You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by jf...@apache.org on 2020/05/20 20:54:26 UTC

[nifi] branch master updated: NIFI-6571 Check token length on TLS toolkit server startup

This is an automated email from the ASF dual-hosted git repository.

jfrazee pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/master by this push:
     new a9e9e5d  NIFI-6571 Check token length on TLS toolkit server startup
a9e9e5d is described below

commit a9e9e5d137d9798888d3082dd1fbccef18c4fc50
Author: Pierre Villard <pi...@gmail.com>
AuthorDate: Mon Aug 19 23:29:13 2019 +0200

    NIFI-6571 Check token length on TLS toolkit server startup
    
    This closes #3659.
    
    Signed-off-by: Joey Frazee <jf...@apache.org>
---
 .../java/org/apache/nifi/toolkit/tls/commandLine/ExitCode.java   | 5 +++++
 .../toolkit/tls/service/BaseCertificateAuthorityCommandLine.java | 9 +++++++++
 .../client/TlsCertificateAuthorityClientCommandLineTest.java     | 2 +-
 .../server/TlsCertificateAuthorityServiceCommandLineTest.java    | 2 +-
 4 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/commandLine/ExitCode.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/commandLine/ExitCode.java
index 8456179..753cf18 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/commandLine/ExitCode.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/commandLine/ExitCode.java
@@ -67,6 +67,11 @@ public enum ExitCode {
     ERROR_TOKEN_ARG_EMPTY,
 
     /**
+     * Token does not meet minimum size of 16 bytes
+     */
+    ERROR_TOKEN_ARG_TOO_SHORT,
+
+    /**
      * Unable to read nifi.properties
      */
     ERROR_READING_NIFI_PROPERTIES,
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java
index e0f9e6d..8f56533 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java
@@ -25,6 +25,7 @@ import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
 import org.apache.nifi.util.StringUtils;
 
 import java.io.File;
+import java.nio.charset.StandardCharsets;
 
 /**
  * Common base argument logic for the CA server and client
@@ -81,6 +82,14 @@ public abstract class BaseCertificateAuthorityCommandLine extends BaseTlsToolkit
         if (StringUtils.isEmpty(token) && StringUtils.isEmpty(configJsonIn)) {
             printUsageAndThrow(TOKEN_ARG + " argument must not be empty unless " + USE_CONFIG_JSON_ARG + " or " + READ_CONFIG_JSON_ARG+ " set", ExitCode.ERROR_TOKEN_ARG_EMPTY);
         }
+
+        if (!StringUtils.isEmpty(token)) {
+            byte[] tokenBytes = token.getBytes(StandardCharsets.UTF_8);
+            if (tokenBytes.length < 16) {
+                printUsageAndThrow(TOKEN_ARG + " does not meet minimum size of 16 bytes", ExitCode.ERROR_TOKEN_ARG_TOO_SHORT);
+            }
+        }
+
         port = getIntValue(commandLine, PORT_ARG, TlsConfig.DEFAULT_PORT);
         dn = commandLine.getOptionValue(DN_ARG, new TlsConfig().calcDefaultDn(getDnHostname()));
         return commandLine;
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLineTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLineTest.java
index ef6e898..a752905 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLineTest.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLineTest.java
@@ -42,7 +42,7 @@ public class TlsCertificateAuthorityClientCommandLineTest {
     @Before
     public void setup() {
         tlsCertificateAuthorityClientCommandLine = new TlsCertificateAuthorityClientCommandLine();
-        testToken = "testToken";
+        testToken = "testToken16bytes";
     }
 
     @Test
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceCommandLineTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceCommandLineTest.java
index 0e4ad59..3e85a90 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceCommandLineTest.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceCommandLineTest.java
@@ -44,7 +44,7 @@ public class TlsCertificateAuthorityServiceCommandLineTest {
     @Before
     public void setup() {
         tlsCertificateAuthorityServiceCommandLine = new TlsCertificateAuthorityServiceCommandLine(inputStreamFactory);
-        testToken = "testToken";
+        testToken = "testToken16bytes";
     }
 
     @Test