONENT) .toString(), securityConfig.getPublicKeyFileName()).toFile()); keyCodec.writePrivateKey(privateKey); Assert.assertEquals(CertificateClient.InitResponse.SUCCESS, client.init()); Assert.assertNotNull(client.getPrivateKey()); Assert.assertNotNull(client.getPublicKey()); Assert.assertNotNull(client.getCertificate()); // Case 7 When keypair and certificate is present. client = new OMCertificateClient(securityConfig, x509Certificate.getSerialNumber().toString()); Assert.assertEquals(CertificateClient.InitResponse.SUCCESS, client.init()); Assert.assertNotNull(client.getPrivateKey()); Assert.assertNotNull(client.getPublicKey()); Assert.assertNotNull(client.getCertificate()); }
Example 12
Source File: TestOzoneTokenIdentifier.java From hadoop-ozone with Apache License 2.0 | 4 votes |
@Test public void testSignToken() throws GeneralSecurityException, IOException { String keystore = new File(KEYSTORES_DIR, "keystore.jks") .getAbsolutePath(); String truststore = new File(KEYSTORES_DIR, "truststore.jks") .getAbsolutePath(); String trustPassword = "trustPass"; String keyStorePassword = "keyStorePass"; String keyPassword = "keyPass"; // Create Ozone Master key pair KeyPair keyPair = KeyStoreTestUtil.generateKeyPair("RSA"); // Create Ozone Master certificate (SCM CA issued cert) and key store X509Certificate cert = KeyStoreTestUtil .generateCertificate("CN=OzoneMaster", keyPair, 30, "SHA256withRSA"); KeyStoreTestUtil.createKeyStore(keystore, keyStorePassword, keyPassword, "OzoneMaster", keyPair.getPrivate(), cert); // Create trust store and put the certificate in the trust store Map<String, X509Certificate> certs = Collections.singletonMap("server", cert); KeyStoreTestUtil.createTrustStore(truststore, trustPassword, certs); // Sign the OzoneMaster Token with Ozone Master private key PrivateKey privateKey = keyPair.getPrivate(); OzoneTokenIdentifier tokenId = new OzoneTokenIdentifier(); tokenId.setOmCertSerialId("123"); byte[] signedToken = signTokenAsymmetric(tokenId, privateKey); // Verify a valid signed OzoneMaster Token with Ozone Master // public key(certificate) boolean isValidToken = verifyTokenAsymmetric(tokenId, signedToken, cert); LOG.info("{} is {}", tokenId, isValidToken ? "valid." : "invalid."); // Verify an invalid signed OzoneMaster Token with Ozone Master // public key(certificate) tokenId = new OzoneTokenIdentifier(new Text("oozie"), new Text("rm"), new Text("client")); tokenId.setOmCertSerialId("123"); LOG.info("Unsigned token {} is {}", tokenId, verifyTokenAsymmetric(tokenId, RandomUtils.nextBytes(128), cert)); }