You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ch...@apache.org on 2023/01/24 15:06:28 UTC
[nifi] branch main updated: NIFI-10932 Changed PKCS12 KeyStore Type Provider to SunJSSE
This is an automated email from the ASF dual-hosted git repository.
chriss pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 4b97936d38 NIFI-10932 Changed PKCS12 KeyStore Type Provider to SunJSSE
4b97936d38 is described below
commit 4b97936d383adaad57a56f08bacc70289893d34c
Author: exceptionfactory <ex...@apache.org>
AuthorDate: Mon Jan 23 21:24:49 2023 -0600
NIFI-10932 Changed PKCS12 KeyStore Type Provider to SunJSSE
- Changed from Bouncy Castle to Sun JSSE Provider for Key Stores to improve reading and writing Trust Stores formatted in PKCS12
- Updated TLS Toolkit Key Password handling to remove setting null for PKCS12
Signed-off-by: Chris Sampson <ch...@gmail.com>
This closes #6881
---
.../apache/nifi/security/util/KeyStoreUtils.java | 2 +-
.../nifi/toolkit/tls/manager/BaseTlsManager.java | 22 ++++++++--------------
.../tls/standalone/TlsToolkitStandaloneTest.java | 3 ++-
3 files changed, 11 insertions(+), 16 deletions(-)
diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeyStoreUtils.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeyStoreUtils.java
index 43539b267d..2c00e52b67 100644
--- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeyStoreUtils.java
+++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeyStoreUtils.java
@@ -83,7 +83,7 @@ public class KeyStoreUtils {
Security.addProvider(new BouncyCastleProvider());
KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.BCFKS.getType(), BouncyCastleProvider.PROVIDER_NAME);
- KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.PKCS12.getType(), BouncyCastleProvider.PROVIDER_NAME);
+ KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.PKCS12.getType(), SUN_JSSE_PROVIDER_NAME);
KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.JKS.getType(), SUN_PROVIDER_NAME);
SECRET_KEY_STORE_PROVIDERS.put(KeystoreType.BCFKS, BouncyCastleProvider.PROVIDER_NAME);
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/manager/BaseTlsManager.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/manager/BaseTlsManager.java
index 6e1eb67d74..a5a5d1c082 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/manager/BaseTlsManager.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/manager/BaseTlsManager.java
@@ -17,7 +17,6 @@
package org.apache.nifi.toolkit.tls.manager;
-import org.apache.nifi.security.util.KeystoreType;
import org.apache.nifi.security.util.KeyStoreUtils;
import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
import org.apache.nifi.toolkit.tls.manager.writer.ConfigurationWriter;
@@ -108,21 +107,16 @@ public class BaseTlsManager {
}
private String getKeyPassword() {
- if (keyStore.getType().equalsIgnoreCase(KeystoreType.PKCS12.toString())) {
- tlsConfig.setKeyPassword(null);
- return null;
- } else {
- String result = tlsConfig.getKeyPassword();
- if (StringUtils.isEmpty(result)) {
- if (differentKeyAndKeyStorePassword) {
- result = passwordUtil.generatePassword();
- } else {
- result = getKeyStorePassword();
- }
- tlsConfig.setKeyPassword(result);
+ String result = tlsConfig.getKeyPassword();
+ if (StringUtils.isEmpty(result)) {
+ if (differentKeyAndKeyStorePassword) {
+ result = passwordUtil.generatePassword();
+ } else {
+ result = getKeyStorePassword();
}
- return result;
+ tlsConfig.setKeyPassword(result);
}
+ return result;
}
private String getKeyStorePassword() {
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java
index 058c9220d9..6c6edf535d 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java
@@ -200,8 +200,9 @@ public class TlsToolkitStandaloneTest {
@Test
public void testKeyStoreTypeArg() throws Exception {
+ final String certificateAuthorityHostname = "certificate-authority";
runAndAssertExitCode(ExitCode.SUCCESS, "-o", tempDir.getAbsolutePath(), "-n", TlsConfig.DEFAULT_HOSTNAME, "-T", KeystoreType.PKCS12.toString().toLowerCase(),
- "-K", "change", "-S", "change", "-P", "change");
+ "-K", "change", "-S", "change", "-P", "change", "-c", certificateAuthorityHostname);
X509Certificate x509Certificate = checkLoadCertPrivateKey(TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM);
checkHostDirAndReturnNifiProperties(TlsConfig.DEFAULT_HOSTNAME, x509Certificate);
}