[HOPSWORKS-613] Add application certificate version in the filename

hopsworks-common/src/main/java/io/hops/hopsworks/common/security/OpensslOperations.java

@@ -307,9 +307,14 @@ private String signCSR(File csr, String csrStr, boolean isIntermediate, boolean
       fileName = subject.get("CN");
       if (isAppCertificate) {
         fileName = fileName + "__" + subject.get("O");
+        // OU field serves as the application certificate version
+        String ou = subject.get("OU");
+        if (ou != null) {
+          fileName += "__" + ou;
+        }
       }
     } catch (InterruptedException ex) {
-      LOG.log(Level.SEVERE, "Error while extracting CN out of CSR", ex);
+      LOG.log(Level.SEVERE, "Error while extracting Subject fields out of CSR", ex);
       throw new IOException(ex);
     }
     File signedCertificateFile;
@@ -323,11 +328,11 @@ private String signCSR(File csr, String csrStr, boolean isIntermediate, boolean
     long valueInDays = 3650;
     if (settings.isServiceKeyRotationEnabled() && isServiceCertificate) {
       String serviceKeyRotationIntervalRaw = settings.getServiceKeyRotationInterval();
-      Long intervalValue = Settings.getConfTimeValue(serviceKeyRotationIntervalRaw);
-      TimeUnit intervalTimeUnit = Settings.getConfTimeTimeUnit(serviceKeyRotationIntervalRaw);
-      valueInDays = TimeUnit.DAYS.convert(intervalValue, intervalTimeUnit);
-      // Add four more days to interval just to be sure
-      valueInDays += 4;
+    // Add four more days to interval just to be sure
+      valueInDays = getCertificateValidityInDays(serviceKeyRotationIntervalRaw) + 4;
+    } else if (isAppCertificate) {
+      String appCertificateValidityRaw = settings.getApplicationCertificateValidityPeriod();
+      valueInDays = getCertificateValidityInDays(appCertificateValidityRaw);
     }
 
     List<String> commands = new ArrayList<>();
@@ -347,6 +352,12 @@ private String signCSR(File csr, String csrStr, boolean isIntermediate, boolean
     return FileUtils.readFileToString(signedCertificateFile);
   }
 
+  private long getCertificateValidityInDays(String rawConfigurationProperty) {
+    Long timeValue = Settings.getConfTimeValue(rawConfigurationProperty);
+    TimeUnit unitValue = Settings.getConfTimeTimeUnit(rawConfigurationProperty);
+    return TimeUnit.DAYS.convert(timeValue, unitValue);
+  }
+
   private String executeCommand(List<String> commands, boolean redirectErrorStream) throws IOException {
     SystemCommandExecutor commandExecutor = new SystemCommandExecutor(commands, redirectErrorStream);
     try {

hopsworks-common/src/main/java/io/hops/hopsworks/common/util/Settings.java

@@ -471,6 +471,8 @@ private void populateCache() {
       VERIFICATION_PATH = setStrVar(VARIABLE_VERIFICATION_PATH, VERIFICATION_PATH);
       serviceKeyRotationEnabled = setBoolVar(SERVICE_KEY_ROTATION_ENABLED_KEY, serviceKeyRotationEnabled);
       serviceKeyRotationInterval = setStrVar(SERVICE_KEY_ROTATION_INTERVAL_KEY, serviceKeyRotationInterval);
+      applicationCertificateValidityPeriod = setStrVar(APPLICATION_CERTIFICATE_VALIDITY_PERIOD_KEY,
+          applicationCertificateValidityPeriod);
       populateDelaCache();
       populateLDAPCache();
       //Set Zeppelin Default Interpreter
@@ -2591,6 +2593,14 @@ public synchronized String getServiceKeyRotationInterval() {
     return serviceKeyRotationInterval;
   }
 
+  private static final String APPLICATION_CERTIFICATE_VALIDITY_PERIOD_KEY = "application_certificate_validity_period";
+  private String applicationCertificateValidityPeriod = "3d";
+
+  public synchronized String getApplicationCertificateValidityPeriod() {
+    checkCache();
+    return applicationCertificateValidityPeriod;
+  }
+
   public static Long getConfTimeValue(String configurationTime) {
     Matcher matcher = TIME_CONF_PATTERN.matcher(configurationTime.toLowerCase());
     if (!matcher.matches()) {