github/sqoop
5
0
Fork 0
mirror of https://github.com/apache/sqoop.git synced 2025-05-04 12:40:34 +08:00
Code Issues Projects Releases Wiki Activity

SQOOP-2852: Sqoop2: Revert and re-commit SQOOP-2843: Sqoop2: Enable SSL/TLS for API calls

Browse Source 
* Revert "SQOOP-2843: Sqoop2: Enable SSL/TLS for API calls"
* This reverts commit 96f3d9c195.
This commit is contained in:
Jarek Jarcec Cecho 2016-02-26 09:36:13 -08:00
parent 96f3d9c195
commit 5fd80fd5b6
24 changed files with 283 additions and 697 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
core/src/main/java/org/apache/sqoop/security/SecurityConstants.java
View File

@ -36,13 +36,6 @@ public final class SecurityConstants {
public static final String PREFIX_AUTHENTICATION_CONFIG =
PREFIX_SECURITY_CONFIG + "authentication.";
/**
* All tls related configuration is prefixed with this:
* <tt>org.apache.sqoop.security.tls.</tt>
*/
public static final String PREFIX_TLS_CONFIG =
PREFIX_SECURITY_CONFIG + "tls.";
/**
* The config specifies the sqoop authentication type (SIMPLE, KERBEROS).
* The default type is SIMPLE
@ -164,42 +157,6 @@ public final class SecurityConstants {
public static final String SERVER_NAME =
PREFIX_AUTHORIZATION_CONFIG + "server_name";
/**
* The config specifies the whether the http server should use TLS.
* <tt>org.apache.sqoop.security.tls.enabled</tt>.
*/
public static final String TLS_ENABLED =
PREFIX_TLS_CONFIG + "enabled";
/**
* The config specifies the tls protocol version
* <tt>org.apache.sqoop.security.tls.protocol</tt>.
*/
public static final String TLS_PROTOCOL =
PREFIX_TLS_CONFIG + "protocol";
/**
* The config specifies the location of the JKS formatted keystore
* <tt>org.apache.sqoop.security.tls.keystore</tt>.
*/
public static final String KEYSTORE_LOCATION =
PREFIX_TLS_CONFIG + "keystore";
/**
* The config specifies the password of the JKS formatted keystore
* <tt>org.apache.sqoop.security.tls.keystorepassword</tt>.
*/
public static final String KEYSTORE_PASSWORD =
PREFIX_TLS_CONFIG + "keystore_password";
/**
* The config specifies the password for the private key in the JKS formatted
* keystore
* <tt>org.apache.sqoop.security.tls.keymanagerpassword</tt>.
*/
public static final String KEYMANAGER_PASSWORD =
PREFIX_TLS_CONFIG + "keymanager_password";
/**
* The config specifies the token kind in delegation token.
*/

9
dist/src/main/conf/sqoop.properties vendored
View File

@ -180,15 +180,6 @@ org.apache.sqoop.execution.engine=org.apache.sqoop.execution.mapreduce.Mapreduce
#org.apache.sqoop.security.authorization.authentication_provider=org.apache.sqoop.security.authorization.DefaultAuthenticationProvider
#org.apache.sqoop.security.authorization.server_name=SqoopServer1
#
# SSL/TLS configuration
#
#org.apache.sqoop.security.tls.enabled=false
#org.apache.sqoop.security.tls.protocol="TLSv1.2"
#org.apache.sqoop.security.tls.keystore=
#org.apache.sqoop.security.tls.keystore_password=
# External connectors load path
# "/path/to/external/connectors/": Add all the connector JARs in the specified folder
#

2
docs/src/main/java/org/apache/sqoop/docs/generator/DocPreprocessor.java
View File

@ -20,7 +20,6 @@
import org.apache.log4j.Logger;
import org.apache.sqoop.docs.generator.plugins.AbstractPlugin;
import org.apache.sqoop.docs.generator.plugins.CopySourceToDestination;
import org.apache.sqoop.docs.generator.plugins.GenerateConnectorPages;
import org.apache.sqoop.utils.ClassUtils;
import java.util.LinkedList;
@ -37,7 +36,6 @@ public class DocPreprocessor {
static {
plugins = new LinkedList<>();
plugins.add(CopySourceToDestination.class);
plugins.add(GenerateConnectorPages.class);
}
public static void main(String []args) {

65
docs/src/main/java/org/apache/sqoop/docs/generator/plugins/GenerateConnectorPages.java
View File

@ -1,65 +0,0 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.sqoop.docs.generator.plugins;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.sqoop.connector.ConnectorHandler;
import org.apache.sqoop.connector.ConnectorManagerUtils;
import org.apache.sqoop.connector.spi.SqoopConnector;
import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URL;
import java.util.Collections;
import java.util.List;
public class GenerateConnectorPages extends AbstractPlugin {
private static final Logger LOG = Logger.getLogger(GenerateConnectorPages.class);
@Override
public void run() {
try {
runWithException();
} catch (IOException e) {
throw new RuntimeException("Can't generate connector documentation", e);
}
}
public void runWithException() throws IOException {
List<URL> connectorUrls = ConnectorManagerUtils.getConnectorConfigs(Collections.<String>emptySet());
for (URL url : connectorUrls) {
SqoopConnector connector = new ConnectorHandler(url).getSqoopConnector();
LOG.info("Loaded " + connector.getConnectorName() + " from " + url.toString());
String connectorName = connector.getConnectorName();
File outputFile = FileUtils.getFile(getDestination(), "user", "connectors", connectorName + ".rst");
PrintWriter writer = new PrintWriter(outputFile);
// Writing headline
writer.println(connectorName);
writer.println(StringUtils.repeat("=", connectorName.length()));
writer.close();
}
}
}

49
server/src/main/java/org/apache/sqoop/server/SqoopJettyServer.java
View File

@ -19,21 +19,12 @@
package org.apache.sqoop.server;
import org.apache.log4j.Logger;
import org.apache.sqoop.common.MapContext;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.core.SqoopConfiguration;
import org.apache.sqoop.core.SqoopServer;
import org.apache.sqoop.filter.SqoopAuthenticationFilter;
import org.apache.sqoop.security.SecurityConstants;
import org.apache.sqoop.server.common.ServerError;
import org.apache.sqoop.server.v1.*;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.ExecutorThreadPool;
import org.eclipse.jetty.server.ServerConnector;
@ -67,45 +58,7 @@ public SqoopJettyServer() {
webServer = new Server(threadPool);
// Connector configs
ServerConnector connector;
MapContext configurationContext = SqoopConfiguration.getInstance().getContext();
if (configurationContext.getBoolean(SecurityConstants.TLS_ENABLED, false)) {
String keyStorePath = configurationContext.getString(SecurityConstants.KEYSTORE_LOCATION);
if (keyStorePath == null) {
throw new SqoopException(ServerError.SERVER_0007);
}
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(keyStorePath);
String protocol = configurationContext.getString(SecurityConstants.TLS_PROTOCOL);
if (protocol != null && protocol.length() > 0) {
sslContextFactory.setProtocol(protocol.trim());
}
String keyStorePassword = configurationContext.getString(SecurityConstants.KEYSTORE_PASSWORD);
if (keyStorePassword != null && keyStorePassword.length() > 0) {
sslContextFactory.setKeyStorePassword(keyStorePassword);
}
String keyManagerPassword = configurationContext.getString(SecurityConstants.KEYMANAGER_PASSWORD);
if (keyManagerPassword != null && keyManagerPassword.length() > 0) {
sslContextFactory.setKeyManagerPassword(keyManagerPassword);
}
HttpConfiguration https = new HttpConfiguration();
https.addCustomizer(new SecureRequestCustomizer());
connector = new ServerConnector(webServer,
new SslConnectionFactory(sslContextFactory, "http/1.1"),
new HttpConnectionFactory(https));
} else {
connector = new ServerConnector(webServer);
}
ServerConnector connector = new ServerConnector(webServer);
connector.setPort(sqoopJettyContext.getPort());
webServer.addConnector(connector);
webServer.setHandler(createServletContextHandler());

3
server/src/main/java/org/apache/sqoop/server/common/ServerError.java
View File

@ -38,9 +38,6 @@ public enum ServerError implements ErrorCode {
/** Entity requested doesn't exist*/
SERVER_0006("Entity requested doesn't exist"),
/** TLS enabled but keystore location not set*/
SERVER_0007("TLS enabled but keystore location not set"),
;
private final String message;

13
shell/src/main/java/org/apache/sqoop/shell/ShellEnvironment.java
View File

@ -21,14 +21,12 @@
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.shell.core.ShellError;
import org.apache.sqoop.shell.core.Constants;
import org.apache.sqoop.shell.utils.TableDisplayer;
import org.codehaus.groovy.tools.shell.IO;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.text.MessageFormat;
import java.util.List;
import java.util.Locale;
import java.util.ResourceBundle;
@ -59,13 +57,6 @@ private ShellEnvironment() {
private static boolean interactive = false;
private static long pollTimeout = DEFAULT_POLL_TIMEOUT;
private static TableDisplayer tableDisplayer = new TableDisplayer(new TableDisplayer.TableDisplayerWriter() {
@Override
public void append(String text) {
print(text);
}
});
static ResourceBundle resource = ResourceBundle.getBundle(Constants.RESOURCE_NAME, Locale.getDefault());
static SqoopClient client = new SqoopClient(getServerUrl());
static IO io;
@ -235,10 +226,6 @@ public static void print(String format, Object... args) {
io.out.printf(format, args);
}
public static void displayTable(List<String> headers, List<String> ...columns) {
tableDisplayer.display(headers, columns);
}
// for tests only
public static void cleanup() {
serverHost = DEFAULT_SERVER_HOST;

3
shell/src/main/java/org/apache/sqoop/shell/ShowConnectorFunction.java
View File

@ -27,6 +27,7 @@
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.model.MConnector;
import org.apache.sqoop.shell.core.Constants;
import org.apache.sqoop.shell.utils.TableDisplayer;
import org.apache.sqoop.validation.Status;
import static org.apache.sqoop.shell.ShellEnvironment.*;
@ -82,7 +83,7 @@ private void showSummary() {
supportedDirections.add(connector.getSupportedDirections().toString());
}
displayTable(header, uniqueNames, versions, classes, supportedDirections);
TableDisplayer.display(header, uniqueNames, versions, classes, supportedDirections);
}
private void showConnectors() {

6
shell/src/main/java/org/apache/sqoop/shell/ShowJobFunction.java
View File

@ -19,8 +19,12 @@
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.OptionBuilder;
import org.apache.sqoop.common.Direction;
import org.apache.sqoop.model.MConnector;
import org.apache.sqoop.model.MJob;
import org.apache.sqoop.model.MLink;
import org.apache.sqoop.shell.core.Constants;
import org.apache.sqoop.shell.utils.TableDisplayer;
import org.apache.sqoop.validation.Status;
import java.text.DateFormat;
@ -93,7 +97,7 @@ private void showSummary() {
availabilities.add(String.valueOf(job.getEnabled()));
}
displayTable(header, ids, names, fromConnectors, toConnectors, availabilities);
TableDisplayer.display(header, ids, names, fromConnectors, toConnectors, availabilities);
}
private void showJobs(String jArg) {

8
shell/src/main/java/org/apache/sqoop/shell/ShowLinkFunction.java
View File

@ -19,13 +19,19 @@
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.OptionBuilder;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.model.MConnector;
import org.apache.sqoop.model.MLink;
import org.apache.sqoop.shell.core.Constants;
import org.apache.sqoop.shell.utils.TableDisplayer;
import org.apache.sqoop.validation.Status;
import java.text.DateFormat;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import static org.apache.sqoop.shell.ShellEnvironment.*;
import static org.apache.sqoop.shell.utils.ConfigDisplayer.*;
@ -80,7 +86,7 @@ private void showSummary() {
availabilities.add(String.valueOf(link.getEnabled()));
}
displayTable(header, names, connectorNames, availabilities);
TableDisplayer.display(header, names, connectorNames, availabilities);
}
private void showLinks() {

4
shell/src/main/java/org/apache/sqoop/shell/ShowPrincipalFunction.java
View File

@ -22,13 +22,13 @@
import org.apache.sqoop.model.MPrincipal;
import org.apache.sqoop.model.MRole;
import org.apache.sqoop.shell.core.Constants;
import org.apache.sqoop.shell.utils.TableDisplayer;
import org.apache.sqoop.validation.Status;
import java.util.LinkedList;
import java.util.List;
import static org.apache.sqoop.shell.ShellEnvironment.client;
import static org.apache.sqoop.shell.ShellEnvironment.displayTable;
import static org.apache.sqoop.shell.ShellEnvironment.resourceString;
@SuppressWarnings("serial")
@ -70,6 +70,6 @@ private void showPrincipals(MRole role) {
types.add(principal.getType());
}
displayTable(header, names, types);
TableDisplayer.display(header, names, types);
}
}

4
shell/src/main/java/org/apache/sqoop/shell/ShowPrivilegeFunction.java
View File

@ -25,13 +25,13 @@
import org.apache.sqoop.model.MResource;
import org.apache.sqoop.shell.core.Constants;
import org.apache.sqoop.shell.core.ShellError;
import org.apache.sqoop.shell.utils.TableDisplayer;
import org.apache.sqoop.validation.Status;
import java.util.LinkedList;
import java.util.List;
import static org.apache.sqoop.shell.ShellEnvironment.client;
import static org.apache.sqoop.shell.ShellEnvironment.displayTable;
import static org.apache.sqoop.shell.ShellEnvironment.resourceString;
@SuppressWarnings("serial")
@ -108,6 +108,6 @@ private void showPrivileges(MPrincipal principal, MResource resource) {
withGrant.add(Boolean.toString(privilege.isWith_grant_option()));
}
displayTable(header, actions, resourceNames, resourceTypes, withGrant);
TableDisplayer.display(header, actions, resourceNames, resourceTypes, withGrant);
}
}

4
shell/src/main/java/org/apache/sqoop/shell/ShowRoleFunction.java
View File

@ -24,13 +24,13 @@
import org.apache.sqoop.model.MRole;
import org.apache.sqoop.shell.core.Constants;
import org.apache.sqoop.shell.core.ShellError;
import org.apache.sqoop.shell.utils.TableDisplayer;
import org.apache.sqoop.validation.Status;
import java.util.LinkedList;
import java.util.List;
import static org.apache.sqoop.shell.ShellEnvironment.client;
import static org.apache.sqoop.shell.ShellEnvironment.displayTable;
import static org.apache.sqoop.shell.ShellEnvironment.resourceString;
@SuppressWarnings("serial")
@ -83,6 +83,6 @@ private void showRoles(MPrincipal principal) {
names.add(role.getName());
}
displayTable(header, names);
TableDisplayer.display(header, names);
}
}

3
shell/src/main/java/org/apache/sqoop/shell/ShowSubmissionFunction.java
View File

@ -25,6 +25,7 @@
import org.apache.sqoop.model.MSubmission;
import org.apache.sqoop.shell.core.Constants;
import org.apache.sqoop.shell.utils.SubmissionDisplayer;
import org.apache.sqoop.shell.utils.TableDisplayer;
import org.apache.sqoop.validation.Status;
import static org.apache.sqoop.shell.ShellEnvironment.*;
@ -90,7 +91,7 @@ private void showSummary(String jArg) {
dates.add(submission.getLastUpdateDate().toString());
}
displayTable(header, jnames, eids, status, dates);
TableDisplayer.display(header, jnames, eids, status, dates);
}
private void showSubmissions(String jArg) {

41
shell/src/main/java/org/apache/sqoop/shell/utils/TableDisplayer.java
View File

@ -22,43 +22,23 @@
import java.util.LinkedList;
import java.util.List;
import static org.apache.sqoop.shell.ShellEnvironment.*;
/**
* Display table based data
*/
public class TableDisplayer {
/**
* Interface that this displayer will use to write out formatted text.
*/
public interface TableDisplayerWriter {
/**
* Print out addition formatted text to the output
*
* @param text
*/
void append(String text);
}
public TableDisplayer(TableDisplayerWriter writer) {
this.writer = writer;
}
/**
* Writer instance that we should use to write something out
*/
private TableDisplayerWriter writer;
/**
* Display given columns in nice table structure to given IO object.
*
* @param headers List of headers
* @param columns Array of columns
*/
public void display(List<String> headers, List<String> ...columns) {
public static void display(List<String> headers, List<String> ...columns) {
assert headers != null;
assert columns != null;
assert headers.size() == columns.length;
assert writer != null;
// Count of columns
int columnCount = headers.size();
@ -105,7 +85,7 @@ public void display(List<String> headers, List<String> ...columns) {
*
* @param widths List of widths of each column
*/
private void drawLine(List<Integer> widths) {
private static void drawLine(List<Integer> widths) {
int last = widths.size() - 1;
print("+-");
for(int i = 0; i < widths.size(); i++) {
@ -122,7 +102,7 @@ private void drawLine(List<Integer> widths) {
* @param column All column values
* @return Maximal
*/
private int getMaximalWidth(String header, List<String> column) {
private static int getMaximalWidth(String header, List<String> column) {
assert header != null;
assert column != null;
@ -143,7 +123,7 @@ private int getMaximalWidth(String header, List<String> column) {
* @param columns Array with all column values
* @return
*/
private int getMaximalRows(List<String>... columns) {
private static int getMaximalRows(List<String>... columns) {
int max = 0;
for(List<String> column : columns) {
@ -155,12 +135,7 @@ private int getMaximalRows(List<String>... columns) {
return max;
}
private void print(String text) {
writer.append(text);
private TableDisplayer() {
// Instantiation is prohibited
}
private void println() {
writer.append("\n");
}
}

6
test/pom.xml
View File

@ -274,17 +274,17 @@ limitations under the License.
</configuration>
</execution>
<execution>
<id>server-properties-test</id>
<id>connector-loading-test</id>
<goals>
<goal>test</goal>
</goals>
<phase>integration-test</phase>
<configuration>
<suiteXmlFiles>
<suiteXmlFile>src/test/resources/server-properties-tests-suite.xml</suiteXmlFile>
<suiteXmlFile>src/test/resources/connector-loading-tests-suite.xml</suiteXmlFile>
</suiteXmlFiles>
<properties>
<suitename>server-properties-tests</suitename>
<suitename>connector-loading-tests</suitename>
</properties>
</configuration>
</execution>

247
test/src/main/java/org/apache/sqoop/test/kdc/MiniKdcRunner.java
View File

@ -18,12 +18,31 @@
package org.apache.sqoop.test.kdc;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.lang.reflect.Constructor;
import java.math.BigInteger;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@ -34,16 +53,19 @@
import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.LoginContext;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.minikdc.MiniKdc;
import org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory;
import org.apache.hadoop.security.ssl.SSLFactory;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL;
import org.apache.sqoop.client.SqoopClient;
import org.apache.sqoop.model.MConnector;
import org.apache.sqoop.test.utils.HdfsUtils;
import org.apache.sqoop.test.utils.SecurityUtils;
import org.apache.sqoop.test.utils.SqoopUtils;
import org.bouncycastle.x509.X509V1CertificateGenerator;
/**
* Represents a Minikdc setup. Minikdc should be only used together with
@ -85,17 +107,17 @@ public Configuration prepareHadoopConfiguration(Configuration config) throws Exc
config.set("dfs.datanode.kerberos.principal", hadoopPrincipal);
config.set("dfs.datanode.keytab.file", hadoopKeytabFile);
String sslKeystoresDir = getTemporaryPath() + "/ssl-keystore";
String sslConfDir = SqoopUtils.getClasspathDir(MiniKdcRunner.class);
String sslConfDir = getClasspathDir(MiniKdcRunner.class);
FileUtils.deleteDirectory(new File(sslKeystoresDir));
FileUtils.forceMkdir(new File(sslKeystoresDir));
SecurityUtils.setupSSLConfig(sslKeystoresDir, sslConfDir, config, false, true);
config.set("dfs.https.server.keystore.resource", SecurityUtils.getSSLConfigFileName("ssl-server"));
setupSSLConfig(sslKeystoresDir, sslConfDir, config, false, true);
config.set("dfs.https.server.keystore.resource", getSSLConfigFileName("ssl-server"));
// Configurations used by both NameNode and DataNode
config.set("dfs.block.access.token.enable", "true");
config.set("dfs.http.policy", "HTTPS_ONLY");
// Configurations used by DFSClient
config.set("dfs.data.transfer.protection", "privacy");
config.set("dfs.client.https.keystore.resource", SecurityUtils.getSSLConfigFileName("ssl-client"));
config.set("dfs.client.https.keystore.resource", getSSLConfigFileName("ssl-client"));
// YARN related configurations
config.set("yarn.resourcemanager.principal", hadoopPrincipal);
@ -309,4 +331,219 @@ public T run() throws Exception {
}
}
}
@SuppressWarnings("rawtypes")
private static String getClasspathDir(Class klass) throws Exception {
String file = klass.getName();
file = file.replace('.', '/') + ".class";
URL url = Thread.currentThread().getContextClassLoader().getResource(file);
String baseDir = url.toURI().getPath();
baseDir = baseDir.substring(0, baseDir.length() - file.length() - 1);
return baseDir;
}
/**
* Performs complete setup of SSL configuration. This includes keys, certs,
* keystores, truststores, the server SSL configuration file,
* the client SSL configuration file.
*
* @param keystoresDir String directory to save keystores
* @param sslConfDir String directory to save SSL configuration files
* @param conf Configuration
* @param useClientCert boolean true to make the client present a cert in the
* SSL handshake
* @param trustStore boolean true to create truststore, false not to create it
*/
private void setupSSLConfig(String keystoresDir, String sslConfDir,
Configuration conf, boolean useClientCert, boolean trustStore)
throws Exception {
String clientKS = keystoresDir + "/clientKS.jks";
String clientPassword = "clientP";
String serverKS = keystoresDir + "/serverKS.jks";
String serverPassword = "serverP";
String trustKS = null;
String trustPassword = "trustP";
File sslClientConfFile = new File(sslConfDir, getSSLConfigFileName("ssl-client"));
File sslServerConfFile = new File(sslConfDir, getSSLConfigFileName("ssl-server"));
Map<String, X509Certificate> certs = new HashMap<String, X509Certificate>();
if (useClientCert) {
KeyPair cKP = generateKeyPair("RSA");
X509Certificate cCert = generateCertificate("CN=localhost, O=client", cKP, 30, "SHA1withRSA");
createKeyStore(clientKS, clientPassword, "client", cKP.getPrivate(), cCert);
certs.put("client", cCert);
}
KeyPair sKP = generateKeyPair("RSA");
X509Certificate sCert = generateCertificate("CN=localhost, O=server", sKP, 30, "SHA1withRSA");
createKeyStore(serverKS, serverPassword, "server", sKP.getPrivate(), sCert);
certs.put("server", sCert);
if (trustStore) {
trustKS = keystoresDir + "/trustKS.jks";
createTrustStore(trustKS, trustPassword, certs);
}
Configuration clientSSLConf = createSSLConfig(
SSLFactory.Mode.CLIENT, clientKS, clientPassword, clientPassword, trustKS);
Configuration serverSSLConf = createSSLConfig(
SSLFactory.Mode.SERVER, serverKS, serverPassword, serverPassword, trustKS);
saveConfig(sslClientConfFile, clientSSLConf);
saveConfig(sslServerConfFile, serverSSLConf);
conf.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, "ALLOW_ALL");
conf.set(SSLFactory.SSL_CLIENT_CONF_KEY, sslClientConfFile.getName());
conf.set(SSLFactory.SSL_SERVER_CONF_KEY, sslServerConfFile.getName());
conf.setBoolean(SSLFactory.SSL_REQUIRE_CLIENT_CERT_KEY, useClientCert);
}
/**
* Returns an SSL configuration file name. Under parallel test
* execution, this file name is parameterized by a unique ID to ensure that
* concurrent tests don't collide on an SSL configuration file.
*
* @param base the base of the file name
* @return SSL configuration file name for base
*/
private static String getSSLConfigFileName(String base) {
String testUniqueForkId = System.getProperty("test.unique.fork.id");
String fileSuffix = testUniqueForkId != null ? "-" + testUniqueForkId : "";
return base + fileSuffix + ".xml";
}
/**
* Creates SSL configuration.
*
* @param mode SSLFactory.Mode mode to configure
* @param keystore String keystore file
* @param password String store password, or null to avoid setting store
* password
* @param keyPassword String key password, or null to avoid setting key
* password
* @param trustKS String truststore file
* @return Configuration for SSL
*/
private static Configuration createSSLConfig(SSLFactory.Mode mode,
String keystore, String password, String keyPassword, String trustKS) {
String trustPassword = "trustP";
Configuration sslConf = new Configuration(false);
if (keystore != null) {
sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
FileBasedKeyStoresFactory.SSL_KEYSTORE_LOCATION_TPL_KEY), keystore);
}
if (password != null) {
sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY), password);
}
if (keyPassword != null) {
sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
FileBasedKeyStoresFactory.SSL_KEYSTORE_KEYPASSWORD_TPL_KEY),
keyPassword);
}
if (trustKS != null) {
sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
FileBasedKeyStoresFactory.SSL_TRUSTSTORE_LOCATION_TPL_KEY), trustKS);
}
sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
FileBasedKeyStoresFactory.SSL_TRUSTSTORE_PASSWORD_TPL_KEY),
trustPassword);
sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
FileBasedKeyStoresFactory.SSL_TRUSTSTORE_RELOAD_INTERVAL_TPL_KEY), "1000");
return sslConf;
}
private static KeyPair generateKeyPair(String algorithm)
throws NoSuchAlgorithmException {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm);
keyGen.initialize(1024);
return keyGen.genKeyPair();
}
/**
* Create a self-signed X.509 Certificate.
*
* @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
* @param pair the KeyPair
* @param days how many days from now the Certificate is valid for
* @param algorithm the signing algorithm, eg "SHA1withRSA"
* @return the self-signed certificate
*/
private static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm)
throws CertificateEncodingException,
InvalidKeyException,
IllegalStateException,
NoSuchProviderException, NoSuchAlgorithmException, SignatureException{
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000l);
BigInteger sn = new BigInteger(64, new SecureRandom());
KeyPair keyPair = pair;
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal dnName = new X500Principal(dn);
certGen.setSerialNumber(sn);
certGen.setIssuerDN(dnName);
certGen.setNotBefore(from);
certGen.setNotAfter(to);
certGen.setSubjectDN(dnName);
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm(algorithm);
X509Certificate cert = certGen.generate(pair.getPrivate());
return cert;
}
private static void createKeyStore(String filename,
String password, String alias,
Key privateKey, Certificate cert)
throws GeneralSecurityException, IOException {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null); // initialize
ks.setKeyEntry(alias, privateKey, password.toCharArray(),
new Certificate[]{cert});
saveKeyStore(ks, filename, password);
}
private static <T extends Certificate> void createTrustStore(
String filename, String password, Map<String, T> certs)
throws GeneralSecurityException, IOException {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null); // initialize
for (Map.Entry<String, T> cert : certs.entrySet()) {
ks.setCertificateEntry(cert.getKey(), cert.getValue());
}
saveKeyStore(ks, filename, password);
}
private static void saveKeyStore(KeyStore ks, String filename,
String password)
throws GeneralSecurityException, IOException {
FileOutputStream out = new FileOutputStream(filename);
try {
ks.store(out, password.toCharArray());
} finally {
out.close();
}
}
/**
* Saves configuration to a file.
*
* @param file File to save
* @param conf Configuration contents to write to file
* @throws IOException if there is an I/O error saving the file
*/
private static void saveConfig(File file, Configuration conf)
throws IOException {
Writer writer = new OutputStreamWriter(new FileOutputStream(file), "UTF-8");
try {
conf.writeXml(writer);
} finally {
writer.close();
}
}
}

269
test/src/main/java/org/apache/sqoop/test/utils/SecurityUtils.java
View File

@ -1,269 +0,0 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.sqoop.test.utils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory;
import org.apache.hadoop.security.ssl.SSLFactory;
import org.bouncycastle.x509.X509V1CertificateGenerator;
import javax.security.auth.x500.X500Principal;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
public class SecurityUtils {
public static final String CLIENT_KEYSTORE = "clientKS.jks";
public static final String SERVER_KEYSTORE = "serverKS.jks";
public static final String TRUSTSTORE = "trustKS.jks";
public static final String CLIENT_KEY_PASSWORD = "client_key";
public static final String CLIENT_KEY_STORE_PASSWORD = "client_keystore";
public static final String SERVER_KEY_PASSWORD = "server_key";
public static final String SERVER_KEY_STORE_PASSWORD = "server_keystore";
/**
* Performs complete setup of SSL configuration. This includes keys, certs,
* keystores, truststores, the server SSL configuration file,
* the client SSL configuration file.
*
* @param keystoresDir String directory to save keystores
* @param sslConfDir String directory to save SSL configuration files
* @param conf Configuration
* @param useClientCert boolean true to make the client present a cert in the
* SSL handshake
* @param trustStore boolean true to create truststore, false not to create it
*/
public static X509Certificate setupSSLConfig(String keystoresDir, String sslConfDir,
Configuration conf, boolean useClientCert, boolean trustStore)
throws Exception {
String clientKeyStorePath = keystoresDir + "/" + CLIENT_KEYSTORE;
String serverKeyStorePath = keystoresDir + "/" + SERVER_KEYSTORE;
String serverPassword = "serverP";
String trustKS = null;
String trustPassword = "trustP";
File sslClientConfFile = new File(sslConfDir, getSSLConfigFileName("ssl-client"));
File sslServerConfFile = new File(sslConfDir, getSSLConfigFileName("ssl-server"));
Map<String, X509Certificate> certs = new HashMap<String, X509Certificate>();
String hostname = SqoopUtils.getLocalHostName();
if (useClientCert) {
KeyPair cKP = generateKeyPair("RSA");
X509Certificate cCert = generateCertificate("CN=" + hostname + ", O=client", cKP, 30, "SHA1withRSA");
createKeyStore(clientKeyStorePath, CLIENT_KEY_PASSWORD, CLIENT_KEY_STORE_PASSWORD, "client", cKP.getPrivate(), cCert);
certs.put("client", cCert);
}
KeyPair sKP = generateKeyPair("RSA");
X509Certificate sCert = generateCertificate("CN=" + hostname + ", O=server", sKP, 30, "SHA1withRSA");
createKeyStore(serverKeyStorePath, SERVER_KEY_PASSWORD, SERVER_KEY_STORE_PASSWORD, "server", sKP.getPrivate(), sCert);
certs.put("server", sCert);
if (trustStore) {
trustKS = keystoresDir + TRUSTSTORE;
createTrustStore(trustKS, trustPassword, certs);
}
Configuration clientSSLConf = createSSLConfig(
SSLFactory.Mode.CLIENT, clientKeyStorePath, CLIENT_KEY_STORE_PASSWORD, CLIENT_KEY_PASSWORD, trustKS);
Configuration serverSSLConf = createSSLConfig(
SSLFactory.Mode.SERVER, serverKeyStorePath, SERVER_KEY_STORE_PASSWORD, SERVER_KEY_PASSWORD, trustKS);
saveConfig(sslClientConfFile, clientSSLConf);
saveConfig(sslServerConfFile, serverSSLConf);
conf.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, "ALLOW_ALL");
conf.set(SSLFactory.SSL_CLIENT_CONF_KEY, sslClientConfFile.getName());
conf.set(SSLFactory.SSL_SERVER_CONF_KEY, sslServerConfFile.getName());
conf.setBoolean(SSLFactory.SSL_REQUIRE_CLIENT_CERT_KEY, useClientCert);
return sCert;
}
/**
* Returns an SSL configuration file name. Under parallel test
* execution, this file name is parameterized by a unique ID to ensure that
* concurrent tests don't collide on an SSL configuration file.
*
* @param base the base of the file name
* @return SSL configuration file name for base
*/
public static String getSSLConfigFileName(String base) {
String testUniqueForkId = System.getProperty("test.unique.fork.id");
String fileSuffix = testUniqueForkId != null ? "-" + testUniqueForkId : "";
return base + fileSuffix + ".xml";
}
/**
* Creates SSL configuration.
*
* @param mode SSLFactory.Mode mode to configure
* @param keystore String keystore file
* @param keyStorePassword String store password, or null to avoid setting store
* password
* @param keyPassword String key password, or null to avoid setting key
* password
* @param trustKS String truststore file
* @return Configuration for SSL
*/
public static Configuration createSSLConfig(SSLFactory.Mode mode,
String keystore, String keyStorePassword,
String keyPassword, String trustKS) {
String trustPassword = "trustP";
Configuration sslConf = new Configuration(false);
if (keystore != null) {
sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
FileBasedKeyStoresFactory.SSL_KEYSTORE_LOCATION_TPL_KEY), keystore);
}
if (keyStorePassword != null) {
sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY), keyStorePassword);
}
if (keyPassword != null) {
sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
FileBasedKeyStoresFactory.SSL_KEYSTORE_KEYPASSWORD_TPL_KEY),
keyPassword);
}
if (trustKS != null) {
sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
FileBasedKeyStoresFactory.SSL_TRUSTSTORE_LOCATION_TPL_KEY), trustKS);
}
sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
FileBasedKeyStoresFactory.SSL_TRUSTSTORE_PASSWORD_TPL_KEY),
trustPassword);
sslConf.set(FileBasedKeyStoresFactory.resolvePropertyName(mode,
FileBasedKeyStoresFactory.SSL_TRUSTSTORE_RELOAD_INTERVAL_TPL_KEY), "1000");
return sslConf;
}
public static KeyPair generateKeyPair(String algorithm)
throws NoSuchAlgorithmException {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm);
keyGen.initialize(1024);
return keyGen.genKeyPair();
}
/**
* Create a self-signed X.509 Certificate.
*
* @param dn the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB"
* @param pair the KeyPair
* @param days how many days from now the Certificate is valid for
* @param algorithm the signing algorithm, eg "SHA1withRSA"
* @return the self-signed certificate
*/
public static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm)
throws CertificateEncodingException,
InvalidKeyException,
IllegalStateException,
NoSuchProviderException, NoSuchAlgorithmException, SignatureException {
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000l);
BigInteger sn = new BigInteger(64, new SecureRandom());
KeyPair keyPair = pair;
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal dnName = new X500Principal(dn);
certGen.setSerialNumber(sn);
certGen.setIssuerDN(dnName);
certGen.setNotBefore(from);
certGen.setNotAfter(to);
certGen.setSubjectDN(dnName);
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm(algorithm);
X509Certificate cert = certGen.generate(pair.getPrivate());
return cert;
}
public static void createKeyStore(String filename,
String keyPassword, String keyStorePassword,
String alias, Key privateKey, Certificate cert)
throws GeneralSecurityException, IOException {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null); // initialize
ks.setKeyEntry(alias, privateKey, keyPassword.toCharArray(),
new Certificate[]{cert});
saveKeyStore(ks, filename, keyStorePassword);
}
public static <T extends Certificate> void createTrustStore(
String filename, String password, Map<String, T> certs)
throws GeneralSecurityException, IOException {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null); // initialize
for (Map.Entry<String, T> cert : certs.entrySet()) {
ks.setCertificateEntry(cert.getKey(), cert.getValue());
}
saveKeyStore(ks, filename, password);
}
public static void saveKeyStore(KeyStore ks, String filename,
String password)
throws GeneralSecurityException, IOException {
FileOutputStream out = new FileOutputStream(filename);
try {
ks.store(out, password.toCharArray());
} finally {
out.close();
}
}
/**
* Saves configuration to a file.
*
* @param file File to save
* @param conf Configuration contents to write to file
* @throws IOException if there is an I/O error saving the file
*/
public static void saveConfig(File file, Configuration conf)
throws IOException {
Writer writer = new OutputStreamWriter(new FileOutputStream(file), "UTF-8");
try {
conf.writeXml(writer);
} finally {
writer.close();
}
}
}

25
test/src/main/java/org/apache/sqoop/test/utils/SqoopUtils.java
View File

@ -18,7 +18,6 @@
package org.apache.sqoop.test.utils;
import java.net.InetAddress;
import java.net.URL;
import java.net.UnknownHostException;
import java.util.Locale;
import java.util.Random;
@ -45,7 +44,7 @@ public static void fillObjectName(MAccountableEntity object) {
object.setName(prefix + rand.nextLong());
}
// Retrieve the FQDN of the current host
//Retrieve the FQDN of the current host
public static String getLocalHostName() {
String fqdn;
try {
@ -55,26 +54,4 @@ public static String getLocalHostName() {
}
return fqdn;
}
// Retrieve the IP address of the current host
public static String getLocalIpAddress() {
String address;
try {
address = InetAddress.getLocalHost().getHostAddress();
} catch (UnknownHostException e1) {
address = "127.0.0.1";
}
return address;
}
@SuppressWarnings("rawtypes")
public static String getClasspathDir(Class klass) throws Exception {
String file = klass.getName();
file = file.replace('.', '/') + ".class";
URL url = Thread.currentThread().getContextClassLoader().getResource(file);
String baseDir = url.toURI().getPath();
baseDir = baseDir.substring(0, baseDir.length() - file.length() - 1);
return baseDir;
}
}

2
test/src/test/java/org/apache/sqoop/integration/serverproperties/BlacklistedConnectorTest.java → test/src/test/java/org/apache/sqoop/integration/connectorloading/BlacklistedConnectorTest.java
View File

@ -15,7 +15,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.sqoop.integration.serverproperties;
package org.apache.sqoop.integration.connectorloading;
import org.apache.hadoop.conf.Configuration;
import org.apache.sqoop.common.SqoopException;

2
test/src/test/java/org/apache/sqoop/integration/serverproperties/ClasspathTest.java → test/src/test/java/org/apache/sqoop/integration/connectorloading/ClasspathTest.java
View File

@ -16,7 +16,7 @@
* limitations under the License.
*/
package org.apache.sqoop.integration.serverproperties;
package org.apache.sqoop.integration.connectorloading;
import org.apache.hadoop.conf.Configuration;
import org.apache.sqoop.core.ConfigurationConstants;

2
test/src/test/java/org/apache/sqoop/integration/serverproperties/ConnectorClasspathIsolationTest.java → test/src/test/java/org/apache/sqoop/integration/connectorloading/ConnectorClasspathIsolationTest.java
View File

@ -16,7 +16,7 @@
* limitations under the License.
*/
package org.apache.sqoop.integration.serverproperties;
package org.apache.sqoop.integration.connectorloading;
import java.util.Arrays;
import java.util.HashMap;

164
test/src/test/java/org/apache/sqoop/integration/serverproperties/SslTest.java
View File

@ -1,164 +0,0 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.sqoop.integration.serverproperties;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.authentication.client.PseudoAuthenticator;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL;
import org.apache.sqoop.security.SecurityConstants;
import org.apache.sqoop.test.infrastructure.Infrastructure;
import org.apache.sqoop.test.infrastructure.SqoopTestCase;
import org.apache.sqoop.test.infrastructure.providers.DatabaseInfrastructureProvider;
import org.apache.sqoop.test.infrastructure.providers.HadoopInfrastructureProvider;
import org.apache.sqoop.test.infrastructure.providers.KdcInfrastructureProvider;
import org.apache.sqoop.test.minicluster.JettySqoopMiniCluster;
import org.apache.sqoop.test.minicluster.SqoopMiniCluster;
import org.apache.sqoop.test.utils.HdfsUtils;
import org.apache.sqoop.test.utils.SecurityUtils;
import org.apache.sqoop.test.utils.SqoopUtils;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.ws.rs.HttpMethod;
import javax.ws.rs.core.MediaType;
import java.io.File;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Map;
import static org.testng.Assert.assertEquals;
@Infrastructure(dependencies = {KdcInfrastructureProvider.class, HadoopInfrastructureProvider.class, DatabaseInfrastructureProvider.class})
@Test(groups = {"no-real-cluster"})
public class SslTest extends SqoopTestCase {
private SqoopMiniCluster sqoopMiniCluster;
private SSLContext defaultSslContext;
private HostnameVerifier defaultHostNameVerifier;
public static class SslSqoopMiniCluster extends JettySqoopMiniCluster {
private String keyStoreFilePath;
private String keyStorePassword;
private String keyManagerPassword;
public SslSqoopMiniCluster(String temporaryPath, Configuration configuration, String keyStoreFilePath, String keyStorePassword, String keyManagerPassword) throws Exception {
super(temporaryPath, configuration);
this.keyStoreFilePath = keyStoreFilePath;
this.keyStorePassword = keyStorePassword;
this.keyManagerPassword = keyManagerPassword;
}
@Override
protected Map<String, String> getSecurityConfiguration() {
Map<String, String> properties = super.getSecurityConfiguration();
properties.put(SecurityConstants.TLS_ENABLED, String.valueOf(true));
properties.put(SecurityConstants.TLS_PROTOCOL, "TLSv1.2");
properties.put(SecurityConstants.KEYSTORE_LOCATION, keyStoreFilePath);
properties.put(SecurityConstants.KEYSTORE_PASSWORD, keyStorePassword);
properties.put(SecurityConstants.KEYMANAGER_PASSWORD, keyManagerPassword);
return properties;
}
}
@BeforeMethod
public void backupSslContext() throws Exception {
defaultSslContext = SSLContext.getDefault();
defaultHostNameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
}
@AfterMethod
public void restoreSslContext() {
SSLContext.setDefault(defaultSslContext);
HttpsURLConnection.setDefaultHostnameVerifier(defaultHostNameVerifier);
}
@AfterMethod
public void stopCluster() throws Exception {
sqoopMiniCluster.stop();
}
@Test
public void testSslInUse() throws Exception {
String sslKeystoresDir = getTemporaryPath() + "ssl-keystore/";
String sslConfDir = SqoopUtils.getClasspathDir(SslTest.class);
FileUtils.deleteDirectory(new File(sslKeystoresDir));
FileUtils.forceMkdir(new File(sslKeystoresDir));
X509Certificate serverCertificate = SecurityUtils.setupSSLConfig(
sslKeystoresDir, sslConfDir, new Configuration(), false, true);
sqoopMiniCluster =
new SslSqoopMiniCluster(HdfsUtils.joinPathFragments(getTemporaryPath(), getTestName()), getHadoopConf(), sslKeystoresDir + SecurityUtils.SERVER_KEYSTORE, SecurityUtils.SERVER_KEY_STORE_PASSWORD, SecurityUtils.SERVER_KEY_PASSWORD);
KdcInfrastructureProvider kdcProvider = getInfrastructureProvider(KdcInfrastructureProvider.class);
if (kdcProvider != null) {
sqoopMiniCluster.setKdc(kdcProvider.getInstance());
}
sqoopMiniCluster.start();
// Bypass hostname verification
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
try {
if (hostname.equals((new URL(sqoopMiniCluster.getServerUrl())).getHost())) {
return true;
}
} catch (MalformedURLException e) {
return false;
}
return false;
}
});
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(sslKeystoresDir + SecurityUtils.TRUSTSTORE);
sslContextFactory.start();
SSLContext.setDefault(sslContextFactory.getSslContext());
initSqoopClient(sqoopMiniCluster.getServerUrl());
// Make a request and check the cert
URL url = new URL(sqoopMiniCluster.getServerUrl() + "version?" +
PseudoAuthenticator.USER_NAME + "=" + System.getProperty("user.name"));
HttpURLConnection conn = new DelegationTokenAuthenticatedURL().openConnection(url, getAuthToken());
conn.setRequestMethod(HttpMethod.GET);
conn.setRequestProperty("Accept", MediaType.APPLICATION_JSON);
assertEquals(conn.getResponseCode(), 200);
HttpsURLConnection secured = (HttpsURLConnection) conn;
Certificate actualCertificate = secured.getServerCertificates()[0];
assertEquals(actualCertificate, serverCertificate);
}
}

6
test/src/test/resources/server-properties-tests-suite.xml → test/src/test/resources/connector-loading-tests-suite.xml
View File

@ -18,16 +18,16 @@ limitations under the License.
<!DOCTYPE suite SYSTEM "http://testng.org/testng-1.0.dtd" >
<suite name="ServerPropertiesTests" verbose="2" parallel="false">
<suite name="ConnectorLoadingTests" verbose="2" parallel="false">
<listeners>
<listener class-name="org.apache.sqoop.test.testng.SqoopTestListener" />
<listener class-name="org.apache.sqoop.test.testng.ReconfigureLogListener" />
</listeners>
<test name="ServerPropertiesTests">
<test name="ConnectorLoadingTests">
<packages>
<package name="org.apache.sqoop.integration.serverproperties"/>
<package name="org.apache.sqoop.integration.connectorloading"/>
</packages>
</test>