diff --git hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/KeyStoreTestUtil.java hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/KeyStoreTestUtil.java index 248b820..5dbbc49 100644 --- hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/KeyStoreTestUtil.java +++ hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/KeyStoreTestUtil.java @@ -18,6 +18,15 @@ package org.apache.hadoop.hbase.http.ssl; +import java.io.BufferedInputStream; +import java.io.BufferedReader; +import java.io.ByteArrayInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.FileOutputStream; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import java.io.File; import java.io.FileOutputStream; import java.io.FileWriter; @@ -31,32 +40,37 @@ import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.KeyStore; import java.security.NoSuchAlgorithmException; +import java.io.ByteArrayInputStream; import java.security.PrivateKey; import java.security.SecureRandom; import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.Date; import java.util.HashMap; import java.util.Map; +import java.security.KeyFactory; + +import java.security.interfaces.RSAPrivateKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; +import java.security.spec.PKCS8EncodedKeySpec; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory; import org.apache.hadoop.security.ssl.SSLFactory; -import sun.security.x509.AlgorithmId; -import sun.security.x509.CertificateAlgorithmId; -import sun.security.x509.CertificateIssuerName; -import sun.security.x509.CertificateSerialNumber; -import sun.security.x509.CertificateSubjectName; -import sun.security.x509.CertificateValidity; -import sun.security.x509.CertificateVersion; -import sun.security.x509.CertificateX509Key; -import sun.security.x509.X500Name; -import sun.security.x509.X509CertImpl; -import sun.security.x509.X509CertInfo; +import java.lang.reflect.Constructor; +import java.lang.reflect.Field; +import java.lang.reflect.Method; +import java.security.PublicKey; public class KeyStoreTestUtil { + public static final Log LOG = + LogFactory.getLog(KeyStoreTestUtil.class); + public static String getClasspathDir(Class klass) throws Exception { String file = klass.getName(); file = file.replace('.', '/') + ".class"; @@ -68,50 +82,26 @@ public class KeyStoreTestUtil { /** * Create a self-signed X.509 Certificate. - * From http://bfo.com/blog/2011/03/08/odds_and_ends_creating_a_new_x_509_certificate.html. - * - * @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB" - * @param pair the KeyPair - * @param days how many days from now the Certificate is valid for - * @param algorithm the signing algorithm, eg "SHA1withRSA" + * @param path certificate file * @return the self-signed certificate * @throws IOException thrown if an IO error ocurred. * @throws GeneralSecurityException thrown if an Security error ocurred. + * @throws FileNotFoundException. */ - public static X509Certificate generateCertificate(String dn, KeyPair pair, - int days, String algorithm) - throws GeneralSecurityException, IOException { - PrivateKey privkey = pair.getPrivate(); - X509CertInfo info = new X509CertInfo(); - Date from = new Date(); - Date to = new Date(from.getTime() + days * 86400000l); - CertificateValidity interval = new CertificateValidity(from, to); - BigInteger sn = new BigInteger(64, new SecureRandom()); - X500Name owner = new X500Name(dn); - - info.set(X509CertInfo.VALIDITY, interval); - info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn)); - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner)); - info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner)); - info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic())); - info - .set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); - AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid); - info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo)); - - // Sign the cert to identify the algorithm that's used. - X509CertImpl cert = new X509CertImpl(info); - cert.sign(privkey, algorithm); - - // Update the algorith, and resign. - algo = (AlgorithmId) cert.get(X509CertImpl.SIG_ALG); - info - .set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, - algo); - cert = new X509CertImpl(info); - cert.sign(privkey, algorithm); - return cert; - } + + public static X509Certificate generateCertificate(String certFileName) + throws IOException, GeneralSecurityException, FileNotFoundException + { + FileInputStream input=null; + try { + String pathCrtFile = Thread.currentThread(). + getContextClassLoader().getResource(certFileName).getPath(); + input=new FileInputStream(pathCrtFile); + CertificateFactory cf=CertificateFactory.getInstance("X.509"); + return (X509Certificate)cf.generateCertificate(input); } + finally { + input.close(); } + } public static KeyPair generateKeyPair(String algorithm) throws NoSuchAlgorithmException { @@ -232,21 +222,21 @@ public class KeyStoreTestUtil { Map certs = new HashMap(); if (useClientCert) { - KeyPair cKP = KeyStoreTestUtil.generateKeyPair("RSA"); + //use test certicat file from src/test/resources/client_crt X509Certificate cCert = - KeyStoreTestUtil.generateCertificate("CN=localhost, O=client", cKP, 30, - "SHA1withRSA"); + KeyStoreTestUtil.generateCertificate("client_crt"); + //use test key file from src/test/resources/client_pkcs8 KeyStoreTestUtil.createKeyStore(clientKS, clientPassword, "client", - cKP.getPrivate(), cCert); + KeyStoreTestUtil.getPrivateFromFile("client_pkcs8"), cCert); certs.put("client", cCert); } - KeyPair sKP = KeyStoreTestUtil.generateKeyPair("RSA"); + //use test certicat file from src/test/resources/server_crt X509Certificate sCert = - KeyStoreTestUtil.generateCertificate("CN=localhost, O=server", sKP, 30, - "SHA1withRSA"); + KeyStoreTestUtil.generateCertificate("server_crt"); + //use test key file from src/test/resources/server_pkcs8 KeyStoreTestUtil.createKeyStore(serverKS, serverPassword, "server", - sKP.getPrivate(), sCert); + KeyStoreTestUtil.getPrivateFromFile("server_pkcs8") , sCert); certs.put("server", sCert); KeyStoreTestUtil.createTrustStore(trustKS, trustPassword, certs); @@ -362,4 +352,24 @@ public class KeyStoreTestUtil { writer.close(); } } + + private static Key getPrivateFromFile(String filename) + throws NoSuchAlgorithmException, IOException, InvalidKeySpecException, FileNotFoundException { + String pathfile = Thread.currentThread(). + getContextClassLoader().getResource(filename).getPath(); + File privKeyFile = new File(pathfile); + RSAPrivateKey privKey = null; + BufferedInputStream bis = null; + try { + bis = new BufferedInputStream(new FileInputStream(privKeyFile)); + byte[] privKeyBytes = new byte[(int)privKeyFile.length()]; + bis.read(privKeyBytes); + KeyFactory keyFactory = KeyFactory.getInstance("RSA"); + KeySpec ks = new PKCS8EncodedKeySpec(privKeyBytes); + privKey = (RSAPrivateKey) keyFactory.generatePrivate(ks); + return (Key)privKey; + } + finally { + bis.close(); } + } } diff --git hbase-server/src/test/resources/client_crt hbase-server/src/test/resources/client_crt new file mode 100644 index 0000000..dd2ca7b --- /dev/null +++ hbase-server/src/test/resources/client_crt @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIJAKUnUsdOZiz0MA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV +BAYTAkdCMQ8wDQYDVQQIDAZMb25kb24xFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEP +MA0GA1UECgwGY2xpZW50MRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMTQxMDEwMTEy +MTI5WhcNMjIxMjI3MTEyMTI5WjBaMQswCQYDVQQGEwJHQjEPMA0GA1UECAwGTG9u +ZG9uMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxDzANBgNVBAoMBmNsaWVudDESMBAG +A1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCa9nuE +udW3R2YKzxxgKhlLafNHgr4EaPcX3JHkBd+mo9RkYByx0nKTQcdI48x5oc498GYN +wC6tOdXfQajbggmoFaBDhdAkCmLzFJ3up78QIyHTj/5aIFrZ0qpuzAcBHLBPZ+Dv +q1Bkkf4HTno0hB5vEVMNX8qxq8IBsM0c9QatSwIDAQABo1AwTjAdBgNVHQ4EFgQU +lsujObcwEVBJ6bcjKtNz9ACh0BUwHwYDVR0jBBgwFoAUlsujObcwEVBJ6bcjKtNz +9ACh0BUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQCSFG6rYr3CAmhA +wI8FT5ck/vILg/GmdRTD0DlHEDuqXdE/A+6xL7WS3WF54pvpg1mBcUyUcpmuZsJn +pYHTybgEEqJcWmUxbKPkMEWjevXtqnm3zMLaGvGSnLAlHxvmMO+kIxFqBEvi7dqq +QXPmUihJRKI5L2TEcrJ72DABTLEBNg== +-----END CERTIFICATE----- diff --git hbase-server/src/test/resources/client_pkcs8 hbase-server/src/test/resources/client_pkcs8 new file mode 100644 index 0000000000000000000000000000000000000000..147ccdf4f448da8a53f7bd688e4f14d495ae0517 GIT binary patch literal 632 zcmV-;0*C!Df&z2`0RS)!1_>&LNQUpUNC|JS^@z80)c@5n)Z8yxz)Ev zW(v<7U@93)Y4b;dz65CZ7u=EL1>dHl)MQ{BvC?vrLB~kr%z2^CJ@94?z%H#h)!#v= z+ky$G6`(_f&?E|C^Aw%#r@s&*A=8ikS|D24(yDIE2LT+gPiNrot59T-{s&HaG=v^+ z5mOCc%CW1$0kF*+^#-j=0s{d60Rn$_KQ+zmGlrg)8HAP@Q;n zx^PQwG_jlIx#u4-6iEWMbBgL4yX)y0zm+x)$L^>%87(32J4;K!S7FBhsmFedsXFz*i^&pcI6!hU_-t;UGK~`- S+Q4v0)+iAf&zB}0RS)!1_>&LNQUpVK9OMT>=3B0)c@5!Qqm_^$<_o zU{%fLW3)#ijX`E+(D|gUmN(>r5P_zwUIb&r!@)XVxy>U$lD_kS_C*Vsy9Wqop=vnz z2MJlSI8T-Jw5kWb4hP{;vFW`n+{cELZ6%EgdAD=@CJY=n?(Q5hMco<7&|W-ZM^jy> zR_WAt9hIk#2=?VsWx$LH0s{d60Rn-5DxGgh{UV{e8NH%yLVFCWu8OjJWble#35%_P zT`6)tF327^(4jXtbvb^=A-XXE-sGG?B^S-4A(@*h61|2Bp;g`6u5I44R>{gobOyBiM`m)#)XqwESbf&9cOuGXi zHVJsq5sh#txl0F;bzvs{K<-|!2r>Wz&X)o~0KU|K{K~4*tG3B9g+uYSE2d>(D6J38 zPUtE3kZtYBpJp;eFL;;Gb!r0S+{!^}?xNfGtfo)y1b*5zcXhJWX#zkVtUCxKQ(Jws ztmD(4r7ahG3tr|!a%g4evUO%kH|&=1v@8}dZzu2=9`-v@J8hmwnK-~fxm|eYXod3R z&!$HLK>*9wB>TZ%=i_IV=-DRetCvmNTF1~TrR+X?`%oK9m$)Fm!p0sP&Ft`tCzW(| V_l02M5xvB7$q1C`Sti%U*fTGtFKPe) literal 0 HcmV?d00001