[nifi] branch main updated: NIFI-11133 This closes #6920. Updated TLS Toolkit Standalone to set Client Key Password

Fri, 03 Feb 2023 08:49:46 -0800 

This is an automated email from the ASF dual-hosted git repository.

joewitt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/main by this push:
     new e9f5e49d5b NIFI-11133 This closes #6920. Updated TLS Toolkit 
Standalone to set Client Key Password
e9f5e49d5b is described below

commit e9f5e49d5b9af1357f2ae190537ffa698df579c8
Author: exceptionfactory <exceptionfact...@apache.org>
AuthorDate: Thu Feb 2 13:07:23 2023 -0600

    NIFI-11133 This closes #6920. Updated TLS Toolkit Standalone to set Client 
Key Password
    
    Signed-off-by: Joe Witt <joew...@apache.org>
---
 .../tls/standalone/TlsToolkitStandalone.java        | 21 +++++++++++++++++----
 .../tls/standalone/TlsToolkitStandaloneTest.java    |  3 ++-
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git 
a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java
 
b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java
index e460ca1949..664b00d206 100644
--- 
a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java
+++ 
b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java
@@ -49,6 +49,7 @@ import java.security.KeyPair;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
 import java.security.SignatureException;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.Certificate;
@@ -292,10 +293,9 @@ public class TlsToolkitStandalone {
             }
             KeyPair keyPair = TlsHelper.generateKeyPair(keyPairAlgorithm, 
keySize);
             X509Certificate clientCert = 
CertificateUtils.generateIssuedCertificate(reorderedDn, keyPair.getPublic(), 
null, certificate, caKeyPair, signingAlgorithm, days);
-            KeyStore keyStore = 
KeyStoreUtils.getKeyStore(KeystoreType.PKCS12.toString());
-            keyStore.load(null, null);
-            keyStore.setKeyEntry(NIFI_KEY, keyPair.getPrivate(), null, new 
Certificate[]{clientCert, certificate});
-            String password = TlsHelper.writeKeyStore(keyStore, 
outputStreamFactory, clientCertFile, clientPasswords.get(i), 
standaloneConfig.isClientPasswordsGenerated());
+            final String keyStorePassword = clientPasswords.get(i);
+            final KeyStore keyStore = setClientKeyStore(keyStorePassword, 
keyPair.getPrivate(), clientCert, certificate);
+            String password = TlsHelper.writeKeyStore(keyStore, 
outputStreamFactory, clientCertFile, keyStorePassword, 
standaloneConfig.isClientPasswordsGenerated());
 
             try (FileWriter fileWriter = new FileWriter(new File(baseDir, 
clientDnFile + ".password"))) {
                 fileWriter.write(password);
@@ -311,4 +311,17 @@ public class TlsToolkitStandalone {
         }
     }
 
+    protected KeyStore setClientKeyStore(
+            final String keyStorePassword,
+            final PrivateKey privateKey,
+            final X509Certificate clientCertificate,
+            final X509Certificate issuerCertificate
+    ) throws IOException, GeneralSecurityException {
+        final KeyStore keyStore = 
KeyStoreUtils.getKeyStore(KeystoreType.PKCS12.toString());
+        keyStore.load(null, null);
+        final char[] keyPassword = keyStorePassword.toCharArray();
+        final X509Certificate[] certificates = {clientCertificate, 
issuerCertificate};
+        keyStore.setKeyEntry(NIFI_KEY, privateKey, keyPassword, certificates);
+        return keyStore;
+    }
 }
diff --git 
a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java
 
b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java
index 6c6edf535d..7b58f23fe6 100644
--- 
a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java
+++ 
b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java
@@ -522,7 +522,8 @@ public class TlsToolkitStandaloneTest {
         try (FileInputStream fileInputStream = new FileInputStream(new 
File(tempDir, clientDnFile + ".p12"))) {
             keyStore.load(fileInputStream, password.toCharArray());
         }
-        PrivateKey privateKey = (PrivateKey) 
keyStore.getKey(TlsToolkitStandalone.NIFI_KEY, new char[0]);
+        final char[] keyPassword = password.toCharArray();
+        PrivateKey privateKey = (PrivateKey) 
keyStore.getKey(TlsToolkitStandalone.NIFI_KEY, keyPassword);
         Certificate[] certificateChain = 
keyStore.getCertificateChain(TlsToolkitStandalone.NIFI_KEY);
         assertEquals(2, certificateChain.length);
         assertEquals(rootCert, certificateChain[1]);

Reply via email to