NIFI-5161 - Moved filename escaping method to TlsHelper.java to allow use by the different Tls modes.

Added another test for special characters in the DN/output key filename.
Added a method to escape special characters in the alias name for keys in the truststore. This fixes an error with the TlsToolkit which occurs when extracting keys and writing them to file.

This closes #2684.

Signed-off-by: Andy LoPresto <alopresto@apache.org>
This commit is contained in:
thenatog 2018-05-07 11:22:32 -04:00 committed by Andy LoPresto
parent a9e85c358c
commit 2094786ec8
No known key found for this signature in database
GPG Key ID: 6EC293152D90B61D
5 changed files with 77 additions and 6 deletions

View File

@ -96,7 +96,7 @@ public class TlsClientManager extends BaseTlsManager {
KeyStore.Entry trustStoreEntry = trustStore.getEntry(alias, null); KeyStore.Entry trustStoreEntry = trustStore.getEntry(alias, null);
if (trustStoreEntry instanceof KeyStore.TrustedCertificateEntry) { if (trustStoreEntry instanceof KeyStore.TrustedCertificateEntry) {
Certificate trustedCertificate = ((KeyStore.TrustedCertificateEntry) trustStoreEntry).getTrustedCertificate(); Certificate trustedCertificate = ((KeyStore.TrustedCertificateEntry) trustStoreEntry).getTrustedCertificate();
try (OutputStream outputStream = outputStreamFactory.create(new File(certificateAuthorityDirectory, alias + ".pem")); try (OutputStream outputStream = outputStreamFactory.create(new File(certificateAuthorityDirectory, TlsHelper.escapeFilename(alias) + ".pem"));
OutputStreamWriter outputStreamWriter = new OutputStreamWriter(outputStream); OutputStreamWriter outputStreamWriter = new OutputStreamWriter(outputStream);
PemWriter pemWriter = new PemWriter(outputStreamWriter)) { PemWriter pemWriter = new PemWriter(outputStreamWriter)) {
pemWriter.writeObject(new JcaMiscPEMGenerator(trustedCertificate)); pemWriter.writeObject(new JcaMiscPEMGenerator(trustedCertificate));
@ -112,4 +112,7 @@ public class TlsClientManager extends BaseTlsManager {
public void addClientConfigurationWriter(ConfigurationWriter<TlsClientConfig> configurationWriter) { public void addClientConfigurationWriter(ConfigurationWriter<TlsClientConfig> configurationWriter) {
configurationWriters.add(configurationWriter); configurationWriters.add(configurationWriter);
} }
} }

View File

@ -200,7 +200,7 @@ public class TlsToolkitStandalone {
List<String> clientPasswords = standaloneConfig.getClientPasswords(); List<String> clientPasswords = standaloneConfig.getClientPasswords();
for (int i = 0; i < clientDns.size(); i++) { for (int i = 0; i < clientDns.size(); i++) {
String reorderedDn = CertificateUtils.reorderDn(clientDns.get(i)); String reorderedDn = CertificateUtils.reorderDn(clientDns.get(i));
String clientDnFile = getClientDnFile(reorderedDn); String clientDnFile = TlsHelper.escapeFilename(reorderedDn);
File clientCertFile = new File(baseDir, clientDnFile + ".p12"); File clientCertFile = new File(baseDir, clientDnFile + ".p12");
if (clientCertFile.exists()) { if (clientCertFile.exists()) {
@ -235,7 +235,4 @@ public class TlsToolkitStandalone {
} }
} }
protected static String getClientDnFile(String clientDn) {
return clientDn.replace(',', '_').replace(' ', '_');
}
} }

View File

@ -240,4 +240,15 @@ public class TlsHelper {
return extGen.generate(); return extGen.generate();
} }
/**
* Removes special characters (particularly forward and back slashes) from strings that become file names.
*
* @param filename A filename you plan to write to disk which needs to be escaped.
* @return String with special characters converted to underscores.
*/
public static final String escapeFilename(String filename) {
return filename.replaceAll("[^\\w\\.\\-\\=]+", "_");
}
} }

View File

@ -27,6 +27,7 @@ import org.apache.nifi.toolkit.tls.commandLine.BaseTlsToolkitCommandLine;
import org.apache.nifi.toolkit.tls.commandLine.ExitCode; import org.apache.nifi.toolkit.tls.commandLine.ExitCode;
import org.apache.nifi.toolkit.tls.configuration.TlsConfig; import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
import org.apache.nifi.toolkit.tls.service.TlsCertificateAuthorityTest; import org.apache.nifi.toolkit.tls.service.TlsCertificateAuthorityTest;
import org.apache.nifi.toolkit.tls.util.TlsHelper;
import org.apache.nifi.toolkit.tls.util.TlsHelperTest; import org.apache.nifi.toolkit.tls.util.TlsHelperTest;
import org.apache.nifi.util.NiFiProperties; import org.apache.nifi.util.NiFiProperties;
import org.junit.After; import org.junit.After;
@ -293,7 +294,7 @@ public class TlsToolkitStandaloneTest {
} }
private void checkClientCert(String clientDn, X509Certificate rootCert) throws Exception { private void checkClientCert(String clientDn, X509Certificate rootCert) throws Exception {
String clientDnFile = TlsToolkitStandalone.getClientDnFile(CertificateUtils.reorderDn(clientDn)); String clientDnFile = TlsHelper.escapeFilename(CertificateUtils.reorderDn(clientDn));
String password; String password;
try (FileReader fileReader = new FileReader(new File(tempDir, clientDnFile + ".password"))) { try (FileReader fileReader = new FileReader(new File(tempDir, clientDnFile + ".password"))) {
List<String> lines = IOUtils.readLines(fileReader); List<String> lines = IOUtils.readLines(fileReader);

View File

@ -389,4 +389,63 @@ public class TlsHelperTest {
return sans; return sans;
} }
@Test
public void testEscapeAliasFilenameWithForwardSlashes() {
String result = TlsHelper.escapeFilename("my/silly/filename.pem");
assertEquals("my_silly_filename.pem", result);
}
@Test
public void testEscapeAliasFilenameWithBackSlashes() {
String result = TlsHelper.escapeFilename("my\\silly\\filename.pem");
assertEquals("my_silly_filename.pem", result);
}
@Test
public void testEscapeAliasFilenameWithDollarSign() {
String result = TlsHelper.escapeFilename("my$illyfilename.pem");
assertEquals("my_illyfilename.pem", result);
}
@Test
public void testEscapeAliasFilenameTwoSymbolsInARow() {
String result = TlsHelper.escapeFilename("my!?sillyfilename.pem");
assertEquals("my_sillyfilename.pem", result);
}
@Test
public void testEscapeAliasFilenameKeepHyphens() {
String result = TlsHelper.escapeFilename("my-silly-filename.pem");
assertEquals("my-silly-filename.pem", result);
}
@Test
public void testEscapeAliasFilenameDoubleSpaces() {
String result = TlsHelper.escapeFilename("my silly filename.pem");
assertEquals("my_silly_filename.pem", result);
}
@Test
public void testEscapeAliasFilenameSymbols() {
String result = TlsHelper.escapeFilename("./\\!@#$%^&*()_-+=.pem");
assertEquals(".__-_=.pem", result);
}
@Test
public void testClientDnFilenameSlashes() throws Exception {
String clientDn = "OU=NiFi/Organisation,CN=testuser";
String escapedClientDn = TlsHelper.escapeFilename(CertificateUtils.reorderDn(clientDn));
assertEquals("CN=testuser_OU=NiFi_Organisation", escapedClientDn);
}
@Test
public void testClientDnFilenameSpecialChars() throws Exception {
String clientDn = "OU=NiFi#!Organisation,CN=testuser";
String escapedClientDn = TlsHelper.escapeFilename(CertificateUtils.reorderDn(clientDn));
assertEquals("CN=testuser_OU=NiFi_Organisation", escapedClientDn);
}
} }