diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/manager/TlsClientManager.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/manager/TlsClientManager.java index 7df80ab027..ff11d14b9f 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/manager/TlsClientManager.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/manager/TlsClientManager.java @@ -96,7 +96,7 @@ public class TlsClientManager extends BaseTlsManager { KeyStore.Entry trustStoreEntry = trustStore.getEntry(alias, null); if (trustStoreEntry instanceof KeyStore.TrustedCertificateEntry) { Certificate trustedCertificate = ((KeyStore.TrustedCertificateEntry) trustStoreEntry).getTrustedCertificate(); - try (OutputStream outputStream = outputStreamFactory.create(new File(certificateAuthorityDirectory, alias + ".pem")); + try (OutputStream outputStream = outputStreamFactory.create(new File(certificateAuthorityDirectory, TlsHelper.escapeFilename(alias) + ".pem")); OutputStreamWriter outputStreamWriter = new OutputStreamWriter(outputStream); PemWriter pemWriter = new PemWriter(outputStreamWriter)) { pemWriter.writeObject(new JcaMiscPEMGenerator(trustedCertificate)); @@ -112,4 +112,7 @@ public class TlsClientManager extends BaseTlsManager { public void addClientConfigurationWriter(ConfigurationWriter configurationWriter) { configurationWriters.add(configurationWriter); } + + + } diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java index 304ce7f939..d3da47677c 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java @@ -200,7 +200,7 @@ public class TlsToolkitStandalone { List clientPasswords = standaloneConfig.getClientPasswords(); for (int i = 0; i < clientDns.size(); i++) { String reorderedDn = CertificateUtils.reorderDn(clientDns.get(i)); - String clientDnFile = getClientDnFile(reorderedDn); + String clientDnFile = TlsHelper.escapeFilename(reorderedDn); File clientCertFile = new File(baseDir, clientDnFile + ".p12"); if (clientCertFile.exists()) { @@ -235,7 +235,4 @@ public class TlsToolkitStandalone { } } - protected static String getClientDnFile(String clientDn) { - return clientDn.replace(',', '_').replace(' ', '_'); - } } diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/util/TlsHelper.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/util/TlsHelper.java index 1dee9057c0..d8a7fc0d9a 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/util/TlsHelper.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/util/TlsHelper.java @@ -240,4 +240,15 @@ public class TlsHelper { return extGen.generate(); } + + /** + * Removes special characters (particularly forward and back slashes) from strings that become file names. + * + * @param filename A filename you plan to write to disk which needs to be escaped. + * @return String with special characters converted to underscores. + */ + public static final String escapeFilename(String filename) { + return filename.replaceAll("[^\\w\\.\\-\\=]+", "_"); + } + } diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java index 085312d0b6..d273cbe485 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java @@ -27,6 +27,7 @@ import org.apache.nifi.toolkit.tls.commandLine.BaseTlsToolkitCommandLine; import org.apache.nifi.toolkit.tls.commandLine.ExitCode; import org.apache.nifi.toolkit.tls.configuration.TlsConfig; import org.apache.nifi.toolkit.tls.service.TlsCertificateAuthorityTest; +import org.apache.nifi.toolkit.tls.util.TlsHelper; import org.apache.nifi.toolkit.tls.util.TlsHelperTest; import org.apache.nifi.util.NiFiProperties; import org.junit.After; @@ -293,7 +294,7 @@ public class TlsToolkitStandaloneTest { } private void checkClientCert(String clientDn, X509Certificate rootCert) throws Exception { - String clientDnFile = TlsToolkitStandalone.getClientDnFile(CertificateUtils.reorderDn(clientDn)); + String clientDnFile = TlsHelper.escapeFilename(CertificateUtils.reorderDn(clientDn)); String password; try (FileReader fileReader = new FileReader(new File(tempDir, clientDnFile + ".password"))) { List lines = IOUtils.readLines(fileReader); diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/util/TlsHelperTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/util/TlsHelperTest.java index 91da17ae20..e7efabb30a 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/util/TlsHelperTest.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/util/TlsHelperTest.java @@ -389,4 +389,63 @@ public class TlsHelperTest { return sans; } + + @Test + public void testEscapeAliasFilenameWithForwardSlashes() { + String result = TlsHelper.escapeFilename("my/silly/filename.pem"); + assertEquals("my_silly_filename.pem", result); + } + + @Test + public void testEscapeAliasFilenameWithBackSlashes() { + String result = TlsHelper.escapeFilename("my\\silly\\filename.pem"); + assertEquals("my_silly_filename.pem", result); + } + + @Test + public void testEscapeAliasFilenameWithDollarSign() { + String result = TlsHelper.escapeFilename("my$illyfilename.pem"); + assertEquals("my_illyfilename.pem", result); + } + + @Test + public void testEscapeAliasFilenameTwoSymbolsInARow() { + String result = TlsHelper.escapeFilename("my!?sillyfilename.pem"); + assertEquals("my_sillyfilename.pem", result); + } + + @Test + public void testEscapeAliasFilenameKeepHyphens() { + String result = TlsHelper.escapeFilename("my-silly-filename.pem"); + assertEquals("my-silly-filename.pem", result); + } + + @Test + public void testEscapeAliasFilenameDoubleSpaces() { + String result = TlsHelper.escapeFilename("my silly filename.pem"); + assertEquals("my_silly_filename.pem", result); + } + + @Test + public void testEscapeAliasFilenameSymbols() { + String result = TlsHelper.escapeFilename("./\\!@#$%^&*()_-+=.pem"); + assertEquals(".__-_=.pem", result); + } + + @Test + public void testClientDnFilenameSlashes() throws Exception { + String clientDn = "OU=NiFi/Organisation,CN=testuser"; + String escapedClientDn = TlsHelper.escapeFilename(CertificateUtils.reorderDn(clientDn)); + + assertEquals("CN=testuser_OU=NiFi_Organisation", escapedClientDn); + } + + @Test + public void testClientDnFilenameSpecialChars() throws Exception { + String clientDn = "OU=NiFi#!Organisation,CN=testuser"; + String escapedClientDn = TlsHelper.escapeFilename(CertificateUtils.reorderDn(clientDn)); + + assertEquals("CN=testuser_OU=NiFi_Organisation", escapedClientDn); + } + }