This is an automated email from the ASF dual-hosted git repository. joewitt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push: new e9f5e49d5b NIFI-11133 This closes #6920. Updated TLS Toolkit Standalone to set Client Key Password e9f5e49d5b is described below commit e9f5e49d5b9af1357f2ae190537ffa698df579c8 Author: exceptionfactory <exceptionfact...@apache.org> AuthorDate: Thu Feb 2 13:07:23 2023 -0600 NIFI-11133 This closes #6920. Updated TLS Toolkit Standalone to set Client Key Password Signed-off-by: Joe Witt <joew...@apache.org> --- .../tls/standalone/TlsToolkitStandalone.java | 21 +++++++++++++++++---- .../tls/standalone/TlsToolkitStandaloneTest.java | 3 ++- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java index e460ca1949..664b00d206 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java @@ -49,6 +49,7 @@ import java.security.KeyPair; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; import java.security.SignatureException; import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; @@ -292,10 +293,9 @@ public class TlsToolkitStandalone { } KeyPair keyPair = TlsHelper.generateKeyPair(keyPairAlgorithm, keySize); X509Certificate clientCert = CertificateUtils.generateIssuedCertificate(reorderedDn, keyPair.getPublic(), null, certificate, caKeyPair, signingAlgorithm, days); - KeyStore keyStore = KeyStoreUtils.getKeyStore(KeystoreType.PKCS12.toString()); - keyStore.load(null, null); - keyStore.setKeyEntry(NIFI_KEY, keyPair.getPrivate(), null, new Certificate[]{clientCert, certificate}); - String password = TlsHelper.writeKeyStore(keyStore, outputStreamFactory, clientCertFile, clientPasswords.get(i), standaloneConfig.isClientPasswordsGenerated()); + final String keyStorePassword = clientPasswords.get(i); + final KeyStore keyStore = setClientKeyStore(keyStorePassword, keyPair.getPrivate(), clientCert, certificate); + String password = TlsHelper.writeKeyStore(keyStore, outputStreamFactory, clientCertFile, keyStorePassword, standaloneConfig.isClientPasswordsGenerated()); try (FileWriter fileWriter = new FileWriter(new File(baseDir, clientDnFile + ".password"))) { fileWriter.write(password); @@ -311,4 +311,17 @@ public class TlsToolkitStandalone { } } + protected KeyStore setClientKeyStore( + final String keyStorePassword, + final PrivateKey privateKey, + final X509Certificate clientCertificate, + final X509Certificate issuerCertificate + ) throws IOException, GeneralSecurityException { + final KeyStore keyStore = KeyStoreUtils.getKeyStore(KeystoreType.PKCS12.toString()); + keyStore.load(null, null); + final char[] keyPassword = keyStorePassword.toCharArray(); + final X509Certificate[] certificates = {clientCertificate, issuerCertificate}; + keyStore.setKeyEntry(NIFI_KEY, privateKey, keyPassword, certificates); + return keyStore; + } } diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java index 6c6edf535d..7b58f23fe6 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java @@ -522,7 +522,8 @@ public class TlsToolkitStandaloneTest { try (FileInputStream fileInputStream = new FileInputStream(new File(tempDir, clientDnFile + ".p12"))) { keyStore.load(fileInputStream, password.toCharArray()); } - PrivateKey privateKey = (PrivateKey) keyStore.getKey(TlsToolkitStandalone.NIFI_KEY, new char[0]); + final char[] keyPassword = password.toCharArray(); + PrivateKey privateKey = (PrivateKey) keyStore.getKey(TlsToolkitStandalone.NIFI_KEY, keyPassword); Certificate[] certificateChain = keyStore.getCertificateChain(TlsToolkitStandalone.NIFI_KEY); assertEquals(2, certificateChain.length); assertEquals(rootCert, certificateChain[1]);