From c8de351bb56c4fd26a06456caf347f96642ede09 Mon Sep 17 00:00:00 2001 From: Saravanan Raju Date: Tue, 15 Oct 2019 17:18:00 +0530 Subject: [PATCH 1/3] ISSUE 608 : Support server auth only SSL in schema registry client. --- .../client/SchemaRegistryClient.java | 44 +++-- .../avro/AvroSchemaRegistryClientTest.java | 4 +- .../avro/ConfluentProtocolCompatibleTest.java | 4 +- ...nfluentRegistryCompatibleResourceTest.java | 2 +- .../conf/SchemaRegistryTestConfiguration.java | 12 +- .../conf/SchemaRegistryTestProfileType.java | 3 +- ...y-test-ha.yaml => schema-registry-ha.yaml} | 0 ...egistry-test.yaml => schema-registry.yaml} | 0 ...st-ha.yaml => ssl-schema-registry-ha.yaml} | 0 ...try-test.yaml => ssl-schema-registry.yaml} | 0 ...th-server-auth-schema-registry-client.yaml | 27 +++ .../ssl-with-server-auth-schema-registry.yaml | 157 ++++++++++++++++++ 12 files changed, 228 insertions(+), 25 deletions(-) rename schema-registry/rest-service/src/test/resources/{schema-registry-test-ha.yaml => schema-registry-ha.yaml} (100%) rename schema-registry/rest-service/src/test/resources/{schema-registry-test.yaml => schema-registry.yaml} (100%) rename schema-registry/rest-service/src/test/resources/{ssl-schema-registry-test-ha.yaml => ssl-schema-registry-ha.yaml} (100%) rename schema-registry/rest-service/src/test/resources/{ssl-schema-registry-test.yaml => ssl-schema-registry.yaml} (100%) create mode 100644 schema-registry/rest-service/src/test/resources/ssl-with-server-auth-schema-registry-client.yaml create mode 100644 schema-registry/rest-service/src/test/resources/ssl-with-server-auth-schema-registry.yaml diff --git a/schema-registry/client/src/main/java/com/hortonworks/registries/schemaregistry/client/SchemaRegistryClient.java b/schema-registry/client/src/main/java/com/hortonworks/registries/schemaregistry/client/SchemaRegistryClient.java index 4c1eb19e5..51dc15d98 100644 --- a/schema-registry/client/src/main/java/com/hortonworks/registries/schemaregistry/client/SchemaRegistryClient.java +++ b/schema-registry/client/src/main/java/com/hortonworks/registries/schemaregistry/client/SchemaRegistryClient.java @@ -160,6 +160,10 @@ public class SchemaRegistryClient implements ISchemaRegistryClient { private static Login login; private static final long KERBEROS_SYNCHRONIZATION_TIMEOUT_MS = 180000; + private static final String SSL_KEY_PASSWORD = "keyPassword"; + private static final String SSL_KEY_STORE_PATH = "keyStorePath"; + private static final String SSL_TRUST_STORE_PATH = "trustStorePath"; + static { String jaasConfigFile = System.getProperty("java.security.auth.login.config"); if (jaasConfigFile != null && !jaasConfigFile.trim().isEmpty()) { @@ -273,22 +277,30 @@ public SchemaVersionInfo retrieveSchemaVersion(SchemaIdVersion key) throws Schem protected SSLContext createSSLContext(Map sslConfigurations) { SslConfigurator sslConfigurator = SslConfigurator.newInstance(); - String keyPassword = "keyPassword"; - sslConfigurator.keyStoreType(sslConfigurations.get("keyStoreType")) - .keyStoreFile(sslConfigurations.get("keyStorePath")) - .keyStorePassword(sslConfigurations.get("keyStorePassword")) - .trustStoreType(sslConfigurations.get("trustStoreType")) - .trustStoreFile(sslConfigurations.get("trustStorePath")) - .trustStorePassword(sslConfigurations.get("trustStorePassword")) - .keyStoreProvider(sslConfigurations.get("keyStoreProvider")) - .trustStoreProvider(sslConfigurations.get("trustStoreProvider")) - .keyManagerFactoryAlgorithm(sslConfigurations.get("keyManagerFactoryAlgorithm")) - .keyManagerFactoryProvider(sslConfigurations.get("keyManagerFactoryProvider")) - .trustManagerFactoryAlgorithm(sslConfigurations.get("trustManagerFactoryAlgorithm")) - .trustManagerFactoryProvider(sslConfigurations.get("trustManagerFactoryProvider")) - .securityProtocol(sslConfigurations.get("protocol")); - if (sslConfigurations.containsKey(keyPassword)) - sslConfigurator.keyPassword(sslConfigurations.get(keyPassword)); + if (sslConfigurations.containsKey(SSL_KEY_STORE_PATH)) { + sslConfigurator.keyStoreType(sslConfigurations.get("keyStoreType")) + .keyStoreFile(sslConfigurations.get(SSL_KEY_STORE_PATH)) + .keyStorePassword(sslConfigurations.get("keyStorePassword")) + .keyStoreProvider(sslConfigurations.get("keyStoreProvider")) + .keyManagerFactoryAlgorithm(sslConfigurations.get("keyManagerFactoryAlgorithm")) + .keyManagerFactoryProvider(sslConfigurations.get("keyManagerFactoryProvider")); + } + + if (sslConfigurations.containsKey(SSL_TRUST_STORE_PATH)) { + sslConfigurator.trustStoreType(sslConfigurations.get("trustStoreType")) + .trustStoreFile(sslConfigurations.get("trustStorePath")) + .trustStorePassword(sslConfigurations.get("trustStorePassword")) + .trustStoreProvider(sslConfigurations.get("trustStoreProvider")) + .trustManagerFactoryAlgorithm(sslConfigurations.get("trustManagerFactoryAlgorithm")) + .trustManagerFactoryProvider(sslConfigurations.get("trustManagerFactoryProvider")); + } + + sslConfigurator.securityProtocol(sslConfigurations.get("protocol")); + + if (sslConfigurations.containsKey(SSL_KEY_PASSWORD)) { + sslConfigurator.keyPassword(sslConfigurations.get(SSL_KEY_PASSWORD)); + } + return sslConfigurator.createSSLContext(); } diff --git a/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/AvroSchemaRegistryClientTest.java b/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/AvroSchemaRegistryClientTest.java index eb05c722d..f55f9aaa7 100644 --- a/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/AvroSchemaRegistryClientTest.java +++ b/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/AvroSchemaRegistryClientTest.java @@ -96,7 +96,9 @@ public class AvroSchemaRegistryClientTest { @CustomParameterizedRunner.Parameters public static Iterable profiles() { - return Arrays.asList(SchemaRegistryTestProfileType.DEFAULT, SchemaRegistryTestProfileType.SSL); + return Arrays.asList(SchemaRegistryTestProfileType.DEFAULT, + SchemaRegistryTestProfileType.SSL, + SchemaRegistryTestProfileType.SSL_WITH_SERVER_AUTH); } @CustomParameterizedRunner.BeforeParam diff --git a/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/ConfluentProtocolCompatibleTest.java b/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/ConfluentProtocolCompatibleTest.java index 1620a96a0..fdd606333 100644 --- a/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/ConfluentProtocolCompatibleTest.java +++ b/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/ConfluentProtocolCompatibleTest.java @@ -51,7 +51,7 @@ public class ConfluentProtocolCompatibleTest { @Test public void testConfluentProduceRegistryConsume() throws Exception { - String configPath = new File(Resources.getResource("schema-registry-test.yaml").toURI()).getAbsolutePath(); + String configPath = new File(Resources.getResource("schema-registry.yaml").toURI()).getAbsolutePath(); LocalSchemaRegistryServer localSchemaRegistryServer = new LocalSchemaRegistryServer(configPath); try { localSchemaRegistryServer.start(); @@ -99,7 +99,7 @@ public void testConfluentProduceRegistryConsume() throws Exception { @Test public void testRegistryProduceConfluentConsume() throws Exception { - String configPath = new File(Resources.getResource("schema-registry-test.yaml").toURI()).getAbsolutePath(); + String configPath = new File(Resources.getResource("schema-registry.yaml").toURI()).getAbsolutePath(); LocalSchemaRegistryServer localSchemaRegistryServer = new LocalSchemaRegistryServer(configPath); try { localSchemaRegistryServer.start(); diff --git a/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/ConfluentRegistryCompatibleResourceTest.java b/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/ConfluentRegistryCompatibleResourceTest.java index 7fe5e2f3f..722466d94 100644 --- a/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/ConfluentRegistryCompatibleResourceTest.java +++ b/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/ConfluentRegistryCompatibleResourceTest.java @@ -81,7 +81,7 @@ public class ConfluentRegistryCompatibleResourceTest { @Before public void setup() throws Exception { - String configPath = new File(Resources.getResource("schema-registry-test.yaml").toURI()).getAbsolutePath(); + String configPath = new File(Resources.getResource("schema-registry.yaml").toURI()).getAbsolutePath(); localSchemaRegistryServer = new LocalSchemaRegistryServer(configPath); localSchemaRegistryServer.start(); String rootUrl = String.format("http://localhost:%d/api/v1/confluent", localSchemaRegistryServer.getLocalPort()); diff --git a/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/conf/SchemaRegistryTestConfiguration.java b/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/conf/SchemaRegistryTestConfiguration.java index 8b04c5eb9..6825e67f2 100644 --- a/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/conf/SchemaRegistryTestConfiguration.java +++ b/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/conf/SchemaRegistryTestConfiguration.java @@ -35,21 +35,25 @@ public static SchemaRegistryTestConfiguration forProfileType(SchemaRegistryTestP String clientYAMLFileName; switch (testProfileType) { case DEFAULT: - serverYAMLFileName = "schema-registry-test.yaml"; + serverYAMLFileName = "schema-registry.yaml"; clientYAMLFileName = "schema-registry-client.yaml"; break; case SSL: - serverYAMLFileName = "ssl-schema-registry-test.yaml"; + serverYAMLFileName = "ssl-schema-registry.yaml"; clientYAMLFileName = "ssl-schema-registry-client.yaml"; break; case DEFAULT_HA: - serverYAMLFileName = "schema-registry-test-ha.yaml"; + serverYAMLFileName = "schema-registry-ha.yaml"; clientYAMLFileName = null; break; case SSL_HA: - serverYAMLFileName = "ssl-schema-registry-test-ha.yaml"; + serverYAMLFileName = "ssl-schema-registry-ha.yaml"; clientYAMLFileName = "ssl-schema-registry-client.yaml"; break; + case SSL_WITH_SERVER_AUTH: + serverYAMLFileName = "ssl-with-server-auth-schema-registry.yaml"; + clientYAMLFileName = "ssl-with-server-auth-schema-registry-client.yaml"; + break; default: throw new IllegalArgumentException("Unrecognized SchemaRegistryTestProfileType : " + testProfileType); } diff --git a/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/conf/SchemaRegistryTestProfileType.java b/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/conf/SchemaRegistryTestProfileType.java index 06fb55e27..a5a30d528 100644 --- a/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/conf/SchemaRegistryTestProfileType.java +++ b/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/conf/SchemaRegistryTestProfileType.java @@ -20,5 +20,6 @@ public enum SchemaRegistryTestProfileType { DEFAULT, SSL, DEFAULT_HA, - SSL_HA; + SSL_HA, + SSL_WITH_SERVER_AUTH; } diff --git a/schema-registry/rest-service/src/test/resources/schema-registry-test-ha.yaml b/schema-registry/rest-service/src/test/resources/schema-registry-ha.yaml similarity index 100% rename from schema-registry/rest-service/src/test/resources/schema-registry-test-ha.yaml rename to schema-registry/rest-service/src/test/resources/schema-registry-ha.yaml diff --git a/schema-registry/rest-service/src/test/resources/schema-registry-test.yaml b/schema-registry/rest-service/src/test/resources/schema-registry.yaml similarity index 100% rename from schema-registry/rest-service/src/test/resources/schema-registry-test.yaml rename to schema-registry/rest-service/src/test/resources/schema-registry.yaml diff --git a/schema-registry/rest-service/src/test/resources/ssl-schema-registry-test-ha.yaml b/schema-registry/rest-service/src/test/resources/ssl-schema-registry-ha.yaml similarity index 100% rename from schema-registry/rest-service/src/test/resources/ssl-schema-registry-test-ha.yaml rename to schema-registry/rest-service/src/test/resources/ssl-schema-registry-ha.yaml diff --git a/schema-registry/rest-service/src/test/resources/ssl-schema-registry-test.yaml b/schema-registry/rest-service/src/test/resources/ssl-schema-registry.yaml similarity index 100% rename from schema-registry/rest-service/src/test/resources/ssl-schema-registry-test.yaml rename to schema-registry/rest-service/src/test/resources/ssl-schema-registry.yaml diff --git a/schema-registry/rest-service/src/test/resources/ssl-with-server-auth-schema-registry-client.yaml b/schema-registry/rest-service/src/test/resources/ssl-with-server-auth-schema-registry-client.yaml new file mode 100644 index 000000000..814b66517 --- /dev/null +++ b/schema-registry/rest-service/src/test/resources/ssl-with-server-auth-schema-registry-client.yaml @@ -0,0 +1,27 @@ +schema.registry.url : "__registry_url" +schema.registry.client.local.jars.path : "/tmp/schema-registry/local-jars" +schema.registry.client.class.loader.cache.size : 1024 +schema.registry.client.class.loader.cache.expiry.interval : 3600 +schema.registry.client.schema.version.cache.size : 1024 +schema.registry.client.schema.version.cache.expiry.interval : 300 +schema.registry.client.schema.metadata.cache.expiry.interval : 300 +schema.registry.client.schema.text.cache.size : 1024 +schema.registry.client.schema.text.cache.expiry.interval : 300 +schema.registry.client.url.selector : "com.hortonworks.registries.schemaregistry.client.FailoverUrlSelector" + +schema.registry.client.ssl: + protocol: SSL + hostnameVerifierClass: com.hortonworks.registries.schemaregistry.avro.util.AcceptAllHostnameVerifier + # keyStoreType: JKS + # keyStorePath: ./src/test/resources/jks/client.jks + # keyStorePassword: clientpwd + # keyPassword: + # keyStoreProvider: + # keyManagerFactoryProvider: + # keyManagerFactoryAlgorithm: + trustStoreType: JKS + trustStorePath: ./src/test/resources/jks/client.jks + trustStorePassword: clientpwd +# trustStoreProvider: +# trustManagerFactoryProvider: +# trustManagerFactoryAlgorithm: \ No newline at end of file diff --git a/schema-registry/rest-service/src/test/resources/ssl-with-server-auth-schema-registry.yaml b/schema-registry/rest-service/src/test/resources/ssl-with-server-auth-schema-registry.yaml new file mode 100644 index 000000000..08de86ea2 --- /dev/null +++ b/schema-registry/rest-service/src/test/resources/ssl-with-server-auth-schema-registry.yaml @@ -0,0 +1,157 @@ +# registries configuration +modules: + # - name: tag-registry + # className: com.hortonworks.iotas.registries.tag.service.TagRegistryModule + - name: schema-registry + className: com.hortonworks.registries.schemaregistry.webservice.SchemaRegistryModule + config: + schemaProviders: + - providerClass: "com.hortonworks.registries.schemaregistry.avro.AvroSchemaProvider" + defaultSerializerClass: "com.hortonworks.registries.schemaregistry.serdes.avro.AvroSnapshotSerializer" + defaultDeserializerClass: "com.hortonworks.registries.schemaregistry.serdes.avro.AvroSnapshotDeserializer" + # schema cache properties + # inmemory schema versions cache size + schemaCacheSize: 10000 + # inmemory schema version cache entry expiry interval after access + schemaCacheExpiryInterval: 3600 + + +servletFilters: + # - className: "com.hortonworks.registries.auth.server.AuthenticationFilter" + # params: + # type: "kerberos" + # kerberos.principal: "HTTP/streamline-ui-host.com" + # kerberos.keytab: "/vagrant/keytabs/http.keytab" + # kerberos.name.rules: "RULE:[2:$1@$0]([jt]t@.*EXAMPLE.COM)s/.*/$MAPRED_USER/ RULE:[2:$1@$0]([nd]n@.*EXAMPLE.COM)s/.*/$HDFS_USER/DEFAULT" + - className: "com.hortonworks.registries.schemaregistry.webservice.RewriteUriFilter" + params: + # value format is [,,*|]* + # below /subjects and /schemas/ids are forwarded to /api/v1/confluent + forwardPaths: "/api/v1/confluent,/subjects/*,/schemas/ids/*" + redirectPaths: "/ui/,/" + +# HA configuration +#haConfig: +# className: com.hortonworks.registries.ha.zk.ZKLeadershipParticipant +# config: +# # This url is a list of ZK servers separated by , +# connect.url: "localhost:2181" +# # root node prefix in ZK for this instance +# root: "/registry" +# session.timeout.ms: 30000 +# connection.timeout.ms: 20000 +# retry.limit: 5 +# retry.base.sleep.time.ms: 1000 +# retry.max.sleep.time.ms: 5000 + +fileStorageConfiguration: + className: "com.hortonworks.registries.common.util.LocalFileSystemStorage" + properties: + directory: "/tmp/storage" + +# storage provider configuration +# providerClass can be inmemory and jdbc. +# +# Example configuration for inmemory is: +#storageProviderConfiguration: +# providerClass: "com.hortonworks.registries.storage.impl.memory.InMemoryStorageManager" +# +# Example configuration for phoenix based JDBC driver +#storageProviderConfiguration: +# providerClass: "com.hortonworks.registries.storage.impl.jdbc.JdbcStorageManager" +# properties: +# db.type: "phoenix" +# queryTimeoutInSecs: 30 +# db.properties: +# jdbcDriverClass: "com.hortonworks.phoenix.jdbc.PhoenixDriver" +# jdbcUrl: "jdbc:phoenix:localhost:2181" +# +# MySQL based jdbc provider configuration is: +#storageProviderConfiguration: +# providerClass: "com.hortonworks.registries.storage.impl.jdbc.JdbcStorageManager" +# properties: +# db.type: "mysql" +# queryTimeoutInSecs: 30 +# db.properties: +# dataSourceClassName: "com.mysql.cj.jdbc.MysqlDataSource" +# dataSource.url: "jdbc:mysql://localhost:3307/test" + +storageProviderConfiguration: + providerClass: "com.hortonworks.registries.storage.impl.memory.InMemoryStorageManager" + +#enable CORS, may want to disable in production +enableCors: true + +## swagger configuration +swagger: + resourcePackage: com.hortonworks.registries.schemaregistry.webservice + +# use the simple server factory if you only want to run on a single port +#server: +# type: simple +# connector: +# type: http +# port: 8080 + +server: + applicationConnectors: + - type: https + port: 0 + keyStorePath: ./src/test/resources/jks/server.jks + keyStorePassword: serverpwd + trustStorePath: ./src/test/resources/jks/client.jks + trustStorePassword: clientpwd + needClientAuth: false + validateCerts: false + validatePeers: false + adminConnectors: + - type: https + port: 0 + keyStorePath: ./src/test/resources/jks/server.jks + keyStorePassword: serverpwd + trustStorePath: ./src/test/resources/jks/client.jks + trustStorePassword: clientpwd + needClientAuth: false + validateCerts: false + validatePeers: false + +# Logging settings. +logging: + + # The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL. + level: INFO + + # Logger-specific levels. + loggers: + + # Sets the level for 'com.example.app' to DEBUG. + com.hortonworks.registries: DEBUG + + + appenders: + - type: console +# - type: file +# threshold: DEBUG +# logFormat: "%-6level [%d{HH:mm:ss.SSS}] [%t] %logger{5} - %X{code} %msg %n" +# currentLogFilename: /tmp/application.log +# archivedLogFilenamePattern: /tmp/application-%d{yyyy-MM-dd}-%i.log.gz +# archivedFileCount: 7 +# timeZone: UTC +# maxFileSize: 10MB + +#jerseyClient: +# minThreads: 1 +# maxThreads: 16 +# workQueueSize: 1000 +# gzipEnabled: true +# gzipEnabledForRequests: true +# chunkedEncodingEnabled: true +# timeout: 1000ms +# connectionTimeout: 1000ms +# timeToLive: 1h +# cookiesEnabled: false +# maxConnections: 10 +# maxConnectionsPerRoute: 1024 +# keepAlive: 0ms +# retries: 10 +# userAgent: Storm-Client From 6858f207619c64b9302be956be597b9c64a5d570 Mon Sep 17 00:00:00 2001 From: Saravanan Raju Date: Fri, 18 Oct 2019 12:28:28 +0530 Subject: [PATCH 2/3] Minor refactoring in Schema Registry Client --- .../schemaregistry/client/SchemaRegistryClient.java | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/schema-registry/client/src/main/java/com/hortonworks/registries/schemaregistry/client/SchemaRegistryClient.java b/schema-registry/client/src/main/java/com/hortonworks/registries/schemaregistry/client/SchemaRegistryClient.java index 51dc15d98..7d0612091 100644 --- a/schema-registry/client/src/main/java/com/hortonworks/registries/schemaregistry/client/SchemaRegistryClient.java +++ b/schema-registry/client/src/main/java/com/hortonworks/registries/schemaregistry/client/SchemaRegistryClient.java @@ -284,11 +284,14 @@ protected SSLContext createSSLContext(Map sslConfigurations) { .keyStoreProvider(sslConfigurations.get("keyStoreProvider")) .keyManagerFactoryAlgorithm(sslConfigurations.get("keyManagerFactoryAlgorithm")) .keyManagerFactoryProvider(sslConfigurations.get("keyManagerFactoryProvider")); + if (sslConfigurations.containsKey(SSL_KEY_PASSWORD)) { + sslConfigurator.keyPassword(sslConfigurations.get(SSL_KEY_PASSWORD)); + } } if (sslConfigurations.containsKey(SSL_TRUST_STORE_PATH)) { sslConfigurator.trustStoreType(sslConfigurations.get("trustStoreType")) - .trustStoreFile(sslConfigurations.get("trustStorePath")) + .trustStoreFile(sslConfigurations.get(SSL_TRUST_STORE_PATH)) .trustStorePassword(sslConfigurations.get("trustStorePassword")) .trustStoreProvider(sslConfigurations.get("trustStoreProvider")) .trustManagerFactoryAlgorithm(sslConfigurations.get("trustManagerFactoryAlgorithm")) @@ -297,10 +300,6 @@ protected SSLContext createSSLContext(Map sslConfigurations) { sslConfigurator.securityProtocol(sslConfigurations.get("protocol")); - if (sslConfigurations.containsKey(SSL_KEY_PASSWORD)) { - sslConfigurator.keyPassword(sslConfigurations.get(SSL_KEY_PASSWORD)); - } - return sslConfigurator.createSSLContext(); } From 5a60dd840041b09367b3544083e520620e8f34ea Mon Sep 17 00:00:00 2001 From: Saravanan Raju Date: Fri, 18 Oct 2019 16:41:59 +0530 Subject: [PATCH 3/3] Make trust store mandatory in schema registry client --- .../client/SchemaRegistryClient.java | 16 +++++++--------- .../avro/AvroSchemaRegistryClientTest.java | 2 +- .../conf/SchemaRegistryTestConfiguration.java | 6 +++--- .../avro/conf/SchemaRegistryTestProfileType.java | 2 +- ...l => one-way-ssl-schema-registry-client.yaml} | 0 ...try.yaml => one-way-ssl-schema-registry.yaml} | 0 6 files changed, 12 insertions(+), 14 deletions(-) rename schema-registry/rest-service/src/test/resources/{ssl-with-server-auth-schema-registry-client.yaml => one-way-ssl-schema-registry-client.yaml} (100%) rename schema-registry/rest-service/src/test/resources/{ssl-with-server-auth-schema-registry.yaml => one-way-ssl-schema-registry.yaml} (100%) diff --git a/schema-registry/client/src/main/java/com/hortonworks/registries/schemaregistry/client/SchemaRegistryClient.java b/schema-registry/client/src/main/java/com/hortonworks/registries/schemaregistry/client/SchemaRegistryClient.java index 7d0612091..10df51aee 100644 --- a/schema-registry/client/src/main/java/com/hortonworks/registries/schemaregistry/client/SchemaRegistryClient.java +++ b/schema-registry/client/src/main/java/com/hortonworks/registries/schemaregistry/client/SchemaRegistryClient.java @@ -162,7 +162,6 @@ public class SchemaRegistryClient implements ISchemaRegistryClient { private static final String SSL_KEY_PASSWORD = "keyPassword"; private static final String SSL_KEY_STORE_PATH = "keyStorePath"; - private static final String SSL_TRUST_STORE_PATH = "trustStorePath"; static { String jaasConfigFile = System.getProperty("java.security.auth.login.config"); @@ -289,14 +288,13 @@ protected SSLContext createSSLContext(Map sslConfigurations) { } } - if (sslConfigurations.containsKey(SSL_TRUST_STORE_PATH)) { - sslConfigurator.trustStoreType(sslConfigurations.get("trustStoreType")) - .trustStoreFile(sslConfigurations.get(SSL_TRUST_STORE_PATH)) - .trustStorePassword(sslConfigurations.get("trustStorePassword")) - .trustStoreProvider(sslConfigurations.get("trustStoreProvider")) - .trustManagerFactoryAlgorithm(sslConfigurations.get("trustManagerFactoryAlgorithm")) - .trustManagerFactoryProvider(sslConfigurations.get("trustManagerFactoryProvider")); - } + + sslConfigurator.trustStoreType(sslConfigurations.get("trustStoreType")) + .trustStoreFile(sslConfigurations.get("trustStorePath")) + .trustStorePassword(sslConfigurations.get("trustStorePassword")) + .trustStoreProvider(sslConfigurations.get("trustStoreProvider")) + .trustManagerFactoryAlgorithm(sslConfigurations.get("trustManagerFactoryAlgorithm")) + .trustManagerFactoryProvider(sslConfigurations.get("trustManagerFactoryProvider")); sslConfigurator.securityProtocol(sslConfigurations.get("protocol")); diff --git a/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/AvroSchemaRegistryClientTest.java b/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/AvroSchemaRegistryClientTest.java index f55f9aaa7..c2f47f796 100644 --- a/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/AvroSchemaRegistryClientTest.java +++ b/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/AvroSchemaRegistryClientTest.java @@ -98,7 +98,7 @@ public class AvroSchemaRegistryClientTest { public static Iterable profiles() { return Arrays.asList(SchemaRegistryTestProfileType.DEFAULT, SchemaRegistryTestProfileType.SSL, - SchemaRegistryTestProfileType.SSL_WITH_SERVER_AUTH); + SchemaRegistryTestProfileType.ONE_WAY_SSL); } @CustomParameterizedRunner.BeforeParam diff --git a/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/conf/SchemaRegistryTestConfiguration.java b/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/conf/SchemaRegistryTestConfiguration.java index 6825e67f2..85201d153 100644 --- a/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/conf/SchemaRegistryTestConfiguration.java +++ b/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/conf/SchemaRegistryTestConfiguration.java @@ -50,9 +50,9 @@ public static SchemaRegistryTestConfiguration forProfileType(SchemaRegistryTestP serverYAMLFileName = "ssl-schema-registry-ha.yaml"; clientYAMLFileName = "ssl-schema-registry-client.yaml"; break; - case SSL_WITH_SERVER_AUTH: - serverYAMLFileName = "ssl-with-server-auth-schema-registry.yaml"; - clientYAMLFileName = "ssl-with-server-auth-schema-registry-client.yaml"; + case ONE_WAY_SSL: + serverYAMLFileName = "one-way-ssl-schema-registry.yaml"; + clientYAMLFileName = "one-way-ssl-schema-registry-client.yaml"; break; default: throw new IllegalArgumentException("Unrecognized SchemaRegistryTestProfileType : " + testProfileType); diff --git a/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/conf/SchemaRegistryTestProfileType.java b/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/conf/SchemaRegistryTestProfileType.java index a5a30d528..b3e1885d9 100644 --- a/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/conf/SchemaRegistryTestProfileType.java +++ b/schema-registry/rest-service/src/test/java/com/hortonworks/registries/schemaregistry/avro/conf/SchemaRegistryTestProfileType.java @@ -21,5 +21,5 @@ public enum SchemaRegistryTestProfileType { SSL, DEFAULT_HA, SSL_HA, - SSL_WITH_SERVER_AUTH; + ONE_WAY_SSL; } diff --git a/schema-registry/rest-service/src/test/resources/ssl-with-server-auth-schema-registry-client.yaml b/schema-registry/rest-service/src/test/resources/one-way-ssl-schema-registry-client.yaml similarity index 100% rename from schema-registry/rest-service/src/test/resources/ssl-with-server-auth-schema-registry-client.yaml rename to schema-registry/rest-service/src/test/resources/one-way-ssl-schema-registry-client.yaml diff --git a/schema-registry/rest-service/src/test/resources/ssl-with-server-auth-schema-registry.yaml b/schema-registry/rest-service/src/test/resources/one-way-ssl-schema-registry.yaml similarity index 100% rename from schema-registry/rest-service/src/test/resources/ssl-with-server-auth-schema-registry.yaml rename to schema-registry/rest-service/src/test/resources/one-way-ssl-schema-registry.yaml