This is an automated email from the ASF dual-hosted git repository.
exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 8c5d85a28d NIFI-12151 Fixed StandardPrivateKeyService fails due to
missing BouncyCastleProvider
8c5d85a28d is described below
commit 8c5d85a28d48e190ca862fbc7e10f1a66a9e72e7
Author: Peter Turcsanyi <turcsa...@apache.org>
AuthorDate: Fri Sep 29 22:04:01 2023 +0200
NIFI-12151 Fixed StandardPrivateKeyService fails due to missing
BouncyCastleProvider
This closes #7817
Signed-off-by: David Handermann <exceptionfact...@apache.org>
---
.../reader/BouncyCastlePrivateKeyReader.java | 11 ++++++--
.../key/service/StandardPrivateKeyServiceTest.java | 30 +++++++++++++++++-----
2 files changed, 33 insertions(+), 8 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-standard-services/nifi-key-service-bundle/nifi-key-service/src/main/java/org/apache/nifi/key/service/reader/BouncyCastlePrivateKeyReader.java
b/nifi-nar-bundles/nifi-standard-services/nifi-key-service-bundle/nifi-key-service/src/main/java/org/apache/nifi/key/service/reader/BouncyCastlePrivateKeyReader.java
index ff8746215d..c2cdecc2a4 100644
---
a/nifi-nar-bundles/nifi-standard-services/nifi-key-service-bundle/nifi-key-service/src/main/java/org/apache/nifi/key/service/reader/BouncyCastlePrivateKeyReader.java
+++
b/nifi-nar-bundles/nifi-standard-services/nifi-key-service-bundle/nifi-key-service/src/main/java/org/apache/nifi/key/service/reader/BouncyCastlePrivateKeyReader.java
@@ -17,6 +17,7 @@
package org.apache.nifi.key.service.reader;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMException;
@@ -42,6 +43,8 @@ import java.security.PrivateKey;
public class BouncyCastlePrivateKeyReader implements PrivateKeyReader {
private static final String INVALID_PEM = "Invalid PEM";
+ private static final BouncyCastleProvider BOUNCY_CASTLE_PROVIDER = new
BouncyCastleProvider();
+
/**
* Read Private Key using Bouncy Castle PEM Parser
*
@@ -81,7 +84,9 @@ public class BouncyCastlePrivateKeyReader implements
PrivateKeyReader {
private PrivateKeyInfo readEncryptedPrivateKey(final
PKCS8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo, final char[] keyPassword)
{
try {
- final InputDecryptorProvider provider = new
JceOpenSSLPKCS8DecryptorProviderBuilder().build(keyPassword);
+ final InputDecryptorProvider provider = new
JceOpenSSLPKCS8DecryptorProviderBuilder()
+ .setProvider(BOUNCY_CASTLE_PROVIDER)
+ .build(keyPassword);
return encryptedPrivateKeyInfo.decryptPrivateKeyInfo(provider);
} catch (final OperatorCreationException e) {
throw new PrivateKeyException("Preparing Private Key Decryption
failed", e);
@@ -91,7 +96,9 @@ public class BouncyCastlePrivateKeyReader implements
PrivateKeyReader {
}
private PrivateKeyInfo readEncryptedPrivateKey(final PEMEncryptedKeyPair
encryptedKeyPair, final char[] keyPassword) {
- final PEMDecryptorProvider provider = new
JcePEMDecryptorProviderBuilder().build(keyPassword);
+ final PEMDecryptorProvider provider = new
JcePEMDecryptorProviderBuilder()
+ .setProvider(BOUNCY_CASTLE_PROVIDER)
+ .build(keyPassword);
try {
final PEMKeyPair pemKeyPair =
encryptedKeyPair.decryptKeyPair(provider);
return pemKeyPair.getPrivateKeyInfo();
diff --git
a/nifi-nar-bundles/nifi-standard-services/nifi-key-service-bundle/nifi-key-service/src/test/java/org/apache/nifi/key/service/StandardPrivateKeyServiceTest.java
b/nifi-nar-bundles/nifi-standard-services/nifi-key-service-bundle/nifi-key-service/src/test/java/org/apache/nifi/key/service/StandardPrivateKeyServiceTest.java
index a00ca4c540..46c481a694 100644
---
a/nifi-nar-bundles/nifi-standard-services/nifi-key-service-bundle/nifi-key-service/src/test/java/org/apache/nifi/key/service/StandardPrivateKeyServiceTest.java
+++
b/nifi-nar-bundles/nifi-standard-services/nifi-key-service-bundle/nifi-key-service/src/test/java/org/apache/nifi/key/service/StandardPrivateKeyServiceTest.java
@@ -21,7 +21,8 @@ import org.apache.nifi.util.NoOpProcessor;
import org.apache.nifi.util.TestRunner;
import org.apache.nifi.util.TestRunners;
-import org.bouncycastle.openssl.PKCS8Generator;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.openssl.jcajce.JcaPKCS8Generator;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8EncryptorBuilder;
@@ -30,6 +31,8 @@ import org.bouncycastle.operator.OutputEncryptor;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.MethodSource;
import java.io.IOException;
import java.io.StringWriter;
@@ -42,11 +45,16 @@ import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.util.UUID;
+import static
org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8EncryptorBuilder.AES_256_CBC;
+import static
org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8EncryptorBuilder.DES3_CBC;
+import static
org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8EncryptorBuilder.PBE_SHA1_3DES;
import static org.junit.jupiter.api.Assertions.assertEquals;
class StandardPrivateKeyServiceTest {
private static final String SERVICE_ID =
StandardPrivateKeyServiceTest.class.getSimpleName();
+ private static final BouncyCastleProvider BOUNCY_CASTLE_PROVIDER = new
BouncyCastleProvider();
+
private static final String PATH_NOT_FOUND = "/path/not/found";
private static final String KEY_NOT_VALID = "-----BEGIN KEY NOT
VALID-----";
@@ -103,10 +111,11 @@ class StandardPrivateKeyServiceTest {
assertEquals(generatedPrivateKey, privateKey);
}
- @Test
- void testGetPrivateKeyEncryptedKey() throws Exception {
+ @ParameterizedTest
+ @MethodSource("encryptionAlgorithms")
+ void testGetPrivateKeyEncryptedKey(final String encryptionAlgorithm)
throws Exception {
final String password = UUID.randomUUID().toString();
- final OutputEncryptor outputEncryptor = getOutputEncryptor(password);
+ final OutputEncryptor outputEncryptor =
getOutputEncryptor(encryptionAlgorithm, password);
final String encryptedPrivateKey =
getEncodedPrivateKey(generatedPrivateKey, outputEncryptor);
final Path keyPath = writeKey(encryptedPrivateKey);
@@ -118,6 +127,14 @@ class StandardPrivateKeyServiceTest {
assertEquals(generatedPrivateKey, privateKey);
}
+ private static String[] encryptionAlgorithms() {
+ return new String[] {
+ AES_256_CBC,
+ DES3_CBC,
+ PBE_SHA1_3DES
+ };
+ }
+
private Path writeKey(final String encodedPrivateKey) throws IOException {
final Path keyPath =
Files.createTempFile(StandardPrivateKeyServiceTest.class.getSimpleName(),
RSA_ALGORITHM);
keyPath.toFile().deleteOnExit();
@@ -137,8 +154,9 @@ class StandardPrivateKeyServiceTest {
return stringWriter.toString();
}
- private OutputEncryptor getOutputEncryptor(final String password) throws
OperatorCreationException {
- return new
JceOpenSSLPKCS8EncryptorBuilder(PKCS8Generator.PBE_SHA1_3DES)
+ private OutputEncryptor getOutputEncryptor(final String
encryptionAlgorithm, final String password) throws OperatorCreationException {
+ return new JceOpenSSLPKCS8EncryptorBuilder(new
ASN1ObjectIdentifier(encryptionAlgorithm))
+ .setProvider(BOUNCY_CASTLE_PROVIDER)
.setPassword(password.toCharArray())
.build();
}
