You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@nifi.apache.org by "Andy LoPresto (JIRA)" <ji...@apache.org> on 2016/04/11 19:40:25 UTC

[jira] [Created] (NIFI-1753) Legacy X.509 certificate handling code should be upgraded

Andy LoPresto created NIFI-1753:
-----------------------------------

             Summary: Legacy X.509 certificate handling code should be upgraded
                 Key: NIFI-1753
                 URL: https://issues.apache.org/jira/browse/NIFI-1753
             Project: Apache NiFi
          Issue Type: Bug
          Components: Core Framework
    Affects Versions: 0.6.1
            Reporter: Andy LoPresto
            Assignee: Andy LoPresto


There are multiple instances throughout the codebase [1][2] where legacy `javax.security.cert.X509Certificate` class is used rather than the current (Java SE 6) `java.security.cert.X509Certificate`. The `javax.*` classes are provided for legacy compatibility with JSSE [3][4]. This can manifest as an exception:

`java.lang.ClassCastException: [Ljava.security.cert.X509Certificate; cannot be cast to [Ljavax.security.cert.X509Certificate`

The `CertificateFactory` class allows conversion to the new format. 

[1] https://git1-us-west.apache.org/repos/asf?p=nifi.git;a=blob;f=nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java;hb=ffbfffce
[2 ]https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/HandleHttpRequest.java#L40
[3] http://stackoverflow.com/a/24600621/70465
[4] https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSession.html#getPeerCertificates%28%29



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)