Accueil Explorer Aide
S'inscrire Connexion
apache
/
hadoop
miroir de https://github.com/apache/hadoop.git
2
0
Fork 1
Fichiers Tickets 0 Wiki
Parcourir la source

HADOOP-17699. Remove hardcoded SunX509 usage from SSLFactory. (#3016)

Xiaoyu Yao il y a 4 ans
Parent
110cda3de6
commit
86729e130f
5 fichiers modifiés avec 31 ajouts et 7 suppressions
Vue séparée Afficher les stats Diff
  1. 2 2
      hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/FileBasedKeyStoresFactory.java
  2. 1 1
      hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/ReloadingX509KeystoreManager.java
  3. 2 2
      hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/ReloadingX509TrustManager.java
  4. 10 2
      hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
  5. 16 0
      hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestSSLFactory.java

+ 2 - 2
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/FileBasedKeyStoresFactory.java
Voir le fichier 

@@ -273,8 +273,8 @@ public class FileBasedKeyStoresFactory implements KeyStoresFactory {
 
     } else {
 
       KeyStore keystore = KeyStore.getInstance(keystoreType);
 
       keystore.load(null, null);
 
-      KeyManagerFactory keyMgrFactory = KeyManagerFactory
 
-              .getInstance(SSLFactory.SSLCERTIFICATE);
 
+      KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(
 
+          SSLFactory.KEY_MANAGER_SSLCERTIFICATE);
 
 
       keyMgrFactory.init(keystore, null);
 
       keyManagers = keyMgrFactory.getKeyManagers();

+ 1 - 1
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/ReloadingX509KeystoreManager.java
Voir le fichier 

@@ -143,7 +143,7 @@ public class ReloadingX509KeystoreManager extends X509ExtendedKeyManager {
 
     LOG.debug(" Loaded KeyStore: " + path.toFile().getAbsolutePath());
 
 
     KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(
 
-        SSLFactory.SSLCERTIFICATE);
 
+        SSLFactory.KEY_MANAGER_SSLCERTIFICATE);
 
     keyMgrFactory.init(keystore,
 
         (keyPassword != null) ? keyPassword.toCharArray() : null);
 
     for (KeyManager candidate: keyMgrFactory.getKeyManagers()) {

+ 2 - 2
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/ReloadingX509TrustManager.java
Voir le fichier 

@@ -136,8 +136,8 @@ public final class ReloadingX509TrustManager implements X509TrustManager {
 
       in.close();
 
     }
 
 
-    TrustManagerFactory trustManagerFactory = 
-      TrustManagerFactory.getInstance(SSLFactory.SSLCERTIFICATE);
 
+    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
 
+        SSLFactory.TRUST_MANAGER_SSLCERTIFICATE);
 
     trustManagerFactory.init(ks);
 
     TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
 
     for (TrustManager trustManager1 : trustManagers) {

+ 10 - 2
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java
Voir le fichier 

@@ -25,14 +25,16 @@ import org.apache.hadoop.util.ReflectionUtils;
 
 import org.apache.hadoop.util.StringUtils;
 
 import org.slf4j.Logger;
 
 import org.slf4j.LoggerFactory;
 
-import static org.apache.hadoop.util.PlatformName.IBM_JAVA;
 
+import static org.apache.hadoop.util.PlatformName.JAVA_VENDOR_NAME;
 
 
 import javax.net.ssl.HostnameVerifier;
 
 import javax.net.ssl.HttpsURLConnection;
 
+import javax.net.ssl.KeyManagerFactory;
 
 import javax.net.ssl.SSLContext;
 
 import javax.net.ssl.SSLEngine;
 
 import javax.net.ssl.SSLServerSocketFactory;
 
 import javax.net.ssl.SSLSocketFactory;
 
+import javax.net.ssl.TrustManagerFactory;
 
 import java.io.IOException;
 
 import java.net.HttpURLConnection;
 
 import java.security.GeneralSecurityException;
 
@@ -99,7 +101,13 @@ public class SSLFactory implements ConnectionConfigurator {
 
   public static final String SSL_SERVER_EXCLUDE_CIPHER_LIST =
 
       "ssl.server.exclude.cipher.list";
 
 
-  public static final String SSLCERTIFICATE = IBM_JAVA?"ibmX509":"SunX509";
 
+  public static final String KEY_MANAGER_SSLCERTIFICATE =
 
+      JAVA_VENDOR_NAME.contains("IBM") ? "ibmX509" :
 
+          KeyManagerFactory.getDefaultAlgorithm();
 
+
 
+  public static final String TRUST_MANAGER_SSLCERTIFICATE =
 
+      JAVA_VENDOR_NAME.contains("IBM") ? "ibmX509" :
 
+          TrustManagerFactory.getDefaultAlgorithm();
 
 
   public static final String KEYSTORES_FACTORY_CLASS_KEY =
 
       "hadoop.ssl.keystores.factory.class";

+ 16 - 0
hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestSSLFactory.java
Voir le fichier 

@@ -17,6 +17,8 @@
 
  */
 
 package org.apache.hadoop.security.ssl;
 
 
+import static java.security.Security.getProperty;
 
+import static java.security.Security.setProperty;
 
 import static org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.SSL_TRUSTSTORE_LOCATION_TPL_KEY;
 
 import static org.apache.hadoop.security.ssl.KeyStoreTestUtil.TRUST_STORE_PASSWORD_DEFAULT;
 
 import static org.apache.hadoop.security.ssl.SSLFactory.Mode.CLIENT;
 
@@ -367,6 +369,20 @@ public class TestSSLFactory {
 
     }
 
   }
 
 
+  @Test
 
+  public void testDifferentAlgorithm() throws Exception {
 
+    Configuration conf = createConfiguration(false, true);
 
+    String currAlg = getProperty("ssl.KeyManagerFactory.algorithm");
 
+    setProperty("ssl.KeyManagerFactory.algorithm", "PKIX");
 
+    SSLFactory sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf);
 
+    try {
 
+      sslFactory.init();
 
+    } finally {
 
+      sslFactory.destroy();
 
+      setProperty("ssl.KeyManagerFactory.algorithm", currAlg);
 
+    }
 
+  }
 
+
 
   @Test
 
   public void testConnectionConfigurator() throws Exception {
 
     Configuration conf = createConfiguration(false, true);