Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm
Precedence: bulk
Reply-To: ambari-dev@ambari.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: mgergely@apache.org
To: commits@ambari.apache.org
Message-Id: <fedc0c55f00948dc83b484eb10b2b97a@git.apache.org>
Subject: ambari git commit: AMBARI-20193 Log Search Portal is not working with
 HTTPS with it's own created Key Store (mgergely)
Date: Mon, 27 Feb 2017 09:31:39 +0000 (UTC)
archived-at: Mon, 27 Feb 2017 09:31:41 -0000

Repository: ambari
Updated Branches:
  refs/heads/branch-2.5 259768314 -> d4ce989f0


AMBARI-20193 Log Search Portal is not working with HTTPS with it's own created Key Store (mgergely)

Change-Id: I9f4c7097eabb197fb065d1ab7e10d5a0a66036af


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d4ce989f
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d4ce989f
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d4ce989f

Branch: refs/heads/branch-2.5
Commit: d4ce989f079c9ac6dc266117359420671bbce19f
Parents: 2597683
Author: Miklos Gergely <mgergely@hortonworks.com>
Authored: Mon Feb 27 10:31:31 2017 +0100
Committer: Miklos Gergely <mgergely@hortonworks.com>
Committed: Mon Feb 27 10:31:31 2017 +0100

----------------------------------------------------------------------
 .../java/org/apache/ambari/logsearch/util/SSLUtil.java  |  7 +++++--
 ambari-logsearch/docker/bin/start.sh                    | 12 +++++++-----
 ambari-logsearch/docker/logsearch-docker.sh             |  2 +-
 .../docker/test-config/logsearch/logsearch-env.sh       |  4 ++--
 4 files changed, 15 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/d4ce989f/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java
----------------------------------------------------------------------
diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java
index ea3474f..d4b6544 100644
--- a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java
+++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java
@@ -26,6 +26,7 @@ import org.apache.commons.io.FileUtils;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang3.ArrayUtils;
 import org.apache.hadoop.conf.Configuration;
+import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
@@ -289,7 +290,9 @@ public class SSLUtil {
     AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
     BcContentSignerBuilder sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId);
     
-    SubjectPublicKeyInfo pubKey = new SubjectPublicKeyInfo(sigAlgId, rsaPublicKey.getEncoded());
+    ASN1InputStream publicKeyStream = new ASN1InputStream(rsaPublicKey.getEncoded());
+    SubjectPublicKeyInfo pubKey = SubjectPublicKeyInfo.getInstance(publicKeyStream.readObject());
+    publicKeyStream.close();
     
     X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder(
         new X500Name("CN=" + domainName + ", OU=None, O=None L=None, C=None"),
@@ -304,7 +307,7 @@ public class SSLUtil {
     
     X509CertificateHolder certificateHolder = v3CertBuilder.build(contentSigner);
     
-    JcaX509CertificateConverter certConverter = new JcaX509CertificateConverter();
+    JcaX509CertificateConverter certConverter = new JcaX509CertificateConverter().setProvider("BC");
     return certConverter.getCertificate(certificateHolder);
   }
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/d4ce989f/ambari-logsearch/docker/bin/start.sh
----------------------------------------------------------------------
diff --git a/ambari-logsearch/docker/bin/start.sh b/ambari-logsearch/docker/bin/start.sh
index 4c60981..f9e0e8d 100644
--- a/ambari-logsearch/docker/bin/start.sh
+++ b/ambari-logsearch/docker/bin/start.sh
@@ -59,11 +59,13 @@ function create_config() {
 }
 
 function generate_keys() {
-  IP=`hostname --ip-address`
-  echo "generating stores for IP: $IP"
-  mkdir /root/config/ssl
-  keytool -genkeypair -alias logsearch -keyalg RSA -keysize 2048 -keypass bigdata -storepass bigdata -validity 9999 -keystore /root/config/ssl/logsearch.keyStore.jks -ext SAN=DNS:localhost,IP:127.0.0.1,IP:$IP -dname "CN=Common Name, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country" -rfc
-  cp /root/config/ssl/logsearch.keyStore.jks /root/config/ssl/logsearch.trustStore.jks
+  if [ $GENERATE_KEYSTORE_AT_START == 'true' ]
+  then
+    IP=`hostname --ip-address`
+    echo "generating stores for IP: $IP"
+    mkdir -p /etc/ambari-logsearch-portal/conf/keys/
+    keytool -genkeypair -alias logsearch -keyalg RSA -keysize 2048 -keypass bigdata -storepass bigdata -validity 9999 -keystore /etc/ambari-logsearch-portal/conf/keys/logsearch.jks  -ext SAN=DNS:localhost,IP:127.0.0.1,IP:$IP -dname "CN=Common Name, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country" -rfc
+  fi
 }
 
 function start_solr() {

http://git-wip-us.apache.org/repos/asf/ambari/blob/d4ce989f/ambari-logsearch/docker/logsearch-docker.sh
----------------------------------------------------------------------
diff --git a/ambari-logsearch/docker/logsearch-docker.sh b/ambari-logsearch/docker/logsearch-docker.sh
index 76994ee..a2df90f 100755
--- a/ambari-logsearch/docker/logsearch-docker.sh
+++ b/ambari-logsearch/docker/logsearch-docker.sh
@@ -57,7 +57,7 @@ function setup_profile() {
 AMBARI_LOCATION=$HOME/prj/ambari
 MAVEN_REPOSITORY_LOCATION=$HOME/.m2
 LOGSEARCH_EXPOSED_PORTS="-p 8886:8886 -p 61888:61888 -p 5005:5005 -p 5006:5006"
-LOGSEARCH_ENV_OPTS="-e LOGFEEDER_DEBUG_SUSPEND=n -e LOGSEARCH_DEBUG_SUSPEND=n -e COMPONENT_LOG=logsearch -e LOGSEARCH_HTTPS_ENABLED=false -e LOGSEARCH_SOLR_SSL_ENABLED=false"
+LOGSEARCH_ENV_OPTS="-e LOGFEEDER_DEBUG_SUSPEND=n -e LOGSEARCH_DEBUG_SUSPEND=n -e COMPONENT_LOG=logsearch -e LOGSEARCH_HTTPS_ENABLED=false -e LOGSEARCH_SOLR_SSL_ENABLED=false -e GENERATE_KEYSTORE_AT_START=false"
 
 LOGSEARCH_VOLUME_OPTS="-v $AMBARI_LOCATION/ambari-logsearch/docker/test-logs:/root/test-logs -v $AMBARI_LOCATION/ambari-logsearch/docker/test-config:/root/test-config"
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/d4ce989f/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh
----------------------------------------------------------------------
diff --git a/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh b/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh
index 8d92e20..0565bd7 100644
--- a/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh
+++ b/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh
@@ -36,7 +36,7 @@ export LOGSEARCH_DEBUG=true
 export LOGSEARCH_DEBUG_PORT=5005
 
 export LOGSEARCH_SSL="true"
-export LOGSEARCH_KEYSTORE_LOCATION=/root/config/ssl/logsearch.keyStore.jks
+export LOGSEARCH_KEYSTORE_LOCATION=/etc/ambari-logsearch-portal/conf/keys/logsearch.jks
 export LOGSEARCH_KEYSTORE_TYPE=jks
-export LOGSEARCH_TRUSTSTORE_LOCATION=/root/config/ssl/logsearch.trustStore.jks
+export LOGSEARCH_TRUSTSTORE_LOCATION=/etc/ambari-logsearch-portal/conf/keys/logsearch.jks
 export LOGSEARCH_TRUSTSTORE_TYPE=jks