@InterfaceAudience.Private public final class X509TestContext extends Object
Modifier and Type | Class and Description |
---|---|
static class |
X509TestContext.Builder
Builder class, used for creating new instances of X509TestContext.
|
Modifier and Type | Field and Description |
---|---|
private org.apache.hadoop.conf.Configuration |
conf |
private static String |
KEY_STORE_PREFIX |
private File |
keyStoreBcfksFile |
private X509Certificate |
keyStoreCertificate |
private File |
keyStoreJksFile |
private KeyPair |
keyStoreKeyPair |
private char[] |
keyStorePassword |
private File |
keyStorePemFile |
private File |
keyStorePkcs12File |
private File |
tempDir |
private static String |
TRUST_STORE_PREFIX |
private File |
trustStoreBcfksFile |
private X509Certificate |
trustStoreCertificate |
private File |
trustStoreJksFile |
private KeyPair |
trustStoreKeyPair |
private char[] |
trustStorePassword |
private File |
trustStorePemFile |
private File |
trustStorePkcs12File |
Modifier | Constructor and Description |
---|---|
private |
X509TestContext(org.apache.hadoop.conf.Configuration conf,
File tempDir,
KeyPair trustStoreKeyPair,
char[] trustStorePassword,
KeyPair keyStoreKeyPair,
char[] keyStorePassword)
Constructor is intentionally private, use the Builder class instead.
|
private |
X509TestContext(File tempDir,
org.apache.hadoop.conf.Configuration conf,
X509Certificate trustStoreCertificate,
char[] trustStorePassword,
KeyPair trustStoreKeyPair,
File trustStoreJksFile,
File trustStorePemFile,
File trustStorePkcs12File,
KeyPair keyStoreKeyPair,
char[] keyStorePassword,
X509Certificate keyStoreCertificate)
|
Modifier and Type | Method and Description |
---|---|
void |
clearConfigurations() |
X509TestContext |
cloneWithNewKeystoreCert(X509Certificate cert)
Creates a clone of the current context, but injecting the passed certificate as the KeyStore
cert.
|
private void |
createCertificates() |
private void |
generateKeyStoreBcfksFile() |
private void |
generateKeyStoreJksFile() |
private void |
generateKeyStorePemFile() |
private void |
generateKeyStorePkcs12File() |
private void |
generateTrustStoreBcfksFile() |
private void |
generateTrustStoreJksFile() |
private void |
generateTrustStorePemFile() |
private void |
generateTrustStorePkcs12File() |
org.apache.hadoop.conf.Configuration |
getConf() |
private File |
getKeyStoreBcfksFile() |
X509Certificate |
getKeyStoreCertificate() |
File |
getKeyStoreFile(org.apache.hadoop.hbase.io.crypto.tls.KeyStoreFileType storeFileType)
Returns the path to the key store file in the given format (JKS, PEM, ...).
|
private File |
getKeyStoreJksFile() |
char[] |
getKeyStorePassword() |
private File |
getKeyStorePemFile() |
private File |
getKeyStorePkcs12File() |
File |
getTempDir() |
private File |
getTrustStoreBcfksFile() |
File |
getTrustStoreFile(org.apache.hadoop.hbase.io.crypto.tls.KeyStoreFileType storeFileType)
Returns the path to the trust store file in the given format (JKS or PEM).
|
private File |
getTrustStoreJksFile() |
char[] |
getTrustStorePassword() |
private File |
getTrustStorePemFile() |
private File |
getTrustStorePkcs12File() |
boolean |
isKeyStoreEncrypted() |
static X509TestContext.Builder |
newBuilder(org.apache.hadoop.conf.Configuration conf)
Returns a new default-constructed Builder.
|
X509Certificate |
newCert(org.bouncycastle.asn1.x500.X500Name name,
String... subjectAltNames)
Generates a new certificate using this context's CA and keystoreKeyPair.
|
void |
regenerateStores(X509KeyType keyStoreKeyType,
X509KeyType trustStoreKeyType,
org.apache.hadoop.hbase.io.crypto.tls.KeyStoreFileType keyStoreFileType,
org.apache.hadoop.hbase.io.crypto.tls.KeyStoreFileType trustStoreFileType) |
void |
setConfigurations(org.apache.hadoop.hbase.io.crypto.tls.KeyStoreFileType keyStoreFileType,
org.apache.hadoop.hbase.io.crypto.tls.KeyStoreFileType trustStoreFileType)
Sets the SSL system properties such that the given X509Util object can be used to create SSL
Contexts that will use the trust store and key store files created by this test context.
|
void |
setKeystoreConfigurations(org.apache.hadoop.hbase.io.crypto.tls.KeyStoreFileType keyStoreFileType,
org.apache.hadoop.conf.Configuration confToSet)
Sets the KeyStore-related SSL system properties onto the given Configuration such that X509Util
can be used to create SSL Contexts using that KeyStore.
|
private static final String TRUST_STORE_PREFIX
private static final String KEY_STORE_PREFIX
private final org.apache.hadoop.conf.Configuration conf
private X509Certificate trustStoreCertificate
private final char[] trustStorePassword
private KeyPair trustStoreKeyPair
private File trustStoreJksFile
private File trustStorePemFile
private File trustStorePkcs12File
private File trustStoreBcfksFile
private KeyPair keyStoreKeyPair
private X509Certificate keyStoreCertificate
private final char[] keyStorePassword
private File keyStoreJksFile
private File keyStorePemFile
private File keyStorePkcs12File
private File keyStoreBcfksFile
private X509TestContext(org.apache.hadoop.conf.Configuration conf, File tempDir, KeyPair trustStoreKeyPair, char[] trustStorePassword, KeyPair keyStoreKeyPair, char[] keyStorePassword) throws IOException, GeneralSecurityException, org.bouncycastle.operator.OperatorCreationException
conf
- the configurationtempDir
- the directory in which key store and trust store temp files will be
written.trustStoreKeyPair
- the key pair for the trust store.trustStorePassword
- the password to protect a JKS trust store (ignored for PEM trust
stores).keyStoreKeyPair
- the key pair for the key store.keyStorePassword
- the password to protect the key store private key.IOException
GeneralSecurityException
org.bouncycastle.operator.OperatorCreationException
private X509TestContext(File tempDir, org.apache.hadoop.conf.Configuration conf, X509Certificate trustStoreCertificate, char[] trustStorePassword, KeyPair trustStoreKeyPair, File trustStoreJksFile, File trustStorePemFile, File trustStorePkcs12File, KeyPair keyStoreKeyPair, char[] keyStorePassword, X509Certificate keyStoreCertificate)
cloneWithNewKeystoreCert(X509Certificate)
. Should set all fields except
generated keystore path fieldspublic X509Certificate newCert(org.bouncycastle.asn1.x500.X500Name name, String... subjectAltNames) throws GeneralSecurityException, IOException, org.bouncycastle.operator.OperatorCreationException
GeneralSecurityException
IOException
org.bouncycastle.operator.OperatorCreationException
public File getTempDir()
public char[] getTrustStorePassword()
public File getTrustStoreFile(org.apache.hadoop.hbase.io.crypto.tls.KeyStoreFileType storeFileType) throws IOException
storeFileType
- the store file type (JKS or PEM).IOException
- if there is an error creating the trust store file.private File getTrustStoreJksFile() throws IOException
IOException
private void generateTrustStoreJksFile() throws IOException
IOException
private File getTrustStorePemFile() throws IOException
IOException
private void generateTrustStorePemFile() throws IOException
IOException
private File getTrustStorePkcs12File() throws IOException
IOException
private void generateTrustStorePkcs12File() throws IOException
IOException
private File getTrustStoreBcfksFile() throws IOException
IOException
private void generateTrustStoreBcfksFile() throws IOException
IOException
public X509Certificate getKeyStoreCertificate()
public char[] getKeyStorePassword()
public boolean isKeyStoreEncrypted()
public org.apache.hadoop.conf.Configuration getConf()
public File getKeyStoreFile(org.apache.hadoop.hbase.io.crypto.tls.KeyStoreFileType storeFileType) throws IOException
storeFileType
- the store file type (JKS, PEM, ...).IOException
- if there is an error creating the key store file.private File getKeyStoreJksFile() throws IOException
IOException
private void generateKeyStoreJksFile() throws IOException
IOException
private File getKeyStorePemFile() throws IOException
IOException
private void generateKeyStorePemFile() throws IOException, org.bouncycastle.operator.OperatorCreationException
IOException
org.bouncycastle.operator.OperatorCreationException
private File getKeyStorePkcs12File() throws IOException
IOException
private void generateKeyStorePkcs12File() throws IOException
IOException
private File getKeyStoreBcfksFile() throws IOException
IOException
private void generateKeyStoreBcfksFile() throws IOException
IOException
public void setConfigurations(org.apache.hadoop.hbase.io.crypto.tls.KeyStoreFileType keyStoreFileType, org.apache.hadoop.hbase.io.crypto.tls.KeyStoreFileType trustStoreFileType) throws IOException
X509TestContext testContext = ...; // create the test context X509Util x509Util = new QuorumX509Util(); testContext.setSystemProperties(x509Util, KeyStoreFileType.JKS, KeyStoreFileType.JKS); // The returned context will use the key store and trust store created by the test context. SSLContext ctx = x509Util.getDefaultSSLContext();
keyStoreFileType
- the store file type to use for the key store (JKS, PEM, ...).trustStoreFileType
- the store file type to use for the trust store (JKS, PEM, ...).IOException
- if there is an error creating the key store file or trust store file.public void setKeystoreConfigurations(org.apache.hadoop.hbase.io.crypto.tls.KeyStoreFileType keyStoreFileType, org.apache.hadoop.conf.Configuration confToSet) throws IOException
public void clearConfigurations()
public X509TestContext cloneWithNewKeystoreCert(X509Certificate cert)
setConfigurations(KeyStoreFileType, KeyStoreFileType)
,
setKeystoreConfigurations(KeyStoreFileType, Configuration)
, or
getKeyStoreFile(KeyStoreFileType)
will create a new keystore with this certificate in
place.cert
- the cert to replacepublic void regenerateStores(X509KeyType keyStoreKeyType, X509KeyType trustStoreKeyType, org.apache.hadoop.hbase.io.crypto.tls.KeyStoreFileType keyStoreFileType, org.apache.hadoop.hbase.io.crypto.tls.KeyStoreFileType trustStoreFileType) throws GeneralSecurityException, IOException, org.bouncycastle.operator.OperatorCreationException
GeneralSecurityException
IOException
org.bouncycastle.operator.OperatorCreationException
private void createCertificates() throws GeneralSecurityException, IOException, org.bouncycastle.operator.OperatorCreationException
GeneralSecurityException
IOException
org.bouncycastle.operator.OperatorCreationException
public static X509TestContext.Builder newBuilder(org.apache.hadoop.conf.Configuration conf)
Copyright © 2007–2020 The Apache Software Foundation. All rights reserved.