Examples with TlsCertificateAuthorityResponse org.apache.nifi.toolkit.tls.service.dto.TlsCertificateAuthorityResponse used on opensource projects

Search in sources :

Example 6 with TlsCertificateAuthorityResponse

use of org.apache.nifi.toolkit.tls.service.dto.TlsCertificateAuthorityResponse in project nifi by apache.

the class TlsCertificateAuthorityServiceHandler method handle.

@Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
    try {
        TlsCertificateAuthorityRequest tlsCertificateAuthorityRequest = objectMapper.readValue(new BoundedReader(request.getReader(), 1024 * 1024), TlsCertificateAuthorityRequest.class);
        if (!tlsCertificateAuthorityRequest.hasHmac()) {
            writeResponse(objectMapper, request, response, new TlsCertificateAuthorityResponse(HMAC_FIELD_MUST_BE_SET), Response.SC_BAD_REQUEST);
            return;
        }
        if (!tlsCertificateAuthorityRequest.hasCsr()) {
            writeResponse(objectMapper, request, response, new TlsCertificateAuthorityResponse(CSR_FIELD_MUST_BE_SET), Response.SC_BAD_REQUEST);
            return;
        }
        JcaPKCS10CertificationRequest jcaPKCS10CertificationRequest = TlsHelper.parseCsr(tlsCertificateAuthorityRequest.getCsr());
        byte[] expectedHmac = TlsHelper.calculateHMac(token, jcaPKCS10CertificationRequest.getPublicKey());
        if (MessageDigest.isEqual(expectedHmac, tlsCertificateAuthorityRequest.getHmac())) {
            String dn = jcaPKCS10CertificationRequest.getSubject().toString();
            if (logger.isInfoEnabled()) {
                logger.info("Received CSR with DN " + dn);
            }
            X509Certificate x509Certificate = CertificateUtils.generateIssuedCertificate(dn, jcaPKCS10CertificationRequest.getPublicKey(), CertificateUtils.getExtensionsFromCSR(jcaPKCS10CertificationRequest), caCert, keyPair, signingAlgorithm, days);
            writeResponse(objectMapper, request, response, new TlsCertificateAuthorityResponse(TlsHelper.calculateHMac(token, caCert.getPublicKey()), TlsHelper.pemEncodeJcaObject(x509Certificate)), Response.SC_OK);
            return;
        } else {
            writeResponse(objectMapper, request, response, new TlsCertificateAuthorityResponse(FORBIDDEN), Response.SC_FORBIDDEN);
            return;
        }
    } catch (Exception e) {
        throw new ServletException("Server error");
    } finally {
        baseRequest.setHandled(true);
    }
}
Also used : ServletException(javax.servlet.ServletException) JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest) TlsCertificateAuthorityResponse(org.apache.nifi.toolkit.tls.service.dto.TlsCertificateAuthorityResponse) TlsCertificateAuthorityRequest(org.apache.nifi.toolkit.tls.service.dto.TlsCertificateAuthorityRequest) BoundedReader(org.apache.commons.io.input.BoundedReader) X509Certificate(java.security.cert.X509Certificate) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Example 7 with TlsCertificateAuthorityResponse

use of org.apache.nifi.toolkit.tls.service.dto.TlsCertificateAuthorityResponse in project nifi by apache.

the class TlsCertificateSigningRequestPerformerTest method test2CertSize.

@Test
public void test2CertSize() throws Exception {
    certificates.add(caCertificate);
    certificates.add(caCertificate);
    statusCode = Response.SC_OK;
    tlsCertificateAuthorityResponse = new TlsCertificateAuthorityResponse();
    try {
        tlsCertificateSigningRequestPerformer.perform(keyPair);
        fail("Expected IOE");
    } catch (IOException e) {
        assertEquals(TlsCertificateSigningRequestPerformer.EXPECTED_ONE_CERTIFICATE, e.getMessage());
    }
}
Also used : TlsCertificateAuthorityResponse(org.apache.nifi.toolkit.tls.service.dto.TlsCertificateAuthorityResponse) IOException(java.io.IOException) Test(org.junit.Test)

Example 8 with TlsCertificateAuthorityResponse

use of org.apache.nifi.toolkit.tls.service.dto.TlsCertificateAuthorityResponse in project nifi by apache.

the class TlsCertificateSigningRequestPerformerTest method testOk.

@Test
public void testOk() throws Exception {
    certificates.add(caCertificate);
    statusCode = Response.SC_OK;
    tlsCertificateAuthorityResponse = new TlsCertificateAuthorityResponse(testHmac, testSignedCsr);
    tlsCertificateSigningRequestPerformer.perform(keyPair);
}
Also used : TlsCertificateAuthorityResponse(org.apache.nifi.toolkit.tls.service.dto.TlsCertificateAuthorityResponse) Test(org.junit.Test)

Example 9 with TlsCertificateAuthorityResponse

use of org.apache.nifi.toolkit.tls.service.dto.TlsCertificateAuthorityResponse in project nifi by apache.

the class TlsCertificateSigningRequestPerformerTest method testNoCertificate.

@Test
public void testNoCertificate() throws Exception {
    certificates.add(caCertificate);
    statusCode = Response.SC_OK;
    tlsCertificateAuthorityResponse = new TlsCertificateAuthorityResponse(testHmac, null);
    try {
        tlsCertificateSigningRequestPerformer.perform(keyPair);
        fail("Expected IOE");
    } catch (IOException e) {
        assertEquals(TlsCertificateSigningRequestPerformer.EXPECTED_RESPONSE_TO_CONTAIN_CERTIFICATE, e.getMessage());
    }
}
Also used : TlsCertificateAuthorityResponse(org.apache.nifi.toolkit.tls.service.dto.TlsCertificateAuthorityResponse) IOException(java.io.IOException) Test(org.junit.Test)

Aggregations

TlsCertificateAuthorityResponse (org.apache.nifi.toolkit.tls.service.dto.TlsCertificateAuthorityResponse)9 IOException (java.io.IOException)8 Test (org.junit.Test)7 X509Certificate (java.security.cert.X509Certificate)2 TlsCertificateAuthorityRequest (org.apache.nifi.toolkit.tls.service.dto.TlsCertificateAuthorityRequest)2 JcaPKCS10CertificationRequest (org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest)2 StringReader (java.io.StringReader)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 ArrayList (java.util.ArrayList)1 ServletException (javax.servlet.ServletException)1 BoundedInputStream (org.apache.commons.io.input.BoundedInputStream)1 BoundedReader (org.apache.commons.io.input.BoundedReader)1 HttpHost (org.apache.http.HttpHost)1 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)1 HttpPost (org.apache.http.client.methods.HttpPost)1 TrustSelfSignedStrategy (org.apache.http.conn.ssl.TrustSelfSignedStrategy)1 ByteArrayEntity (org.apache.http.entity.ByteArrayEntity)1 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)1 HttpClientBuilder (org.apache.http.impl.client.HttpClientBuilder)1 SSLContextBuilder (org.apache.http.ssl.SSLContextBuilder)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial