HADOOP-13992. KMS should load SSL configuration the same way as SSLFactory. Contributed by John Zhuge.
This commit is contained in:
parent
1a16431bd0
commit
ebd40056a0
hadoop-common-project
hadoop-common/src/main/java/org/apache/hadoop/security/ssl
hadoop-kms/src
main/java/org/apache/hadoop/crypto/key/kms/server
test/java/org/apache/hadoop/crypto/key/kms/server
|
@ -128,9 +128,10 @@ public class SSLFactory implements ConnectionConfigurator {
|
|||
throw new IllegalArgumentException("mode cannot be NULL");
|
||||
}
|
||||
this.mode = mode;
|
||||
requireClientCert = conf.getBoolean(SSL_REQUIRE_CLIENT_CERT_KEY,
|
||||
Configuration sslConf = readSSLConfiguration(conf, mode);
|
||||
|
||||
requireClientCert = sslConf.getBoolean(SSL_REQUIRE_CLIENT_CERT_KEY,
|
||||
SSL_REQUIRE_CLIENT_CERT_DEFAULT);
|
||||
Configuration sslConf = readSSLConfiguration(mode);
|
||||
|
||||
Class<? extends KeyStoresFactory> klass
|
||||
= conf.getClass(KEYSTORES_FACTORY_CLASS_KEY,
|
||||
|
@ -149,9 +150,11 @@ public class SSLFactory implements ConnectionConfigurator {
|
|||
}
|
||||
}
|
||||
|
||||
private Configuration readSSLConfiguration(Mode mode) {
|
||||
public static Configuration readSSLConfiguration(Configuration conf,
|
||||
Mode mode) {
|
||||
Configuration sslConf = new Configuration(false);
|
||||
sslConf.setBoolean(SSL_REQUIRE_CLIENT_CERT_KEY, requireClientCert);
|
||||
sslConf.setBoolean(SSL_REQUIRE_CLIENT_CERT_KEY, conf.getBoolean(
|
||||
SSL_REQUIRE_CLIENT_CERT_KEY, SSL_REQUIRE_CLIENT_CERT_DEFAULT));
|
||||
String sslConfResource;
|
||||
if (mode == Mode.CLIENT) {
|
||||
sslConfResource = conf.get(SSL_CLIENT_CONF_KEY,
|
||||
|
|
|
@ -46,13 +46,7 @@ public class KMSWebServer {
|
|||
private final HttpServer2 httpServer;
|
||||
private final String scheme;
|
||||
|
||||
KMSWebServer(Configuration cnf) throws Exception {
|
||||
ConfigurationWithLogging conf = new ConfigurationWithLogging(cnf);
|
||||
|
||||
// Add SSL configuration file
|
||||
conf.addResource(conf.get(SSLFactory.SSL_SERVER_CONF_KEY,
|
||||
SSLFactory.SSL_SERVER_CONF_DEFAULT));
|
||||
|
||||
KMSWebServer(Configuration conf, Configuration sslConf) throws Exception {
|
||||
// Override configuration with deprecated environment variables.
|
||||
deprecateEnv("KMS_TEMP", conf, HttpServer2.HTTP_TEMP_DIR_KEY,
|
||||
KMSConfiguration.KMS_SITE_XML);
|
||||
|
@ -68,10 +62,10 @@ public class KMSWebServer {
|
|||
KMSConfiguration.KMS_SITE_XML);
|
||||
deprecateEnv("KMS_SSL_ENABLED", conf,
|
||||
KMSConfiguration.SSL_ENABLED_KEY, KMSConfiguration.KMS_SITE_XML);
|
||||
deprecateEnv("KMS_SSL_KEYSTORE_FILE", conf,
|
||||
deprecateEnv("KMS_SSL_KEYSTORE_FILE", sslConf,
|
||||
SSLFactory.SSL_SERVER_KEYSTORE_LOCATION,
|
||||
SSLFactory.SSL_SERVER_CONF_DEFAULT);
|
||||
deprecateEnv("KMS_SSL_KEYSTORE_PASS", conf,
|
||||
deprecateEnv("KMS_SSL_KEYSTORE_PASS", sslConf,
|
||||
SSLFactory.SSL_SERVER_KEYSTORE_PASSWORD,
|
||||
SSLFactory.SSL_SERVER_CONF_DEFAULT);
|
||||
|
||||
|
@ -88,7 +82,7 @@ public class KMSWebServer {
|
|||
httpServer = new HttpServer2.Builder()
|
||||
.setName(NAME)
|
||||
.setConf(conf)
|
||||
.setSSLConf(conf)
|
||||
.setSSLConf(sslConf)
|
||||
.authFilterConfigurationPrefix(KMSAuthenticationFilter.CONFIG_PREFIX)
|
||||
.addEndpoint(endpoint)
|
||||
.build();
|
||||
|
@ -147,8 +141,11 @@ public class KMSWebServer {
|
|||
|
||||
public static void main(String[] args) throws Exception {
|
||||
StringUtils.startupShutdownMessage(KMSWebServer.class, args, LOG);
|
||||
Configuration conf = KMSConfiguration.getKMSConf();
|
||||
KMSWebServer kmsWebServer = new KMSWebServer(conf);
|
||||
Configuration conf = new ConfigurationWithLogging(
|
||||
KMSConfiguration.getKMSConf());
|
||||
Configuration sslConf = new ConfigurationWithLogging(
|
||||
SSLFactory.readSSLConfiguration(conf, SSLFactory.Mode.SERVER));
|
||||
KMSWebServer kmsWebServer = new KMSWebServer(conf, sslConf);
|
||||
kmsWebServer.start();
|
||||
kmsWebServer.join();
|
||||
}
|
||||
|
|
|
@ -145,14 +145,17 @@ public class MiniKMS {
|
|||
final Configuration conf = KMSConfiguration.getKMSConf();
|
||||
conf.set(KMSConfiguration.HTTP_HOST_KEY, "localhost");
|
||||
conf.setInt(KMSConfiguration.HTTP_PORT_KEY, inPort);
|
||||
|
||||
Configuration sslConf = null;
|
||||
if (keyStore != null) {
|
||||
conf.setBoolean(KMSConfiguration.SSL_ENABLED_KEY, true);
|
||||
conf.set(SSLFactory.SSL_SERVER_KEYSTORE_LOCATION, keyStore);
|
||||
conf.set(SSLFactory.SSL_SERVER_KEYSTORE_PASSWORD, keyStorePassword);
|
||||
conf.set(SSLFactory.SSL_SERVER_KEYSTORE_TYPE, "jks");
|
||||
sslConf = SSLFactory.readSSLConfiguration(conf, SSLFactory.Mode.SERVER);
|
||||
sslConf.set(SSLFactory.SSL_SERVER_KEYSTORE_LOCATION, keyStore);
|
||||
sslConf.set(SSLFactory.SSL_SERVER_KEYSTORE_PASSWORD, keyStorePassword);
|
||||
sslConf.set(SSLFactory.SSL_SERVER_KEYSTORE_TYPE, "jks");
|
||||
}
|
||||
|
||||
jetty = new KMSWebServer(conf);
|
||||
jetty = new KMSWebServer(conf, sslConf);
|
||||
jetty.start();
|
||||
kmsURL = jetty.getKMSUrl();
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue