Example 6 with TlsConfig
use of org.apache.nifi.toolkit.tls.configuration.TlsConfig in project nifi by apache.
the class TlsCertificateAuthorityManager method getOrGenerateCertificateAuthority.
/**
* Reads the CA from the KeyStore, creating one and putting it into the KeyStore if not present
*
* @return the PrivateKeyEntry for the CA
*
* @throws GeneralSecurityException if there is a security problem
* @throws IOException if there is an IO problem
*/
public KeyStore.PrivateKeyEntry getOrGenerateCertificateAuthority() throws GeneralSecurityException, IOException {
KeyStore.Entry entry = getEntry(TlsToolkitStandalone.NIFI_KEY);
if (entry == null) {
TlsConfig tlsConfig = getTlsConfig();
KeyPair keyPair = TlsHelper.generateKeyPair(tlsConfig.getKeyPairAlgorithm(), tlsConfig.getKeySize());
X509Certificate caCert = CertificateUtils.generateSelfSignedX509Certificate(keyPair, CertificateUtils.reorderDn(tlsConfig.getDn()), tlsConfig.getSigningAlgorithm(), tlsConfig.getDays());
entry = addPrivateKeyToKeyStore(keyPair, TlsToolkitStandalone.NIFI_KEY, caCert);
} else if (!KeyStore.PrivateKeyEntry.class.isInstance(entry)) {
throw new IOException("Expected " + TlsToolkitStandalone.NIFI_KEY + " alias to contain a private key entry");
}
return (KeyStore.PrivateKeyEntry) entry;
}
Also used :
KeyPair(java.security.KeyPair)
TlsConfig(org.apache.nifi.toolkit.tls.configuration.TlsConfig)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
Example 7 with TlsConfig
use of org.apache.nifi.toolkit.tls.configuration.TlsConfig in project nifi by apache.
the class TlsCertificateAuthorityServiceCommandLine method createConfig.
public TlsConfig createConfig() throws IOException {
String configJsonIn = getConfigJsonIn();
if (!StringUtils.isEmpty(configJsonIn)) {
try (InputStream inputStream = inputStreamFactory.create(new File(configJsonIn))) {
TlsConfig tlsConfig = new ObjectMapper().readValue(inputStream, TlsConfig.class);
tlsConfig.initDefaults();
return tlsConfig;
}
} else {
TlsConfig tlsConfig = new TlsConfig();
tlsConfig.setCaHostname(getCertificateAuthorityHostname());
tlsConfig.setDn(getDn());
tlsConfig.setToken(getToken());
tlsConfig.setPort(getPort());
tlsConfig.setKeyStore(NIFI_CA_KEYSTORE + getKeyStoreType().toLowerCase());
tlsConfig.setKeyStoreType(getKeyStoreType());
tlsConfig.setKeySize(getKeySize());
tlsConfig.setKeyPairAlgorithm(getKeyAlgorithm());
tlsConfig.setSigningAlgorithm(getSigningAlgorithm());
tlsConfig.setDays(getDays());
return tlsConfig;
}
}
Also used :
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
TlsConfig(org.apache.nifi.toolkit.tls.configuration.TlsConfig)
File(java.io.File)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Example 8 with TlsConfig
use of org.apache.nifi.toolkit.tls.configuration.TlsConfig in project nifi by apache.
the class TlsCertificateAuthorityClientCommandLineTest method testDefaults.
@Test
public void testDefaults() throws CommandLineParseException, IOException {
tlsCertificateAuthorityClientCommandLine.parse("-t", testToken);
TlsClientConfig clientConfig = tlsCertificateAuthorityClientCommandLine.createClientConfig();
assertEquals(TlsConfig.DEFAULT_HOSTNAME, clientConfig.getCaHostname());
Assert.assertEquals(new TlsConfig().calcDefaultDn(InetAddress.getLocalHost().getHostName()), clientConfig.getDn());
assertEquals(TlsCertificateAuthorityClientCommandLine.KEYSTORE + TlsConfig.DEFAULT_KEY_STORE_TYPE.toLowerCase(), clientConfig.getKeyStore());
assertEquals(TlsConfig.DEFAULT_KEY_STORE_TYPE, clientConfig.getKeyStoreType());
assertNull(clientConfig.getKeyStorePassword());
assertNull(clientConfig.getKeyPassword());
assertEquals(TlsCertificateAuthorityClientCommandLine.TRUSTSTORE + TlsConfig.DEFAULT_KEY_STORE_TYPE.toLowerCase(), clientConfig.getTrustStore());
assertEquals(TlsConfig.DEFAULT_KEY_STORE_TYPE, clientConfig.getTrustStoreType());
assertNull(clientConfig.getTrustStorePassword());
assertEquals(TlsConfig.DEFAULT_KEY_SIZE, clientConfig.getKeySize());
assertEquals(TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM, clientConfig.getKeyPairAlgorithm());
assertEquals(testToken, clientConfig.getToken());
assertEquals(TlsConfig.DEFAULT_PORT, clientConfig.getPort());
assertEquals(TlsCertificateAuthorityClientCommandLine.DEFAULT_CONFIG_JSON, tlsCertificateAuthorityClientCommandLine.getConfigJsonOut());
assertNull(tlsCertificateAuthorityClientCommandLine.getConfigJsonIn());
assertEquals(TlsCertificateAuthorityClientCommandLine.DEFAULT_CERTIFICATE_DIRECTORY, tlsCertificateAuthorityClientCommandLine.getCertificateDirectory());
}
Also used :
TlsClientConfig(org.apache.nifi.toolkit.tls.configuration.TlsClientConfig)
TlsConfig(org.apache.nifi.toolkit.tls.configuration.TlsConfig)
Test(org.junit.Test)
Example 9 with TlsConfig
use of org.apache.nifi.toolkit.tls.configuration.TlsConfig in project nifi by apache.
the class TlsCertificateSigningRequestPerformerTest method setup.
@Before
public void setup() throws GeneralSecurityException, OperatorCreationException, IOException {
objectMapper = new ObjectMapper();
keyPair = TlsHelper.generateKeyPair(TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM, TlsConfig.DEFAULT_KEY_SIZE);
testToken = "testTokenTestToken";
testCaHostname = "testCaHostname";
testPort = 8993;
certificates = new ArrayList<>();
when(tlsClientConfig.getToken()).thenReturn(testToken);
when(tlsClientConfig.getCaHostname()).thenReturn(testCaHostname);
when(tlsClientConfig.getDn()).thenReturn(new TlsConfig().calcDefaultDn(testCaHostname));
when(tlsClientConfig.getPort()).thenReturn(testPort);
when(tlsClientConfig.createCertificateSigningRequestPerformer()).thenReturn(tlsCertificateSigningRequestPerformer);
when(tlsClientConfig.getSigningAlgorithm()).thenReturn(TlsConfig.DEFAULT_SIGNING_ALGORITHM);
JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest = TlsHelper.generateCertificationRequest(tlsClientConfig.getDn(), null, keyPair, TlsConfig.DEFAULT_SIGNING_ALGORITHM);
String testCsrPem = TlsHelper.pemEncodeJcaObject(jcaPKCS10CertificationRequest);
when(httpClientBuilderSupplier.get()).thenReturn(httpClientBuilder);
when(httpClientBuilder.build()).thenAnswer(invocation -> {
Field sslSocketFactory = HttpClientBuilder.class.getDeclaredField("sslSocketFactory");
sslSocketFactory.setAccessible(true);
Object o = sslSocketFactory.get(httpClientBuilder);
Field field = TlsCertificateAuthorityClientSocketFactory.class.getDeclaredField("certificates");
field.setAccessible(true);
((List<X509Certificate>) field.get(o)).addAll(certificates);
return closeableHttpClient;
});
StatusLine statusLine = mock(StatusLine.class);
when(statusLine.getStatusCode()).thenAnswer(i -> statusCode);
when(closeableHttpClient.execute(eq(new HttpHost(testCaHostname, testPort, "https")), any(HttpPost.class))).thenAnswer(invocation -> {
HttpPost httpPost = (HttpPost) invocation.getArguments()[1];
TlsCertificateAuthorityRequest tlsCertificateAuthorityRequest = objectMapper.readValue(httpPost.getEntity().getContent(), TlsCertificateAuthorityRequest.class);
assertEquals(tlsCertificateAuthorityRequest.getCsr(), testCsrPem);
CloseableHttpResponse closeableHttpResponse = mock(CloseableHttpResponse.class);
when(closeableHttpResponse.getEntity()).thenAnswer(i -> {
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
objectMapper.writeValue(byteArrayOutputStream, tlsCertificateAuthorityResponse);
return new ByteArrayEntity(byteArrayOutputStream.toByteArray());
});
when(closeableHttpResponse.getStatusLine()).thenReturn(statusLine);
return closeableHttpResponse;
});
KeyPair caKeyPair = TlsHelper.generateKeyPair(TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM, TlsConfig.DEFAULT_KEY_SIZE);
caCertificate = CertificateUtils.generateSelfSignedX509Certificate(caKeyPair, "CN=fakeCa", TlsConfig.DEFAULT_SIGNING_ALGORITHM, TlsConfig.DEFAULT_DAYS);
testHmac = TlsHelper.calculateHMac(testToken, caCertificate.getPublicKey());
signedCsr = CertificateUtils.generateIssuedCertificate(jcaPKCS10CertificationRequest.getSubject().toString(), jcaPKCS10CertificationRequest.getPublicKey(), caCertificate, caKeyPair, TlsConfig.DEFAULT_SIGNING_ALGORITHM, TlsConfig.DEFAULT_DAYS);
testSignedCsr = TlsHelper.pemEncodeJcaObject(signedCsr);
tlsCertificateSigningRequestPerformer = new TlsCertificateSigningRequestPerformer(httpClientBuilderSupplier, tlsClientConfig);
}
Also used :
HttpPost(org.apache.http.client.methods.HttpPost)
JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest)
KeyPair(java.security.KeyPair)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
StatusLine(org.apache.http.StatusLine)
Field(java.lang.reflect.Field)
ByteArrayEntity(org.apache.http.entity.ByteArrayEntity)
HttpHost(org.apache.http.HttpHost)
TlsCertificateAuthorityRequest(org.apache.nifi.toolkit.tls.service.dto.TlsCertificateAuthorityRequest)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
TlsConfig(org.apache.nifi.toolkit.tls.configuration.TlsConfig)
ArrayList(java.util.ArrayList)
List(java.util.List)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Before(org.junit.Before)
Example 10 with TlsConfig
use of org.apache.nifi.toolkit.tls.configuration.TlsConfig in project nifi by apache.
the class TlsCertificateAuthorityServiceCommandLineTest method testKeyStoreType.
@Test
public void testKeyStoreType() throws CommandLineParseException, IOException {
String testKeyStoreType = "testKeyStoreType";
tlsCertificateAuthorityServiceCommandLine.parse("-t", testToken, "-T", testKeyStoreType);
TlsConfig tlsConfig = tlsCertificateAuthorityServiceCommandLine.createConfig();
assertEquals(testKeyStoreType, tlsConfig.getKeyStoreType());
assertEquals(TlsCertificateAuthorityServiceCommandLine.NIFI_CA_KEYSTORE + tlsConfig.getKeyStoreType().toLowerCase(), tlsConfig.getKeyStore());
}Aggregations
TlsConfig (org.apache.nifi.toolkit.tls.configuration.TlsConfig)10
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)4
File (java.io.File)3
Before (org.junit.Before)3
Test (org.junit.Test)3
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
FileInputStream (java.io.FileInputStream)2
InputStream (java.io.InputStream)2
KeyPair (java.security.KeyPair)2
KeyStore (java.security.KeyStore)2
X509Certificate (java.security.cert.X509Certificate)2
TlsClientConfig (org.apache.nifi.toolkit.tls.configuration.TlsClientConfig)2
BufferedReader (java.io.BufferedReader)1
IOException (java.io.IOException)1
PrintWriter (java.io.PrintWriter)1
StringReader (java.io.StringReader)1
StringWriter (java.io.StringWriter)1
Field (java.lang.reflect.Field)1
Certificate (java.security.cert.Certificate)1
ArrayList (java.util.ArrayList)1
