kafka-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ewe...@apache.org
Subject kafka git commit: KAFKA-4077: Backdate system test certificates to cope with clock skew
Date Thu, 01 Sep 2016 17:05:43 GMT
Repository: kafka
Updated Branches:
  refs/heads/trunk c3b64cc8f -> 3a161db57


KAFKA-4077: Backdate system test certificates to cope with clock skew

Author: Rajini Sivaram <rajinisivaram@googlemail.com>

Reviewers: Ewen Cheslack-Postava <ewen@confluent.io>

Closes #1810 from rajinisivaram/KAFKA-4077


Project: http://git-wip-us.apache.org/repos/asf/kafka/repo
Commit: http://git-wip-us.apache.org/repos/asf/kafka/commit/3a161db5
Tree: http://git-wip-us.apache.org/repos/asf/kafka/tree/3a161db5
Diff: http://git-wip-us.apache.org/repos/asf/kafka/diff/3a161db5

Branch: refs/heads/trunk
Commit: 3a161db57138b8001a66bef19dfc6e865f4fdfcd
Parents: c3b64cc
Author: Rajini Sivaram <rajinisivaram@googlemail.com>
Authored: Thu Sep 1 10:05:36 2016 -0700
Committer: Ewen Cheslack-Postava <me@ewencp.org>
Committed: Thu Sep 1 10:05:36 2016 -0700

----------------------------------------------------------------------
 tests/kafkatest/services/security/security_config.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kafka/blob/3a161db5/tests/kafkatest/services/security/security_config.py
----------------------------------------------------------------------
diff --git a/tests/kafkatest/services/security/security_config.py b/tests/kafkatest/services/security/security_config.py
index 40674e8..a37a889 100644
--- a/tests/kafkatest/services/security/security_config.py
+++ b/tests/kafkatest/services/security/security_config.py
@@ -31,6 +31,8 @@ class SslStores(object):
         self.truststore_passwd = "test-ts-passwd"
         self.keystore_passwd = "test-ks-passwd"
         self.key_passwd = "test-key-passwd"
+        # Allow upto one hour of clock skew between host and VMs
+        self.startdate = "-1H"
 
         for file in [self.ca_crt_path, self.ca_jks_path, self.truststore_path]:
             if os.path.exists(file):
@@ -41,7 +43,7 @@ class SslStores(object):
         Generate CA private key and certificate.
         """
 
-        self.runcmd("keytool -genkeypair -alias ca -keyalg RSA -keysize 2048 -keystore %s
-storetype JKS -storepass %s -keypass %s -dname CN=SystemTestCA" % (self.ca_jks_path, self.ca_passwd,
self.ca_passwd))
+        self.runcmd("keytool -genkeypair -alias ca -keyalg RSA -keysize 2048 -keystore %s
-storetype JKS -storepass %s -keypass %s -dname CN=SystemTestCA -startdate %s" % (self.ca_jks_path,
self.ca_passwd, self.ca_passwd, self.startdate))
         self.runcmd("keytool -export -alias ca -keystore %s -storepass %s -storetype JKS
-rfc -file %s" % (self.ca_jks_path, self.ca_passwd, self.ca_crt_path))
 
     def generate_truststore(self):
@@ -62,9 +64,9 @@ class SslStores(object):
         csr_path = os.path.join(ks_dir, "test.kafka.csr")
         crt_path = os.path.join(ks_dir, "test.kafka.crt")
 
-	self.runcmd("keytool -genkeypair -alias kafka -keyalg RSA -keysize 2048 -keystore %s -storepass
%s -keypass %s -dname CN=systemtest -ext SAN=DNS:%s" % (ks_path, self.keystore_passwd, self.key_passwd,
self.hostname(node)))
+	self.runcmd("keytool -genkeypair -alias kafka -keyalg RSA -keysize 2048 -keystore %s -storepass
%s -keypass %s -dname CN=systemtest -ext SAN=DNS:%s -startdate %s" % (ks_path, self.keystore_passwd,
self.key_passwd, self.hostname(node), self.startdate))
 	self.runcmd("keytool -certreq -keystore %s -storepass %s -keypass %s -alias kafka -file
%s" % (ks_path, self.keystore_passwd, self.key_passwd, csr_path))
-	self.runcmd("keytool -gencert -keystore %s -storepass %s -alias ca -infile %s -outfile %s
-dname CN=systemtest -ext SAN=DNS:%s" % (self.ca_jks_path, self.ca_passwd, csr_path, crt_path,
self.hostname(node)))
+	self.runcmd("keytool -gencert -keystore %s -storepass %s -alias ca -infile %s -outfile %s
-dname CN=systemtest -ext SAN=DNS:%s -startdate %s" % (self.ca_jks_path, self.ca_passwd, csr_path,
crt_path, self.hostname(node), self.startdate))
 	self.runcmd("keytool -importcert -keystore %s -storepass %s -alias ca -file %s -noprompt"
% (ks_path, self.keystore_passwd, self.ca_crt_path))
 	self.runcmd("keytool -importcert -keystore %s -storepass %s -keypass %s -alias kafka -file
%s -noprompt" % (ks_path, self.keystore_passwd, self.key_passwd, crt_path))
         node.account.scp_to(ks_path, SecurityConfig.KEYSTORE_PATH)


Mime
View raw message