Updated Branches: refs/heads/trunk 0724670a2 -> ec3d6d5d7
AMBARI-2602. javax.crypto.BadPaddingException (final block not properly padded) thrown on ambari-server startup. (Oleksandr Diachenko via smohanty) Project: http://git-wip-us.apache.org/repos/asf/incubator-ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ambari/commit/ec3d6d5d Tree: http://git-wip-us.apache.org/repos/asf/incubator-ambari/tree/ec3d6d5d Diff: http://git-wip-us.apache.org/repos/asf/incubator-ambari/diff/ec3d6d5d Branch: refs/heads/trunk Commit: ec3d6d5d77ebe958d804f3f4bb7c364c264a7288 Parents: 0724670 Author: Sumit Mohanty <[email protected]> Authored: Tue Jul 9 17:47:00 2013 -0700 Committer: Sumit Mohanty <[email protected]> Committed: Tue Jul 9 17:47:00 2013 -0700 ---------------------------------------------------------------------- ambari-server/src/main/python/ambari-server.py | 60 +++++++++++++++--- .../src/test/python/TestAmbaryServer.py | 66 +++++++++++++++++--- 2 files changed, 110 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/ec3d6d5d/ambari-server/src/main/python/ambari-server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/python/ambari-server.py b/ambari-server/src/main/python/ambari-server.py index 6756274..2d2a5b7 100755 --- a/ambari-server/src/main/python/ambari-server.py +++ b/ambari-server/src/main/python/ambari-server.py @@ -91,8 +91,12 @@ NR_CHOWN_CMD = 'chown {0} {1} {2}' RECURSIVE_RM_CMD = 'rm -rf {0}' +SSL_PASSWORD_FILE = "pass.txt" +SSL_PASSIN_FILE = "passin.txt" + # openssl command -EXPRT_KSTR_CMD = "openssl pkcs12 -export -in {0} -inkey {1} -certfile {0} -out {3} -password pass:{2} -passin pass:{2}" +VALIDATE_KEYSTORE_CMD = "openssl pkcs12 -info -in '{0}' -password file:'{1}' -passout file:'{2}'" +EXPRT_KSTR_CMD = "openssl pkcs12 -export -in '{0}' -inkey '{1}' -certfile '{0}' -out '{4}' -password file:'{2}' -passin file:'{3}'" CHANGE_KEY_PWD_CND = 'openssl rsa -in {0} -des3 -out {0}.secured -passout pass:{1}' GET_CRT_INFO_CMD = 'openssl x509 -dates -subject -in {0}' @@ -1761,6 +1765,24 @@ def find_jdbc_driver(args): return drivers return -1 return 0 + +def copy_file(src, dest_file): + try: + shutil.copyfile(src, dest_file) + except Exception, e: + err = "Can not copy file {0} to {1} due to: {2} . Please check file " \ + "permissions and free disk space.".format(src, dest_file, e.message) + raise FatalException(1, err) + +def remove_file(filePath): + if os.path.exists(filePath): + try: + os.remove(filePath) + except Exception, e: + print_warning_msg('Unable to remove file: ' + str(e)) + return 1 + pass + return 0 def copy_files(files, dest_dir): if os.path.isdir(dest_dir): @@ -2930,20 +2952,44 @@ def import_cert_and_key(security_server_keys_dir): SSL_KEYSTORE_FILE_NAME) passFilePath = os.path.join(security_server_keys_dir,\ SSL_KEY_PASSWORD_FILE_NAME) + passinFilePath = os.path.join(tempfile.gettempdir(),\ + SSL_PASSIN_FILE) + passwordFilePath = os.path.join(tempfile.gettempdir(),\ + SSL_PASSWORD_FILE) + + with open(passFilePath, 'w+') as passFile: + passFile.write(pem_password) + passFile.close + pass + + set_file_permissions(passFilePath, "660", read_ambari_user(), False) + + copy_file(passFilePath, passinFilePath) + copy_file(passFilePath, passwordFilePath) + retcode, out, err = run_os_command(EXPRT_KSTR_CMD.format(import_cert_path,\ - import_key_path, pem_password, keystoreFilePath)) - + import_key_path, passwordFilePath, passinFilePath, keystoreFilePath)) if retcode == 0: print 'Importing and saving certificate...done.' set_file_permissions(keystoreFilePath, "660", read_ambari_user(), False) - with open(passFilePath, 'w+') as passFile: - passFile.write(pem_password) - pass - set_file_permissions(passFilePath, "660", read_ambari_user(), False) + import_file_to_keystore(import_cert_path, os.path.join(\ security_server_keys_dir, SSL_CERT_FILE_NAME)) import_file_to_keystore(import_key_path, os.path.join(\ security_server_keys_dir, SSL_KEY_FILE_NAME)) + + #Validate keystore + retcode, out, err = run_os_command(VALIDATE_KEYSTORE_CMD.format(keystoreFilePath,\ + passwordFilePath, passinFilePath)) + + remove_file(passinFilePath) + remove_file(passwordFilePath) + + if not retcode == 0: + print 'Error during keystore validation occured!:' + print err + return False + return True else: print_error_msg('Could not import Certificate and Private Key.') http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/ec3d6d5d/ambari-server/src/test/python/TestAmbaryServer.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/TestAmbaryServer.py b/ambari-server/src/test/python/TestAmbaryServer.py index 4d1e5da..197737e 100644 --- a/ambari-server/src/test/python/TestAmbaryServer.py +++ b/ambari-server/src/test/python/TestAmbaryServer.py @@ -1121,6 +1121,8 @@ class TestAmbariServer(TestCase): self.assertEqual(str(properties.process_pair.call_args_list),\ expect_process_pair) + @patch.object(ambari_server, "remove_file") + @patch.object(ambari_server, "copy_file") @patch.object(ambari_server, "read_ambari_user") @patch.object(ambari_server, "set_file_permissions") @patch.object(ambari_server, "import_file_to_keystore") @@ -1137,14 +1139,15 @@ class TestAmbariServer(TestCase): get_validated_filepath_input_mock,\ os_path_join_mock, run_os_command_mock,\ open_mock, import_file_to_keystore_mock,\ - set_file_permissions_mock, read_ambari_user_mock): + set_file_permissions_mock, read_ambari_user_mock, copy_file_mock,\ + remove_file_mock): is_valid_cert_exp_mock.return_value=True is_valid_cert_host_mock.return_value=True get_validated_string_input_mock.return_value = "password" get_validated_filepath_input_mock.side_effect = \ ["cert_file_path","key_file_path"] - os_path_join_mock.side_effect = ["cert_file_path","key_file_path",\ - "keystore_cert_file_path",\ + os_path_join_mock.side_effect = ["keystore_file_path","pass_file_path",\ + "passin_file_path","password_file_path","keystore_cert_file_path",\ "keystore_cert_key_file_path",] run_os_command_mock.return_value = (0, "", "") om = open_mock.return_value @@ -1156,11 +1159,13 @@ class TestAmbariServer(TestCase): ambari_server.import_cert_and_key("key_dir") self.assertTrue(get_validated_filepath_input_mock.call_count == 2) self.assertTrue(get_validated_string_input_mock.called) - self.assertTrue(os_path_join_mock.call_count == 4) + self.assertEqual(os_path_join_mock.call_count, 6) self.assertTrue(set_file_permissions_mock.call_count == 2) self.assertEqual(str(import_file_to_keystore_mock.call_args_list),\ expect_import_file_to_keystore) + @patch.object(ambari_server, "remove_file") + @patch.object(ambari_server, "copy_file") @patch.object(ambari_server, "generate_random_string") @patch.object(ambari_server, "read_ambari_user") @patch.object(ambari_server, "set_file_permissions") @@ -1177,16 +1182,17 @@ class TestAmbariServer(TestCase): get_validated_string_input_mock, get_validated_filepath_input_mock,\ os_path_join_mock, run_os_command_mock, open_mock, \ import_file_to_keystore_mock, set_file_permissions_mock, - read_ambari_user_mock, generate_random_string_mock): + read_ambari_user_mock, generate_random_string_mock, copy_file_mock,\ + remove_file_mock): is_valid_cert_exp_mock.return_value=True is_valid_cert_host_mock.return_value=True get_validated_string_input_mock.return_value = "" get_validated_filepath_input_mock.side_effect =\ ["cert_file_path","key_file_path"] - os_path_join_mock.side_effect = ["cert_file_path","key_file_path",\ - "keystore_cert_file_path",\ - "keystore_cert_key_file_path",] + os_path_join_mock.side_effect = ["keystore_file_path","pass_file_path",\ + "passin_file_path","password_file_path","keystore_cert_file_path",\ + "keystore_cert_key_file_path",] run_os_command_mock.return_value = (0, "", "") expect_import_file_to_keystore = "[call('cert_file_path',"+\ @@ -1197,7 +1203,7 @@ class TestAmbariServer(TestCase): ambari_server.import_cert_and_key("key_dir") self.assertEquals(get_validated_filepath_input_mock.call_count, 2) self.assertTrue(get_validated_string_input_mock.called) - self.assertEquals(os_path_join_mock.call_count, 4) + self.assertEquals(os_path_join_mock.call_count, 6) self.assertEquals(set_file_permissions_mock.call_count, 2) self.assertEqual(str(import_file_to_keystore_mock.call_args_list),\ expect_import_file_to_keystore) @@ -2752,6 +2758,48 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV sys.stdout = sys.__stdout__ + + @patch("os.path.exists") + @patch("os.remove") + @patch.object(ambari_server,"print_warning_msg") + def test_remove_file(self, printWarningMsgMock, removeMock, pathExistsMock): + def side_effect(): + raise Exception(-1, "Failed to delete!") + + removeMock.side_effect = side_effect + pathExistsMock.return_value = 1 + + res = ambari_server.remove_file("/someNonExsistantDir/filename") + self.assertEquals(res,1) + + removeMock.side_effect = None + res = ambari_server.remove_file("/someExsistantDir/filename") + self.assertEquals(res, 0) + + @patch("shutil.copyfile") + def test_copy_file(self, shutilCopyfileMock): + def side_effect(): + raise Exception(-1, "Failed to copy!") + + shutilCopyfileMock.side_effect = side_effect + + try: + ambari_server.copy_file("/tmp/psswd","/someNonExsistantDir/filename") + self.fail("Exception on file not copied has not been thrown!") + except FatalException: + # Expected + pass + + self.assertTrue(shutilCopyfileMock.called) + + + shutilCopyfileMock.side_effect = None + try: + ambari_server.copy_file("/tmp/psswd","/root/psswd") + except FatalException: + self.fail("Exception on file copied should not be thrown!") + + self.assertTrue(shutilCopyfileMock.called) @patch.object(ambari_server, "get_ambari_properties") @patch.object(ambari_server, "find_jdbc_driver")
