use of org.apache.nifi.toolkit.tls.configuration.TlsConfig in project nifi by apache.
the class BaseCertificateAuthorityCommandLine method doParse.
@Override
protected CommandLine doParse(String[] args) throws CommandLineParseException {
CommandLine commandLine = super.doParse(args);
token = commandLine.getOptionValue(TOKEN_ARG);
boolean useConfigJson = commandLine.hasOption(USE_CONFIG_JSON_ARG);
configJsonOut = commandLine.getOptionValue(CONFIG_JSON_ARG, DEFAULT_CONFIG_JSON);
configJsonIn = commandLine.getOptionValue(READ_CONFIG_JSON_ARG);
if (StringUtils.isEmpty(configJsonIn) && useConfigJson) {
configJsonIn = configJsonOut;
}
if (StringUtils.isEmpty(token) && StringUtils.isEmpty(configJsonIn)) {
printUsageAndThrow(TOKEN_ARG + " argument must not be empty unless " + USE_CONFIG_JSON_ARG + " or " + READ_CONFIG_JSON_ARG + " set", ExitCode.ERROR_TOKEN_ARG_EMPTY);
}
port = getIntValue(commandLine, PORT_ARG, TlsConfig.DEFAULT_PORT);
dn = commandLine.getOptionValue(DN_ARG, new TlsConfig().calcDefaultDn(getDnHostname()));
return commandLine;
}
use of org.apache.nifi.toolkit.tls.configuration.TlsConfig in project nifi by apache.
the class TlsCertificateAuthorityTest method setup.
@Before
public void setup() throws FileNotFoundException {
objectMapper = new ObjectMapper();
serverConfigFile = new File("fake.server.config");
clientConfigFile = new File("fake.client.config");
String serverKeyStore = "serverKeyStore";
String clientKeyStore = "clientKeyStore";
String clientTrustStore = "clientTrustStore";
serverKeyStoreOutputStream = new ByteArrayOutputStream();
clientKeyStoreOutputStream = new ByteArrayOutputStream();
clientTrustStoreOutputStream = new ByteArrayOutputStream();
serverConfigFileOutputStream = new ByteArrayOutputStream();
clientConfigFileOutputStream = new ByteArrayOutputStream();
String myTestTokenUseSomethingStronger = "myTestTokenUseSomethingStronger";
int port = availablePort();
serverConfig = new TlsConfig();
serverConfig.setCaHostname("localhost");
serverConfig.setToken(myTestTokenUseSomethingStronger);
serverConfig.setKeyStore(serverKeyStore);
serverConfig.setPort(port);
serverConfig.setDays(5);
serverConfig.setKeySize(2048);
serverConfig.initDefaults();
clientConfig = new TlsClientConfig();
clientConfig.setCaHostname("localhost");
clientConfig.setDn("OU=NIFI,CN=otherHostname");
clientConfig.setKeyStore(clientKeyStore);
clientConfig.setTrustStore(clientTrustStore);
clientConfig.setToken(myTestTokenUseSomethingStronger);
clientConfig.setPort(port);
clientConfig.setKeySize(2048);
clientConfig.initDefaults();
outputStreamFactory = mock(OutputStreamFactory.class);
mockReturnOutputStream(outputStreamFactory, new File(serverKeyStore), serverKeyStoreOutputStream);
mockReturnOutputStream(outputStreamFactory, new File(clientKeyStore), clientKeyStoreOutputStream);
mockReturnOutputStream(outputStreamFactory, new File(clientTrustStore), clientTrustStoreOutputStream);
mockReturnOutputStream(outputStreamFactory, serverConfigFile, serverConfigFileOutputStream);
mockReturnOutputStream(outputStreamFactory, clientConfigFile, clientConfigFileOutputStream);
inputStreamFactory = mock(InputStreamFactory.class);
mockReturnProperties(inputStreamFactory, serverConfigFile, serverConfig);
mockReturnProperties(inputStreamFactory, clientConfigFile, clientConfig);
}
use of org.apache.nifi.toolkit.tls.configuration.TlsConfig in project nifi by apache.
the class TlsCertificateAuthorityServiceCommandLineTest method testDefaults.
@Test
public void testDefaults() throws CommandLineParseException, IOException {
tlsCertificateAuthorityServiceCommandLine.parse("-t", testToken);
assertEquals(BaseCertificateAuthorityCommandLine.DEFAULT_CONFIG_JSON, tlsCertificateAuthorityServiceCommandLine.getConfigJsonOut());
assertNull(tlsCertificateAuthorityServiceCommandLine.getConfigJsonIn());
TlsConfig tlsConfig = tlsCertificateAuthorityServiceCommandLine.createConfig();
assertEquals(TlsConfig.DEFAULT_HOSTNAME, tlsConfig.getCaHostname());
assertEquals(testToken, tlsConfig.getToken());
assertEquals(TlsConfig.DEFAULT_PORT, tlsConfig.getPort());
assertEquals(TlsConfig.DEFAULT_KEY_STORE_TYPE, tlsConfig.getKeyStoreType());
assertEquals(TlsCertificateAuthorityServiceCommandLine.NIFI_CA_KEYSTORE + tlsConfig.getKeyStoreType().toLowerCase(), tlsConfig.getKeyStore());
assertNull(tlsConfig.getKeyStorePassword());
assertNull(tlsConfig.getKeyPassword());
assertEquals(TlsConfig.DEFAULT_KEY_SIZE, tlsConfig.getKeySize());
assertEquals(TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM, tlsConfig.getKeyPairAlgorithm());
assertEquals(TlsConfig.DEFAULT_SIGNING_ALGORITHM, tlsConfig.getSigningAlgorithm());
assertEquals(TlsConfig.DEFAULT_DAYS, tlsConfig.getDays());
}
use of org.apache.nifi.toolkit.tls.configuration.TlsConfig in project nifi by apache.
the class TlsCertificateAuthorityServiceHandlerTest method setup.
@Before
public void setup() throws Exception {
testToken = "testTokenTestToken";
testPemEncodedSignedCertificate = "testPemEncodedSignedCertificate";
keyPair = TlsHelper.generateKeyPair(TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM, TlsConfig.DEFAULT_KEY_SIZE);
objectMapper = new ObjectMapper();
when(httpServletRequest.getReader()).thenAnswer(invocation -> {
StringWriter stringWriter = new StringWriter();
objectMapper.writeValue(stringWriter, tlsCertificateAuthorityRequest);
return new BufferedReader(new StringReader(stringWriter.toString()));
});
doAnswer(invocation -> statusCode = (int) invocation.getArguments()[0]).when(httpServletResponse).setStatus(anyInt());
doAnswer(invocation -> {
statusCode = (int) invocation.getArguments()[0];
StringWriter stringWriter = new StringWriter();
stringWriter.write((String) invocation.getArguments()[1]);
response = stringWriter;
return null;
}).when(httpServletResponse).sendError(anyInt(), anyString());
when(httpServletResponse.getWriter()).thenAnswer(invocation -> {
response = new StringWriter();
return new PrintWriter(response);
});
caCert = CertificateUtils.generateSelfSignedX509Certificate(keyPair, "CN=fakeCa", TlsConfig.DEFAULT_SIGNING_ALGORITHM, TlsConfig.DEFAULT_DAYS);
requestedDn = new TlsConfig().calcDefaultDn(TlsConfig.DEFAULT_HOSTNAME);
certificateKeyPair = TlsHelper.generateKeyPair(TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM, TlsConfig.DEFAULT_KEY_SIZE);
jcaPKCS10CertificationRequest = TlsHelper.generateCertificationRequest(requestedDn, null, certificateKeyPair, TlsConfig.DEFAULT_SIGNING_ALGORITHM);
testPemEncodedCsr = TlsHelper.pemEncodeJcaObject(jcaPKCS10CertificationRequest);
tlsCertificateAuthorityServiceHandler = new TlsCertificateAuthorityServiceHandler(TlsConfig.DEFAULT_SIGNING_ALGORITHM, TlsConfig.DEFAULT_DAYS, testToken, caCert, keyPair, objectMapper);
testHmac = TlsHelper.calculateHMac(testToken, jcaPKCS10CertificationRequest.getPublicKey());
testCaHmac = TlsHelper.calculateHMac(testToken, caCert.getPublicKey());
}
use of org.apache.nifi.toolkit.tls.configuration.TlsConfig in project nifi by apache.
the class TlsToolkitStandaloneTest method checkHostDirAndReturnNifiProperties.
private Properties checkHostDirAndReturnNifiProperties(String hostname, String dnPrefix, String dnSuffix, X509Certificate rootCert) throws Exception {
File hostDir = new File(tempDir, hostname);
Properties nifiProperties = new Properties();
try (InputStream inputStream = new FileInputStream(new File(hostDir, TlsToolkitStandalone.NIFI_PROPERTIES))) {
nifiProperties.load(inputStream);
}
String trustStoreType = nifiProperties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE);
assertEquals(KeystoreType.JKS.toString().toLowerCase(), trustStoreType.toLowerCase());
KeyStore trustStore = KeyStoreUtils.getTrustStore(trustStoreType);
try (InputStream inputStream = new FileInputStream(new File(hostDir, "truststore." + trustStoreType))) {
trustStore.load(inputStream, nifiProperties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD).toCharArray());
}
String trustStoreFilename = BaseTlsToolkitCommandLine.TRUSTSTORE + trustStoreType;
assertEquals("./conf/" + trustStoreFilename, nifiProperties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE));
Certificate certificate = trustStore.getCertificate(TlsToolkitStandalone.NIFI_CERT);
assertEquals(rootCert, certificate);
String keyStoreType = nifiProperties.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE);
String keyStoreFilename = BaseTlsToolkitCommandLine.KEYSTORE + keyStoreType;
File keyStoreFile = new File(hostDir, keyStoreFilename);
assertEquals("./conf/" + keyStoreFilename, nifiProperties.getProperty(NiFiProperties.SECURITY_KEYSTORE));
KeyStore keyStore = KeyStoreUtils.getKeyStore(keyStoreType);
char[] keyStorePassword = nifiProperties.getProperty(NiFiProperties.SECURITY_KEYSTORE_PASSWD).toCharArray();
try (InputStream inputStream = new FileInputStream(keyStoreFile)) {
keyStore.load(inputStream, keyStorePassword);
}
char[] keyPassword = nifiProperties.getProperty(NiFiProperties.SECURITY_KEY_PASSWD).toCharArray();
if (keyPassword == null || keyPassword.length == 0) {
keyPassword = keyStorePassword;
}
KeyStore.Entry entry = keyStore.getEntry(TlsToolkitStandalone.NIFI_KEY, new KeyStore.PasswordProtection(keyPassword));
assertEquals(KeyStore.PrivateKeyEntry.class, entry.getClass());
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
Certificate[] certificateChain = privateKeyEntry.getCertificateChain();
assertEquals(2, certificateChain.length);
assertEquals(rootCert, certificateChain[1]);
certificateChain[1].verify(rootCert.getPublicKey());
certificateChain[0].verify(rootCert.getPublicKey());
TlsConfig tlsConfig = new TlsConfig();
tlsConfig.setDnPrefix(dnPrefix);
tlsConfig.setDnSuffix(dnSuffix);
assertEquals(tlsConfig.calcDefaultDn(hostname), CertificateUtils.convertAbstractX509Certificate(certificateChain[0]).getSubjectX500Principal().getName());
TlsCertificateAuthorityTest.assertPrivateAndPublicKeyMatch(privateKeyEntry.getPrivateKey(), certificateChain[0].getPublicKey());
return nifiProperties;
}
Aggregations