This is an automated email from the ASF dual-hosted git repository.
Apache9 pushed a commit to branch branch-3
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-3 by this push:
new d2d6480ef60 HBASE-30260 Polish X509TestContext to make it more stable
(#8426)
d2d6480ef60 is described below
commit d2d6480ef608c9a8246f48efcae4f300e5f8283b
Author: Duo Zhang <[email protected]>
AuthorDate: Mon Jun 29 22:13:10 2026 +0800
HBASE-30260 Polish X509TestContext to make it more stable (#8426)
Signed-off-by: Xiao Liu <[email protected]>
(cherry picked from commit 3c446d70274bf9594b415198d6061fa48168ef74)
---
.../crypto/tls/AbstractTestX509Parameterized.java | 3 +-
.../hbase/io/crypto/tls/TestBCFKSFileLoader.java | 12 +-
.../hbase/io/crypto/tls/TestJKSFileLoader.java | 10 +-
.../hbase/io/crypto/tls/TestPEMFileLoader.java | 8 +-
.../hbase/io/crypto/tls/TestPKCS12FileLoader.java | 10 +-
.../hbase/io/crypto/tls/X509TestContext.java | 156 +++++++--------------
.../hbase/io/crypto/tls/X509TestHelpers.java | 9 +-
.../apache/hadoop/hbase/ipc/TestNettyTlsIPC.java | 2 +-
.../hbase/security/AbstractTestMutualTls.java | 7 +-
.../hbase/security/TestMutualTlsClientSide.java | 6 +-
.../TestMutualTlsClientSideNonLocalhost.java | 5 +-
.../hbase/security/TestMutualTlsServerSide.java | 6 +-
.../hbase/security/TestNettyTLSIPCFileWatcher.java | 11 +-
13 files changed, 89 insertions(+), 156 deletions(-)
diff --git
a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/AbstractTestX509Parameterized.java
b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/AbstractTestX509Parameterized.java
index a0746380506..a88d2e7847b 100644
---
a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/AbstractTestX509Parameterized.java
+++
b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/AbstractTestX509Parameterized.java
@@ -18,7 +18,6 @@
package org.apache.hadoop.hbase.io.crypto.tls;
import java.io.File;
-import java.io.IOException;
import java.security.Security;
import java.util.ArrayList;
import java.util.List;
@@ -104,7 +103,7 @@ public abstract class AbstractTestX509Parameterized {
}
@BeforeEach
- public void setUp() throws IOException {
+ public void setUp() throws Exception {
x509TestContext = PROVIDER.get(caKeyType, certKeyType, keyPassword);
x509TestContext.setConfigurations(KeyStoreFileType.JKS,
KeyStoreFileType.JKS);
conf = new Configuration(UTIL.getConfiguration());
diff --git
a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/TestBCFKSFileLoader.java
b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/TestBCFKSFileLoader.java
index 645d5e2c7ea..dabf1755ede 100644
---
a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/TestBCFKSFileLoader.java
+++
b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/TestBCFKSFileLoader.java
@@ -52,7 +52,7 @@ public class TestBCFKSFileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadKeyStoreWithWrongPassword() throws IOException {
+ public void testLoadKeyStoreWithWrongPassword() throws Exception {
String path =
x509TestContext.getKeyStoreFile(KeyStoreFileType.BCFKS).getAbsolutePath();
assertThrows(IOException.class, () -> {
new BCFKSFileLoader.Builder().setKeyStorePath(path)
@@ -61,7 +61,7 @@ public class TestBCFKSFileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadKeyStoreWithWrongFilePath() throws IOException {
+ public void testLoadKeyStoreWithWrongFilePath() throws Exception {
String path =
x509TestContext.getKeyStoreFile(KeyStoreFileType.BCFKS).getAbsolutePath();
assertThrows(IOException.class, () -> {
new BCFKSFileLoader.Builder().setKeyStorePath(path + ".does_not_exist")
@@ -78,7 +78,7 @@ public class TestBCFKSFileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadKeyStoreWithWrongFileType() throws IOException {
+ public void testLoadKeyStoreWithWrongFileType() throws Exception {
String path =
x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath();
assertThrows(IOException.class, () -> {
// Trying to load a PEM file with BCFKS loader should fail
@@ -96,7 +96,7 @@ public class TestBCFKSFileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadTrustStoreWithWrongPassword() throws IOException {
+ public void testLoadTrustStoreWithWrongPassword() throws Exception {
String path =
x509TestContext.getTrustStoreFile(KeyStoreFileType.BCFKS).getAbsolutePath();
assertThrows(IOException.class, () -> {
@@ -106,7 +106,7 @@ public class TestBCFKSFileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadTrustStoreWithWrongFilePath() throws IOException {
+ public void testLoadTrustStoreWithWrongFilePath() throws Exception {
String path =
x509TestContext.getTrustStoreFile(KeyStoreFileType.BCFKS).getAbsolutePath();
assertThrows(IOException.class, () -> {
new BCFKSFileLoader.Builder().setTrustStorePath(path + ".does_not_exist")
@@ -123,7 +123,7 @@ public class TestBCFKSFileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadTrustStoreWithWrongFileType() throws IOException {
+ public void testLoadTrustStoreWithWrongFileType() throws Exception {
String path =
x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM).getAbsolutePath();
assertThrows(IOException.class, () -> {
// Trying to load a PEM file with BCFKS loader should fail
diff --git
a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/TestJKSFileLoader.java
b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/TestJKSFileLoader.java
index 51867524c1d..9fa3a14293a 100644
---
a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/TestJKSFileLoader.java
+++
b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/TestJKSFileLoader.java
@@ -52,7 +52,7 @@ public class TestJKSFileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadKeyStoreWithWrongPassword() throws IOException {
+ public void testLoadKeyStoreWithWrongPassword() throws Exception {
String path =
x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath();
assertThrows(IOException.class, () -> {
new JKSFileLoader.Builder().setKeyStorePath(path)
@@ -61,7 +61,7 @@ public class TestJKSFileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadKeyStoreWithWrongFilePath() throws IOException {
+ public void testLoadKeyStoreWithWrongFilePath() throws Exception {
String path =
x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath();
assertThrows(IOException.class, () -> {
new JKSFileLoader.Builder().setKeyStorePath(path + ".does_not_exist")
@@ -78,7 +78,7 @@ public class TestJKSFileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadKeyStoreWithWrongFileType() throws IOException {
+ public void testLoadKeyStoreWithWrongFileType() throws Exception {
String path =
x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath();
assertThrows(IOException.class, () -> {
// Trying to load a PEM file with JKS loader should fail
@@ -96,7 +96,7 @@ public class TestJKSFileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadTrustStoreWithWrongPassword() throws IOException {
+ public void testLoadTrustStoreWithWrongPassword() throws Exception {
String path =
x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath();
assertThrows(IOException.class, () -> {
new JKSFileLoader.Builder().setTrustStorePath(path)
@@ -105,7 +105,7 @@ public class TestJKSFileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadTrustStoreWithWrongFilePath() throws IOException {
+ public void testLoadTrustStoreWithWrongFilePath() throws Exception {
String path =
x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath();
assertThrows(IOException.class, () -> {
new JKSFileLoader.Builder().setTrustStorePath(path + ".does_not_exist")
diff --git
a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/TestPEMFileLoader.java
b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/TestPEMFileLoader.java
index 86a90cb40b3..be4bb3e5862 100644
---
a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/TestPEMFileLoader.java
+++
b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/TestPEMFileLoader.java
@@ -53,7 +53,7 @@ public class TestPEMFileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadKeyStoreWithWrongPassword() throws IOException {
+ public void testLoadKeyStoreWithWrongPassword() throws Exception {
String path =
x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath();
assertThrows(Exception.class, () -> {
new PEMFileLoader.Builder().setKeyStorePath(path)
@@ -62,7 +62,7 @@ public class TestPEMFileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadKeyStoreWithWrongFilePath() throws IOException {
+ public void testLoadKeyStoreWithWrongFilePath() throws Exception {
String path =
x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath();
assertThrows(IOException.class, () -> {
new PEMFileLoader.Builder().setKeyStorePath(path + ".does_not_exist")
@@ -79,7 +79,7 @@ public class TestPEMFileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadKeyStoreWithWrongFileType() throws IOException {
+ public void testLoadKeyStoreWithWrongFileType() throws Exception {
String path =
x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath();
assertThrows(KeyStoreException.class, () -> {
// Trying to load a JKS file with PEM loader should fail
@@ -97,7 +97,7 @@ public class TestPEMFileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadTrustStoreWithWrongFilePath() throws IOException {
+ public void testLoadTrustStoreWithWrongFilePath() throws Exception {
String path =
x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM).getAbsolutePath();
assertThrows(IOException.class, () -> {
new PEMFileLoader.Builder().setTrustStorePath(path + ".does_not_exist")
diff --git
a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/TestPKCS12FileLoader.java
b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/TestPKCS12FileLoader.java
index fe8249356e6..005993a79e9 100644
---
a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/TestPKCS12FileLoader.java
+++
b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/TestPKCS12FileLoader.java
@@ -52,7 +52,7 @@ public class TestPKCS12FileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadKeyStoreWithWrongPassword() throws IOException {
+ public void testLoadKeyStoreWithWrongPassword() throws Exception {
String path =
x509TestContext.getKeyStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath();
assertThrows(IOException.class, () -> {
new PKCS12FileLoader.Builder().setKeyStorePath(path)
@@ -61,7 +61,7 @@ public class TestPKCS12FileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadKeyStoreWithWrongFilePath() throws IOException {
+ public void testLoadKeyStoreWithWrongFilePath() throws Exception {
String path =
x509TestContext.getKeyStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath();
assertThrows(IOException.class, () -> {
new PKCS12FileLoader.Builder().setKeyStorePath(path + ".does_not_exist")
@@ -78,7 +78,7 @@ public class TestPKCS12FileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadKeyStoreWithWrongFileType() throws IOException {
+ public void testLoadKeyStoreWithWrongFileType() throws Exception {
String path =
x509TestContext.getKeyStoreFile(KeyStoreFileType.PEM).getAbsolutePath();
assertThrows(IOException.class, () -> {
// Trying to load a PEM file with PKCS12 loader should fail
@@ -96,7 +96,7 @@ public class TestPKCS12FileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadTrustStoreWithWrongPassword() throws IOException {
+ public void testLoadTrustStoreWithWrongPassword() throws Exception {
String path =
x509TestContext.getTrustStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath();
assertThrows(IOException.class, () -> {
new PKCS12FileLoader.Builder().setTrustStorePath(path)
@@ -105,7 +105,7 @@ public class TestPKCS12FileLoader extends
AbstractTestX509Parameterized {
}
@TestTemplate
- public void testLoadTrustStoreWithWrongFilePath() throws IOException {
+ public void testLoadTrustStoreWithWrongFilePath() throws Exception {
String path =
x509TestContext.getTrustStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath();
assertThrows(IOException.class, () -> {
new PKCS12FileLoader.Builder().setTrustStorePath(path +
".does_not_exist")
diff --git
a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/X509TestContext.java
b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/X509TestContext.java
index 86f9818f523..8e6b998983f 100644
---
a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/X509TestContext.java
+++
b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/X509TestContext.java
@@ -20,16 +20,17 @@ package org.apache.hadoop.hbase.io.crypto.tls;
import static java.util.Objects.requireNonNull;
import java.io.File;
-import java.io.FileOutputStream;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.StandardCopyOption;
+import java.nio.file.StandardOpenOption;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Arrays;
-import org.apache.commons.io.FileUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.yetus.audience.InterfaceAudience;
import org.bouncycastle.asn1.x500.X500Name;
@@ -165,13 +166,12 @@ public final class X509TestContext {
/**
* Returns the path to the trust store file in the given format (JKS or
PEM). Note that the file
- * is created lazily, the first time this method is called. The trust store
file is temporary and
- * will be deleted on exit.
+ * is created lazily, the first time this method is called.
* @param storeFileType the store file type (JKS or PEM).
* @return the path to the trust store file.
- * @throws IOException if there is an error creating the trust store file.
+ * @throws Exception if there is an error creating the trust store file.
*/
- public File getTrustStoreFile(KeyStoreFileType storeFileType) throws
IOException {
+ public File getTrustStoreFile(KeyStoreFileType storeFileType) throws
Exception {
switch (storeFileType) {
case JKS:
return getTrustStoreJksFile();
@@ -187,85 +187,68 @@ public final class X509TestContext {
}
}
- private File getTrustStoreJksFile() throws IOException {
+ private void atomicWriteFile(File file, byte[] content) throws IOException {
+ File tmpFile = new File(file.getParentFile(),
file.getName().concat(".tmp"));
+ Files.write(tmpFile.toPath(), content, StandardOpenOption.CREATE,
+ StandardOpenOption.TRUNCATE_EXISTING);
+ Files.move(tmpFile.toPath(), file.toPath(),
StandardCopyOption.REPLACE_EXISTING,
+ StandardCopyOption.ATOMIC_MOVE);
+ }
+
+ private File getTrustStoreJksFile() throws Exception {
if (trustStoreJksFile == null) {
trustStoreJksFile = File.createTempFile(TRUST_STORE_PREFIX,
KeyStoreFileType.JKS.getDefaultFileExtension(), tempDir);
- trustStoreJksFile.deleteOnExit();
generateTrustStoreJksFile();
}
return trustStoreJksFile;
}
- private void generateTrustStoreJksFile() throws IOException {
- try (final FileOutputStream trustStoreOutputStream = new
FileOutputStream(trustStoreJksFile)) {
- byte[] bytes =
- X509TestHelpers.certToJavaTrustStoreBytes(trustStoreCertificate,
trustStorePassword);
- trustStoreOutputStream.write(bytes);
- trustStoreOutputStream.flush();
- } catch (GeneralSecurityException e) {
- throw new IOException(e);
- }
+ private void generateTrustStoreJksFile() throws Exception {
+ atomicWriteFile(trustStoreJksFile,
+ X509TestHelpers.certToJavaTrustStoreBytes(trustStoreCertificate,
trustStorePassword));
}
private File getTrustStorePemFile() throws IOException {
if (trustStorePemFile == null) {
trustStorePemFile = File.createTempFile(TRUST_STORE_PREFIX,
KeyStoreFileType.PEM.getDefaultFileExtension(), tempDir);
- trustStorePemFile.deleteOnExit();
generateTrustStorePemFile();
}
return trustStorePemFile;
}
private void generateTrustStorePemFile() throws IOException {
- FileUtils.writeStringToFile(trustStorePemFile,
- X509TestHelpers.pemEncodeX509Certificate(trustStoreCertificate),
StandardCharsets.US_ASCII,
- false);
+ atomicWriteFile(trustStorePemFile, X509TestHelpers
+
.pemEncodeX509Certificate(trustStoreCertificate).getBytes(StandardCharsets.US_ASCII));
}
- private File getTrustStorePkcs12File() throws IOException {
+ private File getTrustStorePkcs12File() throws Exception {
if (trustStorePkcs12File == null) {
trustStorePkcs12File = File.createTempFile(TRUST_STORE_PREFIX,
KeyStoreFileType.PKCS12.getDefaultFileExtension(), tempDir);
- trustStorePkcs12File.deleteOnExit();
generateTrustStorePkcs12File();
}
return trustStorePkcs12File;
}
- private void generateTrustStorePkcs12File() throws IOException {
- try (
- final FileOutputStream trustStoreOutputStream = new
FileOutputStream(trustStorePkcs12File)) {
- byte[] bytes =
- X509TestHelpers.certToPKCS12TrustStoreBytes(trustStoreCertificate,
trustStorePassword);
- trustStoreOutputStream.write(bytes);
- trustStoreOutputStream.flush();
- } catch (GeneralSecurityException e) {
- throw new IOException(e);
- }
+ private void generateTrustStorePkcs12File() throws Exception {
+ atomicWriteFile(trustStorePkcs12File,
+ X509TestHelpers.certToPKCS12TrustStoreBytes(trustStoreCertificate,
trustStorePassword));
}
- private File getTrustStoreBcfksFile() throws IOException {
+ private File getTrustStoreBcfksFile() throws Exception {
if (trustStoreBcfksFile == null) {
trustStoreBcfksFile = File.createTempFile(TRUST_STORE_PREFIX,
KeyStoreFileType.BCFKS.getDefaultFileExtension(), tempDir);
- trustStoreBcfksFile.deleteOnExit();
generateTrustStoreBcfksFile();
}
return trustStoreBcfksFile;
}
- private void generateTrustStoreBcfksFile() throws IOException {
- try (
- final FileOutputStream trustStoreOutputStream = new
FileOutputStream(trustStoreBcfksFile)) {
- byte[] bytes =
- X509TestHelpers.certToBCFKSTrustStoreBytes(trustStoreCertificate,
trustStorePassword);
- trustStoreOutputStream.write(bytes);
- trustStoreOutputStream.flush();
- } catch (GeneralSecurityException e) {
- throw new IOException(e);
- }
+ private void generateTrustStoreBcfksFile() throws Exception {
+ atomicWriteFile(trustStoreBcfksFile,
+ X509TestHelpers.certToBCFKSTrustStoreBytes(trustStoreCertificate,
trustStorePassword));
}
public X509Certificate getKeyStoreCertificate() {
@@ -286,13 +269,12 @@ public final class X509TestContext {
/**
* Returns the path to the key store file in the given format (JKS, PEM,
...). Note that the file
- * is created lazily, the first time this method is called. The key store
file is temporary and
- * will be deleted on exit.
+ * is created lazily, the first time this method is called.
* @param storeFileType the store file type (JKS, PEM, ...).
* @return the path to the key store file.
- * @throws IOException if there is an error creating the key store file.
+ * @throws Exception if there is an error creating the key store file.
*/
- public File getKeyStoreFile(KeyStoreFileType storeFileType) throws
IOException {
+ public File getKeyStoreFile(KeyStoreFileType storeFileType) throws Exception
{
switch (storeFileType) {
case JKS:
return getKeyStoreJksFile();
@@ -308,88 +290,60 @@ public final class X509TestContext {
}
}
- private File getKeyStoreJksFile() throws IOException {
+ private File getKeyStoreJksFile() throws Exception {
if (keyStoreJksFile == null) {
keyStoreJksFile = File.createTempFile(KEY_STORE_PREFIX,
KeyStoreFileType.JKS.getDefaultFileExtension(), tempDir);
- keyStoreJksFile.deleteOnExit();
generateKeyStoreJksFile();
}
return keyStoreJksFile;
}
- private void generateKeyStoreJksFile() throws IOException {
- try (final FileOutputStream keyStoreOutputStream = new
FileOutputStream(keyStoreJksFile)) {
- byte[] bytes =
X509TestHelpers.certAndPrivateKeyToJavaKeyStoreBytes(keyStoreCertificate,
- keyStoreKeyPair.getPrivate(), keyStorePassword);
- keyStoreOutputStream.write(bytes);
- keyStoreOutputStream.flush();
- } catch (GeneralSecurityException e) {
- throw new IOException(e);
- }
+ private void generateKeyStoreJksFile() throws Exception {
+ atomicWriteFile(keyStoreJksFile,
X509TestHelpers.certAndPrivateKeyToJavaKeyStoreBytes(
+ keyStoreCertificate, keyStoreKeyPair.getPrivate(), keyStorePassword));
}
- private File getKeyStorePemFile() throws IOException {
+ private File getKeyStorePemFile() throws Exception {
if (keyStorePemFile == null) {
- try {
- keyStorePemFile = File.createTempFile(KEY_STORE_PREFIX,
- KeyStoreFileType.PEM.getDefaultFileExtension(), tempDir);
- keyStorePemFile.deleteOnExit();
- generateKeyStorePemFile();
- } catch (OperatorCreationException e) {
- throw new IOException(e);
- }
+ keyStorePemFile = File.createTempFile(KEY_STORE_PREFIX,
+ KeyStoreFileType.PEM.getDefaultFileExtension(), tempDir);
+ generateKeyStorePemFile();
}
return keyStorePemFile;
}
- private void generateKeyStorePemFile() throws IOException,
OperatorCreationException {
- FileUtils.writeStringToFile(keyStorePemFile,
- X509TestHelpers.pemEncodeCertAndPrivateKey(keyStoreCertificate,
keyStoreKeyPair.getPrivate(),
- keyStorePassword),
- StandardCharsets.US_ASCII, false);
+ private void generateKeyStorePemFile() throws Exception {
+ atomicWriteFile(keyStorePemFile,
X509TestHelpers.pemEncodeCertAndPrivateKey(keyStoreCertificate,
+ keyStoreKeyPair.getPrivate(),
keyStorePassword).getBytes(StandardCharsets.US_ASCII));
}
- private File getKeyStorePkcs12File() throws IOException {
+ private File getKeyStorePkcs12File() throws Exception {
if (keyStorePkcs12File == null) {
keyStorePkcs12File = File.createTempFile(KEY_STORE_PREFIX,
KeyStoreFileType.PKCS12.getDefaultFileExtension(), tempDir);
- keyStorePkcs12File.deleteOnExit();
generateKeyStorePkcs12File();
}
return keyStorePkcs12File;
}
- private void generateKeyStorePkcs12File() throws IOException {
- try (final FileOutputStream keyStoreOutputStream = new
FileOutputStream(keyStorePkcs12File)) {
- byte[] bytes =
X509TestHelpers.certAndPrivateKeyToPKCS12Bytes(keyStoreCertificate,
- keyStoreKeyPair.getPrivate(), keyStorePassword);
- keyStoreOutputStream.write(bytes);
- keyStoreOutputStream.flush();
- } catch (GeneralSecurityException e) {
- throw new IOException(e);
- }
+ private void generateKeyStorePkcs12File() throws Exception {
+ atomicWriteFile(keyStorePkcs12File,
X509TestHelpers.certAndPrivateKeyToPKCS12Bytes(
+ keyStoreCertificate, keyStoreKeyPair.getPrivate(), keyStorePassword));
}
- private File getKeyStoreBcfksFile() throws IOException {
+ private File getKeyStoreBcfksFile() throws Exception {
if (keyStoreBcfksFile == null) {
keyStoreBcfksFile = File.createTempFile(KEY_STORE_PREFIX,
KeyStoreFileType.BCFKS.getDefaultFileExtension(), tempDir);
- keyStoreBcfksFile.deleteOnExit();
generateKeyStoreBcfksFile();
}
return keyStoreBcfksFile;
}
- private void generateKeyStoreBcfksFile() throws IOException {
- try (final FileOutputStream keyStoreOutputStream = new
FileOutputStream(keyStoreBcfksFile)) {
- byte[] bytes =
X509TestHelpers.certAndPrivateKeyToBCFKSBytes(keyStoreCertificate,
- keyStoreKeyPair.getPrivate(), keyStorePassword);
- keyStoreOutputStream.write(bytes);
- keyStoreOutputStream.flush();
- } catch (GeneralSecurityException e) {
- throw new IOException(e);
- }
+ private void generateKeyStoreBcfksFile() throws Exception {
+ atomicWriteFile(keyStoreBcfksFile,
X509TestHelpers.certAndPrivateKeyToBCFKSBytes(
+ keyStoreCertificate, keyStoreKeyPair.getPrivate(), keyStorePassword));
}
/**
@@ -407,10 +361,10 @@ public final class X509TestContext {
*
* @param keyStoreFileType the store file type to use for the key store
(JKS, PEM, ...).
* @param trustStoreFileType the store file type to use for the trust store
(JKS, PEM, ...).
- * @throws IOException if there is an error creating the key store file or
trust store file.
+ * @throws Exception if there is an error creating the key store file or
trust store file.
*/
public void setConfigurations(KeyStoreFileType keyStoreFileType,
- KeyStoreFileType trustStoreFileType) throws IOException {
+ KeyStoreFileType trustStoreFileType) throws Exception {
setKeystoreConfigurations(keyStoreFileType, conf);
conf.set(X509Util.TLS_CONFIG_TRUSTSTORE_LOCATION,
this.getTrustStoreFile(trustStoreFileType).getAbsolutePath());
@@ -427,7 +381,7 @@ public final class X509TestContext {
* truststore and is more applicable to general use.
*/
public void setKeystoreConfigurations(KeyStoreFileType keyStoreFileType,
Configuration confToSet)
- throws IOException {
+ throws Exception {
confToSet.set(X509Util.TLS_CONFIG_KEYSTORE_LOCATION,
this.getKeyStoreFile(keyStoreFileType).getAbsolutePath());
@@ -462,9 +416,7 @@ public final class X509TestContext {
public void regenerateStores(X509KeyType keyStoreKeyType, X509KeyType
trustStoreKeyType,
KeyStoreFileType keyStoreFileType, KeyStoreFileType trustStoreFileType,
- String... subjectAltNames)
- throws GeneralSecurityException, IOException, OperatorCreationException {
-
+ String... subjectAltNames) throws Exception {
trustStoreKeyPair = X509TestHelpers.generateKeyPair(trustStoreKeyType);
keyStoreKeyPair = X509TestHelpers.generateKeyPair(keyStoreKeyType);
createCertificates(subjectAltNames);
diff --git
a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/X509TestHelpers.java
b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/X509TestHelpers.java
index 78d70f8f581..c297a2619f0 100644
---
a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/X509TestHelpers.java
+++
b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/X509TestHelpers.java
@@ -151,8 +151,9 @@ final class X509TestHelpers {
"CA private key does not match the public key in " + "the CA cert");
}
LocalDate now = LocalDate.now(ZoneId.systemDefault());
- X509v3CertificateBuilder builder = initCertBuilder(new
X500Name(caCert.getIssuerDN().getName()),
- now, now.plusDays(1), certSubject, certPublicKey);
+ X509v3CertificateBuilder builder =
+ initCertBuilder(new X500Name(caCert.getIssuerX500Principal().getName()),
now, now.plusDays(1),
+ certSubject, certPublicKey);
builder.addExtension(Extension.basicConstraints, true, new
BasicConstraints(false)); // not a CA
builder.addExtension(Extension.keyUsage, true,
new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
@@ -305,7 +306,7 @@ final class X509TestHelpers {
if (password != null && password.length > 0) {
encryptor =
new
JceOpenSSLPKCS8EncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC)
-
.setProvider(BouncyCastleProvider.PROVIDER_NAME).setRandom(PRNG).setPasssword(password)
+
.setProvider(BouncyCastleProvider.PROVIDER_NAME).setRandom(PRNG).setPassword(password)
.build();
}
pemWriter.writeObject(new JcaPKCS8Generator(key, encryptor));
@@ -382,7 +383,7 @@ final class X509TestHelpers {
private static byte[] certToTrustStoreBytes(X509Certificate cert, char[]
keyPassword,
KeyStore trustStore) throws IOException, GeneralSecurityException {
trustStore.load(null, keyPassword);
- trustStore.setCertificateEntry(cert.getSubjectDN().toString(), cert);
+ trustStore.setCertificateEntry(cert.getSubjectX500Principal().toString(),
cert);
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
trustStore.store(outputStream, keyPassword);
outputStream.flush();
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/ipc/TestNettyTlsIPC.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/ipc/TestNettyTlsIPC.java
index 5dd86ce0912..6f9c10b30cb 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/ipc/TestNettyTlsIPC.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/ipc/TestNettyTlsIPC.java
@@ -129,7 +129,7 @@ public class TestNettyTlsIPC extends AbstractTestIPC {
}
@BeforeEach
- public void setUp() throws IOException {
+ public void setUp() throws Exception {
x509TestContext = PROVIDER.get(caKeyType, certKeyType, keyPassword);
x509TestContext.setConfigurations(KeyStoreFileType.JKS,
KeyStoreFileType.JKS);
CONF.setBoolean(X509Util.HBASE_SERVER_NETTY_TLS_SUPPORTPLAINTEXT,
acceptPlainText);
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/AbstractTestMutualTls.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/AbstractTestMutualTls.java
index c2e7b55788b..10096fc027e 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/AbstractTestMutualTls.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/AbstractTestMutualTls.java
@@ -25,7 +25,6 @@ import java.io.File;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.net.InetSocketAddress;
-import java.security.GeneralSecurityException;
import java.security.Security;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLHandshakeException;
@@ -48,7 +47,6 @@ import org.apache.hadoop.hbase.ipc.TestProtobufRpcServiceImpl;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.OperatorCreationException;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeAll;
@@ -143,7 +141,7 @@ public abstract class AbstractTestMutualTls {
}
protected abstract void initialize(Configuration serverConf, Configuration
clientConf)
- throws IOException, GeneralSecurityException, OperatorCreationException;
+ throws Exception;
@BeforeEach
public void setUp() throws Exception {
@@ -164,8 +162,7 @@ public abstract class AbstractTestMutualTls {
stub = TestProtobufRpcServiceImpl.newBlockingStub(rpcClient,
rpcServer.getListenerAddress());
}
- protected void handleCertConfig(Configuration confToSet)
- throws GeneralSecurityException, IOException, OperatorCreationException {
+ protected void handleCertConfig(Configuration confToSet) throws Exception {
switch (certConfig) {
case NO_CLIENT_CERT:
// clearing out the keystore location will cause no cert to be sent.
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestMutualTlsClientSide.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestMutualTlsClientSide.java
index a0705a7046a..14a30ac6715 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestMutualTlsClientSide.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestMutualTlsClientSide.java
@@ -17,8 +17,6 @@
*/
package org.apache.hadoop.hbase.security;
-import java.io.IOException;
-import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.List;
import java.util.stream.Stream;
@@ -28,7 +26,6 @@ import org.apache.hadoop.hbase.io.crypto.tls.X509KeyType;
import org.apache.hadoop.hbase.io.crypto.tls.X509Util;
import org.apache.hadoop.hbase.testclassification.RPCTests;
import org.apache.hadoop.hbase.testclassification.SmallTests;
-import org.bouncycastle.operator.OperatorCreationException;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.params.provider.Arguments;
@@ -72,8 +69,7 @@ public class TestMutualTlsClientSide extends
AbstractTestMutualTls {
}
@Override
- protected void initialize(Configuration serverConf, Configuration clientConf)
- throws IOException, GeneralSecurityException, OperatorCreationException {
+ protected void initialize(Configuration serverConf, Configuration
clientConf) throws Exception {
// client verifies server hostname, and injects bad certs into server conf
clientConf.setBoolean(X509Util.HBASE_CLIENT_NETTY_TLS_VERIFY_SERVER_HOSTNAME,
validateHostnames);
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestMutualTlsClientSideNonLocalhost.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestMutualTlsClientSideNonLocalhost.java
index d5f58852f8e..4b8166ec25c 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestMutualTlsClientSideNonLocalhost.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestMutualTlsClientSideNonLocalhost.java
@@ -23,7 +23,6 @@ import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
-import java.security.GeneralSecurityException;
import java.security.Security;
import java.util.stream.Stream;
import org.apache.commons.io.FileUtils;
@@ -46,7 +45,6 @@ import org.apache.hadoop.hbase.ipc.TestProtobufRpcServiceImpl;
import org.apache.hadoop.hbase.testclassification.RPCTests;
import org.apache.hadoop.hbase.testclassification.SmallTests;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.OperatorCreationException;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeAll;
@@ -144,8 +142,7 @@ public class TestMutualTlsClientSideNonLocalhost {
stub = TestProtobufRpcServiceImpl.newBlockingStub(rpcClient,
rpcServer.getListenerAddress());
}
- private void initialize(Configuration serverConf, Configuration clientConf)
- throws GeneralSecurityException, IOException, OperatorCreationException {
+ private void initialize(Configuration serverConf, Configuration clientConf)
throws Exception {
serverConf.setBoolean(X509Util.HBASE_SERVER_NETTY_TLS_SUPPORTPLAINTEXT,
supportPlaintext);
clientConf.setBoolean(X509Util.HBASE_CLIENT_NETTY_TLS_VERIFY_SERVER_HOSTNAME,
true);
x509TestContext.regenerateStores(X509KeyType.RSA, X509KeyType.RSA,
KeyStoreFileType.JKS,
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestMutualTlsServerSide.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestMutualTlsServerSide.java
index 4d9ee4307be..6ab472dc575 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestMutualTlsServerSide.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestMutualTlsServerSide.java
@@ -17,8 +17,6 @@
*/
package org.apache.hadoop.hbase.security;
-import java.io.IOException;
-import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.List;
import java.util.stream.Stream;
@@ -28,7 +26,6 @@ import org.apache.hadoop.hbase.io.crypto.tls.X509KeyType;
import org.apache.hadoop.hbase.io.crypto.tls.X509Util;
import org.apache.hadoop.hbase.testclassification.RPCTests;
import org.apache.hadoop.hbase.testclassification.SmallTests;
-import org.bouncycastle.operator.OperatorCreationException;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.params.provider.Arguments;
@@ -106,8 +103,7 @@ public class TestMutualTlsServerSide extends
AbstractTestMutualTls {
}
@Override
- protected void initialize(Configuration serverConf, Configuration clientConf)
- throws IOException, GeneralSecurityException, OperatorCreationException {
+ protected void initialize(Configuration serverConf, Configuration
clientConf) throws Exception {
// server enables client auth mode and verifies client host names
// inject bad certs into client side
serverConf.set(X509Util.HBASE_SERVER_NETTY_TLS_CLIENT_AUTH_MODE,
clientAuthMode.name());
diff --git
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestNettyTLSIPCFileWatcher.java
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestNettyTLSIPCFileWatcher.java
index c70f5f6d406..234475723cb 100644
---
a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestNettyTLSIPCFileWatcher.java
+++
b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/TestNettyTLSIPCFileWatcher.java
@@ -29,7 +29,6 @@ import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.file.Path;
import java.nio.file.Paths;
-import java.security.GeneralSecurityException;
import java.security.Security;
import java.time.Duration;
import java.util.ArrayList;
@@ -64,7 +63,6 @@ import org.apache.hadoop.hbase.testclassification.RPCTests;
import org.apache.hadoop.hbase.testclassification.SmallTests;
import org.apache.hadoop.hbase.util.NettyEventLoopGroupConfig;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.operator.OperatorCreationException;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeAll;
@@ -76,7 +74,6 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.hbase.thirdparty.com.google.common.collect.Lists;
-import org.apache.hbase.thirdparty.com.google.protobuf.ServiceException;
import org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestProtos;
import
org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestRpcServiceProtos;
@@ -139,7 +136,7 @@ public class TestNettyTLSIPCFileWatcher {
}
@BeforeEach
- public void setUp() throws IOException {
+ public void setUp() throws Exception {
x509TestContext = PROVIDER.get(keyType, keyType,
"keyPa$$word".toCharArray());
x509TestContext.setConfigurations(storeFileType, storeFileType);
CONF.setBoolean(X509Util.HBASE_SERVER_NETTY_TLS_SUPPORTPLAINTEXT, false);
@@ -162,8 +159,7 @@ public class TestNettyTLSIPCFileWatcher {
}
@TestTemplate
- public void testReplaceServerKeystore() throws IOException, ServiceException,
- GeneralSecurityException, OperatorCreationException, InterruptedException {
+ public void testReplaceServerKeystore() throws Exception {
Configuration clientConf = new Configuration(CONF);
RpcServer rpcServer = createRpcServer("testRpcServer",
Lists.newArrayList(new RpcServer.BlockingServiceAndInterface(SERVICE,
null)),
@@ -212,8 +208,7 @@ public class TestNettyTLSIPCFileWatcher {
}
@TestTemplate
- public void testReplaceClientAndServerKeystore() throws
GeneralSecurityException, IOException,
- OperatorCreationException, ServiceException, InterruptedException {
+ public void testReplaceClientAndServerKeystore() throws Exception {
Configuration clientConf = new Configuration(CONF);
RpcServer rpcServer = createRpcServer("testRpcServer",
Lists.newArrayList(new RpcServer.BlockingServiceAndInterface(SERVICE,
null)),