diff --git hbase-server/src/test/java/org/apache/hadoop/hbase/http/TestX509Factory.java hbase-server/src/test/java/org/apache/hadoop/hbase/http/TestX509Factory.java new file mode 100644 index 0000000..7a2fc0c --- /dev/null +++ hbase-server/src/test/java/org/apache/hadoop/hbase/http/TestX509Factory.java @@ -0,0 +1,98 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable + * law or agreed to in writing, software distributed under the License is distributed on an "AS IS" + * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License + * for the specific language governing permissions and limitations under the License. + */ +package org.apache.hadoop.hbase.http; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.hadoop.hbase.SmallTests; +import org.apache.hadoop.hbase.http.ssl.AbstractX509Factory; +import org.apache.hadoop.hbase.http.ssl.IBMX509Factory; +import org.apache.hadoop.hbase.http.ssl.OracleX509Factory; +import org.apache.hadoop.hbase.http.ssl.UtilPkgEnum; +import org.apache.hadoop.hbase.http.ssl.X509FactoryImpl; +import org.apache.hadoop.hbase.http.ssl.X509PkgEnum; +import org.apache.hadoop.util.PlatformName; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +@Category(SmallTests.class) +public class TestX509Factory { + + private X509FactoryImpl facImpl = X509FactoryImpl.getInstance(); + + @BeforeClass + public static void setUp() throws Exception { + + } + + @After + @Before + public void cleanUp() throws Exception { + + } + + @Test + public void testFactoryType() throws Exception { + if (PlatformName.IBM_JAVA) { + Assert.assertTrue(facImpl.getFactory() instanceof IBMX509Factory); + } + + if (!PlatformName.IBM_JAVA) { + Assert.assertTrue(facImpl.getFactory() instanceof OracleX509Factory); + } + } + + @SuppressWarnings("rawtypes") + private List getTestComponents() { + List components = new ArrayList(); + + if (PlatformName.IBM_JAVA) { + components.addAll(X509PkgEnum.getIBMSecX509Enum()); + components.addAll(UtilPkgEnum.getIBMSecUtilEnums()); + } else { + components.addAll(X509PkgEnum.getOracleSecX509Enum()); + components.addAll(UtilPkgEnum.getOracleSecUtilEnum()); + } + return components; + } + + @SuppressWarnings("rawtypes") + @Test + public void testLoadComponent() throws Exception { + + List components = getTestComponents(); + Assert.assertTrue(components != null && components.size() > 0); + Assert.assertTrue(((AbstractX509Factory) facImpl.getFactory()).getComponentMap().size() + == components.size()); + } + + @SuppressWarnings({ "unchecked", "rawtypes" }) + @Test + public void testFactoryX509Class() throws Exception { + + List components = getTestComponents(); + + for (Enum component : components) { + try { + Assert.assertNotNull(facImpl.getFactory().getClass(component)); + } catch (ClassNotFoundException e) { + Assert.fail("Component " + component + " not found in specific jdk provider " + + e.toString()); + } + } + } + +} diff --git hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/AbstractX509Factory.java hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/AbstractX509Factory.java new file mode 100644 index 0000000..ea6e028 --- /dev/null +++ hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/AbstractX509Factory.java @@ -0,0 +1,104 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable + * law or agreed to in writing, software distributed under the License is distributed on an "AS IS" + * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License + * for the specific language governing permissions and limitations under the License. + */ + +package org.apache.hadoop.hbase.http.ssl; + +import java.lang.reflect.Constructor; +import java.lang.reflect.InvocationTargetException; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * Abstract X509 Factory class. + */ +@SuppressWarnings("rawtypes") +public class AbstractX509Factory> implements X509Factory { + static final Log LOG = LogFactory.getLog(AbstractX509Factory.class); + + /** + * Component map for storing fully qualified package name mappings for Enum type + */ + protected Map, String> componentMap = new HashMap, String>(); + + /** + * @return The component map loaded for this factory. + */ + public Map, String> getComponentMap() { + return componentMap; + } + + /** + * Add fully qualified package name mapping for each component type + * @param type Component type + * @param packageName Fully qualified package name + */ + protected void addMapping(Enum type, String packageName) { + this.componentMap.put(type, packageName + "." + type.toString()); + } + + @Override + public Class getClass(Enum type) throws ClassNotFoundException { + if (componentMap.get(type) != null) { + return Class.forName(componentMap.get(type)); + } else throw new ClassNotFoundException(type + " not loaded"); + } + + @Override + public Object getComponent(Enum type, Object[] args, Class[] argTypes) + throws ClassNotFoundException { + if (componentMap.get(type) != null) { + Class typeClass = Class.forName(componentMap.get(type)); + if (args == null) { + try { + return typeClass.newInstance(); + } catch (IllegalAccessException e) { + LOG.error(e.toString() + " for " + typeClass + " " + args); + return null; + } catch (InstantiationException e) { + LOG.error(e.toString() + " for " + typeClass + " " + args); + return null; + } + } else { + if (argTypes == null) { + try { + argTypes = new Class[args.length]; + for (int i = 0; i < args.length; i++) { + argTypes[i] = args[i].getClass(); + } + } catch (Exception e) { + LOG.error("Error creating argument class arr " + e.toString()); + return null; + } + } + + try { + Constructor typeCons = typeClass.getDeclaredConstructor(argTypes); + return typeCons.newInstance(args); + } catch (NoSuchMethodException e) { + LOG.error(e.toString() + ". Wrong constructor signature"); + return null; + } catch (InstantiationException e) { + LOG.error(e.toString() + " for " + typeClass + " " + args); + return null; + } catch (IllegalAccessException e) { + LOG.error(e.toString() + " for " + typeClass + " " + args); + return null; + } catch (InvocationTargetException e) { + LOG.error(e.toString() + " for " + typeClass + " " + args); + return null; + } + } + } else throw new ClassNotFoundException(type + " not loaded"); + } +} diff --git hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/IBMX509Factory.java hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/IBMX509Factory.java new file mode 100644 index 0000000..b6f95e8 --- /dev/null +++ hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/IBMX509Factory.java @@ -0,0 +1,37 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable + * law or agreed to in writing, software distributed under the License is distributed on an "AS IS" + * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License + * for the specific language governing permissions and limitations under the License. + */ + +package org.apache.hadoop.hbase.http.ssl; + +/** + * IBM JDK X509 factory implementation class. + */ +@SuppressWarnings("rawtypes") +public class IBMX509Factory extends AbstractX509Factory { + + /** + * Default constructor populating fully qualified package name for supported component class + */ + @SuppressWarnings("unchecked") + public IBMX509Factory() { + + // IBM supported security X509 components + for (X509PkgEnum obj : X509PkgEnum.getIBMSecX509Enum()) { + this.addMapping(obj, "com.ibm.security.x509"); + } + + // IBM supported security util components + for (UtilPkgEnum obj : UtilPkgEnum.getIBMSecUtilEnums()) { + this.addMapping(obj, "com.ibm.security.util"); + } + } + +} diff --git hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/KeyStoreTestUtil.java hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/KeyStoreTestUtil.java index 248b820..b7e0c12 100644 --- hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/KeyStoreTestUtil.java +++ hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/KeyStoreTestUtil.java @@ -23,6 +23,8 @@ import java.io.FileOutputStream; import java.io.FileWriter; import java.io.IOException; import java.io.Writer; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; import java.math.BigInteger; import java.net.URL; import java.security.GeneralSecurityException; @@ -43,18 +45,6 @@ import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory; import org.apache.hadoop.security.ssl.SSLFactory; -import sun.security.x509.AlgorithmId; -import sun.security.x509.CertificateAlgorithmId; -import sun.security.x509.CertificateIssuerName; -import sun.security.x509.CertificateSerialNumber; -import sun.security.x509.CertificateSubjectName; -import sun.security.x509.CertificateValidity; -import sun.security.x509.CertificateVersion; -import sun.security.x509.CertificateX509Key; -import sun.security.x509.X500Name; -import sun.security.x509.X509CertImpl; -import sun.security.x509.X509CertInfo; - public class KeyStoreTestUtil { public static String getClasspathDir(Class klass) throws Exception { @@ -78,39 +68,76 @@ public class KeyStoreTestUtil { * @throws IOException thrown if an IO error ocurred. * @throws GeneralSecurityException thrown if an Security error ocurred. */ + @SuppressWarnings({ "rawtypes", "unchecked" }) public static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm) - throws GeneralSecurityException, IOException { - PrivateKey privkey = pair.getPrivate(); - X509CertInfo info = new X509CertInfo(); + throws GeneralSecurityException, IOException, ClassNotFoundException { + + X509Factory fac = X509FactoryImpl.getInstance(); Date from = new Date(); Date to = new Date(from.getTime() + days * 86400000l); - CertificateValidity interval = new CertificateValidity(from, to); BigInteger sn = new BigInteger(64, new SecureRandom()); - X500Name owner = new X500Name(dn); - - info.set(X509CertInfo.VALIDITY, interval); - info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn)); - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner)); - info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner)); - info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic())); - info - .set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); - AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid); - info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo)); - - // Sign the cert to identify the algorithm that's used. - X509CertImpl cert = new X509CertImpl(info); - cert.sign(privkey, algorithm); - - // Update the algorith, and resign. - algo = (AlgorithmId) cert.get(X509CertImpl.SIG_ALG); - info - .set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, - algo); - cert = new X509CertImpl(info); - cert.sign(privkey, algorithm); - return cert; + PrivateKey privkey = pair.getPrivate(); + + Object interval = fac.getComponent(X509PkgEnum.CertificateValidity, + new Object[]{from, to}, null); + Object info = fac.getComponent(X509PkgEnum.X509CertInfo, null, null); + Object owner = fac.getComponent(X509PkgEnum.X500Name, new Object[]{dn}, null); + Object serialNumber = fac.getComponent(X509PkgEnum.CertificateSerialNumber, + new Object[]{sn}, null); + Object subjectName = fac.getComponent(X509PkgEnum.CertificateSubjectName, + new Object[]{owner}, null); + Object issuerName = fac.getComponent(X509PkgEnum.CertificateIssuerName, + new Object[]{owner}, null); + Object x509Key = fac.getComponent(X509PkgEnum.CertificateX509Key, + new Object[]{pair.getPublic()}, new Class[]{java.security.PublicKey.class}); + + try { + Method infoset = info.getClass().getMethod("set", String.class, Object.class); + infoset.invoke(info, info.getClass().getField("VALIDITY").get(null), interval); + infoset.invoke(info, info.getClass().getField("SERIAL_NUMBER").get(null), serialNumber); + infoset.invoke(info, info.getClass().getField("SUBJECT").get(null), subjectName); + infoset.invoke(info, info.getClass().getField("ISSUER").get(null), issuerName); + infoset.invoke(info, info.getClass().getField("KEY").get(null), x509Key); + + Class certVersionClass = fac.getClass(X509PkgEnum.CertificateVersion); + Object certVersion = fac.getComponent(X509PkgEnum.CertificateVersion, + new Object[]{certVersionClass.getField("V3").get(null)}, new Class[]{int.class}); + infoset.invoke(info, info.getClass().getField("VERSION").get(null), certVersion); + + Class algoIdClass = fac.getClass(X509PkgEnum.AlgorithmId); + Object algoId = fac.getComponent(X509PkgEnum.AlgorithmId, + new Object[]{algoIdClass.getField("md5WithRSAEncryption_oid").get(null)}, null); + Object algo = + fac.getComponent(X509PkgEnum.CertificateAlgorithmId, + new Object[]{algoId}, null); + infoset.invoke(info, info.getClass().getField("ALGORITHM_ID").get(null), algo); + + // Sign the cert to identify the algorithm that's used + Object cert = fac.getComponent(X509PkgEnum.X509CertImpl, new Object[]{info}, null); + Method certsign = cert.getClass().getMethod("sign", PrivateKey.class, String.class); + certsign.invoke(cert, privkey, algorithm); + + // Update the algorith, and resign. + Method certget = cert.getClass().getMethod("get", String.class); + Object algoObj = certget.invoke(cert, cert.getClass().getField("SIG_ALG").get(null)); + + Class certAlgoIdClass = fac.getClass(X509PkgEnum.CertificateAlgorithmId); + infoset.invoke(info, certAlgoIdClass.getField("NAME").get(null) + + "." +certAlgoIdClass.getField("ALGORITHM").get(null), algoObj); + + cert = fac.getComponent(X509PkgEnum.X509CertImpl, new Object[]{info}, null); + certsign = cert.getClass().getMethod("sign", PrivateKey.class, String.class); + certsign.invoke(cert, privkey, algorithm); + + return (X509Certificate) cert; + + } catch (IllegalAccessException e) { + } catch (NoSuchFieldException e) { + } catch (NoSuchMethodException e) { + } catch (InvocationTargetException e) { + } + return null; } public static KeyPair generateKeyPair(String algorithm) diff --git hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/OracleX509Factory.java hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/OracleX509Factory.java new file mode 100644 index 0000000..b7f7218 --- /dev/null +++ hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/OracleX509Factory.java @@ -0,0 +1,36 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable + * law or agreed to in writing, software distributed under the License is distributed on an "AS IS" + * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License + * for the specific language governing permissions and limitations under the License. + */ + +package org.apache.hadoop.hbase.http.ssl; + +/** + * Oracle Sun JDK X509 factory implementation class. + */ +@SuppressWarnings("rawtypes") +public class OracleX509Factory extends AbstractX509Factory { + + /** + * Default constructor populating fully qualified package name for supported component class + */ + @SuppressWarnings("unchecked") + public OracleX509Factory() { + + // Oracle Sun supported X509 components + for (X509PkgEnum obj : X509PkgEnum.getOracleSecX509Enum()) { + this.addMapping(obj, "sun.security.x509"); + } + + // IBM supported X509 util components + for (UtilPkgEnum obj : UtilPkgEnum.getOracleSecUtilEnum()) { + this.addMapping(obj, "sun.security.util"); + } + } +} diff --git hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/UtilPkgEnum.java hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/UtilPkgEnum.java new file mode 100644 index 0000000..7462ff9 --- /dev/null +++ hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/UtilPkgEnum.java @@ -0,0 +1,85 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable + * law or agreed to in writing, software distributed under the License is distributed on an "AS IS" + * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License + * for the specific language governing permissions and limitations under the License. + */ + +package org.apache.hadoop.hbase.http.ssl; + +import java.util.ArrayList; +import java.util.List; + +/** + * Enums for classes in security util packages. + */ + +public enum UtilPkgEnum { + + ObjectIdentifier(VendorEnum.ALL); + + /** + * The vendor support for this enum class + */ + private VendorEnum support; + + /** + * Set the vendor support enum type for this enum class. + * @param support The vendor support enum type. + */ + public void setSupport(VendorEnum support) { + this.support = support; + } + + /** + * Get the vendor support enum type for this enum class. + * @return The vendor support enum type. + */ + public VendorEnum getSupport() { + return support; + } + + /** + * Create the security util package enum class with the particular + * vendor support enum type class. + * @param support The vendor supporting this enum class. + */ + UtilPkgEnum(VendorEnum support) { + this.support = support; + } + + /** + * Return the list of IBM supported security util enum classes. + * @return List of IBM supported util enum classes. + */ + public static List getIBMSecUtilEnums() { + List ibmVendorEnumsList = new ArrayList(); + for (UtilPkgEnum obj : UtilPkgEnum.values()) { + if (obj.getSupport() == VendorEnum.ALL + || obj.getSupport() == VendorEnum.IBM_ONLY) { + ibmVendorEnumsList.add(obj); + } + } + return ibmVendorEnumsList; + } + + /** + * Return the list of Oracle supported security util enum classes. + * @return List of Oracle supported util enum classes. + */ + public static List getOracleSecUtilEnum() { + List oracleVendorEnumsList = new ArrayList(); + for (UtilPkgEnum obj : UtilPkgEnum.values()) { + if (obj.getSupport() == (VendorEnum.ALL) + || obj.getSupport() == (VendorEnum.SUN_ONLY)) { + oracleVendorEnumsList.add(obj); + } + } + return oracleVendorEnumsList; + } + +} \ No newline at end of file diff --git hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/VendorEnum.java hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/VendorEnum.java new file mode 100644 index 0000000..bb24ec8 --- /dev/null +++ hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/VendorEnum.java @@ -0,0 +1,19 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable + * law or agreed to in writing, software distributed under the License is distributed on an "AS IS" + * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License + * for the specific language governing permissions and limitations under the License. + */ + +package org.apache.hadoop.hbase.http.ssl; + +/** + * Enum for different JDK vendor + */ +public enum VendorEnum { + ALL, SUN_ONLY, IBM_ONLY; +} diff --git hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/X509Factory.java hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/X509Factory.java new file mode 100644 index 0000000..ed9e1ce --- /dev/null +++ hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/X509Factory.java @@ -0,0 +1,41 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable + * law or agreed to in writing, software distributed under the License is distributed on an "AS IS" + * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License + * for the specific language governing permissions and limitations under the License. + */ + +package org.apache.hadoop.hbase.http.ssl; + +/** + * To support Oracle Sun, IBM and possibly other JDK vendor implementation of X509 security + * packages. This factory interface class define a common interface for all factory implementation + * classes. + */ + +public interface X509Factory> { + + /** + * Get the component class for this enum type. + * @param type The enum type for this class. + * @return The Class for this enum type. + * @throws ClassNotFoundException If this enum type is not supported. + */ + public Class getClass(Enum type) throws ClassNotFoundException; + + /** + * Get the specific enum component object from the factory. + * @param type The enum type class for this component + * @param args The arguments that are required to instantiate this component. + * @param argTypes The arguments class type, if null, the class type is derived from the args. + * @return The component from the factory. + * @throws ClassNotFoundException Thrown when the enum type is not supported + */ + @SuppressWarnings("rawtypes") + public Object getComponent(Enum type, Object[] args, Class[] argTypes) + throws ClassNotFoundException; +} diff --git hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/X509FactoryImpl.java hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/X509FactoryImpl.java new file mode 100644 index 0000000..6d4c677 --- /dev/null +++ hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/X509FactoryImpl.java @@ -0,0 +1,70 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable + * law or agreed to in writing, software distributed under the License is distributed on an "AS IS" + * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License + * for the specific language governing permissions and limitations under the License. + */ + +package org.apache.hadoop.hbase.http.ssl; + +import org.apache.hadoop.util.PlatformName; + +/** + * Singleton implementation for X509 Factory + */ +@SuppressWarnings("rawtypes") +public class X509FactoryImpl implements X509Factory { + + /** + * Current factory used for this jvm + */ + private X509Factory factory; + + /** + * Singleton instance of X509 Factory + */ + private static X509FactoryImpl instance = new X509FactoryImpl(); + + /** + * Static method to obtain reference of X509 factory + * @return Singleton instance of X509 factory + */ + public static X509FactoryImpl getInstance() { + return instance; + } + + /** + * Private Constructor + */ + private X509FactoryImpl() { + if (PlatformName.IBM_JAVA) { + factory = new IBMX509Factory(); + } else { + factory = new OracleX509Factory(); + } + } + + /** + * @return Factory loaded for this jvm + */ + public X509Factory getFactory() { + return factory; + } + + @SuppressWarnings("unchecked") + @Override + public Object getComponent(Enum type, Object[] args, Class[] argTypes) + throws ClassNotFoundException { + return factory.getComponent(type, args, argTypes); + } + + @SuppressWarnings("unchecked") + @Override + public Class getClass(Enum type) throws ClassNotFoundException { + return factory.getClass(type); + } +} diff --git hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/X509PkgEnum.java hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/X509PkgEnum.java new file mode 100644 index 0000000..c32af05 --- /dev/null +++ hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/X509PkgEnum.java @@ -0,0 +1,131 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable + * law or agreed to in writing, software distributed under the License is distributed on an "AS IS" + * BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License + * for the specific language governing permissions and limitations under the License. + */ + +package org.apache.hadoop.hbase.http.ssl; + +import java.util.ArrayList; +import java.util.List; + +/** + * Enums for classes in security x509 packages. + */ + +public enum X509PkgEnum { + + // All + AlgIdDSA(VendorEnum.ALL), AVA(VendorEnum.ALL), AlgorithmId(VendorEnum.ALL), + AttributeNameEnumeration(VendorEnum.ALL), AuthorityKeyIdentifierExtension(VendorEnum.ALL), + BasicConstraintsExtension(VendorEnum.ALL), CertAndKeyGen(VendorEnum.ALL), + CertificateExtensions(VendorEnum.ALL), CRLDistributionPointsExtension(VendorEnum.ALL), + CRLExtensions(VendorEnum.ALL), CRLNumberExtension(VendorEnum.ALL), + CRLReasonCodeExtension(VendorEnum.ALL), CertificateAlgorithmId(VendorEnum.ALL), + CertificateIssuerExtension(VendorEnum.ALL), CertificateIssuerName(VendorEnum.ALL), + CertificateIssuerUniqueIdentity(VendorEnum.ALL), CertificatePoliciesExtension(VendorEnum.ALL), + CertificatePolicyId(VendorEnum.ALL), CertificatePolicyMap(VendorEnum.ALL), + CertificatePolicySet(VendorEnum.ALL), CertificateSerialNumber(VendorEnum.ALL), + CertificateSubjectName(VendorEnum.ALL), CertificateSubjectUniqueIdentity(VendorEnum.ALL), + CertificateValidity(VendorEnum.ALL), CertificateVersion(VendorEnum.ALL), + CertificateX509Key(VendorEnum.ALL), DeltaCRLIndicatorExtension(VendorEnum.ALL), + DistributionPoint(VendorEnum.ALL), DNSName(VendorEnum.ALL), EDIPartyName(VendorEnum.ALL), + Extension(VendorEnum.ALL), GeneralName(VendorEnum.ALL), GeneralNames(VendorEnum.ALL), + GeneralSubtree(VendorEnum.ALL), GeneralSubtrees(VendorEnum.ALL), + InhibitAnyPolicyExtension(VendorEnum.ALL), InvalidityDateExtension(VendorEnum.ALL), + IssuerAlternativeNameExtension(VendorEnum.ALL), + IssuingDistributionPointExtension(VendorEnum.ALL), + KeyUsageExtension(VendorEnum.ALL), NameConstraintsExtension(VendorEnum.ALL), + NetscapeCertTypeExtension(VendorEnum.ALL), PolicyConstraintsExtension(VendorEnum.ALL), + PolicyMappingsExtension(VendorEnum.ALL), PrivateKeyUsageExtension(VendorEnum.ALL), + SubjectAlternativeNameExtension(VendorEnum.ALL), SubjectKeyIdentifierExtension(VendorEnum.ALL), + IPAddressName(VendorEnum.ALL), KeyIdentifier(VendorEnum.ALL), OIDMap(VendorEnum.ALL), + OIDName(VendorEnum.ALL), OtherName(VendorEnum.ALL), PKIXExtensions(VendorEnum.ALL), + PolicyInformation(VendorEnum.ALL), RDN(VendorEnum.ALL), ReasonFlags(VendorEnum.ALL), + RFC822Name(VendorEnum.ALL), SerialNumber(VendorEnum.ALL), X509CertImpl(VendorEnum.ALL), + X509CRLImpl(VendorEnum.ALL), UniqueIdentity(VendorEnum.ALL), URIName(VendorEnum.ALL), + X500Name(VendorEnum.ALL), X509AttributeName(VendorEnum.ALL), X509CertInfo(VendorEnum.ALL), + X509CRLEntryImpl(VendorEnum.ALL), X509Key(VendorEnum.ALL), + + // IBM + AlgIdRSA(VendorEnum.IBM_ONLY), Attribute(VendorEnum.IBM_ONLY), CPSuri(VendorEnum.IBM_ONLY), + CertException(VendorEnum.IBM_ONLY), DisplayText(VendorEnum.IBM_ONLY), + ExtKeyUsageExtension(VendorEnum.IBM_ONLY), GeneralNamesException(VendorEnum.IBM_ONLY), + HoldInstructionCodeExtension(VendorEnum.IBM_ONLY), + SubjectDirectoryAttributesExtension(VendorEnum.IBM_ONLY), + NoticeReference(VendorEnum.IBM_ONLY), PolicyQualifierInfo(VendorEnum.IBM_ONLY), + UserNotice(VendorEnum.IBM_ONLY), + + // Sun + AVAComparator(VendorEnum.SUN_ONLY), AVAKeyword(VendorEnum.SUN_ONLY), + AccessDescription(VendorEnum.SUN_ONLY), AuthorityInfoAccessExtension(VendorEnum.SUN_ONLY), + CertParseError(VendorEnum.SUN_ONLY), DistributionPointName(VendorEnum.SUN_ONLY), + ExtendedKeyUsageExtension(VendorEnum.SUN_ONLY), FreshestCRLExtension(VendorEnum.SUN_ONLY), + OCSPNoCheckExtension(VendorEnum.SUN_ONLY), SubjectInfoAccessExtension(VendorEnum.SUN_ONLY), + X400Address(VendorEnum.SUN_ONLY); + + /** + * The vendor support for this enum class + */ + private VendorEnum support; + + /** + * Set the vendor support enum type for this enum class. + * @param support The vendor support enum type. + */ + public void setSupport(VendorEnum support) { + this.support = support; + } + + /** + * Get the vendor support enum type for this enum class. + * @return The vendor support enum type. + */ + public VendorEnum getSupport() { + return support; + } + + /** + * Create the security x509 package enum class with the particular vendor support enum type class. + * @param support The vendor supporting this enum class. + */ + X509PkgEnum(VendorEnum support) { + this.support = support; + } + + /** + * Return the list of IBM supported security x509 enum classes. + * @return List of IBM supported x509 enum classes. + */ + public static List getIBMSecX509Enum() { + List ibmVendorEnumsList = new ArrayList(); + for (X509PkgEnum obj : X509PkgEnum.values()) { + if (obj.getSupport() == VendorEnum.ALL + || obj.getSupport() == VendorEnum.IBM_ONLY) { + ibmVendorEnumsList.add(obj); + } + } + return ibmVendorEnumsList; + } + + /** + * Return the list of Oracle supported security x509 enum classes. + * @return List of Oracle supported util enum classes. + */ + public static List getOracleSecX509Enum() { + List oracleVendorEnumsList = new ArrayList(); + for (X509PkgEnum obj : X509PkgEnum.values()) { + if (obj.getSupport() == VendorEnum.ALL + || obj.getSupport() == VendorEnum.SUN_ONLY) { + oracleVendorEnumsList.add(obj); + } + } + return oracleVendorEnumsList; + } + +}