From 2094786ec83567a375a719adacc71341bd81408b Mon Sep 17 00:00:00 2001 From: thenatog Date: Mon, 7 May 2018 11:22:32 -0400 Subject: [PATCH] NIFI-5161 - Moved filename escaping method to TlsHelper.java to allow use by the different Tls modes. Added another test for special characters in the DN/output key filename. Added a method to escape special characters in the alias name for keys in the truststore. This fixes an error with the TlsToolkit which occurs when extracting keys and writing them to file. This closes #2684. Signed-off-by: Andy LoPresto --- .../toolkit/tls/manager/TlsClientManager.java | 5 +- .../tls/standalone/TlsToolkitStandalone.java | 5 +- .../nifi/toolkit/tls/util/TlsHelper.java | 11 ++++ .../standalone/TlsToolkitStandaloneTest.java | 3 +- .../nifi/toolkit/tls/util/TlsHelperTest.java | 59 +++++++++++++++++++ 5 files changed, 77 insertions(+), 6 deletions(-) diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/manager/TlsClientManager.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/manager/TlsClientManager.java index 7df80ab027..ff11d14b9f 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/manager/TlsClientManager.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/manager/TlsClientManager.java @@ -96,7 +96,7 @@ public class TlsClientManager extends BaseTlsManager { KeyStore.Entry trustStoreEntry = trustStore.getEntry(alias, null); if (trustStoreEntry instanceof KeyStore.TrustedCertificateEntry) { Certificate trustedCertificate = ((KeyStore.TrustedCertificateEntry) trustStoreEntry).getTrustedCertificate(); - try (OutputStream outputStream = outputStreamFactory.create(new File(certificateAuthorityDirectory, alias + ".pem")); + try (OutputStream outputStream = outputStreamFactory.create(new File(certificateAuthorityDirectory, TlsHelper.escapeFilename(alias) + ".pem")); OutputStreamWriter outputStreamWriter = new OutputStreamWriter(outputStream); PemWriter pemWriter = new PemWriter(outputStreamWriter)) { pemWriter.writeObject(new JcaMiscPEMGenerator(trustedCertificate)); @@ -112,4 +112,7 @@ public class TlsClientManager extends BaseTlsManager { public void addClientConfigurationWriter(ConfigurationWriter configurationWriter) { configurationWriters.add(configurationWriter); } + + + } diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java index 304ce7f939..d3da47677c 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java @@ -200,7 +200,7 @@ public class TlsToolkitStandalone { List clientPasswords = standaloneConfig.getClientPasswords(); for (int i = 0; i < clientDns.size(); i++) { String reorderedDn = CertificateUtils.reorderDn(clientDns.get(i)); - String clientDnFile = getClientDnFile(reorderedDn); + String clientDnFile = TlsHelper.escapeFilename(reorderedDn); File clientCertFile = new File(baseDir, clientDnFile + ".p12"); if (clientCertFile.exists()) { @@ -235,7 +235,4 @@ public class TlsToolkitStandalone { } } - protected static String getClientDnFile(String clientDn) { - return clientDn.replace(',', '_').replace(' ', '_'); - } } diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/util/TlsHelper.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/util/TlsHelper.java index 1dee9057c0..d8a7fc0d9a 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/util/TlsHelper.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/util/TlsHelper.java @@ -240,4 +240,15 @@ public class TlsHelper { return extGen.generate(); } + + /** + * Removes special characters (particularly forward and back slashes) from strings that become file names. + * + * @param filename A filename you plan to write to disk which needs to be escaped. + * @return String with special characters converted to underscores. + */ + public static final String escapeFilename(String filename) { + return filename.replaceAll("[^\\w\\.\\-\\=]+", "_"); + } + } diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java index 085312d0b6..d273cbe485 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java @@ -27,6 +27,7 @@ import org.apache.nifi.toolkit.tls.commandLine.BaseTlsToolkitCommandLine; import org.apache.nifi.toolkit.tls.commandLine.ExitCode; import org.apache.nifi.toolkit.tls.configuration.TlsConfig; import org.apache.nifi.toolkit.tls.service.TlsCertificateAuthorityTest; +import org.apache.nifi.toolkit.tls.util.TlsHelper; import org.apache.nifi.toolkit.tls.util.TlsHelperTest; import org.apache.nifi.util.NiFiProperties; import org.junit.After; @@ -293,7 +294,7 @@ public class TlsToolkitStandaloneTest { } private void checkClientCert(String clientDn, X509Certificate rootCert) throws Exception { - String clientDnFile = TlsToolkitStandalone.getClientDnFile(CertificateUtils.reorderDn(clientDn)); + String clientDnFile = TlsHelper.escapeFilename(CertificateUtils.reorderDn(clientDn)); String password; try (FileReader fileReader = new FileReader(new File(tempDir, clientDnFile + ".password"))) { List lines = IOUtils.readLines(fileReader); diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/util/TlsHelperTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/util/TlsHelperTest.java index 91da17ae20..e7efabb30a 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/util/TlsHelperTest.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/util/TlsHelperTest.java @@ -389,4 +389,63 @@ public class TlsHelperTest { return sans; } + + @Test + public void testEscapeAliasFilenameWithForwardSlashes() { + String result = TlsHelper.escapeFilename("my/silly/filename.pem"); + assertEquals("my_silly_filename.pem", result); + } + + @Test + public void testEscapeAliasFilenameWithBackSlashes() { + String result = TlsHelper.escapeFilename("my\\silly\\filename.pem"); + assertEquals("my_silly_filename.pem", result); + } + + @Test + public void testEscapeAliasFilenameWithDollarSign() { + String result = TlsHelper.escapeFilename("my$illyfilename.pem"); + assertEquals("my_illyfilename.pem", result); + } + + @Test + public void testEscapeAliasFilenameTwoSymbolsInARow() { + String result = TlsHelper.escapeFilename("my!?sillyfilename.pem"); + assertEquals("my_sillyfilename.pem", result); + } + + @Test + public void testEscapeAliasFilenameKeepHyphens() { + String result = TlsHelper.escapeFilename("my-silly-filename.pem"); + assertEquals("my-silly-filename.pem", result); + } + + @Test + public void testEscapeAliasFilenameDoubleSpaces() { + String result = TlsHelper.escapeFilename("my silly filename.pem"); + assertEquals("my_silly_filename.pem", result); + } + + @Test + public void testEscapeAliasFilenameSymbols() { + String result = TlsHelper.escapeFilename("./\\!@#$%^&*()_-+=.pem"); + assertEquals(".__-_=.pem", result); + } + + @Test + public void testClientDnFilenameSlashes() throws Exception { + String clientDn = "OU=NiFi/Organisation,CN=testuser"; + String escapedClientDn = TlsHelper.escapeFilename(CertificateUtils.reorderDn(clientDn)); + + assertEquals("CN=testuser_OU=NiFi_Organisation", escapedClientDn); + } + + @Test + public void testClientDnFilenameSpecialChars() throws Exception { + String clientDn = "OU=NiFi#!Organisation,CN=testuser"; + String escapedClientDn = TlsHelper.escapeFilename(CertificateUtils.reorderDn(clientDn)); + + assertEquals("CN=testuser_OU=NiFi_Organisation", escapedClientDn); + } + }