Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GEODE-7071: Add CA to CertStores so that all certificates can be signed #3905

Merged
merged 5 commits into from Aug 19, 2019
Merged

GEODE-7071: Add CA to CertStores so that all certificates can be signed #3905

merged 5 commits into from Aug 19, 2019

Conversation

jdeppe-pivotal
Copy link
Contributor

  • Future work should convert all other tests, which utilize key/trust
    stores to use the CertStores class.

Thank you for submitting a contribution to Apache Geode.

In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:

For all changes:

  • Is there a JIRA ticket associated with this PR? Is it referenced in the commit message?

  • Has your PR been rebased against the latest commit within the target branch (typically develop)?

  • Is your initial contribution a single, squashed commit?

  • Does gradlew build run cleanly?

  • Have you written or updated unit tests to verify your changes?

  • If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?

Note:

Please ensure that once the PR is submitted, check Concourse for build issues and
submit an update to your PR as soon as possible. If you need help, please send an
email to dev@geode.apache.org.

@jdeppe-pivotal
GEODE-7071: Add CA to CertStores so that all certificates can be signed
61ffe5e 
- Future work should convert all other tests, which utilize key/trust
  stores to use the CertStores class.
sboorlagadda
sboorlagadda requested changes Aug 12, 2019
View reviewed changes
Copy link
Member

@sboorlagadda sboorlagadda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When we want to use CA, we should use a single CA to sign all the parties and trust only CA instead of individual certs. Also it is possibly a case where a developer wants to write tests that do not use a CA by trusting self-signed certs.

@jdeppe-pivotal
GEODE-7071: Provide clearer abstractions for CertificateBuilder and C…
bb04a93 
…ertStores

- CAs need to be explicitly created and added as trusted.
- Certificates need to be explicitly signed.
- Introduce CertificateMaterial which includes the generated
  X509Certificate, the certificate's KeyPair and the issuer if relevant.
@jdeppe-pivotal
Add license headers
d365eea
@jdeppe-pivotal
Trigger CI
ef4be52
sboorlagadda
sboorlagadda approved these changes Aug 16, 2019
View reviewed changes
Copy link
Member

@sboorlagadda sboorlagadda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@jdeppe-pivotal jdeppe-pivotal merged commit 87b3110 into apache:develop Aug 19, 2019
mhansonp pushed a commit to mhansonp/geode that referenced this pull request Aug 21, 2019
@jdeppe-pivotal @mhansonp
GEODE-7071: Add CA to CertStores so that all certificates can be sign…
c63aaf4 
…ed (apache#3905)

- CAs need to be explicitly created and added as trusted.
- Certificates need to be explicitly signed.
- Introduce CertificateMaterial which includes the generated
  X509Certificate, the certificate's KeyPair and the issuer if relevant.
- Future work should convert all other tests, which utilize key/trust
  stores to use the CertStores class.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sboorlagadda sboorlagadda sboorlagadda approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@jdeppe-pivotal @sboorlagadda