You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ym...@apache.org on 2016/11/09 21:50:17 UTC
nifi git commit: NIFI-2823 - Adding nifiDnPrefix,
nifiDnSuffix options to standalone tls-toolkit
Repository: nifi
Updated Branches:
refs/heads/master c441a8696 -> 0cc176553
NIFI-2823 - Adding nifiDnPrefix, nifiDnSuffix options to standalone tls-toolkit
Signed-off-by: Yolanda M. Davis <ym...@apache.org>
This closes #1066
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/0cc17655
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/0cc17655
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/0cc17655
Branch: refs/heads/master
Commit: 0cc176553101fe8bcb6b3f3c229cb8e1e4589236
Parents: c441a86
Author: Bryan Rosander <br...@apache.org>
Authored: Mon Sep 26 14:16:19 2016 -0400
Committer: Yolanda M. Davis <ym...@apache.org>
Committed: Wed Nov 9 16:49:04 2016 -0500
----------------------------------------------------------------------
.../tls/configuration/TlsClientConfig.java | 3 ++
.../toolkit/tls/configuration/TlsConfig.java | 40 ++++++++++++++++++--
.../BaseCertificateAuthorityCommandLine.java | 4 +-
.../tls/standalone/TlsToolkitStandalone.java | 3 +-
.../TlsToolkitStandaloneCommandLine.java | 12 ++++++
...rtificateAuthorityClientCommandLineTest.java | 2 +-
...sCertificateSigningRequestPerformerTest.java | 2 +-
...sCertificateAuthorityServiceHandlerTest.java | 2 +-
.../TlsToolkitStandaloneCommandLineTest.java | 16 ++++++++
.../standalone/TlsToolkitStandaloneTest.java | 18 +++++++++
10 files changed, 92 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi/blob/0cc17655/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/TlsClientConfig.java
----------------------------------------------------------------------
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/TlsClientConfig.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/TlsClientConfig.java
index 927771d..6d83460 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/TlsClientConfig.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/TlsClientConfig.java
@@ -42,6 +42,9 @@ public class TlsClientConfig extends TlsConfig {
setKeyPairAlgorithm(tlsConfig.getKeyPairAlgorithm());
setKeySize(tlsConfig.getKeySize());
setSigningAlgorithm(tlsConfig.getSigningAlgorithm());
+ setDnPrefix(tlsConfig.getDnPrefix());
+ setDnSuffix(tlsConfig.getDnSuffix());
+ setReorderDn(tlsConfig.getReorderDn());
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/0cc17655/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/TlsConfig.java
----------------------------------------------------------------------
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/TlsConfig.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/TlsConfig.java
index 255a546..780dfa6 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/TlsConfig.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/TlsConfig.java
@@ -31,6 +31,9 @@ public class TlsConfig {
public static final int DEFAULT_KEY_SIZE = 2048;
public static final String DEFAULT_KEY_PAIR_ALGORITHM = "RSA";
public static final String DEFAULT_SIGNING_ALGORITHM = "SHA256WITHRSA";
+ public static final String DEFAULT_DN_PREFIX = "CN=";
+ public static final String DEFAULT_DN_SUFFIX = ", OU=NIFI";
+ public static final boolean DEFAULT_REORDER_DN = true;
private int days = DEFAULT_DAYS;
private int keySize = DEFAULT_KEY_SIZE;
@@ -45,9 +48,16 @@ public class TlsConfig {
private String token;
private String caHostname = DEFAULT_HOSTNAME;
private int port = DEFAULT_PORT;
-
- public static String calcDefaultDn(String hostname) {
- return CertificateUtils.reorderDn("CN=" + hostname + ",OU=NIFI");
+ private String dnPrefix = DEFAULT_DN_PREFIX;
+ private String dnSuffix = DEFAULT_DN_SUFFIX;
+ private boolean reorderDn = DEFAULT_REORDER_DN;
+
+ public String calcDefaultDn(String hostname) {
+ String dn = dnPrefix + hostname + dnSuffix;
+ if (reorderDn) {
+ return CertificateUtils.reorderDn(dn);
+ }
+ return dn;
}
public int getPort() {
@@ -146,6 +156,30 @@ public class TlsConfig {
this.signingAlgorithm = signingAlgorithm;
}
+ public String getDnPrefix() {
+ return dnPrefix;
+ }
+
+ public void setDnPrefix(String dnPrefix) {
+ this.dnPrefix = dnPrefix;
+ }
+
+ public String getDnSuffix() {
+ return dnSuffix;
+ }
+
+ public void setDnSuffix(String dnSuffix) {
+ this.dnSuffix = dnSuffix;
+ }
+
+ public boolean getReorderDn() {
+ return reorderDn;
+ }
+
+ public void setReorderDn(boolean reorderDn) {
+ this.reorderDn = reorderDn;
+ }
+
public void initDefaults() {
if (days == 0) {
days = DEFAULT_DAYS;
http://git-wip-us.apache.org/repos/asf/nifi/blob/0cc17655/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java
----------------------------------------------------------------------
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java
index 3d4a4fb..e638bff 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java
@@ -53,7 +53,7 @@ public abstract class BaseCertificateAuthorityCommandLine extends BaseCommandLin
addOptionNoArg("F", USE_CONFIG_JSON_ARG, "Flag specifying that all configuration is read from " + CONFIG_JSON_ARG + " to facilitate automated use (otherwise "
+ CONFIG_JSON_ARG + " will only be written to.");
addOptionWithArg("p", PORT_ARG, getPortDescription(), TlsConfig.DEFAULT_PORT);
- addOptionWithArg("D", DN_ARG, getDnDescription(), TlsConfig.calcDefaultDn(getDnHostname()));
+ addOptionWithArg("D", DN_ARG, getDnDescription(), new TlsConfig().calcDefaultDn(getDnHostname()));
}
protected abstract String getTokenDescription();
@@ -82,7 +82,7 @@ public abstract class BaseCertificateAuthorityCommandLine extends BaseCommandLin
printUsageAndThrow(TOKEN_ARG + " argument must not be empty unless " + USE_CONFIG_JSON_ARG + " or " + READ_CONFIG_JSON_ARG+ " set", ExitCode.ERROR_TOKEN_ARG_EMPTY);
}
port = getIntValue(commandLine, PORT_ARG, TlsConfig.DEFAULT_PORT);
- dn = commandLine.getOptionValue(DN_ARG, TlsConfig.calcDefaultDn(getDnHostname()));
+ dn = commandLine.getOptionValue(DN_ARG, new TlsConfig().calcDefaultDn(getDnHostname()));
return commandLine;
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/0cc17655/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java
----------------------------------------------------------------------
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java
index e2726a8..4415b25 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java
@@ -21,7 +21,6 @@ import org.apache.nifi.security.util.CertificateUtils;
import org.apache.nifi.toolkit.tls.configuration.InstanceDefinition;
import org.apache.nifi.toolkit.tls.configuration.StandaloneConfig;
import org.apache.nifi.toolkit.tls.configuration.TlsClientConfig;
-import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
import org.apache.nifi.toolkit.tls.manager.BaseTlsManager;
import org.apache.nifi.toolkit.tls.manager.TlsCertificateAuthorityManager;
import org.apache.nifi.toolkit.tls.manager.TlsClientManager;
@@ -180,7 +179,7 @@ public class TlsToolkitStandalone {
tlsClientConfig.setTrustStorePassword(instanceDefinition.getTrustStorePassword());
TlsClientManager tlsClientManager = new TlsClientManager(tlsClientConfig);
KeyPair keyPair = TlsHelper.generateKeyPair(keyPairAlgorithm, keySize);
- tlsClientManager.addPrivateKeyToKeyStore(keyPair, NIFI_KEY, CertificateUtils.generateIssuedCertificate(TlsConfig.calcDefaultDn(hostname),
+ tlsClientManager.addPrivateKeyToKeyStore(keyPair, NIFI_KEY, CertificateUtils.generateIssuedCertificate(tlsClientConfig.calcDefaultDn(hostname),
keyPair.getPublic(), certificate, caKeyPair, signingAlgorithm, days), certificate);
tlsClientManager.setCertificateEntry(NIFI_CERT, certificate);
tlsClientManager.addClientConfigurationWriter(new NifiPropertiesTlsClientConfigWriter(niFiPropertiesWriterFactory, new File(hostDir, "nifi.properties"),
http://git-wip-us.apache.org/repos/asf/nifi/blob/0cc17655/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneCommandLine.java
----------------------------------------------------------------------
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneCommandLine.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneCommandLine.java
index f6d761f..e178789 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneCommandLine.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneCommandLine.java
@@ -23,6 +23,7 @@ import org.apache.nifi.toolkit.tls.commandLine.CommandLineParseException;
import org.apache.nifi.toolkit.tls.commandLine.ExitCode;
import org.apache.nifi.toolkit.tls.configuration.InstanceDefinition;
import org.apache.nifi.toolkit.tls.configuration.StandaloneConfig;
+import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
import org.apache.nifi.toolkit.tls.properties.NiFiPropertiesWriterFactory;
import org.apache.nifi.toolkit.tls.util.PasswordUtil;
import org.apache.nifi.toolkit.tls.util.TlsHelper;
@@ -56,6 +57,8 @@ public class TlsToolkitStandaloneCommandLine extends BaseCommandLine {
public static final String CLIENT_CERT_DN_ARG = "clientCertDn";
public static final String CLIENT_CERT_PASSWORD_ARG = "clientCertPassword";
public static final String GLOBAL_PORT_SEQUENCE_ARG = "globalPortSequence";
+ public static final String NIFI_DN_PREFIX_ARG = "nifiDnPrefix";
+ public static final String NIFI_DN_SUFFIX_ARG = "nifiDnSuffix";
public static final String DEFAULT_OUTPUT_DIRECTORY = "../" + Paths.get(".").toAbsolutePath().normalize().getFileName().toString();
@@ -71,6 +74,8 @@ public class TlsToolkitStandaloneCommandLine extends BaseCommandLine {
private List<String> clientPasswords;
private boolean clientPasswordsGenerated;
private boolean overwrite;
+ private String dnPrefix;
+ private String dnSuffix;
public TlsToolkitStandaloneCommandLine() {
this(new PasswordUtil());
@@ -89,6 +94,8 @@ public class TlsToolkitStandaloneCommandLine extends BaseCommandLine {
addOptionWithArg("B", CLIENT_CERT_PASSWORD_ARG, "Password for client certificate. Must either be one value or one for each client DN. (autogenerate if not specified)");
addOptionWithArg("G", GLOBAL_PORT_SEQUENCE_ARG, "Use sequential ports that are calculated for all hosts according to the provided hostname expressions. " +
"(Can be specified multiple times, MUST BE SAME FROM RUN TO RUN.)");
+ addOptionWithArg(null, NIFI_DN_PREFIX_ARG, "String to prepend to hostname(s) when determining DN.", TlsConfig.DEFAULT_DN_PREFIX);
+ addOptionWithArg(null, NIFI_DN_SUFFIX_ARG, "String to append to hostname(s) when determining DN.", TlsConfig.DEFAULT_DN_SUFFIX);
addOptionNoArg("O", OVERWRITE_ARG, "Overwrite existing host output.");
}
@@ -115,6 +122,9 @@ public class TlsToolkitStandaloneCommandLine extends BaseCommandLine {
String outputDirectory = commandLine.getOptionValue(OUTPUT_DIRECTORY_ARG, DEFAULT_OUTPUT_DIRECTORY);
baseDir = new File(outputDirectory);
+ dnPrefix = commandLine.getOptionValue(NIFI_DN_PREFIX_ARG, TlsConfig.DEFAULT_DN_PREFIX);
+ dnSuffix = commandLine.getOptionValue(NIFI_DN_SUFFIX_ARG, TlsConfig.DEFAULT_DN_SUFFIX);
+
Stream<String> globalOrderExpressions = null;
if (commandLine.hasOption(GLOBAL_PORT_SEQUENCE_ARG)) {
globalOrderExpressions = Arrays.stream(commandLine.getOptionValues(GLOBAL_PORT_SEQUENCE_ARG)).flatMap(s -> Arrays.stream(s.split(","))).map(String::trim);
@@ -207,6 +217,8 @@ public class TlsToolkitStandaloneCommandLine extends BaseCommandLine {
standaloneConfig.setKeyPairAlgorithm(getKeyAlgorithm());
standaloneConfig.setSigningAlgorithm(getSigningAlgorithm());
standaloneConfig.setDays(getDays());
+ standaloneConfig.setDnPrefix(dnPrefix);
+ standaloneConfig.setDnSuffix(dnSuffix);
standaloneConfig.initDefaults();
return standaloneConfig;
http://git-wip-us.apache.org/repos/asf/nifi/blob/0cc17655/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLineTest.java
----------------------------------------------------------------------
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLineTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLineTest.java
index b4e8748..e3d3be3 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLineTest.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLineTest.java
@@ -60,7 +60,7 @@ public class TlsCertificateAuthorityClientCommandLineTest {
TlsClientConfig clientConfig = tlsCertificateAuthorityClientCommandLine.createClientConfig();
assertEquals(TlsConfig.DEFAULT_HOSTNAME, clientConfig.getCaHostname());
- Assert.assertEquals(TlsConfig.calcDefaultDn(InetAddress.getLocalHost().getHostName()), clientConfig.getDn());
+ Assert.assertEquals(new TlsConfig().calcDefaultDn(InetAddress.getLocalHost().getHostName()), clientConfig.getDn());
assertEquals(TlsCertificateAuthorityClientCommandLine.KEYSTORE + TlsConfig.DEFAULT_KEY_STORE_TYPE.toLowerCase(), clientConfig.getKeyStore());
assertEquals(TlsConfig.DEFAULT_KEY_STORE_TYPE, clientConfig.getKeyStoreType());
assertNull(clientConfig.getKeyStorePassword());
http://git-wip-us.apache.org/repos/asf/nifi/blob/0cc17655/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateSigningRequestPerformerTest.java
----------------------------------------------------------------------
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateSigningRequestPerformerTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateSigningRequestPerformerTest.java
index bdc01df..0e2bf05 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateSigningRequestPerformerTest.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateSigningRequestPerformerTest.java
@@ -108,7 +108,7 @@ public class TlsCertificateSigningRequestPerformerTest {
when(tlsClientConfig.getToken()).thenReturn(testToken);
when(tlsClientConfig.getCaHostname()).thenReturn(testCaHostname);
- when(tlsClientConfig.getDn()).thenReturn(TlsConfig.calcDefaultDn(testCaHostname));
+ when(tlsClientConfig.getDn()).thenReturn(new TlsConfig().calcDefaultDn(testCaHostname));
when(tlsClientConfig.getPort()).thenReturn(testPort);
when(tlsClientConfig.createCertificateSigningRequestPerformer()).thenReturn(tlsCertificateSigningRequestPerformer);
when(tlsClientConfig.getSigningAlgorithm()).thenReturn(TlsConfig.DEFAULT_SIGNING_ALGORITHM);
http://git-wip-us.apache.org/repos/asf/nifi/blob/0cc17655/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceHandlerTest.java
----------------------------------------------------------------------
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceHandlerTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceHandlerTest.java
index 09bc8f0..12a0a08 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceHandlerTest.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceHandlerTest.java
@@ -126,7 +126,7 @@ public class TlsCertificateAuthorityServiceHandlerTest {
return new PrintWriter(response);
});
caCert = CertificateUtils.generateSelfSignedX509Certificate(keyPair, "CN=fakeCa", TlsConfig.DEFAULT_SIGNING_ALGORITHM, TlsConfig.DEFAULT_DAYS);
- requestedDn = TlsConfig.calcDefaultDn(TlsConfig.DEFAULT_HOSTNAME);
+ requestedDn = new TlsConfig().calcDefaultDn(TlsConfig.DEFAULT_HOSTNAME);
certificateKeyPair = TlsHelper.generateKeyPair(TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM, TlsConfig.DEFAULT_KEY_SIZE);
jcaPKCS10CertificationRequest = TlsHelper.generateCertificationRequest(requestedDn, certificateKeyPair, TlsConfig.DEFAULT_SIGNING_ALGORITHM);
testPemEncodedCsr = TlsHelper.pemEncodeJcaObject(jcaPKCS10CertificationRequest);
http://git-wip-us.apache.org/repos/asf/nifi/blob/0cc17655/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneCommandLineTest.java
----------------------------------------------------------------------
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneCommandLineTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneCommandLineTest.java
index d174748..c025e5d 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneCommandLineTest.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneCommandLineTest.java
@@ -276,6 +276,22 @@ public class TlsToolkitStandaloneCommandLineTest {
}
@Test
+ public void testNifiDnPrefix() throws CommandLineParseException {
+ String testPrefix = "O=apache, CN=";
+ tlsToolkitStandaloneCommandLine.parse("-n", "nifi", "--nifiDnPrefix", testPrefix);
+ StandaloneConfig config = tlsToolkitStandaloneCommandLine.createConfig();
+ assertEquals(testPrefix, config.getDnPrefix());
+ }
+
+ @Test
+ public void testNifiDnSuffix() throws CommandLineParseException {
+ String testSuffix = ", O=apache, OU=nifi";
+ tlsToolkitStandaloneCommandLine.parse("-n", "nifi", "--nifiDnSuffix", testSuffix);
+ StandaloneConfig config = tlsToolkitStandaloneCommandLine.createConfig();
+ assertEquals(testSuffix, config.getDnSuffix());
+ }
+
+ @Test
public void testClientDnDefault() throws CommandLineParseException {
tlsToolkitStandaloneCommandLine.parse();
assertEquals(Collections.emptyList(), tlsToolkitStandaloneCommandLine.createConfig().getClientDns());
http://git-wip-us.apache.org/repos/asf/nifi/blob/0cc17655/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java
----------------------------------------------------------------------
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java
index a8cf7a5..8779d96 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java
@@ -180,6 +180,16 @@ public class TlsToolkitStandaloneTest {
}
@Test
+ public void testDnArgs() throws Exception {
+ String nifiDnPrefix = "O=apache, CN=";
+ String nifiDnSuffix = ", OU=nifi";
+ runAndAssertExitCode(ExitCode.SUCCESS, "-o", tempDir.getAbsolutePath(), "-n", TlsConfig.DEFAULT_HOSTNAME,
+ "--" + TlsToolkitStandaloneCommandLine.NIFI_DN_PREFIX_ARG, nifiDnPrefix, "--" + TlsToolkitStandaloneCommandLine.NIFI_DN_SUFFIX_ARG, nifiDnSuffix);
+ X509Certificate x509Certificate = checkLoadCertPrivateKey(TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM);
+ checkHostDirAndReturnNifiProperties(TlsConfig.DEFAULT_HOSTNAME, nifiDnPrefix, nifiDnSuffix, x509Certificate);
+ }
+
+ @Test
public void testClientDnsArg() throws Exception {
String clientDn = "OU=NIFI,CN=testuser";
String clientDn2 = "OU=NIFI,CN=testuser2";
@@ -216,6 +226,10 @@ public class TlsToolkitStandaloneTest {
}
private Properties checkHostDirAndReturnNifiProperties(String hostname, X509Certificate rootCert) throws Exception {
+ return checkHostDirAndReturnNifiProperties(hostname, TlsConfig.DEFAULT_DN_PREFIX, TlsConfig.DEFAULT_DN_SUFFIX, rootCert);
+ }
+
+ private Properties checkHostDirAndReturnNifiProperties(String hostname, String dnPrefix, String dnSuffix, X509Certificate rootCert) throws Exception {
File hostDir = new File(tempDir, hostname);
Properties nifiProperties = new Properties();
try (InputStream inputStream = new FileInputStream(new File(hostDir, TlsToolkitStandalone.NIFI_PROPERTIES))) {
@@ -257,6 +271,10 @@ public class TlsToolkitStandaloneTest {
assertEquals(rootCert, certificateChain[1]);
certificateChain[1].verify(rootCert.getPublicKey());
certificateChain[0].verify(rootCert.getPublicKey());
+ TlsConfig tlsConfig = new TlsConfig();
+ tlsConfig.setDnPrefix(dnPrefix);
+ tlsConfig.setDnSuffix(dnSuffix);
+ assertEquals(tlsConfig.calcDefaultDn(hostname), CertificateUtils.convertAbstractX509Certificate(certificateChain[0]).getSubjectX500Principal().getName());
TlsCertificateAuthorityTest.assertPrivateAndPublicKeyMatch(privateKeyEntry.getPrivateKey(), certificateChain[0].getPublicKey());
return nifiProperties;
}