Repository: hbase Updated Branches: refs/heads/branch-1 fe8658ce3 -> c2eeddfb2 refs/heads/branch-1.0 b4f6ee9ad -> 24958f959 refs/heads/master d314f7d9e -> 2da1bf10b
HBASE-12006 [JDK 8] KeyStoreTestUtil#generateCertificate fails due to "subject class type invalid" This is a port of the fix from HADOOP-10847 Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/2da1bf10 Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/2da1bf10 Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/2da1bf10 Branch: refs/heads/master Commit: 2da1bf10b8d83b51228f76a0603394a4a5ae03cb Parents: d314f7d Author: Andrew Purtell <[email protected]> Authored: Wed Apr 15 09:47:34 2015 -0700 Committer: Andrew Purtell <[email protected]> Committed: Wed Apr 15 09:47:34 2015 -0700 ---------------------------------------------------------------------- hbase-server/pom.xml | 5 ++ .../hadoop/hbase/http/ssl/KeyStoreTestUtil.java | 69 +++++++------------- pom.xml | 7 ++ 3 files changed, 35 insertions(+), 46 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/2da1bf10/hbase-server/pom.xml ---------------------------------------------------------------------- diff --git a/hbase-server/pom.xml b/hbase-server/pom.xml index 107480a..4becc40 100644 --- a/hbase-server/pom.xml +++ b/hbase-server/pom.xml @@ -511,6 +511,11 @@ <artifactId>hadoop-minikdc</artifactId> <scope>test</scope> </dependency> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk16</artifactId> + <scope>test</scope> + </dependency> </dependencies> <profiles> <!-- Skip the tests in this module --> http://git-wip-us.apache.org/repos/asf/hbase/blob/2da1bf10/hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/KeyStoreTestUtil.java ---------------------------------------------------------------------- diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/KeyStoreTestUtil.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/KeyStoreTestUtil.java index 248b820..8668738 100644 --- a/hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/KeyStoreTestUtil.java +++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/http/ssl/KeyStoreTestUtil.java @@ -26,38 +26,32 @@ import java.io.Writer; import java.math.BigInteger; import java.net.URL; import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; import java.security.Key; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.KeyStore; import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; +import java.security.NoSuchProviderException; import java.security.SecureRandom; +import java.security.SignatureException; import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.Date; import java.util.HashMap; import java.util.Map; +import javax.security.auth.x500.X500Principal; + import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory; import org.apache.hadoop.security.ssl.SSLFactory; - -import sun.security.x509.AlgorithmId; -import sun.security.x509.CertificateAlgorithmId; -import sun.security.x509.CertificateIssuerName; -import sun.security.x509.CertificateSerialNumber; -import sun.security.x509.CertificateSubjectName; -import sun.security.x509.CertificateValidity; -import sun.security.x509.CertificateVersion; -import sun.security.x509.CertificateX509Key; -import sun.security.x509.X500Name; -import sun.security.x509.X509CertImpl; -import sun.security.x509.X509CertInfo; +import org.bouncycastle.x509.X509V1CertificateGenerator; public class KeyStoreTestUtil { - public static String getClasspathDir(Class klass) throws Exception { + public static String getClasspathDir(Class<?> klass) throws Exception { String file = klass.getName(); file = file.replace('.', '/') + ".class"; URL url = Thread.currentThread().getContextClassLoader().getResource(file); @@ -68,48 +62,31 @@ public class KeyStoreTestUtil { /** * Create a self-signed X.509 Certificate. - * From http://bfo.com/blog/2011/03/08/odds_and_ends_creating_a_new_x_509_certificate.html. * * @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB" * @param pair the KeyPair * @param days how many days from now the Certificate is valid for * @param algorithm the signing algorithm, eg "SHA1withRSA" * @return the self-signed certificate - * @throws IOException thrown if an IO error ocurred. - * @throws GeneralSecurityException thrown if an Security error ocurred. */ - public static X509Certificate generateCertificate(String dn, KeyPair pair, - int days, String algorithm) - throws GeneralSecurityException, IOException { - PrivateKey privkey = pair.getPrivate(); - X509CertInfo info = new X509CertInfo(); + public static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm) + throws CertificateEncodingException, InvalidKeyException, IllegalStateException, + NoSuchProviderException, NoSuchAlgorithmException, SignatureException { Date from = new Date(); Date to = new Date(from.getTime() + days * 86400000l); - CertificateValidity interval = new CertificateValidity(from, to); BigInteger sn = new BigInteger(64, new SecureRandom()); - X500Name owner = new X500Name(dn); - - info.set(X509CertInfo.VALIDITY, interval); - info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn)); - info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner)); - info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner)); - info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic())); - info - .set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); - AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid); - info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo)); - - // Sign the cert to identify the algorithm that's used. - X509CertImpl cert = new X509CertImpl(info); - cert.sign(privkey, algorithm); - - // Update the algorith, and resign. - algo = (AlgorithmId) cert.get(X509CertImpl.SIG_ALG); - info - .set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, - algo); - cert = new X509CertImpl(info); - cert.sign(privkey, algorithm); + KeyPair keyPair = pair; + X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); + X500Principal dnName = new X500Principal(dn); + + certGen.setSerialNumber(sn); + certGen.setIssuerDN(dnName); + certGen.setNotBefore(from); + certGen.setNotAfter(to); + certGen.setSubjectDN(dnName); + certGen.setPublicKey(keyPair.getPublic()); + certGen.setSignatureAlgorithm(algorithm); + X509Certificate cert = certGen.generate(pair.getPrivate()); return cert; } http://git-wip-us.apache.org/repos/asf/hbase/blob/2da1bf10/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index ce49c04..d188137 100644 --- a/pom.xml +++ b/pom.xml @@ -1174,6 +1174,7 @@ <joni.version>2.1.2</joni.version> <jcodings.version>1.0.8</jcodings.version> <spy.version>2.11.6</spy.version> + <bouncycastle.version>1.46</bouncycastle.version> <!-- Plugin Dependencies --> <maven.assembly.version>2.4</maven.assembly.version> <maven.antrun.version>1.6</maven.antrun.version> @@ -1695,6 +1696,12 @@ </exclusion> </exclusions> </dependency> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk16</artifactId> + <version>${bouncycastle.version}</version> + <scope>test</scope> + </dependency> </dependencies> </dependencyManagement> <!-- Dependencies needed by subprojects -->
