public ReEncryptionClientProvider(URI uri, Configuration conf) throws IOException { setConf(conf); renUrl = createServiceURL(ProviderUtils.unnestUri(uri)); if ("https".equalsIgnoreCase(new URL(renUrl).getProtocol())) { sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf); try { sslFactory.init(); } catch (GeneralSecurityException ex) { throw new IOException(ex); } } int timeout = conf.getInt(TIMEOUT_ATTR, DEFAULT_TIMEOUT); authRetry = conf.getInt(AUTH_RETRY, DEFAULT_AUTH_RETRY); configurator = new TimeoutConnConfigurator(timeout, sslFactory); authToken = new DelegationTokenAuthenticatedURL.Token(); UserGroupInformation.AuthenticationMethod authMethod = UserGroupInformation.getCurrentUser().getAuthenticationMethod(); if (authMethod == UserGroupInformation.AuthenticationMethod.PROXY) { actualUgi = UserGroupInformation.getCurrentUser().getRealUser(); } else if (authMethod == UserGroupInformation.AuthenticationMethod.TOKEN) { actualUgi = UserGroupInformation.getLoginUser(); } else { actualUgi =UserGroupInformation.getCurrentUser(); } }
public KerberosWebHDFSConnection2(String httpfsUrl, String principal, String password) { this.httpfsUrl = httpfsUrl; this.principal = principal; this.password = password; Configuration conf = new Configuration(); conf.addResource("conf/hdfs-site.xml"); conf.addResource("conf/core-site.xml"); newToken = new AuthenticatedURL.Token(); KerberosAuthenticator ka = new KerberosAuthenticator(); ConnectionConfigurator connectionConfigurator = new SSLFactory(SSLFactory.Mode.CLIENT,conf); ka.setConnectionConfigurator(connectionConfigurator); try{ URL url = new URL(httpfsUrl); ka.authenticate(url,newToken); }catch(Exception e){ e.printStackTrace(); } this.authenticatedURL = new AuthenticatedURL(ka,connectionConfigurator); // this.authenticatedURL = new AuthenticatedURL( // new KerberosAuthenticator2(principal, password)); }
/** * Configure an ssl listener on the server for shuffle. * * @param addr address to listen on. * @param sslFactory SSLFactory to use. */ public void addSslListener(InetSocketAddress addr, final SSLFactory sslFactory) throws IOException { if (webServer.isStarted()) { throw new IOException("Failed to add ssl listener"); } SslSocketConnector sslListener = new SslSocketConnector() { @Override protected SSLServerSocketFactory createFactory() throws Exception { return sslFactory.createSSLServerSocketFactory(); } }; sslListener.setHost(addr.getHostName()); sslListener.setPort(addr.getPort()); webServer.addConnector(sslListener); }
private static String readOut(URL url) throws Exception { StringBuilder out = new StringBuilder(); HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); Configuration conf = new Configuration(); conf.addResource(CONFIG_SITE_XML); SSLFactory sslf = new SSLFactory(SSLFactory.Mode.CLIENT, conf); sslf.init(); conn.setSSLSocketFactory(sslf.createSSLSocketFactory()); InputStream in = conn.getInputStream(); byte[] buffer = new byte[64 * 1024]; int len = in.read(buffer); while (len > 0) { out.append(new String(buffer, 0, len)); len = in.read(buffer); } return out.toString(); }
private ConnectionConfigurator initSslConnConfigurator(final int timeout, Configuration conf) throws IOException, GeneralSecurityException { final SSLSocketFactory sf; final HostnameVerifier hv; sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf); sslFactory.init(); sf = sslFactory.createSSLSocketFactory(); hv = sslFactory.getHostnameVerifier(); return new ConnectionConfigurator() { @Override public HttpURLConnection configure(HttpURLConnection conn) throws IOException { if (conn instanceof HttpsURLConnection) { HttpsURLConnection c = (HttpsURLConnection) conn; c.setSSLSocketFactory(sf); c.setHostnameVerifier(hv); } setTimeouts(conn, timeout); return conn; } }; }
protected void serviceInit(Configuration conf) throws Exception { this.remoteRootLogDir = new Path(conf.get(YarnConfiguration.NM_REMOTE_APP_LOG_DIR, YarnConfiguration.DEFAULT_NM_REMOTE_APP_LOG_DIR)); this.remoteRootLogDirSuffix = conf.get(YarnConfiguration.NM_REMOTE_APP_LOG_DIR_SUFFIX, YarnConfiguration.DEFAULT_NM_REMOTE_APP_LOG_DIR_SUFFIX); if (conf.getBoolean(CommonConfigurationKeys.IPC_SERVER_SSL_ENABLED, CommonConfigurationKeys.IPC_SERVER_SSL_ENABLED_DEFAULT)) { sslConf.addResource(conf.get(SSLFactory.SSL_SERVER_CONF_KEY, "ssl-server.xml")); } else { sslConf = null; } super.serviceInit(conf); }
private void createServerSSLConfig(String keyStorePassword, String trustStorePassword, Configuration conf) throws IOException { Configuration sslConf = new Configuration(false); File sslConfFile = new File(Paths.get(BASEDIR, "ssl-server.xml") .toString()); conf.set(SSLFactory.SSL_SERVER_CONF_KEY, sslConfFile.getAbsolutePath()); filesToPurge.add(sslConfFile.toString()); sslConf.set( FileBasedKeyStoresFactory.resolvePropertyName( SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY), keyStorePassword); sslConf.set( FileBasedKeyStoresFactory.resolvePropertyName( SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_TRUSTSTORE_PASSWORD_TPL_KEY), trustStorePassword); try (FileWriter fw = new FileWriter(sslConfFile, false)) { sslConf.writeXml(fw); } }
@BeforeClass public static void setup() throws Exception { conf = new Configuration(); conf.setInt(HttpServer2.HTTP_MAX_THREADS, 10); File base = new File(BASEDIR); FileUtil.fullyDelete(base); base.mkdirs(); keystoresDir = new File(BASEDIR).getAbsolutePath(); sslConfDir = KeyStoreTestUtil.getClasspathDir(TestSSLHttpServer.class); KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false, true, excludeCiphers); Configuration sslConf = KeyStoreTestUtil.getSslConfig(); clientSslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, sslConf); clientSslFactory.init(); server = new HttpServer2.Builder() .setName("test") .addEndpoint(new URI("https://localhost")) .setConf(conf) .keyPassword(sslConf.get("ssl.server.keystore.keypassword")) .keyStore(sslConf.get("ssl.server.keystore.location"), sslConf.get("ssl.server.keystore.password"), sslConf.get("ssl.server.keystore.type", "jks")) .trustStore(sslConf.get("ssl.server.truststore.location"), sslConf.get("ssl.server.truststore.password"), sslConf.get("ssl.server.truststore.type", "jks")) .excludeCiphers( sslConf.get("ssl.server.exclude.cipher.list")).build(); server.addServlet("echo", "/echo", TestHttpServer.EchoServlet.class); server.addServlet("longheader", "/longheader", LongHeaderServlet.class); server.start(); baseUrl = new URL("https://" + NetUtils.getHostPortString(server.getConnectorAddress(0))); LOG.info("HTTP server started: " + baseUrl); }
@BeforeClass public static void setUp() throws Exception { Configuration conf = new Configuration(); conf.set(HttpServer2.FILTER_INITIALIZER_PROPERTY, DummyFilterInitializer.class.getName()); File base = new File(BASEDIR); FileUtil.fullyDelete(base); base.mkdirs(); keystoresDir = new File(BASEDIR).getAbsolutePath(); sslConfDir = KeyStoreTestUtil.getClasspathDir(TestSSLHttpServer.class); KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false); Configuration sslConf = KeyStoreTestUtil.getSslConfig(); clientSslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, sslConf); clientSslFactory.init(); server = new HttpServer2.Builder() .setName("test") .addEndpoint(new URI("http://localhost")) .addEndpoint(new URI("https://localhost")) .setConf(conf) .keyPassword(sslConf.get("ssl.server.keystore.keypassword")) .keyStore(sslConf.get("ssl.server.keystore.location"), sslConf.get("ssl.server.keystore.password"), sslConf.get("ssl.server.keystore.type", "jks")) .trustStore(sslConf.get("ssl.server.truststore.location"), sslConf.get("ssl.server.truststore.password"), sslConf.get("ssl.server.truststore.type", "jks")) .excludeCiphers( sslConf.get("ssl.server.exclude.cipher.list")) .build(); server.addServlet("echo", "/echo", TestHttpServer.EchoServlet.class); server.start(); }
public HttpPipelineFactory(Configuration conf) throws Exception { SHUFFLE = getShuffle(conf); if (conf.getBoolean(MRConfig.SHUFFLE_SSL_ENABLED_KEY, MRConfig.SHUFFLE_SSL_ENABLED_DEFAULT)) { LOG.info("Encrypted shuffle is enabled."); sslFactory = new SSLFactory(SSLFactory.Mode.SERVER, conf); sslFactory.init(); } }
@BeforeClass public static void setup() throws Exception { conf = new Configuration(); conf.setInt(HttpServer2.HTTP_MAX_THREADS, 10); File base = new File(BASEDIR); FileUtil.fullyDelete(base); base.mkdirs(); keystoresDir = new File(BASEDIR).getAbsolutePath(); sslConfDir = KeyStoreTestUtil.getClasspathDir(TestSSLHttpServer.class); KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false); Configuration sslConf = new Configuration(false); sslConf.addResource("ssl-server.xml"); sslConf.addResource("ssl-client.xml"); clientSslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, sslConf); clientSslFactory.init(); server = new HttpServer2.Builder() .setName("test") .addEndpoint(new URI("https://localhost")) .setConf(conf) .keyPassword(sslConf.get("ssl.server.keystore.keypassword")) .keyStore(sslConf.get("ssl.server.keystore.location"), sslConf.get("ssl.server.keystore.password"), sslConf.get("ssl.server.keystore.type", "jks")) .trustStore(sslConf.get("ssl.server.truststore.location"), sslConf.get("ssl.server.truststore.password"), sslConf.get("ssl.server.truststore.type", "jks")).build(); server.addServlet("echo", "/echo", TestHttpServer.EchoServlet.class); server.addServlet("longheader", "/longheader", LongHeaderServlet.class); server.start(); baseUrl = new URL("https://" + NetUtils.getHostPortString(server.getConnectorAddress(0))); LOG.info("HTTP server started: " + baseUrl); }
@BeforeClass public static void setUp() throws Exception { Configuration conf = new Configuration(); conf.set(HttpServer2.FILTER_INITIALIZER_PROPERTY, DummyFilterInitializer.class.getName()); File base = new File(BASEDIR); FileUtil.fullyDelete(base); base.mkdirs(); keystoresDir = new File(BASEDIR).getAbsolutePath(); sslConfDir = KeyStoreTestUtil.getClasspathDir(TestSSLHttpServer.class); KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false); Configuration sslConf = new Configuration(false); sslConf.addResource("ssl-server.xml"); sslConf.addResource("ssl-client.xml"); clientSslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, sslConf); clientSslFactory.init(); server = new HttpServer2.Builder() .setName("test") .addEndpoint(new URI("http://localhost")) .addEndpoint(new URI("https://localhost")) .setConf(conf) .keyPassword(sslConf.get("ssl.server.keystore.keypassword")) .keyStore(sslConf.get("ssl.server.keystore.location"), sslConf.get("ssl.server.keystore.password"), sslConf.get("ssl.server.keystore.type", "jks")) .trustStore(sslConf.get("ssl.server.truststore.location"), sslConf.get("ssl.server.truststore.password"), sslConf.get("ssl.server.truststore.type", "jks")).build(); server.addServlet("echo", "/echo", TestHttpServer.EchoServlet.class); server.start(); }
@BeforeClass public static void setup() throws Exception { conf = new Configuration(); conf.setInt(HttpServer.HTTP_MAX_THREADS, 10); File base = new File(BASEDIR); FileUtil.fullyDelete(base); base.mkdirs(); keystoresDir = new File(BASEDIR).getAbsolutePath(); sslConfDir = KeyStoreTestUtil.getClasspathDir(TestSSLHttpServer.class); KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false); Configuration sslConf = new Configuration(false); sslConf.addResource("ssl-server.xml"); sslConf.addResource("ssl-client.xml"); clientSslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, sslConf); clientSslFactory.init(); server = new HttpServer.Builder() .setName("test") .addEndpoint(new URI("https://localhost")) .setConf(conf) .keyPassword(HBaseConfiguration.getPassword(sslConf, "ssl.server.keystore.keypassword", null)) .keyStore(sslConf.get("ssl.server.keystore.location"), HBaseConfiguration.getPassword(sslConf, "ssl.server.keystore.password", null), sslConf.get("ssl.server.keystore.type", "jks")) .trustStore(sslConf.get("ssl.server.truststore.location"), HBaseConfiguration.getPassword(sslConf, "ssl.server.truststore.password", null), sslConf.get("ssl.server.truststore.type", "jks")).build(); server.addServlet("echo", "/echo", TestHttpServer.EchoServlet.class); server.start(); baseUrl = new URL("https://" + NetUtils.getHostPortString(server.getConnectorAddress(0))); LOG.info("HTTP server started: " + baseUrl); }
/** * Creates SSL configuration. * * @param mode SSLFactory.Mode mode to configure * @param keystore String keystore file * @param password String store password, or null to avoid setting store * password * @param keyPassword String key password, or null to avoid setting key * password * @param trustKS String truststore file * @return Configuration for SSL */ private static Configuration createSSLConfig(SSLFactory.Mode mode, String keystore, String password, String keyPassword, String trustKS) { String trustPassword = "trustP"; Configuration sslConf = new Configuration(false); if (keystore != null) { sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, FileBasedKeyStoresFactory.SSL_KEYSTORE_LOCATION_TPL_KEY), keystore); } if (password != null) { sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY), password); } if (keyPassword != null) { sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, FileBasedKeyStoresFactory.SSL_KEYSTORE_KEYPASSWORD_TPL_KEY), keyPassword); } if (trustKS != null) { sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, FileBasedKeyStoresFactory.SSL_TRUSTSTORE_LOCATION_TPL_KEY), trustKS); } if (trustPassword != null) { sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, FileBasedKeyStoresFactory.SSL_TRUSTSTORE_PASSWORD_TPL_KEY), trustPassword); } sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode, FileBasedKeyStoresFactory.SSL_TRUSTSTORE_RELOAD_INTERVAL_TPL_KEY), "1000"); return sslConf; }
@BeforeClass public static void clusterSetupAtBeginning() throws IOException, LoginException, URISyntaxException { File base = new File(BASEDIR); FileUtil.fullyDelete(base); base.mkdirs(); keystoresDir = new File(BASEDIR).getAbsolutePath(); try { sslConfDir = KeyStoreTestUtil .getClasspathDir(TestSWebHdfsFileContextMainOperations.class); KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, CONF, false); CONF.set(DFSConfigKeys.DFS_CLIENT_HTTPS_KEYSTORE_RESOURCE_KEY, KeyStoreTestUtil.getClientSSLConfigFileName()); CONF.set(DFSConfigKeys.DFS_SERVER_HTTPS_KEYSTORE_RESOURCE_KEY, KeyStoreTestUtil.getServerSSLConfigFileName()); } catch (Exception ex) { throw new RuntimeException(ex); } CONF.set(DFSConfigKeys.DFS_HTTP_POLICY_KEY, "HTTPS_ONLY"); CONF.set(DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_KEY, "localhost:0"); CONF.set(DFSConfigKeys.DFS_DATANODE_HTTPS_ADDRESS_KEY, "localhost:0"); CONF.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, "DEFAULT_AND_LOCALHOST"); cluster = new MiniDFSCluster.Builder(CONF).numDataNodes(2).build(); cluster.waitClusterUp(); webhdfsUrl = new URI(SWebHdfs.SCHEME + "://" + cluster.getConfiguration(0) .get(DFSConfigKeys.DFS_NAMENODE_HTTPS_ADDRESS_KEY)); fc = FileContext.getFileContext(webhdfsUrl, CONF); defaultWorkingDirectory = fc.makeQualified(new Path( "/user/" + UserGroupInformation.getCurrentUser().getShortUserName())); fc.mkdir(defaultWorkingDirectory, FileContext.DEFAULT_PERM, true); }
@BeforeClass public static void setup() throws Exception { conf = new Configuration(); conf.setInt(HttpServer2.HTTP_MAX_THREADS, 10); File base = new File(BASEDIR); FileUtil.fullyDelete(base); base.mkdirs(); keystoresDir = new File(BASEDIR).getAbsolutePath(); sslConfDir = KeyStoreTestUtil.getClasspathDir(TestSSLHttpServer.class); KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false); Configuration sslConf = KeyStoreTestUtil.getSslConfig(); clientSslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, sslConf); clientSslFactory.init(); server = new HttpServer2.Builder() .setName("test") .addEndpoint(new URI("https://localhost")) .setConf(conf) .keyPassword(sslConf.get("ssl.server.keystore.keypassword")) .keyStore(sslConf.get("ssl.server.keystore.location"), sslConf.get("ssl.server.keystore.password"), sslConf.get("ssl.server.keystore.type", "jks")) .trustStore(sslConf.get("ssl.server.truststore.location"), sslConf.get("ssl.server.truststore.password"), sslConf.get("ssl.server.truststore.type", "jks")).build(); server.addServlet("echo", "/echo", TestHttpServer.EchoServlet.class); server.addServlet("longheader", "/longheader", LongHeaderServlet.class); server.start(); baseUrl = new URL("https://" + NetUtils.getHostPortString(server.getConnectorAddress(0))); LOG.info("HTTP server started: " + baseUrl); }
@BeforeClass public static void setUp() throws Exception { Configuration conf = new Configuration(); conf.set(HttpServer2.FILTER_INITIALIZER_PROPERTY, DummyFilterInitializer.class.getName()); File base = new File(BASEDIR); FileUtil.fullyDelete(base); base.mkdirs(); keystoresDir = new File(BASEDIR).getAbsolutePath(); sslConfDir = KeyStoreTestUtil.getClasspathDir(TestSSLHttpServer.class); KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false); Configuration sslConf = KeyStoreTestUtil.getSslConfig(); clientSslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, sslConf); clientSslFactory.init(); server = new HttpServer2.Builder() .setName("test") .addEndpoint(new URI("http://localhost")) .addEndpoint(new URI("https://localhost")) .setConf(conf) .keyPassword(sslConf.get("ssl.server.keystore.keypassword")) .keyStore(sslConf.get("ssl.server.keystore.location"), sslConf.get("ssl.server.keystore.password"), sslConf.get("ssl.server.keystore.type", "jks")) .trustStore(sslConf.get("ssl.server.truststore.location"), sslConf.get("ssl.server.truststore.password"), sslConf.get("ssl.server.truststore.type", "jks")).build(); server.addServlet("echo", "/echo", TestHttpServer.EchoServlet.class); server.start(); }
protected JobConf getJobConf(Configuration sslConf) throws IOException { JobConf conf = new JobConf(mrCluster.createJobConf()); //doing this because Hadoop1 minicluster does not use all mr cluster confs for the created jobconf conf.set(JobTracker.SHUFFLE_SSL_ENABLED_KEY, sslConf.get(JobTracker.SHUFFLE_SSL_ENABLED_KEY)); conf.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, sslConf.get(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY)); conf.set(SSLFactory.SSL_CLIENT_CONF_KEY, sslConf.get(SSLFactory.SSL_CLIENT_CONF_KEY)); conf.set(SSLFactory.SSL_SERVER_CONF_KEY, sslConf.get(SSLFactory.SSL_SERVER_CONF_KEY)); conf.set(SSLFactory.SSL_REQUIRE_CLIENT_CERT_KEY, sslConf.get(SSLFactory.SSL_REQUIRE_CLIENT_CERT_KEY)); return conf; }
public HttpPipelineFactory(Configuration conf) throws Exception { SHUFFLE = getShuffle(conf); if (conf.getBoolean(MRConfig.SHUFFLE_SSL_ENABLED_KEY, MRConfig.SHUFFLE_SSL_ENABLED_DEFAULT)) { sslFactory = new SSLFactory(SSLFactory.Mode.SERVER, conf); sslFactory.init(); } }
@Override public void init(DaemonContext context) throws Exception { System.err.println("Initializing secure datanode resources"); Configuration conf = new Configuration(); // Stash command-line arguments for regular datanode args = context.getArguments(); sslFactory = new SSLFactory(SSLFactory.Mode.SERVER, conf); resources = getSecureResources(sslFactory, conf); }
protected PropertiesConfiguration getSSLConfiguration(String providerUrl) { String projectBaseDirectory = System.getProperty("projectBaseDir"); final PropertiesConfiguration configuration = new PropertiesConfiguration(); configuration.setProperty("atlas.services.enabled", false); configuration.setProperty(TLS_ENABLED, true); configuration.setProperty(TRUSTSTORE_FILE_KEY, projectBaseDirectory + "/webapp/target/atlas.keystore"); configuration.setProperty(KEYSTORE_FILE_KEY, projectBaseDirectory + "/webapp/target/atlas.keystore"); configuration.setProperty(CERT_STORES_CREDENTIAL_PROVIDER_PATH, providerUrl); configuration.setProperty(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, SSLHostnameVerifier.DEFAULT_AND_LOCALHOST.toString()); return configuration; }
@BeforeClass public static void setup() throws Exception { conf = new Configuration(); conf.setInt(HttpServer.HTTP_MAX_THREADS, 10); File base = new File(BASEDIR); FileUtil.fullyDelete(base); base.mkdirs(); keystoresDir = new File(BASEDIR).getAbsolutePath(); sslConfDir = KeyStoreTestUtil.getClasspathDir(TestSSLHttpServer.class); KeyStoreTestUtil.setupSSLConfig(keystoresDir, sslConfDir, conf, false); Configuration sslConf = new Configuration(false); sslConf.addResource("ssl-server.xml"); sslConf.addResource("ssl-client.xml"); clientSslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, sslConf); clientSslFactory.init(); server = new HttpServer.Builder() .setName("test") .addEndpoint(new URI("https://localhost")) .setConf(conf) .keyPassword(sslConf.get("ssl.server.keystore.keypassword")) .keyStore(sslConf.get("ssl.server.keystore.location"), sslConf.get("ssl.server.keystore.password"), sslConf.get("ssl.server.keystore.type", "jks")) .trustStore(sslConf.get("ssl.server.truststore.location"), sslConf.get("ssl.server.truststore.password"), sslConf.get("ssl.server.truststore.type", "jks")).build(); server.addServlet("echo", "/echo", TestHttpServer.EchoServlet.class); server.start(); baseUrl = new URL("https://" + NetUtils.getHostPortString(server.getConnectorAddress(0))); LOG.info("HTTP server started: " + baseUrl); }
@PostConstruct public void init() { String confDir = settings.getHadoopConfDir(); File coreSite = new File(confDir, "core-site.xml"); if (!coreSite.exists()) { handleMissingConf("core-site.xml", confDir); } Configuration conf = new Configuration(); conf.addResource(new Path(coreSite.getAbsolutePath())); sslConf = new Configuration(false); String hadoopConfDir = settings.getHadoopConfDir(); File serverSSLConf = new File(hadoopConfDir, conf.get(SSLFactory .SSL_SERVER_CONF_KEY, "ssl-server.xml")); sslConf.addResource(new Path(serverSSLConf.getAbsolutePath())); superKeystorePath = sslConf.get( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_KEYSTORE_LOCATION_TPL_KEY)); superKeystorePassword = sslConf.get( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY)); superTrustStorePath = sslConf.get( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_TRUSTSTORE_LOCATION_TPL_KEY)); superTrustStorePassword = sslConf.get( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_TRUSTSTORE_PASSWORD_TPL_KEY)); try { superuser = UserGroupInformation.getLoginUser().getUserName(); } catch (IOException ex) { throw new IllegalStateException("Could not identify login user"); } }
private void parseSuperuserPasswords(Configuration conf) { Configuration sslConf = new Configuration(false); sslConf.addResource(conf.get(SSLFactory.SSL_SERVER_CONF_KEY, "ssl-server.xml")); superKeystorePass = sslConf.get( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY)); superTruststorePass = sslConf.get( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_TRUSTSTORE_PASSWORD_TPL_KEY)); }
public HttpPipelineFactory(Configuration conf, Timer timer) throws Exception { SHUFFLE = getShuffle(conf); if (conf.getBoolean(MRConfig.SHUFFLE_SSL_ENABLED_KEY, MRConfig.SHUFFLE_SSL_ENABLED_DEFAULT)) { LOG.info("Encrypted shuffle is enabled."); sslFactory = new SSLFactory(SSLFactory.Mode.SERVER, conf); sslFactory.init(); } this.idleStateHandler = new IdleStateHandler(timer, 0, connectionKeepAliveTimeOut, 0); }
public KMSClientProvider(URI uri, Configuration conf) throws IOException { super(conf); kmsUrl = createServiceURL(extractKMSPath(uri)); if ("https".equalsIgnoreCase(new URL(kmsUrl).getProtocol())) { sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf); try { sslFactory.init(); } catch (GeneralSecurityException ex) { throw new IOException(ex); } } int timeout = conf.getInt(TIMEOUT_ATTR, DEFAULT_TIMEOUT); authRetry = conf.getInt(AUTH_RETRY, DEFAULT_AUTH_RETRY); configurator = new TimeoutConnConfigurator(timeout, sslFactory); encKeyVersionQueue = new ValueQueue<KeyProviderCryptoExtension.EncryptedKeyVersion>( conf.getInt( CommonConfigurationKeysPublic.KMS_CLIENT_ENC_KEY_CACHE_SIZE, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_SIZE_DEFAULT), conf.getFloat( CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_LOW_WATERMARK, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_LOW_WATERMARK_DEFAULT), conf.getInt( CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_EXPIRY_MS, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_EXPIRY_DEFAULT), conf.getInt( CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_NUM_REFILL_THREADS, CommonConfigurationKeysPublic. KMS_CLIENT_ENC_KEY_CACHE_NUM_REFILL_THREADS_DEFAULT), new EncryptedQueueRefiller()); authToken = new DelegationTokenAuthenticatedURL.Token(); }
