Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-11679 Refactored EncryptedRepoContentAccessIT Configuration (#7369)

This commit is contained in:
exceptionfactory 2023-06-13 10:06:45 -05:00 committed by GitHub
parent 9c2f15cc18
commit 962dc9bc38
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 52 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/repositories/EncryptedRepoContentAccessIT.java
View File

@ -17,17 +17,65 @@
package org.apache.nifi.tests.system.repositories;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.io.TempDir;
import javax.crypto.spec.SecretKeySpec;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
public class EncryptedRepoContentAccessIT extends ContentAccessIT {
private static final String KEYSTORE_CREDENTIALS = UUID.randomUUID().toString();
private static final String KEYSTORE_NAME = "repository.p12";
private static final String KEY_ID = "primary-key";
private static final String KEYSTORE_TYPE = "PKCS12";
private static final int KEY_LENGTH = 32;
private static final String KEY_ALGORITHM = "AES";
private static Path keyStorePath;
@BeforeAll
public static void setRepositoryKeystore(@TempDir final Path temporaryDirectory) throws GeneralSecurityException, IOException {
keyStorePath = temporaryDirectory.resolve(KEYSTORE_NAME);
final SecureRandom secureRandom = new SecureRandom();
final byte[] key = new byte[KEY_LENGTH];
secureRandom.nextBytes(key);
final SecretKeySpec secretKeySpec = new SecretKeySpec(key, KEY_ALGORITHM);
final KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
keyStore.load(null);
final KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(secretKeySpec);
final KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(KEYSTORE_CREDENTIALS.toCharArray());
keyStore.setEntry(KEY_ID, secretKeyEntry, passwordProtection);
try (final OutputStream outputStream = Files.newOutputStream(keyStorePath)) {
keyStore.store(outputStream, KEYSTORE_CREDENTIALS.toCharArray());
}
}
@Override
protected Map<String, String> getNifiPropertiesOverrides() {
final Map<String, String> encryptedRepoProperties = new HashMap<>();
encryptedRepoProperties.put("nifi.content.repository.implementation", "org.apache.nifi.controller.repository.crypto.EncryptedFileSystemRepository");
encryptedRepoProperties.put("nifi.content.repository.encryption.key", "0123456789ABCDEFFEDCBA9876543210");
encryptedRepoProperties.put("nifi.content.repository.encryption.key.id", "k1");
encryptedRepoProperties.put("nifi.content.repository.encryption.key.provider.implementation", "StaticKeyProvider");
encryptedRepoProperties.put("nifi.repository.encryption.protocol.version", "1");
encryptedRepoProperties.put("nifi.repository.encryption.key.id", KEY_ID);
encryptedRepoProperties.put("nifi.repository.encryption.key.provider", "KEYSTORE");
encryptedRepoProperties.put("nifi.repository.encryption.key.provider.keystore.location", keyStorePath.toString());
encryptedRepoProperties.put("nifi.repository.encryption.key.provider.keystore.password", KEYSTORE_CREDENTIALS);
return encryptedRepoProperties;
}
}