Java Code Examples for org.apache.hadoop.security.ssl.KeyStoreTestUtil#generateKeyPair()

The following examples show how to use org.apache.hadoop.security.ssl.KeyStoreTestUtil#generateKeyPair() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TestOzoneBlockTokenSecretManager.java    From hadoop-ozone with Apache License 2.0 6 votes vote down vote up 
@Before
public void setUp() throws Exception {
  OzoneConfiguration conf = new OzoneConfiguration();
  conf.set(HddsConfigKeys.OZONE_METADATA_DIRS, BASEDIR);
  conf.setBoolean(HddsConfigKeys.HDDS_BLOCK_TOKEN_ENABLED, true);
  // Create Ozone Master key pair.
  keyPair = KeyStoreTestUtil.generateKeyPair("RSA");
  expiryTime = Time.monotonicNow() + 60 * 60 * 24;
  // Create Ozone Master certificate (SCM CA issued cert) and key store.
  SecurityConfig securityConfig = new SecurityConfig(conf);
  x509Certificate = KeyStoreTestUtil
      .generateCertificate("CN=OzoneMaster", keyPair, 30, "SHA256withRSA");
  omCertSerialId = x509Certificate.getSerialNumber().toString();
  secretManager = new OzoneBlockTokenSecretManager(securityConfig,
      expiryTime, omCertSerialId);
  client = getCertificateClient(securityConfig);
  client.init();
  secretManager.start(client);
  tokenVerifier = new BlockTokenVerifier(securityConfig, client);

}
Example 2
Source File: TestOzoneBlockTokenIdentifier.java    From hadoop-ozone with Apache License 2.0 5 votes vote down vote up 
@BeforeClass
public static void setUp() throws Exception {
  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();
  expiryTime = Time.monotonicNow() + 60 * 60 * 24;

  // Create Ozone Master key pair.
  keyPair = KeyStoreTestUtil.generateKeyPair("RSA");
  // Create Ozone Master certificate (SCM CA issued cert) and key store.
  cert = KeyStoreTestUtil
      .generateCertificate("CN=OzoneMaster", keyPair, 30, "SHA256withRSA");
}
Example 3
Source File: TestOzoneBlockTokenIdentifier.java    From hadoop-ozone with Apache License 2.0 5 votes vote down vote up 
@Test
public void testAsymmetricTokenPerf() throws NoSuchAlgorithmException,
    CertificateEncodingException, NoSuchProviderException,
    InvalidKeyException, SignatureException {
  final int testTokenCount = 1000;
  List<OzoneBlockTokenIdentifier> tokenIds = new ArrayList<>();
  List<byte[]> tokenPasswordAsym = new ArrayList<>();
  for (int i = 0; i < testTokenCount; i++) {
    tokenIds.add(generateTestToken());
  }

  KeyPair kp = KeyStoreTestUtil.generateKeyPair("RSA");

  // Create Ozone Master certificate (SCM CA issued cert) and key store
  X509Certificate certificate;
  certificate = KeyStoreTestUtil.generateCertificate("CN=OzoneMaster",
      kp, 30, "SHA256withRSA");

  long startTime = Time.monotonicNowNanos();
  for (int i = 0; i < testTokenCount; i++) {
    tokenPasswordAsym.add(
        signTokenAsymmetric(tokenIds.get(i), kp.getPrivate()));
  }
  long duration = Time.monotonicNowNanos() - startTime;
  LOG.info("Average token sign time with HmacSha256(RSA/1024 key) is {} ns",
      duration / testTokenCount);

  startTime = Time.monotonicNowNanos();
  for (int i = 0; i < testTokenCount; i++) {
    verifyTokenAsymmetric(tokenIds.get(i), tokenPasswordAsym.get(i),
        certificate);
  }
  duration = Time.monotonicNowNanos() - startTime;
  LOG.info("Average token verify time with HmacSha256(RSA/1024 key) "
      + "is {} ns", duration / testTokenCount);
}
Example 4
Source File: TestOzoneTokenIdentifier.java    From hadoop-ozone with Apache License 2.0 5 votes vote down vote up 
@Test
public void testAsymmetricTokenPerf() throws NoSuchAlgorithmException,
    CertificateEncodingException, NoSuchProviderException,
    InvalidKeyException, SignatureException {
  final int testTokenCount = 1000;
  List<OzoneTokenIdentifier> tokenIds = new ArrayList<>();
  List<byte[]> tokenPasswordAsym = new ArrayList<>();
  for (int i = 0; i < testTokenCount; i++) {
    tokenIds.add(generateTestToken());
  }

  KeyPair keyPair = KeyStoreTestUtil.generateKeyPair("RSA");

  // Create Ozone Master certificate (SCM CA issued cert) and key store
  X509Certificate cert;
  cert = KeyStoreTestUtil.generateCertificate("CN=OzoneMaster",
      keyPair, 30, "SHA256withRSA");

  long startTime = Time.monotonicNowNanos();
  for (int i = 0; i < testTokenCount; i++) {
    tokenPasswordAsym.add(
        signTokenAsymmetric(tokenIds.get(i), keyPair.getPrivate()));
  }
  long duration = Time.monotonicNowNanos() - startTime;
  LOG.info("Average token sign time with HmacSha256(RSA/1024 key) is {} ns",
      duration/testTokenCount);

  startTime = Time.monotonicNowNanos();
  for (int i = 0; i < testTokenCount; i++) {
    verifyTokenAsymmetric(tokenIds.get(i), tokenPasswordAsym.get(i), cert);
  }
  duration = Time.monotonicNowNanos() - startTime;
  LOG.info("Average token verify time with HmacSha256(RSA/1024 key) "
      + "is {} ns", duration/testTokenCount);
}
Example 5
Source File: TestOzoneDelegationTokenSecretManager.java    From hadoop-ozone with Apache License 2.0 5 votes vote down vote up 
/**
 * Helper function to create certificate client.
 * */
private CertificateClient setupCertificateClient() throws Exception {
  KeyPair keyPair = KeyStoreTestUtil.generateKeyPair("RSA");
  X509Certificate cert = KeyStoreTestUtil
      .generateCertificate("CN=OzoneMaster", keyPair, 30, "SHA256withRSA");

  return new OMCertificateClient(securityConfig) {
    @Override
    public X509Certificate getCertificate() {
      return cert;
    }

    @Override
    public PrivateKey getPrivateKey() {
      return keyPair.getPrivate();
    }

    @Override
    public PublicKey getPublicKey() {
      return keyPair.getPublic();
    }

    @Override
    public X509Certificate getCertificate(String serialId) {
      return cert;
    }
  };
}
Example 6
Source File: TestOzoneManagerBlockToken.java    From hadoop-ozone with Apache License 2.0 5 votes vote down vote up 
@BeforeClass
public static void setUp() throws Exception {
  File base = new File(BASEDIR);
  FileUtil.fullyDelete(base);
  base.mkdirs();
  expiryTime = Time.monotonicNow() + 60 * 60 * 24;

  // Create Ozone Master key pair.
  keyPair = KeyStoreTestUtil.generateKeyPair("RSA");
  // Create Ozone Master certificate (SCM CA issued cert) and key store.
  cert = KeyStoreTestUtil
      .generateCertificate("CN=OzoneMaster", keyPair, 30, "SHA256withRSA");
}
Example 7
Source File: TestOzoneManagerBlockToken.java    From hadoop-ozone with Apache License 2.0 5 votes vote down vote up 
@Test
public void testAsymmetricTokenPerf() throws NoSuchAlgorithmException,
    CertificateEncodingException, NoSuchProviderException,
    InvalidKeyException, SignatureException {
  final int testTokenCount = 1000;
  List<OzoneBlockTokenIdentifier> tokenIds = new ArrayList<>();
  List<byte[]> tokenPasswordAsym = new ArrayList<>();
  for (int i = 0; i < testTokenCount; i++) {
    tokenIds.add(generateTestToken());
  }

  KeyPair kp = KeyStoreTestUtil.generateKeyPair("RSA");

  // Create Ozone Master certificate (SCM CA issued cert) and key store
  X509Certificate omCert;
  omCert = KeyStoreTestUtil.generateCertificate("CN=OzoneMaster",
      kp, 30, "SHA256withRSA");

  long startTime = Time.monotonicNowNanos();
  for (int i = 0; i < testTokenCount; i++) {
    tokenPasswordAsym.add(
        signTokenAsymmetric(tokenIds.get(i), kp.getPrivate()));
  }
  long duration = Time.monotonicNowNanos() - startTime;
  LOG.info("Average token sign time with HmacSha256(RSA/1024 key) is {} ns",
      duration / testTokenCount);

  startTime = Time.monotonicNowNanos();
  for (int i = 0; i < testTokenCount; i++) {
    verifyTokenAsymmetric(tokenIds.get(i), tokenPasswordAsym.get(i), omCert);
  }
  duration = Time.monotonicNowNanos() - startTime;
  LOG.info("Average token verify time with HmacSha256(RSA/1024 key) "
      + "is {} ns", duration / testTokenCount);
}
Example 8
Source File: TestOzoneTokenIdentifier.java    From hadoop-ozone with Apache License 2.0 4 votes vote down vote up 
@Test
public void testSignToken() throws GeneralSecurityException, IOException {
  String keystore = new File(KEYSTORES_DIR, "keystore.jks")
      .getAbsolutePath();
  String truststore = new File(KEYSTORES_DIR, "truststore.jks")
      .getAbsolutePath();
  String trustPassword = "trustPass";
  String keyStorePassword = "keyStorePass";
  String keyPassword = "keyPass";

  // Create Ozone Master key pair
  KeyPair keyPair = KeyStoreTestUtil.generateKeyPair("RSA");

  // Create Ozone Master certificate (SCM CA issued cert) and key store
  X509Certificate cert = KeyStoreTestUtil
      .generateCertificate("CN=OzoneMaster", keyPair, 30, "SHA256withRSA");
  KeyStoreTestUtil.createKeyStore(keystore, keyStorePassword, keyPassword,
      "OzoneMaster", keyPair.getPrivate(), cert);

  // Create trust store and put the certificate in the trust store
  Map<String, X509Certificate> certs = Collections.singletonMap("server",
      cert);
  KeyStoreTestUtil.createTrustStore(truststore, trustPassword, certs);

  // Sign the OzoneMaster Token with Ozone Master private key
  PrivateKey privateKey = keyPair.getPrivate();
  OzoneTokenIdentifier tokenId = new OzoneTokenIdentifier();
  tokenId.setOmCertSerialId("123");
  byte[] signedToken = signTokenAsymmetric(tokenId, privateKey);

  // Verify a valid signed OzoneMaster Token with Ozone Master
  // public key(certificate)
  boolean isValidToken = verifyTokenAsymmetric(tokenId, signedToken, cert);
  LOG.info("{} is {}", tokenId, isValidToken ? "valid." : "invalid.");

  // Verify an invalid signed OzoneMaster Token with Ozone Master
  // public key(certificate)
  tokenId = new OzoneTokenIdentifier(new Text("oozie"),
      new Text("rm"), new Text("client"));
  tokenId.setOmCertSerialId("123");
  LOG.info("Unsigned token {} is {}", tokenId,
      verifyTokenAsymmetric(tokenId, RandomUtils.nextBytes(128), cert));

}