From 962dc9bc388182d5163aeea7a8c0c2ceaaafaac5 Mon Sep 17 00:00:00 2001 From: exceptionfactory Date: Tue, 13 Jun 2023 10:06:45 -0500 Subject: [PATCH] NIFI-11679 Refactored EncryptedRepoContentAccessIT Configuration (#7369) --- .../EncryptedRepoContentAccessIT.java | 56 +++++++++++++++++-- 1 file changed, 52 insertions(+), 4 deletions(-) diff --git a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/repositories/EncryptedRepoContentAccessIT.java b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/repositories/EncryptedRepoContentAccessIT.java index 2cfdb44473..6fb10f6fd9 100644 --- a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/repositories/EncryptedRepoContentAccessIT.java +++ b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/repositories/EncryptedRepoContentAccessIT.java @@ -17,17 +17,65 @@ package org.apache.nifi.tests.system.repositories; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.io.TempDir; + +import javax.crypto.spec.SecretKeySpec; +import java.io.IOException; +import java.io.OutputStream; +import java.nio.file.Files; +import java.nio.file.Path; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.SecureRandom; import java.util.HashMap; import java.util.Map; +import java.util.UUID; public class EncryptedRepoContentAccessIT extends ContentAccessIT { + private static final String KEYSTORE_CREDENTIALS = UUID.randomUUID().toString(); + + private static final String KEYSTORE_NAME = "repository.p12"; + + private static final String KEY_ID = "primary-key"; + + private static final String KEYSTORE_TYPE = "PKCS12"; + + private static final int KEY_LENGTH = 32; + + private static final String KEY_ALGORITHM = "AES"; + + private static Path keyStorePath; + + @BeforeAll + public static void setRepositoryKeystore(@TempDir final Path temporaryDirectory) throws GeneralSecurityException, IOException { + keyStorePath = temporaryDirectory.resolve(KEYSTORE_NAME); + + final SecureRandom secureRandom = new SecureRandom(); + final byte[] key = new byte[KEY_LENGTH]; + secureRandom.nextBytes(key); + final SecretKeySpec secretKeySpec = new SecretKeySpec(key, KEY_ALGORITHM); + + final KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE); + keyStore.load(null); + + final KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(secretKeySpec); + final KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(KEYSTORE_CREDENTIALS.toCharArray()); + keyStore.setEntry(KEY_ID, secretKeyEntry, passwordProtection); + + try (final OutputStream outputStream = Files.newOutputStream(keyStorePath)) { + keyStore.store(outputStream, KEYSTORE_CREDENTIALS.toCharArray()); + } + } + @Override protected Map getNifiPropertiesOverrides() { final Map encryptedRepoProperties = new HashMap<>(); - encryptedRepoProperties.put("nifi.content.repository.implementation", "org.apache.nifi.controller.repository.crypto.EncryptedFileSystemRepository"); - encryptedRepoProperties.put("nifi.content.repository.encryption.key", "0123456789ABCDEFFEDCBA9876543210"); - encryptedRepoProperties.put("nifi.content.repository.encryption.key.id", "k1"); - encryptedRepoProperties.put("nifi.content.repository.encryption.key.provider.implementation", "StaticKeyProvider"); + encryptedRepoProperties.put("nifi.repository.encryption.protocol.version", "1"); + encryptedRepoProperties.put("nifi.repository.encryption.key.id", KEY_ID); + encryptedRepoProperties.put("nifi.repository.encryption.key.provider", "KEYSTORE"); + encryptedRepoProperties.put("nifi.repository.encryption.key.provider.keystore.location", keyStorePath.toString()); + encryptedRepoProperties.put("nifi.repository.encryption.key.provider.keystore.password", KEYSTORE_CREDENTIALS); return encryptedRepoProperties; } }