[44/50] [abbrv] hadoop git commit: HDDS-778. Add an interface for CA and Clients for Certificate operations Contributed by Anu Engineer.
HDDS-778. Add an interface for CA and Clients for Certificate operations
Contributed by Anu Engineer.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/b94abf72
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/b94abf72
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/b94abf72
Branch: refs/heads/HDDS-4
Commit: b94abf720b61aebadeec139adfa6ed9fd2a94100
Parents: 95e9f9a
Author: Anu Engineer
Authored: Thu Nov 8 09:54:27 2018 -0800
Committer: Xiaoyu Yao
Committed: Tue Dec 4 08:03:16 2018 -0800
--
.../authority/CertificateServer.java| 99
.../certificate/authority/package-info.java | 22 +++
.../certificate/client/CertificateClient.java | 159 +++
.../x509/certificate/client/package-info.java | 22 +++
4 files changed, 302 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/hadoop/blob/b94abf72/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/CertificateServer.java
--
diff --git
a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/CertificateServer.java
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/CertificateServer.java
new file mode 100644
index 000..9332e5b
--- /dev/null
+++
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/CertificateServer.java
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.hadoop.hdds.security.x509.certificate.authority;
+
+import
org.apache.hadoop.hdds.security.x509.certificates.CertificateSignRequest;
+import org.apache.hadoop.hdds.security.x509.exceptions.SCMSecurityException;
+import org.apache.hadoop.hdds.security.x509.SecurityConfig;
+import org.bouncycastle.cert.X509CertificateHolder;
+
+import java.security.cert.X509Certificate;
+import java.util.concurrent.Future;
+
+/**
+ * Interface for Certificate Authority. This can be extended to talk to
external
+ * CAs later or HSMs later.
+ */
+public interface CertificateServer {
+ /**
+ * Initialize the Certificate Authority.
+ *
+ * @param securityConfig - Security Configuration.
+ * @param type - The Type of CertificateServer we are creating, we make this
+ * explicit so that when we read code it is visible to the users.
+ * @throws SCMSecurityException - Throws if the init fails.
+ */
+ void init(SecurityConfig securityConfig, CAType type)
+ throws SCMSecurityException;
+
+ /**
+ * Returns the CA Certificate for this CA.
+ *
+ * @return X509CertificateHolder - Certificate for this CA.
+ * @throws SCMSecurityException -- usually thrown if this CA is not
+ * initialized.
+ */
+ X509CertificateHolder getCACertificate()
+ throws SCMSecurityException;
+
+ /**
+ * Request a Certificate based on Certificate Signing Request.
+ *
+ * @param csr - Certificate Signing Request.
+ * @return A future that will have this certificate when this request is
+ * approved.
+ * @throws SCMSecurityException - on Error.
+ */
+ Future requestCertificate(CertificateSignRequest csr,
+ CertificateApprover approver) throws SCMSecurityException;
+
+ /**
+ * Revokes a Certificate issued by this CertificateServer.
+ *
+ * @param certificate - Certificate to revoke
+ * @param approver - Approval process to follow.
+ * @return Future that tells us what happened.
+ * @throws SCMSecurityException - on Error.
+ */
+ Future revokeCertificate(X509Certificate certificate,
+ CertificateApprover approver) throws SCMSecurityException;
+
+ /**
+ * TODO : CRL, OCSP etc. Later. This is the start of a CertificateServer
+ * framework.
+ */
+
+ /**
+ * Approval Types for a certificate request.
+ */
+ enum CertificateApprover {
+KERBEROS_TRUSTED, /* The Request came from a DN using Kerberos Identity*/
+MANUAL, /* Wait f
[44/50] [abbrv] hadoop git commit: HDDS-778. Add an interface for CA and Clients for Certificate operations Contributed by Anu Engineer.
HDDS-778. Add an interface for CA and Clients for Certificate operations
Contributed by Anu Engineer.
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/4770e9de
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/4770e9de
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/4770e9de
Branch: refs/heads/HDDS-4
Commit: 4770e9dea8199753962c6517bff96fd39fbfd826
Parents: 8bbc95e
Author: Anu Engineer
Authored: Thu Nov 8 09:54:27 2018 -0800
Committer: Xiaoyu Yao
Committed: Thu Nov 29 11:57:47 2018 -0800
--
.../authority/CertificateServer.java| 99
.../certificate/authority/package-info.java | 22 +++
.../certificate/client/CertificateClient.java | 159 +++
.../x509/certificate/client/package-info.java | 22 +++
4 files changed, 302 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/hadoop/blob/4770e9de/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/CertificateServer.java
--
diff --git
a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/CertificateServer.java
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/CertificateServer.java
new file mode 100644
index 000..9332e5b
--- /dev/null
+++
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/authority/CertificateServer.java
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.hadoop.hdds.security.x509.certificate.authority;
+
+import
org.apache.hadoop.hdds.security.x509.certificates.CertificateSignRequest;
+import org.apache.hadoop.hdds.security.x509.exceptions.SCMSecurityException;
+import org.apache.hadoop.hdds.security.x509.SecurityConfig;
+import org.bouncycastle.cert.X509CertificateHolder;
+
+import java.security.cert.X509Certificate;
+import java.util.concurrent.Future;
+
+/**
+ * Interface for Certificate Authority. This can be extended to talk to
external
+ * CAs later or HSMs later.
+ */
+public interface CertificateServer {
+ /**
+ * Initialize the Certificate Authority.
+ *
+ * @param securityConfig - Security Configuration.
+ * @param type - The Type of CertificateServer we are creating, we make this
+ * explicit so that when we read code it is visible to the users.
+ * @throws SCMSecurityException - Throws if the init fails.
+ */
+ void init(SecurityConfig securityConfig, CAType type)
+ throws SCMSecurityException;
+
+ /**
+ * Returns the CA Certificate for this CA.
+ *
+ * @return X509CertificateHolder - Certificate for this CA.
+ * @throws SCMSecurityException -- usually thrown if this CA is not
+ * initialized.
+ */
+ X509CertificateHolder getCACertificate()
+ throws SCMSecurityException;
+
+ /**
+ * Request a Certificate based on Certificate Signing Request.
+ *
+ * @param csr - Certificate Signing Request.
+ * @return A future that will have this certificate when this request is
+ * approved.
+ * @throws SCMSecurityException - on Error.
+ */
+ Future requestCertificate(CertificateSignRequest csr,
+ CertificateApprover approver) throws SCMSecurityException;
+
+ /**
+ * Revokes a Certificate issued by this CertificateServer.
+ *
+ * @param certificate - Certificate to revoke
+ * @param approver - Approval process to follow.
+ * @return Future that tells us what happened.
+ * @throws SCMSecurityException - on Error.
+ */
+ Future revokeCertificate(X509Certificate certificate,
+ CertificateApprover approver) throws SCMSecurityException;
+
+ /**
+ * TODO : CRL, OCSP etc. Later. This is the start of a CertificateServer
+ * framework.
+ */
+
+ /**
+ * Approval Types for a certificate request.
+ */
+ enum CertificateApprover {
+KERBEROS_TRUSTED, /* The Request came from a DN using Kerberos Identity*/
+MANUAL, /* Wait
