You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by jf...@apache.org on 2020/05/20 20:54:26 UTC
[nifi] branch master updated: NIFI-6571 Check token length on TLS
toolkit server startup
This is an automated email from the ASF dual-hosted git repository.
jfrazee pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new a9e9e5d NIFI-6571 Check token length on TLS toolkit server startup
a9e9e5d is described below
commit a9e9e5d137d9798888d3082dd1fbccef18c4fc50
Author: Pierre Villard <pi...@gmail.com>
AuthorDate: Mon Aug 19 23:29:13 2019 +0200
NIFI-6571 Check token length on TLS toolkit server startup
This closes #3659.
Signed-off-by: Joey Frazee <jf...@apache.org>
---
.../java/org/apache/nifi/toolkit/tls/commandLine/ExitCode.java | 5 +++++
.../toolkit/tls/service/BaseCertificateAuthorityCommandLine.java | 9 +++++++++
.../client/TlsCertificateAuthorityClientCommandLineTest.java | 2 +-
.../server/TlsCertificateAuthorityServiceCommandLineTest.java | 2 +-
4 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/commandLine/ExitCode.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/commandLine/ExitCode.java
index 8456179..753cf18 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/commandLine/ExitCode.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/commandLine/ExitCode.java
@@ -67,6 +67,11 @@ public enum ExitCode {
ERROR_TOKEN_ARG_EMPTY,
/**
+ * Token does not meet minimum size of 16 bytes
+ */
+ ERROR_TOKEN_ARG_TOO_SHORT,
+
+ /**
* Unable to read nifi.properties
*/
ERROR_READING_NIFI_PROPERTIES,
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java
index e0f9e6d..8f56533 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java
@@ -25,6 +25,7 @@ import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
import org.apache.nifi.util.StringUtils;
import java.io.File;
+import java.nio.charset.StandardCharsets;
/**
* Common base argument logic for the CA server and client
@@ -81,6 +82,14 @@ public abstract class BaseCertificateAuthorityCommandLine extends BaseTlsToolkit
if (StringUtils.isEmpty(token) && StringUtils.isEmpty(configJsonIn)) {
printUsageAndThrow(TOKEN_ARG + " argument must not be empty unless " + USE_CONFIG_JSON_ARG + " or " + READ_CONFIG_JSON_ARG+ " set", ExitCode.ERROR_TOKEN_ARG_EMPTY);
}
+
+ if (!StringUtils.isEmpty(token)) {
+ byte[] tokenBytes = token.getBytes(StandardCharsets.UTF_8);
+ if (tokenBytes.length < 16) {
+ printUsageAndThrow(TOKEN_ARG + " does not meet minimum size of 16 bytes", ExitCode.ERROR_TOKEN_ARG_TOO_SHORT);
+ }
+ }
+
port = getIntValue(commandLine, PORT_ARG, TlsConfig.DEFAULT_PORT);
dn = commandLine.getOptionValue(DN_ARG, new TlsConfig().calcDefaultDn(getDnHostname()));
return commandLine;
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLineTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLineTest.java
index ef6e898..a752905 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLineTest.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLineTest.java
@@ -42,7 +42,7 @@ public class TlsCertificateAuthorityClientCommandLineTest {
@Before
public void setup() {
tlsCertificateAuthorityClientCommandLine = new TlsCertificateAuthorityClientCommandLine();
- testToken = "testToken";
+ testToken = "testToken16bytes";
}
@Test
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceCommandLineTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceCommandLineTest.java
index 0e4ad59..3e85a90 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceCommandLineTest.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceCommandLineTest.java
@@ -44,7 +44,7 @@ public class TlsCertificateAuthorityServiceCommandLineTest {
@Before
public void setup() {
tlsCertificateAuthorityServiceCommandLine = new TlsCertificateAuthorityServiceCommandLine(inputStreamFactory);
- testToken = "testToken";
+ testToken = "testToken16bytes";
}
@Test