diff --git a/core/pom.xml b/core/pom.xml
index 254a9b9ac3184..4ea122d0cde53 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -148,7 +148,11 @@
javax.servlet-api
${javaxservlet.version}
-
+
+ ca.juliusdavies
+ not-yet-commons-ssl
+ 0.3.11
+
org.apache.commons
commons-lang3
diff --git a/core/src/main/scala/org/apache/spark/security/SSLConfig.scala b/core/src/main/scala/org/apache/spark/security/SSLConfig.scala
index f48f6e2415bbd..f79d2376017d0 100644
--- a/core/src/main/scala/org/apache/spark/security/SSLConfig.scala
+++ b/core/src/main/scala/org/apache/spark/security/SSLConfig.scala
@@ -16,14 +16,16 @@
*/
package org.apache.spark.security
-import java.io.{ByteArrayInputStream, File, FileOutputStream}
+import java.io._
import java.nio.file.{Files, Paths}
import java.nio.file.attribute.PosixFilePermissions
import java.security._
+import java.security.KeyFactory
import java.security.cert.CertificateFactory
-import java.security.spec.RSAPrivateCrtKeySpec
+import java.security.spec.{PKCS8EncodedKeySpec, RSAPrivateCrtKeySpec}
import javax.xml.bind.DatatypeConverter
+import org.apache.commons.ssl.PKCS8Key
import sun.security.util.DerInputStream
import org.apache.spark.internal.Logging
@@ -62,6 +64,10 @@ object SSLConfig extends Logging {
val (key, certs) =
VaultHelper.getCertKeyForAppFromVault(vaultHost, vaultKeystorePath.get, vaultToken)
+
+ pemToDer(key)
+ generatePemFile(certs, "cert.crt")
+ generatePemFile(trustStore, "ca.crt")
val pass = VaultHelper.getCertPassForAppFromVault(
vaultHost, vaultKeystorePassPath.get, vaultToken)
@@ -86,9 +92,9 @@ object SSLConfig extends Logging {
-> VaultHelper.getCertPassForAppFromVault(vaultHost, vaultKeyPassPath.get, vaultToken))
val certFilesPath =
- Map(sparkSSLPrefix + "cert.path" -> s"${sys.env.get("SPARK_SSL_CERT_PATH")}/cert.crt",
- sparkSSLPrefix + "key.pkcs8" -> s"${sys.env.get("SPARK_SSL_CERT_PATH")}/key.pkcs8",
- sparkSSLPrefix + "root.cert" -> s"${sys.env.get("SPARK_SSL_CERT_PATH")}/caroot.crt")
+ Map(s"$sparkSSLPrefix${sslType.toLowerCase}.certPem.path" -> "/tmp/cert.crt",
+ s"$sparkSSLPrefix${sslType.toLowerCase}.keyPKCS8.path" -> "/tmp/key.pkcs8",
+ s"$sparkSSLPrefix${sslType.toLowerCase}.caPem.path" -> "/tmp/ca.crt")
trustStoreOptions ++ keyStoreOptions ++ keyPass ++ certFilesPath
}
@@ -117,6 +123,37 @@ object SSLConfig extends Logging {
file.getAbsolutePath
}
+ def generatePemFile(pem: String, fileName: String): Unit = {
+ formatPem(pem)
+ val bosCA = new BufferedOutputStream(new FileOutputStream(s"/tmp/$fileName"))
+ bosCA.write(formatPem(pem).getBytes)
+ bosCA.close()
+ }
+
+ // Gets raw pem from vault (without \n and folding) and outputs a well-formatted pem
+
+ def formatPem(pemRaw: String): String = {
+ val (begin, end) = extractFlagsFromCert(pemRaw)
+ val pem = getArrayFromCert(pemRaw)
+ pem.map( data => s"$begin\n${data.sliding(64, 64).mkString("\n")}\n$end")
+ .mkString("\n")
+ .concat("\n")
+ }
+
+ def pemToDer(data: String): Unit = {
+ val (begin, end) = ("-----BEGIN RSA PRIVATE KEY-----", "-----END RSA PRIVATE KEY-----")
+ require(data.startsWith(begin), "BEGIN RSA PRIVATE KEY flag not found")
+ val tokens = data.split(begin)(1).split(end)
+ val keyByted = DatatypeConverter.parseBase64Binary(tokens(0))
+ val pkcs8 = new PKCS8Key(keyByted, null)
+ val decrypted = pkcs8.getDecryptedBytes
+ val spec = new PKCS8EncodedKeySpec(decrypted)
+ val pk = KeyFactory.getInstance("RSA").generatePrivate(spec)
+ val bos = new BufferedOutputStream(new FileOutputStream("/tmp/key.pkcs8"))
+ bos.write(pk.getEncoded)
+ bos.close()
+ }
+
// TODO Improvent get passwords keys and jks key
def generateKeyStore(sslType: String,
@@ -182,15 +219,19 @@ object SSLConfig extends Logging {
private def generateCertificateFromDER(certBytes: Array[Byte]): cert.Certificate =
CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certBytes))
- private def getArrayFromCA(ca: String): Array[String] = {
- val splittedBy = ca.takeWhile(_ == '-')
- val begin = s"$splittedBy${ca.split(splittedBy).tail.head}$splittedBy"
+ private def getArrayFromCert(cert: String): Array[String] = {
+ val (begin, end) = extractFlagsFromCert(cert)
+ cert.split(begin).tail.map(_.split(end).head)
+ }
+ private def extractFlagsFromCert(cert: String): (String, String) = {
+ val splittedBy = cert.takeWhile(_ == '-')
+ val begin = s"$splittedBy${cert.split(splittedBy).tail.head}$splittedBy"
val end = begin.replace("BEGIN", "END")
- ca.split(begin).tail.map(_.split(end).head)
+ (begin, end)
}
private def getBase64FromCAs(cas: String): Array[Array[Byte]] = {
- val pattern = getArrayFromCA(cas)
+ val pattern = getArrayFromCert(cas)
pattern.map(value => {
DatatypeConverter.parseBase64Binary(value)
})
diff --git a/core/src/test/resources/ca-one-level.crt b/core/src/test/resources/ca-one-level.crt
new file mode 100644
index 0000000000000..aa3745c5c3de7
--- /dev/null
+++ b/core/src/test/resources/ca-one-level.crt
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFPDCCAySgAwIBAgIQdWSbQJ/CYk1/BERap1nTNjANBgkqhkiG9w0BAQsFADA4
+MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRp
+byBJbmMgQ0EwHhcNMTYwMjE5MTEzODI2WhcNMjYwMjE2MTEzODI2WjA4MQswCQYD
+VQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMg
+Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2boA0hxlI9cDcSrt9
+56lPnNuQ0ek/NnuWw6dsGXZeC1RHBR5m3/0jGnKRMpW2PpmTp7eG2ngOCbZMd5tG
+hZHoposlCHSjRrJvhXWPRDP52WvtSgsckcJtKw1uoo3lqZGBPAHpvg3ExxcWY8Q/
+b7H3Rc0zY2nM/whiayJPwO4+wE3gGiQwFrvsaekFjX/bNwBnZRiSAHm6iYeL0qfw
+vSUwBcs0Wzh2yCKOuNqnuk+xFy3iaj5ADWGDxhm4Qf4q5UKJCriYZnWWSn0CDIHl
+ZPc05sXERO52OCyzAG5Bm8qCGeCBtgpFQtHf72gbJFfSqJKs0VQ7U8N9ucI3NAEp
+vt0NDXALF+4EoyV+0vCrq4U5f7geUSKPSEZWI2lpyz+NCZ95BrTFSHLDuNsTXJLn
+mJjOYCymAm5luKA6DQw3HyNXIndgKV2e5BfhSWx3HP4J0DxO7kB2F1APUSijNZAe
+2x6x+SO85CR6dT46pEvoGypD8EiRRoDHbQ8Vw1ulVh8nXoJzCs8v3exQUt1ZG7G1
+Pcmp/S4xPF0Y6/HP0IIe2pxJ4uzOYaaARki3AI8pwHfD6OON6tRC0wjnPB4qYPta
+nVJo4Nr/UWmq8vpgLKrI2kE3ceiPkNgb7/cXepyseTDBQidvCwV/ZyixmafwDgDi
+02zN/FI4yS3aMtpyXtrTkKlLXwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU1T68/Oa44A7bgn6wxN1deQVukKQwDQYJ
+KoZIhvcNAQELBQADggIBAEGTbgPUdRcWCgLclrbIOJ9wNC/T0LhmAuMyPtXJVfoj
+aH1XlWWGZw9CTAD0/d/W1cE0QwLi7MI0IWV6Lb4VjaogXIga7ND5uLzZ5iJb7SK8
++gjK0d8hpGUKrwLzS6jUuL4vieM9DF7/VPi4EJm4EL35QfNpnb4Y17yOY1FZwZjt
+wlPZWGrG0plRTi70/Mgic4a3KtC1I33RUUruF3nk+Fm+VEJJzmoOi01JwDwuM1hT
+6lI4USNLp2vy4l1iJSdBSlwwNEthv1C/eHqC2XkH8Kr6kufW8s2Cnqu1tHJ/U+ns
+/m5dDcrP22i/toDKVwOdquFdB4bg42PWyKeQi85UlHVSPwlTiB7gXZi97vtIDlIf
+YZ6V3zy4fSUudaBXEm4IOY7IoRFB1zoqSj86KtufjOLAfqAcUFqYJGKEIfjbGist
+agDKh5VRTtmgWnCSp252h27UHrYMWSv9/oi6H7m9dv5ZBuUgeYnxsgZYDgic4xA8
+0POOWAiMwYdoIQwQghdGLRDuXT8krg8/ery42xmIvqW0xpJzROAVzWgtEUFFtFfM
+nrFjf2b4o6Mw8A6AflbL1zeRuum/Uz+sFVVSUS1uzWrIRSTN6M2tRpu6EuRuNCJk
+NXxqQ5v3iBCpoKsXEBqDeymnT4WEFqv+Rq2ZHbticZ+vXbu8039fau7bdmVS9Bjj
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/core/src/test/resources/ca-two-levels.crt b/core/src/test/resources/ca-two-levels.crt
new file mode 100644
index 0000000000000..7cb454d3447b8
--- /dev/null
+++ b/core/src/test/resources/ca-two-levels.crt
@@ -0,0 +1,60 @@
+-----BEGIN CERTIFICATE-----
+MIIFOjCCAyKgAwIBAgIQdWSbQJ/CYk1/BERap1nTPTANBgkqhkiG9w0BAQsFADA4
+MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRp
+byBJbmMgQ0EwHhcNMTYxMDIxMTUxNjEyWhcNMjYxMDE5MTUxNjEyWjA2MQswCQYD
+VQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEVMBMGA1UEAwwMTGFicyB0ZWFtIENB
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtMw5w9bxjXur+T3A/sFE
+cDCKxvKWU1Um86puh36D3Zc55/aTpNzq8UqyEtTUbr9xuqpkriQWPZcS3CZEDW0w
+nEXmZ6/ukQ059T9wv6P+YGEXMqaVHn3qPGwiZ8WbClVrGfDwTl+9sfqvfR6keJq8
+rJkxE21ECW94ikI7Tk19s0Rz62xf+/FFRndQbTsech9Opi4TC2zMd9h9rPyRwfSm
+VHMKPmqm+nnAoDjBlUalxjt+n7Vs269ZBqfusn25Em+BIMwU4z13csHIuZuB/mvm
+qipxc2VHHrvhlCeoSgqWnNvmok4D8Ug+9sASAKYn1stdkSxCqwLLWb9PR/fUcqor
+vz1S8KNc07c7IIt2ip5sXGWSJKIazak4CHiJGEQ11jO4NOFsXp+tDaQgT/21Aq45
+zHJyf9ymT8c0ztwe9oQI1UYXHyopfyW1o9Ca5/MxQeXWcCPEFE1IMoA/e6vDWF09
+liDOZl94lSwZ2ev+zGGDN+WU4ZojCbjdLCv/tbuSdyiTd4jV6dCShObyWMc6l+TA
+fHvHFkxD29MDC165evoSXWMZtqriyt2h/9kWmqgblpz0oJ4kFPQ9RY5n34FHMSva
+bkSTWkjcV8m6/4YDaRWYTo7a+ObJ9a6sk0J8pfYYcpwn4QoFS+12IA95ea51TWN1
+bEoIFaVEqBDy5y3Qe7JSWNkCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAkpP4Zm5qJ0Frn14iTtthSCrXVSMA0GCSqG
+SIb3DQEBCwUAA4ICAQA/Pnv9Lf/Ic/EeJYjFGZ84bICIZ/cFFNPcb4lWc7zJNOg2
+690t748MwqDUQYvCL4f5Dh+rvssLxK/FlMGDiw4UrZGHdHS5u3bTTUrbwG1NHQKR
+nthdz1xtx/TlBn4NvqVokcB7AkC5XVwpTvvVvcgpRp+ffYK3gd6arOb6oOOzRYDa
+wFgPEZdZrbREh9p1k0NpbkUcmNiNMjQhV+DqVvGI+pYTOP4686Q4PvC7OGma5X3T
+0MWwUJ3iMPdo4qAGJB8GV4XbyPapMd7vqFzsf18yAKmT9Q2afr1U1KCQ/zourY1u
+qBeor5CzJzCDqLDxgXrBauVwB844Epa24x98RQGfZuIULZGPn0Sf8sF4L2bwmBBQ
+M29yAWO4DLEZU0yqQTUHV7oJmNN+i0iE4wNSlC/Gz/wV3LCG+tseQkgvRziN8hwo
+TGg6n9EvT2NdD0QpzJ2D7PQeJIytKEYzJKVRCZkn3Xcoy1SzIKiG0xDLME22rjFu
+vWFyw1r/OnErIM7RL4GLZ3gAm00CRq4e2GarcEeLAq1d7rcSxV5/84pOIX9mH7PN
+JTg5js6pOn9hrZWmmwRKYYVTPFqkAlTurrO0NjOT/kmDdHT0Xnaq0LRg0bKa79iD
+JcylT5C08PAJX5S9esPXhNwS6rxMwk1ApmdE5USs/hn3geDAebJ0aRwIwnX5+g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFPDCCAySgAwIBAgIQdWSbQJ/CYk1/BERap1nTNjANBgkqhkiG9w0BAQsFADA4
+MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRp
+byBJbmMgQ0EwHhcNMTYwMjE5MTEzODI2WhcNMjYwMjE2MTEzODI2WjA4MQswCQYD
+VQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMg
+Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2boA0hxlI9cDcSrt9
+56lPnNuQ0ek/NnuWw6dsGXZeC1RHBR5m3/0jGnKRMpW2PpmTp7eG2ngOCbZMd5tG
+hZHoposlCHSjRrJvhXWPRDP52WvtSgsckcJtKw1uoo3lqZGBPAHpvg3ExxcWY8Q/
+b7H3Rc0zY2nM/whiayJPwO4+wE3gGiQwFrvsaekFjX/bNwBnZRiSAHm6iYeL0qfw
+vSUwBcs0Wzh2yCKOuNqnuk+xFy3iaj5ADWGDxhm4Qf4q5UKJCriYZnWWSn0CDIHl
+ZPc05sXERO52OCyzAG5Bm8qCGeCBtgpFQtHf72gbJFfSqJKs0VQ7U8N9ucI3NAEp
+vt0NDXALF+4EoyV+0vCrq4U5f7geUSKPSEZWI2lpyz+NCZ95BrTFSHLDuNsTXJLn
+mJjOYCymAm5luKA6DQw3HyNXIndgKV2e5BfhSWx3HP4J0DxO7kB2F1APUSijNZAe
+2x6x+SO85CR6dT46pEvoGypD8EiRRoDHbQ8Vw1ulVh8nXoJzCs8v3exQUt1ZG7G1
+Pcmp/S4xPF0Y6/HP0IIe2pxJ4uzOYaaARki3AI8pwHfD6OON6tRC0wjnPB4qYPta
+nVJo4Nr/UWmq8vpgLKrI2kE3ceiPkNgb7/cXepyseTDBQidvCwV/ZyixmafwDgDi
+02zN/FI4yS3aMtpyXtrTkKlLXwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU1T68/Oa44A7bgn6wxN1deQVukKQwDQYJ
+KoZIhvcNAQELBQADggIBAEGTbgPUdRcWCgLclrbIOJ9wNC/T0LhmAuMyPtXJVfoj
+aH1XlWWGZw9CTAD0/d/W1cE0QwLi7MI0IWV6Lb4VjaogXIga7ND5uLzZ5iJb7SK8
++gjK0d8hpGUKrwLzS6jUuL4vieM9DF7/VPi4EJm4EL35QfNpnb4Y17yOY1FZwZjt
+wlPZWGrG0plRTi70/Mgic4a3KtC1I33RUUruF3nk+Fm+VEJJzmoOi01JwDwuM1hT
+6lI4USNLp2vy4l1iJSdBSlwwNEthv1C/eHqC2XkH8Kr6kufW8s2Cnqu1tHJ/U+ns
+/m5dDcrP22i/toDKVwOdquFdB4bg42PWyKeQi85UlHVSPwlTiB7gXZi97vtIDlIf
+YZ6V3zy4fSUudaBXEm4IOY7IoRFB1zoqSj86KtufjOLAfqAcUFqYJGKEIfjbGist
+agDKh5VRTtmgWnCSp252h27UHrYMWSv9/oi6H7m9dv5ZBuUgeYnxsgZYDgic4xA8
+0POOWAiMwYdoIQwQghdGLRDuXT8krg8/ery42xmIvqW0xpJzROAVzWgtEUFFtFfM
+nrFjf2b4o6Mw8A6AflbL1zeRuum/Uz+sFVVSUS1uzWrIRSTN6M2tRpu6EuRuNCJk
+NXxqQ5v3iBCpoKsXEBqDeymnT4WEFqv+Rq2ZHbticZ+vXbu8039fau7bdmVS9Bjj
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/core/src/test/resources/cert.crt b/core/src/test/resources/cert.crt
new file mode 100644
index 0000000000000..484fbe3bd4e82
--- /dev/null
+++ b/core/src/test/resources/cert.crt
@@ -0,0 +1,91 @@
+-----BEGIN CERTIFICATE-----
+MIIFXTCCA0WgAwIBAgIRALZoIdzosSCFgK8nHH+iKoQwDQYJKoZIhvcNAQELBQAw
+NjELMAkGA1UEBhMCRVMxEDAOBgNVBAoMB1N0cmF0aW8xFTATBgNVBAMMDExhYnMg
+dGVhbSBDQTAeFw0xNzA2MjAxNjQ0NDFaFw0xODA2MjAxNjQ0NDFaMDIxCzAJBgNV
+BAYTAkVTMRAwDgYDVQQKEwdTdHJhdGlvMREwDwYDVQQDEwhwb3N0Z3JlczCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK5X78hm/LT6WVA3gswBE9/Z5qYo
+vyD+aU2ZTMU89MB+VGzRfjwsO4Exg/AuRHj369mj/zNHCXcumWe06az6Q0Jj8Gv/
+u1vzA8LJMcyF3EhLSG8EiIp7LEXm+uSs1rkRH1qM2j2oVyIC4IUhrwvBWT3VnZFX
+TSnpodwARYGszkyrv+1poQTMLz5gvolv1kQWexB6zTaTIG4dpiGwyjtbtwlqa6LQ
+e2KXq6C6eLUX/bPHPaU/ECdl/A1jHT8kyTe9FT3OSzsJCwPII/oMYoJDYFUBnLrB
+d4lKy00KgoopIzn+xtbLwq3nxsHPBbHStFkw8+2BoDGUDidAQPNiPJovC6cCAwEA
+AaOCAWgwggFkMHQGCCsGAQUFBwEBBGgwZjAyBggrBgEFBQcwAoYmaHR0cDovL2xh
+YnMtY2Euc3RyYXRpby5jb20vbGFicy1jYS5jcnQwMAYIKwYBBQUHMAGGJGh0dHA6
+Ly9vY3NwLmxhYnMtY2Euc3RyYXRpby5jb206OTA4MTAfBgNVHSMEGDAWgBQJKT+G
+ZuaidBa59eIk7bYUgq11UjAMBgNVHRMBAf8EAjAAMDcGA1UdHwQwMC4wLKAqoCiG
+Jmh0dHA6Ly9sYWJzLWNhLnN0cmF0aW8uY29tL2xhYnMtY2EuY3JsMB0GA1UdJQQW
+MBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0OBBYE
+FO454se8dRSIP2jLPsYIC8B8wtrpMDYGA1UdEQQvMC2CCHBvc3RncmVzgiFwb29s
+cGdzcWx0ZXN0c3BhcmsubWFyYXRob24ubWVzb3MwDQYJKoZIhvcNAQELBQADggIB
+AGm45ighjWkdj662m72AuPNIofTqQhn+Fkwwvc+KVk4s0wdLJTJvfQ7JaznCnFhI
+powEW6J6hyF/C7ltMpjnPuhzbs0a12+I2HC5ZWOB8ag8zuv/+uYNUFiUzVQaLjKn
+dwsOY60Tqy+nEGKTDXCWh6hz4+WideI60JB8DzPVzaEp74U+t0/grbiXXb08ft10
+AQO52QR49r67xRHC9GxY5YRZNe07uT12jWeWUGasUzNFOHAB/dFcLgkxaUMFeaBR
+40XlLZo/Y/TbxCsnvTe4uP7nn+PBYVSS8y+sTAQ+l7X6UiK0VPWF8hlURHhM9K6E
+bvNJFpkDBXRM66ZDV3uXN6Jyx+8qjPM6ekjofwJgTDPfiigSV27OFcq0OwqvO+77
+97e/MDQ0tItsShmTtpcEShaF5l8VM7laoCqLGObIyQJHkpIslGVU2qutJyMKwOrd
+KfbWJeJphgbpGuPeiwrJ8OSIkO+u1pPtDiLwm+QqilEz5VOAxb3Lco2BEp2GwTVW
+3zZtBuRWdYxWcIB0LvYYRGw0D1DaEAUf1Hr2jJeBUvQsNre962Tl9r5wGSqTAXQL
+ykoxIAOzaN56Gzncrnt1iw2MQyUiN+9zisnE8FpjnSRekJCZljFkUxJARFSUah9m
+ecYRVm9G8YkxCg3feUfvw0lQdqqw/kFkFFe3RC0agHj/
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFOjCCAyKgAwIBAgIQdWSbQJ/CYk1/BERap1nTPTANBgkqhkiG9w0BAQsFADA4
+MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRp
+byBJbmMgQ0EwHhcNMTYxMDIxMTUxNjEyWhcNMjYxMDE5MTUxNjEyWjA2MQswCQYD
+VQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEVMBMGA1UEAwwMTGFicyB0ZWFtIENB
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtMw5w9bxjXur+T3A/sFE
+cDCKxvKWU1Um86puh36D3Zc55/aTpNzq8UqyEtTUbr9xuqpkriQWPZcS3CZEDW0w
+nEXmZ6/ukQ059T9wv6P+YGEXMqaVHn3qPGwiZ8WbClVrGfDwTl+9sfqvfR6keJq8
+rJkxE21ECW94ikI7Tk19s0Rz62xf+/FFRndQbTsech9Opi4TC2zMd9h9rPyRwfSm
+VHMKPmqm+nnAoDjBlUalxjt+n7Vs269ZBqfusn25Em+BIMwU4z13csHIuZuB/mvm
+qipxc2VHHrvhlCeoSgqWnNvmok4D8Ug+9sASAKYn1stdkSxCqwLLWb9PR/fUcqor
+vz1S8KNc07c7IIt2ip5sXGWSJKIazak4CHiJGEQ11jO4NOFsXp+tDaQgT/21Aq45
+zHJyf9ymT8c0ztwe9oQI1UYXHyopfyW1o9Ca5/MxQeXWcCPEFE1IMoA/e6vDWF09
+liDOZl94lSwZ2ev+zGGDN+WU4ZojCbjdLCv/tbuSdyiTd4jV6dCShObyWMc6l+TA
+fHvHFkxD29MDC165evoSXWMZtqriyt2h/9kWmqgblpz0oJ4kFPQ9RY5n34FHMSva
+bkSTWkjcV8m6/4YDaRWYTo7a+ObJ9a6sk0J8pfYYcpwn4QoFS+12IA95ea51TWN1
+bEoIFaVEqBDy5y3Qe7JSWNkCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAkpP4Zm5qJ0Frn14iTtthSCrXVSMA0GCSqG
+SIb3DQEBCwUAA4ICAQA/Pnv9Lf/Ic/EeJYjFGZ84bICIZ/cFFNPcb4lWc7zJNOg2
+690t748MwqDUQYvCL4f5Dh+rvssLxK/FlMGDiw4UrZGHdHS5u3bTTUrbwG1NHQKR
+nthdz1xtx/TlBn4NvqVokcB7AkC5XVwpTvvVvcgpRp+ffYK3gd6arOb6oOOzRYDa
+wFgPEZdZrbREh9p1k0NpbkUcmNiNMjQhV+DqVvGI+pYTOP4686Q4PvC7OGma5X3T
+0MWwUJ3iMPdo4qAGJB8GV4XbyPapMd7vqFzsf18yAKmT9Q2afr1U1KCQ/zourY1u
+qBeor5CzJzCDqLDxgXrBauVwB844Epa24x98RQGfZuIULZGPn0Sf8sF4L2bwmBBQ
+M29yAWO4DLEZU0yqQTUHV7oJmNN+i0iE4wNSlC/Gz/wV3LCG+tseQkgvRziN8hwo
+TGg6n9EvT2NdD0QpzJ2D7PQeJIytKEYzJKVRCZkn3Xcoy1SzIKiG0xDLME22rjFu
+vWFyw1r/OnErIM7RL4GLZ3gAm00CRq4e2GarcEeLAq1d7rcSxV5/84pOIX9mH7PN
+JTg5js6pOn9hrZWmmwRKYYVTPFqkAlTurrO0NjOT/kmDdHT0Xnaq0LRg0bKa79iD
+JcylT5C08PAJX5S9esPXhNwS6rxMwk1ApmdE5USs/hn3geDAebJ0aRwIwnX5+g==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFPDCCAySgAwIBAgIQdWSbQJ/CYk1/BERap1nTNjANBgkqhkiG9w0BAQsFADA4
+MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRp
+byBJbmMgQ0EwHhcNMTYwMjE5MTEzODI2WhcNMjYwMjE2MTEzODI2WjA4MQswCQYD
+VQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMg
+Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2boA0hxlI9cDcSrt9
+56lPnNuQ0ek/NnuWw6dsGXZeC1RHBR5m3/0jGnKRMpW2PpmTp7eG2ngOCbZMd5tG
+hZHoposlCHSjRrJvhXWPRDP52WvtSgsckcJtKw1uoo3lqZGBPAHpvg3ExxcWY8Q/
+b7H3Rc0zY2nM/whiayJPwO4+wE3gGiQwFrvsaekFjX/bNwBnZRiSAHm6iYeL0qfw
+vSUwBcs0Wzh2yCKOuNqnuk+xFy3iaj5ADWGDxhm4Qf4q5UKJCriYZnWWSn0CDIHl
+ZPc05sXERO52OCyzAG5Bm8qCGeCBtgpFQtHf72gbJFfSqJKs0VQ7U8N9ucI3NAEp
+vt0NDXALF+4EoyV+0vCrq4U5f7geUSKPSEZWI2lpyz+NCZ95BrTFSHLDuNsTXJLn
+mJjOYCymAm5luKA6DQw3HyNXIndgKV2e5BfhSWx3HP4J0DxO7kB2F1APUSijNZAe
+2x6x+SO85CR6dT46pEvoGypD8EiRRoDHbQ8Vw1ulVh8nXoJzCs8v3exQUt1ZG7G1
+Pcmp/S4xPF0Y6/HP0IIe2pxJ4uzOYaaARki3AI8pwHfD6OON6tRC0wjnPB4qYPta
+nVJo4Nr/UWmq8vpgLKrI2kE3ceiPkNgb7/cXepyseTDBQidvCwV/ZyixmafwDgDi
+02zN/FI4yS3aMtpyXtrTkKlLXwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU1T68/Oa44A7bgn6wxN1deQVukKQwDQYJ
+KoZIhvcNAQELBQADggIBAEGTbgPUdRcWCgLclrbIOJ9wNC/T0LhmAuMyPtXJVfoj
+aH1XlWWGZw9CTAD0/d/W1cE0QwLi7MI0IWV6Lb4VjaogXIga7ND5uLzZ5iJb7SK8
++gjK0d8hpGUKrwLzS6jUuL4vieM9DF7/VPi4EJm4EL35QfNpnb4Y17yOY1FZwZjt
+wlPZWGrG0plRTi70/Mgic4a3KtC1I33RUUruF3nk+Fm+VEJJzmoOi01JwDwuM1hT
+6lI4USNLp2vy4l1iJSdBSlwwNEthv1C/eHqC2XkH8Kr6kufW8s2Cnqu1tHJ/U+ns
+/m5dDcrP22i/toDKVwOdquFdB4bg42PWyKeQi85UlHVSPwlTiB7gXZi97vtIDlIf
+YZ6V3zy4fSUudaBXEm4IOY7IoRFB1zoqSj86KtufjOLAfqAcUFqYJGKEIfjbGist
+agDKh5VRTtmgWnCSp252h27UHrYMWSv9/oi6H7m9dv5ZBuUgeYnxsgZYDgic4xA8
+0POOWAiMwYdoIQwQghdGLRDuXT8krg8/ery42xmIvqW0xpJzROAVzWgtEUFFtFfM
+nrFjf2b4o6Mw8A6AflbL1zeRuum/Uz+sFVVSUS1uzWrIRSTN6M2tRpu6EuRuNCJk
+NXxqQ5v3iBCpoKsXEBqDeymnT4WEFqv+Rq2ZHbticZ+vXbu8039fau7bdmVS9Bjj
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/core/src/test/resources/cert.key b/core/src/test/resources/cert.key
new file mode 100644
index 0000000000000..611156685bf17
--- /dev/null
+++ b/core/src/test/resources/cert.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEArlfvyGb8tPpZUDeCzAET39nmpii/IP5pTZlMxTz0wH5UbNF+
+PCw7gTGD8C5EePfr2aP/M0cJdy6ZZ7TprPpDQmPwa/+7W/MDwskxzIXcSEtIbwSI
+inssReb65KzWuREfWozaPahXIgLghSGvC8FZPdWdkVdNKemh3ABFgazOTKu/7Wmh
+BMwvPmC+iW/WRBZ7EHrNNpMgbh2mIbDKO1u3CWprotB7YperoLp4tRf9s8c9pT8Q
+J2X8DWMdPyTJN70VPc5LOwkLA8gj+gxigkNgVQGcusF3iUrLTQqCiikjOf7G1svC
+refGwc8FsdK0WTDz7YGgMZQOJ0BA82I8mi8LpwIDAQABAoIBABeLssua9RgwE23d
+AWIx5xA9aoQYTq/TDD+5q3+b2uZAaYCEzoqr4qFxIYOHjCHWQdkT5/xx5JpfBcLW
+0RRWfEz0GF1NnW0updxhtcMMdRKicDbmItapCfKq3kmR+jHmWRiumy7mlFX4k4AH
+a4+n3jiWqAAgDUDS19RRiRGZWAdMlbnXQTVP8t+DIPCVlQRInDgrNcpwiXpmJAd1
+cessEtjAADoZq9QgDNn5n6QEvOS43zxCuLt6wt65hQLCzBTWZmDGB+CPz6F9FLMU
+1DSWll+nPBC5ZTBFxwz5duKXV1K+FtaGF6VDWR3jsBnNXQ+1A3rXv47LCUA3pzat
+zxMRCyECgYEA2VCKVmpo/nSd5FoPSHP0DtSYw3LgGbRKoDiZJ+9RycEoK21fzqyy
+IY3PNsutPpTMZKVuTm12Y5cAH5wO3vmeRTa6bzRiIdggyoLdZxRaF76s9dN1datu
+rEi4UMs9vByJp0wTQbIy9uCB/1puChntzrYOnOm9xZcJkfG2XN7tyZECgYEAzWEe
+Bkx+FXihmzo1Uz9MJQCT6uJvb1ffRjCMTLH28+HCUuPoiOjOHLbXqJmMgKmO4NVq
+SCCDNbu0XBA/ZUOSrE1oPSIb9TGmL+XqXilPrE7JKcDuagAE7C1KXDQcMuf3Z+Pk
+qjBJ/MMcUXhLY9iGTMJGQcSnG7mToW6RIIXyJbcCgYAemj3w72k7tBZsCtauIE4V
+LJEarPmsBPyhVXcT7Zq5666JdwyP4Tfwi7TLhaEu9+tUnQtMlhOe8Ku+x848TjCg
+lJVqhZjwJSxw+D7Pfkk1oM9gite2q16ZemAiWIyoCejEm2z2ym5s367O0+A9Ieug
+OXkTVcM4qQ1a9Qv2Rhp8UQKBgEzzRVeg02DiGNLbRV2SisoWZFWOT6hNKTfYOskF
+qPyJqtB52gdqCsfRbg4asf0HCqSM8cxieibo1FPmNoqPfeYW/qZhIE6HMrghkeWD
+3vk1b8O4KNwIc8+1zHWthJ9CMH15cpSdkSsmQ3b29nBLkU4zQDWmI+KMbpb+oVup
+NCgTAoGAKw+s/PE1lwK/Elu0nxmL3YE7AaL3i1XP/+eVTZqVhYDWdOsu/vCzVfyj
+rHUo04LQ57GpEe/MgONZWfrHsH8V9bS5GF4PMyUFwPqKvb4wtAz6eD0Tu+NQDg5k
+ntDp9d+aKx+/uy3cbCkqA/9g82o4LGeOJ/TBhPKFh6yjF2uLm2s=
+-----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/core/src/test/resources/key.pkcs8 b/core/src/test/resources/key.pkcs8
new file mode 100644
index 0000000000000..f809e0ee999fa
Binary files /dev/null and b/core/src/test/resources/key.pkcs8 differ
diff --git a/core/src/test/scala/org/apache/spark/security/SSLConfigTest.scala b/core/src/test/scala/org/apache/spark/security/SSLConfigTest.scala
new file mode 100644
index 0000000000000..d8eff1ec92af8
--- /dev/null
+++ b/core/src/test/scala/org/apache/spark/security/SSLConfigTest.scala
@@ -0,0 +1,60 @@
+/*
+ * Modified in 2017 by Stratio Big Data Inc.,
+ * Sucursal en España. Modifications are © 2017
+ * Stratio Big Data Inc.,Sucursal en España.
+ */
+
+package org.apache.spark.security
+
+import java.nio.file.{Files, Paths}
+import java.security.MessageDigest
+
+import org.scalatest.ShouldMatchers
+import scala.io.Source
+
+import org.apache.spark.SparkFunSuite
+
+
+class SSLConfigTest extends SparkFunSuite with ShouldMatchers{
+
+ // scalastyle:off
+ val pemString = "-----BEGIN CERTIFICATE-----MIIFXTCCA0WgAwIBAgIRALZoIdzosSCFgK8nHH+iKoQwDQYJKoZIhvcNAQELBQAwNjELMAkGA1UEBhMCRVMxEDAOBgNVBAoMB1N0cmF0aW8xFTATBgNVBAMMDExhYnMgdGVhbSBDQTAeFw0xNzA2MjAxNjQ0NDFaFw0xODA2MjAxNjQ0NDFaMDIxCzAJBgNVBAYTAkVTMRAwDgYDVQQKEwdTdHJhdGlvMREwDwYDVQQDEwhwb3N0Z3JlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK5X78hm/LT6WVA3gswBE9/Z5qYovyD+aU2ZTMU89MB+VGzRfjwsO4Exg/AuRHj369mj/zNHCXcumWe06az6Q0Jj8Gv/u1vzA8LJMcyF3EhLSG8EiIp7LEXm+uSs1rkRH1qM2j2oVyIC4IUhrwvBWT3VnZFXTSnpodwARYGszkyrv+1poQTMLz5gvolv1kQWexB6zTaTIG4dpiGwyjtbtwlqa6LQe2KXq6C6eLUX/bPHPaU/ECdl/A1jHT8kyTe9FT3OSzsJCwPII/oMYoJDYFUBnLrBd4lKy00KgoopIzn+xtbLwq3nxsHPBbHStFkw8+2BoDGUDidAQPNiPJovC6cCAwEAAaOCAWgwggFkMHQGCCsGAQUFBwEBBGgwZjAyBggrBgEFBQcwAoYmaHR0cDovL2xhYnMtY2Euc3RyYXRpby5jb20vbGFicy1jYS5jcnQwMAYIKwYBBQUHMAGGJGh0dHA6Ly9vY3NwLmxhYnMtY2Euc3RyYXRpby5jb206OTA4MTAfBgNVHSMEGDAWgBQJKT+GZuaidBa59eIk7bYUgq11UjAMBgNVHRMBAf8EAjAAMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9sYWJzLWNhLnN0cmF0aW8uY29tL2xhYnMtY2EuY3JsMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0OBBYEFO454se8dRSIP2jLPsYIC8B8wtrpMDYGA1UdEQQvMC2CCHBvc3RncmVzgiFwb29scGdzcWx0ZXN0c3BhcmsubWFyYXRob24ubWVzb3MwDQYJKoZIhvcNAQELBQADggIBAGm45ighjWkdj662m72AuPNIofTqQhn+Fkwwvc+KVk4s0wdLJTJvfQ7JaznCnFhIpowEW6J6hyF/C7ltMpjnPuhzbs0a12+I2HC5ZWOB8ag8zuv/+uYNUFiUzVQaLjKndwsOY60Tqy+nEGKTDXCWh6hz4+WideI60JB8DzPVzaEp74U+t0/grbiXXb08ft10AQO52QR49r67xRHC9GxY5YRZNe07uT12jWeWUGasUzNFOHAB/dFcLgkxaUMFeaBR40XlLZo/Y/TbxCsnvTe4uP7nn+PBYVSS8y+sTAQ+l7X6UiK0VPWF8hlURHhM9K6EbvNJFpkDBXRM66ZDV3uXN6Jyx+8qjPM6ekjofwJgTDPfiigSV27OFcq0OwqvO+7797e/MDQ0tItsShmTtpcEShaF5l8VM7laoCqLGObIyQJHkpIslGVU2qutJyMKwOrdKfbWJeJphgbpGuPeiwrJ8OSIkO+u1pPtDiLwm+QqilEz5VOAxb3Lco2BEp2GwTVW3zZtBuRWdYxWcIB0LvYYRGw0D1DaEAUf1Hr2jJeBUvQsNre962Tl9r5wGSqTAXQLykoxIAOzaN56Gzncrnt1iw2MQyUiN+9zisnE8FpjnSRekJCZljFkUxJARFSUah9mecYRVm9G8YkxCg3feUfvw0lQdqqw/kFkFFe3RC0agHj/-----END CERTIFICATE----------BEGIN CERTIFICATE-----MIIFOjCCAyKgAwIBAgIQdWSbQJ/CYk1/BERap1nTPTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMgQ0EwHhcNMTYxMDIxMTUxNjEyWhcNMjYxMDE5MTUxNjEyWjA2MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEVMBMGA1UEAwwMTGFicyB0ZWFtIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtMw5w9bxjXur+T3A/sFEcDCKxvKWU1Um86puh36D3Zc55/aTpNzq8UqyEtTUbr9xuqpkriQWPZcS3CZEDW0wnEXmZ6/ukQ059T9wv6P+YGEXMqaVHn3qPGwiZ8WbClVrGfDwTl+9sfqvfR6keJq8rJkxE21ECW94ikI7Tk19s0Rz62xf+/FFRndQbTsech9Opi4TC2zMd9h9rPyRwfSmVHMKPmqm+nnAoDjBlUalxjt+n7Vs269ZBqfusn25Em+BIMwU4z13csHIuZuB/mvmqipxc2VHHrvhlCeoSgqWnNvmok4D8Ug+9sASAKYn1stdkSxCqwLLWb9PR/fUcqorvz1S8KNc07c7IIt2ip5sXGWSJKIazak4CHiJGEQ11jO4NOFsXp+tDaQgT/21Aq45zHJyf9ymT8c0ztwe9oQI1UYXHyopfyW1o9Ca5/MxQeXWcCPEFE1IMoA/e6vDWF09liDOZl94lSwZ2ev+zGGDN+WU4ZojCbjdLCv/tbuSdyiTd4jV6dCShObyWMc6l+TAfHvHFkxD29MDC165evoSXWMZtqriyt2h/9kWmqgblpz0oJ4kFPQ9RY5n34FHMSvabkSTWkjcV8m6/4YDaRWYTo7a+ObJ9a6sk0J8pfYYcpwn4QoFS+12IA95ea51TWN1bEoIFaVEqBDy5y3Qe7JSWNkCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAkpP4Zm5qJ0Frn14iTtthSCrXVSMA0GCSqGSIb3DQEBCwUAA4ICAQA/Pnv9Lf/Ic/EeJYjFGZ84bICIZ/cFFNPcb4lWc7zJNOg2690t748MwqDUQYvCL4f5Dh+rvssLxK/FlMGDiw4UrZGHdHS5u3bTTUrbwG1NHQKRnthdz1xtx/TlBn4NvqVokcB7AkC5XVwpTvvVvcgpRp+ffYK3gd6arOb6oOOzRYDawFgPEZdZrbREh9p1k0NpbkUcmNiNMjQhV+DqVvGI+pYTOP4686Q4PvC7OGma5X3T0MWwUJ3iMPdo4qAGJB8GV4XbyPapMd7vqFzsf18yAKmT9Q2afr1U1KCQ/zourY1uqBeor5CzJzCDqLDxgXrBauVwB844Epa24x98RQGfZuIULZGPn0Sf8sF4L2bwmBBQM29yAWO4DLEZU0yqQTUHV7oJmNN+i0iE4wNSlC/Gz/wV3LCG+tseQkgvRziN8hwoTGg6n9EvT2NdD0QpzJ2D7PQeJIytKEYzJKVRCZkn3Xcoy1SzIKiG0xDLME22rjFuvWFyw1r/OnErIM7RL4GLZ3gAm00CRq4e2GarcEeLAq1d7rcSxV5/84pOIX9mH7PNJTg5js6pOn9hrZWmmwRKYYVTPFqkAlTurrO0NjOT/kmDdHT0Xnaq0LRg0bKa79iDJcylT5C08PAJX5S9esPXhNwS6rxMwk1ApmdE5USs/hn3geDAebJ0aRwIwnX5+g==-----END CERTIFICATE----------BEGIN CERTIFICATE-----MIIFPDCCAySgAwIBAgIQdWSbQJ/CYk1/BERap1nTNjANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMgQ0EwHhcNMTYwMjE5MTEzODI2WhcNMjYwMjE2MTEzODI2WjA4MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2boA0hxlI9cDcSrt956lPnNuQ0ek/NnuWw6dsGXZeC1RHBR5m3/0jGnKRMpW2PpmTp7eG2ngOCbZMd5tGhZHoposlCHSjRrJvhXWPRDP52WvtSgsckcJtKw1uoo3lqZGBPAHpvg3ExxcWY8Q/b7H3Rc0zY2nM/whiayJPwO4+wE3gGiQwFrvsaekFjX/bNwBnZRiSAHm6iYeL0qfwvSUwBcs0Wzh2yCKOuNqnuk+xFy3iaj5ADWGDxhm4Qf4q5UKJCriYZnWWSn0CDIHlZPc05sXERO52OCyzAG5Bm8qCGeCBtgpFQtHf72gbJFfSqJKs0VQ7U8N9ucI3NAEpvt0NDXALF+4EoyV+0vCrq4U5f7geUSKPSEZWI2lpyz+NCZ95BrTFSHLDuNsTXJLnmJjOYCymAm5luKA6DQw3HyNXIndgKV2e5BfhSWx3HP4J0DxO7kB2F1APUSijNZAe2x6x+SO85CR6dT46pEvoGypD8EiRRoDHbQ8Vw1ulVh8nXoJzCs8v3exQUt1ZG7G1Pcmp/S4xPF0Y6/HP0IIe2pxJ4uzOYaaARki3AI8pwHfD6OON6tRC0wjnPB4qYPtanVJo4Nr/UWmq8vpgLKrI2kE3ceiPkNgb7/cXepyseTDBQidvCwV/ZyixmafwDgDi02zN/FI4yS3aMtpyXtrTkKlLXwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU1T68/Oa44A7bgn6wxN1deQVukKQwDQYJKoZIhvcNAQELBQADggIBAEGTbgPUdRcWCgLclrbIOJ9wNC/T0LhmAuMyPtXJVfojaH1XlWWGZw9CTAD0/d/W1cE0QwLi7MI0IWV6Lb4VjaogXIga7ND5uLzZ5iJb7SK8+gjK0d8hpGUKrwLzS6jUuL4vieM9DF7/VPi4EJm4EL35QfNpnb4Y17yOY1FZwZjtwlPZWGrG0plRTi70/Mgic4a3KtC1I33RUUruF3nk+Fm+VEJJzmoOi01JwDwuM1hT6lI4USNLp2vy4l1iJSdBSlwwNEthv1C/eHqC2XkH8Kr6kufW8s2Cnqu1tHJ/U+ns/m5dDcrP22i/toDKVwOdquFdB4bg42PWyKeQi85UlHVSPwlTiB7gXZi97vtIDlIfYZ6V3zy4fSUudaBXEm4IOY7IoRFB1zoqSj86KtufjOLAfqAcUFqYJGKEIfjbGistagDKh5VRTtmgWnCSp252h27UHrYMWSv9/oi6H7m9dv5ZBuUgeYnxsgZYDgic4xA80POOWAiMwYdoIQwQghdGLRDuXT8krg8/ery42xmIvqW0xpJzROAVzWgtEUFFtFfMnrFjf2b4o6Mw8A6AflbL1zeRuum/Uz+sFVVSUS1uzWrIRSTN6M2tRpu6EuRuNCJkNXxqQ5v3iBCpoKsXEBqDeymnT4WEFqv+Rq2ZHbticZ+vXbu8039fau7bdmVS9Bjj-----END CERTIFICATE-----"
+ val caString = "-----BEGIN CERTIFICATE-----MIIFOjCCAyKgAwIBAgIQdWSbQJ/CYk1/BERap1nTPTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMgQ0EwHhcNMTYxMDIxMTUxNjEyWhcNMjYxMDE5MTUxNjEyWjA2MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEVMBMGA1UEAwwMTGFicyB0ZWFtIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtMw5w9bxjXur+T3A/sFEcDCKxvKWU1Um86puh36D3Zc55/aTpNzq8UqyEtTUbr9xuqpkriQWPZcS3CZEDW0wnEXmZ6/ukQ059T9wv6P+YGEXMqaVHn3qPGwiZ8WbClVrGfDwTl+9sfqvfR6keJq8rJkxE21ECW94ikI7Tk19s0Rz62xf+/FFRndQbTsech9Opi4TC2zMd9h9rPyRwfSmVHMKPmqm+nnAoDjBlUalxjt+n7Vs269ZBqfusn25Em+BIMwU4z13csHIuZuB/mvmqipxc2VHHrvhlCeoSgqWnNvmok4D8Ug+9sASAKYn1stdkSxCqwLLWb9PR/fUcqorvz1S8KNc07c7IIt2ip5sXGWSJKIazak4CHiJGEQ11jO4NOFsXp+tDaQgT/21Aq45zHJyf9ymT8c0ztwe9oQI1UYXHyopfyW1o9Ca5/MxQeXWcCPEFE1IMoA/e6vDWF09liDOZl94lSwZ2ev+zGGDN+WU4ZojCbjdLCv/tbuSdyiTd4jV6dCShObyWMc6l+TAfHvHFkxD29MDC165evoSXWMZtqriyt2h/9kWmqgblpz0oJ4kFPQ9RY5n34FHMSvabkSTWkjcV8m6/4YDaRWYTo7a+ObJ9a6sk0J8pfYYcpwn4QoFS+12IA95ea51TWN1bEoIFaVEqBDy5y3Qe7JSWNkCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAkpP4Zm5qJ0Frn14iTtthSCrXVSMA0GCSqGSIb3DQEBCwUAA4ICAQA/Pnv9Lf/Ic/EeJYjFGZ84bICIZ/cFFNPcb4lWc7zJNOg2690t748MwqDUQYvCL4f5Dh+rvssLxK/FlMGDiw4UrZGHdHS5u3bTTUrbwG1NHQKRnthdz1xtx/TlBn4NvqVokcB7AkC5XVwpTvvVvcgpRp+ffYK3gd6arOb6oOOzRYDawFgPEZdZrbREh9p1k0NpbkUcmNiNMjQhV+DqVvGI+pYTOP4686Q4PvC7OGma5X3T0MWwUJ3iMPdo4qAGJB8GV4XbyPapMd7vqFzsf18yAKmT9Q2afr1U1KCQ/zourY1uqBeor5CzJzCDqLDxgXrBauVwB844Epa24x98RQGfZuIULZGPn0Sf8sF4L2bwmBBQM29yAWO4DLEZU0yqQTUHV7oJmNN+i0iE4wNSlC/Gz/wV3LCG+tseQkgvRziN8hwoTGg6n9EvT2NdD0QpzJ2D7PQeJIytKEYzJKVRCZkn3Xcoy1SzIKiG0xDLME22rjFuvWFyw1r/OnErIM7RL4GLZ3gAm00CRq4e2GarcEeLAq1d7rcSxV5/84pOIX9mH7PNJTg5js6pOn9hrZWmmwRKYYVTPFqkAlTurrO0NjOT/kmDdHT0Xnaq0LRg0bKa79iDJcylT5C08PAJX5S9esPXhNwS6rxMwk1ApmdE5USs/hn3geDAebJ0aRwIwnX5+g==-----END CERTIFICATE----------BEGIN CERTIFICATE-----MIIFPDCCAySgAwIBAgIQdWSbQJ/CYk1/BERap1nTNjANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMgQ0EwHhcNMTYwMjE5MTEzODI2WhcNMjYwMjE2MTEzODI2WjA4MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2boA0hxlI9cDcSrt956lPnNuQ0ek/NnuWw6dsGXZeC1RHBR5m3/0jGnKRMpW2PpmTp7eG2ngOCbZMd5tGhZHoposlCHSjRrJvhXWPRDP52WvtSgsckcJtKw1uoo3lqZGBPAHpvg3ExxcWY8Q/b7H3Rc0zY2nM/whiayJPwO4+wE3gGiQwFrvsaekFjX/bNwBnZRiSAHm6iYeL0qfwvSUwBcs0Wzh2yCKOuNqnuk+xFy3iaj5ADWGDxhm4Qf4q5UKJCriYZnWWSn0CDIHlZPc05sXERO52OCyzAG5Bm8qCGeCBtgpFQtHf72gbJFfSqJKs0VQ7U8N9ucI3NAEpvt0NDXALF+4EoyV+0vCrq4U5f7geUSKPSEZWI2lpyz+NCZ95BrTFSHLDuNsTXJLnmJjOYCymAm5luKA6DQw3HyNXIndgKV2e5BfhSWx3HP4J0DxO7kB2F1APUSijNZAe2x6x+SO85CR6dT46pEvoGypD8EiRRoDHbQ8Vw1ulVh8nXoJzCs8v3exQUt1ZG7G1Pcmp/S4xPF0Y6/HP0IIe2pxJ4uzOYaaARki3AI8pwHfD6OON6tRC0wjnPB4qYPtanVJo4Nr/UWmq8vpgLKrI2kE3ceiPkNgb7/cXepyseTDBQidvCwV/ZyixmafwDgDi02zN/FI4yS3aMtpyXtrTkKlLXwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU1T68/Oa44A7bgn6wxN1deQVukKQwDQYJKoZIhvcNAQELBQADggIBAEGTbgPUdRcWCgLclrbIOJ9wNC/T0LhmAuMyPtXJVfojaH1XlWWGZw9CTAD0/d/W1cE0QwLi7MI0IWV6Lb4VjaogXIga7ND5uLzZ5iJb7SK8+gjK0d8hpGUKrwLzS6jUuL4vieM9DF7/VPi4EJm4EL35QfNpnb4Y17yOY1FZwZjtwlPZWGrG0plRTi70/Mgic4a3KtC1I33RUUruF3nk+Fm+VEJJzmoOi01JwDwuM1hT6lI4USNLp2vy4l1iJSdBSlwwNEthv1C/eHqC2XkH8Kr6kufW8s2Cnqu1tHJ/U+ns/m5dDcrP22i/toDKVwOdquFdB4bg42PWyKeQi85UlHVSPwlTiB7gXZi97vtIDlIfYZ6V3zy4fSUudaBXEm4IOY7IoRFB1zoqSj86KtufjOLAfqAcUFqYJGKEIfjbGistagDKh5VRTtmgWnCSp252h27UHrYMWSv9/oi6H7m9dv5ZBuUgeYnxsgZYDgic4xA80POOWAiMwYdoIQwQghdGLRDuXT8krg8/ery42xmIvqW0xpJzROAVzWgtEUFFtFfMnrFjf2b4o6Mw8A6AflbL1zeRuum/Uz+sFVVSUS1uzWrIRSTN6M2tRpu6EuRuNCJkNXxqQ5v3iBCpoKsXEBqDeymnT4WEFqv+Rq2ZHbticZ+vXbu8039fau7bdmVS9Bjj-----END CERTIFICATE-----"
+ val caRootString = "-----BEGIN CERTIFICATE-----MIIFPDCCAySgAwIBAgIQdWSbQJ/CYk1/BERap1nTNjANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMgQ0EwHhcNMTYwMjE5MTEzODI2WhcNMjYwMjE2MTEzODI2WjA4MQswCQYDVQQGEwJFUzEQMA4GA1UECgwHU3RyYXRpbzEXMBUGA1UEAwwOU3RyYXRpbyBJbmMgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2boA0hxlI9cDcSrt956lPnNuQ0ek/NnuWw6dsGXZeC1RHBR5m3/0jGnKRMpW2PpmTp7eG2ngOCbZMd5tGhZHoposlCHSjRrJvhXWPRDP52WvtSgsckcJtKw1uoo3lqZGBPAHpvg3ExxcWY8Q/b7H3Rc0zY2nM/whiayJPwO4+wE3gGiQwFrvsaekFjX/bNwBnZRiSAHm6iYeL0qfwvSUwBcs0Wzh2yCKOuNqnuk+xFy3iaj5ADWGDxhm4Qf4q5UKJCriYZnWWSn0CDIHlZPc05sXERO52OCyzAG5Bm8qCGeCBtgpFQtHf72gbJFfSqJKs0VQ7U8N9ucI3NAEpvt0NDXALF+4EoyV+0vCrq4U5f7geUSKPSEZWI2lpyz+NCZ95BrTFSHLDuNsTXJLnmJjOYCymAm5luKA6DQw3HyNXIndgKV2e5BfhSWx3HP4J0DxO7kB2F1APUSijNZAe2x6x+SO85CR6dT46pEvoGypD8EiRRoDHbQ8Vw1ulVh8nXoJzCs8v3exQUt1ZG7G1Pcmp/S4xPF0Y6/HP0IIe2pxJ4uzOYaaARki3AI8pwHfD6OON6tRC0wjnPB4qYPtanVJo4Nr/UWmq8vpgLKrI2kE3ceiPkNgb7/cXepyseTDBQidvCwV/ZyixmafwDgDi02zN/FI4yS3aMtpyXtrTkKlLXwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU1T68/Oa44A7bgn6wxN1deQVukKQwDQYJKoZIhvcNAQELBQADggIBAEGTbgPUdRcWCgLclrbIOJ9wNC/T0LhmAuMyPtXJVfojaH1XlWWGZw9CTAD0/d/W1cE0QwLi7MI0IWV6Lb4VjaogXIga7ND5uLzZ5iJb7SK8+gjK0d8hpGUKrwLzS6jUuL4vieM9DF7/VPi4EJm4EL35QfNpnb4Y17yOY1FZwZjtwlPZWGrG0plRTi70/Mgic4a3KtC1I33RUUruF3nk+Fm+VEJJzmoOi01JwDwuM1hT6lI4USNLp2vy4l1iJSdBSlwwNEthv1C/eHqC2XkH8Kr6kufW8s2Cnqu1tHJ/U+ns/m5dDcrP22i/toDKVwOdquFdB4bg42PWyKeQi85UlHVSPwlTiB7gXZi97vtIDlIfYZ6V3zy4fSUudaBXEm4IOY7IoRFB1zoqSj86KtufjOLAfqAcUFqYJGKEIfjbGistagDKh5VRTtmgWnCSp252h27UHrYMWSv9/oi6H7m9dv5ZBuUgeYnxsgZYDgic4xA80POOWAiMwYdoIQwQghdGLRDuXT8krg8/ery42xmIvqW0xpJzROAVzWgtEUFFtFfMnrFjf2b4o6Mw8A6AflbL1zeRuum/Uz+sFVVSUS1uzWrIRSTN6M2tRpu6EuRuNCJkNXxqQ5v3iBCpoKsXEBqDeymnT4WEFqv+Rq2ZHbticZ+vXbu8039fau7bdmVS9Bjj-----END CERTIFICATE-----"
+ // scalastyle:on
+
+ def calculateMD5(path: String): String = {
+ val file = Files readAllBytes (Paths get path)
+ val checksum = MessageDigest.getInstance("MD5") digest file
+ checksum.map("%02X" format _).mkString
+ }
+
+ test("generate pkcs8 from valid key" ) {
+ SSLConfig.pemToDer(Source.fromURL(getClass.getResource("/cert.key")).mkString)
+ assert (
+ calculateMD5(getClass.getResource("/key.pkcs8").getFile)
+ .equals(calculateMD5("/tmp/key.pkcs8")))
+ }
+
+ test("generate cert.crt from valid data") {
+ SSLConfig.generatePemFile( pemString, "/cert.crt")
+ assert (
+ calculateMD5(getClass.getResource("/cert.crt").getFile)
+ .equals(calculateMD5("/tmp/cert.crt")))
+ }
+
+ test("generate ca-two-levels.crt from intermediate chain valid data") {
+ SSLConfig.generatePemFile( caString, "/ca-two-levels.crt")
+ assert (
+ calculateMD5(getClass.getResource("/ca-two-levels.crt").getFile)
+ .equals(calculateMD5("/tmp/ca-two-levels.crt")))
+ }
+
+ test("generate ca-two-levels.crt from valid root ca") {
+ SSLConfig.generatePemFile( caRootString, "/ca-one-level.crt")
+ assert (
+ calculateMD5(getClass.getResource("/ca-one-level.crt").getFile)
+ .equals(calculateMD5("/tmp/ca-one-level.crt")))
+ }
+
+}
diff --git a/docker/dispatcher/spark-env.sh b/docker/dispatcher/spark-env.sh
index c14363d54f9d3..25e6064252928 100644
--- a/docker/dispatcher/spark-env.sh
+++ b/docker/dispatcher/spark-env.sh
@@ -13,53 +13,6 @@ if [ "${SPARK_VIRTUAL_USER_NETWORK}" = "true" ]; then
export LIBPROCESS_IP=$HOST
fi
-if [ "${SPARK_DATASTORE_SSL_ENABLE}" == "true" ]; then
- source /root/kms_utils-0.2.1.sh
-
- VAULT_HOSTS=$VAULT_HOST
- export SPARK_SSL_CERT_PATH="/tmp"
- SERVICE_ID=$APP_NAME
- INSTANCE=$APP_NAME
- VAULT_URI="$VAULT_PROTOCOL://$VAULT_HOSTS:$VAULT_PORT"
-
- #0--- IF VAULT_ROLE_ID IS NOT EMPTY [!-z $YOUR_VAR] IT MEANS THAT WE ARE DEALING WITH SPARK DRIVER
- if [ ! -z "$VAULT_ROLE_ID" ]; then
- echo "Vault role id proved, signing in"
- login
- else
- #1--- FROM TEMP TOKEN GET APP TOKEN
- echo "No vault role ID provided, unwrapping OTT"
- VAULT_TOKEN=$(curl -k -L -XPOST -H "X-Vault-Token:$VAULT_TEMP_TOKEN" "$VAULT_URI/v1/sys/wrapping/unwrap" -s| python -m json.tool | python -c 'import json,sys;obj=json.load(sys.stdin);print obj["data"]["token"]')
- fi
-
- #2--- GET SECRETS WITH APP TOKEN
- getCert "userland" "$INSTANCE" "$SERVICE_ID" "PEM" $SPARK_SSL_CERT_PATH
-
- #GET CA-BUNDLE for given CA
- #getCAbundle $SPARK_SSL_CERT_PATH "PEM"
- JSON_KEY="${CA_NAME}_crt"
- CA_BUNDLE=$(curl -k -XGET -H "X-Vault-Token:$VAULT_TOKEN" "$VAULT_URI/v1/ca-trust/certificates/$CA_NAME" -s | jq -cMSr --arg fqdn "" ".data[\"$JSON_KEY\"]")
-
- echo "$CA_BUNDLE" > ${SPARK_SSL_CERT_PATH}/caroot.crt
- sed -i 's/-----BEGIN CERTIFICATE-----/-----BEGIN CERTIFICATE-----\n/g' ${SPARK_SSL_CERT_PATH}/caroot.crt
- sed -i 's/-----END CERTIFICATE-----/\n-----END CERTIFICATE-----\n/g' ${SPARK_SSL_CERT_PATH}/caroot.crt
- sed -i 's/-----END CERTIFICATE----------BEGIN CERTIFICATE-----/-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----/g' ${SPARK_SSL_CERT_PATH}/caroot.crt
-
-
-
- #3--- RESTORE TEMP TOKEN
- export VAULT_TEMP_TOKEN=$(curl -k -L -XPOST -H "X-Vault-Wrap-TTL: 6000" -H "X-Vault-Token:$VAULT_TOKEN" -d "{\"token\": \"$VAULT_TOKEN\" }" "$VAULT_URI/v1/sys/wrapping/wrap" -s| python -m json.tool | python -c 'import json,sys;obj=json.load(sys.stdin);print obj["wrap_info"]["token"]')
-
- fold -w64 "${SPARK_SSL_CERT_PATH}/${SERVICE_ID}.key" >> "${SPARK_SSL_CERT_PATH}/aux.key"
-
- mv "${SPARK_SSL_CERT_PATH}/aux.key" "${SPARK_SSL_CERT_PATH}/${SERVICE_ID}.key"
-
- openssl pkcs8 -topk8 -inform pem -in "${SPARK_SSL_CERT_PATH}/${SERVICE_ID}.key" -outform der -nocrypt -out "${SPARK_SSL_CERT_PATH}/key.pkcs8"
-
- mv $SPARK_SSL_CERT_PATH/${SERVICE_ID}.pem $SPARK_SSL_CERT_PATH/cert.crt
-
-fi
-
# I first set this to MESOS_SANDBOX, as a Workaround for MESOS-5866
# But this fails now due to MESOS-6391, so I'm setting it to /tmp
MESOS_DIRECTORY=/tmp