mirror of https://github.com/apache/nifi.git
NIFI-10932 Changed PKCS12 KeyStore Type Provider to SunJSSE
- Changed from Bouncy Castle to Sun JSSE Provider for Key Stores to improve reading and writing Trust Stores formatted in PKCS12 - Updated TLS Toolkit Key Password handling to remove setting null for PKCS12 Signed-off-by: Chris Sampson <chris.sampson82@gmail.com> This closes #6881
This commit is contained in:
parent
4700fed249
commit
4b97936d38
|
@ -83,7 +83,7 @@ public class KeyStoreUtils {
|
|||
Security.addProvider(new BouncyCastleProvider());
|
||||
|
||||
KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.BCFKS.getType(), BouncyCastleProvider.PROVIDER_NAME);
|
||||
KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.PKCS12.getType(), BouncyCastleProvider.PROVIDER_NAME);
|
||||
KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.PKCS12.getType(), SUN_JSSE_PROVIDER_NAME);
|
||||
KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.JKS.getType(), SUN_PROVIDER_NAME);
|
||||
|
||||
SECRET_KEY_STORE_PROVIDERS.put(KeystoreType.BCFKS, BouncyCastleProvider.PROVIDER_NAME);
|
||||
|
|
|
@ -17,7 +17,6 @@
|
|||
|
||||
package org.apache.nifi.toolkit.tls.manager;
|
||||
|
||||
import org.apache.nifi.security.util.KeystoreType;
|
||||
import org.apache.nifi.security.util.KeyStoreUtils;
|
||||
import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
|
||||
import org.apache.nifi.toolkit.tls.manager.writer.ConfigurationWriter;
|
||||
|
@ -108,21 +107,16 @@ public class BaseTlsManager {
|
|||
}
|
||||
|
||||
private String getKeyPassword() {
|
||||
if (keyStore.getType().equalsIgnoreCase(KeystoreType.PKCS12.toString())) {
|
||||
tlsConfig.setKeyPassword(null);
|
||||
return null;
|
||||
} else {
|
||||
String result = tlsConfig.getKeyPassword();
|
||||
if (StringUtils.isEmpty(result)) {
|
||||
if (differentKeyAndKeyStorePassword) {
|
||||
result = passwordUtil.generatePassword();
|
||||
} else {
|
||||
result = getKeyStorePassword();
|
||||
}
|
||||
tlsConfig.setKeyPassword(result);
|
||||
String result = tlsConfig.getKeyPassword();
|
||||
if (StringUtils.isEmpty(result)) {
|
||||
if (differentKeyAndKeyStorePassword) {
|
||||
result = passwordUtil.generatePassword();
|
||||
} else {
|
||||
result = getKeyStorePassword();
|
||||
}
|
||||
return result;
|
||||
tlsConfig.setKeyPassword(result);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
private String getKeyStorePassword() {
|
||||
|
|
|
@ -200,8 +200,9 @@ public class TlsToolkitStandaloneTest {
|
|||
|
||||
@Test
|
||||
public void testKeyStoreTypeArg() throws Exception {
|
||||
final String certificateAuthorityHostname = "certificate-authority";
|
||||
runAndAssertExitCode(ExitCode.SUCCESS, "-o", tempDir.getAbsolutePath(), "-n", TlsConfig.DEFAULT_HOSTNAME, "-T", KeystoreType.PKCS12.toString().toLowerCase(),
|
||||
"-K", "change", "-S", "change", "-P", "change");
|
||||
"-K", "change", "-S", "change", "-P", "change", "-c", certificateAuthorityHostname);
|
||||
X509Certificate x509Certificate = checkLoadCertPrivateKey(TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM);
|
||||
checkHostDirAndReturnNifiProperties(TlsConfig.DEFAULT_HOSTNAME, x509Certificate);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue