You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ex...@apache.org on 2021/06/16 12:18:02 UTC
[nifi] branch main updated: NIFI-8701 - Log Self-Signed Certificate
Hash on Generate
This is an automated email from the ASF dual-hosted git repository.
exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 0f1c944 NIFI-8701 - Log Self-Signed Certificate Hash on Generate
0f1c944 is described below
commit 0f1c9445f0418741e06651b1fe56d3ad981b4963
Author: Paul Grey <gr...@yahoo.com>
AuthorDate: Mon Jun 14 18:54:49 2021 -0400
NIFI-8701 - Log Self-Signed Certificate Hash on Generate
This closes #5159
Signed-off-by: David Handermann <ex...@apache.org>
---
.../apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java b/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
index 2c2007e..60d1f7e 100644
--- a/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
+++ b/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
@@ -16,6 +16,7 @@
*/
package org.apache.nifi.bootstrap.util;
+import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.security.util.KeyStoreUtils;
import org.apache.nifi.security.util.StandardTlsConfiguration;
@@ -35,10 +36,14 @@ import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.cert.Certificate;
import java.time.LocalDate;
import java.time.temporal.ChronoUnit;
+import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
+import java.util.Locale;
import java.util.Properties;
import java.util.Set;
import java.util.stream.Collectors;
@@ -117,6 +122,17 @@ public class SecureNiFiConfigUtil {
String[] subjectAlternativeNames = getSubjectAlternativeNames(nifiProperties, cmdLogger);
tlsConfiguration = KeyStoreUtils.createTlsConfigAndNewKeystoreTruststore(StandardTlsConfiguration
.fromNiFiProperties(nifiProperties), CERT_DURATION_DAYS, subjectAlternativeNames);
+ final KeyStore keyStore = KeyStoreUtils.loadKeyStore(tlsConfiguration.getKeystorePath(),
+ tlsConfiguration.getKeystorePassword().toCharArray(), tlsConfiguration.getKeystoreType().getType());
+ final Enumeration<String> aliases = keyStore.aliases();
+ while (aliases.hasMoreElements()) {
+ final String alias = aliases.nextElement();
+ final Certificate certificate = keyStore.getCertificate(alias);
+ if (certificate != null) {
+ final String sha256 = DigestUtils.sha256Hex(certificate.getEncoded());
+ cmdLogger.info("Generated Self-Signed Certificate SHA-256: {}", sha256.toUpperCase(Locale.ROOT));
+ }
+ }
} catch (GeneralSecurityException e) {
throw new RuntimeException(e);
}