hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jia...@apache.org
Subject [46/50] [abbrv] hadoop git commit: YARN-5975. Remove the agent - slider AM ssl related code. Contributed by Jian He
Date Fri, 10 Feb 2017 02:35:28 GMT
YARN-5975. Remove the agent - slider AM ssl related code. Contributed by Jian He


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/7a06f940
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/7a06f940
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/7a06f940

Branch: refs/heads/yarn-native-services
Commit: 7a06f9405392c1025acd801cdc124ea87b762392
Parents: 8cc72ab
Author: Billie Rinaldi <billie@apache.org>
Authored: Tue Dec 13 10:16:09 2016 -0800
Committer: Jian He <jianhe@apache.org>
Committed: Thu Feb 9 16:58:05 2017 -0800

----------------------------------------------------------------------
 .../slider/api/SliderClusterProtocol.java       |   3 -
 .../slider/api/proto/RestTypeMarshalling.java   |  36 --
 .../org/apache/slider/client/SliderClient.java  |  80 ---
 .../client/ipc/SliderClusterOperations.java     |  28 +-
 .../slider/common/params/ActionClientArgs.java  |  31 +-
 .../apache/slider/providers/ProviderUtils.java  | 141 -----
 .../providers/docker/DockerProviderService.java |   5 -
 .../server/appmaster/SliderAppMaster.java       |  18 +-
 .../rpc/SliderClusterProtocolPBImpl.java        |  12 -
 .../rpc/SliderClusterProtocolProxy.java         |  18 +-
 .../server/appmaster/rpc/SliderIPCService.java  |  54 +-
 .../slider/server/appmaster/web/WebAppApi.java  |  23 -
 .../server/appmaster/web/WebAppApiImpl.java     |  37 +-
 .../AbstractSecurityStoreGenerator.java         |  98 ----
 .../services/security/CertificateManager.java   | 495 -----------------
 .../services/security/KeystoreGenerator.java    |  64 ---
 .../server/services/security/SecurityStore.java |  66 ---
 .../security/SecurityStoreGenerator.java        |  40 --
 .../server/services/security/SecurityUtils.java | 256 ---------
 .../services/security/SignCertResponse.java     |  67 ---
 .../server/services/security/SignMessage.java   |  54 --
 .../services/security/StoresGenerator.java      |  68 ---
 .../services/security/TruststoreGenerator.java  |  62 ---
 .../src/main/proto/SliderClusterProtocol.proto  |   6 -
 .../security/TestCertificateManager.java        | 540 -------------------
 .../TestMultiThreadedStoreGeneration.java       | 156 ------
 26 files changed, 14 insertions(+), 2444 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/7a06f940/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/SliderClusterProtocol.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/SliderClusterProtocol.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/SliderClusterProtocol.java
index 33fce22..893e706 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/SliderClusterProtocol.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/SliderClusterProtocol.java
@@ -173,7 +173,4 @@ public interface SliderClusterProtocol extends VersionedProtocol {
   Messages.WrappedJsonProto getModelResolvedResources(Messages.EmptyPayloadProto request) throws IOException;
 
   Messages.WrappedJsonProto getLiveResources(Messages.EmptyPayloadProto request) throws IOException;
-
-  Messages.GetCertificateStoreResponseProto getClientCertificateStore(Messages.GetCertificateStoreRequestProto request)
-      throws IOException;
 }

http://git-wip-us.apache.org/repos/asf/hadoop/blob/7a06f940/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/proto/RestTypeMarshalling.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/proto/RestTypeMarshalling.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/proto/RestTypeMarshalling.java
index 17fd965..ec35028 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/proto/RestTypeMarshalling.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/api/proto/RestTypeMarshalling.java
@@ -18,8 +18,6 @@
 
 package org.apache.slider.api.proto;
 
-import com.google.protobuf.ByteString;
-import org.apache.commons.io.IOUtils;
 import org.apache.slider.api.types.ApplicationLivenessInformation;
 import org.apache.slider.api.types.ComponentInformation;
 import org.apache.slider.api.types.ContainerInformation;
@@ -30,15 +28,10 @@ import org.apache.slider.core.conf.ConfTree;
 import org.apache.slider.core.conf.ConfTreeOperations;
 import org.apache.slider.core.persist.AggregateConfSerDeser;
 import org.apache.slider.core.persist.ConfTreeSerDeser;
-import org.apache.slider.server.services.security.SecurityStore;
 
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
 import java.io.IOException;
-import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -95,35 +88,6 @@ public class RestTypeMarshalling {
     }
     return info;
   }
-
-  public static Messages.GetCertificateStoreResponseProto marshall(
-      SecurityStore securityStore) throws IOException {
-    Messages.GetCertificateStoreResponseProto.Builder builder =
-        Messages.GetCertificateStoreResponseProto.newBuilder();
-    builder.setStore(ByteString.copyFrom(getStoreBytes(securityStore)));
-
-    return builder.build();
-  }
-
-  private static byte[] getStoreBytes(SecurityStore securityStore)
-      throws IOException {
-    InputStream is = null;
-    byte[] storeBytes;
-    try {
-      is = new FileInputStream(securityStore.getFile());
-      storeBytes = IOUtils.toByteArray(is);
-    } finally {
-      if (is != null) {
-        is.close();
-      }
-    }
-    return storeBytes;
-  }
-
-  public static byte[] unmarshall(Messages.GetCertificateStoreResponseProto response) {
-    return response.getStore().toByteArray();
-  }
-
   public static Messages.ComponentInformationProto marshall(ComponentInformation info) {
 
     Messages.ComponentInformationProto.Builder builder =

http://git-wip-us.apache.org/repos/asf/hadoop/blob/7a06f940/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/SliderClient.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/SliderClient.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/SliderClient.java
index 12f7870..ef45d10 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/SliderClient.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/SliderClient.java
@@ -168,7 +168,6 @@ import org.apache.slider.providers.docker.DockerClientProvider;
 import org.apache.slider.providers.slideram.SliderAMClientProvider;
 import org.apache.slider.server.appmaster.SliderAppMaster;
 import org.apache.slider.server.appmaster.rpc.RpcBinder;
-import org.apache.slider.server.services.security.SecurityStore;
 import org.apache.slider.server.services.utility.AbstractSliderLaunchedService;
 import org.apache.zookeeper.CreateMode;
 import org.apache.zookeeper.KeeperException;
@@ -1223,8 +1222,6 @@ public class SliderClient extends AbstractSliderLaunchedService implements RunSe
       IOException {
     if (clientInfo.install) {
       return doClientInstall(clientInfo);
-    } else if (clientInfo.getCertStore) {
-      return doCertificateStoreRetrieval(clientInfo);
     } else {
       throw new BadCommandArgumentsException(
           "Only install, keystore, and truststore commands are supported for the client.\n"
@@ -1233,83 +1230,6 @@ public class SliderClient extends AbstractSliderLaunchedService implements RunSe
     }
   }
 
-  private int doCertificateStoreRetrieval(ActionClientArgs clientInfo)
-      throws YarnException, IOException {
-    if (clientInfo.keystore != null && clientInfo.truststore != null) {
-      throw new BadCommandArgumentsException(
-          "Only one of either keystore or truststore can be retrieved at one time.  "
-          + "Retrieval of both should be done separately\n"
-          + CommonArgs.usage(serviceArgs, ACTION_CLIENT));
-    }
-
-    requireArgumentSet(Arguments.ARG_NAME, clientInfo.name);
-
-    File storeFile = null;
-    SecurityStore.StoreType type;
-    if (clientInfo.keystore != null) {
-      storeFile = clientInfo.keystore;
-      type = SecurityStore.StoreType.keystore;
-    } else {
-      storeFile = clientInfo.truststore;
-      type = SecurityStore.StoreType.truststore;
-    }
-
-    require (!storeFile.exists(),
-        "File %s already exists.  Please remove that file or select a different file name.",
-         storeFile.getAbsolutePath());
-    String hostname = null;
-    if (type == SecurityStore.StoreType.keystore) {
-      hostname = clientInfo.hostname;
-      if (hostname == null) {
-        hostname = InetAddress.getLocalHost().getCanonicalHostName();
-        log.info("No hostname specified via command line. Using {}", hostname);
-      }
-    }
-
-    String password = clientInfo.password;
-    if (password == null) {
-      String provider = clientInfo.provider;
-      String alias = clientInfo.alias;
-      if (provider != null && alias != null) {
-        Configuration conf = new Configuration(getConfig());
-        conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider);
-        char[] chars = conf.getPassword(alias);
-        if (chars == null) {
-          CredentialProvider credentialProvider =
-              CredentialProviderFactory.getProviders(conf).get(0);
-          chars = readOnePassword(alias);
-          credentialProvider.createCredentialEntry(alias, chars);
-          credentialProvider.flush();
-        }
-        password = String.valueOf(chars);
-        Arrays.fill(chars, ' ');
-      } else {
-        log.info("No password and no provider/alias pair were provided, " +
-            "prompting for password");
-        // get a password
-        password = String.valueOf(readOnePassword(type.name()));
-      }
-    }
-
-    byte[] keystore = createClusterOperations(clientInfo.name)
-        .getClientCertificateStore(hostname, "client", password, type.name());
-    // persist to file
-    FileOutputStream storeFileOutputStream = null;
-    try {
-      storeFileOutputStream = new FileOutputStream(storeFile);
-      IOUtils.write(keystore, storeFileOutputStream);
-    } catch (Exception e) {
-      log.error("Unable to persist to file {}", storeFile);
-      throw e;
-    } finally {
-      if (storeFileOutputStream != null) {
-        storeFileOutputStream.close();
-      }
-    }
-
-    return EXIT_SUCCESS;
-  }
-
   private int doClientInstall(ActionClientArgs clientInfo)
       throws IOException, SliderException {
 

http://git-wip-us.apache.org/repos/asf/hadoop/blob/7a06f940/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/ipc/SliderClusterOperations.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/ipc/SliderClusterOperations.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/ipc/SliderClusterOperations.java
index 392f451..eaf15e6 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/ipc/SliderClusterOperations.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/client/ipc/SliderClusterOperations.java
@@ -19,17 +19,12 @@
 package org.apache.slider.client.ipc;
 
 import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Preconditions;
-import org.apache.hadoop.yarn.api.records.NodeReport;
-import org.apache.hadoop.yarn.api.records.NodeState;
 import org.apache.hadoop.yarn.exceptions.YarnException;
 import org.apache.slider.api.ClusterDescription;
 import org.apache.slider.api.ClusterNode;
 import org.apache.slider.api.SliderClusterProtocol;
 import org.apache.slider.api.StateValues;
 import org.apache.slider.api.proto.Messages;
-
-import static org.apache.slider.api.proto.RestTypeMarshalling.*;
 import org.apache.slider.api.types.ApplicationLivenessInformation;
 import org.apache.slider.api.types.ComponentInformation;
 import org.apache.slider.api.types.ContainerInformation;
@@ -37,7 +32,6 @@ import org.apache.slider.api.types.NodeInformation;
 import org.apache.slider.api.types.NodeInformationList;
 import org.apache.slider.api.types.PingInformation;
 import org.apache.slider.common.tools.Duration;
-import org.apache.slider.common.tools.SliderUtils;
 import org.apache.slider.core.conf.AggregateConf;
 import org.apache.slider.core.conf.ConfTree;
 import org.apache.slider.core.conf.ConfTreeOperations;
@@ -45,8 +39,6 @@ import org.apache.slider.core.exceptions.NoSuchNodeException;
 import org.apache.slider.core.exceptions.SliderException;
 import org.apache.slider.core.exceptions.WaitTimeoutException;
 import org.apache.slider.core.persist.ConfTreeSerDeser;
-import org.apache.slider.server.services.security.SecurityStore;
-import org.apache.slider.server.services.security.SignCertResponse;
 import org.codehaus.jackson.JsonParseException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -59,6 +51,8 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import static org.apache.slider.api.proto.RestTypeMarshalling.*;
+
 /**
  * Cluster operations at a slightly higher level than the RPC code
  */
@@ -508,22 +502,4 @@ public class SliderClusterOperations {
         );
     return unmarshall(proto);
   }
-
-  public byte[] getClientCertificateStore(String hostname, String clientId,
-      String password, String type) throws IOException {
-    Messages.GetCertificateStoreRequestProto.Builder
-        builder = Messages.GetCertificateStoreRequestProto.newBuilder();
-    if (hostname != null) {
-      builder.setHostname(hostname);
-    }
-    Messages.GetCertificateStoreRequestProto requestProto =
-        builder.setRequesterId(clientId)
-               .setPassword(password)
-               .setType(type)
-               .build();
-    Messages.GetCertificateStoreResponseProto response =
-        appMaster.getClientCertificateStore(requestProto);
-
-    return unmarshall(response);
-  }
 }

http://git-wip-us.apache.org/repos/asf/hadoop/blob/7a06f940/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/common/params/ActionClientArgs.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/common/params/ActionClientArgs.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/common/params/ActionClientArgs.java
index 85d39ea..09e2b62 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/common/params/ActionClientArgs.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/common/params/ActionClientArgs.java
@@ -37,39 +37,10 @@ public class ActionClientArgs extends AbstractActionArgs {
       description = "Install client")
   public boolean install;
 
-  @Parameter(names = {ARG_GETCERTSTORE},
-      description = "Get a certificate store")
-  public boolean getCertStore;
-
-  @Parameter(names = {ARG_KEYSTORE},
-      description = "Retrieve keystore to specified location")
-  public File keystore;
-
-  @Parameter(names = {ARG_TRUSTSTORE},
-      description = "Retrieve truststore to specified location")
-  public File truststore;
-
-  @Parameter(names = {ARG_HOSTNAME},
-      description = "(Optional) Specify the hostname to use for generation of keystore certificate")
-  public String hostname;
-
   @Parameter(names = {ARG_NAME},
       description = "The name of the application")
   public String name;
 
-  @Parameter(names = {ARG_PROVIDER},
-      description = "The credential provider in which the password is stored")
-  public String provider;
-
-  @Parameter(names = {ARG_ALIAS},
-      description = "The credential provider alias associated with the password")
-  public String alias;
-
-  @Parameter(names = {ARG_PASSWORD},
-      description = "The certificate store password (alternative to " +
-          "provider/alias; if password is specified, those will be ignored)")
-  public String password;
-
   @Parameter(names = {ARG_PACKAGE},
       description = "Path to app package")
   public String packageURI;
@@ -95,4 +66,4 @@ public class ActionClientArgs extends AbstractActionArgs {
   public int getMaxParams() {
     return 1;
   }
-}
\ No newline at end of file
+}

http://git-wip-us.apache.org/repos/asf/hadoop/blob/7a06f940/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/ProviderUtils.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/ProviderUtils.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/ProviderUtils.java
index bc237f5..cff5ed8 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/ProviderUtils.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/ProviderUtils.java
@@ -30,7 +30,6 @@ import org.apache.hadoop.registry.client.types.ServiceRecord;
 import org.apache.hadoop.registry.client.types.yarn.PersistencePolicies;
 import org.apache.hadoop.registry.client.types.yarn.YarnRegistryAttributes;
 import org.apache.hadoop.util.StringUtils;
-import org.apache.hadoop.yarn.api.records.Container;
 import org.apache.hadoop.yarn.api.records.LocalResource;
 import org.apache.hadoop.yarn.api.records.LocalResourceType;
 import org.apache.slider.api.ClusterNode;
@@ -38,7 +37,6 @@ import org.apache.slider.api.InternalKeys;
 import org.apache.slider.api.OptionKeys;
 import org.apache.slider.api.ResourceKeys;
 import org.apache.slider.api.RoleKeys;
-import org.apache.slider.common.SliderExitCodes;
 import org.apache.slider.common.SliderKeys;
 import org.apache.slider.common.SliderXmlConfKeys;
 import org.apache.slider.common.tools.SliderFileSystem;
@@ -59,9 +57,6 @@ import org.apache.slider.core.registry.docstore.PublishedConfigurationOutputter;
 import org.apache.slider.core.registry.docstore.PublishedExports;
 import org.apache.slider.server.appmaster.state.RoleInstance;
 import org.apache.slider.server.appmaster.state.StateAccessForProviders;
-import org.apache.slider.server.services.security.CertificateManager;
-import org.apache.slider.server.services.security.SecurityStore;
-import org.apache.slider.server.services.security.StoresGenerator;
 import org.apache.slider.server.services.yarnregistry.YarnRegistryViewForProviders;
 import org.slf4j.Logger;
 
@@ -398,61 +393,6 @@ public class ProviderUtils implements RoleKeys, SliderKeys {
     }
   }
 
-  /**
-   * Return whether two-way SSL is enabled for Agent / AM communication.
-   * @param amComponent component specification
-   * @return true if enabled
-   */
-  public boolean hasTwoWaySSLEnabled(MapOperations amComponent) {
-    return amComponent != null ?
-        amComponent.getOptionBool(TWO_WAY_SSL_ENABLED, false) : false;
-  }
-
-  /**
-   * Generate and localize SSL certs for Agent / AM communication
-   * @param launcher container launcher
-   * @param container allocated container information
-   * @param fileSystem file system
-   * @param clusterName app name
-   * @throws SliderException certs cannot be generated/uploaded
-   */
-  public void localizeContainerSSLResources(ContainerLauncher launcher,
-      Container container, SliderFileSystem fileSystem, String clusterName)
-      throws SliderException {
-    try {
-      // localize server cert
-      Path certsDir = fileSystem.buildClusterSecurityDirPath(clusterName);
-      LocalResource certResource = fileSystem.createAmResource(
-          new Path(certsDir, CRT_FILE_NAME),
-          LocalResourceType.FILE);
-      launcher.addLocalResource(CERT_FILE_LOCALIZATION_PATH, certResource);
-
-      // generate and localize agent cert
-      CertificateManager certMgr = new CertificateManager();
-      String hostname = container.getNodeId().getHost();
-      String containerId = container.getId().toString();
-      certMgr.generateContainerCertificate(hostname, containerId);
-      LocalResource agentCertResource = fileSystem.createAmResource(
-          uploadSecurityResource(
-              CertificateManager.getAgentCertficateFilePath(containerId),
-              fileSystem, clusterName), LocalResourceType.FILE);
-      // still using hostname as file name on the agent side, but the files
-      // do end up under the specific container's file space
-      launcher.addLocalResource(INFRA_RUN_SECURITY_DIR + hostname +
-          ".crt", agentCertResource);
-      LocalResource agentKeyResource = fileSystem.createAmResource(
-          uploadSecurityResource(
-              CertificateManager.getAgentKeyFilePath(containerId), fileSystem,
-              clusterName),
-          LocalResourceType.FILE);
-      launcher.addLocalResource(INFRA_RUN_SECURITY_DIR + hostname +
-          ".key", agentKeyResource);
-
-    } catch (Exception e) {
-      throw new SliderException(SliderExitCodes.EXIT_DEPLOYMENT_FAILED, e,
-          "Unable to localize certificates.  Two-way SSL cannot be enabled");
-    }
-  }
 
   /**
    * Upload a local file to the cluster security dir in HDFS. If the file
@@ -707,87 +647,6 @@ public class ProviderUtils implements RoleKeys, SliderKeys {
   }
 
   /**
-   * Generate and localize security stores requested by the app. Also perform
-   * last-minute substitution of cluster name into credentials strings.
-   * @param launcher container launcher
-   * @param container allocated container information
-   * @param role component name
-   * @param fileSystem file system
-   * @param instanceDefinition app specification
-   * @param compOps component specification
-   * @param clusterName app name
-   * @throws SliderException stores cannot be generated/uploaded
-   * @throws IOException stores cannot be generated/uploaded
-   */
-  public void localizeContainerSecurityStores(ContainerLauncher launcher,
-      Container container,
-      String role,
-      SliderFileSystem fileSystem,
-      AggregateConf instanceDefinition,
-      MapOperations compOps,
-      String clusterName)
-      throws SliderException, IOException {
-    // substitute CLUSTER_NAME into credentials
-    Map<String,List<String>> newcred = new HashMap<>();
-    for (Entry<String,List<String>> entry :
-        instanceDefinition.getAppConf().credentials.entrySet()) {
-      List<String> resultList = new ArrayList<>();
-      for (String v : entry.getValue()) {
-        resultList.add(v.replaceAll(Pattern.quote("${CLUSTER_NAME}"),
-            clusterName).replaceAll(Pattern.quote("${CLUSTER}"),
-            clusterName));
-      }
-      newcred.put(entry.getKey().replaceAll(Pattern.quote("${CLUSTER_NAME}"),
-          clusterName).replaceAll(Pattern.quote("${CLUSTER}"),
-          clusterName),
-          resultList);
-    }
-    instanceDefinition.getAppConf().credentials = newcred;
-
-    // generate and localize security stores
-    SecurityStore[] stores = generateSecurityStores(container, role,
-        instanceDefinition, compOps);
-    for (SecurityStore store : stores) {
-      LocalResource keystoreResource = fileSystem.createAmResource(
-          uploadSecurityResource(store.getFile(), fileSystem, clusterName),
-          LocalResourceType.FILE);
-      launcher.addLocalResource(String.format("secstores/%s-%s.p12",
-          store.getType(), role),
-          keystoreResource);
-    }
-  }
-
-  /**
-   * Generate security stores requested by the app.
-   * @param container allocated container information
-   * @param role component name
-   * @param instanceDefinition app specification
-   * @param compOps component specification
-   * @return security stores
-   * @throws SliderException stores cannot be generated
-   * @throws IOException stores cannot be generated
-   */
-  private SecurityStore[] generateSecurityStores(Container container,
-      String role,
-      AggregateConf instanceDefinition,
-      MapOperations compOps)
-      throws SliderException, IOException {
-    return StoresGenerator.generateSecurityStores(
-        container.getNodeId().getHost(), container.getId().toString(),
-        role, instanceDefinition, compOps);
-  }
-
-  /**
-   * Return whether security stores are requested by the app.
-   * @param compOps component specification
-   * @return true if stores are requested
-   */
-  public boolean areStoresRequested(MapOperations compOps) {
-    return compOps != null ? compOps.
-        getOptionBool(COMP_STORES_REQUIRED_KEY, false) : false;
-  }
-
-  /**
    * Localize application tarballs and other resources requested by the app.
    * @param launcher container launcher
    * @param fileSystem file system

http://git-wip-us.apache.org/repos/asf/hadoop/blob/7a06f940/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/docker/DockerProviderService.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/docker/DockerProviderService.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/docker/DockerProviderService.java
index e4a7cdf..1482062 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/docker/DockerProviderService.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/providers/docker/DockerProviderService.java
@@ -165,11 +165,6 @@ public class DockerProviderService extends AbstractProviderService implements
           fileSystem, getClusterName());
     }
 
-    if (providerUtils.areStoresRequested(appComponent)) {
-      providerUtils.localizeContainerSecurityStores(launcher, container,
-          roleName, fileSystem, instanceDefinition, appComponent, getClusterName());
-    }
-
     if (appComponent.getOptionBool(AM_CONFIG_GENERATION, false)) {
       // build and localize configuration files
       Map<String, Map<String, String>> configurations =

http://git-wip-us.apache.org/repos/asf/hadoop/blob/7a06f940/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
index 8c39343..74dbc88 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java
@@ -26,8 +26,6 @@ import org.apache.commons.collections.CollectionUtils;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
 import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.fs.permission.FsAction;
-import org.apache.hadoop.fs.permission.FsPermission;
 import org.apache.hadoop.hdfs.HdfsConfiguration;
 import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier;
 import org.apache.hadoop.http.HttpConfig;
@@ -155,7 +153,6 @@ import org.apache.slider.server.appmaster.web.rest.InsecureAmFilterInitializer;
 import org.apache.slider.server.appmaster.web.rest.RestPaths;
 import org.apache.slider.server.appmaster.web.rest.application.ApplicationResouceContentCacheFactory;
 import org.apache.slider.server.appmaster.web.rest.application.resources.ContentCache;
-import org.apache.slider.server.services.security.CertificateManager;
 import org.apache.slider.server.services.utility.AbstractSliderLaunchedService;
 import org.apache.slider.server.services.utility.WebAppService;
 import org.apache.slider.server.services.workflow.ServiceThreadFactory;
@@ -373,7 +370,6 @@ public class SliderAppMaster extends AbstractSliderLaunchedService
   @SuppressWarnings("FieldAccessedSynchronizedAndUnsynchronized")
   private InetSocketAddress rpcServiceAddress;
   private SliderAMProviderService sliderAMProvider;
-  private CertificateManager certificateManager;
 
   /**
    * Executor.
@@ -732,8 +728,6 @@ public class SliderAppMaster extends AbstractSliderLaunchedService
         }
       }
 
-      certificateManager = new CertificateManager();
-
       //bring up the Slider RPC service
       buildPortScanner(instanceDefinition);
       startSliderRPCServer(instanceDefinition);
@@ -757,18 +751,12 @@ public class SliderAppMaster extends AbstractSliderLaunchedService
       // Start up the WebApp and track the URL for it
       MapOperations component = instanceDefinition.getAppConfOperations()
           .getComponent(SliderKeys.COMPONENT_AM);
-      certificateManager.initialize(component, appMasterHostname,
-                                    appMasterContainerID.toString(),
-                                    clustername);
-      certificateManager.setPassphrase(instanceDefinition.getPassphrase());
 
       // Web service endpoints: initialize
       WebAppApiImpl webAppApi =
           new WebAppApiImpl(
               stateForProviders,
-              providerService,
-              certificateManager,
-              registryOperations,
+              providerService, registryOperations,
               metricsAndMonitoring,
               actionQueues,
               this,
@@ -1551,9 +1539,7 @@ public class SliderAppMaster extends AbstractSliderLaunchedService
     verifyIPCAccess();
 
     sliderIPCService = new SliderIPCService(
-        this,
-        certificateManager,
-        stateForProviders,
+        this, stateForProviders,
         actionQueues,
         metricsAndMonitoring,
         contentCache);

http://git-wip-us.apache.org/repos/asf/hadoop/blob/7a06f940/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolPBImpl.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolPBImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolPBImpl.java
index f0d9063..fbd408e 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolPBImpl.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolPBImpl.java
@@ -303,16 +303,4 @@ public class SliderClusterProtocolPBImpl implements SliderClusterProtocolPB {
       throw wrap(e);
     }
   }
-
-  @Override
-  public Messages.GetCertificateStoreResponseProto getClientCertificateStore(
-      RpcController controller,
-      Messages.GetCertificateStoreRequestProto request)
-      throws ServiceException {
-    try {
-      return real.getClientCertificateStore(request);
-    } catch (Exception e) {
-      throw wrap(e);
-    }
-  }
 }

http://git-wip-us.apache.org/repos/asf/hadoop/blob/7a06f940/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolProxy.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolProxy.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolProxy.java
index b230816..448c6f3 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolProxy.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderClusterProtocolProxy.java
@@ -88,10 +88,9 @@ public class SliderClusterProtocolProxy implements SliderClusterProtocol {
     return ioe;
   }
   
-  @Override
-  public Messages.StopClusterResponseProto stopCluster(Messages.StopClusterRequestProto request) throws
-                                                                                                 IOException,
-                                                                                                 YarnException {
+  @Override public Messages.StopClusterResponseProto stopCluster(
+      Messages.StopClusterRequestProto request)
+      throws IOException, YarnException {
     try {
       return endpoint.stopCluster(NULL_CONTROLLER, request);
     } catch (ServiceException e) {
@@ -343,16 +342,5 @@ public class SliderClusterProtocolProxy implements SliderClusterProtocol {
     } catch (ServiceException e) {
       throw convert(e);
     }
-
-  }
-
-  @Override
-  public Messages.GetCertificateStoreResponseProto getClientCertificateStore(Messages.GetCertificateStoreRequestProto request) throws
-      IOException {
-    try {
-      return endpoint.getClientCertificateStore(NULL_CONTROLLER, request);
-    } catch (ServiceException e) {
-      throw convert(e);
-    }
   }
 }

http://git-wip-us.apache.org/repos/asf/hadoop/blob/7a06f940/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderIPCService.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderIPCService.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderIPCService.java
index fda23aa..00910a4 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderIPCService.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/rpc/SliderIPCService.java
@@ -35,7 +35,6 @@ import org.apache.slider.api.types.NodeInformationList;
 import org.apache.slider.core.conf.AggregateConf;
 import org.apache.slider.core.conf.ConfTree;
 import org.apache.slider.core.exceptions.ServiceNotReadyException;
-import org.apache.slider.core.exceptions.SliderException;
 import org.apache.slider.core.main.LauncherExitCodes;
 import org.apache.slider.core.persist.AggregateConfSerDeser;
 import org.apache.slider.core.persist.ConfTreeSerDeser;
@@ -51,8 +50,6 @@ import org.apache.slider.server.appmaster.management.MetricsAndMonitoring;
 import org.apache.slider.server.appmaster.state.RoleInstance;
 import org.apache.slider.server.appmaster.state.StateAccessForProviders;
 import org.apache.slider.server.appmaster.web.rest.application.resources.ContentCache;
-import org.apache.slider.server.services.security.CertificateManager;
-import org.apache.slider.server.services.security.SecurityStore;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -63,16 +60,7 @@ import java.util.Map;
 import java.util.concurrent.TimeUnit;
 
 import static org.apache.slider.api.proto.RestTypeMarshalling.marshall;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.LIVE_COMPONENTS;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.LIVE_CONTAINERS;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.LIVE_NODES;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.LIVE_RESOURCES;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.MODEL_DESIRED;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.MODEL_DESIRED_APPCONF;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.MODEL_DESIRED_RESOURCES;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.MODEL_RESOLVED;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.MODEL_RESOLVED_APPCONF;
-import static org.apache.slider.server.appmaster.web.rest.RestPaths.MODEL_RESOLVED_RESOURCES;
+import static org.apache.slider.server.appmaster.web.rest.RestPaths.*;
 
 /**
  * Implement the {@link SliderClusterProtocol}.
@@ -90,7 +78,6 @@ public class SliderIPCService extends AbstractService
   private final MetricsAndMonitoring metricsAndMonitoring;
   private final AppMasterActionOperations amOperations;
   private final ContentCache cache;
-  private final CertificateManager certificateManager;
 
   /**
    * This is the prefix used for metrics
@@ -107,11 +94,8 @@ public class SliderIPCService extends AbstractService
    * @param cache
    */
   public SliderIPCService(AppMasterActionOperations amOperations,
-      CertificateManager certificateManager,
-      StateAccessForProviders state,
-      QueueAccess actionQueues,
-      MetricsAndMonitoring metricsAndMonitoring,
-      ContentCache cache) {
+      StateAccessForProviders state, QueueAccess actionQueues,
+      MetricsAndMonitoring metricsAndMonitoring, ContentCache cache) {
     super("SliderIPCService");
     Preconditions.checkArgument(amOperations != null, "null amOperations");
     Preconditions.checkArgument(state != null, "null appState");
@@ -124,7 +108,6 @@ public class SliderIPCService extends AbstractService
     this.metricsAndMonitoring = metricsAndMonitoring;
     this.amOperations = amOperations;
     this.cache = cache;
-    this.certificateManager = certificateManager;
   }
 
   @Override   //SliderClusterProtocol
@@ -517,35 +500,4 @@ public class SliderIPCService extends AbstractService
     builder.setJson(json);
     return builder.build();
   }
-
-  @Override
-  public Messages.GetCertificateStoreResponseProto getClientCertificateStore(Messages.GetCertificateStoreRequestProto request) throws
-      IOException {
-    String hostname = request.getHostname();
-    String clientId = request.getRequesterId();
-    String password = request.getPassword();
-    String type = request.getType();
-
-    SecurityStore store = null;
-    try {
-      if ( SecurityStore.StoreType.keystore.equals(
-          SecurityStore.StoreType.valueOf(type))) {
-        store = certificateManager.generateContainerKeystore(hostname,
-                                                             clientId,
-                                                             null,
-                                                             password);
-      } else if (SecurityStore.StoreType.truststore.equals(
-          SecurityStore.StoreType.valueOf(type))) {
-        store = certificateManager.generateContainerTruststore(clientId,
-                                                               null,
-                                                               password);
-
-      } else {
-        throw new IOException("Illegal store type");
-      }
-    } catch (SliderException e) {
-      throw new IOException(e);
-    }
-    return marshall(store);
-  }
 }

http://git-wip-us.apache.org/repos/asf/hadoop/blob/7a06f940/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApi.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApi.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApi.java
index 65a3591..ea07a8a 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApi.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApi.java
@@ -18,16 +18,11 @@ package org.apache.slider.server.appmaster.web;
 
 import org.apache.hadoop.registry.client.api.RegistryOperations;
 import org.apache.slider.providers.ProviderService;
-import org.apache.slider.server.appmaster.AppMasterActionOperations;
 import org.apache.slider.server.appmaster.actions.QueueAccess;
 import org.apache.slider.server.appmaster.management.MetricsAndMonitoring;
 import org.apache.slider.server.appmaster.state.AppState;
-import org.apache.slider.server.appmaster.state.RoleStatus;
 import org.apache.slider.server.appmaster.state.StateAccessForProviders;
 import org.apache.slider.server.appmaster.web.rest.application.resources.ContentCache;
-import org.apache.slider.server.services.security.CertificateManager;
-
-import java.util.Map;
 
 /**
  * Interface to pass information from the Slider AppMaster to the WebApp
@@ -43,18 +38,6 @@ public interface WebAppApi {
    * The {@link ProviderService} for the current cluster
    */
   ProviderService getProviderService();
-
-
-  /**
-   * The {@link CertificateManager} for the current cluster
-   */
-  CertificateManager getCertificateManager();
-
-  /**
-   * Generate a mapping from role name to its {@link RoleStatus}. Be aware that this
-   * is a computed value and not just a getter
-   */
-  Map<String, RoleStatus> getRoleStatusByName();
   
   /**
    * Registry operations accessor
@@ -75,12 +58,6 @@ public interface WebAppApi {
   QueueAccess getQueues();
 
   /**
-   * API for AM operations
-   * @return current operations implementation
-   */
-  AppMasterActionOperations getAMOperations();
-
-  /**
    * Local cache of content
    * @return the cache
    */

http://git-wip-us.apache.org/repos/asf/hadoop/blob/7a06f940/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApiImpl.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApiImpl.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApiImpl.java
index bd4d2bf..d20f1ad 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApiImpl.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/appmaster/web/WebAppApiImpl.java
@@ -21,17 +21,11 @@ import org.apache.slider.providers.ProviderService;
 import org.apache.slider.server.appmaster.AppMasterActionOperations;
 import org.apache.slider.server.appmaster.actions.QueueAccess;
 import org.apache.slider.server.appmaster.management.MetricsAndMonitoring;
-import org.apache.slider.server.appmaster.state.RoleStatus;
 import org.apache.slider.server.appmaster.state.StateAccessForProviders;
 import org.apache.slider.server.appmaster.web.rest.application.resources.ContentCache;
-import org.apache.slider.server.services.security.CertificateManager;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.util.List;
-import java.util.Map;
-import java.util.TreeMap;
-
 import static com.google.common.base.Preconditions.checkNotNull;
 
 /**
@@ -42,7 +36,6 @@ public class WebAppApiImpl implements WebAppApi {
 
   protected final StateAccessForProviders appState;
   protected final ProviderService provider;
-  protected final CertificateManager certificateManager;
   private final RegistryOperations registryOperations;
   private final MetricsAndMonitoring metricsAndMonitoring;
   private final QueueAccess queues;
@@ -50,13 +43,9 @@ public class WebAppApiImpl implements WebAppApi {
   private final ContentCache contentCache;
 
   public WebAppApiImpl(StateAccessForProviders appState,
-      ProviderService provider,
-      CertificateManager certificateManager,
-      RegistryOperations registryOperations,
-      MetricsAndMonitoring metricsAndMonitoring,
-      QueueAccess queues,
-      AppMasterActionOperations appMasterOperations,
-      ContentCache contentCache) {
+      ProviderService provider, RegistryOperations registryOperations,
+      MetricsAndMonitoring metricsAndMonitoring, QueueAccess queues,
+      AppMasterActionOperations appMasterOperations, ContentCache contentCache) {
     this.appMasterOperations = appMasterOperations;
     this.contentCache = contentCache;
     checkNotNull(appState);
@@ -66,7 +55,6 @@ public class WebAppApiImpl implements WebAppApi {
     this.registryOperations = registryOperations;
     this.appState = appState;
     this.provider = provider;
-    this.certificateManager = certificateManager;
     this.metricsAndMonitoring = metricsAndMonitoring;
   }
 
@@ -81,21 +69,6 @@ public class WebAppApiImpl implements WebAppApi {
   }
 
   @Override
-  public CertificateManager getCertificateManager() {
-    return certificateManager;
-  }
-
-  @Override
-  public Map<String,RoleStatus> getRoleStatusByName() {
-    List<RoleStatus> roleStatuses = appState.cloneRoleStatusList();
-    Map<String, RoleStatus> map = new TreeMap<>();
-    for (RoleStatus status : roleStatuses) {
-      map.put(status.getName(), status);
-    }
-    return map;
-  }
-
-  @Override
   public RegistryOperations getRegistryOperations() {
     return registryOperations;
   }
@@ -110,10 +83,6 @@ public class WebAppApiImpl implements WebAppApi {
     return queues;
   }
 
-  @Override
-  public AppMasterActionOperations getAMOperations() {
-    return appMasterOperations;
-  }
 
   @Override
   public ContentCache getContentCache() {

http://git-wip-us.apache.org/repos/asf/hadoop/blob/7a06f940/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/AbstractSecurityStoreGenerator.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/AbstractSecurityStoreGenerator.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/AbstractSecurityStoreGenerator.java
deleted file mode 100644
index 11d3aa1..0000000
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/AbstractSecurityStoreGenerator.java
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.slider.server.services.security;
-
-import org.apache.hadoop.conf.Configuration;
-import org.apache.hadoop.security.alias.CredentialProvider;
-import org.apache.hadoop.security.alias.CredentialProviderFactory;
-import org.apache.slider.common.SliderKeys;
-import org.apache.slider.core.conf.MapOperations;
-import org.apache.slider.core.exceptions.SliderException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.IOException;
-import java.util.List;
-import java.util.Map;
-
-/**
- *
- */
-public abstract class AbstractSecurityStoreGenerator implements
-    SecurityStoreGenerator {
-  private static final Logger LOG =
-      LoggerFactory.getLogger(AbstractSecurityStoreGenerator.class);
-
-  protected CertificateManager certificateMgr;
-
-  public AbstractSecurityStoreGenerator(CertificateManager certificateMgr) {
-    this.certificateMgr = certificateMgr;
-  }
-
-  protected String getStorePassword(Map<String, List<String>> credentials,
-                                    MapOperations compOps, String role)
-      throws SliderException, IOException {
-    String password = getPassword(compOps);
-    if (password == null) {
-      // need to leverage credential provider
-      String alias = getAlias(compOps);
-      LOG.debug("Alias {} found for role {}", alias, role);
-      if (alias == null) {
-        throw new SliderException("No store password or credential provider "
-                                  + "alias found");
-      }
-      if (credentials.isEmpty()) {
-        LOG.info("Credentials can not be retrieved for store generation since "
-                 + "no CP paths are configured");
-      }
-      synchronized (this) {
-        for (Map.Entry<String, List<String>> cred : credentials.entrySet()) {
-          String provider = cred.getKey();
-          Configuration c = new Configuration();
-          c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider);
-          LOG.debug("Configured provider {}", provider);
-          CredentialProvider cp =
-              CredentialProviderFactory.getProviders(c).get(0);
-          LOG.debug("Aliases: {}", cp.getAliases());
-          char[] credential = c.getPassword(alias);
-          if (credential != null) {
-            LOG.info("Credential found for role {}", role);
-            return String.valueOf(credential);
-          }
-        }
-      }
-
-      if (password == null) {
-        LOG.info("No store credential found for alias {}.  "
-                 + "Generation of store for {} is not possible.", alias, role);
-
-      }
-    }
-
-    return password;
-
-  }
-
-  @Override
-  public boolean isStoreRequested(MapOperations compOps) {
-    return compOps.getOptionBool(SliderKeys.COMP_STORES_REQUIRED_KEY, false);
-  }
-
-  abstract String getPassword(MapOperations compOps);
-
-  abstract String getAlias(MapOperations compOps);
-}

http://git-wip-us.apache.org/repos/asf/hadoop/blob/7a06f940/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java
deleted file mode 100644
index e436ae9..0000000
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java
+++ /dev/null
@@ -1,495 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.slider.server.services.security;
-
-import com.google.inject.Singleton;
-import org.apache.commons.io.FileUtils;
-import org.apache.slider.common.SliderKeys;
-import org.apache.slider.core.conf.MapOperations;
-import org.apache.slider.core.exceptions.SliderException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.nio.charset.Charset;
-import java.text.MessageFormat;
-
-@Singleton
-public class CertificateManager {
-
-  private static final Logger LOG =
-      LoggerFactory.getLogger(CertificateManager.class);
-
-  private static final String GEN_SRVR_KEY = "openssl genrsa -des3 " +
-      "-passout pass:{0} -out {1}" + File.separator + "{2} 4096 ";
-  private static final String GEN_SRVR_REQ = "openssl req -passin pass:{0} " +
-      "-new -key {1}" + File.separator + "{2} -out {1}" + File.separator +
-      "{5} -config {1}" + File.separator + "ca.config " +
-      "-subj {6} -batch";
-  private static final String SIGN_SRVR_CRT = "openssl ca -create_serial " +
-    "-out {1}" + File.separator + "{3} -days 365 -keyfile {1}" + File.separator
-    + "{2} -key {0} -selfsign -extensions jdk7_ca -config {1}" + File.separator
-    + "ca.config -batch -infiles {1}" + File.separator + "{5}";
-  private static final String EXPRT_KSTR = "openssl pkcs12 -export" +
-      " -in {2}" + File.separator + "{4} -inkey {2}" + File.separator +
-      "{3} -certfile {2}" + File.separator + "{4} -out {2}" + File.separator +
-      "{5} -password pass:{1} -passin pass:{0} \n";
-  private static final String REVOKE_AGENT_CRT = "openssl ca " +
-      "-config {0}" + File.separator + "ca.config -keyfile {0}" +
-      File.separator + "{4} -revoke {0}" + File.separator + "{2} -batch " +
-      "-passin pass:{3} -cert {0}" + File.separator + "{5}";
-  private static final String SIGN_AGENT_CRT = "openssl ca -config " +
-      "{0}" + File.separator + "ca.config -in {0}" + File.separator +
-      "{1} -out {0}" + File.separator + "{2} -batch -passin pass:{3} " +
-      "-keyfile {0}" + File.separator + "{4} -cert {0}" + File.separator + "{5}";
-  private static final String GEN_AGENT_KEY="openssl req -new -newkey " +
-      "rsa:1024 -nodes -keyout {0}" + File.separator +
-      "{2}.key -subj {1} -out {0}" + File.separator + "{2}.csr " +
-      "-config {3}" + File.separator + "ca.config ";
-  private String passphrase;
-  private String applicationName;
-
-
-  public void initialize(MapOperations compOperations) throws SliderException {
-    String hostname = null;
-    try {
-      hostname = InetAddress.getLocalHost().getCanonicalHostName();
-    } catch (UnknownHostException e) {
-      hostname = "localhost";
-    }
-    this.initialize(compOperations, hostname, null, null);
-  }
-
-  /**
-    * Verify that root certificate exists, generate it otherwise.
-    */
-  public void initialize(MapOperations compOperations,
-                         String hostname, String containerId,
-                         String appName) throws SliderException {
-    SecurityUtils.initializeSecurityParameters(compOperations);
-
-    LOG.info("Initialization of root certificate");
-    boolean certExists = isCertExists();
-    LOG.info("Certificate exists:" + certExists);
-
-    this.applicationName = appName;
-
-    if (!certExists) {
-      generateAMKeystore(hostname, containerId);
-    }
-
-  }
-
-  /**
-   * Checks root certificate state.
-   * @return "true" if certificate exists
-   */
-  private boolean isCertExists() {
-
-    String srvrKstrDir = SecurityUtils.getSecurityDir();
-    String srvrCrtName = SliderKeys.CRT_FILE_NAME;
-    File certFile = new File(srvrKstrDir + File.separator + srvrCrtName);
-    LOG.debug("srvrKstrDir = " + srvrKstrDir);
-    LOG.debug("srvrCrtName = " + srvrCrtName);
-    LOG.debug("certFile = " + certFile.getAbsolutePath());
-
-    return certFile.exists();
-  }
-
-  public void setPassphrase(String passphrase) {
-    this.passphrase = passphrase;
-  }
-
-  class StreamConsumer extends Thread
-  {
-    InputStream is;
-    boolean logOutput;
-
-    StreamConsumer(InputStream is, boolean logOutput)
-    {
-      this.is = is;
-      this.logOutput = logOutput;
-    }
-
-    StreamConsumer(InputStream is)
-    {
-      this(is, false);
-    }
-
-    public void run()
-    {
-      try
-      {
-        InputStreamReader isr = new InputStreamReader(is,
-                                                      Charset.forName("UTF8"));
-        BufferedReader br = new BufferedReader(isr);
-        String line;
-        while ( (line = br.readLine()) != null)
-          if (logOutput) {
-            LOG.info(line);
-          }
-      } catch (IOException e)
-      {
-        LOG.error("Error during processing of process stream", e);
-      }
-    }
-  }
-
-
-  /**
-   * Runs os command
-   *
-   * @return command execution exit code
-   */
-  private int runCommand(String command) throws SliderException {
-    int exitCode = -1;
-    String line = null;
-    Process process = null;
-    BufferedReader br= null;
-    try {
-      process = Runtime.getRuntime().exec(command);
-      StreamConsumer outputConsumer =
-          new StreamConsumer(process.getInputStream(), true);
-      StreamConsumer errorConsumer =
-          new StreamConsumer(process.getErrorStream(), true);
-
-      outputConsumer.start();
-      errorConsumer.start();
-
-      try {
-        process.waitFor();
-        SecurityUtils.logOpenSslExitCode(command, process.exitValue());
-        exitCode = process.exitValue();
-        if (exitCode != 0) {
-          throw new SliderException(exitCode, "Error running command %s", command);
-        }
-      } catch (InterruptedException e) {
-        e.printStackTrace();
-      }
-    } catch (IOException e) {
-      e.printStackTrace();
-    } finally {
-      if (br != null) {
-        try {
-          br.close();
-        } catch (IOException ioe) {
-          ioe.printStackTrace();
-        }
-      }
-    }
-
-    return exitCode;//some exception occurred
-
-  }
-
-  public synchronized void generateContainerCertificate(String hostname,
-                                                        String identifier) {
-    LOG.info("Generation of certificate for {}", hostname);
-
-    String srvrKstrDir = SecurityUtils.getSecurityDir();
-    Object[] scriptArgs = {srvrKstrDir, getSubjectDN(hostname, identifier,
-        this.applicationName), identifier, SecurityUtils.getSecurityDir()};
-
-    try {
-      String command = MessageFormat.format(GEN_AGENT_KEY, scriptArgs);
-      runCommand(command);
-
-      signAgentCertificate(identifier);
-
-    } catch (SliderException e) {
-      LOG.error("Error generating the agent certificate", e);
-    }
-  }
-
-  public synchronized SecurityStore generateContainerKeystore(String hostname,
-                                                              String requesterId,
-                                                              String role,
-                                                              String keystorePass)
-      throws SliderException {
-    LOG.info("Generation of container keystore for container {} on {}",
-             requesterId, hostname);
-
-    generateContainerCertificate(hostname, requesterId);
-
-    // come up with correct args to invoke keystore command
-    String srvrCrtPass = SecurityUtils.getKeystorePass();
-    String srvrKstrDir = SecurityUtils.getSecurityDir();
-    String containerCrtName = requesterId + ".crt";
-    String containerKeyName = requesterId + ".key";
-    String kstrName = getKeystoreFileName(requesterId, role);
-
-    Object[] scriptArgs = {srvrCrtPass, keystorePass, srvrKstrDir,
-        containerKeyName, containerCrtName, kstrName};
-
-    String command = MessageFormat.format(EXPRT_KSTR, scriptArgs);
-    runCommand(command);
-
-    return new SecurityStore(new File(srvrKstrDir, kstrName),
-                             SecurityStore.StoreType.keystore);
-  }
-
-  private static String getKeystoreFileName(String containerId,
-                                            String role) {
-    return String.format("keystore-%s-%s.p12", containerId,
-                         role != null ? role : "");
-  }
-
-  private void generateAMKeystore(String hostname, String containerId)
-      throws SliderException {
-    LOG.info("Generation of server certificate");
-
-    String srvrKstrDir = SecurityUtils.getSecurityDir();
-    String srvrCrtName = SliderKeys.CRT_FILE_NAME;
-    String srvrCsrName = SliderKeys.CSR_FILE_NAME;
-    String srvrKeyName = SliderKeys.KEY_FILE_NAME;
-    String kstrName = SliderKeys.KEYSTORE_FILE_NAME;
-    String srvrCrtPass = SecurityUtils.getKeystorePass();
-
-    Object[] scriptArgs = {srvrCrtPass, srvrKstrDir, srvrKeyName,
-        srvrCrtName, kstrName, srvrCsrName, getSubjectDN(hostname, containerId,
-        this.applicationName)};
-
-    String command = MessageFormat.format(GEN_SRVR_KEY, scriptArgs);
-    runCommand(command);
-
-    command = MessageFormat.format(GEN_SRVR_REQ, scriptArgs);
-    runCommand(command);
-
-    command = MessageFormat.format(SIGN_SRVR_CRT, scriptArgs);
-    runCommand(command);
-
-    Object[] keystoreArgs = {srvrCrtPass, srvrCrtPass, srvrKstrDir, srvrKeyName,
-        srvrCrtName, kstrName, srvrCsrName};
-    command = MessageFormat.format(EXPRT_KSTR, keystoreArgs);
-    runCommand(command);
-  }
-
-  public SecurityStore generateContainerTruststore(String containerId,
-                                                   String role,
-                                                   String truststorePass)
-      throws SliderException {
-
-    String srvrKstrDir = SecurityUtils.getSecurityDir();
-    String srvrCrtName = SliderKeys.CRT_FILE_NAME;
-    String srvrCsrName = SliderKeys.CSR_FILE_NAME;
-    String srvrKeyName = SliderKeys.KEY_FILE_NAME;
-    String kstrName = getTruststoreFileName(role, containerId);
-    String srvrCrtPass = SecurityUtils.getKeystorePass();
-
-    Object[] scriptArgs = {srvrCrtPass, truststorePass, srvrKstrDir, srvrKeyName,
-        srvrCrtName, kstrName, srvrCsrName};
-
-    String command = MessageFormat.format(EXPRT_KSTR, scriptArgs);
-    runCommand(command);
-
-    return new SecurityStore(new File(srvrKstrDir, kstrName),
-                             SecurityStore.StoreType.truststore);
-  }
-
-  private static String getTruststoreFileName(String role, String containerId) {
-    return String.format("truststore-%s-%s.p12", containerId,
-                         role != null ? role : "");
-  }
-
-  /**
-   * Returns server certificate content
-   * @return string with server certificate content
-   */
-  public String getServerCert() {
-    File certFile = getServerCertficateFilePath();
-    String srvrCrtContent = null;
-    try {
-      srvrCrtContent = FileUtils.readFileToString(certFile);
-    } catch (IOException e) {
-      LOG.error(e.getMessage());
-    }
-    return srvrCrtContent;
-  }
-
-  public static File getServerCertficateFilePath() {
-    return new File(String.format("%s%s%s",
-                                  SecurityUtils.getSecurityDir(),
-                                  File.separator,
-                                  SliderKeys.CRT_FILE_NAME));
-  }
-
-  public static File getAgentCertficateFilePath(String containerId) {
-    return new File(String.format("%s%s%s.crt",
-                                  SecurityUtils.getSecurityDir(),
-                                  File.separator,
-                                  containerId));
-  }
-
-  public static File getContainerKeystoreFilePath(String containerId,
-                                                  String role) {
-    return new File(SecurityUtils.getSecurityDir(), getKeystoreFileName(
-        containerId,
-        role
-    ));
-  }
-
-  public static File getContainerTruststoreFilePath(String role,
-                                                    String containerId) {
-    return new File(SecurityUtils.getSecurityDir(),
-                    getTruststoreFileName(role, containerId));
-  }
-
-  public static File getAgentKeyFilePath(String containerId) {
-    return new File(String.format("%s%s%s.key",
-                                  SecurityUtils.getSecurityDir(),
-                                  File.separator,
-                                  containerId));
-  }
-
-  /**
-   * Signs agent certificate
-   * Adds agent certificate to server keystore
-   * @return string with agent signed certificate content
-   */
-  public synchronized SignCertResponse signAgentCrt(String agentHostname,
-                                                    String agentCrtReqContent,
-                                                    String passphraseAgent) {
-    SignCertResponse response = new SignCertResponse();
-    LOG.info("Signing of agent certificate");
-    LOG.info("Verifying passphrase");
-
-    if (!this.passphrase.equals(passphraseAgent.trim())) {
-      LOG.warn("Incorrect passphrase from the agent");
-      response.setResult(SignCertResponse.ERROR_STATUS);
-      response.setMessage("Incorrect passphrase from the agent");
-      return response;
-    }
-
-    String srvrKstrDir = SecurityUtils.getSecurityDir();
-    String srvrCrtPass = SecurityUtils.getKeystorePass();
-    String srvrCrtName = SliderKeys.CRT_FILE_NAME;
-    String srvrKeyName = SliderKeys.KEY_FILE_NAME;
-    String agentCrtReqName = agentHostname + ".csr";
-    String agentCrtName = agentHostname + ".crt";
-
-    Object[] scriptArgs = {srvrKstrDir, agentCrtReqName, agentCrtName,
-        srvrCrtPass, srvrKeyName, srvrCrtName};
-
-    //Revoke previous agent certificate if exists
-    File agentCrtFile = new File(srvrKstrDir + File.separator + agentCrtName);
-
-    String command = null;
-    if (agentCrtFile.exists()) {
-      LOG.info("Revoking of " + agentHostname + " certificate.");
-      command = MessageFormat.format(REVOKE_AGENT_CRT, scriptArgs);
-      try {
-        runCommand(command);
-      } catch (SliderException e) {
-        int commandExitCode = e.getExitCode();
-        response.setResult(SignCertResponse.ERROR_STATUS);
-        response.setMessage(
-            SecurityUtils.getOpenSslCommandResult(command, commandExitCode));
-        return response;
-      }
-    }
-
-    File agentCrtReqFile = new File(srvrKstrDir + File.separator +
-        agentCrtReqName);
-    try {
-      FileUtils.writeStringToFile(agentCrtReqFile, agentCrtReqContent);
-    } catch (IOException e1) {
-      // TODO Auto-generated catch block
-      e1.printStackTrace();
-    }
-
-    command = MessageFormat.format(SIGN_AGENT_CRT, scriptArgs);
-
-    LOG.debug(SecurityUtils.hideOpenSslPassword(command));
-    try {
-      runCommand(command);
-    } catch (SliderException e) {
-      int commandExitCode = e.getExitCode();
-      response.setResult(SignCertResponse.ERROR_STATUS);
-      response.setMessage(
-          SecurityUtils.getOpenSslCommandResult(command, commandExitCode));
-      return response;
-    }
-
-    String agentCrtContent = "";
-    try {
-      agentCrtContent = FileUtils.readFileToString(agentCrtFile);
-    } catch (IOException e) {
-      e.printStackTrace();
-      LOG.error("Error reading signed agent certificate");
-      response.setResult(SignCertResponse.ERROR_STATUS);
-      response.setMessage("Error reading signed agent certificate");
-      return response;
-    }
-    response.setResult(SignCertResponse.OK_STATUS);
-    response.setSignedCa(agentCrtContent);
-    //LOG.info(ShellCommandUtil.getOpenSslCommandResult(command, commandExitCode));
-    return response;
-  }
-
-  private String signAgentCertificate (String containerId)
-      throws SliderException {
-    String srvrKstrDir = SecurityUtils.getSecurityDir();
-    String srvrCrtPass = SecurityUtils.getKeystorePass();
-    String srvrCrtName = SliderKeys.CRT_FILE_NAME;
-    String srvrKeyName = SliderKeys.KEY_FILE_NAME;
-    String agentCrtReqName = containerId + ".csr";
-    String agentCrtName = containerId + ".crt";
-
-    // server certificate must exist already
-    if (!(new File(srvrKstrDir, srvrCrtName).exists())) {
-      throw new SliderException("CA certificate not generated");
-    }
-
-    Object[] scriptArgs = {srvrKstrDir, agentCrtReqName, agentCrtName,
-        srvrCrtPass, srvrKeyName, srvrCrtName};
-
-    //Revoke previous agent certificate if exists
-    File agentCrtFile = new File(srvrKstrDir + File.separator + agentCrtName);
-
-    String command;
-    if (agentCrtFile.exists()) {
-      LOG.info("Revoking of " + containerId + " certificate.");
-      command = MessageFormat.format(REVOKE_AGENT_CRT, scriptArgs);
-      runCommand(command);
-    }
-
-    command = MessageFormat.format(SIGN_AGENT_CRT, scriptArgs);
-
-    LOG.debug(SecurityUtils.hideOpenSslPassword(command));
-    runCommand(command);
-
-    return agentCrtName;
-
-  }
-
-  private String getSubjectDN(String hostname, String containerId,
-                              String appName) {
-    return String.format("/CN=%s%s%s",
-                         hostname,
-                         containerId != null ? "/OU=" + containerId : "",
-                         appName != null ? "/OU=" + appName : "");
-
-
-  }
-}

http://git-wip-us.apache.org/repos/asf/hadoop/blob/7a06f940/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/KeystoreGenerator.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/KeystoreGenerator.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/KeystoreGenerator.java
deleted file mode 100644
index e2339d5..0000000
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/KeystoreGenerator.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.slider.server.services.security;
-
-import org.apache.slider.common.SliderKeys;
-import org.apache.slider.core.conf.AggregateConf;
-import org.apache.slider.core.conf.MapOperations;
-import org.apache.slider.core.exceptions.SliderException;
-
-import java.io.File;
-import java.io.IOException;
-
-/**
- *
- */
-public class KeystoreGenerator extends AbstractSecurityStoreGenerator {
-
-
-  public KeystoreGenerator(CertificateManager certificateMgr) {
-    super(certificateMgr);
-  }
-
-  @Override
-  public SecurityStore generate(String hostname, String containerId,
-                                AggregateConf instanceDefinition,
-                                MapOperations compOps, String role)
-      throws SliderException, IOException {
-    SecurityStore keystore = null;
-    String password = getStorePassword(
-        instanceDefinition.getAppConf().credentials, compOps, role);
-    if (password != null) {
-      keystore =
-          certificateMgr.generateContainerKeystore(hostname, containerId, role,
-                                                   password);
-    }
-    return keystore;
-  }
-
-  @Override
-  String getPassword(MapOperations compOps) {
-    return compOps.get(
-        compOps.get(SliderKeys.COMP_KEYSTORE_PASSWORD_PROPERTY_KEY));
-  }
-
-  @Override
-  String getAlias(MapOperations compOps) {
-    return compOps.getOption(SliderKeys.COMP_KEYSTORE_PASSWORD_ALIAS_KEY,
-                             SliderKeys.COMP_KEYSTORE_PASSWORD_ALIAS_DEFAULT);
-  }
-}

http://git-wip-us.apache.org/repos/asf/hadoop/blob/7a06f940/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStore.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStore.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStore.java
deleted file mode 100644
index fc54267..0000000
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStore.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.slider.server.services.security;
-
-import java.io.File;
-
-/**
- *
- */
-public class SecurityStore {
-  private File file;
-
-  public enum StoreType {truststore, keystore}
-
-  private StoreType type;
-
-  public String getType() {
-    return type.name();
-  }
-
-  public File getFile() {
-    return file;
-  }
-
-  public SecurityStore(File file,
-                       StoreType type) {
-
-    this.file = file;
-    this.type = type;
-  }
-
-  @Override
-  public boolean equals(Object o) {
-    if (this == o) return true;
-    if (o == null || getClass() != o.getClass()) return false;
-
-    SecurityStore that = (SecurityStore) o;
-
-    if (file != null ? !file.equals(that.file) : that.file != null)
-      return false;
-    if (type != that.type) return false;
-
-    return true;
-  }
-
-  @Override
-  public int hashCode() {
-    int result = file != null ? file.hashCode() : 0;
-    result = 31 * result + (type != null ? type.hashCode() : 0);
-    return result;
-  }
-}

http://git-wip-us.apache.org/repos/asf/hadoop/blob/7a06f940/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStoreGenerator.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStoreGenerator.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStoreGenerator.java
deleted file mode 100644
index a814988..0000000
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-applications/hadoop-yarn-slider/hadoop-yarn-slider-core/src/main/java/org/apache/slider/server/services/security/SecurityStoreGenerator.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.slider.server.services.security;
-
-import org.apache.slider.core.conf.AggregateConf;
-import org.apache.slider.core.conf.MapOperations;
-import org.apache.slider.core.exceptions.SliderException;
-
-import java.io.File;
-import java.io.IOException;
-
-/**
- *
- */
-public interface SecurityStoreGenerator {
-
-  SecurityStore generate(String hostname,
-                         String containerId,
-                         AggregateConf instanceDefinition,
-                         MapOperations compOps,
-                         String role)
-      throws SliderException, IOException;
-
-  boolean isStoreRequested(MapOperations compOps);
-}


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org


Mime
View raw message