accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bil...@apache.org
Subject accumulo git commit: ACCUMULO-3606 make keystore and truststore types configurable for monitor SSL
Date Tue, 03 Mar 2015 23:15:07 GMT
Repository: accumulo
Updated Branches:
  refs/heads/master 1c5bef324 -> 76ce7d926


ACCUMULO-3606 make keystore and truststore types configurable for monitor SSL


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/76ce7d92
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/76ce7d92
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/76ce7d92

Branch: refs/heads/master
Commit: 76ce7d9264addffcb940bbda000bf03efc95197f
Parents: 1c5bef3
Author: Billie Rinaldi <billie.rinaldi@gmail.com>
Authored: Mon Mar 2 16:34:17 2015 -0800
Committer: Billie Rinaldi <billie.rinaldi@gmail.com>
Committed: Tue Mar 3 15:13:40 2015 -0800

----------------------------------------------------------------------
 .../org/apache/accumulo/core/conf/Property.java |   2 +
 .../accumulo/monitor/EmbeddedWebServer.java     |   2 +
 .../accumulo/test/functional/MonitorSslIT.java  | 128 +++++++++++++++++++
 3 files changed, 132 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/76ce7d92/core/src/main/java/org/apache/accumulo/core/conf/Property.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/conf/Property.java b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
index 01f03cf..9ceebed 100644
--- a/core/src/main/java/org/apache/accumulo/core/conf/Property.java
+++ b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
@@ -355,9 +355,11 @@ public enum Property {
   MONITOR_SSL_KEYSTORE("monitor.ssl.keyStore", "", PropertyType.PATH, "The keystore for enabling
monitor SSL."),
   @Sensitive
   MONITOR_SSL_KEYSTOREPASS("monitor.ssl.keyStorePassword", "", PropertyType.STRING, "The
keystore password for enabling monitor SSL."),
+  MONITOR_SSL_KEYSTORETYPE("monitor.ssl.keyStoreType", "", PropertyType.STRING, "Type of
SSL keystore"),
   MONITOR_SSL_TRUSTSTORE("monitor.ssl.trustStore", "", PropertyType.PATH, "The truststore
for enabling monitor SSL."),
   @Sensitive
   MONITOR_SSL_TRUSTSTOREPASS("monitor.ssl.trustStorePassword", "", PropertyType.STRING, "The
truststore password for enabling monitor SSL."),
+  MONITOR_SSL_TRUSTSTORETYPE("monitor.ssl.trustStoreType", "", PropertyType.STRING, "Type
of SSL truststore"),
   MONITOR_SSL_INCLUDE_CIPHERS("monitor.ssl.include.ciphers", "", PropertyType.STRING,
       "A comma-separated list of allows SSL Ciphers, see monitor.ssl.exclude.ciphers to disallow
ciphers"),
   MONITOR_SSL_EXCLUDE_CIPHERS("monitor.ssl.exclude.ciphers", "", PropertyType.STRING,

http://git-wip-us.apache.org/repos/asf/accumulo/blob/76ce7d92/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
----------------------------------------------------------------------
diff --git a/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
b/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
index 7142ef1..8c23a16 100644
--- a/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
+++ b/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
@@ -51,8 +51,10 @@ public class EmbeddedWebServer {
       SslContextFactory sslContextFactory = new SslContextFactory();
       sslContextFactory.setKeyStorePath(conf.get(Property.MONITOR_SSL_KEYSTORE));
       sslContextFactory.setKeyStorePassword(conf.get(Property.MONITOR_SSL_KEYSTOREPASS));
+      sslContextFactory.setKeyStoreType(conf.get(Property.MONITOR_SSL_KEYSTORETYPE));
       sslContextFactory.setTrustStorePath(conf.get(Property.MONITOR_SSL_TRUSTSTORE));
       sslContextFactory.setTrustStorePassword(conf.get(Property.MONITOR_SSL_TRUSTSTOREPASS));
+      sslContextFactory.setTrustStoreType(conf.get(Property.MONITOR_SSL_TRUSTSTORETYPE));
 
       final String includedCiphers = conf.get(Property.MONITOR_SSL_INCLUDE_CIPHERS);
       if (!Property.MONITOR_SSL_INCLUDE_CIPHERS.getDefaultValue().equals(includedCiphers))
{

http://git-wip-us.apache.org/repos/asf/accumulo/blob/76ce7d92/test/src/test/java/org/apache/accumulo/test/functional/MonitorSslIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/MonitorSslIT.java b/test/src/test/java/org/apache/accumulo/test/functional/MonitorSslIT.java
new file mode 100644
index 0000000..c112139
--- /dev/null
+++ b/test/src/test/java/org/apache/accumulo/test/functional/MonitorSslIT.java
@@ -0,0 +1,128 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.accumulo.test.functional;
+
+import org.apache.accumulo.core.conf.Property;
+import org.apache.accumulo.core.util.MonitorUtil;
+import org.apache.accumulo.minicluster.ServerType;
+import org.apache.accumulo.minicluster.impl.MiniAccumuloConfigImpl;
+import org.apache.hadoop.conf.Configuration;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import java.net.URL;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Map;
+
+import static org.junit.Assert.assertTrue;
+
+/**
+ * Check SSL for the Monitor
+ *
+ */
+public class MonitorSslIT extends ConfigurableMacIT {
+  @BeforeClass
+  public static void initHttps() throws NoSuchAlgorithmException, KeyManagementException
{
+    SSLContext ctx = SSLContext.getInstance("SSL");
+    TrustManager[] tm = new TrustManager[]{
+        new TestTrustManager()
+    };
+    ctx.init(new KeyManager[0], tm, new SecureRandom());
+    SSLContext.setDefault(ctx);
+    HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());
+    HttpsURLConnection.setDefaultHostnameVerifier(new TestHostnameVerifier());
+  }
+
+  private static class TestTrustManager implements X509TrustManager {
+    @Override
+    public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException
{}
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException
{}
+
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+      return null;
+    }
+  }
+
+  private static class TestHostnameVerifier implements HostnameVerifier {
+    public boolean verify(String hostname, SSLSession session) {
+      return true;
+    }
+  }
+
+  @Override
+  public int defaultTimeoutSeconds() {
+    return 6 * 60;
+  }
+
+  @Override
+  public void configure(MiniAccumuloConfigImpl cfg, Configuration hadoopCoreSite) {
+    super.configure(cfg, hadoopCoreSite);
+    configureForSsl(cfg, createSharedTestDir(this.getClass().getName() + "-ssl"));
+    Map<String,String> siteConfig = cfg.getSiteConfig();
+    siteConfig.put(Property.MONITOR_SSL_KEYSTORE.getKey(), siteConfig.get(Property.RPC_SSL_KEYSTORE_PATH.getKey()));
+    siteConfig.put(Property.MONITOR_SSL_KEYSTOREPASS.getKey(), siteConfig.get(Property.RPC_SSL_KEYSTORE_PASSWORD.getKey()));
+    if (siteConfig.containsKey(Property.RPC_SSL_KEYSTORE_TYPE.getKey())) {
+      siteConfig.put(Property.MONITOR_SSL_KEYSTORETYPE.getKey(), siteConfig.get(Property.RPC_SSL_KEYSTORE_TYPE.getKey()));
+    } else {
+      siteConfig.put(Property.MONITOR_SSL_KEYSTORETYPE.getKey(), Property.RPC_SSL_KEYSTORE_TYPE.getDefaultValue());
+    }
+    siteConfig.put(Property.MONITOR_SSL_TRUSTSTORE.getKey(), siteConfig.get(Property.RPC_SSL_TRUSTSTORE_PATH.getKey()));
+    siteConfig.put(Property.MONITOR_SSL_TRUSTSTOREPASS.getKey(), siteConfig.get(Property.RPC_SSL_TRUSTSTORE_PASSWORD.getKey()));
+    if (siteConfig.containsKey(Property.RPC_SSL_TRUSTSTORE_TYPE.getKey())) {
+      siteConfig.put(Property.MONITOR_SSL_TRUSTSTORETYPE.getKey(), siteConfig.get(Property.RPC_SSL_TRUSTSTORE_TYPE.getKey()));
+    } else {
+      siteConfig.put(Property.MONITOR_SSL_TRUSTSTORETYPE.getKey(), Property.RPC_SSL_TRUSTSTORE_TYPE.getDefaultValue());
+    }
+    cfg.setSiteConfig(siteConfig);
+  }
+
+  @Test
+  public void test() throws Exception {
+    log.debug("Starting Monitor");
+    cluster.getClusterControl().startAllServers(ServerType.MONITOR);
+    String monitorLocation = null;
+    while (null == monitorLocation) {
+      try {
+        monitorLocation = MonitorUtil.getLocation(getConnector().getInstance());
+      } catch (Exception e) {}
+      if (null == monitorLocation) {
+        log.debug("Could not fetch monitor HTTP address from zookeeper");
+        Thread.sleep(2000);
+      }
+    }
+    URL url = new URL("https://" + monitorLocation);
+    log.debug("Fetching web page " + url);
+    String result = FunctionalTestUtils.readAll(url.openStream());
+    assertTrue(result.length() > 100);
+    assertTrue(result.indexOf("Accumulo Overview") >= 0);
+  }
+
+}


Mime
View raw message