[oozie] branch master updated: OOZIE-3549 Add back support for truststore passwords (matijhs via asalamon74)

asalamon74 Thu, 28 Nov 2019 02:59:46 -0800

This is an automated email from the ASF dual-hosted git repository.

asalamon74 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/oozie.git



The following commit(s) were added to refs/heads/master by this push:
     new 31caabc  OOZIE-3549 Add back support for truststore passwords (matijhs 
via asalamon74)
31caabc is described below

commit 31caabc2ad73e2f7ff5e077e760483964a7b9cca
Author: Andras Salamon <[email protected]>
AuthorDate: Thu Nov 28 11:58:21 2019 +0100

    OOZIE-3549 Add back support for truststore passwords (matijhs via 
asalamon74)
---
 core/src/main/resources/oozie-default.xml             |  8 ++++++++
 docs/src/site/markdown/AG_Install.md                  |  3 ++-
 release-log.txt                                       |  1 +
 .../org/apache/oozie/server/EmbeddedOozieServer.java  | 18 ++++++++++++++++++
 .../oozie/server/SSLServerConnectorFactory.java       |  2 +-
 .../apache/oozie/server/TestEmbeddedOozieServer.java  | 19 ++++++++++++++++++-
 .../oozie/server/TestSSLServerConnectorFactory.java   |  2 +-
 7 files changed, 49 insertions(+), 4 deletions(-)

diff --git a/core/src/main/resources/oozie-default.xml 
b/core/src/main/resources/oozie-default.xml
index 56c5b59..8d34be4 100644
--- a/core/src/main/resources/oozie-default.xml
+++ b/core/src/main/resources/oozie-default.xml
@@ -2745,6 +2745,14 @@ will be the requeue interval for the actions which are 
waiting for a long time w
     </property>
 
     <property>
+        <name>oozie.https.truststore.pass</name>
+        <value></value>
+        <description>
+            Password to the TrustStore.
+        </description>TestSSLServerConnectorFactory
+    </property>
+
+    <property>
         <name>oozie.https.keystore.file</name>
         <value></value>
         <description>
diff --git a/docs/src/site/markdown/AG_Install.md 
b/docs/src/site/markdown/AG_Install.md
index f18528f..8996e8a 100644
--- a/docs/src/site/markdown/AG_Install.md
+++ b/docs/src/site/markdown/AG_Install.md
@@ -932,7 +932,8 @@ included with your JRE. If it's not on your path, you 
should be able to find it
     2b. Set location and password for the keystore and location for truststore 
by setting `oozie.https.keystore.file`,
     `oozie.https.keystore.pass`, `oozie.https.truststore.file`.
 
-    **Note:** `oozie.https.truststore.file` can be overridden by setting 
`javax.net.ssl.trustStore` system property.
+    **Note:** `oozie.https.truststore.file` can be overridden by setting 
`javax.net.ssl.trustStore` system property,
+    `oozie.https.keystore.pass` by setting `javax.net.ssl.trustStorePassword`.
 
     The default HTTPS port Oozie listens on for secure connections is 11443; 
it can be changed via `oozie.https.port`.
 
diff --git a/release-log.txt b/release-log.txt
index e0c6329..c89f79a 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -1,5 +1,6 @@
 -- Oozie 5.3.0 release (trunk - unreleased)
 
+OOZIE-3549 Add back support for truststore passwords (matijhs via asalamon74)
 OOZIE-3561 Forkjoin validation is slow when there are many actions in chain 
(dionusos, pbacsko via asalamon74)
 OOZIE-3491 Confusing System ID error message (matijhs via asalamon74)
 OOZIE-3536 Invalid configuration tag <additionalparam> in maven-javadoc-plugin 
(nobigo via asalamon74)
diff --git 
a/server/src/main/java/org/apache/oozie/server/EmbeddedOozieServer.java 
b/server/src/main/java/org/apache/oozie/server/EmbeddedOozieServer.java
index daf5237..76c1fd6 100644
--- a/server/src/main/java/org/apache/oozie/server/EmbeddedOozieServer.java
+++ b/server/src/main/java/org/apache/oozie/server/EmbeddedOozieServer.java
@@ -52,7 +52,9 @@ import java.util.Objects;
 public class EmbeddedOozieServer {
     private static final Logger LOG = 
LoggerFactory.getLogger(EmbeddedOozieServer.class);
     protected static final String OOZIE_HTTPS_TRUSTSTORE_FILE = 
"oozie.https.truststore.file";
+    protected static final String OOZIE_HTTPS_TRUSTSTORE_PASS = 
"oozie.https.truststore.pass";
     protected static final String TRUSTSTORE_PATH_SYSTEM_PROPERTY = 
"javax.net.ssl.trustStore";
+    protected static final String TRUSTSTORE_PASS_SYSTEM_PROPERTY = 
"javax.net.ssl.trustStorePassword";
     private static String contextPath;
     protected Server server;
     private int httpPort;
@@ -122,6 +124,7 @@ public class EmbeddedOozieServer {
 
         HandlerCollection handlerCollection = new HandlerCollection();
         setTrustStore();
+        setTrustStorePassword();
 
         if (isSecured()) {
             httpsPort =  getConfigPort(ConfigUtils.OOZIE_HTTPS_PORT);
@@ -163,6 +166,21 @@ public class EmbeddedOozieServer {
         }
     }
 
+    /**
+     * set the truststore password from the config file, if is not set by the 
user
+     */
+    private void setTrustStorePassword() {
+        if (System.getProperty(TRUSTSTORE_PASS_SYSTEM_PROPERTY) == null) {
+            final String trustStorePassword = 
conf.get(OOZIE_HTTPS_TRUSTSTORE_PASS);
+            if (trustStorePassword != null) {
+                LOG.info("Setting javax.net.ssl.trustStorePassword from config 
file");
+                System.setProperty(TRUSTSTORE_PASS_SYSTEM_PROPERTY, 
trustStorePassword);
+            }
+        } else {
+            LOG.info("javax.net.ssl.trustStorePassword is already set. The 
value from config file will be ignored");
+        }
+    }
+
     private void addErrorHandler() {
         ErrorPageErrorHandler errorHandler = new ErrorPageErrorHandler();
         errorHandler.addErrorPage(HttpServletResponse.SC_BAD_REQUEST, 
"/error");
diff --git 
a/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java 
b/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java
index 62f84b1..9110d7f 100644
--- 
a/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java
+++ 
b/server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java
@@ -137,7 +137,7 @@ class SSLServerConnectorFactory {
     private void setKeystorePass() {
         String keystorePass = ConfigurationService.getPassword(conf, 
OOZIE_HTTPS_KEYSTORE_PASS);
         Objects.requireNonNull(keystorePass, "keystorePass is null");
-        sslContextFactory.setKeyManagerPassword(keystorePass);
+        sslContextFactory.setKeyStorePassword(keystorePass);
     }
 
     private void setKeyStoreFile() {
diff --git 
a/server/src/test/java/org/apache/oozie/server/TestEmbeddedOozieServer.java 
b/server/src/test/java/org/apache/oozie/server/TestEmbeddedOozieServer.java
index ee12186..e144dae 100644
--- a/server/src/test/java/org/apache/oozie/server/TestEmbeddedOozieServer.java
+++ b/server/src/test/java/org/apache/oozie/server/TestEmbeddedOozieServer.java
@@ -28,7 +28,6 @@ import org.eclipse.jetty.server.Connector;
 import org.eclipse.jetty.server.Handler;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.ServerConnector;
-import org.eclipse.jetty.util.ssl.SslContextFactory;
 import org.eclipse.jetty.webapp.WebAppContext;
 import org.junit.After;
 import org.junit.Assert;
@@ -95,6 +94,7 @@ public class TestEmbeddedOozieServer {
 
     @After public void tearDown() {
         
System.clearProperty(EmbeddedOozieServer.TRUSTSTORE_PATH_SYSTEM_PROPERTY);
+        
System.clearProperty(EmbeddedOozieServer.TRUSTSTORE_PASS_SYSTEM_PROPERTY);
 
         verify(mockServices).get(ConfigurationService.class);
 
@@ -135,6 +135,23 @@ public class TestEmbeddedOozieServer {
         verify(mockConfiguration, 
never()).get(EmbeddedOozieServer.OOZIE_HTTPS_TRUSTSTORE_FILE);
     }
 
+    /**
+     * test case for when the trustore password is set via system property
+     * expected result: the password is used from the system property and the 
value is not even retrieved from the config file
+     */
+    @Test
+    public void testServerSetupTruststorePassSetViaSystemProperty() throws 
Exception {
+        final String trustStorePassword = "myTrustedPassword";
+        
doReturn(String.valueOf(false)).when(mockConfiguration).get("oozie.https.enabled");
+        
System.setProperty(EmbeddedOozieServer.TRUSTSTORE_PASS_SYSTEM_PROPERTY, 
trustStorePassword);
+
+        embeddedOozieServer.setup();
+        verify(mockJspHandler).setupWebAppContext(isA(WebAppContext.class));
+        verify(oozieFilterMapper).addFilters();
+
+        Assert.assertEquals(trustStorePassword, 
System.getProperty("javax.net.ssl.trustStorePassword"));
+        verify(mockConfiguration, 
never()).get(EmbeddedOozieServer.OOZIE_HTTPS_TRUSTSTORE_PASS);
+    }
 
     @Test
     public void testSecureServerSetup() throws Exception {
diff --git 
a/server/src/test/java/org/apache/oozie/server/TestSSLServerConnectorFactory.java
 
b/server/src/test/java/org/apache/oozie/server/TestSSLServerConnectorFactory.java
index f6ff5de..b05a9ce 100644
--- 
a/server/src/test/java/org/apache/oozie/server/TestSSLServerConnectorFactory.java
+++ 
b/server/src/test/java/org/apache/oozie/server/TestSSLServerConnectorFactory.java
@@ -83,7 +83,7 @@ public class TestSSLServerConnectorFactory {
     public void tearDown() {
         testConfig.clear();
         verify(mockSSLContextFactory).setKeyStorePath(anyString());
-        verify(mockSSLContextFactory).setKeyManagerPassword(anyString());
+        verify(mockSSLContextFactory).setKeyStorePassword(anyString());
         verifyNoMoreInteractions(
                 mockServerConnector,
                 mockSSLServerConnectorFactory);

[oozie] branch master updated: OOZIE-3549 Add back support for truststore passwords (matijhs via asalamon74)

Reply via email to