Repository: accumulo Updated Branches: refs/heads/1.6.1-SNAPSHOT 10500f6da -> 011349e2d refs/heads/master 63b3bdd8c -> ef0b27c1e
ACCUMULO-3059 Allow configuration of truststore password and root keystore password Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/384aa396 Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/384aa396 Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/384aa396 Branch: refs/heads/1.6.1-SNAPSHOT Commit: 384aa396736b7ddeadf38d71d3f42afda7c4d0da Parents: 10500f6 Author: Josh Elser <els...@apache.org> Authored: Mon Aug 11 23:30:39 2014 -0400 Committer: Josh Elser <els...@apache.org> Committed: Mon Aug 11 23:30:39 2014 -0400 ---------------------------------------------------------------------- .../MiniAccumuloClusterStartStopTest.java | 1 - .../accumulo/test/functional/AbstractMacIT.java | 2 +- .../apache/accumulo/test/util/CertUtils.java | 36 +++++++++++++------- .../accumulo/test/util/CertUtilsTest.java | 6 ++-- 4 files changed, 28 insertions(+), 17 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/accumulo/blob/384aa396/minicluster/src/test/java/org/apache/accumulo/minicluster/MiniAccumuloClusterStartStopTest.java ---------------------------------------------------------------------- diff --git a/minicluster/src/test/java/org/apache/accumulo/minicluster/MiniAccumuloClusterStartStopTest.java b/minicluster/src/test/java/org/apache/accumulo/minicluster/MiniAccumuloClusterStartStopTest.java index 9e38d09..b44868f 100644 --- a/minicluster/src/test/java/org/apache/accumulo/minicluster/MiniAccumuloClusterStartStopTest.java +++ b/minicluster/src/test/java/org/apache/accumulo/minicluster/MiniAccumuloClusterStartStopTest.java @@ -22,7 +22,6 @@ import org.apache.accumulo.core.client.Connector; import org.apache.accumulo.core.client.ZooKeeperInstance; import org.apache.accumulo.core.client.security.tokens.PasswordToken; import org.junit.After; -import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.rules.TemporaryFolder; http://git-wip-us.apache.org/repos/asf/accumulo/blob/384aa396/test/src/test/java/org/apache/accumulo/test/functional/AbstractMacIT.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/functional/AbstractMacIT.java b/test/src/test/java/org/apache/accumulo/test/functional/AbstractMacIT.java index 0c29dfd..4734558 100644 --- a/test/src/test/java/org/apache/accumulo/test/functional/AbstractMacIT.java +++ b/test/src/test/java/org/apache/accumulo/test/functional/AbstractMacIT.java @@ -101,7 +101,7 @@ public abstract class AbstractMacIT { File publicTruststoreFile = new File(sslDir, "public-" + cfg.getInstanceName() + ".jks"); try { new CertUtils(Property.RPC_SSL_KEYSTORE_TYPE.getDefaultValue(), "o=Apache Accumulo,cn=MiniAccumuloCluster", "RSA", 2048, "sha1WithRSAEncryption") - .createAll(rootKeystoreFile, localKeystoreFile, publicTruststoreFile, cfg.getInstanceName(), cfg.getRootPassword()); + .createAll(rootKeystoreFile, localKeystoreFile, publicTruststoreFile, cfg.getInstanceName(), "root_keystore_password", cfg.getRootPassword(), ""); } catch (Exception e) { throw new RuntimeException("error creating MAC keystore", e); } http://git-wip-us.apache.org/repos/asf/accumulo/blob/384aa396/test/src/test/java/org/apache/accumulo/test/util/CertUtils.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/util/CertUtils.java b/test/src/test/java/org/apache/accumulo/test/util/CertUtils.java index b7614b8..552a332 100644 --- a/test/src/test/java/org/apache/accumulo/test/util/CertUtils.java +++ b/test/src/test/java/org/apache/accumulo/test/util/CertUtils.java @@ -92,11 +92,17 @@ public class CertUtils { @Parameter(names = {"--keystore-type"}, description = "Type of keystore file to use") String keystoreType = "JKS"; + @Parameter(names = {"--root-keystore-password"}, description = "Password for root keystore, falls back to --keystore-password if not provided") + String rootKeystorePassword = null; + @Parameter( names = {"--keystore-password"}, description = "Password used to encrypt keystores. If omitted, the instance-wide secret will be used. If specified, the password must also be explicitly configured in Accumulo.") String keystorePassword = null; + @Parameter(names = {"--truststore-password"}, description = "Password used to encrypt the truststore. If omitted, empty password is used") + String truststorePassword = ""; + @Parameter(names = {"--key-name-prefix"}, description = "Prefix for names of generated keys") String keyNamePrefix = CertUtils.class.getSimpleName(); @@ -162,14 +168,20 @@ public class CertUtils { String keyPassword = opts.keystorePassword; if (keyPassword == null) keyPassword = getDefaultKeyPassword(); + + String rootKeyPassword = opts.rootKeystorePassword; + if (rootKeyPassword == null) { + rootKeyPassword = keyPassword; + } + CertUtils certUtils = new CertUtils(opts.keystoreType, opts.issuerDirString, opts.encryptionAlg, opts.keysize, opts.signingAlg); if ("generate-all".equals(operation)) { - certUtils.createAll(new File(opts.rootKeystore), new File(opts.localKeystore), new File(opts.truststore), opts.keyNamePrefix, keyPassword); + certUtils.createAll(new File(opts.rootKeystore), new File(opts.localKeystore), new File(opts.truststore), opts.keyNamePrefix, rootKeyPassword, keyPassword, opts.truststorePassword); } else if ("generate-local".equals(operation)) { - certUtils.createSignedCert(new File(opts.localKeystore), opts.keyNamePrefix + "-local", "", opts.rootKeystore, ""); + certUtils.createSignedCert(new File(opts.localKeystore), opts.keyNamePrefix + "-local", keyPassword, opts.rootKeystore, rootKeyPassword); } else if ("generate-self-trusted".equals(operation)) { - certUtils.createSelfSignedCert(new File(opts.truststore), opts.keyNamePrefix + "-selfTrusted", ""); + certUtils.createSelfSignedCert(new File(opts.truststore), opts.keyNamePrefix + "-selfTrusted", keyPassword); } else { JCommander jcommander = new JCommander(opts); jcommander.setProgramName(CertUtils.class.getName()); @@ -198,16 +210,16 @@ public class CertUtils { this.signingAlgorithm = signingAlgorithm; } - public void createAll(File rootKeystoreFile, File localKeystoreFile, File trustStoreFile, String keyNamePrefix, String systemPassword) - throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, OperatorCreationException, AccumuloSecurityException, - NoSuchProviderException, UnrecoverableKeyException, FileNotFoundException { - createSelfSignedCert(rootKeystoreFile, keyNamePrefix + "-root", systemPassword); - createSignedCert(localKeystoreFile, keyNamePrefix + "-local", systemPassword, rootKeystoreFile.getAbsolutePath(), systemPassword); - createPublicCert(trustStoreFile, keyNamePrefix + "-public", rootKeystoreFile.getAbsolutePath(), systemPassword); + public void createAll(File rootKeystoreFile, File localKeystoreFile, File trustStoreFile, String keyNamePrefix, String rootKeystorePassword, + String keystorePassword, String truststorePassword) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, + OperatorCreationException, AccumuloSecurityException, NoSuchProviderException, UnrecoverableKeyException, FileNotFoundException { + createSelfSignedCert(rootKeystoreFile, keyNamePrefix + "-root", rootKeystorePassword); + createSignedCert(localKeystoreFile, keyNamePrefix + "-local", keystorePassword, rootKeystoreFile.getAbsolutePath(), rootKeystorePassword); + createPublicCert(trustStoreFile, keyNamePrefix + "-public", rootKeystoreFile.getAbsolutePath(), rootKeystorePassword, truststorePassword); } - public void createPublicCert(File targetKeystoreFile, String keyName, String rootKeystorePath, String rootKeystorePassword) throws NoSuchAlgorithmException, - CertificateException, FileNotFoundException, IOException, KeyStoreException, UnrecoverableKeyException { + public void createPublicCert(File targetKeystoreFile, String keyName, String rootKeystorePath, String rootKeystorePassword, String truststorePassword) + throws NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException, KeyStoreException, UnrecoverableKeyException { KeyStore signerKeystore = KeyStore.getInstance(keystoreType); char[] signerPasswordArray = rootKeystorePassword.toCharArray(); signerKeystore.load(new FileInputStream(rootKeystorePath), signerPasswordArray); @@ -216,7 +228,7 @@ public class CertUtils { KeyStore keystore = KeyStore.getInstance(keystoreType); keystore.load(null, null); keystore.setCertificateEntry(keyName + "Cert", rootCert); - keystore.store(new FileOutputStream(targetKeystoreFile), new char[0]); + keystore.store(new FileOutputStream(targetKeystoreFile), truststorePassword.toCharArray()); } public void createSignedCert(File targetKeystoreFile, String keyName, String keystorePassword, String signerKeystorePath, String signerKeystorePassword) http://git-wip-us.apache.org/repos/asf/accumulo/blob/384aa396/test/src/test/java/org/apache/accumulo/test/util/CertUtilsTest.java ---------------------------------------------------------------------- diff --git a/test/src/test/java/org/apache/accumulo/test/util/CertUtilsTest.java b/test/src/test/java/org/apache/accumulo/test/util/CertUtilsTest.java index eea9ac2..1e4e68a 100644 --- a/test/src/test/java/org/apache/accumulo/test/util/CertUtilsTest.java +++ b/test/src/test/java/org/apache/accumulo/test/util/CertUtilsTest.java @@ -62,7 +62,7 @@ public class CertUtilsTest { File rootKeyStoreFile = new File(folder.getRoot(), "root.jks"); certUtils.createSelfSignedCert(rootKeyStoreFile, "test", PASSWORD); File publicKeyStoreFile = new File(folder.getRoot(), "public.jks"); - certUtils.createPublicCert(publicKeyStoreFile, "test", rootKeyStoreFile.getAbsolutePath(), PASSWORD); + certUtils.createPublicCert(publicKeyStoreFile, "test", rootKeyStoreFile.getAbsolutePath(), PASSWORD, ""); KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE); keyStore.load(new FileInputStream(publicKeyStoreFile), new char[0]); @@ -110,11 +110,11 @@ public class CertUtilsTest { File rootKeyStoreFile = new File(folder.getRoot(), "root.jks"); certUtils.createSelfSignedCert(rootKeyStoreFile, "test", PASSWORD); File publicRootKeyStoreFile = new File(folder.getRoot(), "publicroot.jks"); - certUtils.createPublicCert(publicRootKeyStoreFile, "test", rootKeyStoreFile.getAbsolutePath(), PASSWORD); + certUtils.createPublicCert(publicRootKeyStoreFile, "test", rootKeyStoreFile.getAbsolutePath(), PASSWORD, ""); File signedKeyStoreFile = new File(folder.getRoot(), "signed.jks"); certUtils.createSignedCert(signedKeyStoreFile, "test", PASSWORD, rootKeyStoreFile.getAbsolutePath(), PASSWORD); File publicSignedKeyStoreFile = new File(folder.getRoot(), "publicsigned.jks"); - certUtils.createPublicCert(publicSignedKeyStoreFile, "test", signedKeyStoreFile.getAbsolutePath(), PASSWORD); + certUtils.createPublicCert(publicSignedKeyStoreFile, "test", signedKeyStoreFile.getAbsolutePath(), PASSWORD, ""); KeyStore rootKeyStore = KeyStore.getInstance(KEYSTORE_TYPE); rootKeyStore.load(new FileInputStream(publicRootKeyStoreFile), new char[0]);
