Inicio Explorar Axuda
Iniciar sesión
RONCC
/
Big-Data-HPC-Platform
Seguir 1
Destacar 0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

HPCC-19014 Implement common method to query shared HPCC key filespecs

Create new environment.conf keywords to specify general purpose PKI keyfiles.
Create a common, shared JLIB method to retrieve these settings, and deprecate
the legacy DFU specific one.

Signed-off-by: Russ Whitehead <william.whitehead@lexisnexis.com>
Russ Whitehead %!s(int64=7) %!d(string=hai) anos
pai
a4345ec5df
achega
e232fb9190
Modificáronse 3 ficheiros con 62 adicións e 14 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 7 4
      initfiles/etc/DIR_NAME/environment.conf.in
  2. 50 10
      system/jlib/jutil.cpp
  3. 5 0
      system/jlib/jutil.hpp

+ 7 - 4
initfiles/etc/DIR_NAME/environment.conf.in
Ver ficheiro 

@@ -29,11 +29,14 @@ mpEnd=7500
 
 mpSoMaxConn=128
 
 mpTraceLevel=0
 
 # enable SSL for dafilesrv remote file access (SSLNone/false | SSLOnly/true | SSLFirst | UnsecureFirst)
 
+# Enabling requires setting the HPCCPassPhrase, HPCCCertFile, and HPCCPrivateKeyFile values
 
 #dfsUseSSL=SSLNone
 
-# note: if passphrase specified it must be encrypted
 
-#dfsSSLPassPhrase=
 
-#dfsSSLCertFile=/certfilepath/certfile
 
-#dfsSSLPrivateKeyFile=/keyfilepath/keyfile
 
+
 
+#Specify location of HPCC PKI public/private key files
 
+# note: if HPCCPassPhrase specified it must be encrypted
 
+#HPCCPassPhrase=
 
+#HPCCCertFile=/home/hpcc/.ssh/id_rsa.pub
 
+#HPCCPrivateKeyFile=/home/hpcc/.ssh/id_rsa
 
 
 jvmoptions=-XX:-UsePerfData
 
 #Options to enable remote debugging of Java service or application

+ 50 - 10
system/jlib/jutil.cpp
Ver ficheiro 

@@ -2403,9 +2403,12 @@ jlib_decl const IProperties &queryEnvironmentConf()
 
 
 static CriticalSection securitySettingsCrit;
 
 static DAFSConnectCfg connectMethod = SSLNone;
 
-static StringAttr certificate;
 
-static StringAttr privateKey;
 
-static StringAttr passPhrase;
 
+static StringAttr DAFScertificate;//deprecated
 
+static StringAttr DAFSprivateKey;//deprecated
 
+static StringAttr DAFSpassPhrase;//deprecated
 
+static StringAttr HPCCcertificate;
 
+static StringAttr HPCCprivateKey;
 
+static StringAttr HPCCpassPhrase;
 
 static bool retrieved = false;
 
 jlib_decl bool querySecuritySettings(DAFSConnectCfg *_connectMethod,
 
                                      unsigned short *_port,
 
@@ -2422,7 +2425,7 @@ jlib_decl bool querySecuritySettings(DAFSConnectCfg *_connectMethod,
 
             {
 
                 StringBuffer configFileSpec;
 
 #ifndef _WIN32
 
-                configFileSpec.set(CONFIG_DIR).append(PATHSEPSTR).append("environment.conf");
 
+                configFileSpec.set(CONFIG_DIR).append(PATHSEPSTR).append(ENV_CONF_FILE);
 
 #endif
 
                 Owned<IProperties> conf = createProperties(configFileSpec.str(), true);
 
                 StringAttr sslMethod;
 
@@ -2441,16 +2444,34 @@ jlib_decl bool querySecuritySettings(DAFSConnectCfg *_connectMethod,
 
                 }
 
                 if (connectMethod == SSLOnly || connectMethod == SSLFirst || connectMethod == UnsecureFirst)
 
                 {
 
-                    certificate.set(conf->queryProp("dfsSSLCertFile"));
 
-                    privateKey.set(conf->queryProp("dfsSSLPrivateKeyFile"));
 
+                    DAFScertificate.set(conf->queryProp("dfsSSLCertFile"));
 
+                    DAFSprivateKey.set(conf->queryProp("dfsSSLPrivateKeyFile"));
 
                     const char *passPhrasePtr = conf->queryProp("dfsSSLPassPhrase");
 
                     if (!isEmptyString(passPhrasePtr))
 
                     {
 
                         StringBuffer passPhraseStr;
 
                         decrypt(passPhraseStr, passPhrasePtr);
 
-                        passPhrase.set(passPhraseStr.str());
 
+                        DAFSpassPhrase.set(passPhraseStr.str());
 
                     }
 
                 }
 
+                HPCCcertificate.set(conf->queryProp("HPCCCertFile"));
 
+                HPCCprivateKey.set(conf->queryProp("HPCCPrivateKeyFile"));
 
+                const char *passPhrasePtr = conf->queryProp("HPCCPassPhrase");
 
+                if (!isEmptyString(passPhrasePtr))
 
+                {
 
+                    StringBuffer passPhraseStr;
 
+                    decrypt(passPhraseStr, passPhrasePtr);
 
+                    HPCCpassPhrase.set(passPhraseStr.str());
 
+                }
 
+
 
+                if (DAFScertificate.isEmpty() && DAFSprivateKey.isEmpty() &&  DAFSpassPhrase.isEmpty())
 
+                {
 
+                    DAFScertificate.set(HPCCcertificate);
 
+                    DAFSprivateKey.set(HPCCprivateKey);
 
+                    DAFSpassPhrase.set(HPCCpassPhrase);
 
+                }
 
+                else
 
+                    WARNLOG("Deprecated dfsSSL* keywords found in %s, please specify HPCCCertFile/HPCCPrivateKeyFile/HPCCPassPhrase instead", ENV_CONF_FILE);
 
                 retrieved = true;
 
             }
 
             catch (IException *e)
 
@@ -2472,12 +2493,14 @@ jlib_decl bool querySecuritySettings(DAFSConnectCfg *_connectMethod,
 
             else
 
                 *_port = SECURE_DAFILESRV_PORT;
 
         }
 
+
 
+        //Returns deprecated dfsSSL* settings if specified, otherwise HPCCCertFile/HPCCPrivateKeyFile/HPCCPassPhrase settings
 
         if (_certificate)
 
-            *_certificate = certificate.get();
 
+            *_certificate = DAFScertificate.get();
 
         if (_privateKey)
 
-            *_privateKey = privateKey.get();
 
+            *_privateKey = DAFSprivateKey.get();
 
         if (_passPhrase)
 
-            *_passPhrase = passPhrase.get();
 
+            *_passPhrase = DAFSpassPhrase.get();
 
     }
 
     else
 
     {
 
@@ -2505,6 +2528,23 @@ jlib_decl bool queryDafsSecSettings(DAFSConnectCfg *_connectMethod,
 
     return ret;
 
 }
 
 
+//query PKI values from environment.conf
 
+jlib_decl bool queryHPCCPKIKeyFiles(const char * *  _certificate,//HPCCCertFile
 
+                                    const char * *  _privateKey, //HPCCPrivateKeyFile
 
+                                    const char * *  _passPhrase) //HPCCPassPhrase
 
+{
 
+    bool rc = true;
 
+    if (HPCCcertificate.isEmpty() && HPCCprivateKey.isEmpty() && HPCCpassPhrase.isEmpty())
 
+        rc = querySecuritySettings(nullptr, nullptr, nullptr, nullptr, nullptr);
 
+    if (rc)
 
+    {
 
+        *_certificate = HPCCcertificate.get();
 
+        *_privateKey = HPCCprivateKey.get();
 
+        *_passPhrase = HPCCpassPhrase.get();
 
+    }
 
+    return rc;
 
+}
 
+
 
 static IPropertyTree *getOSSdirTree()
 
 {
 
     Owned<IPropertyTree> envtree = getHPCCEnvironment();

+ 5 - 0
system/jlib/jutil.hpp
Ver ficheiro 

@@ -382,6 +382,11 @@ extern jlib_decl bool queryDafsSecSettings(DAFSConnectCfg *_connectMethod,
 
                                            const char * *  _privateKey,
 
                                            const char * *  _passPhrase);
 
 
+//Queries environment.conf file
 
+extern jlib_decl bool queryHPCCPKIKeyFiles(const char * *  _certificate,//HPCCCertFile
 
+                                           const char * *  _privateKey, //HPCCPrivateKeyFile
 
+                                           const char * *  _passPhrase);//HPCCPassPhrase
 
+
 
 extern jlib_decl const char * matchConfigurationDirectoryEntry(const char *path,const char *mask,StringBuffer &name, StringBuffer &component, StringBuffer &instance);
 
 extern jlib_decl bool replaceConfigurationDirectoryEntry(const char *path,const char *frommask,const char *tomask,StringBuffer &out);