From a9e9e5d137d9798888d3082dd1fbccef18c4fc50 Mon Sep 17 00:00:00 2001 From: Pierre Villard Date: Mon, 19 Aug 2019 23:29:13 +0200 Subject: [PATCH] NIFI-6571 Check token length on TLS toolkit server startup This closes #3659. Signed-off-by: Joey Frazee --- .../apache/nifi/toolkit/tls/commandLine/ExitCode.java | 5 +++++ .../tls/service/BaseCertificateAuthorityCommandLine.java | 9 +++++++++ .../TlsCertificateAuthorityClientCommandLineTest.java | 2 +- .../TlsCertificateAuthorityServiceCommandLineTest.java | 2 +- 4 files changed, 16 insertions(+), 2 deletions(-) diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/commandLine/ExitCode.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/commandLine/ExitCode.java index 8456179260..753cf184a9 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/commandLine/ExitCode.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/commandLine/ExitCode.java @@ -66,6 +66,11 @@ public enum ExitCode { */ ERROR_TOKEN_ARG_EMPTY, + /** + * Token does not meet minimum size of 16 bytes + */ + ERROR_TOKEN_ARG_TOO_SHORT, + /** * Unable to read nifi.properties */ diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java index e0f9e6df83..8f56533466 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java @@ -25,6 +25,7 @@ import org.apache.nifi.toolkit.tls.configuration.TlsConfig; import org.apache.nifi.util.StringUtils; import java.io.File; +import java.nio.charset.StandardCharsets; /** * Common base argument logic for the CA server and client @@ -81,6 +82,14 @@ public abstract class BaseCertificateAuthorityCommandLine extends BaseTlsToolkit if (StringUtils.isEmpty(token) && StringUtils.isEmpty(configJsonIn)) { printUsageAndThrow(TOKEN_ARG + " argument must not be empty unless " + USE_CONFIG_JSON_ARG + " or " + READ_CONFIG_JSON_ARG+ " set", ExitCode.ERROR_TOKEN_ARG_EMPTY); } + + if (!StringUtils.isEmpty(token)) { + byte[] tokenBytes = token.getBytes(StandardCharsets.UTF_8); + if (tokenBytes.length < 16) { + printUsageAndThrow(TOKEN_ARG + " does not meet minimum size of 16 bytes", ExitCode.ERROR_TOKEN_ARG_TOO_SHORT); + } + } + port = getIntValue(commandLine, PORT_ARG, TlsConfig.DEFAULT_PORT); dn = commandLine.getOptionValue(DN_ARG, new TlsConfig().calcDefaultDn(getDnHostname())); return commandLine; diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLineTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLineTest.java index ef6e898b5e..a75290587e 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLineTest.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLineTest.java @@ -42,7 +42,7 @@ public class TlsCertificateAuthorityClientCommandLineTest { @Before public void setup() { tlsCertificateAuthorityClientCommandLine = new TlsCertificateAuthorityClientCommandLine(); - testToken = "testToken"; + testToken = "testToken16bytes"; } @Test diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceCommandLineTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceCommandLineTest.java index 0e4ad59695..3e85a904be 100644 --- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceCommandLineTest.java +++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceCommandLineTest.java @@ -44,7 +44,7 @@ public class TlsCertificateAuthorityServiceCommandLineTest { @Before public void setup() { tlsCertificateAuthorityServiceCommandLine = new TlsCertificateAuthorityServiceCommandLine(inputStreamFactory); - testToken = "testToken"; + testToken = "testToken16bytes"; } @Test