This is an automated email from the ASF dual-hosted git repository. chriss pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push: new 4b97936d38 NIFI-10932 Changed PKCS12 KeyStore Type Provider to SunJSSE 4b97936d38 is described below commit 4b97936d383adaad57a56f08bacc70289893d34c Author: exceptionfactory <exceptionfact...@apache.org> AuthorDate: Mon Jan 23 21:24:49 2023 -0600 NIFI-10932 Changed PKCS12 KeyStore Type Provider to SunJSSE - Changed from Bouncy Castle to Sun JSSE Provider for Key Stores to improve reading and writing Trust Stores formatted in PKCS12 - Updated TLS Toolkit Key Password handling to remove setting null for PKCS12 Signed-off-by: Chris Sampson <chris.sampso...@gmail.com> This closes #6881 --- .../apache/nifi/security/util/KeyStoreUtils.java | 2 +- .../nifi/toolkit/tls/manager/BaseTlsManager.java | 22 ++++++++-------------- .../tls/standalone/TlsToolkitStandaloneTest.java | 3 ++- 3 files changed, 11 insertions(+), 16 deletions(-) diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeyStoreUtils.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeyStoreUtils.java index 43539b267d..2c00e52b67 100644 --- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeyStoreUtils.java +++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeyStoreUtils.java @@ -83,7 +83,7 @@ public class KeyStoreUtils { Security.addProvider(new BouncyCastleProvider()); KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.BCFKS.getType(), BouncyCastleProvider.PROVIDER_NAME); - KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.PKCS12.getType(), BouncyCastleProvider.PROVIDER_NAME); + KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.PKCS12.getType(), SUN_JSSE_PROVIDER_NAME); KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.JKS.getType(), SUN_PROVIDER_NAME); SECRET_KEY_STORE_PROVIDERS.put(KeystoreType.BCFKS, BouncyCastleProvider.PROVIDER_NAME); diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/manager/BaseTlsManager.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/manager/BaseTlsManager.java index 6e1eb67d74..a5a5d1c082 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/manager/BaseTlsManager.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/manager/BaseTlsManager.java @@ -17,7 +17,6 @@ package org.apache.nifi.toolkit.tls.manager; -import org.apache.nifi.security.util.KeystoreType; import org.apache.nifi.security.util.KeyStoreUtils; import org.apache.nifi.toolkit.tls.configuration.TlsConfig; import org.apache.nifi.toolkit.tls.manager.writer.ConfigurationWriter; @@ -108,21 +107,16 @@ public class BaseTlsManager { } private String getKeyPassword() { - if (keyStore.getType().equalsIgnoreCase(KeystoreType.PKCS12.toString())) { - tlsConfig.setKeyPassword(null); - return null; - } else { - String result = tlsConfig.getKeyPassword(); - if (StringUtils.isEmpty(result)) { - if (differentKeyAndKeyStorePassword) { - result = passwordUtil.generatePassword(); - } else { - result = getKeyStorePassword(); - } - tlsConfig.setKeyPassword(result); + String result = tlsConfig.getKeyPassword(); + if (StringUtils.isEmpty(result)) { + if (differentKeyAndKeyStorePassword) { + result = passwordUtil.generatePassword(); + } else { + result = getKeyStorePassword(); } - return result; + tlsConfig.setKeyPassword(result); } + return result; } private String getKeyStorePassword() { diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java index 058c9220d9..6c6edf535d 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java @@ -200,8 +200,9 @@ public class TlsToolkitStandaloneTest { @Test public void testKeyStoreTypeArg() throws Exception { + final String certificateAuthorityHostname = "certificate-authority"; runAndAssertExitCode(ExitCode.SUCCESS, "-o", tempDir.getAbsolutePath(), "-n", TlsConfig.DEFAULT_HOSTNAME, "-T", KeystoreType.PKCS12.toString().toLowerCase(), - "-K", "change", "-S", "change", "-P", "change"); + "-K", "change", "-S", "change", "-P", "change", "-c", certificateAuthorityHostname); X509Certificate x509Certificate = checkLoadCertPrivateKey(TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM); checkHostDirAndReturnNifiProperties(TlsConfig.DEFAULT_HOSTNAME, x509Certificate); }