Github user brosander commented on a diff in the pull request: https://github.com/apache/nifi/pull/695#discussion_r72882057 --- Diff: nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/CertificateUtilsTest.groovy --- @@ -116,53 +132,7 @@ class CertificateUtilsTest extends GroovyTestCase { private static X509Certificate generateCertificate(String dn) throws IOException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, SignatureException, InvalidKeyException, OperatorCreationException { KeyPair keyPair = generateKeyPair(); - return generateCertificate(dn, keyPair); - } - - /** - * Generates a signed certificate with a specific keypair. - * - * @param dn the DN - * @param keyPair the public key will be included in the certificate and the the private key is used to sign the certificate - * @return the certificate - * @throws IOException - * @throws NoSuchAlgorithmException - * @throws CertificateException - * @throws NoSuchProviderException - * @throws SignatureException - * @throws InvalidKeyException - * @throws OperatorCreationException - */ - private - static X509Certificate generateCertificate(String dn, KeyPair keyPair) throws IOException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, SignatureException, InvalidKeyException, OperatorCreationException { - PrivateKey privateKey = keyPair.getPrivate(); - ContentSigner sigGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(PROVIDER).build(privateKey); - SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()); - Date startDate = new Date(YESTERDAY); - Date endDate = new Date(ONE_YEAR_FROM_NOW); - - X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder( - new X500Name(dn), - BigInteger.valueOf(System.currentTimeMillis()), - startDate, endDate, - new X500Name(dn), - subPubKeyInfo); - - // Set certificate extensions - // (1) digitalSignature extension - certBuilder.addExtension(X509Extension.keyUsage, true, - new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment | KeyUsage.dataEncipherment | KeyUsage.keyAgreement)); - - // (2) extendedKeyUsage extension - Vector<KeyPurposeId> ekUsages = new Vector<>(); - ekUsages.add(KeyPurposeId.id_kp_clientAuth); - ekUsages.add(KeyPurposeId.id_kp_serverAuth); - certBuilder.addExtension(X509Extension.extendedKeyUsage, false, new ExtendedKeyUsage(ekUsages)); - - // Sign the certificate - X509CertificateHolder certificateHolder = certBuilder.build(sigGen); - return new JcaX509CertificateConverter().setProvider(PROVIDER) - .getCertificate(certificateHolder); + return CertificateUtils.generateSelfSignedX509Certificate(keyPair, dn, SIGNATURE_ALGORITHM, 365); --- End diff -- Upping default valid duration to 3 years
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---