Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-6571 Check token length on TLS toolkit server startup 

This closes #3659.

Signed-off-by: Joey Frazee <jfrazee@apache.org>
This commit is contained in:
Pierre Villard 2019-08-19 23:29:13 +02:00 committed by Joey Frazee
parent 7034d7e44c
commit a9e9e5d137
4 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/commandLine/ExitCode.java
View File

@ -66,6 +66,11 @@ public enum ExitCode {
*/ */
ERROR_TOKEN_ARG_EMPTY, ERROR_TOKEN_ARG_EMPTY,
/**
* Token does not meet minimum size of 16 bytes
*/
ERROR_TOKEN_ARG_TOO_SHORT,
/** /**
* Unable to read nifi.properties * Unable to read nifi.properties
*/ */

9
nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java
View File

@ -25,6 +25,7 @@ import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
import org.apache.nifi.util.StringUtils; import org.apache.nifi.util.StringUtils;
import java.io.File; import java.io.File;
import java.nio.charset.StandardCharsets;
/** /**
* Common base argument logic for the CA server and client * Common base argument logic for the CA server and client
@ -81,6 +82,14 @@ public abstract class BaseCertificateAuthorityCommandLine extends BaseTlsToolkit
if (StringUtils.isEmpty(token) && StringUtils.isEmpty(configJsonIn)) { if (StringUtils.isEmpty(token) && StringUtils.isEmpty(configJsonIn)) {
printUsageAndThrow(TOKEN_ARG + " argument must not be empty unless " + USE_CONFIG_JSON_ARG + " or " + READ_CONFIG_JSON_ARG+ " set", ExitCode.ERROR_TOKEN_ARG_EMPTY); printUsageAndThrow(TOKEN_ARG + " argument must not be empty unless " + USE_CONFIG_JSON_ARG + " or " + READ_CONFIG_JSON_ARG+ " set", ExitCode.ERROR_TOKEN_ARG_EMPTY);
} }
if (!StringUtils.isEmpty(token)) {
byte[] tokenBytes = token.getBytes(StandardCharsets.UTF_8);
if (tokenBytes.length < 16) {
printUsageAndThrow(TOKEN_ARG + " does not meet minimum size of 16 bytes", ExitCode.ERROR_TOKEN_ARG_TOO_SHORT);
}
}
port = getIntValue(commandLine, PORT_ARG, TlsConfig.DEFAULT_PORT); port = getIntValue(commandLine, PORT_ARG, TlsConfig.DEFAULT_PORT);
dn = commandLine.getOptionValue(DN_ARG, new TlsConfig().calcDefaultDn(getDnHostname())); dn = commandLine.getOptionValue(DN_ARG, new TlsConfig().calcDefaultDn(getDnHostname()));
return commandLine; return commandLine;

2
nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLineTest.java
View File

@ -42,7 +42,7 @@ public class TlsCertificateAuthorityClientCommandLineTest {
@Before @Before
public void setup() { public void setup() {
tlsCertificateAuthorityClientCommandLine = new TlsCertificateAuthorityClientCommandLine(); tlsCertificateAuthorityClientCommandLine = new TlsCertificateAuthorityClientCommandLine();
testToken = "testToken"; testToken = "testToken16bytes";
} }
@Test @Test

2
nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceCommandLineTest.java
View File

@ -44,7 +44,7 @@ public class TlsCertificateAuthorityServiceCommandLineTest {
@Before @Before
public void setup() { public void setup() {
tlsCertificateAuthorityServiceCommandLine = new TlsCertificateAuthorityServiceCommandLine(inputStreamFactory); tlsCertificateAuthorityServiceCommandLine = new TlsCertificateAuthorityServiceCommandLine(inputStreamFactory);
testToken = "testToken"; testToken = "testToken16bytes";
} }
@Test @Test