You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/01/23 05:06:26 UTC

[jira] [Commented] (NIFI-3382) Regenerate Test Certificates for NiFi-Web-Api

    [ https://issues.apache.org/jira/browse/NIFI-3382?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15833914#comment-15833914 ] 

ASF GitHub Bot commented on NIFI-3382:
--------------------------------------

GitHub user jvwing opened a pull request:

    https://github.com/apache/nifi/pull/1437

    NIFI-3382 New test keystore, truststore

    Thank you for submitting a contribution to Apache NiFi.
    
    In order to streamline the review of the contribution we ask you
    to ensure the following steps have been taken:
    
    ### For all changes:
    - [X] Is there a JIRA ticket associated with this PR? Is it referenced 
         in the commit message?
    
    - [X] Does your PR title start with NIFI-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
    
    - [X] Has your PR been rebased against the latest commit within the target branch (typically master)?
    
    - [X] Is your initial contribution a single, squashed commit?
    
    ### For code changes:
    - [ ] Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder?
    - [ ] Have you written or updated unit tests to verify your changes?
    - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? 
    - [ ] If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly?
    - [ ] If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly?
    - [ ] If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties?
    
    ### For documentation related changes:
    - [ ] Have you ensured that format looks appropriate for the output in which it is rendered?
    
    ---
    I generated new keystore `localhost-ks.jks` and truststore `localhost-ts.jks` to match the previous ones through the following incantation:
    
    ```
    keytool -genkeypair -alias localhost -keyalg RSA -storepass localtest -keypass localtest -keystore localhost-ks.jks -dname "CN=localhost, OU=Apache NiFi, O=Apache, L=Santa Monica, ST=CA, C=US" -startdate "2017/01/05" -validity 10000 -noprompt
    keytool -genkeypair -alias mykey -keyalg DSA -storepass localtest -keypass localtest -keystore localhost-ks.jks -dname "CN=localhost, OU=Testing, O=Research, L=Metropolis, ST=New York, C=US" -startdate "2017/01/05" -validity 10000 -noprompt
    
    keytool -exportcert -rfc -alias localhost -keystore localhost-ks.jks -storepass localtest -file localhost_cert.pem
    keytool -importcert -v -trustcacerts -alias localhost -file localhost_cert.pem -keystore localhost-ts.jks -storepass localtest -noprompt
    
    keytool -exportcert -rfc -alias mykey -keystore localhost-ks.jks -storepass localtest -file mykey_cert.pem
    keytool -importcert -v -trustcacerts -alias mykey -file mykey_cert.pem -keystore localhost-ts.jks -storepass localtest -noprompt
    ```
    
    They seem to make the 0.x unit tests and master integration tests happy.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/jvwing/nifi NIFI-3382-web-api-test-certs-1

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/nifi/pull/1437.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1437
    
----
commit 254c0fd45f75b211eaf997186b2cdb6931f99aac
Author: James Wing <jv...@gmail.com>
Date:   2017-01-23T04:36:25Z

    NIFI-3382 New test keystore, truststore

----


> Regenerate Test Certificates for NiFi-Web-Api
> ---------------------------------------------
>
>                 Key: NIFI-3382
>                 URL: https://issues.apache.org/jira/browse/NIFI-3382
>             Project: Apache NiFi
>          Issue Type: Task
>          Components: Core Framework
>    Affects Versions: 0.8.0, 1.2.0
>            Reporter: James Wing
>            Assignee: James Wing
>            Priority: Critical
>
> The certificates used by unit tests in nifi-web-api expired January 5, 2017.  The 0.x build has been failing since then reporting errors about the failed certificates:
> {quote}
> java.lang.Exception: Unable to populate initial flow: Client certificate for (CN=localhost, OU=Apache NiFi, O=Apache, L=Santa Monica, ST=CA, C=US) is expired.
> {quote}
> The master branch has the same keystore and truststore files, but the build is not breaking.  It appears the nifi-web-api security tests were reorganized as integration tests as part of the security work for 1.0.  The expiration errors are visible running integration tests via {{mvn failsafe:integration-test}}.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)