Todd Lipcon has submitted this change and it was merged. Change subject: java: implement Channel Bindings ......................................................................
java: implement Channel Bindings This adds a utility function for calculating RFC 5929 "tls-server-endpoint" channel bindings in Java. It also hooks the channel bindings verification in the Negotiator implementation. A new simple unit test verifies that channel bindings can be calculated from a cert. I also added a Java-format KeyStore with a self-signed cert as a test resource. This was useful for writing a unit test. I generated it based on the certs found in the C++ source using the following: openssl pkcs12 -export -in /tmp/cert.pem -inkey /tmp/key.pem > /tmp/p12 keytool -importkeystore -srckeystore /tmp/p12 -destkeystore java/kudu-client/src/test/resources/test-key-and-cert.jks No new unit test actually verifies the channel bindings verification, but I did check that the integrity check is working by temporarily flipping a byte before unwrapping and making sure that verification failed. Change-Id: I8b604ea6a0cff55820f7fbbb3ba4beba3a888a48 Reviewed-on: http://gerrit.cloudera.org:8080/5953 Tested-by: Kudu Jenkins Reviewed-by: Dan Burkert <[email protected]> --- M java/kudu-client/src/main/java/org/apache/kudu/client/Negotiator.java M java/kudu-client/src/main/java/org/apache/kudu/util/SecurityUtil.java M java/kudu-client/src/test/java/org/apache/kudu/client/TestNegotiator.java A java/kudu-client/src/test/resources/test-key-and-cert.jks 4 files changed, 143 insertions(+), 22 deletions(-) Approvals: Dan Burkert: Looks good to me, approved Kudu Jenkins: Verified -- To view, visit http://gerrit.cloudera.org:8080/5953 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: merged Gerrit-Change-Id: I8b604ea6a0cff55820f7fbbb3ba4beba3a888a48 Gerrit-PatchSet: 4 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Jean-Daniel Cryans <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <[email protected]>
