accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From els...@apache.org
Subject [1/5] git commit: ACCUMULO-3059 Allow configuration of truststore password and root keystore password
Date Tue, 12 Aug 2014 03:41:57 GMT
Repository: accumulo
Updated Branches:
  refs/heads/1.6.1-SNAPSHOT 10500f6da -> 011349e2d
  refs/heads/master 63b3bdd8c -> ef0b27c1e


ACCUMULO-3059 Allow configuration of truststore password and root keystore password


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/384aa396
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/384aa396
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/384aa396

Branch: refs/heads/1.6.1-SNAPSHOT
Commit: 384aa396736b7ddeadf38d71d3f42afda7c4d0da
Parents: 10500f6
Author: Josh Elser <elserj@apache.org>
Authored: Mon Aug 11 23:30:39 2014 -0400
Committer: Josh Elser <elserj@apache.org>
Committed: Mon Aug 11 23:30:39 2014 -0400

----------------------------------------------------------------------
 .../MiniAccumuloClusterStartStopTest.java       |  1 -
 .../accumulo/test/functional/AbstractMacIT.java |  2 +-
 .../apache/accumulo/test/util/CertUtils.java    | 36 +++++++++++++-------
 .../accumulo/test/util/CertUtilsTest.java       |  6 ++--
 4 files changed, 28 insertions(+), 17 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/384aa396/minicluster/src/test/java/org/apache/accumulo/minicluster/MiniAccumuloClusterStartStopTest.java
----------------------------------------------------------------------
diff --git a/minicluster/src/test/java/org/apache/accumulo/minicluster/MiniAccumuloClusterStartStopTest.java
b/minicluster/src/test/java/org/apache/accumulo/minicluster/MiniAccumuloClusterStartStopTest.java
index 9e38d09..b44868f 100644
--- a/minicluster/src/test/java/org/apache/accumulo/minicluster/MiniAccumuloClusterStartStopTest.java
+++ b/minicluster/src/test/java/org/apache/accumulo/minicluster/MiniAccumuloClusterStartStopTest.java
@@ -22,7 +22,6 @@ import org.apache.accumulo.core.client.Connector;
 import org.apache.accumulo.core.client.ZooKeeperInstance;
 import org.apache.accumulo.core.client.security.tokens.PasswordToken;
 import org.junit.After;
-import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.rules.TemporaryFolder;

http://git-wip-us.apache.org/repos/asf/accumulo/blob/384aa396/test/src/test/java/org/apache/accumulo/test/functional/AbstractMacIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/AbstractMacIT.java b/test/src/test/java/org/apache/accumulo/test/functional/AbstractMacIT.java
index 0c29dfd..4734558 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/AbstractMacIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/AbstractMacIT.java
@@ -101,7 +101,7 @@ public abstract class AbstractMacIT {
     File publicTruststoreFile = new File(sslDir, "public-" + cfg.getInstanceName() + ".jks");
     try {
       new CertUtils(Property.RPC_SSL_KEYSTORE_TYPE.getDefaultValue(), "o=Apache Accumulo,cn=MiniAccumuloCluster",
"RSA", 2048, "sha1WithRSAEncryption")
-          .createAll(rootKeystoreFile, localKeystoreFile, publicTruststoreFile, cfg.getInstanceName(),
cfg.getRootPassword());
+          .createAll(rootKeystoreFile, localKeystoreFile, publicTruststoreFile, cfg.getInstanceName(),
"root_keystore_password", cfg.getRootPassword(), "");
     } catch (Exception e) {
       throw new RuntimeException("error creating MAC keystore", e);
     }

http://git-wip-us.apache.org/repos/asf/accumulo/blob/384aa396/test/src/test/java/org/apache/accumulo/test/util/CertUtils.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/util/CertUtils.java b/test/src/test/java/org/apache/accumulo/test/util/CertUtils.java
index b7614b8..552a332 100644
--- a/test/src/test/java/org/apache/accumulo/test/util/CertUtils.java
+++ b/test/src/test/java/org/apache/accumulo/test/util/CertUtils.java
@@ -92,11 +92,17 @@ public class CertUtils {
     @Parameter(names = {"--keystore-type"}, description = "Type of keystore file to use")
     String keystoreType = "JKS";
 
+    @Parameter(names = {"--root-keystore-password"}, description = "Password for root keystore,
falls back to --keystore-password if not provided")
+    String rootKeystorePassword = null;
+
     @Parameter(
         names = {"--keystore-password"},
         description = "Password used to encrypt keystores.  If omitted, the instance-wide
secret will be used.  If specified, the password must also be explicitly configured in Accumulo.")
     String keystorePassword = null;
 
+    @Parameter(names = {"--truststore-password"}, description = "Password used to encrypt
the truststore. If omitted, empty password is used")
+    String truststorePassword = "";
+
     @Parameter(names = {"--key-name-prefix"}, description = "Prefix for names of generated
keys")
     String keyNamePrefix = CertUtils.class.getSimpleName();
 
@@ -162,14 +168,20 @@ public class CertUtils {
     String keyPassword = opts.keystorePassword;
     if (keyPassword == null)
       keyPassword = getDefaultKeyPassword();
+
+    String rootKeyPassword = opts.rootKeystorePassword;
+    if (rootKeyPassword == null) {
+      rootKeyPassword = keyPassword;
+    }
+
     CertUtils certUtils = new CertUtils(opts.keystoreType, opts.issuerDirString, opts.encryptionAlg,
opts.keysize, opts.signingAlg);
 
     if ("generate-all".equals(operation)) {
-      certUtils.createAll(new File(opts.rootKeystore), new File(opts.localKeystore), new
File(opts.truststore), opts.keyNamePrefix, keyPassword);
+      certUtils.createAll(new File(opts.rootKeystore), new File(opts.localKeystore), new
File(opts.truststore), opts.keyNamePrefix, rootKeyPassword, keyPassword, opts.truststorePassword);
     } else if ("generate-local".equals(operation)) {
-      certUtils.createSignedCert(new File(opts.localKeystore), opts.keyNamePrefix + "-local",
"", opts.rootKeystore, "");
+      certUtils.createSignedCert(new File(opts.localKeystore), opts.keyNamePrefix + "-local",
keyPassword, opts.rootKeystore, rootKeyPassword);
     } else if ("generate-self-trusted".equals(operation)) {
-      certUtils.createSelfSignedCert(new File(opts.truststore), opts.keyNamePrefix + "-selfTrusted",
"");
+      certUtils.createSelfSignedCert(new File(opts.truststore), opts.keyNamePrefix + "-selfTrusted",
keyPassword);
     } else {
       JCommander jcommander = new JCommander(opts);
       jcommander.setProgramName(CertUtils.class.getName());
@@ -198,16 +210,16 @@ public class CertUtils {
     this.signingAlgorithm = signingAlgorithm;
   }
 
-  public void createAll(File rootKeystoreFile, File localKeystoreFile, File trustStoreFile,
String keyNamePrefix, String systemPassword)
-      throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException,
OperatorCreationException, AccumuloSecurityException,
-      NoSuchProviderException, UnrecoverableKeyException, FileNotFoundException {
-    createSelfSignedCert(rootKeystoreFile, keyNamePrefix + "-root", systemPassword);
-    createSignedCert(localKeystoreFile, keyNamePrefix + "-local", systemPassword, rootKeystoreFile.getAbsolutePath(),
systemPassword);
-    createPublicCert(trustStoreFile, keyNamePrefix + "-public", rootKeystoreFile.getAbsolutePath(),
systemPassword);
+  public void createAll(File rootKeystoreFile, File localKeystoreFile, File trustStoreFile,
String keyNamePrefix, String rootKeystorePassword,
+      String keystorePassword, String truststorePassword) throws KeyStoreException, CertificateException,
NoSuchAlgorithmException, IOException,
+      OperatorCreationException, AccumuloSecurityException, NoSuchProviderException, UnrecoverableKeyException,
FileNotFoundException {
+    createSelfSignedCert(rootKeystoreFile, keyNamePrefix + "-root", rootKeystorePassword);
+    createSignedCert(localKeystoreFile, keyNamePrefix + "-local", keystorePassword, rootKeystoreFile.getAbsolutePath(),
rootKeystorePassword);
+    createPublicCert(trustStoreFile, keyNamePrefix + "-public", rootKeystoreFile.getAbsolutePath(),
rootKeystorePassword, truststorePassword);
   }
 
-  public void createPublicCert(File targetKeystoreFile, String keyName, String rootKeystorePath,
String rootKeystorePassword) throws NoSuchAlgorithmException,
-      CertificateException, FileNotFoundException, IOException, KeyStoreException, UnrecoverableKeyException
{
+  public void createPublicCert(File targetKeystoreFile, String keyName, String rootKeystorePath,
String rootKeystorePassword, String truststorePassword)
+      throws NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException,
KeyStoreException, UnrecoverableKeyException {
     KeyStore signerKeystore = KeyStore.getInstance(keystoreType);
     char[] signerPasswordArray = rootKeystorePassword.toCharArray();
     signerKeystore.load(new FileInputStream(rootKeystorePath), signerPasswordArray);
@@ -216,7 +228,7 @@ public class CertUtils {
     KeyStore keystore = KeyStore.getInstance(keystoreType);
     keystore.load(null, null);
     keystore.setCertificateEntry(keyName + "Cert", rootCert);
-    keystore.store(new FileOutputStream(targetKeystoreFile), new char[0]);
+    keystore.store(new FileOutputStream(targetKeystoreFile), truststorePassword.toCharArray());
   }
 
   public void createSignedCert(File targetKeystoreFile, String keyName, String keystorePassword,
String signerKeystorePath, String signerKeystorePassword)

http://git-wip-us.apache.org/repos/asf/accumulo/blob/384aa396/test/src/test/java/org/apache/accumulo/test/util/CertUtilsTest.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/util/CertUtilsTest.java b/test/src/test/java/org/apache/accumulo/test/util/CertUtilsTest.java
index eea9ac2..1e4e68a 100644
--- a/test/src/test/java/org/apache/accumulo/test/util/CertUtilsTest.java
+++ b/test/src/test/java/org/apache/accumulo/test/util/CertUtilsTest.java
@@ -62,7 +62,7 @@ public class CertUtilsTest {
     File rootKeyStoreFile = new File(folder.getRoot(), "root.jks");
     certUtils.createSelfSignedCert(rootKeyStoreFile, "test", PASSWORD);
     File publicKeyStoreFile = new File(folder.getRoot(), "public.jks");
-    certUtils.createPublicCert(publicKeyStoreFile, "test", rootKeyStoreFile.getAbsolutePath(),
PASSWORD);
+    certUtils.createPublicCert(publicKeyStoreFile, "test", rootKeyStoreFile.getAbsolutePath(),
PASSWORD, "");
 
     KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
     keyStore.load(new FileInputStream(publicKeyStoreFile), new char[0]);
@@ -110,11 +110,11 @@ public class CertUtilsTest {
     File rootKeyStoreFile = new File(folder.getRoot(), "root.jks");
     certUtils.createSelfSignedCert(rootKeyStoreFile, "test", PASSWORD);
     File publicRootKeyStoreFile = new File(folder.getRoot(), "publicroot.jks");
-    certUtils.createPublicCert(publicRootKeyStoreFile, "test", rootKeyStoreFile.getAbsolutePath(),
PASSWORD);
+    certUtils.createPublicCert(publicRootKeyStoreFile, "test", rootKeyStoreFile.getAbsolutePath(),
PASSWORD, "");
     File signedKeyStoreFile = new File(folder.getRoot(), "signed.jks");
     certUtils.createSignedCert(signedKeyStoreFile, "test", PASSWORD, rootKeyStoreFile.getAbsolutePath(),
PASSWORD);
     File publicSignedKeyStoreFile = new File(folder.getRoot(), "publicsigned.jks");
-    certUtils.createPublicCert(publicSignedKeyStoreFile, "test", signedKeyStoreFile.getAbsolutePath(),
PASSWORD);
+    certUtils.createPublicCert(publicSignedKeyStoreFile, "test", signedKeyStoreFile.getAbsolutePath(),
PASSWORD, "");
 
     KeyStore rootKeyStore = KeyStore.getInstance(KEYSTORE_TYPE);
     rootKeyStore.load(new FileInputStream(publicRootKeyStoreFile), new char[0]);


Mime
View raw message