accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ctubb...@apache.org
Subject [5/6] accumulo git commit: Merge branch '1.7' into 1.8
Date Fri, 09 Jun 2017 03:22:20 GMT
Merge branch '1.7' into 1.8


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/da695f60
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/da695f60
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/da695f60

Branch: refs/heads/1.8
Commit: da695f60483b4f1fd9e8082c0a5f84e9a7350e90
Parents: 116da38 4effd0e
Author: Christopher Tubbs <ctubbsii@apache.org>
Authored: Thu Jun 8 22:03:13 2017 -0400
Committer: Christopher Tubbs <ctubbsii@apache.org>
Committed: Thu Jun 8 22:03:13 2017 -0400

----------------------------------------------------------------------
 .../accumulo/core/conf/SiteConfiguration.java   | 20 +++++---------------
 .../accumulo/core/file/rfile/PrintInfo.java     |  4 +---
 .../core/file/rfile/bcfile/PrintInfo.java       |  3 +--
 .../server/conf/ServerConfigurationFactory.java |  2 +-
 .../java/org/apache/accumulo/shell/Shell.java   |  6 +++---
 .../apache/accumulo/shell/ShellOptionsJC.java   |  3 +--
 .../accumulo/shell/commands/FateCommand.java    |  3 +--
 .../apache/accumulo/test/util/CertUtils.java    |  4 ++--
 8 files changed, 15 insertions(+), 30 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/da695f60/core/src/main/java/org/apache/accumulo/core/file/rfile/PrintInfo.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/accumulo/blob/da695f60/server/base/src/main/java/org/apache/accumulo/server/conf/ServerConfigurationFactory.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/accumulo/blob/da695f60/shell/src/main/java/org/apache/accumulo/shell/Shell.java
----------------------------------------------------------------------
diff --cc shell/src/main/java/org/apache/accumulo/shell/Shell.java
index 3e838e0,cdd177e..05d85cf
--- a/shell/src/main/java/org/apache/accumulo/shell/Shell.java
+++ b/shell/src/main/java/org/apache/accumulo/shell/Shell.java
@@@ -53,8 -53,8 +53,7 @@@ import org.apache.accumulo.core.client.
  import org.apache.accumulo.core.client.NamespaceNotFoundException;
  import org.apache.accumulo.core.client.TableNotFoundException;
  import org.apache.accumulo.core.client.ZooKeeperInstance;
- import org.apache.accumulo.core.client.impl.ClientContext;
  import org.apache.accumulo.core.client.impl.Tables;
 -import org.apache.accumulo.core.client.mock.MockInstance;
  import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
  import org.apache.accumulo.core.client.security.tokens.PasswordToken;
  import org.apache.accumulo.core.conf.AccumuloConfiguration;

http://git-wip-us.apache.org/repos/asf/accumulo/blob/da695f60/shell/src/main/java/org/apache/accumulo/shell/ShellOptionsJC.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/accumulo/blob/da695f60/shell/src/main/java/org/apache/accumulo/shell/commands/FateCommand.java
----------------------------------------------------------------------
diff --cc shell/src/main/java/org/apache/accumulo/shell/commands/FateCommand.java
index 88eeefd,94b83fc..9f8ee09
--- a/shell/src/main/java/org/apache/accumulo/shell/commands/FateCommand.java
+++ b/shell/src/main/java/org/apache/accumulo/shell/commands/FateCommand.java
@@@ -30,15 -26,11 +30,14 @@@ import java.util.Set
  import org.apache.accumulo.core.Constants;
  import org.apache.accumulo.core.client.Instance;
  import org.apache.accumulo.core.conf.AccumuloConfiguration;
- import org.apache.accumulo.core.conf.DefaultConfiguration;
  import org.apache.accumulo.core.conf.Property;
  import org.apache.accumulo.core.conf.SiteConfiguration;
 +import org.apache.accumulo.core.util.Base64;
  import org.apache.accumulo.core.zookeeper.ZooUtil;
  import org.apache.accumulo.fate.AdminUtil;
 +import org.apache.accumulo.fate.ReadOnlyRepo;
  import org.apache.accumulo.fate.ReadOnlyTStore.TStatus;
 +import org.apache.accumulo.fate.Repo;
  import org.apache.accumulo.fate.ZooStore;
  import org.apache.accumulo.fate.zookeeper.IZooReaderWriter;
  import org.apache.accumulo.fate.zookeeper.ZooReaderWriter;

http://git-wip-us.apache.org/repos/asf/accumulo/blob/da695f60/test/src/main/java/org/apache/accumulo/test/util/CertUtils.java
----------------------------------------------------------------------
diff --cc test/src/main/java/org/apache/accumulo/test/util/CertUtils.java
index 95042d2,0000000..a49e1cd
mode 100644,000000..100644
--- a/test/src/main/java/org/apache/accumulo/test/util/CertUtils.java
+++ b/test/src/main/java/org/apache/accumulo/test/util/CertUtils.java
@@@ -1,348 -1,0 +1,348 @@@
 +/*
 + * Licensed to the Apache Software Foundation (ASF) under one or more
 + * contributor license agreements.  See the NOTICE file distributed with
 + * this work for additional information regarding copyright ownership.
 + * The ASF licenses this file to You under the Apache License, Version 2.0
 + * (the "License"); you may not use this file except in compliance with
 + * the License.  You may obtain a copy of the License at
 + *
 + *     http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing, software
 + * distributed under the License is distributed on an "AS IS" BASIS,
 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 + * See the License for the specific language governing permissions and
 + * limitations under the License.
 + */
 +package org.apache.accumulo.test.util;
 +
 +import java.io.File;
 +import java.io.FileInputStream;
 +import java.io.FileNotFoundException;
 +import java.io.FileOutputStream;
 +import java.io.IOException;
 +import java.math.BigInteger;
 +import java.security.KeyPair;
 +import java.security.KeyPairGenerator;
 +import java.security.KeyStore;
 +import java.security.KeyStoreException;
 +import java.security.NoSuchAlgorithmException;
 +import java.security.NoSuchProviderException;
 +import java.security.PrivateKey;
 +import java.security.PublicKey;
 +import java.security.Security;
 +import java.security.UnrecoverableKeyException;
 +import java.security.cert.Certificate;
 +import java.security.cert.CertificateException;
 +import java.util.Calendar;
 +import java.util.Enumeration;
 +import java.util.Iterator;
 +import java.util.List;
 +import java.util.Map;
 +import java.util.Map.Entry;
 +import java.util.TreeMap;
 +
 +import org.apache.accumulo.core.cli.Help;
 +import org.apache.accumulo.core.client.AccumuloSecurityException;
 +import org.apache.accumulo.core.conf.AccumuloConfiguration;
 +import org.apache.accumulo.core.conf.DefaultConfiguration;
 +import org.apache.accumulo.core.conf.Property;
 +import org.apache.accumulo.core.conf.SiteConfiguration;
 +import org.apache.commons.io.FileExistsException;
 +import org.apache.hadoop.conf.Configuration;
 +import org.apache.hadoop.fs.Path;
 +import org.bouncycastle.asn1.x500.X500Name;
 +import org.bouncycastle.asn1.x500.style.IETFUtils;
 +import org.bouncycastle.asn1.x500.style.RFC4519Style;
 +import org.bouncycastle.asn1.x509.BasicConstraints;
 +import org.bouncycastle.asn1.x509.Extension;
 +import org.bouncycastle.asn1.x509.KeyUsage;
 +import org.bouncycastle.cert.CertIOException;
 +import org.bouncycastle.cert.X509CertificateHolder;
 +import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
 +import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
 +import org.bouncycastle.jce.provider.BouncyCastleProvider;
 +import org.bouncycastle.jce.provider.X509CertificateObject;
 +import org.bouncycastle.operator.OperatorCreationException;
 +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 +import org.slf4j.Logger;
 +import org.slf4j.LoggerFactory;
 +
 +import com.beust.jcommander.JCommander;
 +import com.beust.jcommander.Parameter;
 +import com.google.common.base.Predicate;
 +
 +public class CertUtils {
 +  private static final Logger log = LoggerFactory.getLogger(CertUtils.class);
 +  static {
 +    Security.addProvider(new BouncyCastleProvider());
 +  }
 +
 +  static class Opts extends Help {
 +    @Parameter(description = "generate-all | generate-local | generate-self-trusted", required
= true, arity = 1)
 +    List<String> operation = null;
 +
 +    @Parameter(names = {"--local-keystore"}, description = "Target path for generated keystore")
 +    String localKeystore = null;
 +
 +    @Parameter(names = {"--root-keystore"}, description = "Path to root truststore, generated
with generate-all, or used for signing with generate-local")
 +    String rootKeystore = null;
 +
 +    @Parameter(names = {"--root-truststore"}, description = "Target path for generated public
root truststore")
 +    String truststore = null;
 +
 +    @Parameter(names = {"--keystore-type"}, description = "Type of keystore file to use")
 +    String keystoreType = "JKS";
 +
 +    @Parameter(names = {"--root-keystore-password"}, description = "Password for root keystore,
falls back to --keystore-password if not provided")
 +    String rootKeystorePassword = null;
 +
 +    @Parameter(
 +        names = {"--keystore-password"},
 +        description = "Password used to encrypt keystores.  If omitted, the instance-wide
secret will be used.  If specified, the password must also be explicitly configured in Accumulo.")
 +    String keystorePassword = null;
 +
 +    @Parameter(names = {"--truststore-password"}, description = "Password used to encrypt
the truststore. If omitted, empty password is used")
 +    String truststorePassword = "";
 +
 +    @Parameter(names = {"--key-name-prefix"}, description = "Prefix for names of generated
keys")
 +    String keyNamePrefix = CertUtils.class.getSimpleName();
 +
 +    @Parameter(names = {"--issuer-rdn"}, description = "RDN string for issuer, for example:
'c=US,o=My Organization,cn=My Name'")
 +    String issuerDirString = "o=Apache Accumulo";
 +
 +    @Parameter(names = "--site-file", description = "Load configuration from the given site
file")
 +    public String siteFile = null;
 +
 +    @Parameter(names = "--signing-algorithm", description = "Algorithm used to sign certificates")
 +    public String signingAlg = "SHA256WITHRSA";
 +
 +    @Parameter(names = "--encryption-algorithm", description = "Algorithm used to encrypt
private keys")
 +    public String encryptionAlg = "RSA";
 +
 +    @Parameter(names = "--keysize", description = "Key size used by encryption algorithm")
 +    public int keysize = 2048;
 +
 +    public AccumuloConfiguration getConfiguration() {
 +      if (siteFile == null) {
-         return SiteConfiguration.getInstance(DefaultConfiguration.getInstance());
++        return SiteConfiguration.getInstance();
 +      } else {
 +        return new AccumuloConfiguration() {
 +          Configuration xml = new Configuration();
 +          {
 +            xml.addResource(new Path(siteFile));
 +          }
 +
 +          @Override
 +          public Iterator<Entry<String,String>> iterator() {
 +            TreeMap<String,String> map = new TreeMap<>();
 +            for (Entry<String,String> props : DefaultConfiguration.getInstance())
 +              map.put(props.getKey(), props.getValue());
 +            for (Entry<String,String> props : xml)
 +              map.put(props.getKey(), props.getValue());
 +            return map.entrySet().iterator();
 +          }
 +
 +          @Override
 +          public String get(Property property) {
 +            String value = xml.get(property.getKey());
 +            if (value != null)
 +              return value;
 +            return DefaultConfiguration.getInstance().get(property);
 +          }
 +
 +          @Override
 +          public void getProperties(Map<String,String> props, Predicate<String>
filter) {
 +            for (Entry<String,String> entry : this)
 +              if (filter.apply(entry.getKey()))
 +                props.put(entry.getKey(), entry.getValue());
 +          }
 +        };
 +      }
 +    }
 +  }
 +
 +  public static void main(String[] args) throws Exception {
 +    Opts opts = new Opts();
 +    opts.parseArgs(CertUtils.class.getName(), args);
 +    String operation = opts.operation.get(0);
 +
 +    String keyPassword = opts.keystorePassword;
 +    if (keyPassword == null)
 +      keyPassword = getDefaultKeyPassword();
 +
 +    String rootKeyPassword = opts.rootKeystorePassword;
 +    if (rootKeyPassword == null) {
 +      rootKeyPassword = keyPassword;
 +    }
 +
 +    CertUtils certUtils = new CertUtils(opts.keystoreType, opts.issuerDirString, opts.encryptionAlg,
opts.keysize, opts.signingAlg);
 +
 +    if ("generate-all".equals(operation)) {
 +      certUtils.createAll(new File(opts.rootKeystore), new File(opts.localKeystore), new
File(opts.truststore), opts.keyNamePrefix, rootKeyPassword,
 +          keyPassword, opts.truststorePassword);
 +    } else if ("generate-local".equals(operation)) {
 +      certUtils.createSignedCert(new File(opts.localKeystore), opts.keyNamePrefix + "-local",
keyPassword, opts.rootKeystore, rootKeyPassword);
 +    } else if ("generate-self-trusted".equals(operation)) {
 +      certUtils.createSelfSignedCert(new File(opts.truststore), opts.keyNamePrefix + "-selfTrusted",
keyPassword);
 +    } else {
 +      JCommander jcommander = new JCommander(opts);
 +      jcommander.setProgramName(CertUtils.class.getName());
 +      jcommander.usage();
 +      System.err.println("Unrecognized operation: " + opts.operation);
 +      System.exit(0);
 +    }
 +  }
 +
 +  private static String getDefaultKeyPassword() {
-     return SiteConfiguration.getInstance(DefaultConfiguration.getInstance()).get(Property.INSTANCE_SECRET);
++    return SiteConfiguration.getInstance().get(Property.INSTANCE_SECRET);
 +  }
 +
 +  private String issuerDirString;
 +  private String keystoreType;
 +  private String encryptionAlgorithm;
 +  private int keysize;
 +  private String signingAlgorithm;
 +
 +  public CertUtils(String keystoreType, String issuerDirString, String encryptionAlgorithm,
int keysize, String signingAlgorithm) {
 +    super();
 +    this.keystoreType = keystoreType;
 +    this.issuerDirString = issuerDirString;
 +    this.encryptionAlgorithm = encryptionAlgorithm;
 +    this.keysize = keysize;
 +    this.signingAlgorithm = signingAlgorithm;
 +  }
 +
 +  public void createAll(File rootKeystoreFile, File localKeystoreFile, File trustStoreFile,
String keyNamePrefix, String rootKeystorePassword,
 +      String keystorePassword, String truststorePassword) throws KeyStoreException, CertificateException,
NoSuchAlgorithmException, IOException,
 +      OperatorCreationException, AccumuloSecurityException, NoSuchProviderException, UnrecoverableKeyException,
FileNotFoundException {
 +    createSelfSignedCert(rootKeystoreFile, keyNamePrefix + "-root", rootKeystorePassword);
 +    createSignedCert(localKeystoreFile, keyNamePrefix + "-local", keystorePassword, rootKeystoreFile.getAbsolutePath(),
rootKeystorePassword);
 +    createPublicCert(trustStoreFile, keyNamePrefix + "-public", rootKeystoreFile.getAbsolutePath(),
rootKeystorePassword, truststorePassword);
 +  }
 +
 +  public void createPublicCert(File targetKeystoreFile, String keyName, String rootKeystorePath,
String rootKeystorePassword, String truststorePassword)
 +      throws NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException,
KeyStoreException, UnrecoverableKeyException {
 +    KeyStore signerKeystore = KeyStore.getInstance(keystoreType);
 +    char[] signerPasswordArray = rootKeystorePassword.toCharArray();
 +    try (FileInputStream fis = new FileInputStream(rootKeystorePath)) {
 +      signerKeystore.load(fis, signerPasswordArray);
 +    }
 +    Certificate rootCert = findCert(signerKeystore);
 +
 +    KeyStore keystore = KeyStore.getInstance(keystoreType);
 +    keystore.load(null, null);
 +    keystore.setCertificateEntry(keyName + "Cert", rootCert);
 +    try (FileOutputStream fos = new FileOutputStream(targetKeystoreFile)) {
 +      keystore.store(fos, truststorePassword.toCharArray());
 +    }
 +  }
 +
 +  public void createSignedCert(File targetKeystoreFile, String keyName, String keystorePassword,
String signerKeystorePath, String signerKeystorePassword)
 +      throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException,
OperatorCreationException, AccumuloSecurityException,
 +      UnrecoverableKeyException, NoSuchProviderException {
 +    KeyStore signerKeystore = KeyStore.getInstance(keystoreType);
 +    char[] signerPasswordArray = signerKeystorePassword.toCharArray();
 +    try (FileInputStream fis = new FileInputStream(signerKeystorePath)) {
 +      signerKeystore.load(fis, signerPasswordArray);
 +    }
 +    Certificate signerCert = findCert(signerKeystore);
 +    PrivateKey signerKey = findPrivateKey(signerKeystore, signerPasswordArray);
 +
 +    KeyPair kp = generateKeyPair();
 +    X509CertificateObject cert = generateCert(keyName, kp, false, signerCert.getPublicKey(),
signerKey);
 +
 +    char[] password = keystorePassword.toCharArray();
 +    KeyStore keystore = KeyStore.getInstance(keystoreType);
 +    keystore.load(null, null);
 +    keystore.setCertificateEntry(keyName + "Cert", cert);
 +    keystore.setKeyEntry(keyName + "Key", kp.getPrivate(), password, new Certificate[] {cert,
signerCert});
 +    try (FileOutputStream fos = new FileOutputStream(targetKeystoreFile)) {
 +      keystore.store(fos, password);
 +    }
 +  }
 +
 +  public void createSelfSignedCert(File targetKeystoreFile, String keyName, String keystorePassword)
throws KeyStoreException, CertificateException,
 +      NoSuchAlgorithmException, IOException, OperatorCreationException, AccumuloSecurityException,
NoSuchProviderException {
 +    if (targetKeystoreFile.exists()) {
 +      throw new FileExistsException(targetKeystoreFile);
 +    }
 +
 +    KeyPair kp = generateKeyPair();
 +
 +    X509CertificateObject cert = generateCert(keyName, kp, true, kp.getPublic(), kp.getPrivate());
 +
 +    char[] password = keystorePassword.toCharArray();
 +    KeyStore keystore = KeyStore.getInstance(keystoreType);
 +    keystore.load(null, null);
 +    keystore.setCertificateEntry(keyName + "Cert", cert);
 +    keystore.setKeyEntry(keyName + "Key", kp.getPrivate(), password, new Certificate[] {cert});
 +    try (FileOutputStream fos = new FileOutputStream(targetKeystoreFile)) {
 +      keystore.store(fos, password);
 +    }
 +  }
 +
 +  private KeyPair generateKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException
{
 +    KeyPairGenerator gen = KeyPairGenerator.getInstance(encryptionAlgorithm);
 +    gen.initialize(keysize);
 +    return gen.generateKeyPair();
 +  }
 +
 +  private X509CertificateObject generateCert(String keyName, KeyPair kp, boolean isCertAuthority,
PublicKey signerPublicKey, PrivateKey signerPrivateKey)
 +      throws IOException, CertIOException, OperatorCreationException, CertificateException,
NoSuchAlgorithmException {
 +    Calendar startDate = Calendar.getInstance();
 +    Calendar endDate = Calendar.getInstance();
 +    endDate.add(Calendar.YEAR, 100);
 +
 +    BigInteger serialNumber = BigInteger.valueOf((startDate.getTimeInMillis()));
 +    X500Name issuer = new X500Name(IETFUtils.rDNsFromString(issuerDirString, RFC4519Style.INSTANCE));
 +    JcaX509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuer, serialNumber,
startDate.getTime(), endDate.getTime(), issuer, kp.getPublic());
 +    JcaX509ExtensionUtils extensionUtils = new JcaX509ExtensionUtils();
 +    certGen.addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(kp.getPublic()));
 +    certGen.addExtension(Extension.basicConstraints, false, new BasicConstraints(isCertAuthority));
 +    certGen.addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(signerPublicKey));
 +    if (isCertAuthority) {
 +      certGen.addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.keyCertSign));
 +    }
 +    X509CertificateHolder cert = certGen.build(new JcaContentSignerBuilder(signingAlgorithm).build(signerPrivateKey));
 +    return new X509CertificateObject(cert.toASN1Structure());
 +  }
 +
 +  static Certificate findCert(KeyStore keyStore) throws KeyStoreException {
 +    Enumeration<String> aliases = keyStore.aliases();
 +    Certificate cert = null;
 +    while (aliases.hasMoreElements()) {
 +      String alias = aliases.nextElement();
 +      if (keyStore.isCertificateEntry(alias)) {
 +        if (cert == null) {
 +          cert = keyStore.getCertificate(alias);
 +        } else {
 +          log.warn("Found multiple certificates in keystore.  Ignoring " + alias);
 +        }
 +      }
 +    }
 +    if (cert == null) {
 +      throw new KeyStoreException("Could not find cert in keystore");
 +    }
 +    return cert;
 +  }
 +
 +  static PrivateKey findPrivateKey(KeyStore keyStore, char[] keystorePassword) throws UnrecoverableKeyException,
KeyStoreException, NoSuchAlgorithmException {
 +    Enumeration<String> aliases = keyStore.aliases();
 +    PrivateKey key = null;
 +    while (aliases.hasMoreElements()) {
 +      String alias = aliases.nextElement();
 +      if (keyStore.isKeyEntry(alias)) {
 +        if (key == null) {
 +          key = (PrivateKey) keyStore.getKey(alias, keystorePassword);
 +        } else {
 +          log.warn("Found multiple keys in keystore.  Ignoring " + alias);
 +        }
 +      }
 +    }
 +    if (key == null) {
 +      throw new KeyStoreException("Could not find private key in keystore");
 +    }
 +    return key;
 +  }
 +}


Mime
View raw message