mirror of https://github.com/apache/nifi.git
NIFI-5161 - Moved filename escaping method to TlsHelper.java to allow use by the different Tls modes.
Added another test for special characters in the DN/output key filename. Added a method to escape special characters in the alias name for keys in the truststore. This fixes an error with the TlsToolkit which occurs when extracting keys and writing them to file. This closes #2684. Signed-off-by: Andy LoPresto <alopresto@apache.org>
This commit is contained in:
parent
a9e85c358c
commit
2094786ec8
|
@ -96,7 +96,7 @@ public class TlsClientManager extends BaseTlsManager {
|
||||||
KeyStore.Entry trustStoreEntry = trustStore.getEntry(alias, null);
|
KeyStore.Entry trustStoreEntry = trustStore.getEntry(alias, null);
|
||||||
if (trustStoreEntry instanceof KeyStore.TrustedCertificateEntry) {
|
if (trustStoreEntry instanceof KeyStore.TrustedCertificateEntry) {
|
||||||
Certificate trustedCertificate = ((KeyStore.TrustedCertificateEntry) trustStoreEntry).getTrustedCertificate();
|
Certificate trustedCertificate = ((KeyStore.TrustedCertificateEntry) trustStoreEntry).getTrustedCertificate();
|
||||||
try (OutputStream outputStream = outputStreamFactory.create(new File(certificateAuthorityDirectory, alias + ".pem"));
|
try (OutputStream outputStream = outputStreamFactory.create(new File(certificateAuthorityDirectory, TlsHelper.escapeFilename(alias) + ".pem"));
|
||||||
OutputStreamWriter outputStreamWriter = new OutputStreamWriter(outputStream);
|
OutputStreamWriter outputStreamWriter = new OutputStreamWriter(outputStream);
|
||||||
PemWriter pemWriter = new PemWriter(outputStreamWriter)) {
|
PemWriter pemWriter = new PemWriter(outputStreamWriter)) {
|
||||||
pemWriter.writeObject(new JcaMiscPEMGenerator(trustedCertificate));
|
pemWriter.writeObject(new JcaMiscPEMGenerator(trustedCertificate));
|
||||||
|
@ -112,4 +112,7 @@ public class TlsClientManager extends BaseTlsManager {
|
||||||
public void addClientConfigurationWriter(ConfigurationWriter<TlsClientConfig> configurationWriter) {
|
public void addClientConfigurationWriter(ConfigurationWriter<TlsClientConfig> configurationWriter) {
|
||||||
configurationWriters.add(configurationWriter);
|
configurationWriters.add(configurationWriter);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -200,7 +200,7 @@ public class TlsToolkitStandalone {
|
||||||
List<String> clientPasswords = standaloneConfig.getClientPasswords();
|
List<String> clientPasswords = standaloneConfig.getClientPasswords();
|
||||||
for (int i = 0; i < clientDns.size(); i++) {
|
for (int i = 0; i < clientDns.size(); i++) {
|
||||||
String reorderedDn = CertificateUtils.reorderDn(clientDns.get(i));
|
String reorderedDn = CertificateUtils.reorderDn(clientDns.get(i));
|
||||||
String clientDnFile = getClientDnFile(reorderedDn);
|
String clientDnFile = TlsHelper.escapeFilename(reorderedDn);
|
||||||
File clientCertFile = new File(baseDir, clientDnFile + ".p12");
|
File clientCertFile = new File(baseDir, clientDnFile + ".p12");
|
||||||
|
|
||||||
if (clientCertFile.exists()) {
|
if (clientCertFile.exists()) {
|
||||||
|
@ -235,7 +235,4 @@ public class TlsToolkitStandalone {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected static String getClientDnFile(String clientDn) {
|
|
||||||
return clientDn.replace(',', '_').replace(' ', '_');
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -240,4 +240,15 @@ public class TlsHelper {
|
||||||
return extGen.generate();
|
return extGen.generate();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Removes special characters (particularly forward and back slashes) from strings that become file names.
|
||||||
|
*
|
||||||
|
* @param filename A filename you plan to write to disk which needs to be escaped.
|
||||||
|
* @return String with special characters converted to underscores.
|
||||||
|
*/
|
||||||
|
public static final String escapeFilename(String filename) {
|
||||||
|
return filename.replaceAll("[^\\w\\.\\-\\=]+", "_");
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,6 +27,7 @@ import org.apache.nifi.toolkit.tls.commandLine.BaseTlsToolkitCommandLine;
|
||||||
import org.apache.nifi.toolkit.tls.commandLine.ExitCode;
|
import org.apache.nifi.toolkit.tls.commandLine.ExitCode;
|
||||||
import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
|
import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
|
||||||
import org.apache.nifi.toolkit.tls.service.TlsCertificateAuthorityTest;
|
import org.apache.nifi.toolkit.tls.service.TlsCertificateAuthorityTest;
|
||||||
|
import org.apache.nifi.toolkit.tls.util.TlsHelper;
|
||||||
import org.apache.nifi.toolkit.tls.util.TlsHelperTest;
|
import org.apache.nifi.toolkit.tls.util.TlsHelperTest;
|
||||||
import org.apache.nifi.util.NiFiProperties;
|
import org.apache.nifi.util.NiFiProperties;
|
||||||
import org.junit.After;
|
import org.junit.After;
|
||||||
|
@ -293,7 +294,7 @@ public class TlsToolkitStandaloneTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
private void checkClientCert(String clientDn, X509Certificate rootCert) throws Exception {
|
private void checkClientCert(String clientDn, X509Certificate rootCert) throws Exception {
|
||||||
String clientDnFile = TlsToolkitStandalone.getClientDnFile(CertificateUtils.reorderDn(clientDn));
|
String clientDnFile = TlsHelper.escapeFilename(CertificateUtils.reorderDn(clientDn));
|
||||||
String password;
|
String password;
|
||||||
try (FileReader fileReader = new FileReader(new File(tempDir, clientDnFile + ".password"))) {
|
try (FileReader fileReader = new FileReader(new File(tempDir, clientDnFile + ".password"))) {
|
||||||
List<String> lines = IOUtils.readLines(fileReader);
|
List<String> lines = IOUtils.readLines(fileReader);
|
||||||
|
|
|
@ -389,4 +389,63 @@ public class TlsHelperTest {
|
||||||
|
|
||||||
return sans;
|
return sans;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testEscapeAliasFilenameWithForwardSlashes() {
|
||||||
|
String result = TlsHelper.escapeFilename("my/silly/filename.pem");
|
||||||
|
assertEquals("my_silly_filename.pem", result);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testEscapeAliasFilenameWithBackSlashes() {
|
||||||
|
String result = TlsHelper.escapeFilename("my\\silly\\filename.pem");
|
||||||
|
assertEquals("my_silly_filename.pem", result);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testEscapeAliasFilenameWithDollarSign() {
|
||||||
|
String result = TlsHelper.escapeFilename("my$illyfilename.pem");
|
||||||
|
assertEquals("my_illyfilename.pem", result);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testEscapeAliasFilenameTwoSymbolsInARow() {
|
||||||
|
String result = TlsHelper.escapeFilename("my!?sillyfilename.pem");
|
||||||
|
assertEquals("my_sillyfilename.pem", result);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testEscapeAliasFilenameKeepHyphens() {
|
||||||
|
String result = TlsHelper.escapeFilename("my-silly-filename.pem");
|
||||||
|
assertEquals("my-silly-filename.pem", result);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testEscapeAliasFilenameDoubleSpaces() {
|
||||||
|
String result = TlsHelper.escapeFilename("my silly filename.pem");
|
||||||
|
assertEquals("my_silly_filename.pem", result);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testEscapeAliasFilenameSymbols() {
|
||||||
|
String result = TlsHelper.escapeFilename("./\\!@#$%^&*()_-+=.pem");
|
||||||
|
assertEquals(".__-_=.pem", result);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testClientDnFilenameSlashes() throws Exception {
|
||||||
|
String clientDn = "OU=NiFi/Organisation,CN=testuser";
|
||||||
|
String escapedClientDn = TlsHelper.escapeFilename(CertificateUtils.reorderDn(clientDn));
|
||||||
|
|
||||||
|
assertEquals("CN=testuser_OU=NiFi_Organisation", escapedClientDn);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testClientDnFilenameSpecialChars() throws Exception {
|
||||||
|
String clientDn = "OU=NiFi#!Organisation,CN=testuser";
|
||||||
|
String escapedClientDn = TlsHelper.escapeFilename(CertificateUtils.reorderDn(clientDn));
|
||||||
|
|
||||||
|
assertEquals("CN=testuser_OU=NiFi_Organisation", escapedClientDn);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue