[ASTERIXDB-2490][NET] Allow Private Key Entries With Password
- user model changes: no
- storage format changes: no
- interface changes: no
Details:
- Currently, it is assumed that private key entries will always
have a blank password. This change changes that by using the
keystore passed password as the private key entry password.
- Ensure trust store password property is set to to allow the
usage of password protected trust stores.
- Fix NCConfig keyStorePath/trustStorePath setter to set the
values for the current node.
- Update test cases private key entries to have password.
Change-Id: I204aa31006c6d3db65909248e55dd901029887fe
Reviewed-on: https://asterix-gerrit.ics.uci.edu/3239
Sonar-Qube: Jenkins <jenkins@fulliautomatix.ics.uci.edu>
Integration-Tests: Jenkins <jenkins@fulliautomatix.ics.uci.edu>
Tested-by: Jenkins <jenkins@fulliautomatix.ics.uci.edu>
Contrib: Jenkins <jenkins@fulliautomatix.ics.uci.edu>
Reviewed-by: Michael Blow <mblow@apache.org>
diff --git a/asterixdb/asterix-app/src/test/resources/security/cc/cc.jks b/asterixdb/asterix-app/src/test/resources/security/cc/cc.jks
index 242d615..7aca187 100644
--- a/asterixdb/asterix-app/src/test/resources/security/cc/cc.jks
+++ b/asterixdb/asterix-app/src/test/resources/security/cc/cc.jks
Binary files differ
diff --git a/asterixdb/asterix-app/src/test/resources/security/cc/cc.p12 b/asterixdb/asterix-app/src/test/resources/security/cc/cc.p12
index 855170f..751bb8e 100644
--- a/asterixdb/asterix-app/src/test/resources/security/cc/cc.p12
+++ b/asterixdb/asterix-app/src/test/resources/security/cc/cc.p12
Binary files differ
diff --git a/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.jks b/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.jks
index d6d3844..ecbde7e 100644
--- a/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.jks
+++ b/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.jks
Binary files differ
diff --git a/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.p12 b/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.p12
index 315da67..0736eae 100644
--- a/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.p12
+++ b/asterixdb/asterix-app/src/test/resources/security/nc1/asterix_nc1.p12
Binary files differ
diff --git a/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.jks b/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.jks
index 90c5591..df4f83f 100644
--- a/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.jks
+++ b/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.jks
Binary files differ
diff --git a/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.p12 b/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.p12
index c93b7c9..4839db9 100644
--- a/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.p12
+++ b/asterixdb/asterix-app/src/test/resources/security/nc2/asterix_nc2.p12
Binary files differ
diff --git a/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-common/src/main/java/org/apache/hyracks/control/common/controllers/NCConfig.java b/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-common/src/main/java/org/apache/hyracks/control/common/controllers/NCConfig.java
index acfa394..3619cbb 100644
--- a/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-common/src/main/java/org/apache/hyracks/control/common/controllers/NCConfig.java
+++ b/hyracks-fullstack/hyracks/hyracks-control/hyracks-control-common/src/main/java/org/apache/hyracks/control/common/controllers/NCConfig.java
@@ -565,7 +565,7 @@
}
public void setKeyStorePath(String keyStorePath) {
- configManager.set(Option.KEY_STORE_PATH, keyStorePath);
+ configManager.set(nodeId, Option.KEY_STORE_PATH, keyStorePath);
}
public String getTrustStorePath() {
@@ -573,6 +573,6 @@
}
public void setTrustStorePath(String keyStorePath) {
- configManager.set(CCConfig.Option.TRUST_STORE_PATH, keyStorePath);
+ configManager.set(nodeId, Option.TRUST_STORE_PATH, keyStorePath);
}
}
diff --git a/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java b/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
index 310eee5..0c8d429 100644
--- a/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
+++ b/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
@@ -43,6 +43,7 @@
this.config = config;
if (config.isSslEnabled()) {
System.setProperty("javax.net.ssl.trustStore", config.getTrustStoreFile().getAbsolutePath());
+ System.setProperty("javax.net.ssl.trustStorePassword", config.getKeyStorePassword());
}
sslSocketFactory = new SslSocketChannelFactory(this);
}
@@ -58,7 +59,7 @@
final String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(defaultAlgorithm);
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm);
- keyManagerFactory.init(engineKeyStore, "".toCharArray());
+ keyManagerFactory.init(engineKeyStore, password);
final KeyStore trustStore = loadTrustStoreFromFile(password);
trustManagerFactory.init(trustStore);
SSLContext ctx = SSLContext.getInstance(TSL_VERSION);