[kudu-CR] [security] use shorter RSA keys in tests

[Todd Lipcon (Code Review)]

Todd Lipcon has submitted this change and it was merged.

Change subject: [security] use shorter RSA keys in tests
......................................................................


[security] use shorter RSA keys in tests

When running tests, use the following RSA private keys:
  * TSK: 512 bit
  * certificate authority: 1024 bit
  * server: 1024 bit

The 512 bit length is the minimum for TSK keys since we use SHA256
for signing/verification of tokens.  The 768 bit length is the minimum
for TLS-related keys since we use stronger cipher suites from TLS v1.2
(one of the suites in use is ECDHE-RSA-AES256-GCM-SHA384).  However,
Java default security policies require at least 1024-bit RSA keys for
certificates used in validation chains, so using that for the external
mini-cluster.  For uniformity, minimum 1024 bit keys are used for
RSA keys throughout C++-only tests.

Change-Id: I180908763a1c520d8a6d8bbaaf981add9396db99
Reviewed-on: http://gerrit.cloudera.org:8080/6194
Reviewed-by: Dan Burkert <danburk...@apache.org>
Tested-by: Kudu Jenkins
---
M java/kudu-client/src/test/java/org/apache/kudu/client/MiniKuduCluster.java
M src/kudu/integration-tests/external_mini_cluster.cc
M src/kudu/integration-tests/external_mini_cluster.h
M src/kudu/master/master-test.cc
M src/kudu/rpc/negotiation-test.cc
M src/kudu/security/token-test.cc
M src/kudu/security/token_signer.cc
M src/kudu/util/test_util.cc
8 files changed, 49 insertions(+), 32 deletions(-)

Approvals:
  Dan Burkert: Looks good to me, approved
  Kudu Jenkins: Verified



-- 
To view, visit http://gerrit.cloudera.org:8080/6194
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I180908763a1c520d8a6d8bbaaf981add9396db99
Gerrit-PatchSet: 9
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <danburk...@apache.org>
Gerrit-Reviewer: David Ribeiro Alves <dral...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon <t...@apache.org>