Repository: incubator-slider Updated Branches: refs/heads/develop e2c605150 -> 68d57cf2a
SLIDER-753 add configuration for cert request Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/68d57cf2 Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/68d57cf2 Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/68d57cf2 Branch: refs/heads/develop Commit: 68d57cf2a9958b45c8f1678b1c72bb9b1a04d422 Parents: e2c6051 Author: Jon Maron <[email protected]> Authored: Tue Jan 13 12:03:30 2015 -0500 Committer: Jon Maron <[email protected]> Committed: Tue Jan 13 12:03:30 2015 -0500 ---------------------------------------------------------------------- .../services/security/CertificateManager.java | 2 +- .../server/services/security/SecurityUtils.java | 60 ++++++++++++++++++-- 2 files changed, 56 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/68d57cf2/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java b/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java index 1fd899c..812f39f 100644 --- a/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java +++ b/slider-core/src/main/java/org/apache/slider/server/services/security/CertificateManager.java @@ -42,7 +42,7 @@ public class CertificateManager { private static final String GEN_SRVR_KEY = "openssl genrsa -des3 " + "-passout pass:{0} -out {1}/{2} 4096 "; private static final String GEN_SRVR_REQ = "openssl req -passin pass:{0} " + - "-new -key {1}/{2} -out {1}/{5} -batch"; + "-new -key {1}/{2} -out {1}/{5} -config {1}/ca.config -batch"; private static final String SIGN_SRVR_CRT = "openssl ca -create_serial " + "-out {1}/{3} -days 365 -keyfile {1}/{2} -key {0} -selfsign " + "-extensions jdk7_ca -config {1}/ca.config -batch " + http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/68d57cf2/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java ---------------------------------------------------------------------- diff --git a/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java b/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java index ecbb637..d525058 100644 --- a/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java +++ b/slider-core/src/main/java/org/apache/slider/server/services/security/SecurityUtils.java @@ -44,10 +44,12 @@ public class SecurityUtils { private static final Logger LOG = LoggerFactory.getLogger(SecurityUtils.class); - private static String CA_CONFIG_CONTENTS ="[ ca ]\n" + private static String CA_CONFIG_CONTENTS = "HOME = .\n" + + "RANDFILE = $ENV::HOME/.rnd\n\n" + + "[ ca ]\n" + "default_ca = CA_CLIENT\n" + "[ CA_CLIENT ]\n" - + "dir\t\t = ${SEC_DIR}/db\n" + + "dir = ${SEC_DIR}/db\n" + "certs = $dir/certs\n" + "new_certs_dir = $dir/newcerts\n" + "\n" @@ -62,16 +64,64 @@ public class SecurityUtils { + "\n" + "[ policy_anything ]\n" + "countryName = optional\n" - + "stateOrProvinceName = optional \n" + + "stateOrProvinceName = optional\n" + "localityName = optional\n" + "organizationName = optional\n" + "organizationalUnitName = optional\n" - + "commonName = optional \n" - + "emailAddress = optional \n" + + "commonName = optional\n" + + "emailAddress = optional\n" + "\n" + + "[ req ]\n" + + "default_bits = 2048\n" + + "default_md = sha1\n" + + "default_keyfile = privkey.pem\n" + + "distinguished_name = req_distinguished_name\n" + + "attributes = req_attributes\n" + + "x509_extensions = v3_ca# The extentions to add to the self signed cert\n" + + "\n" + + "string_mask = utf8only\n" + + "\n" + + "[ req_distinguished_name ]\n" + + "countryName = Country Name (2 letter code)\n" + + "countryName_default = XX\n" + + "countryName_min = 2\n" + + "countryName_max = 2\n" + + "\n" + + "stateOrProvinceName = State or Province Name (full name)\n" + + "stateOrProvinceName_default= Default Province\n" + + "\n" + + "localityName= Locality Name (eg, city)\n" + + "localityName_default= Default City\n" + + "\n" + + "0.organizationName= Organization Name (eg, company)\n" + + "0.organizationName_default= Default Company Ltd\n" + + "\n" + + "\n" + + "organizationalUnitName= Organizational Unit Name (eg, section)\n" + + "organizationalUnitName_default=\n" + + "\n" + + "commonName= Common Name (eg, your name or your server\\'s hostname)\n" + + "commonName_max= 64\n" + + "\n" + + "emailAddress= Email Address\n" + + "emailAddress_max= 64\n" + + "\n" + + "\n" + + "[ req_attributes ]\n" + + "challengePassword= A challenge password\n" + + "challengePassword_min= 4\n" + + "challengePassword_max= 20\n" + + "\n" + + "unstructuredName= An optional company name\n" + "[ jdk7_ca ]\n" + "subjectKeyIdentifier = hash\n" + "authorityKeyIdentifier = keyid:always,issuer:always\n" + + "basicConstraints = CA:true\n" + + "[ v3_ca ]\n" + + "subjectKeyIdentifier=hash\n" + + "\n" + + "authorityKeyIdentifier=keyid:always,issuer:always\n" + + "\n" + "basicConstraints = CA:true"; private static final String PASS_TOKEN = "pass:";
