remove hadoop security dependecy

hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/ssl/KeyStoresFactory.java

@@ -17,9 +17,8 @@
 */
 package org.apache.hadoop.hdds.security.ssl;
 
-import org.apache.hadoop.classification.InterfaceAudience;
-import org.apache.hadoop.classification.InterfaceStability;
-import org.apache.hadoop.security.ssl.SSLFactory;
+import org.apache.hadoop.hdds.annotation.InterfaceAudience;
+import org.apache.hadoop.hdds.annotation.InterfaceStability;
 
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.TrustManager;
@@ -34,6 +33,8 @@
 @InterfaceStability.Evolving
 public interface KeyStoresFactory {
 
+  enum Mode { CLIENT, SERVER }
+
   /**
    * Initializes the keystores of the factory.
    *
@@ -45,8 +46,8 @@ public interface KeyStoresFactory {
    * @throws GeneralSecurityException thrown if the keystores could not be
    * initialized due to an security error.
    */
-  void init(SSLFactory.Mode mode, boolean requireClientAuth)
-      throws IOException, GeneralSecurityException;
+  void init(Mode mode, boolean requireClientAuth) throws IOException,
+      GeneralSecurityException;
 
   /**
    * Releases any resources being used.

hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/ssl/MonitoringTimerTask.java

@@ -17,7 +17,6 @@
  */
 package org.apache.hadoop.hdds.security.ssl;
 
-import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
@@ -33,7 +32,6 @@
  * can optionally also be specified in the constructor, otherwise any
  * exception occurring during process will be logged using this class' logger.
  */
-@InterfaceAudience.Private
 public class MonitoringTimerTask extends TimerTask {
 
   static final Logger LOG = LoggerFactory.getLogger(MonitoringTimerTask.class);

hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/ssl/PemFileBasedKeyStoresFactory.java

@@ -18,11 +18,10 @@
 package org.apache.hadoop.hdds.security.ssl;
 
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
-import org.apache.hadoop.classification.InterfaceAudience;
-import org.apache.hadoop.classification.InterfaceStability;
+import org.apache.hadoop.hdds.annotation.InterfaceAudience;
+import org.apache.hadoop.hdds.annotation.InterfaceStability;
 import org.apache.hadoop.hdds.security.x509.SecurityConfig;
 import org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient;
-import org.apache.hadoop.security.ssl.SSLFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -78,7 +77,7 @@ public PemFileBasedKeyStoresFactory(SecurityConfig securityConfig,
    * to reload truststore.
    * @param mode client or server
    */
-  private void createTrustManagers(SSLFactory.Mode mode) throws
+  private void createTrustManagers(Mode mode) throws
       GeneralSecurityException, IOException {
     long truststoreReloadInterval = secConfig.getSslTruststoreReloadInterval();
     LOG.info(mode.toString() + " TrustStore reloading at " +
@@ -105,7 +104,7 @@ private void createTrustManagers(SSLFactory.Mode mode) throws
    * to reload keystores.
    * @param mode client or server
    */
-  private void createKeyManagers(SSLFactory.Mode mode) throws
+  private void createKeyManagers(Mode mode) throws
       GeneralSecurityException, IOException {
     long keystoreReloadInterval = secConfig.getSslKeystoreReloadInterval();
     LOG.info(mode.toString() + " KeyStore reloading at " +
@@ -139,20 +138,20 @@ private void createKeyManagers(SSLFactory.Mode mode) throws
    * @throws GeneralSecurityException thrown if the keystores could not be
    * initialized due to a security error.
    */
-  public synchronized void init(SSLFactory.Mode mode, boolean requireClientAuth)
+  public synchronized void init(Mode mode, boolean requireClientAuth)
       throws IOException, GeneralSecurityException {
 
     monitoringTimer = new Timer(caClient.getComponentName() + "-"
         + SSL_MONITORING_THREAD_NAME, true);
 
     // key manager
-    if (requireClientAuth || mode == SSLFactory.Mode.SERVER) {
+    if (requireClientAuth || mode == Mode.SERVER) {
       createKeyManagers(mode);
     } else {
       KeyStore keystore = KeyStore.getInstance(DEFAULT_KEYSTORE_TYPE);
       keystore.load(null, null);
       KeyManagerFactory keyMgrFactory = KeyManagerFactory
-              .getInstance(SSLFactory.SSLCERTIFICATE);
+          .getInstance(KeyManagerFactory.getDefaultAlgorithm());
 
       keyMgrFactory.init(keystore, null);
       keyManagers = keyMgrFactory.getKeyManagers();

hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/ssl/ReloadingX509KeyManager.java

@@ -17,10 +17,9 @@
  */
 package org.apache.hadoop.hdds.security.ssl;
 
-import org.apache.hadoop.classification.InterfaceAudience;
-import org.apache.hadoop.classification.InterfaceStability;
+import org.apache.hadoop.hdds.annotation.InterfaceAudience;
+import org.apache.hadoop.hdds.annotation.InterfaceStability;
 import org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient;
-import org.apache.hadoop.security.ssl.SSLFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -163,7 +162,7 @@ private X509ExtendedKeyManager loadKeyManager(CertificateClient caClient)
         privateKey, EMPTY_PASSWORD, new Certificate[]{cert});
 
     KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(
-        SSLFactory.SSLCERTIFICATE);
+        KeyManagerFactory.getDefaultAlgorithm());
     keyMgrFactory.init(keystore, EMPTY_PASSWORD);
     for (KeyManager candidate: keyMgrFactory.getKeyManagers()) {
       if (candidate instanceof X509ExtendedKeyManager) {

hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/ssl/ReloadingX509TrustManager.java

@@ -17,10 +17,9 @@
  */
 package org.apache.hadoop.hdds.security.ssl;
 
-import org.apache.hadoop.classification.InterfaceAudience;
-import org.apache.hadoop.classification.InterfaceStability;
+import org.apache.hadoop.hdds.annotation.InterfaceAudience;
+import org.apache.hadoop.hdds.annotation.InterfaceStability;
 import org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient;
-import org.apache.hadoop.security.ssl.SSLFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -137,8 +136,8 @@ X509TrustManager loadTrustManager(CertificateClient caClient)
     ks.load(null, null);
     ks.setCertificateEntry(certId, cert);
 
-    TrustManagerFactory trustManagerFactory =
-        TrustManagerFactory.getInstance(SSLFactory.SSLCERTIFICATE);
+    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
+        TrustManagerFactory.getDefaultAlgorithm());
     trustManagerFactory.init(ks);
     TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
     for (TrustManager trustManager1 : trustManagers) {

hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/keys/SecurityUtil.java

@@ -148,7 +148,7 @@ public static KeyStoresFactory getServerKeyStoresFactory(
     PemFileBasedKeyStoresFactory factory =
         new PemFileBasedKeyStoresFactory(securityConfig, client);
     try {
-      factory.init(SSLFactory.Mode.SERVER, requireClientAuth);
+      factory.init(KeyStoresFactory.Mode.SERVER, requireClientAuth);
     } catch (IOException | GeneralSecurityException e) {
       throw new CertificateException("Failed to init keyStoresFactory", e,
           CertificateException.ErrorCode.KEYSTORE_ERROR);
@@ -163,7 +163,7 @@ public static KeyStoresFactory getClientKeyStoresFactory(
         new PemFileBasedKeyStoresFactory(securityConfig, client);
 
     try {
-      factory.init(SSLFactory.Mode.CLIENT, requireClientAuth);
+      factory.init(KeyStoresFactory.Mode.CLIENT, requireClientAuth);
     } catch (IOException | GeneralSecurityException e) {
       throw new CertificateException("Failed to init keyStoresFactory", e,
           CertificateException.ErrorCode.KEYSTORE_ERROR);

hadoop-hdds/framework/src/test/java/org/apache/hadoop/hdds/security/ssl/TestPemFileBasedKeyStoresFactory.java

@@ -33,7 +33,6 @@
 import org.apache.hadoop.hdds.security.x509.CertificateClientTest;
 import org.apache.hadoop.hdds.security.x509.SecurityConfig;
 import org.apache.hadoop.ozone.container.ContainerTestHelper;
-import org.apache.hadoop.security.ssl.SSLFactory;
 import org.apache.ratis.thirdparty.io.grpc.ManagedChannel;
 import org.apache.ratis.thirdparty.io.grpc.Server;
 import org.apache.ratis.thirdparty.io.grpc.netty.GrpcSslContexts;
@@ -84,7 +83,7 @@ private void clientMode(boolean clientAuth) throws Exception {
     KeyStoresFactory keyStoresFactory = new PemFileBasedKeyStoresFactory(
         secConf, caClient);
     try {
-      keyStoresFactory.init(SSLFactory.Mode.CLIENT, clientAuth);
+      keyStoresFactory.init(KeyStoresFactory.Mode.CLIENT, clientAuth);
       if (clientAuth) {
         Assert.assertTrue(keyStoresFactory.getKeyManagers()[0]
             instanceof ReloadingX509KeyManager);
@@ -103,7 +102,7 @@ private void serverMode(boolean clientAuth) throws Exception {
     KeyStoresFactory keyStoresFactory = new PemFileBasedKeyStoresFactory(
         secConf, caClient);
     try {
-      keyStoresFactory.init(SSLFactory.Mode.SERVER, clientAuth);
+      keyStoresFactory.init(KeyStoresFactory.Mode.SERVER, clientAuth);
       Assert.assertTrue(keyStoresFactory.getKeyManagers()[0]
           instanceof ReloadingX509KeyManager);
       Assert.assertTrue(keyStoresFactory.getTrustManagers()[0]
@@ -122,13 +121,13 @@ public void testConnectionWithCertReload() throws Exception {
     try {
       // create server
       serverFactory = new PemFileBasedKeyStoresFactory(secConf, caClient);
-      serverFactory.init(SSLFactory.Mode.SERVER, true);
+      serverFactory.init(KeyStoresFactory.Mode.SERVER, true);
       server = setupServer(serverFactory);
       server.start();
 
       // create client
       clientFactory = new PemFileBasedKeyStoresFactory(secConf, caClient);
-      clientFactory.init(SSLFactory.Mode.CLIENT, true);
+      clientFactory.init(KeyStoresFactory.Mode.CLIENT, true);
       channel = setupClient(clientFactory, server.getPort());
       XceiverClientProtocolServiceStub asyncStub =
           XceiverClientProtocolServiceGrpc.newStub(channel);