SLIDER-263 AM no longer persists keystore password
Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/1a071e31 Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/1a071e31 Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/1a071e31 Branch: refs/heads/feature/SLIDER-531-registry-enhancements Commit: 1a071e31dd2f2c4486bcbdfe2f02065efe636545 Parents: d03bf28 Author: Jon Maron <jma...@hortonworks.com> Authored: Thu Oct 30 21:13:37 2014 -0400 Committer: Jon Maron <jma...@hortonworks.com> Committed: Thu Oct 30 21:13:37 2014 -0400 ---------------------------------------------------------------------- .../org/apache/slider/common/SliderKeys.java | 1 - .../server/appmaster/SliderAppMaster.java | 11 +++--- .../services/security/CertificateManager.java | 4 +-- .../server/services/security/SecurityUtils.java | 35 ++++++++++++-------- .../agent/TestAgentAMManagementWS.groovy | 16 ++++++--- .../web/rest/agent/TestAMAgentWebServices.java | 6 ++-- 6 files changed, 42 insertions(+), 31 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/1a071e31/slider-core/src/main/java/org/apache/slider/common/SliderKeys.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/common/SliderKeys.java b/slider-core/src/main/java/org/apache/slider/common/SliderKeys.java index 89cc263..f11d200 100644 --- a/slider-core/src/main/java/org/apache/slider/common/SliderKeys.java +++ b/slider-core/src/main/java/org/apache/slider/common/SliderKeys.java @@ -174,7 +174,6 @@ public interface SliderKeys extends SliderXmlConfKeys { String KEY_FILE_NAME = "ca.key"; String KEYSTORE_FILE_NAME = "keystore.p12"; String CRT_PASS_FILE_NAME = "pass.txt"; - String PASSPHRASE = "DEV"; String PASS_LEN = "50"; /** http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/1a071e31/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java b/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java index efa1b09..39a2572 100644 --- a/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java +++ b/slider-core/src/main/java/org/apache/slider/server/appmaster/SliderAppMaster.java @@ -687,14 +687,13 @@ public class SliderAppMaster extends AbstractSliderLaunchedService // Start up the WebApp and track the URL for it certificateManager = new CertificateManager(); - certificateManager.initialize( - instanceDefinition.getAppConfOperations() - .getComponent(SliderKeys.COMPONENT_AM)); + MapOperations component = instanceDefinition.getAppConfOperations() + .getComponent(SliderKeys.COMPONENT_AM); + certificateManager.initialize(component); certificateManager.setPassphrase(instanceDefinition.getPassphrase()); - if (instanceDefinition. - getAppConfOperations().getComponent(SliderKeys.COMPONENT_AM). - getOptionBool(AgentKeys.KEY_AGENT_TWO_WAY_SSL_ENABLED, false)) { + if (component.getOptionBool( + AgentKeys.KEY_AGENT_TWO_WAY_SSL_ENABLED, false)) { uploadServerCertForLocalization(clustername, fs); } http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/1a071e31/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java b/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java index 3771962..257f8f9 100644 --- a/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java +++ b/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java @@ -61,8 +61,8 @@ public class CertificateManager { private String passphrase; /** - * Verify that root certificate exists, generate it otherwise. - */ + * Verify that root certificate exists, generate it otherwise. + */ public void initialize(MapOperations compOperations) { SecurityUtils.initializeSecurityParameters(compOperations); http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/1a071e31/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java b/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java index c7ad8dd..527d4e6 100644 --- a/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java +++ b/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java @@ -140,6 +140,11 @@ public class SecurityUtils { } public static void initializeSecurityParameters(MapOperations configMap) { + initializeSecurityParameters(configMap, false); + } + + public static void initializeSecurityParameters(MapOperations configMap, + boolean persistPassword) { String keyStoreLocation = configMap.getOption( SliderXmlConfKeys.KEY_KEYSTORE_LOCATION, getDefaultKeystoreLocation()); File secDirFile = new File(keyStoreLocation).getParentFile(); @@ -167,26 +172,28 @@ public class SecurityUtils { } // need to create the password } - keystorePass = getKeystorePassword(secDirFile); + keystorePass = getKeystorePassword(secDirFile, persistPassword); securityDir = secDirFile.getAbsolutePath(); } - private static String getKeystorePassword(File secDirFile) { + private static String getKeystorePassword(File secDirFile, + boolean persistPassword) { File passFile = new File(secDirFile, SliderKeys.CRT_PASS_FILE_NAME); String password = null; - if (!passFile.exists()) { - LOG.info("Generation of file with password"); - try { - password = RandomStringUtils.randomAlphanumeric( - Integer.valueOf(SliderKeys.PASS_LEN)); - FileUtils.writeStringToFile(passFile, password); - passFile.setWritable(true); - passFile.setReadable(true); - } catch (IOException e) { - e.printStackTrace(); - throw new RuntimeException( - "Error creating certificate password file"); + LOG.info("Generating keystore password"); + password = RandomStringUtils.randomAlphanumeric( + Integer.valueOf(SliderKeys.PASS_LEN)); + if (persistPassword) { + try { + FileUtils.writeStringToFile(passFile, password); + passFile.setWritable(true); + passFile.setReadable(true); + } catch (IOException e) { + e.printStackTrace(); + throw new RuntimeException( + "Error creating certificate password file"); + } } } else { LOG.info("Reading password from existing file"); http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/1a071e31/slider-core/src/test/groovy/org/apache/slider/providers/agent/TestAgentAMManagementWS.groovy ---------------------------------------------------------------------- diff --git a/slider-core/src/test/groovy/org/apache/slider/providers/agent/TestAgentAMManagementWS.groovy b/slider-core/src/test/groovy/org/apache/slider/providers/agent/TestAgentAMManagementWS.groovy index a6c351d..7434c4e 100644 --- a/slider-core/src/test/groovy/org/apache/slider/providers/agent/TestAgentAMManagementWS.groovy +++ b/slider-core/src/test/groovy/org/apache/slider/providers/agent/TestAgentAMManagementWS.groovy @@ -23,6 +23,7 @@ import com.sun.jersey.api.client.WebResource import groovy.transform.CompileStatic import groovy.util.logging.Slf4j import org.apache.hadoop.fs.Path +import org.apache.hadoop.yarn.conf.YarnConfiguration import org.apache.hadoop.yarn.exceptions.YarnException import org.apache.slider.api.StatusKeys import org.apache.slider.client.SliderClient @@ -57,6 +58,7 @@ import static org.apache.slider.providers.agent.AgentTestUtils.createTestClient @CompileStatic @Slf4j class TestAgentAMManagementWS extends AgentTestBase { + private static String password; public static final String AGENT_URI = "ws/v1/slider/agents/"; final static Logger logger = LoggerFactory.getLogger(TestAgentAMManagementWS.class) @@ -91,11 +93,11 @@ class TestAgentAMManagementWS extends AgentTestBase { super.setup() MapOperations compOperations = new MapOperations(); compOperations.put(SliderXmlConfKeys.KEY_KEYSTORE_LOCATION, "/tmp/work/security/keystore.p12"); - SecurityUtils.initializeSecurityParameters(compOperations); + SecurityUtils.initializeSecurityParameters(compOperations, true); CertificateManager certificateManager = new CertificateManager(); certificateManager.initialize(compOperations); String keystoreFile = SecurityUtils.getSecurityDir() + File.separator + SliderKeys.KEYSTORE_FILE_NAME; - String password = SecurityUtils.getKeystorePass(); + password = SecurityUtils.getKeystorePass(); System.setProperty("javax.net.ssl.trustStore", keystoreFile); System.setProperty("javax.net.ssl.trustStorePassword", password); System.setProperty("javax.net.ssl.trustStoreType", "PKCS12"); @@ -184,9 +186,11 @@ class TestAgentAMManagementWS extends AgentTestBase { InstanceBuilder builder) throws IOException, SliderException, LockAcquireFailedException { AggregateConf conf = builder.getInstanceDescription() - conf.getAppConfOperations().getComponent("slider-appmaster").put( + MapOperations component = conf.getAppConfOperations().getComponent("slider-appmaster") + component.put( "ssl.server.keystore.location", "/tmp/work/security/keystore.p12") + component.put("ssl.server.keystore.password", password) super.persistInstanceDefinition(overwrite, appconfdir, builder) } @@ -196,10 +200,12 @@ class TestAgentAMManagementWS extends AgentTestBase { AggregateConf instanceDefinition, boolean debugAM) throws YarnException, IOException { - instanceDefinition.getAppConfOperations().getComponent("slider-appmaster").put( + MapOperations component = instanceDefinition.getAppConfOperations().getComponent("slider-appmaster") + component.put( "ssl.server.keystore.location", "/tmp/work/security/keystore.p12") - return super.launchApplication(clustername, clusterDirectory, instanceDefinition, debugAM) + component.put("ssl.server.keystore.password", password) + return super.launchApplication(clustername, clusterDirectory, instanceDefinition, debugAM) } } http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/1a071e31/slider-core/src/test/java/org/apache/slider/server/appmaster/web/rest/agent/TestAMAgentWebServices.java ---------------------------------------------------------------------- diff --git a/slider-core/src/test/java/org/apache/slider/server/appmaster/web/rest/agent/TestAMAgentWebServices.java b/slider-core/src/test/java/org/apache/slider/server/appmaster/web/rest/agent/TestAMAgentWebServices.java index daa47fa..faec5d8 100644 --- a/slider-core/src/test/java/org/apache/slider/server/appmaster/web/rest/agent/TestAMAgentWebServices.java +++ b/slider-core/src/test/java/org/apache/slider/server/appmaster/web/rest/agent/TestAMAgentWebServices.java @@ -80,10 +80,10 @@ public class TestAMAgentWebServices { } }); - SecurityUtils.initializeSecurityParameters(new MapOperations()); - MapOperations compOperations = new MapOperations(); + MapOperations configMap = new MapOperations(); + SecurityUtils.initializeSecurityParameters(configMap, true); CertificateManager certificateManager = new CertificateManager(); - certificateManager.initialize(compOperations); + certificateManager.initialize(configMap); String keystoreFile = SecurityUtils.getSecurityDir() + File.separator + SliderKeys.KEYSTORE_FILE_NAME; String password = SecurityUtils.getKeystorePass(); System.setProperty("javax.net.ssl.trustStore", keystoreFile);