From 1eed1020234b8b5e5444bbc88299bc6689e6b015 Mon Sep 17 00:00:00 2001 From: Haohui Mai Date: Tue, 4 Nov 2014 10:52:05 -0800 Subject: [PATCH] HADOOP-10847. Remove the usage of sun.security.x509.* in testing code. Contributed by Pascal Oliva. --- .../hadoop-common/CHANGES.txt | 3 + hadoop-common-project/hadoop-common/pom.xml | 5 ++ .../hadoop/security/ssl/KeyStoreTestUtil.java | 69 ++++++++----------- hadoop-project/pom.xml | 6 ++ 4 files changed, 41 insertions(+), 42 deletions(-) diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 1d6adc34230..22e9ae652f1 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -369,6 +369,9 @@ Release 2.7.0 - UNRELEASED HADOOP-6857. FsShell should report raw disk usage including replication factor. (Byron Wong via shv) + HADOOP-10847. Remove the usage of sun.security.x509.* in testing code. + (Pascal Oliva via wheat9) + OPTIMIZATIONS BUG FIXES diff --git a/hadoop-common-project/hadoop-common/pom.xml b/hadoop-common-project/hadoop-common/pom.xml index df8cd58018a..6a63ccdb03e 100644 --- a/hadoop-common-project/hadoop-common/pom.xml +++ b/hadoop-common-project/hadoop-common/pom.xml @@ -280,6 +280,11 @@ org.apache.commons commons-compress + + org.bouncycastle + bcprov-jdk16 + test + diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/KeyStoreTestUtil.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/KeyStoreTestUtil.java index b2a839ca2a2..07cae8b5d21 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/KeyStoreTestUtil.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/KeyStoreTestUtil.java @@ -24,18 +24,6 @@ import org.apache.hadoop.security.alias.CredentialProvider; import org.apache.hadoop.security.alias.CredentialProviderFactory; import org.apache.hadoop.security.alias.JavaKeyStoreProvider; -import sun.security.x509.AlgorithmId; -import sun.security.x509.CertificateAlgorithmId; -import sun.security.x509.CertificateIssuerName; -import sun.security.x509.CertificateSerialNumber; -import sun.security.x509.CertificateSubjectName; -import sun.security.x509.CertificateValidity; -import sun.security.x509.CertificateVersion; -import sun.security.x509.CertificateX509Key; -import sun.security.x509.X500Name; -import sun.security.x509.X509CertImpl; -import sun.security.x509.X509CertInfo; - import java.io.File; import java.io.FileOutputStream; import java.io.FileWriter; @@ -57,6 +45,15 @@ import java.util.Date; import java.util.HashMap; import java.util.Map; +import java.security.InvalidKeyException; +import java.security.NoSuchProviderException; +import java.security.SignatureException; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import javax.security.auth.x500.X500Principal; +import org.bouncycastle.x509.X509V1CertificateGenerator; + public class KeyStoreTestUtil { public static String getClasspathDir(Class klass) throws Exception { @@ -68,50 +65,38 @@ public class KeyStoreTestUtil { return baseDir; } + @SuppressWarnings("deprecation") /** * Create a self-signed X.509 Certificate. - * From http://bfo.com/blog/2011/03/08/odds_and_ends_creating_a_new_x_509_certificate.html. * * @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB" * @param pair the KeyPair * @param days how many days from now the Certificate is valid for * @param algorithm the signing algorithm, eg "SHA1withRSA" * @return the self-signed certificate - * @throws IOException thrown if an IO error ocurred. - * @throws GeneralSecurityException thrown if an Security error ocurred. */ - public static X509Certificate generateCertificate(String dn, KeyPair pair, - int days, String algorithm) - throws GeneralSecurityException, IOException { - PrivateKey privkey = pair.getPrivate(); - X509CertInfo info = new X509CertInfo(); + public static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm) + throws CertificateEncodingException, + InvalidKeyException, + IllegalStateException, + NoSuchProviderException, NoSuchAlgorithmException, SignatureException{ + Date from = new Date(); Date to = new Date(from.getTime() + days * 86400000l); - CertificateValidity interval = new CertificateValidity(from, to); BigInteger sn = new BigInteger(64, new SecureRandom()); - X500Name owner = new X500Name(dn); + KeyPair keyPair = pair; + X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); + X500Principal dnName = new X500Principal(dn); - info.set(X509CertInfo.VALIDITY, interval); - info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn)); - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner)); - info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner)); - info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic())); - info - .set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); - AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid); - info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo)); + certGen.setSerialNumber(sn); + certGen.setIssuerDN(dnName); + certGen.setNotBefore(from); + certGen.setNotAfter(to); + certGen.setSubjectDN(dnName); + certGen.setPublicKey(keyPair.getPublic()); + certGen.setSignatureAlgorithm(algorithm); - // Sign the cert to identify the algorithm that's used. - X509CertImpl cert = new X509CertImpl(info); - cert.sign(privkey, algorithm); - - // Update the algorith, and resign. - algo = (AlgorithmId) cert.get(X509CertImpl.SIG_ALG); - info - .set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, - algo); - cert = new X509CertImpl(info); - cert.sign(privkey, algorithm); + X509Certificate cert = certGen.generate(pair.getPrivate()); return cert; } diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml index cac900fa53a..d3c404e59f5 100644 --- a/hadoop-project/pom.xml +++ b/hadoop-project/pom.xml @@ -900,6 +900,12 @@ curator-test 2.6.0 + + org.bouncycastle + bcprov-jdk16 + 1.46 + test +