[kudu-CR] java: implement Channel Bindings

Wed, 08 Feb 2017 20:01:09 -0800 

Hello Dan Burkert, Jean-Daniel Cryans, Alexey Serbin,

I'd like you to do a code review.  Please visit

    http://gerrit.cloudera.org:8080/5953

to review the following change.

Change subject: java: implement Channel Bindings
......................................................................

java: implement Channel Bindings

This adds a utility function for calculating RFC 5929
"tls-server-endpoint" channel bindings in Java. It also hooks the
channel bindings verification in the Negotiator implementation.

A new simple unit test verifies that channel bindings can be calculated
from a cert.

I also added a Java-format KeyStore with a self-signed cert as a test
resource. This was useful for writing a unit test. I generated it based
on the certs found in the C++ source using the following:

openssl pkcs12 -export -in /tmp/cert.pem -inkey /tmp/key.pem > /tmp/p12
keytool -importkeystore -srckeystore /tmp/p12 -destkeystore 
java/kudu-client/src/test/resources/test-key-and-cert.jks

No new unit test actually verifies the channel bindings verification,
but I did check that the integrity check is working by temporarily
flipping a byte before unwrapping and making sure that verification
failed.

Change-Id: I8b604ea6a0cff55820f7fbbb3ba4beba3a888a48
---
M java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java
M java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java
M java/kudu-client/src/test/java/org/apache/kudu/client/TestMiniKuduCluster.java
M java/kudu-client/src/test/java/org/apache/kudu/client/TestNegotiator.java
A java/kudu-client/src/test/resources/test-key-and-cert.jks
5 files changed, 150 insertions(+), 23 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/53/5953/1
-- 
To view, visit http://gerrit.cloudera.org:8080/5953
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I8b604ea6a0cff55820f7fbbb3ba4beba3a888a48
Gerrit-PatchSet: 1
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Todd Lipcon <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Dan Burkert <[email protected]>
Gerrit-Reviewer: Jean-Daniel Cryans <[email protected]>

Reply via email to