HADOOP-17699. Remove hardcoded SunX509 usage from SSLFactory. (#3016)

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/FileBasedKeyStoresFactory.java

@@ -273,8 +273,8 @@ public class FileBasedKeyStoresFactory implements KeyStoresFactory {
     } else {
       KeyStore keystore = KeyStore.getInstance(keystoreType);
       keystore.load(null, null);
-      KeyManagerFactory keyMgrFactory = KeyManagerFactory
-              .getInstance(SSLFactory.SSLCERTIFICATE);
+      KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(
+          SSLFactory.KEY_MANAGER_SSLCERTIFICATE);
 
       keyMgrFactory.init(keystore, null);
       keyManagers = keyMgrFactory.getKeyManagers();

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/ReloadingX509KeystoreManager.java

@@ -143,7 +143,7 @@ public class ReloadingX509KeystoreManager extends X509ExtendedKeyManager {
     LOG.debug(" Loaded KeyStore: " + path.toFile().getAbsolutePath());
 
     KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(
-        SSLFactory.SSLCERTIFICATE);
+        SSLFactory.KEY_MANAGER_SSLCERTIFICATE);
     keyMgrFactory.init(keystore,
         (keyPassword != null) ? keyPassword.toCharArray() : null);
     for (KeyManager candidate: keyMgrFactory.getKeyManagers()) {

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/ReloadingX509TrustManager.java

@@ -136,8 +136,8 @@ public final class ReloadingX509TrustManager implements X509TrustManager {
       in.close();
     }
 
-    TrustManagerFactory trustManagerFactory = 
-      TrustManagerFactory.getInstance(SSLFactory.SSLCERTIFICATE);
+    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
+        SSLFactory.TRUST_MANAGER_SSLCERTIFICATE);
     trustManagerFactory.init(ks);
     TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
     for (TrustManager trustManager1 : trustManagers) {

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLFactory.java

@@ -25,14 +25,16 @@ import org.apache.hadoop.util.ReflectionUtils;
 import org.apache.hadoop.util.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import static org.apache.hadoop.util.PlatformName.IBM_JAVA;
+import static org.apache.hadoop.util.PlatformName.JAVA_VENDOR_NAME;
 
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLServerSocketFactory;
 import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManagerFactory;
 import java.io.IOException;
 import java.net.HttpURLConnection;
 import java.security.GeneralSecurityException;
@@ -99,7 +101,13 @@ public class SSLFactory implements ConnectionConfigurator {
   public static final String SSL_SERVER_EXCLUDE_CIPHER_LIST =
       "ssl.server.exclude.cipher.list";
 
-  public static final String SSLCERTIFICATE = IBM_JAVA?"ibmX509":"SunX509";
+  public static final String KEY_MANAGER_SSLCERTIFICATE =
+      JAVA_VENDOR_NAME.contains("IBM") ? "ibmX509" :
+          KeyManagerFactory.getDefaultAlgorithm();
+
+  public static final String TRUST_MANAGER_SSLCERTIFICATE =
+      JAVA_VENDOR_NAME.contains("IBM") ? "ibmX509" :
+          TrustManagerFactory.getDefaultAlgorithm();
 
   public static final String KEYSTORES_FACTORY_CLASS_KEY =
       "hadoop.ssl.keystores.factory.class";

hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestSSLFactory.java

@@ -17,6 +17,8 @@
  */
 package org.apache.hadoop.security.ssl;
 
+import static java.security.Security.getProperty;
+import static java.security.Security.setProperty;
 import static org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.SSL_TRUSTSTORE_LOCATION_TPL_KEY;
 import static org.apache.hadoop.security.ssl.KeyStoreTestUtil.TRUST_STORE_PASSWORD_DEFAULT;
 import static org.apache.hadoop.security.ssl.SSLFactory.Mode.CLIENT;
@@ -367,6 +369,20 @@ public class TestSSLFactory {
     }
   }
 
+  @Test
+  public void testDifferentAlgorithm() throws Exception {
+    Configuration conf = createConfiguration(false, true);
+    String currAlg = getProperty("ssl.KeyManagerFactory.algorithm");
+    setProperty("ssl.KeyManagerFactory.algorithm", "PKIX");
+    SSLFactory sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf);
+    try {
+      sslFactory.init();
+    } finally {
+      sslFactory.destroy();
+      setProperty("ssl.KeyManagerFactory.algorithm", currAlg);
+    }
+  }
+
   @Test
   public void testConnectionConfigurator() throws Exception {
     Configuration conf = createConfiguration(false, true);