private void createServerSSLConfig(String keyStorePassword, String trustStorePassword, Configuration conf) throws IOException { Configuration sslConf = new Configuration(false); File sslConfFile = new File(Paths.get(BASEDIR, "ssl-server.xml") .toString()); conf.set(SSLFactory.SSL_SERVER_CONF_KEY, sslConfFile.getAbsolutePath()); filesToPurge.add(sslConfFile.toString()); sslConf.set( FileBasedKeyStoresFactory.resolvePropertyName( SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY), keyStorePassword); sslConf.set( FileBasedKeyStoresFactory.resolvePropertyName( SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_TRUSTSTORE_PASSWORD_TPL_KEY), trustStorePassword); try (FileWriter fw = new FileWriter(sslConfFile, false)) { sslConf.writeXml(fw); } }
/** * Creates an SSLFactory. * * @param mode SSLFactory mode, client or server. * @param conf Hadoop configuration from where the SSLFactory configuration * will be read. */ public SSLFactory(Mode mode, Configuration conf) { this.conf = conf; if (mode == null) { throw new IllegalArgumentException("mode cannot be NULL"); } this.mode = mode; requireClientCert = conf.getBoolean(SSL_REQUIRE_CLIENT_CERT_KEY, DEFAULT_SSL_REQUIRE_CLIENT_CERT); Configuration sslConf = readSSLConfiguration(mode); Class<? extends KeyStoresFactory> klass = conf.getClass(KEYSTORES_FACTORY_CLASS_KEY, FileBasedKeyStoresFactory.class, KeyStoresFactory.class); keystoresFactory = ReflectionUtils.newInstance(klass, sslConf); enabledProtocols = conf.getStrings(SSL_ENABLED_PROTOCOLS, DEFAULT_SSL_ENABLED_PROTOCOLS); }
/** * Creates SSL configuration. * * @param mode SSLFactory.Mode mode to configure * @param keystore String keystore file * @param password String store password, or null to avoid setting store * password * @param keyPassword String key password, or null to avoid setting key * password * @param trustKS String truststore file * @return Configuration for SSL */ private static Configuration createSSLConfig(SSLFactory.Mode mode, String keystore, String password, String keyPassword, String trustKS) { String trustPassword = "trustP"; Configuration sslConf = new Configuration(false); if (keystore != null) { sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, FileBasedKeyStoresFactory.SSL_KEYSTORE_LOCATION_TPL_KEY), keystore); } if (password != null) { sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY), password); } if (keyPassword != null) { sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, FileBasedKeyStoresFactory.SSL_KEYSTORE_KEYPASSWORD_TPL_KEY), keyPassword); } if (trustKS != null) { sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, FileBasedKeyStoresFactory.SSL_TRUSTSTORE_LOCATION_TPL_KEY), trustKS); } if (trustPassword != null) { sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, FileBasedKeyStoresFactory.SSL_TRUSTSTORE_PASSWORD_TPL_KEY), trustPassword); } sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, FileBasedKeyStoresFactory.SSL_TRUSTSTORE_RELOAD_INTERVAL_TPL_KEY), "1000"); return sslConf; }
@PostConstruct public void init() { String confDir = settings.getHadoopConfDir(); File coreSite = new File(confDir, "core-site.xml"); if (!coreSite.exists()) { handleMissingConf("core-site.xml", confDir); } Configuration conf = new Configuration(); conf.addResource(new Path(coreSite.getAbsolutePath())); sslConf = new Configuration(false); String hadoopConfDir = settings.getHadoopConfDir(); File serverSSLConf = new File(hadoopConfDir, conf.get(SSLFactory .SSL_SERVER_CONF_KEY, "ssl-server.xml")); sslConf.addResource(new Path(serverSSLConf.getAbsolutePath())); superKeystorePath = sslConf.get( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_KEYSTORE_LOCATION_TPL_KEY)); superKeystorePassword = sslConf.get( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY)); superTrustStorePath = sslConf.get( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_TRUSTSTORE_LOCATION_TPL_KEY)); superTrustStorePassword = sslConf.get( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_TRUSTSTORE_PASSWORD_TPL_KEY)); try { superuser = UserGroupInformation.getLoginUser().getUserName(); } catch (IOException ex) { throw new IllegalStateException("Could not identify login user"); } }
private void parseSuperuserPasswords(Configuration conf) { Configuration sslConf = new Configuration(false); sslConf.addResource(conf.get(SSLFactory.SSL_SERVER_CONF_KEY, "ssl-server.xml")); superKeystorePass = sslConf.get( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY)); superTruststorePass = sslConf.get( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_TRUSTSTORE_PASSWORD_TPL_KEY)); }