From 4f1444c0e09d974cbdca51abdd916e49fa0cfd62 Mon Sep 17 00:00:00 2001 From: Andy LoPresto Date: Tue, 8 May 2018 12:28:10 -0700 Subject: [PATCH] NIFI-4942 This closes #2690. Resolved test failures in JCE limited mode. Signed-off-by: joewitt --- .../ConfigEncryptionToolTest.groovy | 26 ++-- ...ve_properties_protected_aes_128.properties | 127 ++++++++++++++++++ .../src/test/resources/secure_hash_128.key | 4 +- 3 files changed, 146 insertions(+), 11 deletions(-) create mode 100644 nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes_128.properties diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/groovy/org/apache/nifi/properties/ConfigEncryptionToolTest.groovy b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/groovy/org/apache/nifi/properties/ConfigEncryptionToolTest.groovy index 77f5c8c8aa..a4357da51c 100644 --- a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/groovy/org/apache/nifi/properties/ConfigEncryptionToolTest.groovy +++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/groovy/org/apache/nifi/properties/ConfigEncryptionToolTest.groovy @@ -2221,7 +2221,7 @@ class ConfigEncryptionToolTest extends GroovyTestCase { /** * Ideally all of the combination tests would be a single test with iterative argument lists, but due to the System.exit(), it can only be captured once per test. */ - @Ignore +// @Ignore // TODO re-enable once this is passing on all platforms @Test void testShouldMigrateFromHashedPasswordToPassword() { @@ -2237,7 +2237,7 @@ class ConfigEncryptionToolTest extends GroovyTestCase { // Assertions in common method above } - @Ignore +// @Ignore // TODO re-enable once this is passing on all platforms @Test void testShouldMigrateFromHashedPasswordToKey() { @@ -2253,7 +2253,7 @@ class ConfigEncryptionToolTest extends GroovyTestCase { // Assertions in common method above } - @Ignore +// @Ignore // TODO re-enable once this is passing on all platforms @Test void testShouldMigrateFromHashedKeyToPassword() { @@ -2269,7 +2269,7 @@ class ConfigEncryptionToolTest extends GroovyTestCase { // Assertions in common method above } - @Ignore +// @Ignore // TODO re-enable once this is passing on all platforms @Test void testShouldMigrateFromHashedKeyToKey() { @@ -2285,7 +2285,7 @@ class ConfigEncryptionToolTest extends GroovyTestCase { // Assertions in common method above } - @Ignore +// @Ignore // TODO re-enable once this is passing on all platforms @Test void testShouldFailToMigrateFromIncorrectHashedPasswordToPassword() { @@ -5519,13 +5519,17 @@ class ConfigEncryptionToolTest extends GroovyTestCase { tmpDir.mkdirs() setFilePermissions(tmpDir, [PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.GROUP_READ, PosixFilePermission.GROUP_WRITE, PosixFilePermission.GROUP_EXECUTE, PosixFilePermission.OTHERS_READ, PosixFilePermission.OTHERS_WRITE, PosixFilePermission.OTHERS_EXECUTE]) - File masterKeyFile = new File("src/test/resources/bootstrap_with_master_key.conf") + String bootstrapPath = isUnlimitedStrengthCryptoAvailable() ? "src/test/resources/bootstrap_with_master_key.conf" : + "src/test/resources/bootstrap_with_master_key_128.conf" + File masterKeyFile = new File(bootstrapPath) File bootstrapFile = new File("target/tmp/tmp_bootstrap.conf") bootstrapFile.delete() Files.copy(masterKeyFile.toPath(), bootstrapFile.toPath()) - File inputPropertiesFile = new File("src/test/resources/nifi_with_sensitive_properties_protected_aes.properties") + String inputPropertiesPath = isUnlimitedStrengthCryptoAvailable() ? "src/test/resources/nifi_with_sensitive_properties_protected_aes.properties" : + "src/test/resources/nifi_with_sensitive_properties_protected_aes_128.properties" + File inputPropertiesFile = new File(inputPropertiesPath) NiFiProperties inputProperties = NiFiPropertiesLoader.withKey(KEY_HEX).load(inputPropertiesFile) logger.info("Loaded ${inputProperties.size()} properties from input file") @@ -5589,13 +5593,17 @@ class ConfigEncryptionToolTest extends GroovyTestCase { tmpDir.mkdirs() setFilePermissions(tmpDir, [PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.GROUP_READ, PosixFilePermission.GROUP_WRITE, PosixFilePermission.GROUP_EXECUTE, PosixFilePermission.OTHERS_READ, PosixFilePermission.OTHERS_WRITE, PosixFilePermission.OTHERS_EXECUTE]) - File masterKeyFile = new File("src/test/resources/bootstrap_with_master_key.conf") + String bootstrapPath = isUnlimitedStrengthCryptoAvailable() ? "src/test/resources/bootstrap_with_master_key.conf" : + "src/test/resources/bootstrap_with_master_key_128.conf" + File masterKeyFile = new File(bootstrapPath) File bootstrapFile = new File("target/tmp/tmp_bootstrap.conf") bootstrapFile.delete() Files.copy(masterKeyFile.toPath(), bootstrapFile.toPath()) - File inputPropertiesFile = new File("src/test/resources/nifi_with_sensitive_properties_protected_aes.properties") + String inputPropertiesPath = isUnlimitedStrengthCryptoAvailable() ? "src/test/resources/nifi_with_sensitive_properties_protected_aes.properties" : + "src/test/resources/nifi_with_sensitive_properties_protected_aes_128.properties" + File inputPropertiesFile = new File(inputPropertiesPath) NiFiProperties inputProperties = NiFiPropertiesLoader.withKey(KEY_HEX).load(inputPropertiesFile) logger.info("Loaded ${inputProperties.size()} properties from input file") diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes_128.properties b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes_128.properties new file mode 100644 index 0000000000..06db8caa67 --- /dev/null +++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes_128.properties @@ -0,0 +1,127 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Core Properties # +nifi.flow.configuration.file=./target/flow.xml.gz +nifi.flow.configuration.archive.dir=./target/archive/ +nifi.flowcontroller.autoResumeState=true +nifi.flowcontroller.graceful.shutdown.period=10 sec +nifi.flowservice.writedelay.interval=2 sec +nifi.administrative.yield.duration=30 sec + +nifi.reporting.task.configuration.file=./target/reporting-tasks.xml +nifi.controller.service.configuration.file=./target/controller-services.xml +nifi.templates.directory=./target/templates +nifi.ui.banner.text=UI Banner Text +nifi.ui.autorefresh.interval=30 sec +nifi.nar.library.directory=./target/resources/NiFiProperties/lib/ +nifi.nar.library.directory.alt=./target/resources/NiFiProperties/lib2/ +nifi.nar.working.directory=./target/work/nar/ + +# H2 Settings +nifi.database.directory=./target/database_repository +nifi.h2.url.append=;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE + +# FlowFile Repository +nifi.flowfile.repository.directory=./target/test-repo +nifi.flowfile.repository.partitions=1 +nifi.flowfile.repository.checkpoint.interval=2 mins +nifi.queue.swap.threshold=20000 +nifi.swap.storage.directory=./target/test-repo/swap +nifi.swap.in.period=5 sec +nifi.swap.in.threads=1 +nifi.swap.out.period=5 sec +nifi.swap.out.threads=4 + +# Content Repository +nifi.content.claim.max.appendable.size=10 MB +nifi.content.claim.max.flow.files=100 +nifi.content.repository.directory.default=./target/content_repository + +# Provenance Repository Properties +nifi.provenance.repository.storage.directory=./target/provenance_repository +nifi.provenance.repository.max.storage.time=24 hours +nifi.provenance.repository.max.storage.size=1 GB +nifi.provenance.repository.rollover.time=30 secs +nifi.provenance.repository.rollover.size=100 MB + +# Site to Site properties +nifi.remote.input.socket.port=9990 +nifi.remote.input.secure=true + +# web properties # +nifi.web.war.directory=./target/lib +nifi.web.http.host= +nifi.web.http.port= +nifi.web.https.host=nifi.nifi.apache.org +nifi.web.https.port=8443 +nifi.web.jetty.working.directory=./target/work/jetty + +# security properties # +nifi.sensitive.props.key=xPqEWK8a34r19J4z||UOFzOfZE/NQK4Xua8WWblf1/Ld+Pf7eQ1zg0U/qYW2sPwxyhhOXWwQmrUft6qA +nifi.sensitive.props.key.protected=aes/gcm/128 +nifi.sensitive.props.algorithm=PBEWITHMD5AND256BITAES-CBC-OPENSSL +nifi.sensitive.props.provider=BC +nifi.sensitive.props.additional.keys= + +nifi.security.keystore=/path/to/keystore.jks +nifi.security.keystoreType=JKS +nifi.security.keystorePasswd=UgWHU87DcSqBXHPz||eGkTFRuxfp8TQ/1crRBGQDGc5bd0BTX3jLrNjVOyfFFRXS4uDopI2IT5 +nifi.security.keystorePasswd.protected=aes/gcm/128 +nifi.security.keyPasswd=ScVhGZYyiWttT67v||BVoQckHv/05rdIJ1HCvp6ICmTTPF9ZBFgEpj5J8epFZherA53Q +nifi.security.keyPasswd.protected=aes/gcm/128 +nifi.security.truststore= +nifi.security.truststoreType= +nifi.security.truststorePasswd= +nifi.security.needClientAuth= +nifi.security.user.authorizer= + +# cluster common properties (cluster manager and nodes must have same values) # +nifi.cluster.protocol.heartbeat.interval=5 sec +nifi.cluster.protocol.is.secure=false +nifi.cluster.protocol.socket.timeout=30 sec +nifi.cluster.protocol.connection.handshake.timeout=45 sec +# if multicast is used, then nifi.cluster.protocol.multicast.xxx properties must be configured # +nifi.cluster.protocol.use.multicast=false +nifi.cluster.protocol.multicast.address= +nifi.cluster.protocol.multicast.port= +nifi.cluster.protocol.multicast.service.broadcast.delay=500 ms +nifi.cluster.protocol.multicast.service.locator.attempts=3 +nifi.cluster.protocol.multicast.service.locator.attempts.delay=1 sec + +# cluster node properties (only configure for cluster nodes) # +nifi.cluster.is.node=false +nifi.cluster.node.address= +nifi.cluster.node.protocol.port= +nifi.cluster.node.protocol.threads=2 +# if multicast is not used, nifi.cluster.node.unicast.xxx must have same values as nifi.cluster.manager.xxx # +nifi.cluster.node.unicast.manager.address= +nifi.cluster.node.unicast.manager.protocol.port= +nifi.cluster.node.unicast.manager.authority.provider.port= + +# cluster manager properties (only configure for cluster manager) # +nifi.cluster.is.manager=false +nifi.cluster.manager.address= +nifi.cluster.manager.protocol.port= +nifi.cluster.manager.authority.provider.port= +nifi.cluster.manager.authority.provider.threads=10 +nifi.cluster.manager.node.firewall.file= +nifi.cluster.manager.node.event.history.size=10 +nifi.cluster.manager.node.api.connection.timeout=30 sec +nifi.cluster.manager.node.api.read.timeout=30 sec +nifi.cluster.manager.node.api.request.threads=10 +nifi.cluster.manager.flow.retrieval.delay=5 sec +nifi.cluster.manager.protocol.threads=10 +nifi.cluster.manager.safemode.duration=0 sec \ No newline at end of file diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/secure_hash_128.key b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/secure_hash_128.key index 58aa04094b..ef7097e57e 100644 --- a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/secure_hash_128.key +++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/secure_hash_128.key @@ -1,2 +1,2 @@ -secureHashKey= -secureHashPassword= \ No newline at end of file +secureHashKey=$s0$40801$AAAAAAAAAAAAAAAAAAAAAA$pJOGA9sPL+pRzynnwt6G2FfVTyLQdbKSbk6W8IKId8E +secureHashPassword=$s0$40801$AAAAAAAAAAAAAAAAAAAAAA$gLSh7ChbHdOIMvZ74XGjV6qF65d9qvQ8n75FeGnM8YM \ No newline at end of file