Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-8701 - Log Self-Signed Certificate Hash on Generate 

This closes #5159

Signed-off-by: David Handermann <exceptionfactory@apache.org>
This commit is contained in:
Paul Grey 2021-06-14 18:54:49 -04:00 committed by exceptionfactory
parent 520ee82745
commit 0f1c9445f0
No known key found for this signature in database
GPG Key ID: 29B6A52D2AAE8DBA
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/util/SecureNiFiConfigUtil.java
View File

@ -16,6 +16,7 @@
*/ */
package org.apache.nifi.bootstrap.util; package org.apache.nifi.bootstrap.util;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.security.util.KeyStoreUtils; import org.apache.nifi.security.util.KeyStoreUtils;
import org.apache.nifi.security.util.StandardTlsConfiguration; import org.apache.nifi.security.util.StandardTlsConfiguration;
@ -35,10 +36,14 @@ import java.nio.file.Path;
import java.nio.file.Paths; import java.nio.file.Paths;
import java.nio.file.StandardCopyOption; import java.nio.file.StandardCopyOption;
import java.security.GeneralSecurityException; import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.time.LocalDate; import java.time.LocalDate;
import java.time.temporal.ChronoUnit; import java.time.temporal.ChronoUnit;
import java.util.Enumeration;
import java.util.HashSet; import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Locale;
import java.util.Properties; import java.util.Properties;
import java.util.Set; import java.util.Set;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@ -117,6 +122,17 @@ public class SecureNiFiConfigUtil {
String[] subjectAlternativeNames = getSubjectAlternativeNames(nifiProperties, cmdLogger); String[] subjectAlternativeNames = getSubjectAlternativeNames(nifiProperties, cmdLogger);
tlsConfiguration = KeyStoreUtils.createTlsConfigAndNewKeystoreTruststore(StandardTlsConfiguration tlsConfiguration = KeyStoreUtils.createTlsConfigAndNewKeystoreTruststore(StandardTlsConfiguration
.fromNiFiProperties(nifiProperties), CERT_DURATION_DAYS, subjectAlternativeNames); .fromNiFiProperties(nifiProperties), CERT_DURATION_DAYS, subjectAlternativeNames);
final KeyStore keyStore = KeyStoreUtils.loadKeyStore(tlsConfiguration.getKeystorePath(),
tlsConfiguration.getKeystorePassword().toCharArray(), tlsConfiguration.getKeystoreType().getType());
final Enumeration<String> aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
final String alias = aliases.nextElement();
final Certificate certificate = keyStore.getCertificate(alias);
if (certificate != null) {
final String sha256 = DigestUtils.sha256Hex(certificate.getEncoded());
cmdLogger.info("Generated Self-Signed Certificate SHA-256: {}", sha256.toUpperCase(Locale.ROOT));
}
}
} catch (GeneralSecurityException e) { } catch (GeneralSecurityException e) {
throw new RuntimeException(e); throw new RuntimeException(e);
} }