Repository: ambari Updated Branches: refs/heads/trunk 2fc354e5c -> eb784aaa1
AMBARI-20193 Log Search Portal is not working with HTTPS with it's own created Key Store (mgergely) Change-Id: I94555222f16dec59a5be80e273a9fbc25e47ba68 Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/eb784aaa Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/eb784aaa Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/eb784aaa Branch: refs/heads/trunk Commit: eb784aaa1f21f98982a405ab2da5f0e659f96102 Parents: 2fc354e Author: Miklos Gergely <[email protected]> Authored: Mon Feb 27 10:30:21 2017 +0100 Committer: Miklos Gergely <[email protected]> Committed: Mon Feb 27 10:30:21 2017 +0100 ---------------------------------------------------------------------- .../java/org/apache/ambari/logsearch/util/SSLUtil.java | 7 +++++-- ambari-logsearch/docker/bin/start.sh | 12 +++++++----- ambari-logsearch/docker/logsearch-docker.sh | 2 +- .../docker/test-config/logsearch/logsearch-env.sh | 4 ++-- 4 files changed, 15 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/eb784aaa/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java ---------------------------------------------------------------------- diff --git a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java index ea3474f..d4b6544 100644 --- a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java +++ b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/util/SSLUtil.java @@ -26,6 +26,7 @@ import org.apache.commons.io.FileUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.lang3.ArrayUtils; import org.apache.hadoop.conf.Configuration; +import org.bouncycastle.asn1.ASN1InputStream; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; @@ -289,7 +290,9 @@ public class SSLUtil { AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); BcContentSignerBuilder sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId); - SubjectPublicKeyInfo pubKey = new SubjectPublicKeyInfo(sigAlgId, rsaPublicKey.getEncoded()); + ASN1InputStream publicKeyStream = new ASN1InputStream(rsaPublicKey.getEncoded()); + SubjectPublicKeyInfo pubKey = SubjectPublicKeyInfo.getInstance(publicKeyStream.readObject()); + publicKeyStream.close(); X509v3CertificateBuilder v3CertBuilder = new X509v3CertificateBuilder( new X500Name("CN=" + domainName + ", OU=None, O=None L=None, C=None"), @@ -304,7 +307,7 @@ public class SSLUtil { X509CertificateHolder certificateHolder = v3CertBuilder.build(contentSigner); - JcaX509CertificateConverter certConverter = new JcaX509CertificateConverter(); + JcaX509CertificateConverter certConverter = new JcaX509CertificateConverter().setProvider("BC"); return certConverter.getCertificate(certificateHolder); } http://git-wip-us.apache.org/repos/asf/ambari/blob/eb784aaa/ambari-logsearch/docker/bin/start.sh ---------------------------------------------------------------------- diff --git a/ambari-logsearch/docker/bin/start.sh b/ambari-logsearch/docker/bin/start.sh index 4c60981..f9e0e8d 100644 --- a/ambari-logsearch/docker/bin/start.sh +++ b/ambari-logsearch/docker/bin/start.sh @@ -59,11 +59,13 @@ function create_config() { } function generate_keys() { - IP=`hostname --ip-address` - echo "generating stores for IP: $IP" - mkdir /root/config/ssl - keytool -genkeypair -alias logsearch -keyalg RSA -keysize 2048 -keypass bigdata -storepass bigdata -validity 9999 -keystore /root/config/ssl/logsearch.keyStore.jks -ext SAN=DNS:localhost,IP:127.0.0.1,IP:$IP -dname "CN=Common Name, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country" -rfc - cp /root/config/ssl/logsearch.keyStore.jks /root/config/ssl/logsearch.trustStore.jks + if [ $GENERATE_KEYSTORE_AT_START == 'true' ] + then + IP=`hostname --ip-address` + echo "generating stores for IP: $IP" + mkdir -p /etc/ambari-logsearch-portal/conf/keys/ + keytool -genkeypair -alias logsearch -keyalg RSA -keysize 2048 -keypass bigdata -storepass bigdata -validity 9999 -keystore /etc/ambari-logsearch-portal/conf/keys/logsearch.jks -ext SAN=DNS:localhost,IP:127.0.0.1,IP:$IP -dname "CN=Common Name, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=Country" -rfc + fi } function start_solr() { http://git-wip-us.apache.org/repos/asf/ambari/blob/eb784aaa/ambari-logsearch/docker/logsearch-docker.sh ---------------------------------------------------------------------- diff --git a/ambari-logsearch/docker/logsearch-docker.sh b/ambari-logsearch/docker/logsearch-docker.sh index 76994ee..a2df90f 100755 --- a/ambari-logsearch/docker/logsearch-docker.sh +++ b/ambari-logsearch/docker/logsearch-docker.sh @@ -57,7 +57,7 @@ function setup_profile() { AMBARI_LOCATION=$HOME/prj/ambari MAVEN_REPOSITORY_LOCATION=$HOME/.m2 LOGSEARCH_EXPOSED_PORTS="-p 8886:8886 -p 61888:61888 -p 5005:5005 -p 5006:5006" -LOGSEARCH_ENV_OPTS="-e LOGFEEDER_DEBUG_SUSPEND=n -e LOGSEARCH_DEBUG_SUSPEND=n -e COMPONENT_LOG=logsearch -e LOGSEARCH_HTTPS_ENABLED=false -e LOGSEARCH_SOLR_SSL_ENABLED=false" +LOGSEARCH_ENV_OPTS="-e LOGFEEDER_DEBUG_SUSPEND=n -e LOGSEARCH_DEBUG_SUSPEND=n -e COMPONENT_LOG=logsearch -e LOGSEARCH_HTTPS_ENABLED=false -e LOGSEARCH_SOLR_SSL_ENABLED=false -e GENERATE_KEYSTORE_AT_START=false" LOGSEARCH_VOLUME_OPTS="-v $AMBARI_LOCATION/ambari-logsearch/docker/test-logs:/root/test-logs -v $AMBARI_LOCATION/ambari-logsearch/docker/test-config:/root/test-config" http://git-wip-us.apache.org/repos/asf/ambari/blob/eb784aaa/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh ---------------------------------------------------------------------- diff --git a/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh b/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh index 8d92e20..0565bd7 100644 --- a/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh +++ b/ambari-logsearch/docker/test-config/logsearch/logsearch-env.sh @@ -36,7 +36,7 @@ export LOGSEARCH_DEBUG=true export LOGSEARCH_DEBUG_PORT=5005 export LOGSEARCH_SSL="true" -export LOGSEARCH_KEYSTORE_LOCATION=/root/config/ssl/logsearch.keyStore.jks +export LOGSEARCH_KEYSTORE_LOCATION=/etc/ambari-logsearch-portal/conf/keys/logsearch.jks export LOGSEARCH_KEYSTORE_TYPE=jks -export LOGSEARCH_TRUSTSTORE_LOCATION=/root/config/ssl/logsearch.trustStore.jks +export LOGSEARCH_TRUSTSTORE_LOCATION=/etc/ambari-logsearch-portal/conf/keys/logsearch.jks export LOGSEARCH_TRUSTSTORE_TYPE=jks
