HADOOP-17699. Remove hardcoded SunX509 usage from SSLFactory. (#3016)
This commit is contained in:
parent
110cda3de6
commit
86729e130f
|
@ -273,8 +273,8 @@ public class FileBasedKeyStoresFactory implements KeyStoresFactory {
|
|||
} else {
|
||||
KeyStore keystore = KeyStore.getInstance(keystoreType);
|
||||
keystore.load(null, null);
|
||||
KeyManagerFactory keyMgrFactory = KeyManagerFactory
|
||||
.getInstance(SSLFactory.SSLCERTIFICATE);
|
||||
KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(
|
||||
SSLFactory.KEY_MANAGER_SSLCERTIFICATE);
|
||||
|
||||
keyMgrFactory.init(keystore, null);
|
||||
keyManagers = keyMgrFactory.getKeyManagers();
|
||||
|
|
|
@ -143,7 +143,7 @@ public class ReloadingX509KeystoreManager extends X509ExtendedKeyManager {
|
|||
LOG.debug(" Loaded KeyStore: " + path.toFile().getAbsolutePath());
|
||||
|
||||
KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(
|
||||
SSLFactory.SSLCERTIFICATE);
|
||||
SSLFactory.KEY_MANAGER_SSLCERTIFICATE);
|
||||
keyMgrFactory.init(keystore,
|
||||
(keyPassword != null) ? keyPassword.toCharArray() : null);
|
||||
for (KeyManager candidate: keyMgrFactory.getKeyManagers()) {
|
||||
|
|
|
@ -136,8 +136,8 @@ public final class ReloadingX509TrustManager implements X509TrustManager {
|
|||
in.close();
|
||||
}
|
||||
|
||||
TrustManagerFactory trustManagerFactory =
|
||||
TrustManagerFactory.getInstance(SSLFactory.SSLCERTIFICATE);
|
||||
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
|
||||
SSLFactory.TRUST_MANAGER_SSLCERTIFICATE);
|
||||
trustManagerFactory.init(ks);
|
||||
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
|
||||
for (TrustManager trustManager1 : trustManagers) {
|
||||
|
|
|
@ -25,14 +25,16 @@ import org.apache.hadoop.util.ReflectionUtils;
|
|||
import org.apache.hadoop.util.StringUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import static org.apache.hadoop.util.PlatformName.IBM_JAVA;
|
||||
import static org.apache.hadoop.util.PlatformName.JAVA_VENDOR_NAME;
|
||||
|
||||
import javax.net.ssl.HostnameVerifier;
|
||||
import javax.net.ssl.HttpsURLConnection;
|
||||
import javax.net.ssl.KeyManagerFactory;
|
||||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLEngine;
|
||||
import javax.net.ssl.SSLServerSocketFactory;
|
||||
import javax.net.ssl.SSLSocketFactory;
|
||||
import javax.net.ssl.TrustManagerFactory;
|
||||
import java.io.IOException;
|
||||
import java.net.HttpURLConnection;
|
||||
import java.security.GeneralSecurityException;
|
||||
|
@ -99,7 +101,13 @@ public class SSLFactory implements ConnectionConfigurator {
|
|||
public static final String SSL_SERVER_EXCLUDE_CIPHER_LIST =
|
||||
"ssl.server.exclude.cipher.list";
|
||||
|
||||
public static final String SSLCERTIFICATE = IBM_JAVA?"ibmX509":"SunX509";
|
||||
public static final String KEY_MANAGER_SSLCERTIFICATE =
|
||||
JAVA_VENDOR_NAME.contains("IBM") ? "ibmX509" :
|
||||
KeyManagerFactory.getDefaultAlgorithm();
|
||||
|
||||
public static final String TRUST_MANAGER_SSLCERTIFICATE =
|
||||
JAVA_VENDOR_NAME.contains("IBM") ? "ibmX509" :
|
||||
TrustManagerFactory.getDefaultAlgorithm();
|
||||
|
||||
public static final String KEYSTORES_FACTORY_CLASS_KEY =
|
||||
"hadoop.ssl.keystores.factory.class";
|
||||
|
|
|
@ -17,6 +17,8 @@
|
|||
*/
|
||||
package org.apache.hadoop.security.ssl;
|
||||
|
||||
import static java.security.Security.getProperty;
|
||||
import static java.security.Security.setProperty;
|
||||
import static org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.SSL_TRUSTSTORE_LOCATION_TPL_KEY;
|
||||
import static org.apache.hadoop.security.ssl.KeyStoreTestUtil.TRUST_STORE_PASSWORD_DEFAULT;
|
||||
import static org.apache.hadoop.security.ssl.SSLFactory.Mode.CLIENT;
|
||||
|
@ -367,6 +369,20 @@ public class TestSSLFactory {
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDifferentAlgorithm() throws Exception {
|
||||
Configuration conf = createConfiguration(false, true);
|
||||
String currAlg = getProperty("ssl.KeyManagerFactory.algorithm");
|
||||
setProperty("ssl.KeyManagerFactory.algorithm", "PKIX");
|
||||
SSLFactory sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf);
|
||||
try {
|
||||
sslFactory.init();
|
||||
} finally {
|
||||
sslFactory.destroy();
|
||||
setProperty("ssl.KeyManagerFactory.algorithm", currAlg);
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testConnectionConfigurator() throws Exception {
|
||||
Configuration conf = createConfiguration(false, true);
|
||||
|
|
Loading…
Reference in New Issue