Package org.apache.hadoop.hbase.http.ssl

Class KeyStoreTestUtil

java.lang.Object

org.apache.hadoop.hbase.http.ssl.KeyStoreTestUtil

public final class KeyStoreTestUtil
extends Object

Constructor Summary

Constructors

Modifier	Constructor	Description
private	KeyStoreTestUtil()

Method Summary

Modifier and Type	Method	Description
static void	cleanupSSLConfig(org.apache.hadoop.conf.Configuration conf)
static org.apache.hadoop.conf.Configuration	createClientSSLConfig(String clientKS, String password, String keyPassword, String trustKS)	Creates SSL configuration for a client.
private static KeyStore	createEmptyKeyStore()
private static KeyStore	createEmptyKeyStore(String keyStoreType)
static void	createKeyStore(String filename, String password, String keyPassword, String alias, Key privateKey, Certificate cert)	Creates a keystore with a single key and saves it to a file.
static void	createKeyStore(String filename, String password, String keyPassword, String alias, Key privateKey, Certificate cert, String keystoreType)	Creates a keystore with a single key and saves it to a file.
static void	createKeyStore(String filename, String password, String alias, Key privateKey, Certificate cert)	Creates a keystore with a single key and saves it to a file.
static org.apache.hadoop.conf.Configuration	createServerSSLConfig(String serverKS, String password, String keyPassword, String trustKS)	Creates SSL configuration for a server.
private static org.apache.hadoop.conf.Configuration	createSSLConfig(org.apache.hadoop.security.ssl.SSLFactory.Mode mode, String keystore, String password, String keyPassword, String trustKS)	Creates SSL configuration.
static void	createTrustStore(String filename, String password, String alias, Certificate cert)	Creates a truststore with a single certificate and saves it to a file.
static void	createTrustStore(String filename, String password, String alias, Certificate cert, String trustStoreType)	Creates a truststore with a single certificate and saves it to a file.
static <T extends Certificate> void	createTrustStore(String filename, String password, Map<String,T> certs)
static X509Certificate	generateCertificate(String dn, KeyPair pair, int days, String algorithm)	Create a self-signed X.509 Certificate.
static KeyPair	generateKeyPair(String algorithm)
static String	getClasspathDir(Class<?> klass)
static void	saveConfig(File file, org.apache.hadoop.conf.Configuration conf)	Saves configuration to a file.
private static void	saveKeyStore(KeyStore ks, String filename, String password)
static void	setupSSLConfig(String keystoresDir, String sslConfDir, org.apache.hadoop.conf.Configuration conf, boolean useClientCert)	Performs complete setup of SSL configuration in preparation for testing an SSLFactory.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

KeyStoreTestUtil

private KeyStoreTestUtil()

Method Details

getClasspathDir

public static String getClasspathDir(Class<?> klass)
                              throws Exception

Throws:

Exception

generateCertificate

public static X509Certificate generateCertificate(String dn,
 KeyPair pair,
 int days,
 String algorithm)
                                           throws CertificateEncodingException,
InvalidKeyException,
IllegalStateException,
NoSuchProviderException,
NoSuchAlgorithmException,
SignatureException

Create a self-signed X.509 Certificate.

Parameters:

dn - the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"

pair - the KeyPair

days - how many days from now the Certificate is valid for

algorithm - the signing algorithm, eg "SHA1withRSA"

Returns:

the self-signed certificate

Throws:

CertificateEncodingException

InvalidKeyException

IllegalStateException

NoSuchProviderException

NoSuchAlgorithmException

SignatureException

generateKeyPair

public static KeyPair generateKeyPair(String algorithm)
                               throws NoSuchAlgorithmException

Throws:

NoSuchAlgorithmException

createEmptyKeyStore

private static KeyStore createEmptyKeyStore()
                                     throws GeneralSecurityException,
IOException

Throws:

GeneralSecurityException

IOException

createEmptyKeyStore

private static KeyStore createEmptyKeyStore(String keyStoreType)
                                     throws GeneralSecurityException,
IOException

Throws:

GeneralSecurityException

IOException

saveKeyStore

private static void saveKeyStore(KeyStore ks,
 String filename,
 String password)
                          throws GeneralSecurityException,
IOException

Throws:

GeneralSecurityException

IOException

createKeyStore

public static void createKeyStore(String filename,
 String password,
 String alias,
 Key privateKey,
 Certificate cert)
                           throws GeneralSecurityException,
IOException

Creates a keystore with a single key and saves it to a file. This method will use the same password for the keystore and for the key. This method will always generate a keystore file in JKS format.

Parameters:

filename - String file to save

password - String store password to set on keystore

alias - String alias to use for the key

privateKey - Key to save in keystore

cert - Certificate to use as certificate chain associated to key

Throws:

GeneralSecurityException - for any error with the security APIs

IOException - if there is an I/O error saving the file

createKeyStore

public static void createKeyStore(String filename,
 String password,
 String keyPassword,
 String alias,
 Key privateKey,
 Certificate cert)
                           throws GeneralSecurityException,
IOException

Creates a keystore with a single key and saves it to a file. This method will always generate a keystore file in JKS format.

Parameters:

filename - String file to save

password - String store password to set on keystore

keyPassword - String key password to set on key

alias - String alias to use for the key

privateKey - Key to save in keystore

cert - Certificate to use as certificate chain associated to key

Throws:

GeneralSecurityException - for any error with the security APIs

IOException - if there is an I/O error saving the file

createKeyStore

public static void createKeyStore(String filename,
 String password,
 String keyPassword,
 String alias,
 Key privateKey,
 Certificate cert,
 String keystoreType)
                           throws GeneralSecurityException,
IOException

Creates a keystore with a single key and saves it to a file.

Parameters:

filename - String file to save

password - String store password to set on keystore

keyPassword - String key password to set on key

alias - String alias to use for the key

privateKey - Key to save in keystore

cert - Certificate to use as certificate chain associated to key

keystoreType - String keystore file type (e.g. "JKS")

Throws:

GeneralSecurityException - for any error with the security APIs

IOException - if there is an I/O error saving the file

createTrustStore

public static void createTrustStore(String filename,
 String password,
 String alias,
 Certificate cert)
                             throws GeneralSecurityException,
IOException

Creates a truststore with a single certificate and saves it to a file. This method uses the default JKS truststore type.

Parameters:

filename - String file to save

password - String store password to set on truststore

alias - String alias to use for the certificate

cert - Certificate to add

Throws:

GeneralSecurityException - for any error with the security APIs

IOException - if there is an I/O error saving the file

createTrustStore

public static void createTrustStore(String filename,
 String password,
 String alias,
 Certificate cert,
 String trustStoreType)
                             throws GeneralSecurityException,
IOException

Creates a truststore with a single certificate and saves it to a file.

Parameters:

filename - String file to save

password - String store password to set on truststore

alias - String alias to use for the certificate

cert - Certificate to add

trustStoreType - String keystore file type (e.g. "JKS")

Throws:

GeneralSecurityException - for any error with the security APIs

IOException - if there is an I/O error saving the file

createTrustStore

public static <T extends Certificate> void createTrustStore(String filename,
 String password,
 Map<String,T> certs)
                                                     throws GeneralSecurityException,
IOException

Throws:

GeneralSecurityException

IOException

cleanupSSLConfig

public static void cleanupSSLConfig(org.apache.hadoop.conf.Configuration conf)
                             throws Exception

Throws:

Exception

setupSSLConfig

public static void setupSSLConfig(String keystoresDir,
 String sslConfDir,
 org.apache.hadoop.conf.Configuration conf,
 boolean useClientCert)
                           throws Exception

Performs complete setup of SSL configuration in preparation for testing an SSLFactory. This includes keys, certs, keystores, truststores, the server SSL configuration file, the client SSL configuration file, and the master configuration file read by the SSLFactory.

Parameters:

keystoresDir - String directory to save keystores

sslConfDir - String directory to save SSL configuration files

conf - Configuration master configuration to be used by an SSLFactory, which will be mutated by this method

useClientCert - boolean true to make the client present a cert in the SSL handshake

Throws:

Exception

createClientSSLConfig

public static org.apache.hadoop.conf.Configuration createClientSSLConfig(String clientKS,
 String password,
 String keyPassword,
 String trustKS)

Creates SSL configuration for a client.

Parameters:

clientKS - String client keystore file

password - String store password, or null to avoid setting store password

keyPassword - String key password, or null to avoid setting key password

trustKS - String truststore file

Returns:

Configuration for client SSL

createServerSSLConfig

public static org.apache.hadoop.conf.Configuration createServerSSLConfig(String serverKS,
 String password,
 String keyPassword,
 String trustKS)
                                                                  throws IOException

Creates SSL configuration for a server.

Parameters:

serverKS - String server keystore file

password - String store password, or null to avoid setting store password

keyPassword - String key password, or null to avoid setting key password

trustKS - String truststore file

Returns:

Configuration for server SSL

Throws:

IOException

createSSLConfig

private static org.apache.hadoop.conf.Configuration createSSLConfig(org.apache.hadoop.security.ssl.SSLFactory.Mode mode,
 String keystore,
 String password,
 String keyPassword,
 String trustKS)

Creates SSL configuration.

Parameters:

mode - SSLFactory.Mode mode to configure

keystore - String keystore file

password - String store password, or null to avoid setting store password

keyPassword - String key password, or null to avoid setting key password

trustKS - String truststore file

Returns:

Configuration for SSL

saveConfig

public static void saveConfig(File file,
 org.apache.hadoop.conf.Configuration conf)
                       throws IOException

Saves configuration to a file.

Parameters:

file - File to save

conf - Configuration contents to write to file

Throws:

IOException - if there is an I/O error saving the file