From 7ad401847a3d5f0eaec54b34c1b7dc3ee925ed07 Mon Sep 17 00:00:00 2001 From: Marcos P Date: Wed, 6 Sep 2017 13:31:29 +0200 Subject: [PATCH] [SPK-64] removed ssl tricks on spark-env (#50) * removed ssl tricks on spark-env * test phase activated * added changes requested from jlopez-malla * changed properties and fixed typos * changed signature for methods --- core/pom.xml | 6 +- .../org/apache/spark/security/SSLConfig.scala | 62 ++++++++++-- core/src/test/resources/ca-one-level.crt | 30 ++++++ core/src/test/resources/ca-two-levels.crt | 60 ++++++++++++ core/src/test/resources/cert.crt | 91 ++++++++++++++++++ core/src/test/resources/cert.key | 27 ++++++ core/src/test/resources/key.pkcs8 | Bin 0 -> 1216 bytes .../apache/spark/security/SSLConfigTest.scala | 60 ++++++++++++ docker/dispatcher/spark-env.sh | 47 --------- 9 files changed, 325 insertions(+), 58 deletions(-) create mode 100644 core/src/test/resources/ca-one-level.crt create mode 100644 core/src/test/resources/ca-two-levels.crt create mode 100644 core/src/test/resources/cert.crt create mode 100644 core/src/test/resources/cert.key create mode 100644 core/src/test/resources/key.pkcs8 create mode 100644 core/src/test/scala/org/apache/spark/security/SSLConfigTest.scala diff --git a/core/pom.xml b/core/pom.xml index e6c53756a2e5a..925e2fe6d56f3 100644 --- a/core/pom.xml +++ b/core/pom.xml @@ -149,7 +149,11 @@ javax.servlet-api ${javaxservlet.version} - + + ca.juliusdavies + not-yet-commons-ssl + 0.3.11 + org.apache.commons commons-lang3 diff --git a/core/src/main/scala/org/apache/spark/security/SSLConfig.scala b/core/src/main/scala/org/apache/spark/security/SSLConfig.scala index f48f6e2415bbd..ec5a71aa029bd 100644 --- a/core/src/main/scala/org/apache/spark/security/SSLConfig.scala +++ b/core/src/main/scala/org/apache/spark/security/SSLConfig.scala @@ -16,14 +16,17 @@ */ package org.apache.spark.security -import java.io.{ByteArrayInputStream, File, FileOutputStream} +import java.io._ import java.nio.file.{Files, Paths} import java.nio.file.attribute.PosixFilePermissions import java.security._ +import java.security.KeyFactory import java.security.cert.CertificateFactory +import java.security.spec.PKCS8EncodedKeySpec import java.security.spec.RSAPrivateCrtKeySpec import javax.xml.bind.DatatypeConverter +import org.apache.commons.ssl.PKCS8Key import sun.security.util.DerInputStream import org.apache.spark.internal.Logging @@ -63,6 +66,10 @@ object SSLConfig extends Logging { val (key, certs) = VaultHelper.getCertKeyForAppFromVault(vaultHost, vaultKeystorePath.get, vaultToken) + pemToDer(key) + generatePemFile(certs, "cert.crt") + generatePemFile(trustStore, "ca.crt") + val pass = VaultHelper.getCertPassForAppFromVault( vaultHost, vaultKeystorePassPath.get, vaultToken) @@ -86,9 +93,9 @@ object SSLConfig extends Logging { -> VaultHelper.getCertPassForAppFromVault(vaultHost, vaultKeyPassPath.get, vaultToken)) val certFilesPath = - Map(sparkSSLPrefix + "cert.path" -> s"${sys.env.get("SPARK_SSL_CERT_PATH")}/cert.crt", - sparkSSLPrefix + "key.pkcs8" -> s"${sys.env.get("SPARK_SSL_CERT_PATH")}/key.pkcs8", - sparkSSLPrefix + "root.cert" -> s"${sys.env.get("SPARK_SSL_CERT_PATH")}/caroot.crt") + Map(s"$sparkSSLPrefix${sslType.toLowerCase}.certPem.path" -> "/tmp/cert.crt", + s"$sparkSSLPrefix${sslType.toLowerCase}.keyPKCS8.path" -> "/tmp/key.pkcs8", + s"$sparkSSLPrefix${sslType.toLowerCase}.caPem.path" -> "/tmp/ca.crt") trustStoreOptions ++ keyStoreOptions ++ keyPass ++ certFilesPath } @@ -117,8 +124,38 @@ object SSLConfig extends Logging { file.getAbsolutePath } + def generatePemFile(pem: String, fileName: String): Unit = { + formatPem(pem) + val bosCA = new BufferedOutputStream(new FileOutputStream(s"/tmp/$fileName")) + bosCA.write(formatPem(pem).getBytes) + bosCA.close() + } + + // Gets raw pem from vault (without \n and folding) and outputs a well-formatted pem + + def formatPem(pemRaw: String): String = { + val (begin, end) = extractFlagsFromCert(pemRaw) + val pem = getArrayFromCert(pemRaw) + pem.map( data => s"$begin\n${data.sliding(64, 64).mkString("\n")}\n$end") + .mkString("\n") + .concat("\n") + } + + def pemToDer(data: String): Unit = { + val (begin, end) = ("-----BEGIN RSA PRIVATE KEY-----", "-----END RSA PRIVATE KEY-----") + require(data.startsWith(begin), "BEGIN RSA PRIVATE KEY flag not found") + val tokens = data.split(begin)(1).split(end) + val keyByted = DatatypeConverter.parseBase64Binary(tokens(0)) + val pkcs8 = new PKCS8Key(keyByted, null) + val decrypted = pkcs8.getDecryptedBytes + val spec = new PKCS8EncodedKeySpec(decrypted) + val pk = KeyFactory.getInstance("RSA").generatePrivate(spec) + val bos = new BufferedOutputStream(new FileOutputStream("/tmp/key.pkcs8")) + bos.write(pk.getEncoded) + bos.close() + } + - // TODO Improvent get passwords keys and jks key def generateKeyStore(sslType: String, cas: String, firstCA: String, @@ -182,15 +219,20 @@ object SSLConfig extends Logging { private def generateCertificateFromDER(certBytes: Array[Byte]): cert.Certificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certBytes)) - private def getArrayFromCA(ca: String): Array[String] = { - val splittedBy = ca.takeWhile(_ == '-') - val begin = s"$splittedBy${ca.split(splittedBy).tail.head}$splittedBy" + private def getArrayFromCert(cert: String): Array[String] = { + val (begin, end) = extractFlagsFromCert(cert) + cert.split(begin).tail.map(_.split(end).head) + } + + private def extractFlagsFromCert(cert: String): (String, String) = { + val splittedBy = cert.takeWhile(_ == '-') + val begin = s"$splittedBy${cert.split(splittedBy).tail.head}$splittedBy" val end = begin.replace("BEGIN", "END") - ca.split(begin).tail.map(_.split(end).head) + (begin, end) } private def getBase64FromCAs(cas: String): Array[Array[Byte]] = { - val pattern = getArrayFromCA(cas) + val pattern = getArrayFromCert(cas) pattern.map(value => { DatatypeConverter.parseBase64Binary(value) }) diff --git a/core/src/test/resources/ca-one-level.crt b/core/src/test/resources/ca-one-level.crt new file mode 100644 index 0000000000000..1d9a43e13a815 --- /dev/null +++ b/core/src/test/resources/ca-one-level.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFPDCCAySgAwIBAgIQdWSbQJ/CYk1/BERap1nTNjANBgkqhkiG9w0BAQsFADA4 +MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRp +byBJbmMgQ0EwHhcNMTYwMjE5MTEzODI2WhcNMjYwMjE2MTEzODI2WjA4MQswCQYD +VQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMg +Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2boA0hxlI9cDcSrt9 +56lPnNuQ0ek/NnuWw6dsGXZeC1RHBR5m3/0jGnKRMpW2PpmTp7eG2ngOCbZMd5tG +hZHoposlCHSjRrJvhXWPRDP52WvtSgsckcJtKw1uoo3lqZGBPAHpvg3ExxcWY8Q/ +b7H3Rc0zY2nM/whiayJPwO4+wE3gGiQwFrvsaekFjX/bNwBnZRiSAHm6iYeL0qfw +vSUwBcs0Wzh2yCKOuNqnuk+xFy3iaj5ADWGDxhm4Qf4q5UKJCriYZnWWSn0CDIHl +ZPc05sXERO52OCyzAG5Bm8qCGeCBtgpFQtHf72gbJFfSqJKs0VQ7U8N9ucI3NAEp +vt0NDXALF+4EoyV+0vCrq4U5f7geUSKPSEZWI2lpyz+NCZ95BrTFSHLDuNsTXJLn +mJjOYCymAm5luKA6DQw3HyNXIndgKV2e5BfhSWx3HP4J0DxO7kB2F1APUSijNZAe +2x6x+SO85CR6dT46pEvoGypD8EiRRoDHbQ8Vw1ulVh8nXoJzCs8v3exQUt1ZG7G1 +Pcmp/S4xPF0Y6/HP0IIe2pxJ4uzOYaaARki3AI8pwHfD6OON6tRC0wjnPB4qYPta +nVJo4Nr/UWmq8vpgLKrI2kE3ceiPkNgb7/cXepyseTDBQidvCwV/ZyixmafwDgDi +02zN/FI4yS3aMtpyXtrTkKlLXwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU1T68/Oa44A7bgn6wxN1deQVukKQwDQYJ +KoZIhvcNAQELBQADggIBAEGTbgPUdRcWCgLclrbIOJ9wNC/T0LhmAuMyPtXJVfoj +aH1XlWWGZw9CTAD0/d/W1cE0QwLi7MI0IWV6Lb4VjaogXIga7ND5uLzZ5iJb7SK8 ++gjK0d8hpGUKrwLzS6jUuL4vieM9DF7/VPi4EJm4EL35QfNpnb4Y17yOY1FZwZjt +wlPZWGrG0plRTi70/Mgic4a3KtC1I33RUUruF3nk+Fm+VEJJzmoOi01JwDwuM1hT +6lI4USNLp2vy4l1iJSdBSlwwNEthv1C/eHqC2XkH8Kr6kufW8s2Cnqu1tHJ/U+ns +/m5dDcrP22i/toDKVwOdquFdB4bg42PWyKeQi85UlHVSPwlTiB7gXZi97vtIDlIf +YZ6V3zy4fSUudaBXEm4IOY7IoRFB1zoqSj86KtufjOLAfqAcUFqYJGKEIfjbGist +agDKh5VRTtmgWnCSp252h27UHrYMWSv9/oi6H7m9dv5ZBuUgeYnxsgZYDgic4xA8 +0POOWAiMwYdoIQwQghdGLRDuXT8krg8/ery42xmIvqW0xpJzROAVzWgtEUFFtFfM +nrFjf2b4o6Mw8A6AflbL1zeRuum/Uz+sFVVSUS1uzWrIRSTN6M2tRpu6EuRuNCJk +NXxqQ5v3iBCpoKsXEBqDeymnT4WEFqv+Rq2ZHbticZ+vXbu8039fau7bdmVS9Bjj +-----END CERTIFICATE----- diff --git a/core/src/test/resources/ca-two-levels.crt b/core/src/test/resources/ca-two-levels.crt new file mode 100644 index 0000000000000..79d1b09135a0b --- /dev/null +++ b/core/src/test/resources/ca-two-levels.crt @@ -0,0 +1,60 @@ +-----BEGIN CERTIFICATE----- +MIIFOjCCAyKgAwIBAgIQdWSbQJ/CYk1/BERap1nTPTANBgkqhkiG9w0BAQsFADA4 +MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRp +byBJbmMgQ0EwHhcNMTYxMDIxMTUxNjEyWhcNMjYxMDE5MTUxNjEyWjA2MQswCQYD +VQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEVMBMGA1UEAwwMTGFicyB0ZWFtIENB +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtMw5w9bxjXur+T3A/sFE +cDCKxvKWU1Um86puh36D3Zc55/aTpNzq8UqyEtTUbr9xuqpkriQWPZcS3CZEDW0w +nEXmZ6/ukQ059T9wv6P+YGEXMqaVHn3qPGwiZ8WbClVrGfDwTl+9sfqvfR6keJq8 +rJkxE21ECW94ikI7Tk19s0Rz62xf+/FFRndQbTsech9Opi4TC2zMd9h9rPyRwfSm +VHMKPmqm+nnAoDjBlUalxjt+n7Vs269ZBqfusn25Em+BIMwU4z13csHIuZuB/mvm +qipxc2VHHrvhlCeoSgqWnNvmok4D8Ug+9sASAKYn1stdkSxCqwLLWb9PR/fUcqor +vz1S8KNc07c7IIt2ip5sXGWSJKIazak4CHiJGEQ11jO4NOFsXp+tDaQgT/21Aq45 +zHJyf9ymT8c0ztwe9oQI1UYXHyopfyW1o9Ca5/MxQeXWcCPEFE1IMoA/e6vDWF09 +liDOZl94lSwZ2ev+zGGDN+WU4ZojCbjdLCv/tbuSdyiTd4jV6dCShObyWMc6l+TA +fHvHFkxD29MDC165evoSXWMZtqriyt2h/9kWmqgblpz0oJ4kFPQ9RY5n34FHMSva +bkSTWkjcV8m6/4YDaRWYTo7a+ObJ9a6sk0J8pfYYcpwn4QoFS+12IA95ea51TWN1 +bEoIFaVEqBDy5y3Qe7JSWNkCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAkpP4Zm5qJ0Frn14iTtthSCrXVSMA0GCSqG +SIb3DQEBCwUAA4ICAQA/Pnv9Lf/Ic/EeJYjFGZ84bICIZ/cFFNPcb4lWc7zJNOg2 +690t748MwqDUQYvCL4f5Dh+rvssLxK/FlMGDiw4UrZGHdHS5u3bTTUrbwG1NHQKR +nthdz1xtx/TlBn4NvqVokcB7AkC5XVwpTvvVvcgpRp+ffYK3gd6arOb6oOOzRYDa +wFgPEZdZrbREh9p1k0NpbkUcmNiNMjQhV+DqVvGI+pYTOP4686Q4PvC7OGma5X3T +0MWwUJ3iMPdo4qAGJB8GV4XbyPapMd7vqFzsf18yAKmT9Q2afr1U1KCQ/zourY1u +qBeor5CzJzCDqLDxgXrBauVwB844Epa24x98RQGfZuIULZGPn0Sf8sF4L2bwmBBQ +M29yAWO4DLEZU0yqQTUHV7oJmNN+i0iE4wNSlC/Gz/wV3LCG+tseQkgvRziN8hwo +TGg6n9EvT2NdD0QpzJ2D7PQeJIytKEYzJKVRCZkn3Xcoy1SzIKiG0xDLME22rjFu +vWFyw1r/OnErIM7RL4GLZ3gAm00CRq4e2GarcEeLAq1d7rcSxV5/84pOIX9mH7PN +JTg5js6pOn9hrZWmmwRKYYVTPFqkAlTurrO0NjOT/kmDdHT0Xnaq0LRg0bKa79iD +JcylT5C08PAJX5S9esPXhNwS6rxMwk1ApmdE5USs/hn3geDAebJ0aRwIwnX5+g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFPDCCAySgAwIBAgIQdWSbQJ/CYk1/BERap1nTNjANBgkqhkiG9w0BAQsFADA4 +MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRp +byBJbmMgQ0EwHhcNMTYwMjE5MTEzODI2WhcNMjYwMjE2MTEzODI2WjA4MQswCQYD +VQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMg +Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2boA0hxlI9cDcSrt9 +56lPnNuQ0ek/NnuWw6dsGXZeC1RHBR5m3/0jGnKRMpW2PpmTp7eG2ngOCbZMd5tG +hZHoposlCHSjRrJvhXWPRDP52WvtSgsckcJtKw1uoo3lqZGBPAHpvg3ExxcWY8Q/ +b7H3Rc0zY2nM/whiayJPwO4+wE3gGiQwFrvsaekFjX/bNwBnZRiSAHm6iYeL0qfw +vSUwBcs0Wzh2yCKOuNqnuk+xFy3iaj5ADWGDxhm4Qf4q5UKJCriYZnWWSn0CDIHl +ZPc05sXERO52OCyzAG5Bm8qCGeCBtgpFQtHf72gbJFfSqJKs0VQ7U8N9ucI3NAEp +vt0NDXALF+4EoyV+0vCrq4U5f7geUSKPSEZWI2lpyz+NCZ95BrTFSHLDuNsTXJLn +mJjOYCymAm5luKA6DQw3HyNXIndgKV2e5BfhSWx3HP4J0DxO7kB2F1APUSijNZAe +2x6x+SO85CR6dT46pEvoGypD8EiRRoDHbQ8Vw1ulVh8nXoJzCs8v3exQUt1ZG7G1 +Pcmp/S4xPF0Y6/HP0IIe2pxJ4uzOYaaARki3AI8pwHfD6OON6tRC0wjnPB4qYPta +nVJo4Nr/UWmq8vpgLKrI2kE3ceiPkNgb7/cXepyseTDBQidvCwV/ZyixmafwDgDi +02zN/FI4yS3aMtpyXtrTkKlLXwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU1T68/Oa44A7bgn6wxN1deQVukKQwDQYJ +KoZIhvcNAQELBQADggIBAEGTbgPUdRcWCgLclrbIOJ9wNC/T0LhmAuMyPtXJVfoj +aH1XlWWGZw9CTAD0/d/W1cE0QwLi7MI0IWV6Lb4VjaogXIga7ND5uLzZ5iJb7SK8 ++gjK0d8hpGUKrwLzS6jUuL4vieM9DF7/VPi4EJm4EL35QfNpnb4Y17yOY1FZwZjt +wlPZWGrG0plRTi70/Mgic4a3KtC1I33RUUruF3nk+Fm+VEJJzmoOi01JwDwuM1hT +6lI4USNLp2vy4l1iJSdBSlwwNEthv1C/eHqC2XkH8Kr6kufW8s2Cnqu1tHJ/U+ns +/m5dDcrP22i/toDKVwOdquFdB4bg42PWyKeQi85UlHVSPwlTiB7gXZi97vtIDlIf +YZ6V3zy4fSUudaBXEm4IOY7IoRFB1zoqSj86KtufjOLAfqAcUFqYJGKEIfjbGist +agDKh5VRTtmgWnCSp252h27UHrYMWSv9/oi6H7m9dv5ZBuUgeYnxsgZYDgic4xA8 +0POOWAiMwYdoIQwQghdGLRDuXT8krg8/ery42xmIvqW0xpJzROAVzWgtEUFFtFfM +nrFjf2b4o6Mw8A6AflbL1zeRuum/Uz+sFVVSUS1uzWrIRSTN6M2tRpu6EuRuNCJk +NXxqQ5v3iBCpoKsXEBqDeymnT4WEFqv+Rq2ZHbticZ+vXbu8039fau7bdmVS9Bjj +-----END CERTIFICATE----- diff --git a/core/src/test/resources/cert.crt b/core/src/test/resources/cert.crt new file mode 100644 index 0000000000000..0c8bb4f677976 --- /dev/null +++ b/core/src/test/resources/cert.crt @@ -0,0 +1,91 @@ +-----BEGIN CERTIFICATE----- +MIIFXTCCA0WgAwIBAgIRALZoIdzosSCFgK8nHH+iKoQwDQYJKoZIhvcNAQELBQAw +NjELMAkGA1UEBhMCRVMxEDAOBgNVBAoMB1N0cmF0aW8xFTATBgNVBAMMDExhYnMg +dGVhbSBDQTAeFw0xNzA2MjAxNjQ0NDFaFw0xODA2MjAxNjQ0NDFaMDIxCzAJBgNV +BAYTAkVTMRAwDgYDVQQKEwdTdHJhdGlvMREwDwYDVQQDEwhwb3N0Z3JlczCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK5X78hm/LT6WVA3gswBE9/Z5qYo +vyD+aU2ZTMU89MB+VGzRfjwsO4Exg/AuRHj369mj/zNHCXcumWe06az6Q0Jj8Gv/ +u1vzA8LJMcyF3EhLSG8EiIp7LEXm+uSs1rkRH1qM2j2oVyIC4IUhrwvBWT3VnZFX +TSnpodwARYGszkyrv+1poQTMLz5gvolv1kQWexB6zTaTIG4dpiGwyjtbtwlqa6LQ +e2KXq6C6eLUX/bPHPaU/ECdl/A1jHT8kyTe9FT3OSzsJCwPII/oMYoJDYFUBnLrB +d4lKy00KgoopIzn+xtbLwq3nxsHPBbHStFkw8+2BoDGUDidAQPNiPJovC6cCAwEA +AaOCAWgwggFkMHQGCCsGAQUFBwEBBGgwZjAyBggrBgEFBQcwAoYmaHR0cDovL2xh +YnMtY2Euc3RyYXRpby5jb20vbGFicy1jYS5jcnQwMAYIKwYBBQUHMAGGJGh0dHA6 +Ly9vY3NwLmxhYnMtY2Euc3RyYXRpby5jb206OTA4MTAfBgNVHSMEGDAWgBQJKT+G +ZuaidBa59eIk7bYUgq11UjAMBgNVHRMBAf8EAjAAMDcGA1UdHwQwMC4wLKAqoCiG +Jmh0dHA6Ly9sYWJzLWNhLnN0cmF0aW8uY29tL2xhYnMtY2EuY3JsMB0GA1UdJQQW +MBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0OBBYE +FO454se8dRSIP2jLPsYIC8B8wtrpMDYGA1UdEQQvMC2CCHBvc3RncmVzgiFwb29s +cGdzcWx0ZXN0c3BhcmsubWFyYXRob24ubWVzb3MwDQYJKoZIhvcNAQELBQADggIB +AGm45ighjWkdj662m72AuPNIofTqQhn+Fkwwvc+KVk4s0wdLJTJvfQ7JaznCnFhI +powEW6J6hyF/C7ltMpjnPuhzbs0a12+I2HC5ZWOB8ag8zuv/+uYNUFiUzVQaLjKn +dwsOY60Tqy+nEGKTDXCWh6hz4+WideI60JB8DzPVzaEp74U+t0/grbiXXb08ft10 +AQO52QR49r67xRHC9GxY5YRZNe07uT12jWeWUGasUzNFOHAB/dFcLgkxaUMFeaBR +40XlLZo/Y/TbxCsnvTe4uP7nn+PBYVSS8y+sTAQ+l7X6UiK0VPWF8hlURHhM9K6E +bvNJFpkDBXRM66ZDV3uXN6Jyx+8qjPM6ekjofwJgTDPfiigSV27OFcq0OwqvO+77 +97e/MDQ0tItsShmTtpcEShaF5l8VM7laoCqLGObIyQJHkpIslGVU2qutJyMKwOrd +KfbWJeJphgbpGuPeiwrJ8OSIkO+u1pPtDiLwm+QqilEz5VOAxb3Lco2BEp2GwTVW +3zZtBuRWdYxWcIB0LvYYRGw0D1DaEAUf1Hr2jJeBUvQsNre962Tl9r5wGSqTAXQL +ykoxIAOzaN56Gzncrnt1iw2MQyUiN+9zisnE8FpjnSRekJCZljFkUxJARFSUah9m +ecYRVm9G8YkxCg3feUfvw0lQdqqw/kFkFFe3RC0agHj/ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFOjCCAyKgAwIBAgIQdWSbQJ/CYk1/BERap1nTPTANBgkqhkiG9w0BAQsFADA4 +MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRp +byBJbmMgQ0EwHhcNMTYxMDIxMTUxNjEyWhcNMjYxMDE5MTUxNjEyWjA2MQswCQYD +VQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEVMBMGA1UEAwwMTGFicyB0ZWFtIENB +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtMw5w9bxjXur+T3A/sFE +cDCKxvKWU1Um86puh36D3Zc55/aTpNzq8UqyEtTUbr9xuqpkriQWPZcS3CZEDW0w +nEXmZ6/ukQ059T9wv6P+YGEXMqaVHn3qPGwiZ8WbClVrGfDwTl+9sfqvfR6keJq8 +rJkxE21ECW94ikI7Tk19s0Rz62xf+/FFRndQbTsech9Opi4TC2zMd9h9rPyRwfSm +VHMKPmqm+nnAoDjBlUalxjt+n7Vs269ZBqfusn25Em+BIMwU4z13csHIuZuB/mvm +qipxc2VHHrvhlCeoSgqWnNvmok4D8Ug+9sASAKYn1stdkSxCqwLLWb9PR/fUcqor +vz1S8KNc07c7IIt2ip5sXGWSJKIazak4CHiJGEQ11jO4NOFsXp+tDaQgT/21Aq45 +zHJyf9ymT8c0ztwe9oQI1UYXHyopfyW1o9Ca5/MxQeXWcCPEFE1IMoA/e6vDWF09 +liDOZl94lSwZ2ev+zGGDN+WU4ZojCbjdLCv/tbuSdyiTd4jV6dCShObyWMc6l+TA +fHvHFkxD29MDC165evoSXWMZtqriyt2h/9kWmqgblpz0oJ4kFPQ9RY5n34FHMSva +bkSTWkjcV8m6/4YDaRWYTo7a+ObJ9a6sk0J8pfYYcpwn4QoFS+12IA95ea51TWN1 +bEoIFaVEqBDy5y3Qe7JSWNkCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAkpP4Zm5qJ0Frn14iTtthSCrXVSMA0GCSqG +SIb3DQEBCwUAA4ICAQA/Pnv9Lf/Ic/EeJYjFGZ84bICIZ/cFFNPcb4lWc7zJNOg2 +690t748MwqDUQYvCL4f5Dh+rvssLxK/FlMGDiw4UrZGHdHS5u3bTTUrbwG1NHQKR +nthdz1xtx/TlBn4NvqVokcB7AkC5XVwpTvvVvcgpRp+ffYK3gd6arOb6oOOzRYDa +wFgPEZdZrbREh9p1k0NpbkUcmNiNMjQhV+DqVvGI+pYTOP4686Q4PvC7OGma5X3T +0MWwUJ3iMPdo4qAGJB8GV4XbyPapMd7vqFzsf18yAKmT9Q2afr1U1KCQ/zourY1u +qBeor5CzJzCDqLDxgXrBauVwB844Epa24x98RQGfZuIULZGPn0Sf8sF4L2bwmBBQ +M29yAWO4DLEZU0yqQTUHV7oJmNN+i0iE4wNSlC/Gz/wV3LCG+tseQkgvRziN8hwo +TGg6n9EvT2NdD0QpzJ2D7PQeJIytKEYzJKVRCZkn3Xcoy1SzIKiG0xDLME22rjFu +vWFyw1r/OnErIM7RL4GLZ3gAm00CRq4e2GarcEeLAq1d7rcSxV5/84pOIX9mH7PN +JTg5js6pOn9hrZWmmwRKYYVTPFqkAlTurrO0NjOT/kmDdHT0Xnaq0LRg0bKa79iD +JcylT5C08PAJX5S9esPXhNwS6rxMwk1ApmdE5USs/hn3geDAebJ0aRwIwnX5+g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFPDCCAySgAwIBAgIQdWSbQJ/CYk1/BERap1nTNjANBgkqhkiG9w0BAQsFADA4 +MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRp +byBJbmMgQ0EwHhcNMTYwMjE5MTEzODI2WhcNMjYwMjE2MTEzODI2WjA4MQswCQYD +VQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMg +Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2boA0hxlI9cDcSrt9 +56lPnNuQ0ek/NnuWw6dsGXZeC1RHBR5m3/0jGnKRMpW2PpmTp7eG2ngOCbZMd5tG +hZHoposlCHSjRrJvhXWPRDP52WvtSgsckcJtKw1uoo3lqZGBPAHpvg3ExxcWY8Q/ +b7H3Rc0zY2nM/whiayJPwO4+wE3gGiQwFrvsaekFjX/bNwBnZRiSAHm6iYeL0qfw +vSUwBcs0Wzh2yCKOuNqnuk+xFy3iaj5ADWGDxhm4Qf4q5UKJCriYZnWWSn0CDIHl +ZPc05sXERO52OCyzAG5Bm8qCGeCBtgpFQtHf72gbJFfSqJKs0VQ7U8N9ucI3NAEp +vt0NDXALF+4EoyV+0vCrq4U5f7geUSKPSEZWI2lpyz+NCZ95BrTFSHLDuNsTXJLn +mJjOYCymAm5luKA6DQw3HyNXIndgKV2e5BfhSWx3HP4J0DxO7kB2F1APUSijNZAe +2x6x+SO85CR6dT46pEvoGypD8EiRRoDHbQ8Vw1ulVh8nXoJzCs8v3exQUt1ZG7G1 +Pcmp/S4xPF0Y6/HP0IIe2pxJ4uzOYaaARki3AI8pwHfD6OON6tRC0wjnPB4qYPta +nVJo4Nr/UWmq8vpgLKrI2kE3ceiPkNgb7/cXepyseTDBQidvCwV/ZyixmafwDgDi +02zN/FI4yS3aMtpyXtrTkKlLXwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU1T68/Oa44A7bgn6wxN1deQVukKQwDQYJ +KoZIhvcNAQELBQADggIBAEGTbgPUdRcWCgLclrbIOJ9wNC/T0LhmAuMyPtXJVfoj +aH1XlWWGZw9CTAD0/d/W1cE0QwLi7MI0IWV6Lb4VjaogXIga7ND5uLzZ5iJb7SK8 ++gjK0d8hpGUKrwLzS6jUuL4vieM9DF7/VPi4EJm4EL35QfNpnb4Y17yOY1FZwZjt +wlPZWGrG0plRTi70/Mgic4a3KtC1I33RUUruF3nk+Fm+VEJJzmoOi01JwDwuM1hT +6lI4USNLp2vy4l1iJSdBSlwwNEthv1C/eHqC2XkH8Kr6kufW8s2Cnqu1tHJ/U+ns +/m5dDcrP22i/toDKVwOdquFdB4bg42PWyKeQi85UlHVSPwlTiB7gXZi97vtIDlIf +YZ6V3zy4fSUudaBXEm4IOY7IoRFB1zoqSj86KtufjOLAfqAcUFqYJGKEIfjbGist +agDKh5VRTtmgWnCSp252h27UHrYMWSv9/oi6H7m9dv5ZBuUgeYnxsgZYDgic4xA8 +0POOWAiMwYdoIQwQghdGLRDuXT8krg8/ery42xmIvqW0xpJzROAVzWgtEUFFtFfM +nrFjf2b4o6Mw8A6AflbL1zeRuum/Uz+sFVVSUS1uzWrIRSTN6M2tRpu6EuRuNCJk +NXxqQ5v3iBCpoKsXEBqDeymnT4WEFqv+Rq2ZHbticZ+vXbu8039fau7bdmVS9Bjj +-----END CERTIFICATE----- diff --git a/core/src/test/resources/cert.key b/core/src/test/resources/cert.key new file mode 100644 index 0000000000000..0c03cd4920d64 --- /dev/null +++ b/core/src/test/resources/cert.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEArlfvyGb8tPpZUDeCzAET39nmpii/IP5pTZlMxTz0wH5UbNF+ +PCw7gTGD8C5EePfr2aP/M0cJdy6ZZ7TprPpDQmPwa/+7W/MDwskxzIXcSEtIbwSI +inssReb65KzWuREfWozaPahXIgLghSGvC8FZPdWdkVdNKemh3ABFgazOTKu/7Wmh +BMwvPmC+iW/WRBZ7EHrNNpMgbh2mIbDKO1u3CWprotB7YperoLp4tRf9s8c9pT8Q +J2X8DWMdPyTJN70VPc5LOwkLA8gj+gxigkNgVQGcusF3iUrLTQqCiikjOf7G1svC +refGwc8FsdK0WTDz7YGgMZQOJ0BA82I8mi8LpwIDAQABAoIBABeLssua9RgwE23d +AWIx5xA9aoQYTq/TDD+5q3+b2uZAaYCEzoqr4qFxIYOHjCHWQdkT5/xx5JpfBcLW +0RRWfEz0GF1NnW0updxhtcMMdRKicDbmItapCfKq3kmR+jHmWRiumy7mlFX4k4AH +a4+n3jiWqAAgDUDS19RRiRGZWAdMlbnXQTVP8t+DIPCVlQRInDgrNcpwiXpmJAd1 +cessEtjAADoZq9QgDNn5n6QEvOS43zxCuLt6wt65hQLCzBTWZmDGB+CPz6F9FLMU +1DSWll+nPBC5ZTBFxwz5duKXV1K+FtaGF6VDWR3jsBnNXQ+1A3rXv47LCUA3pzat +zxMRCyECgYEA2VCKVmpo/nSd5FoPSHP0DtSYw3LgGbRKoDiZJ+9RycEoK21fzqyy +IY3PNsutPpTMZKVuTm12Y5cAH5wO3vmeRTa6bzRiIdggyoLdZxRaF76s9dN1datu +rEi4UMs9vByJp0wTQbIy9uCB/1puChntzrYOnOm9xZcJkfG2XN7tyZECgYEAzWEe +Bkx+FXihmzo1Uz9MJQCT6uJvb1ffRjCMTLH28+HCUuPoiOjOHLbXqJmMgKmO4NVq +SCCDNbu0XBA/ZUOSrE1oPSIb9TGmL+XqXilPrE7JKcDuagAE7C1KXDQcMuf3Z+Pk +qjBJ/MMcUXhLY9iGTMJGQcSnG7mToW6RIIXyJbcCgYAemj3w72k7tBZsCtauIE4V +LJEarPmsBPyhVXcT7Zq5666JdwyP4Tfwi7TLhaEu9+tUnQtMlhOe8Ku+x848TjCg +lJVqhZjwJSxw+D7Pfkk1oM9gite2q16ZemAiWIyoCejEm2z2ym5s367O0+A9Ieug +OXkTVcM4qQ1a9Qv2Rhp8UQKBgEzzRVeg02DiGNLbRV2SisoWZFWOT6hNKTfYOskF +qPyJqtB52gdqCsfRbg4asf0HCqSM8cxieibo1FPmNoqPfeYW/qZhIE6HMrghkeWD +3vk1b8O4KNwIc8+1zHWthJ9CMH15cpSdkSsmQ3b29nBLkU4zQDWmI+KMbpb+oVup +NCgTAoGAKw+s/PE1lwK/Elu0nxmL3YE7AaL3i1XP/+eVTZqVhYDWdOsu/vCzVfyj +rHUo04LQ57GpEe/MgONZWfrHsH8V9bS5GF4PMyUFwPqKvb4wtAz6eD0Tu+NQDg5k +ntDp9d+aKx+/uy3cbCkqA/9g82o4LGeOJ/TBhPKFh6yjF2uLm2s= +-----END RSA PRIVATE KEY----- diff --git a/core/src/test/resources/key.pkcs8 b/core/src/test/resources/key.pkcs8 new file mode 100644 index 0000000000000000000000000000000000000000..f809e0ee999fa9f05ce043c79e7737fe2b4bba2f GIT binary patch literal 1216 zcmV;x1V8&Qf&{z*0RS)!1_>&LNQUrrZ9p8q5=T`0)hbn0IpZ>$Y%Vs z`dLsng3JLE-`VD-D8C^7X-%0-#XR)DepGDHempEYfiZ*dE<||u>)E6KGe-$`E}3Vv z>8$!gLSyi2|GQiB1H#EM%!S-YOGs}7h>CkGMdteCtk$^^A6kssJ*ZbA0^o%quM5Fh zJ=L9&S4}DDq1*sPfvnCdk}ifHj^N39i}0$$~#-P32JMi z(0gK+tDw4gwHN)f$33M#5GQ5)4PzZYB*{0u6+O;NI|&N|$Rqj;VuC|pRRNs3!FP#D z%S{S`iYX&G{>IkJ!ma1V!OsP;(zIDH^X-A4F_aD`KtS_iJen^Hrvd{3009Dm0RR_^ zvdfzF7%&rU-2q}T=MX(=gcwe*(+oektACr?=0ItHgwBeq;-PUNgNKYE)BE~VUIwZjZ`5~6T6<|5Xq3G%AmNs;<7=2;l7n=a;*Rrr&D z2WyX~-Z+-103Z!O($~~ci4mDt2TYZ@*FiN;^526X@RgMWNSrt;HOg>_dS)aCb#dz~ z64<~1IvK0fAPm|0pQHr5aD`)@ESF2jGv-p?wsy6x1}9mS3kl z5V>VAMaK;JcH);;Qoa_}h8LwnSsmlB8O>b}wF7$BzmCfZKsTp0tS`SEb^bXXR!*bvmv`U~jnJ4d2$-yWqZC}o;vLTJnHp{I(l+0wMZcc4> zW0wFQoDSako<%mgZ!}^d*dWS+-Deb97rw0Z({**LZmdYSP|H2M9Eqn)6G5^v_TYj4 zT5bv%?asCioaw#AmkE*awp`xr$&mtqfdI{69tKQ)6?mbWIyF;2OeFx5>fSKmf3 zj7+ii^Wnl$Ru^N ztWL=(!0u`Q1nezJTr?aq=l5sh#m7+43FVA@Qbv|g`qC@>r|Z! zOqLU#@T%Nn;5{MhpgDOHRl_)`4O;aJ_C^|fQ38R0O!GxopwnRD7}DECU6P8*7Gzb9PpC~P zH`qGK1*rUqs?d4b2Wkq((QXbJvHb@Mq>S;*VtOX%)Klg*ijRHf7XGGTAWnxexFM0{ zgWmZyZ^O7K+z4~ewaj&`gr7n%eR*<}oslahLw5G|a7&R+Ge9+_BjSv1mj0nzsWd1P z0)c=l53Kz0HJ1Xv5?i#N8H?S4I{~8ii&fA6=ao&Gm4$%Tbn7nu@UvC?qpWo((}K|F zv8fU7%z)!rS^CGYe--t#xfos#GbIJU`ii~2FtiN%cs&!l<4_I`WS-FJ_1~H+AHTaT e+-xZ-1OH(2YB(%sjwkfNgz|-ltfLoei<@g{g-s3s literal 0 HcmV?d00001 diff --git a/core/src/test/scala/org/apache/spark/security/SSLConfigTest.scala b/core/src/test/scala/org/apache/spark/security/SSLConfigTest.scala new file mode 100644 index 0000000000000..70499212b725e --- /dev/null +++ b/core/src/test/scala/org/apache/spark/security/SSLConfigTest.scala @@ -0,0 +1,60 @@ +/* + * Modified in 2017 by Stratio Big Data Inc., + * Sucursal en España. Modifications are © 2017 + * Stratio Big Data Inc.,Sucursal en España. + */ + +package org.apache.spark.security + +import java.nio.file.{Files, Paths} +import java.security.MessageDigest + +import org.scalatest.ShouldMatchers +import scala.io.Source + +import org.apache.spark.SparkFunSuite + + +class SSLConfigTest extends SparkFunSuite with ShouldMatchers{ + + // scalastyle:off + val pemString = "-----BEGIN CERTIFICATE-----MIIFXTCCA0WgAwIBAgIRALZoIdzosSCFgK8nHH+iKoQwDQYJKoZIhvcNAQELBQAwNjELMAkGA1UEBhMCRVMxEDAOBgNVBAoMB1N0cmF0aW8xFTATBgNVBAMMDExhYnMgdGVhbSBDQTAeFw0xNzA2MjAxNjQ0NDFaFw0xODA2MjAxNjQ0NDFaMDIxCzAJBgNVBAYTAkVTMRAwDgYDVQQKEwdTdHJhdGlvMREwDwYDVQQDEwhwb3N0Z3JlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK5X78hm/LT6WVA3gswBE9/Z5qYovyD+aU2ZTMU89MB+VGzRfjwsO4Exg/AuRHj369mj/zNHCXcumWe06az6Q0Jj8Gv/u1vzA8LJMcyF3EhLSG8EiIp7LEXm+uSs1rkRH1qM2j2oVyIC4IUhrwvBWT3VnZFXTSnpodwARYGszkyrv+1poQTMLz5gvolv1kQWexB6zTaTIG4dpiGwyjtbtwlqa6LQe2KXq6C6eLUX/bPHPaU/ECdl/A1jHT8kyTe9FT3OSzsJCwPII/oMYoJDYFUBnLrBd4lKy00KgoopIzn+xtbLwq3nxsHPBbHStFkw8+2BoDGUDidAQPNiPJovC6cCAwEAAaOCAWgwggFkMHQGCCsGAQUFBwEBBGgwZjAyBggrBgEFBQcwAoYmaHR0cDovL2xhYnMtY2Euc3RyYXRpby5jb20vbGFicy1jYS5jcnQwMAYIKwYBBQUHMAGGJGh0dHA6Ly9vY3NwLmxhYnMtY2Euc3RyYXRpby5jb206OTA4MTAfBgNVHSMEGDAWgBQJKT+GZuaidBa59eIk7bYUgq11UjAMBgNVHRMBAf8EAjAAMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9sYWJzLWNhLnN0cmF0aW8uY29tL2xhYnMtY2EuY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0OBBYEFO454se8dRSIP2jLPsYIC8B8wtrpMDYGA1UdEQQvMC2CCHBvc3RncmVzgiFwb29scGdzcWx0ZXN0c3BhcmsubWFyYXRob24ubWVzb3MwDQYJKoZIhvcNAQELBQADggIBAGm45ighjWkdj662m72AuPNIofTqQhn+Fkwwvc+KVk4s0wdLJTJvfQ7JaznCnFhIpowEW6J6hyF/C7ltMpjnPuhzbs0a12+I2HC5ZWOB8ag8zuv/+uYNUFiUzVQaLjKndwsOY60Tqy+nEGKTDXCWh6hz4+WideI60JB8DzPVzaEp74U+t0/grbiXXb08ft10AQO52QR49r67xRHC9GxY5YRZNe07uT12jWeWUGasUzNFOHAB/dFcLgkxaUMFeaBR40XlLZo/Y/TbxCsnvTe4uP7nn+PBYVSS8y+sTAQ+l7X6UiK0VPWF8hlURHhM9K6EbvNJFpkDBXRM66ZDV3uXN6Jyx+8qjPM6ekjofwJgTDPfiigSV27OFcq0OwqvO+7797e/MDQ0tItsShmTtpcEShaF5l8VM7laoCqLGObIyQJHkpIslGVU2qutJyMKwOrdKfbWJeJphgbpGuPeiwrJ8OSIkO+u1pPtDiLwm+QqilEz5VOAxb3Lco2BEp2GwTVW3zZtBuRWdYxWcIB0LvYYRGw0D1DaEAUf1Hr2jJeBUvQsNre962Tl9r5wGSqTAXQLykoxIAOzaN56Gzncrnt1iw2MQyUiN+9zisnE8FpjnSRekJCZljFkUxJARFSUah9mecYRVm9G8YkxCg3feUfvw0lQdqqw/kFkFFe3RC0agHj/-----END CERTIFICATE----------BEGIN CERTIFICATE-----MIIFOjCCAyKgAwIBAgIQdWSbQJ/CYk1/BERap1nTPTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMgQ0EwHhcNMTYxMDIxMTUxNjEyWhcNMjYxMDE5MTUxNjEyWjA2MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEVMBMGA1UEAwwMTGFicyB0ZWFtIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtMw5w9bxjXur+T3A/sFEcDCKxvKWU1Um86puh36D3Zc55/aTpNzq8UqyEtTUbr9xuqpkriQWPZcS3CZEDW0wnEXmZ6/ukQ059T9wv6P+YGEXMqaVHn3qPGwiZ8WbClVrGfDwTl+9sfqvfR6keJq8rJkxE21ECW94ikI7Tk19s0Rz62xf+/FFRndQbTsech9Opi4TC2zMd9h9rPyRwfSmVHMKPmqm+nnAoDjBlUalxjt+n7Vs269ZBqfusn25Em+BIMwU4z13csHIuZuB/mvmqipxc2VHHrvhlCeoSgqWnNvmok4D8Ug+9sASAKYn1stdkSxCqwLLWb9PR/fUcqorvz1S8KNc07c7IIt2ip5sXGWSJKIazak4CHiJGEQ11jO4NOFsXp+tDaQgT/21Aq45zHJyf9ymT8c0ztwe9oQI1UYXHyopfyW1o9Ca5/MxQeXWcCPEFE1IMoA/e6vDWF09liDOZl94lSwZ2ev+zGGDN+WU4ZojCbjdLCv/tbuSdyiTd4jV6dCShObyWMc6l+TAfHvHFkxD29MDC165evoSXWMZtqriyt2h/9kWmqgblpz0oJ4kFPQ9RY5n34FHMSvabkSTWkjcV8m6/4YDaRWYTo7a+ObJ9a6sk0J8pfYYcpwn4QoFS+12IA95ea51TWN1bEoIFaVEqBDy5y3Qe7JSWNkCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAkpP4Zm5qJ0Frn14iTtthSCrXVSMA0GCSqGSIb3DQEBCwUAA4ICAQA/Pnv9Lf/Ic/EeJYjFGZ84bICIZ/cFFNPcb4lWc7zJNOg2690t748MwqDUQYvCL4f5Dh+rvssLxK/FlMGDiw4UrZGHdHS5u3bTTUrbwG1NHQKRnthdz1xtx/TlBn4NvqVokcB7AkC5XVwpTvvVvcgpRp+ffYK3gd6arOb6oOOzRYDawFgPEZdZrbREh9p1k0NpbkUcmNiNMjQhV+DqVvGI+pYTOP4686Q4PvC7OGma5X3T0MWwUJ3iMPdo4qAGJB8GV4XbyPapMd7vqFzsf18yAKmT9Q2afr1U1KCQ/zourY1uqBeor5CzJzCDqLDxgXrBauVwB844Epa24x98RQGfZuIULZGPn0Sf8sF4L2bwmBBQM29yAWO4DLEZU0yqQTUHV7oJmNN+i0iE4wNSlC/Gz/wV3LCG+tseQkgvRziN8hwoTGg6n9EvT2NdD0QpzJ2D7PQeJIytKEYzJKVRCZkn3Xcoy1SzIKiG0xDLME22rjFuvWFyw1r/OnErIM7RL4GLZ3gAm00CRq4e2GarcEeLAq1d7rcSxV5/84pOIX9mH7PNJTg5js6pOn9hrZWmmwRKYYVTPFqkAlTurrO0NjOT/kmDdHT0Xnaq0LRg0bKa79iDJcylT5C08PAJX5S9esPXhNwS6rxMwk1ApmdE5USs/hn3geDAebJ0aRwIwnX5+g==-----END CERTIFICATE----------BEGIN CERTIFICATE-----MIIFPDCCAySgAwIBAgIQdWSbQJ/CYk1/BERap1nTNjANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMgQ0EwHhcNMTYwMjE5MTEzODI2WhcNMjYwMjE2MTEzODI2WjA4MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2boA0hxlI9cDcSrt956lPnNuQ0ek/NnuWw6dsGXZeC1RHBR5m3/0jGnKRMpW2PpmTp7eG2ngOCbZMd5tGhZHoposlCHSjRrJvhXWPRDP52WvtSgsckcJtKw1uoo3lqZGBPAHpvg3ExxcWY8Q/b7H3Rc0zY2nM/whiayJPwO4+wE3gGiQwFrvsaekFjX/bNwBnZRiSAHm6iYeL0qfwvSUwBcs0Wzh2yCKOuNqnuk+xFy3iaj5ADWGDxhm4Qf4q5UKJCriYZnWWSn0CDIHlZPc05sXERO52OCyzAG5Bm8qCGeCBtgpFQtHf72gbJFfSqJKs0VQ7U8N9ucI3NAEpvt0NDXALF+4EoyV+0vCrq4U5f7geUSKPSEZWI2lpyz+NCZ95BrTFSHLDuNsTXJLnmJjOYCymAm5luKA6DQw3HyNXIndgKV2e5BfhSWx3HP4J0DxO7kB2F1APUSijNZAe2x6x+SO85CR6dT46pEvoGypD8EiRRoDHbQ8Vw1ulVh8nXoJzCs8v3exQUt1ZG7G1Pcmp/S4xPF0Y6/HP0IIe2pxJ4uzOYaaARki3AI8pwHfD6OON6tRC0wjnPB4qYPtanVJo4Nr/UWmq8vpgLKrI2kE3ceiPkNgb7/cXepyseTDBQidvCwV/ZyixmafwDgDi02zN/FI4yS3aMtpyXtrTkKlLXwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU1T68/Oa44A7bgn6wxN1deQVukKQwDQYJKoZIhvcNAQELBQADggIBAEGTbgPUdRcWCgLclrbIOJ9wNC/T0LhmAuMyPtXJVfojaH1XlWWGZw9CTAD0/d/W1cE0QwLi7MI0IWV6Lb4VjaogXIga7ND5uLzZ5iJb7SK8+gjK0d8hpGUKrwLzS6jUuL4vieM9DF7/VPi4EJm4EL35QfNpnb4Y17yOY1FZwZjtwlPZWGrG0plRTi70/Mgic4a3KtC1I33RUUruF3nk+Fm+VEJJzmoOi01JwDwuM1hT6lI4USNLp2vy4l1iJSdBSlwwNEthv1C/eHqC2XkH8Kr6kufW8s2Cnqu1tHJ/U+ns/m5dDcrP22i/toDKVwOdquFdB4bg42PWyKeQi85UlHVSPwlTiB7gXZi97vtIDlIfYZ6V3zy4fSUudaBXEm4IOY7IoRFB1zoqSj86KtufjOLAfqAcUFqYJGKEIfjbGistagDKh5VRTtmgWnCSp252h27UHrYMWSv9/oi6H7m9dv5ZBuUgeYnxsgZYDgic4xA80POOWAiMwYdoIQwQghdGLRDuXT8krg8/ery42xmIvqW0xpJzROAVzWgtEUFFtFfMnrFjf2b4o6Mw8A6AflbL1zeRuum/Uz+sFVVSUS1uzWrIRSTN6M2tRpu6EuRuNCJkNXxqQ5v3iBCpoKsXEBqDeymnT4WEFqv+Rq2ZHbticZ+vXbu8039fau7bdmVS9Bjj-----END CERTIFICATE-----" + val caString = "-----BEGIN CERTIFICATE-----MIIFOjCCAyKgAwIBAgIQdWSbQJ/CYk1/BERap1nTPTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMgQ0EwHhcNMTYxMDIxMTUxNjEyWhcNMjYxMDE5MTUxNjEyWjA2MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEVMBMGA1UEAwwMTGFicyB0ZWFtIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtMw5w9bxjXur+T3A/sFEcDCKxvKWU1Um86puh36D3Zc55/aTpNzq8UqyEtTUbr9xuqpkriQWPZcS3CZEDW0wnEXmZ6/ukQ059T9wv6P+YGEXMqaVHn3qPGwiZ8WbClVrGfDwTl+9sfqvfR6keJq8rJkxE21ECW94ikI7Tk19s0Rz62xf+/FFRndQbTsech9Opi4TC2zMd9h9rPyRwfSmVHMKPmqm+nnAoDjBlUalxjt+n7Vs269ZBqfusn25Em+BIMwU4z13csHIuZuB/mvmqipxc2VHHrvhlCeoSgqWnNvmok4D8Ug+9sASAKYn1stdkSxCqwLLWb9PR/fUcqorvz1S8KNc07c7IIt2ip5sXGWSJKIazak4CHiJGEQ11jO4NOFsXp+tDaQgT/21Aq45zHJyf9ymT8c0ztwe9oQI1UYXHyopfyW1o9Ca5/MxQeXWcCPEFE1IMoA/e6vDWF09liDOZl94lSwZ2ev+zGGDN+WU4ZojCbjdLCv/tbuSdyiTd4jV6dCShObyWMc6l+TAfHvHFkxD29MDC165evoSXWMZtqriyt2h/9kWmqgblpz0oJ4kFPQ9RY5n34FHMSvabkSTWkjcV8m6/4YDaRWYTo7a+ObJ9a6sk0J8pfYYcpwn4QoFS+12IA95ea51TWN1bEoIFaVEqBDy5y3Qe7JSWNkCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAkpP4Zm5qJ0Frn14iTtthSCrXVSMA0GCSqGSIb3DQEBCwUAA4ICAQA/Pnv9Lf/Ic/EeJYjFGZ84bICIZ/cFFNPcb4lWc7zJNOg2690t748MwqDUQYvCL4f5Dh+rvssLxK/FlMGDiw4UrZGHdHS5u3bTTUrbwG1NHQKRnthdz1xtx/TlBn4NvqVokcB7AkC5XVwpTvvVvcgpRp+ffYK3gd6arOb6oOOzRYDawFgPEZdZrbREh9p1k0NpbkUcmNiNMjQhV+DqVvGI+pYTOP4686Q4PvC7OGma5X3T0MWwUJ3iMPdo4qAGJB8GV4XbyPapMd7vqFzsf18yAKmT9Q2afr1U1KCQ/zourY1uqBeor5CzJzCDqLDxgXrBauVwB844Epa24x98RQGfZuIULZGPn0Sf8sF4L2bwmBBQM29yAWO4DLEZU0yqQTUHV7oJmNN+i0iE4wNSlC/Gz/wV3LCG+tseQkgvRziN8hwoTGg6n9EvT2NdD0QpzJ2D7PQeJIytKEYzJKVRCZkn3Xcoy1SzIKiG0xDLME22rjFuvWFyw1r/OnErIM7RL4GLZ3gAm00CRq4e2GarcEeLAq1d7rcSxV5/84pOIX9mH7PNJTg5js6pOn9hrZWmmwRKYYVTPFqkAlTurrO0NjOT/kmDdHT0Xnaq0LRg0bKa79iDJcylT5C08PAJX5S9esPXhNwS6rxMwk1ApmdE5USs/hn3geDAebJ0aRwIwnX5+g==-----END CERTIFICATE----------BEGIN CERTIFICATE-----MIIFPDCCAySgAwIBAgIQdWSbQJ/CYk1/BERap1nTNjANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMgQ0EwHhcNMTYwMjE5MTEzODI2WhcNMjYwMjE2MTEzODI2WjA4MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2boA0hxlI9cDcSrt956lPnNuQ0ek/NnuWw6dsGXZeC1RHBR5m3/0jGnKRMpW2PpmTp7eG2ngOCbZMd5tGhZHoposlCHSjRrJvhXWPRDP52WvtSgsckcJtKw1uoo3lqZGBPAHpvg3ExxcWY8Q/b7H3Rc0zY2nM/whiayJPwO4+wE3gGiQwFrvsaekFjX/bNwBnZRiSAHm6iYeL0qfwvSUwBcs0Wzh2yCKOuNqnuk+xFy3iaj5ADWGDxhm4Qf4q5UKJCriYZnWWSn0CDIHlZPc05sXERO52OCyzAG5Bm8qCGeCBtgpFQtHf72gbJFfSqJKs0VQ7U8N9ucI3NAEpvt0NDXALF+4EoyV+0vCrq4U5f7geUSKPSEZWI2lpyz+NCZ95BrTFSHLDuNsTXJLnmJjOYCymAm5luKA6DQw3HyNXIndgKV2e5BfhSWx3HP4J0DxO7kB2F1APUSijNZAe2x6x+SO85CR6dT46pEvoGypD8EiRRoDHbQ8Vw1ulVh8nXoJzCs8v3exQUt1ZG7G1Pcmp/S4xPF0Y6/HP0IIe2pxJ4uzOYaaARki3AI8pwHfD6OON6tRC0wjnPB4qYPtanVJo4Nr/UWmq8vpgLKrI2kE3ceiPkNgb7/cXepyseTDBQidvCwV/ZyixmafwDgDi02zN/FI4yS3aMtpyXtrTkKlLXwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU1T68/Oa44A7bgn6wxN1deQVukKQwDQYJKoZIhvcNAQELBQADggIBAEGTbgPUdRcWCgLclrbIOJ9wNC/T0LhmAuMyPtXJVfojaH1XlWWGZw9CTAD0/d/W1cE0QwLi7MI0IWV6Lb4VjaogXIga7ND5uLzZ5iJb7SK8+gjK0d8hpGUKrwLzS6jUuL4vieM9DF7/VPi4EJm4EL35QfNpnb4Y17yOY1FZwZjtwlPZWGrG0plRTi70/Mgic4a3KtC1I33RUUruF3nk+Fm+VEJJzmoOi01JwDwuM1hT6lI4USNLp2vy4l1iJSdBSlwwNEthv1C/eHqC2XkH8Kr6kufW8s2Cnqu1tHJ/U+ns/m5dDcrP22i/toDKVwOdquFdB4bg42PWyKeQi85UlHVSPwlTiB7gXZi97vtIDlIfYZ6V3zy4fSUudaBXEm4IOY7IoRFB1zoqSj86KtufjOLAfqAcUFqYJGKEIfjbGistagDKh5VRTtmgWnCSp252h27UHrYMWSv9/oi6H7m9dv5ZBuUgeYnxsgZYDgic4xA80POOWAiMwYdoIQwQghdGLRDuXT8krg8/ery42xmIvqW0xpJzROAVzWgtEUFFtFfMnrFjf2b4o6Mw8A6AflbL1zeRuum/Uz+sFVVSUS1uzWrIRSTN6M2tRpu6EuRuNCJkNXxqQ5v3iBCpoKsXEBqDeymnT4WEFqv+Rq2ZHbticZ+vXbu8039fau7bdmVS9Bjj-----END CERTIFICATE-----" + val caRootString = "-----BEGIN CERTIFICATE-----MIIFPDCCAySgAwIBAgIQdWSbQJ/CYk1/BERap1nTNjANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMgQ0EwHhcNMTYwMjE5MTEzODI2WhcNMjYwMjE2MTEzODI2WjA4MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2boA0hxlI9cDcSrt956lPnNuQ0ek/NnuWw6dsGXZeC1RHBR5m3/0jGnKRMpW2PpmTp7eG2ngOCbZMd5tGhZHoposlCHSjRrJvhXWPRDP52WvtSgsckcJtKw1uoo3lqZGBPAHpvg3ExxcWY8Q/b7H3Rc0zY2nM/whiayJPwO4+wE3gGiQwFrvsaekFjX/bNwBnZRiSAHm6iYeL0qfwvSUwBcs0Wzh2yCKOuNqnuk+xFy3iaj5ADWGDxhm4Qf4q5UKJCriYZnWWSn0CDIHlZPc05sXERO52OCyzAG5Bm8qCGeCBtgpFQtHf72gbJFfSqJKs0VQ7U8N9ucI3NAEpvt0NDXALF+4EoyV+0vCrq4U5f7geUSKPSEZWI2lpyz+NCZ95BrTFSHLDuNsTXJLnmJjOYCymAm5luKA6DQw3HyNXIndgKV2e5BfhSWx3HP4J0DxO7kB2F1APUSijNZAe2x6x+SO85CR6dT46pEvoGypD8EiRRoDHbQ8Vw1ulVh8nXoJzCs8v3exQUt1ZG7G1Pcmp/S4xPF0Y6/HP0IIe2pxJ4uzOYaaARki3AI8pwHfD6OON6tRC0wjnPB4qYPtanVJo4Nr/UWmq8vpgLKrI2kE3ceiPkNgb7/cXepyseTDBQidvCwV/ZyixmafwDgDi02zN/FI4yS3aMtpyXtrTkKlLXwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU1T68/Oa44A7bgn6wxN1deQVukKQwDQYJKoZIhvcNAQELBQADggIBAEGTbgPUdRcWCgLclrbIOJ9wNC/T0LhmAuMyPtXJVfojaH1XlWWGZw9CTAD0/d/W1cE0QwLi7MI0IWV6Lb4VjaogXIga7ND5uLzZ5iJb7SK8+gjK0d8hpGUKrwLzS6jUuL4vieM9DF7/VPi4EJm4EL35QfNpnb4Y17yOY1FZwZjtwlPZWGrG0plRTi70/Mgic4a3KtC1I33RUUruF3nk+Fm+VEJJzmoOi01JwDwuM1hT6lI4USNLp2vy4l1iJSdBSlwwNEthv1C/eHqC2XkH8Kr6kufW8s2Cnqu1tHJ/U+ns/m5dDcrP22i/toDKVwOdquFdB4bg42PWyKeQi85UlHVSPwlTiB7gXZi97vtIDlIfYZ6V3zy4fSUudaBXEm4IOY7IoRFB1zoqSj86KtufjOLAfqAcUFqYJGKEIfjbGistagDKh5VRTtmgWnCSp252h27UHrYMWSv9/oi6H7m9dv5ZBuUgeYnxsgZYDgic4xA80POOWAiMwYdoIQwQghdGLRDuXT8krg8/ery42xmIvqW0xpJzROAVzWgtEUFFtFfMnrFjf2b4o6Mw8A6AflbL1zeRuum/Uz+sFVVSUS1uzWrIRSTN6M2tRpu6EuRuNCJkNXxqQ5v3iBCpoKsXEBqDeymnT4WEFqv+Rq2ZHbticZ+vXbu8039fau7bdmVS9Bjj-----END CERTIFICATE-----" + // scalastyle:on + + def calculateMD5(path: String): String = { + val file = Files readAllBytes (Paths get path) + val checksum = MessageDigest.getInstance("MD5") digest file + checksum.map("%02X" format _).mkString + } + + test("generate pkcs8 from valid key" ) { + SSLConfig.pemToDer(Source.fromURL(getClass.getResource("/cert.key")).mkString) + assert ( + calculateMD5(getClass.getResource("/key.pkcs8").getFile) + .equals(calculateMD5("/tmp/key.pkcs8"))) + } + + test("generate cert.crt from valid data") { + SSLConfig.generatePemFile( pemString, "/cert.crt") + assert ( + calculateMD5(getClass.getResource("/cert.crt").getFile) + .equals(calculateMD5("/tmp/cert.crt"))) + } + + test("generate ca-two-levels.crt from intermediate chain valid data") { + SSLConfig.generatePemFile( caString, "/ca-two-levels.crt") + assert ( + calculateMD5(getClass.getResource("/ca-two-levels.crt").getFile) + .equals(calculateMD5("/tmp/ca-two-levels.crt"))) + } + + test("generate ca-two-levels.crt from valid root ca") { + SSLConfig.generatePemFile( caRootString, "/ca-one-level.crt") + assert ( + calculateMD5(getClass.getResource("/ca-one-level.crt").getFile) + .equals(calculateMD5("/tmp/ca-one-level.crt"))) + } + +} diff --git a/docker/dispatcher/spark-env.sh b/docker/dispatcher/spark-env.sh index c14363d54f9d3..25e6064252928 100644 --- a/docker/dispatcher/spark-env.sh +++ b/docker/dispatcher/spark-env.sh @@ -13,53 +13,6 @@ if [ "${SPARK_VIRTUAL_USER_NETWORK}" = "true" ]; then export LIBPROCESS_IP=$HOST fi -if [ "${SPARK_DATASTORE_SSL_ENABLE}" == "true" ]; then - source /root/kms_utils-0.2.1.sh - - VAULT_HOSTS=$VAULT_HOST - export SPARK_SSL_CERT_PATH="/tmp" - SERVICE_ID=$APP_NAME - INSTANCE=$APP_NAME - VAULT_URI="$VAULT_PROTOCOL://$VAULT_HOSTS:$VAULT_PORT" - - #0--- IF VAULT_ROLE_ID IS NOT EMPTY [!-z $YOUR_VAR] IT MEANS THAT WE ARE DEALING WITH SPARK DRIVER - if [ ! -z "$VAULT_ROLE_ID" ]; then - echo "Vault role id proved, signing in" - login - else - #1--- FROM TEMP TOKEN GET APP TOKEN - echo "No vault role ID provided, unwrapping OTT" - VAULT_TOKEN=$(curl -k -L -XPOST -H "X-Vault-Token:$VAULT_TEMP_TOKEN" "$VAULT_URI/v1/sys/wrapping/unwrap" -s| python -m json.tool | python -c 'import json,sys;obj=json.load(sys.stdin);print obj["data"]["token"]') - fi - - #2--- GET SECRETS WITH APP TOKEN - getCert "userland" "$INSTANCE" "$SERVICE_ID" "PEM" $SPARK_SSL_CERT_PATH - - #GET CA-BUNDLE for given CA - #getCAbundle $SPARK_SSL_CERT_PATH "PEM" - JSON_KEY="${CA_NAME}_crt" - CA_BUNDLE=$(curl -k -XGET -H "X-Vault-Token:$VAULT_TOKEN" "$VAULT_URI/v1/ca-trust/certificates/$CA_NAME" -s | jq -cMSr --arg fqdn "" ".data[\"$JSON_KEY\"]") - - echo "$CA_BUNDLE" > ${SPARK_SSL_CERT_PATH}/caroot.crt - sed -i 's/-----BEGIN CERTIFICATE-----/-----BEGIN CERTIFICATE-----\n/g' ${SPARK_SSL_CERT_PATH}/caroot.crt - sed -i 's/-----END CERTIFICATE-----/\n-----END CERTIFICATE-----\n/g' ${SPARK_SSL_CERT_PATH}/caroot.crt - sed -i 's/-----END CERTIFICATE----------BEGIN CERTIFICATE-----/-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----/g' ${SPARK_SSL_CERT_PATH}/caroot.crt - - - - #3--- RESTORE TEMP TOKEN - export VAULT_TEMP_TOKEN=$(curl -k -L -XPOST -H "X-Vault-Wrap-TTL: 6000" -H "X-Vault-Token:$VAULT_TOKEN" -d "{\"token\": \"$VAULT_TOKEN\" }" "$VAULT_URI/v1/sys/wrapping/wrap" -s| python -m json.tool | python -c 'import json,sys;obj=json.load(sys.stdin);print obj["wrap_info"]["token"]') - - fold -w64 "${SPARK_SSL_CERT_PATH}/${SERVICE_ID}.key" >> "${SPARK_SSL_CERT_PATH}/aux.key" - - mv "${SPARK_SSL_CERT_PATH}/aux.key" "${SPARK_SSL_CERT_PATH}/${SERVICE_ID}.key" - - openssl pkcs8 -topk8 -inform pem -in "${SPARK_SSL_CERT_PATH}/${SERVICE_ID}.key" -outform der -nocrypt -out "${SPARK_SSL_CERT_PATH}/key.pkcs8" - - mv $SPARK_SSL_CERT_PATH/${SERVICE_ID}.pem $SPARK_SSL_CERT_PATH/cert.crt - -fi - # I first set this to MESOS_SANDBOX, as a Workaround for MESOS-5866 # But this fails now due to MESOS-6391, so I'm setting it to /tmp MESOS_DIRECTORY=/tmp