Search in sources :

Example 1 with TlsConfig

use of org.apache.nifi.toolkit.tls.configuration.TlsConfig in project nifi by apache.

the class BaseCertificateAuthorityCommandLine method doParse.

@Override
protected CommandLine doParse(String[] args) throws CommandLineParseException {
    CommandLine commandLine = super.doParse(args);
    token = commandLine.getOptionValue(TOKEN_ARG);
    boolean useConfigJson = commandLine.hasOption(USE_CONFIG_JSON_ARG);
    configJsonOut = commandLine.getOptionValue(CONFIG_JSON_ARG, DEFAULT_CONFIG_JSON);
    configJsonIn = commandLine.getOptionValue(READ_CONFIG_JSON_ARG);
    if (StringUtils.isEmpty(configJsonIn) && useConfigJson) {
        configJsonIn = configJsonOut;
    }
    if (StringUtils.isEmpty(token) && StringUtils.isEmpty(configJsonIn)) {
        printUsageAndThrow(TOKEN_ARG + " argument must not be empty unless " + USE_CONFIG_JSON_ARG + " or " + READ_CONFIG_JSON_ARG + " set", ExitCode.ERROR_TOKEN_ARG_EMPTY);
    }
    port = getIntValue(commandLine, PORT_ARG, TlsConfig.DEFAULT_PORT);
    dn = commandLine.getOptionValue(DN_ARG, new TlsConfig().calcDefaultDn(getDnHostname()));
    return commandLine;
}
Also used : BaseTlsToolkitCommandLine(org.apache.nifi.toolkit.tls.commandLine.BaseTlsToolkitCommandLine) CommandLine(org.apache.commons.cli.CommandLine) TlsConfig(org.apache.nifi.toolkit.tls.configuration.TlsConfig)

Example 2 with TlsConfig

use of org.apache.nifi.toolkit.tls.configuration.TlsConfig in project nifi by apache.

the class TlsCertificateAuthorityTest method setup.

@Before
public void setup() throws FileNotFoundException {
    objectMapper = new ObjectMapper();
    serverConfigFile = new File("fake.server.config");
    clientConfigFile = new File("fake.client.config");
    String serverKeyStore = "serverKeyStore";
    String clientKeyStore = "clientKeyStore";
    String clientTrustStore = "clientTrustStore";
    serverKeyStoreOutputStream = new ByteArrayOutputStream();
    clientKeyStoreOutputStream = new ByteArrayOutputStream();
    clientTrustStoreOutputStream = new ByteArrayOutputStream();
    serverConfigFileOutputStream = new ByteArrayOutputStream();
    clientConfigFileOutputStream = new ByteArrayOutputStream();
    String myTestTokenUseSomethingStronger = "myTestTokenUseSomethingStronger";
    int port = availablePort();
    serverConfig = new TlsConfig();
    serverConfig.setCaHostname("localhost");
    serverConfig.setToken(myTestTokenUseSomethingStronger);
    serverConfig.setKeyStore(serverKeyStore);
    serverConfig.setPort(port);
    serverConfig.setDays(5);
    serverConfig.setKeySize(2048);
    serverConfig.initDefaults();
    clientConfig = new TlsClientConfig();
    clientConfig.setCaHostname("localhost");
    clientConfig.setDn("OU=NIFI,CN=otherHostname");
    clientConfig.setKeyStore(clientKeyStore);
    clientConfig.setTrustStore(clientTrustStore);
    clientConfig.setToken(myTestTokenUseSomethingStronger);
    clientConfig.setPort(port);
    clientConfig.setKeySize(2048);
    clientConfig.initDefaults();
    outputStreamFactory = mock(OutputStreamFactory.class);
    mockReturnOutputStream(outputStreamFactory, new File(serverKeyStore), serverKeyStoreOutputStream);
    mockReturnOutputStream(outputStreamFactory, new File(clientKeyStore), clientKeyStoreOutputStream);
    mockReturnOutputStream(outputStreamFactory, new File(clientTrustStore), clientTrustStoreOutputStream);
    mockReturnOutputStream(outputStreamFactory, serverConfigFile, serverConfigFileOutputStream);
    mockReturnOutputStream(outputStreamFactory, clientConfigFile, clientConfigFileOutputStream);
    inputStreamFactory = mock(InputStreamFactory.class);
    mockReturnProperties(inputStreamFactory, serverConfigFile, serverConfig);
    mockReturnProperties(inputStreamFactory, clientConfigFile, clientConfig);
}
Also used : TlsClientConfig(org.apache.nifi.toolkit.tls.configuration.TlsClientConfig) OutputStreamFactory(org.apache.nifi.toolkit.tls.util.OutputStreamFactory) TlsConfig(org.apache.nifi.toolkit.tls.configuration.TlsConfig) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InputStreamFactory(org.apache.nifi.toolkit.tls.util.InputStreamFactory) File(java.io.File) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Before(org.junit.Before)

Example 3 with TlsConfig

use of org.apache.nifi.toolkit.tls.configuration.TlsConfig in project nifi by apache.

the class TlsCertificateAuthorityServiceCommandLineTest method testDefaults.

@Test
public void testDefaults() throws CommandLineParseException, IOException {
    tlsCertificateAuthorityServiceCommandLine.parse("-t", testToken);
    assertEquals(BaseCertificateAuthorityCommandLine.DEFAULT_CONFIG_JSON, tlsCertificateAuthorityServiceCommandLine.getConfigJsonOut());
    assertNull(tlsCertificateAuthorityServiceCommandLine.getConfigJsonIn());
    TlsConfig tlsConfig = tlsCertificateAuthorityServiceCommandLine.createConfig();
    assertEquals(TlsConfig.DEFAULT_HOSTNAME, tlsConfig.getCaHostname());
    assertEquals(testToken, tlsConfig.getToken());
    assertEquals(TlsConfig.DEFAULT_PORT, tlsConfig.getPort());
    assertEquals(TlsConfig.DEFAULT_KEY_STORE_TYPE, tlsConfig.getKeyStoreType());
    assertEquals(TlsCertificateAuthorityServiceCommandLine.NIFI_CA_KEYSTORE + tlsConfig.getKeyStoreType().toLowerCase(), tlsConfig.getKeyStore());
    assertNull(tlsConfig.getKeyStorePassword());
    assertNull(tlsConfig.getKeyPassword());
    assertEquals(TlsConfig.DEFAULT_KEY_SIZE, tlsConfig.getKeySize());
    assertEquals(TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM, tlsConfig.getKeyPairAlgorithm());
    assertEquals(TlsConfig.DEFAULT_SIGNING_ALGORITHM, tlsConfig.getSigningAlgorithm());
    assertEquals(TlsConfig.DEFAULT_DAYS, tlsConfig.getDays());
}
Also used : TlsConfig(org.apache.nifi.toolkit.tls.configuration.TlsConfig) Test(org.junit.Test)

Example 4 with TlsConfig

use of org.apache.nifi.toolkit.tls.configuration.TlsConfig in project nifi by apache.

the class TlsCertificateAuthorityServiceHandlerTest method setup.

@Before
public void setup() throws Exception {
    testToken = "testTokenTestToken";
    testPemEncodedSignedCertificate = "testPemEncodedSignedCertificate";
    keyPair = TlsHelper.generateKeyPair(TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM, TlsConfig.DEFAULT_KEY_SIZE);
    objectMapper = new ObjectMapper();
    when(httpServletRequest.getReader()).thenAnswer(invocation -> {
        StringWriter stringWriter = new StringWriter();
        objectMapper.writeValue(stringWriter, tlsCertificateAuthorityRequest);
        return new BufferedReader(new StringReader(stringWriter.toString()));
    });
    doAnswer(invocation -> statusCode = (int) invocation.getArguments()[0]).when(httpServletResponse).setStatus(anyInt());
    doAnswer(invocation -> {
        statusCode = (int) invocation.getArguments()[0];
        StringWriter stringWriter = new StringWriter();
        stringWriter.write((String) invocation.getArguments()[1]);
        response = stringWriter;
        return null;
    }).when(httpServletResponse).sendError(anyInt(), anyString());
    when(httpServletResponse.getWriter()).thenAnswer(invocation -> {
        response = new StringWriter();
        return new PrintWriter(response);
    });
    caCert = CertificateUtils.generateSelfSignedX509Certificate(keyPair, "CN=fakeCa", TlsConfig.DEFAULT_SIGNING_ALGORITHM, TlsConfig.DEFAULT_DAYS);
    requestedDn = new TlsConfig().calcDefaultDn(TlsConfig.DEFAULT_HOSTNAME);
    certificateKeyPair = TlsHelper.generateKeyPair(TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM, TlsConfig.DEFAULT_KEY_SIZE);
    jcaPKCS10CertificationRequest = TlsHelper.generateCertificationRequest(requestedDn, null, certificateKeyPair, TlsConfig.DEFAULT_SIGNING_ALGORITHM);
    testPemEncodedCsr = TlsHelper.pemEncodeJcaObject(jcaPKCS10CertificationRequest);
    tlsCertificateAuthorityServiceHandler = new TlsCertificateAuthorityServiceHandler(TlsConfig.DEFAULT_SIGNING_ALGORITHM, TlsConfig.DEFAULT_DAYS, testToken, caCert, keyPair, objectMapper);
    testHmac = TlsHelper.calculateHMac(testToken, jcaPKCS10CertificationRequest.getPublicKey());
    testCaHmac = TlsHelper.calculateHMac(testToken, caCert.getPublicKey());
}
Also used : StringWriter(java.io.StringWriter) BufferedReader(java.io.BufferedReader) StringReader(java.io.StringReader) TlsConfig(org.apache.nifi.toolkit.tls.configuration.TlsConfig) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) PrintWriter(java.io.PrintWriter) Before(org.junit.Before)

Example 5 with TlsConfig

use of org.apache.nifi.toolkit.tls.configuration.TlsConfig in project nifi by apache.

the class TlsToolkitStandaloneTest method checkHostDirAndReturnNifiProperties.

private Properties checkHostDirAndReturnNifiProperties(String hostname, String dnPrefix, String dnSuffix, X509Certificate rootCert) throws Exception {
    File hostDir = new File(tempDir, hostname);
    Properties nifiProperties = new Properties();
    try (InputStream inputStream = new FileInputStream(new File(hostDir, TlsToolkitStandalone.NIFI_PROPERTIES))) {
        nifiProperties.load(inputStream);
    }
    String trustStoreType = nifiProperties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE);
    assertEquals(KeystoreType.JKS.toString().toLowerCase(), trustStoreType.toLowerCase());
    KeyStore trustStore = KeyStoreUtils.getTrustStore(trustStoreType);
    try (InputStream inputStream = new FileInputStream(new File(hostDir, "truststore." + trustStoreType))) {
        trustStore.load(inputStream, nifiProperties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD).toCharArray());
    }
    String trustStoreFilename = BaseTlsToolkitCommandLine.TRUSTSTORE + trustStoreType;
    assertEquals("./conf/" + trustStoreFilename, nifiProperties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE));
    Certificate certificate = trustStore.getCertificate(TlsToolkitStandalone.NIFI_CERT);
    assertEquals(rootCert, certificate);
    String keyStoreType = nifiProperties.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE);
    String keyStoreFilename = BaseTlsToolkitCommandLine.KEYSTORE + keyStoreType;
    File keyStoreFile = new File(hostDir, keyStoreFilename);
    assertEquals("./conf/" + keyStoreFilename, nifiProperties.getProperty(NiFiProperties.SECURITY_KEYSTORE));
    KeyStore keyStore = KeyStoreUtils.getKeyStore(keyStoreType);
    char[] keyStorePassword = nifiProperties.getProperty(NiFiProperties.SECURITY_KEYSTORE_PASSWD).toCharArray();
    try (InputStream inputStream = new FileInputStream(keyStoreFile)) {
        keyStore.load(inputStream, keyStorePassword);
    }
    char[] keyPassword = nifiProperties.getProperty(NiFiProperties.SECURITY_KEY_PASSWD).toCharArray();
    if (keyPassword == null || keyPassword.length == 0) {
        keyPassword = keyStorePassword;
    }
    KeyStore.Entry entry = keyStore.getEntry(TlsToolkitStandalone.NIFI_KEY, new KeyStore.PasswordProtection(keyPassword));
    assertEquals(KeyStore.PrivateKeyEntry.class, entry.getClass());
    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
    Certificate[] certificateChain = privateKeyEntry.getCertificateChain();
    assertEquals(2, certificateChain.length);
    assertEquals(rootCert, certificateChain[1]);
    certificateChain[1].verify(rootCert.getPublicKey());
    certificateChain[0].verify(rootCert.getPublicKey());
    TlsConfig tlsConfig = new TlsConfig();
    tlsConfig.setDnPrefix(dnPrefix);
    tlsConfig.setDnSuffix(dnSuffix);
    assertEquals(tlsConfig.calcDefaultDn(hostname), CertificateUtils.convertAbstractX509Certificate(certificateChain[0]).getSubjectX500Principal().getName());
    TlsCertificateAuthorityTest.assertPrivateAndPublicKeyMatch(privateKeyEntry.getPrivateKey(), certificateChain[0].getPublicKey());
    return nifiProperties;
}
Also used : FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) Properties(java.util.Properties) NiFiProperties(org.apache.nifi.util.NiFiProperties) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) TlsConfig(org.apache.nifi.toolkit.tls.configuration.TlsConfig) File(java.io.File) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

TlsConfig (org.apache.nifi.toolkit.tls.configuration.TlsConfig)10 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)4 File (java.io.File)3 Before (org.junit.Before)3 Test (org.junit.Test)3 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2 FileInputStream (java.io.FileInputStream)2 InputStream (java.io.InputStream)2 KeyPair (java.security.KeyPair)2 KeyStore (java.security.KeyStore)2 X509Certificate (java.security.cert.X509Certificate)2 TlsClientConfig (org.apache.nifi.toolkit.tls.configuration.TlsClientConfig)2 BufferedReader (java.io.BufferedReader)1 IOException (java.io.IOException)1 PrintWriter (java.io.PrintWriter)1 StringReader (java.io.StringReader)1 StringWriter (java.io.StringWriter)1 Field (java.lang.reflect.Field)1 Certificate (java.security.cert.Certificate)1 ArrayList (java.util.ArrayList)1