Apache/nifi
1
0
Fork 0
mirror of https://github.com/apache/nifi.git synced 2025-02-07 18:48:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

NIFI-11848 Allocate unused port in TlsCertificateAuthorityTest

Browse Source 
This closes #7514

Signed-off-by: David Handermann <exceptionfactory@apache.org>
This commit is contained in:
Nandor Soma Abonyi 2023-07-22 23:59:03 +02:00 committed by exceptionfactory
parent c009b55762
commit 84b4d100a8
No known key found for this signature in database
GPG Key ID: 29B6A52D2AAE8DBA
2 changed files with 26 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityService.java
View File

@ -18,13 +18,6 @@
package org.apache.nifi.toolkit.tls.service.server;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import org.apache.nifi.security.util.TlsPlatform;
import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
import org.apache.nifi.toolkit.tls.manager.TlsCertificateAuthorityManager;
@ -32,7 +25,6 @@ import org.apache.nifi.toolkit.tls.manager.writer.JsonConfigurationWriter;
import org.apache.nifi.toolkit.tls.service.BaseCertificateAuthorityCommandLine;
import org.apache.nifi.toolkit.tls.util.OutputStreamFactory;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
@ -43,6 +35,14 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
/**
* Starts a Jetty server that will either load an existing CA or create one and use it to sign CSRs
*/
@ -51,6 +51,8 @@ public class TlsCertificateAuthorityService {
private final OutputStreamFactory outputStreamFactory;
private Server server;
private ServerConnector serverConnector;
public TlsCertificateAuthorityService() {
this(FileOutputStream::new);
}
@ -59,9 +61,7 @@ public class TlsCertificateAuthorityService {
this.outputStreamFactory = outputStreamFactory;
}
private static Server createServer(Handler handler, int port, KeyStore keyStore, String keyPassword) throws Exception {
Server server = new Server();
private static ServerConnector createSSLConnector(Server server, int port, KeyStore keyStore, String keyPassword) {
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setIncludeProtocols(TlsPlatform.getLatestProtocol());
sslContextFactory.setKeyStore(keyStore);
@ -73,10 +73,7 @@ public class TlsCertificateAuthorityService {
ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
sslConnector.setPort(port);
server.addConnector(sslConnector);
server.setHandler(handler);
return server;
return sslConnector;
}
public synchronized void start(TlsConfig tlsConfig, String configJson, boolean differentPasswordsForKeyAndKeystore) throws Exception {
@ -111,8 +108,10 @@ public class TlsCertificateAuthorityService {
tlsManager.write(outputStreamFactory);
String signingAlgorithm = tlsConfig.getSigningAlgorithm();
int days = tlsConfig.getDays();
server = createServer(new TlsCertificateAuthorityServiceHandler(signingAlgorithm, days, tlsConfig.getToken(), caCert, keyPair, objectMapper), tlsConfig.getPort(), tlsManager.getKeyStore(),
tlsConfig.getKeyPassword());
server = new Server();
serverConnector = createSSLConnector(server, tlsConfig.getPort(), tlsManager.getKeyStore(), tlsConfig.getKeyPassword());
server.addConnector(serverConnector);
server.setHandler(new TlsCertificateAuthorityServiceHandler(signingAlgorithm, days, tlsConfig.getToken(), caCert, keyPair, objectMapper));
server.start();
}
@ -123,4 +122,8 @@ public class TlsCertificateAuthorityService {
server.stop();
server.join();
}
public int getPort() {
return serverConnector.getLocalPort();
}
}

10
nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/TlsCertificateAuthorityTest.java
View File

@ -23,7 +23,6 @@ import org.apache.nifi.security.util.KeystoreType;
import org.apache.nifi.toolkit.tls.configuration.TlsClientConfig;
import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
import org.apache.nifi.toolkit.tls.service.client.TlsCertificateAuthorityClient;
import org.apache.nifi.toolkit.tls.service.client.TlsCertificateAuthorityClientCommandLine;
import org.apache.nifi.toolkit.tls.service.server.TlsCertificateAuthorityService;
import org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandalone;
import org.apache.nifi.toolkit.tls.util.InputStreamFactory;
@ -100,11 +99,13 @@ public class TlsCertificateAuthorityTest {
serverConfig.setCaHostname("localhost");
serverConfig.setToken(myTestTokenUseSomethingStronger);
serverConfig.setKeyStore(serverKeyStore);
serverConfig.setPort(0);
serverConfig.setDays(5);
serverConfig.setKeySize(2048);
serverConfig.initDefaults();
// set port back to 0, so Jetty will allocate a free port
serverConfig.setPort(0);
clientConfig = new TlsClientConfig();
clientConfig.setCaHostname("localhost");
clientConfig.setDn("OU=NIFI,CN=otherHostname");
@ -112,7 +113,6 @@ public class TlsCertificateAuthorityTest {
clientConfig.setTrustStore(clientTrustStore);
clientConfig.setToken(myTestTokenUseSomethingStronger);
clientConfig.setDomainAlternativeNames(Collections.singletonList(subjectAlternativeName));
clientConfig.setPort(0);
clientConfig.setKeySize(2048);
clientConfig.initDefaults();
@ -146,6 +146,7 @@ public class TlsCertificateAuthorityTest {
try {
tlsCertificateAuthorityService = new TlsCertificateAuthorityService(outputStreamFactory);
tlsCertificateAuthorityService.start(serverConfig, serverConfigFile.getAbsolutePath(), true);
clientConfig.setPort(tlsCertificateAuthorityService.getPort());
TlsCertificateAuthorityClient tlsCertificateAuthorityClient = new TlsCertificateAuthorityClient(outputStreamFactory);
tlsCertificateAuthorityClient.generateCertificateAndGetItSigned(clientConfig, null, clientConfigFile.getAbsolutePath(), true);
validate();
@ -162,6 +163,7 @@ public class TlsCertificateAuthorityTest {
try {
tlsCertificateAuthorityService = new TlsCertificateAuthorityService(outputStreamFactory);
tlsCertificateAuthorityService.start(serverConfig, serverConfigFile.getAbsolutePath(), false);
clientConfig.setPort(tlsCertificateAuthorityService.getPort());
TlsCertificateAuthorityClient tlsCertificateAuthorityClient = new TlsCertificateAuthorityClient(outputStreamFactory);
tlsCertificateAuthorityClient.generateCertificateAndGetItSigned(clientConfig, null, clientConfigFile.getAbsolutePath(), false);
validate();
@ -180,8 +182,8 @@ public class TlsCertificateAuthorityTest {
try {
tlsCertificateAuthorityService = new TlsCertificateAuthorityService(outputStreamFactory);
tlsCertificateAuthorityService.start(serverConfig, serverConfigFile.getAbsolutePath(), false);
clientConfig.setPort(tlsCertificateAuthorityService.getPort());
TlsCertificateAuthorityClient tlsCertificateAuthorityClient = new TlsCertificateAuthorityClient(outputStreamFactory);
new TlsCertificateAuthorityClientCommandLine(inputStreamFactory);
tlsCertificateAuthorityClient.generateCertificateAndGetItSigned(clientConfig, null, clientConfigFile.getAbsolutePath(), true);
validate();
} finally {