FLUME-3460 - create new certs that don't use DSA

Author: rgoers

flume-ng-core/src/test/resources/certs/gencerts.sh

@@ -0,0 +1,31 @@
+mkdir tmp
+rm ../truststorefile.jks
+rm ../keystorefile.jks
+rm ../server.flume-keystore.p12
+# Create the CA key and certificate
+openssl req -config rootca.conf -new -x509 -nodes -keyout tmp/flume-cacert.key -out tmp/flume-ca.crt -days 10960
+# Create the trust store and import the certificate
+keytool -keystore ../truststorefile.jks -storetype jks -importcert -file 'tmp/flume-ca.crt' -keypass password -storepass password -alias flume-cacert -noprompt
+#Import the root certificate
+keytool -keystore ../keystorefile.jks -alias flume-ca -importcert -file tmp/flume-ca.crt -keypass password -storepass password -noprompt
+# Create the client private key in the client key store
+keytool -genkeypair -keyalg RSA -alias client -keystore ../keystorefile.jks -storepass password -keypass password -validity 10960 -keysize 2048 -dname "CN=client.flume, C=US"
+# Create a signing request for the client                         #
+keytool -keystore ../keystorefile.jks -alias client -certreq -file tmp/client.csr -keypass password -storepass password
+# Sign the client certificate
+openssl x509 -req -CA 'tmp/flume-ca.crt' -CAkey 'tmp/flume-cacert.key' -in tmp/client.csr -out tmp/client.crt_signed -days 10960 -CAcreateserial -passin pass:password
+# Verify the signed certificate
+openssl verify -CAfile 'tmp/flume-ca.crt' tmp/client.crt_signed
+#Import the client's signed certificate
+keytool -keystore ../keystorefile.jks -alias client -importcert -file tmp/client.crt_signed -keypass password -storepass password -noprompt
+#Verify the keystore
+keytool -list -v -keystore ../keystorefile.jks -storepass password
+# Create the server private key in the server key store
+keytool -genkeypair -keyalg RSA -alias server -keystore ../server.flume-keystore.p12 -storepass password -storetype PKCS12 -keypass password -validity 10960 -keysize 2048 -dname "CN=server.flume, C=US"
+# Create a signing request for the server                         #
+keytool -keystore ../server.flume-keystore.p12 -alias server -certreq -file tmp/server.csr -keypass password -storepass password
+# Sign the server certificate
+openssl x509 -req -CA 'tmp/flume-ca.crt' -CAkey 'tmp/flume-cacert.key' -in tmp/server.csr -out ../server.flume-crt.pem -days 10960 -CAcreateserial -passin pass:password
+# Extract the private key
+openssl pkcs12 -in ../server.flume-keystore.p12 -passin pass:password -nokeys -out ../server.flume.pem
+rm -rf tmp

flume-ng-core/src/test/resources/certs/rootca.conf

@@ -0,0 +1,9 @@
+[ req ]
+distinguished_name = CA_DN 
+prompt             = no
+output_password    = password
+default_bits       = 2048
+
+[ CA_DN ]
+C  = US
+CN = flume-ca

flume-ng-core/src/test/resources/certs/server.conf

@@ -0,0 +1,9 @@
+[ req ]
+distinguished_name = CA_DN 
+prompt             = no
+output_password    = password
+default_bits       = 2048
+
+[ CA_DN ]
+C  = US
+CN = server.flume

flume-ng-core/src/test/resources/keystorefile.jks

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwjCCAaoCCQD8AQyla5FbDjANBgkqhkiG9w0BAQsFADAgMQswCQYDVQQGEwJV
+UzERMA8GA1UEAwwIZmx1bWUtY2EwIBcNMjMwMzIyMDAyODM0WhgPMjA1MzAzMjQw
+MDI4MzRaMCQxCzAJBgNVBAYTAlVTMRUwEwYDVQQDEwxzZXJ2ZXIuZmx1bWUwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEEAUShlX2lWDYiEgcZL1JzWFw
+auNkdxOGo1DtD3YaZdrU1GS2UwspLm0qcSFEF1Sx6uVTABdgjZGnxJLSTJkabVu/
+iMuP+EQrE/4AWJoyuuaYMSG0EGeP+mttTtLHYyt/k9NJkABYxFZkNqdDuo+lF/Vs
+QdW3icym0vqMwiIvE+VKw9j3F+zFZizfx6MiBH0uuNrXHFCNUg52/cbeyiXO1mks
+yruOV+PF8/44zAepjLWiJgp7Wo6ejXmLvR+k68RwB5V7fXrzPYueM9GQDmLffkdO
+ZhrcafiRFGlzWSmC820Eb2b5+cVnm96XAlUXE5ao5o58oMmcufMnJ5k2UbFJAgMB
+AAEwDQYJKoZIhvcNAQELBQADggEBAHBGpqraT39aw/HVrJdmpsw8CwSmdiir+NYk
+5PprbIKAyf/P/9ObKcqesO8d8CQZVvzzm+Ok2rgcALDIl/TbbAVUPizIrN4AiH+Z
+BPOqDFF4taWkw73iMDiq61QS8SpJIOxxmL8PsK5eefuABrpumnVgW5X9BT/uMIqW
+NOwiyII3NVvtlErcdAL/ZTYWc3S8CEWVRc88ZpIBSLB4/tqQbPM+m+ZtYMSKi3Sh
+ugOjonPuteeQqu6R7HRYOajepKdGe048Moq90v0IrDI8v+rbezLFpEWOnG0fUDEq
+LfA9l7e/q1ukXRW4ccJWZWXLrZbEbX5hJeTlyYhHciwB5jfueMM=
+-----END CERTIFICATE-----

flume-ng-core/src/test/resources/server.flume-crt.pem

@@ -0,0 +1,23 @@
+Bag Attributes
+    friendlyName: server
+    localKeyID: 54 69 6D 65 20 31 36 37 39 34 34 34 39 31 33 33 33 39 
+subject=/C=US/CN=server.flume
+issuer=/C=US/CN=server.flume
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAdGgAwIBAgIEMlDgqzANBgkqhkiG9w0BAQsFADAkMQswCQYDVQQGEwJV
+UzEVMBMGA1UEAxMMc2VydmVyLmZsdW1lMCAXDTIzMDMyMjAwMjgzM1oYDzIwNTMw
+MzI0MDAyODMzWjAkMQswCQYDVQQGEwJVUzEVMBMGA1UEAxMMc2VydmVyLmZsdW1l
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBAFEoZV9pVg2IhIHGS9
+Sc1hcGrjZHcThqNQ7Q92GmXa1NRktlMLKS5tKnEhRBdUserlUwAXYI2Rp8SS0kyZ
+Gm1bv4jLj/hEKxP+AFiaMrrmmDEhtBBnj/prbU7Sx2Mrf5PTSZAAWMRWZDanQ7qP
+pRf1bEHVt4nMptL6jMIiLxPlSsPY9xfsxWYs38ejIgR9Lrja1xxQjVIOdv3G3sol
+ztZpLMq7jlfjxfP+OMwHqYy1oiYKe1qOno15i70fpOvEcAeVe3168z2LnjPRkA5i
+335HTmYa3Gn4kRRpc1kpgvNtBG9m+fnFZ5velwJVFxOWqOaOfKDJnLnzJyeZNlGx
+SQIDAQABoyEwHzAdBgNVHQ4EFgQUClD6FZ+qPIFrtBaz0swRTtWt1WEwDQYJKoZI
+hvcNAQELBQADggEBALuX9E+tRWvvA9uULj9Iq+k9iUNMQzkmyzXGu7hY46ZU9lx+
+fNnLZq82zz9rHq8IhK4HsLIsPCLfNeXwG/TNR4zUHKI53lzkburxgu76soMUDbHX
+8udyUgrs0YjQcppw6IOOmlZtgNeF2nu7jeoXrCaA07yXzehAqukHv7glWaV3oORc
+rDkZvHfJ2G7hPbUYYIeouJsbG9rNukNPOY9JEYGFYzDxZ8hlFt7Lp/icbdpjFGDV
+tkMtPpVz59B47j/Kk/k5zxaDLnD42svL8GByyM5UxvAqAlYnfMKiZqXfY0JbCpMC
+e9Z5xOyt9F8NLFyjRsmBlJD61LuLb8hAZK/Ho70=
+-----END CERTIFICATE-----