From 272325cb4ed00682d4d1471ccda8e670f3ef504e Mon Sep 17 00:00:00 2001 From: exceptionfactory Date: Wed, 4 May 2022 12:48:34 -0500 Subject: [PATCH] NIFI-9988 Corrected Property Decryption for Authorizers and Providers - Updated Protection Scheme Resolver to support both Name matching and Path matching Signed-off-by: Nathan Gough This closes #6017. --- .../scheme/StandardProtectionSchemeResolver.java | 4 +++- .../scheme/StandardProtectionSchemeResolverTest.java | 9 +++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/nifi-commons/nifi-property-protection-factory/src/main/java/org/apache/nifi/properties/scheme/StandardProtectionSchemeResolver.java b/nifi-commons/nifi-property-protection-factory/src/main/java/org/apache/nifi/properties/scheme/StandardProtectionSchemeResolver.java index 0c797b3b93..44557963e4 100644 --- a/nifi-commons/nifi-property-protection-factory/src/main/java/org/apache/nifi/properties/scheme/StandardProtectionSchemeResolver.java +++ b/nifi-commons/nifi-property-protection-factory/src/main/java/org/apache/nifi/properties/scheme/StandardProtectionSchemeResolver.java @@ -37,7 +37,9 @@ public class StandardProtectionSchemeResolver implements ProtectionSchemeResolve public ProtectionScheme getProtectionScheme(final String scheme) { Objects.requireNonNull(scheme, "Scheme required"); return Arrays.stream(PropertyProtectionScheme.values()) - .filter(propertyProtectionScheme -> propertyProtectionScheme.name().equals(scheme)) + .filter(propertyProtectionScheme -> + propertyProtectionScheme.name().equals(scheme) || scheme.startsWith(propertyProtectionScheme.getPath()) + ) .findFirst() .orElseThrow(() -> new SensitivePropertyProtectionException(String.format("Protection Scheme [%s] not supported", scheme))); } diff --git a/nifi-commons/nifi-property-protection-factory/src/test/java/org/apache/nifi/properties/scheme/StandardProtectionSchemeResolverTest.java b/nifi-commons/nifi-property-protection-factory/src/test/java/org/apache/nifi/properties/scheme/StandardProtectionSchemeResolverTest.java index 9cfc4994f7..c8893b2231 100644 --- a/nifi-commons/nifi-property-protection-factory/src/test/java/org/apache/nifi/properties/scheme/StandardProtectionSchemeResolverTest.java +++ b/nifi-commons/nifi-property-protection-factory/src/test/java/org/apache/nifi/properties/scheme/StandardProtectionSchemeResolverTest.java @@ -30,6 +30,8 @@ public class StandardProtectionSchemeResolverTest { private static final String AES_GCM_PATH = "aes/gcm"; + private static final String AES_GCM_256_PATH = "aes/gcm/256"; + private static final String UNKNOWN = "UNKNOWN"; private StandardProtectionSchemeResolver resolver; @@ -46,6 +48,13 @@ public class StandardProtectionSchemeResolverTest { assertEquals(AES_GCM_PATH, protectionScheme.getPath()); } + @Test + public void getProtectionSchemeAesGcm256Found() { + final ProtectionScheme protectionScheme = resolver.getProtectionScheme(AES_GCM_256_PATH); + assertNotNull(protectionScheme); + assertEquals(AES_GCM_PATH, protectionScheme.getPath()); + } + @Test public void getProtectionSchemeUnknownNotFound() { final SensitivePropertyProtectionException exception = assertThrows(SensitivePropertyProtectionException.class, () -> resolver.getProtectionScheme(UNKNOWN));