You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ex...@apache.org on 2021/06/16 12:18:02 UTC

[nifi] branch main updated: NIFI-8701 - Log Self-Signed Certificate Hash on Generate

This is an automated email from the ASF dual-hosted git repository.

exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/main by this push:
     new 0f1c944  NIFI-8701 - Log Self-Signed Certificate Hash on Generate
0f1c944 is described below

commit 0f1c9445f0418741e06651b1fe56d3ad981b4963
Author: Paul Grey <gr...@yahoo.com>
AuthorDate: Mon Jun 14 18:54:49 2021 -0400

    NIFI-8701 - Log Self-Signed Certificate Hash on Generate
    
    This closes #5159
    
    Signed-off-by: David Handermann <ex...@apache.org>
---
 .../apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java b/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
index 2c2007e..60d1f7e 100644
--- a/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
+++ b/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
@@ -16,6 +16,7 @@
  */
 package org.apache.nifi.bootstrap.util;
 
+import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.nifi.security.util.KeyStoreUtils;
 import org.apache.nifi.security.util.StandardTlsConfiguration;
@@ -35,10 +36,14 @@ import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.nio.file.StandardCopyOption;
 import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.cert.Certificate;
 import java.time.LocalDate;
 import java.time.temporal.ChronoUnit;
+import java.util.Enumeration;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Locale;
 import java.util.Properties;
 import java.util.Set;
 import java.util.stream.Collectors;
@@ -117,6 +122,17 @@ public class SecureNiFiConfigUtil {
                 String[] subjectAlternativeNames = getSubjectAlternativeNames(nifiProperties, cmdLogger);
                 tlsConfiguration = KeyStoreUtils.createTlsConfigAndNewKeystoreTruststore(StandardTlsConfiguration
                         .fromNiFiProperties(nifiProperties), CERT_DURATION_DAYS, subjectAlternativeNames);
+                final KeyStore keyStore = KeyStoreUtils.loadKeyStore(tlsConfiguration.getKeystorePath(),
+                        tlsConfiguration.getKeystorePassword().toCharArray(), tlsConfiguration.getKeystoreType().getType());
+                final Enumeration<String> aliases = keyStore.aliases();
+                while (aliases.hasMoreElements()) {
+                    final String alias = aliases.nextElement();
+                    final Certificate certificate = keyStore.getCertificate(alias);
+                    if (certificate != null) {
+                        final String sha256 = DigestUtils.sha256Hex(certificate.getEncoded());
+                        cmdLogger.info("Generated Self-Signed Certificate SHA-256: {}", sha256.toUpperCase(Locale.ROOT));
+                    }
+                }
             } catch (GeneralSecurityException e) {
                 throw new RuntimeException(e);
             }