mirror of https://github.com/apache/nifi.git
NIFI-12152 This closes #7818. Refactored addProvider() Bouncy Castle references
- Removed Security.addProvider() references from several tests - Refactored KeyStoreUtils to use instance of BouncyCastleProvider instead of BC provider name string - Refactored MiNiFi references to pass BouncyCastleProvider for BCFKS Signed-off-by: Joseph Witt <joewitt@apache.org>
This commit is contained in:
parent
75c3b19979
commit
c76191fa4b
|
@ -31,7 +31,6 @@ import java.io.UncheckedIOException;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.nio.ByteBuffer;
|
import java.nio.ByteBuffer;
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
import java.security.Security;
|
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Properties;
|
import java.util.Properties;
|
||||||
|
@ -48,6 +47,7 @@ import org.apache.nifi.minifi.bootstrap.configuration.differentiators.WholeConfi
|
||||||
import org.apache.nifi.minifi.bootstrap.configuration.ingestors.interfaces.ChangeIngestor;
|
import org.apache.nifi.minifi.bootstrap.configuration.ingestors.interfaces.ChangeIngestor;
|
||||||
import org.apache.nifi.security.ssl.StandardKeyStoreBuilder;
|
import org.apache.nifi.security.ssl.StandardKeyStoreBuilder;
|
||||||
import org.apache.nifi.security.ssl.StandardSslContextBuilder;
|
import org.apache.nifi.security.ssl.StandardSslContextBuilder;
|
||||||
|
import org.apache.nifi.security.util.KeystoreType;
|
||||||
import org.apache.nifi.security.util.TlsPlatform;
|
import org.apache.nifi.security.util.TlsPlatform;
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||||
import org.eclipse.jetty.server.Request;
|
import org.eclipse.jetty.server.Request;
|
||||||
|
@ -62,10 +62,6 @@ import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
public class RestChangeIngestor implements ChangeIngestor {
|
public class RestChangeIngestor implements ChangeIngestor {
|
||||||
|
|
||||||
static {
|
|
||||||
Security.addProvider(new BouncyCastleProvider());
|
|
||||||
}
|
|
||||||
|
|
||||||
public static final String GET_TEXT = "This is a config change listener for an Apache NiFi - MiNiFi instance.\n" +
|
public static final String GET_TEXT = "This is a config change listener for an Apache NiFi - MiNiFi instance.\n" +
|
||||||
"Use this rest server to upload a flow.json to configure the MiNiFi instance.\n" +
|
"Use this rest server to upload a flow.json to configure the MiNiFi instance.\n" +
|
||||||
"Send a POST http request to '/' to upload the file.";
|
"Send a POST http request to '/' to upload the file.";
|
||||||
|
@ -86,6 +82,8 @@ public class RestChangeIngestor implements ChangeIngestor {
|
||||||
|
|
||||||
private final static Logger logger = LoggerFactory.getLogger(RestChangeIngestor.class);
|
private final static Logger logger = LoggerFactory.getLogger(RestChangeIngestor.class);
|
||||||
|
|
||||||
|
private static final BouncyCastleProvider BOUNCY_CASTLE_PROVIDER = new BouncyCastleProvider();
|
||||||
|
|
||||||
private static final Map<String, Supplier<Differentiator<ByteBuffer>>> DIFFERENTIATOR_CONSTRUCTOR_MAP = Map.of(
|
private static final Map<String, Supplier<Differentiator<ByteBuffer>>> DIFFERENTIATOR_CONSTRUCTOR_MAP = Map.of(
|
||||||
WHOLE_CONFIG_KEY, WholeConfigDifferentiator::getByteBufferDifferentiator
|
WHOLE_CONFIG_KEY, WholeConfigDifferentiator::getByteBufferDifferentiator
|
||||||
);
|
);
|
||||||
|
@ -174,22 +172,34 @@ public class RestChangeIngestor implements ChangeIngestor {
|
||||||
KeyStore trustStore = null;
|
KeyStore trustStore = null;
|
||||||
|
|
||||||
try (FileInputStream keyStoreStream = new FileInputStream(properties.getProperty(KEYSTORE_LOCATION_KEY))) {
|
try (FileInputStream keyStoreStream = new FileInputStream(properties.getProperty(KEYSTORE_LOCATION_KEY))) {
|
||||||
keyStore = new StandardKeyStoreBuilder()
|
final String keyStoreType = properties.getProperty(KEYSTORE_TYPE_KEY);
|
||||||
.type(properties.getProperty(KEYSTORE_TYPE_KEY))
|
final StandardKeyStoreBuilder builder = new StandardKeyStoreBuilder()
|
||||||
|
.type(keyStoreType)
|
||||||
.inputStream(keyStoreStream)
|
.inputStream(keyStoreStream)
|
||||||
.password(properties.getProperty(KEYSTORE_PASSWORD_KEY).toCharArray())
|
.password(properties.getProperty(KEYSTORE_PASSWORD_KEY).toCharArray());
|
||||||
.build();
|
|
||||||
|
if (KeystoreType.BCFKS.getType().equals(keyStoreType)) {
|
||||||
|
builder.provider(BOUNCY_CASTLE_PROVIDER);
|
||||||
|
}
|
||||||
|
|
||||||
|
keyStore = builder.build();
|
||||||
} catch (IOException ioe) {
|
} catch (IOException ioe) {
|
||||||
throw new UncheckedIOException("Key Store loading failed", ioe);
|
throw new UncheckedIOException("Key Store loading failed", ioe);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (properties.getProperty(TRUSTSTORE_LOCATION_KEY) != null) {
|
if (properties.getProperty(TRUSTSTORE_LOCATION_KEY) != null) {
|
||||||
|
final String trustStoreType = properties.getProperty(TRUSTSTORE_TYPE_KEY);
|
||||||
try (FileInputStream trustStoreStream = new FileInputStream(properties.getProperty(TRUSTSTORE_LOCATION_KEY))) {
|
try (FileInputStream trustStoreStream = new FileInputStream(properties.getProperty(TRUSTSTORE_LOCATION_KEY))) {
|
||||||
trustStore = new StandardKeyStoreBuilder()
|
final StandardKeyStoreBuilder builder = new StandardKeyStoreBuilder()
|
||||||
.type(properties.getProperty(TRUSTSTORE_TYPE_KEY))
|
.type(trustStoreType)
|
||||||
.inputStream(trustStoreStream)
|
.inputStream(trustStoreStream)
|
||||||
.password(properties.getProperty(TRUSTSTORE_PASSWORD_KEY).toCharArray())
|
.password(properties.getProperty(TRUSTSTORE_PASSWORD_KEY).toCharArray());
|
||||||
.build();
|
|
||||||
|
if (KeystoreType.BCFKS.getType().equals(trustStoreType)) {
|
||||||
|
builder.provider(BOUNCY_CASTLE_PROVIDER);
|
||||||
|
}
|
||||||
|
|
||||||
|
trustStore = builder.build();
|
||||||
} catch (IOException ioe) {
|
} catch (IOException ioe) {
|
||||||
throw new UncheckedIOException("Trust Store loading failed", ioe);
|
throw new UncheckedIOException("Trust Store loading failed", ioe);
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,7 +33,6 @@ import java.nio.file.Files;
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
import java.nio.file.Paths;
|
import java.nio.file.Paths;
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
import java.security.Security;
|
|
||||||
import java.util.stream.Stream;
|
import java.util.stream.Stream;
|
||||||
import javax.net.ssl.SSLContext;
|
import javax.net.ssl.SSLContext;
|
||||||
import org.apache.nifi.jetty.configuration.connector.StandardServerConnectorFactory;
|
import org.apache.nifi.jetty.configuration.connector.StandardServerConnectorFactory;
|
||||||
|
@ -56,9 +55,8 @@ public class JettyServer {
|
||||||
private static final String C2_SERVER_HOME = System.getenv("C2_SERVER_HOME");
|
private static final String C2_SERVER_HOME = System.getenv("C2_SERVER_HOME");
|
||||||
private static final String WEB_DEFAULTS_XML = "webdefault.xml";
|
private static final String WEB_DEFAULTS_XML = "webdefault.xml";
|
||||||
|
|
||||||
static {
|
private static final BouncyCastleProvider BOUNCY_CASTLE_PROVIDER = new BouncyCastleProvider();
|
||||||
Security.addProvider(new BouncyCastleProvider());
|
private static final String BCFKS = "BCFKS";
|
||||||
}
|
|
||||||
|
|
||||||
public static void main(String[] args) throws Exception {
|
public static void main(String[] args) throws Exception {
|
||||||
C2Properties properties = C2Properties.getInstance();
|
C2Properties properties = C2Properties.getInstance();
|
||||||
|
@ -116,11 +114,17 @@ public class JettyServer {
|
||||||
File keyStoreFile = Paths.get(C2_SERVER_HOME).resolve(properties.getProperty(MINIFI_C2_SERVER_KEYSTORE)).toFile();
|
File keyStoreFile = Paths.get(C2_SERVER_HOME).resolve(properties.getProperty(MINIFI_C2_SERVER_KEYSTORE)).toFile();
|
||||||
logger.debug("Loading Key Store [{}]", keyStoreFile.getPath());
|
logger.debug("Loading Key Store [{}]", keyStoreFile.getPath());
|
||||||
try (FileInputStream keyStoreStream = new FileInputStream(keyStoreFile)) {
|
try (FileInputStream keyStoreStream = new FileInputStream(keyStoreFile)) {
|
||||||
keyStore = new StandardKeyStoreBuilder()
|
final String keyStoreType = properties.getProperty(MINIFI_C2_SERVER_KEYSTORE_TYPE);
|
||||||
.type(properties.getProperty(MINIFI_C2_SERVER_KEYSTORE_TYPE))
|
final StandardKeyStoreBuilder builder = new StandardKeyStoreBuilder()
|
||||||
|
.type(keyStoreType)
|
||||||
.inputStream(keyStoreStream)
|
.inputStream(keyStoreStream)
|
||||||
.password(properties.getProperty(MINIFI_C2_SERVER_KEYSTORE_PASSWD).toCharArray())
|
.password(properties.getProperty(MINIFI_C2_SERVER_KEYSTORE_PASSWD).toCharArray());
|
||||||
.build();
|
|
||||||
|
if (BCFKS.equals(keyStoreType)) {
|
||||||
|
builder.provider(BOUNCY_CASTLE_PROVIDER);
|
||||||
|
}
|
||||||
|
|
||||||
|
keyStore = builder.build();
|
||||||
} catch (IOException ioe) {
|
} catch (IOException ioe) {
|
||||||
throw new UncheckedIOException("Key Store loading failed", ioe);
|
throw new UncheckedIOException("Key Store loading failed", ioe);
|
||||||
}
|
}
|
||||||
|
@ -128,11 +132,18 @@ public class JettyServer {
|
||||||
File trustStoreFile = Paths.get(C2_SERVER_HOME).resolve(properties.getProperty(MINIFI_C2_SERVER_TRUSTSTORE)).toFile();
|
File trustStoreFile = Paths.get(C2_SERVER_HOME).resolve(properties.getProperty(MINIFI_C2_SERVER_TRUSTSTORE)).toFile();
|
||||||
logger.debug("Loading Trust Store [{}]", trustStoreFile.getPath());
|
logger.debug("Loading Trust Store [{}]", trustStoreFile.getPath());
|
||||||
try (FileInputStream trustStoreStream = new FileInputStream(trustStoreFile)) {
|
try (FileInputStream trustStoreStream = new FileInputStream(trustStoreFile)) {
|
||||||
truststore = new StandardKeyStoreBuilder()
|
final String trustStoreType = properties.getProperty(MINIFI_C2_SERVER_TRUSTSTORE_TYPE);
|
||||||
.type(properties.getProperty(MINIFI_C2_SERVER_TRUSTSTORE_TYPE))
|
|
||||||
|
final StandardKeyStoreBuilder builder = new StandardKeyStoreBuilder()
|
||||||
|
.type(trustStoreType)
|
||||||
.inputStream(trustStoreStream)
|
.inputStream(trustStoreStream)
|
||||||
.password(properties.getProperty(MINIFI_C2_SERVER_TRUSTSTORE_PASSWD).toCharArray())
|
.password(properties.getProperty(MINIFI_C2_SERVER_TRUSTSTORE_PASSWD).toCharArray());
|
||||||
.build();
|
|
||||||
|
if (BCFKS.equals(trustStoreType)) {
|
||||||
|
builder.provider(BOUNCY_CASTLE_PROVIDER);
|
||||||
|
}
|
||||||
|
|
||||||
|
truststore = builder.build();
|
||||||
} catch (IOException ioe) {
|
} catch (IOException ioe) {
|
||||||
throw new UncheckedIOException("Trust Store loading failed", ioe);
|
throw new UncheckedIOException("Trust Store loading failed", ioe);
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,7 +21,7 @@ import java.io.InputStream;
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
import java.security.KeyStoreException;
|
import java.security.KeyStoreException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.NoSuchProviderException;
|
import java.security.Provider;
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
|
|
||||||
|
@ -29,7 +29,7 @@ import java.util.Objects;
|
||||||
* Standard implementation of Key Store Builder
|
* Standard implementation of Key Store Builder
|
||||||
*/
|
*/
|
||||||
public class StandardKeyStoreBuilder implements KeyStoreBuilder {
|
public class StandardKeyStoreBuilder implements KeyStoreBuilder {
|
||||||
private String provider;
|
private Provider provider;
|
||||||
|
|
||||||
private String type = KeyStore.getDefaultType();
|
private String type = KeyStore.getDefaultType();
|
||||||
|
|
||||||
|
@ -65,7 +65,7 @@ public class StandardKeyStoreBuilder implements KeyStoreBuilder {
|
||||||
* @param provider Key Store Provider
|
* @param provider Key Store Provider
|
||||||
* @return Builder
|
* @return Builder
|
||||||
*/
|
*/
|
||||||
public StandardKeyStoreBuilder provider(final String provider) {
|
public StandardKeyStoreBuilder provider(final Provider provider) {
|
||||||
this.provider = Objects.requireNonNull(provider, "Key Store Provider required");
|
this.provider = Objects.requireNonNull(provider, "Key Store Provider required");
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
@ -109,9 +109,6 @@ public class StandardKeyStoreBuilder implements KeyStoreBuilder {
|
||||||
} catch (final KeyStoreException e) {
|
} catch (final KeyStoreException e) {
|
||||||
final String message = String.format("Key Store Type [%s] creation failed", type);
|
final String message = String.format("Key Store Type [%s] creation failed", type);
|
||||||
throw new BuilderConfigurationException(message, e);
|
throw new BuilderConfigurationException(message, e);
|
||||||
} catch (final NoSuchProviderException e) {
|
|
||||||
final String message = String.format("Key Store Type [%s] Provider [%s] creation failed", type, provider);
|
|
||||||
throw new BuilderConfigurationException(message, e);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -32,9 +32,7 @@ import java.security.KeyPairGenerator;
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
import java.security.KeyStoreException;
|
import java.security.KeyStoreException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.NoSuchProviderException;
|
|
||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
import java.security.Security;
|
|
||||||
import java.security.UnrecoverableKeyException;
|
import java.security.UnrecoverableKeyException;
|
||||||
import java.security.cert.Certificate;
|
import java.security.cert.Certificate;
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
|
@ -60,8 +58,8 @@ import org.slf4j.LoggerFactory;
|
||||||
public class KeyStoreUtils {
|
public class KeyStoreUtils {
|
||||||
private static final Logger logger = LoggerFactory.getLogger(KeyStoreUtils.class);
|
private static final Logger logger = LoggerFactory.getLogger(KeyStoreUtils.class);
|
||||||
|
|
||||||
public static final String SUN_PROVIDER_NAME = "SUN";
|
private static final BouncyCastleProvider BOUNCY_CASTLE_PROVIDER = new BouncyCastleProvider();
|
||||||
public static final String SUN_JSSE_PROVIDER_NAME = "SunJSSE";
|
|
||||||
private static final String JKS_EXT = ".jks";
|
private static final String JKS_EXT = ".jks";
|
||||||
private static final String PKCS12_EXT = ".p12";
|
private static final String PKCS12_EXT = ".p12";
|
||||||
private static final String BCFKS_EXT = ".bcfks";
|
private static final String BCFKS_EXT = ".bcfks";
|
||||||
|
@ -76,20 +74,7 @@ public class KeyStoreUtils {
|
||||||
private static final String KEYSTORE_ERROR_MSG = "There was an error creating a Keystore.";
|
private static final String KEYSTORE_ERROR_MSG = "There was an error creating a Keystore.";
|
||||||
private static final String TRUSTSTORE_ERROR_MSG = "There was an error creating a Truststore.";
|
private static final String TRUSTSTORE_ERROR_MSG = "There was an error creating a Truststore.";
|
||||||
|
|
||||||
private static final Map<String, String> KEY_STORE_TYPE_PROVIDERS = new HashMap<>();
|
|
||||||
private static final Map<KeystoreType, String> KEY_STORE_EXTENSIONS = new HashMap<>();
|
private static final Map<KeystoreType, String> KEY_STORE_EXTENSIONS = new HashMap<>();
|
||||||
private static final Map<KeystoreType, String> SECRET_KEY_STORE_PROVIDERS = new HashMap<>();
|
|
||||||
|
|
||||||
static {
|
|
||||||
Security.addProvider(new BouncyCastleProvider());
|
|
||||||
|
|
||||||
KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.BCFKS.getType(), BouncyCastleProvider.PROVIDER_NAME);
|
|
||||||
KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.PKCS12.getType(), SUN_JSSE_PROVIDER_NAME);
|
|
||||||
KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.JKS.getType(), SUN_PROVIDER_NAME);
|
|
||||||
|
|
||||||
SECRET_KEY_STORE_PROVIDERS.put(KeystoreType.BCFKS, BouncyCastleProvider.PROVIDER_NAME);
|
|
||||||
SECRET_KEY_STORE_PROVIDERS.put(KeystoreType.PKCS12, SUN_JSSE_PROVIDER_NAME);
|
|
||||||
}
|
|
||||||
|
|
||||||
static {
|
static {
|
||||||
KEY_STORE_EXTENSIONS.put(KeystoreType.JKS, JKS_EXT);
|
KEY_STORE_EXTENSIONS.put(KeystoreType.JKS, JKS_EXT);
|
||||||
|
@ -97,17 +82,6 @@ public class KeyStoreUtils {
|
||||||
KEY_STORE_EXTENSIONS.put(KeystoreType.BCFKS, BCFKS_EXT);
|
KEY_STORE_EXTENSIONS.put(KeystoreType.BCFKS, BCFKS_EXT);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns the provider that will be used for the given keyStoreType
|
|
||||||
*
|
|
||||||
* @param keyStoreType the keyStoreType
|
|
||||||
* @return Key Store Provider Name or null when not found
|
|
||||||
*/
|
|
||||||
public static String getKeyStoreProvider(final String keyStoreType) {
|
|
||||||
final String storeType = StringUtils.upperCase(keyStoreType);
|
|
||||||
return KEY_STORE_TYPE_PROVIDERS.get(storeType);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns an empty KeyStore backed by the appropriate provider
|
* Returns an empty KeyStore backed by the appropriate provider
|
||||||
*
|
*
|
||||||
|
@ -116,15 +90,11 @@ public class KeyStoreUtils {
|
||||||
* @throws KeyStoreException if a KeyStore of the given type cannot be instantiated
|
* @throws KeyStoreException if a KeyStore of the given type cannot be instantiated
|
||||||
*/
|
*/
|
||||||
public static KeyStore getKeyStore(final String keyStoreType) throws KeyStoreException {
|
public static KeyStore getKeyStore(final String keyStoreType) throws KeyStoreException {
|
||||||
final String keyStoreProvider = getKeyStoreProvider(keyStoreType);
|
if (KeystoreType.BCFKS.toString().equals(keyStoreType)) {
|
||||||
if (StringUtils.isNotEmpty(keyStoreProvider)) {
|
return KeyStore.getInstance(keyStoreType, BOUNCY_CASTLE_PROVIDER);
|
||||||
try {
|
} else {
|
||||||
return KeyStore.getInstance(keyStoreType, keyStoreProvider);
|
return KeyStore.getInstance(keyStoreType);
|
||||||
} catch (final Exception e) {
|
|
||||||
logger.error("KeyStore Type [{}] Provider [{}] instance creation failed", keyStoreType, keyStoreProvider, e);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return KeyStore.getInstance(keyStoreType);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -136,15 +106,14 @@ public class KeyStoreUtils {
|
||||||
*/
|
*/
|
||||||
public static KeyStore getSecretKeyStore(final String keystoreTypeName) throws KeyStoreException {
|
public static KeyStore getSecretKeyStore(final String keystoreTypeName) throws KeyStoreException {
|
||||||
final KeystoreType keystoreType = getKeystoreType(keystoreTypeName);
|
final KeystoreType keystoreType = getKeystoreType(keystoreTypeName);
|
||||||
final String provider = SECRET_KEY_STORE_PROVIDERS.get(keystoreType);
|
|
||||||
if (provider == null) {
|
if (KeystoreType.BCFKS == keystoreType) {
|
||||||
|
return KeyStore.getInstance(keystoreType.getType(), BOUNCY_CASTLE_PROVIDER);
|
||||||
|
} else if (KeystoreType.PKCS12 == keystoreType) {
|
||||||
|
return KeyStore.getInstance(keystoreType.getType());
|
||||||
|
} else {
|
||||||
throw new KeyStoreException(String.format("Keystore Type [%s] does not support Secret Keys", keystoreType.getType()));
|
throw new KeyStoreException(String.format("Keystore Type [%s] does not support Secret Keys", keystoreType.getType()));
|
||||||
}
|
}
|
||||||
try {
|
|
||||||
return KeyStore.getInstance(keystoreType.getType(), provider);
|
|
||||||
} catch (final NoSuchProviderException e) {
|
|
||||||
throw new KeyStoreException(String.format("KeyStore Type [%s] Provider [%s] not found", keystoreType.getType(), provider), e);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -493,7 +462,7 @@ public class KeyStoreUtils {
|
||||||
* @return Secret Key Entry supported status
|
* @return Secret Key Entry supported status
|
||||||
*/
|
*/
|
||||||
public static boolean isSecretKeyEntrySupported(final KeystoreType keystoreType) {
|
public static boolean isSecretKeyEntrySupported(final KeystoreType keystoreType) {
|
||||||
return SECRET_KEY_STORE_PROVIDERS.containsKey(keystoreType);
|
return KeystoreType.BCFKS == keystoreType || KeystoreType.PKCS12 == keystoreType;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -23,7 +23,6 @@ import java.security.KeyPairGenerator;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.PrivateKey;
|
import java.security.PrivateKey;
|
||||||
import java.security.PublicKey;
|
import java.security.PublicKey;
|
||||||
import java.security.Security;
|
|
||||||
import java.security.SignatureException;
|
import java.security.SignatureException;
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
|
@ -39,18 +38,15 @@ import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
|
||||||
import org.bouncycastle.cert.X509CertificateHolder;
|
import org.bouncycastle.cert.X509CertificateHolder;
|
||||||
import org.bouncycastle.cert.X509v3CertificateBuilder;
|
import org.bouncycastle.cert.X509v3CertificateBuilder;
|
||||||
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
|
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
|
||||||
import org.bouncycastle.operator.ContentSigner;
|
import org.bouncycastle.operator.ContentSigner;
|
||||||
import org.bouncycastle.operator.OperatorCreationException;
|
import org.bouncycastle.operator.OperatorCreationException;
|
||||||
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
|
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
|
||||||
import org.junit.jupiter.api.BeforeAll;
|
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
|
||||||
|
|
||||||
public class OcspCertificateValidatorTest {
|
public class OcspCertificateValidatorTest {
|
||||||
private static final Logger logger = LoggerFactory.getLogger(OcspCertificateValidatorTest.class);
|
private static final Logger logger = LoggerFactory.getLogger(OcspCertificateValidatorTest.class);
|
||||||
|
@ -60,12 +56,6 @@ public class OcspCertificateValidatorTest {
|
||||||
private static final long YESTERDAY = System.currentTimeMillis() - 24 * 60 * 60 * 1000;
|
private static final long YESTERDAY = System.currentTimeMillis() - 24 * 60 * 60 * 1000;
|
||||||
private static final long ONE_YEAR_FROM_NOW = System.currentTimeMillis() + 365L * 24 * 60 * 60 * 1000;
|
private static final long ONE_YEAR_FROM_NOW = System.currentTimeMillis() + 365L * 24 * 60 * 60 * 1000;
|
||||||
private static final String SIGNATURE_ALGORITHM = "SHA256withRSA";
|
private static final String SIGNATURE_ALGORITHM = "SHA256withRSA";
|
||||||
private static final String PROVIDER = "BC";
|
|
||||||
|
|
||||||
@BeforeAll
|
|
||||||
public static void setUpOnce() {
|
|
||||||
Security.addProvider(new BouncyCastleProvider());
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Generates a public/private RSA keypair using the default key size.
|
* Generates a public/private RSA keypair using the default key size.
|
||||||
|
@ -108,7 +98,7 @@ public class OcspCertificateValidatorTest {
|
||||||
private static X509Certificate generateCertificate(String dn, KeyPair keyPair) throws IOException, CertificateException,
|
private static X509Certificate generateCertificate(String dn, KeyPair keyPair) throws IOException, CertificateException,
|
||||||
OperatorCreationException {
|
OperatorCreationException {
|
||||||
PrivateKey privateKey = keyPair.getPrivate();
|
PrivateKey privateKey = keyPair.getPrivate();
|
||||||
ContentSigner sigGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(PROVIDER).build(privateKey);
|
ContentSigner sigGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).build(privateKey);
|
||||||
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
|
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
|
||||||
Date startDate = new Date(YESTERDAY);
|
Date startDate = new Date(YESTERDAY);
|
||||||
Date endDate = new Date(ONE_YEAR_FROM_NOW);
|
Date endDate = new Date(ONE_YEAR_FROM_NOW);
|
||||||
|
@ -133,8 +123,7 @@ public class OcspCertificateValidatorTest {
|
||||||
|
|
||||||
// Sign the certificate
|
// Sign the certificate
|
||||||
X509CertificateHolder certificateHolder = certBuilder.build(sigGen);
|
X509CertificateHolder certificateHolder = certBuilder.build(sigGen);
|
||||||
return new JcaX509CertificateConverter().setProvider(PROVIDER)
|
return new JcaX509CertificateConverter().getCertificate(certificateHolder);
|
||||||
.getCertificate(certificateHolder);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -167,7 +156,7 @@ public class OcspCertificateValidatorTest {
|
||||||
*/
|
*/
|
||||||
private static X509Certificate generateIssuedCertificate(String dn, PublicKey publicKey, String issuerDn, PrivateKey issuerKey) throws
|
private static X509Certificate generateIssuedCertificate(String dn, PublicKey publicKey, String issuerDn, PrivateKey issuerKey) throws
|
||||||
CertificateException, OperatorCreationException {
|
CertificateException, OperatorCreationException {
|
||||||
ContentSigner sigGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(PROVIDER).build(issuerKey);
|
ContentSigner sigGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).build(issuerKey);
|
||||||
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
|
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(publicKey.getEncoded());
|
||||||
Date startDate = new Date(YESTERDAY);
|
Date startDate = new Date(YESTERDAY);
|
||||||
Date endDate = new Date(ONE_YEAR_FROM_NOW);
|
Date endDate = new Date(ONE_YEAR_FROM_NOW);
|
||||||
|
@ -180,8 +169,7 @@ public class OcspCertificateValidatorTest {
|
||||||
subPubKeyInfo);
|
subPubKeyInfo);
|
||||||
|
|
||||||
X509CertificateHolder certificateHolder = v3CertGen.build(sigGen);
|
X509CertificateHolder certificateHolder = v3CertGen.build(sigGen);
|
||||||
return new JcaX509CertificateConverter().setProvider(PROVIDER)
|
return new JcaX509CertificateConverter().getCertificate(certificateHolder);
|
||||||
.getCertificate(certificateHolder);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -237,7 +225,6 @@ public class OcspCertificateValidatorTest {
|
||||||
assertEquals(issuerDn, certificate.getIssuerX500Principal().getName());
|
assertEquals(issuerDn, certificate.getIssuerX500Principal().getName());
|
||||||
certificate.verify(issuerCertificate.getPublicKey());
|
certificate.verify(issuerCertificate.getPublicKey());
|
||||||
|
|
||||||
SignatureException se = assertThrows(SignatureException.class, () -> certificate.verify(certificate.getPublicKey()));
|
assertThrows(SignatureException.class, () -> certificate.verify(certificate.getPublicKey()));
|
||||||
assertTrue(se.getMessage().contains("certificate does not verify with supplied key"));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -17,7 +17,6 @@
|
||||||
|
|
||||||
package org.apache.nifi.processors.snowflake;
|
package org.apache.nifi.processors.snowflake;
|
||||||
|
|
||||||
import java.security.Security;
|
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
@ -29,17 +28,10 @@ import org.apache.nifi.processors.snowflake.util.SnowflakeAttributes;
|
||||||
import org.apache.nifi.processors.snowflake.util.SnowflakeInternalStageType;
|
import org.apache.nifi.processors.snowflake.util.SnowflakeInternalStageType;
|
||||||
import org.apache.nifi.util.TestRunner;
|
import org.apache.nifi.util.TestRunner;
|
||||||
import org.apache.nifi.util.TestRunners;
|
import org.apache.nifi.util.TestRunners;
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
|
||||||
import org.junit.jupiter.api.BeforeAll;
|
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
class SnowflakePipeIT implements SnowflakeConfigAware {
|
class SnowflakePipeIT implements SnowflakeConfigAware {
|
||||||
|
|
||||||
@BeforeAll
|
|
||||||
static void setUpOnce() {
|
|
||||||
Security.addProvider(new BouncyCastleProvider());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
void shouldPutIntoInternalStage() throws Exception {
|
void shouldPutIntoInternalStage() throws Exception {
|
||||||
final PutSnowflakeInternalStage processor = new PutSnowflakeInternalStage();
|
final PutSnowflakeInternalStage processor = new PutSnowflakeInternalStage();
|
||||||
|
|
|
@ -22,15 +22,12 @@ import org.apache.nifi.security.util.crypto.HashService;
|
||||||
import org.apache.nifi.util.MockFlowFile;
|
import org.apache.nifi.util.MockFlowFile;
|
||||||
import org.apache.nifi.util.TestRunner;
|
import org.apache.nifi.util.TestRunner;
|
||||||
import org.apache.nifi.util.TestRunners;
|
import org.apache.nifi.util.TestRunners;
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
|
||||||
import org.junit.jupiter.api.BeforeAll;
|
|
||||||
import org.junit.jupiter.api.BeforeEach;
|
import org.junit.jupiter.api.BeforeEach;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
import java.security.Security;
|
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
@ -41,11 +38,6 @@ import static org.junit.jupiter.api.Assertions.assertNotEquals;
|
||||||
public class CryptographicHashContentTest {
|
public class CryptographicHashContentTest {
|
||||||
private TestRunner runner;
|
private TestRunner runner;
|
||||||
|
|
||||||
@BeforeAll
|
|
||||||
static void setUpOnce() {
|
|
||||||
Security.addProvider(new BouncyCastleProvider());
|
|
||||||
}
|
|
||||||
|
|
||||||
@BeforeEach
|
@BeforeEach
|
||||||
void setupRunner() {
|
void setupRunner() {
|
||||||
runner = TestRunners.newTestRunner(new CryptographicHashContent());
|
runner = TestRunners.newTestRunner(new CryptographicHashContent());
|
||||||
|
|
|
@ -21,14 +21,12 @@ import org.apache.nifi.properties.SensitivePropertyProvider;
|
||||||
import org.apache.nifi.properties.SensitivePropertyProviderFactory;
|
import org.apache.nifi.properties.SensitivePropertyProviderFactory;
|
||||||
import org.apache.nifi.properties.StandardSensitivePropertyProviderFactory;
|
import org.apache.nifi.properties.StandardSensitivePropertyProviderFactory;
|
||||||
import org.apache.nifi.registry.properties.util.NiFiRegistryBootstrapUtils;
|
import org.apache.nifi.registry.properties.util.NiFiRegistryBootstrapUtils;
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.FileReader;
|
import java.io.FileReader;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.security.Security;
|
|
||||||
import java.util.Properties;
|
import java.util.Properties;
|
||||||
|
|
||||||
public class NiFiRegistryPropertiesLoader {
|
public class NiFiRegistryPropertiesLoader {
|
||||||
|
@ -125,7 +123,6 @@ public class NiFiRegistryPropertiesLoader {
|
||||||
public NiFiRegistryProperties load(final File file) {
|
public NiFiRegistryProperties load(final File file) {
|
||||||
final ProtectedNiFiRegistryProperties protectedNiFiProperties = readProtectedPropertiesFromDisk(file);
|
final ProtectedNiFiRegistryProperties protectedNiFiProperties = readProtectedPropertiesFromDisk(file);
|
||||||
if (protectedNiFiProperties.hasProtectedKeys()) {
|
if (protectedNiFiProperties.hasProtectedKeys()) {
|
||||||
Security.addProvider(new BouncyCastleProvider());
|
|
||||||
getSensitivePropertyProviderFactory()
|
getSensitivePropertyProviderFactory()
|
||||||
.getSupportedProviders()
|
.getSupportedProviders()
|
||||||
.forEach(protectedNiFiProperties::addSensitivePropertyProvider);
|
.forEach(protectedNiFiProperties::addSensitivePropertyProvider);
|
||||||
|
|
|
@ -17,42 +17,13 @@
|
||||||
|
|
||||||
package org.apache.nifi.registry.security.util;
|
package org.apache.nifi.registry.security.util;
|
||||||
|
|
||||||
import org.apache.commons.lang3.StringUtils;
|
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||||
import org.slf4j.Logger;
|
|
||||||
import org.slf4j.LoggerFactory;
|
|
||||||
|
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
import java.security.KeyStoreException;
|
import java.security.KeyStoreException;
|
||||||
import java.security.Security;
|
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
public class KeyStoreUtils {
|
public class KeyStoreUtils {
|
||||||
private static final Logger logger = LoggerFactory.getLogger(KeyStoreUtils.class);
|
private static final BouncyCastleProvider BOUNCY_CASTLE_PROVIDER = new BouncyCastleProvider();
|
||||||
|
|
||||||
private static final String SUN_SECURITY_PROVIDER = "SUN";
|
|
||||||
|
|
||||||
private static final Map<String, String> KEY_STORE_TYPE_PROVIDERS = new HashMap<>();
|
|
||||||
|
|
||||||
static {
|
|
||||||
Security.addProvider(new BouncyCastleProvider());
|
|
||||||
|
|
||||||
KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.JKS.toString(), SUN_SECURITY_PROVIDER);
|
|
||||||
KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.PKCS12.toString(), BouncyCastleProvider.PROVIDER_NAME);
|
|
||||||
KEY_STORE_TYPE_PROVIDERS.put(KeystoreType.BCFKS.toString(), BouncyCastleProvider.PROVIDER_NAME);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns the provider that will be used for the given keyStoreType
|
|
||||||
*
|
|
||||||
* @param keyStoreType the keyStoreType
|
|
||||||
* @return the provider that will be used
|
|
||||||
*/
|
|
||||||
public static String getKeyStoreProvider(final String keyStoreType) {
|
|
||||||
final String storeType = StringUtils.upperCase(keyStoreType);
|
|
||||||
return KEY_STORE_TYPE_PROVIDERS.get(storeType);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns an empty KeyStore backed by the appropriate provider
|
* Returns an empty KeyStore backed by the appropriate provider
|
||||||
|
@ -62,15 +33,10 @@ public class KeyStoreUtils {
|
||||||
* @throws KeyStoreException if a KeyStore of the given type cannot be instantiated
|
* @throws KeyStoreException if a KeyStore of the given type cannot be instantiated
|
||||||
*/
|
*/
|
||||||
public static KeyStore getKeyStore(final String keyStoreType) throws KeyStoreException {
|
public static KeyStore getKeyStore(final String keyStoreType) throws KeyStoreException {
|
||||||
final String keyStoreProvider = getKeyStoreProvider(keyStoreType);
|
if (KeystoreType.BCFKS.toString().equals(keyStoreType)) {
|
||||||
if (StringUtils.isNotEmpty(keyStoreProvider)) {
|
return KeyStore.getInstance(keyStoreType, BOUNCY_CASTLE_PROVIDER);
|
||||||
try {
|
} else {
|
||||||
return KeyStore.getInstance(keyStoreType, keyStoreProvider);
|
return KeyStore.getInstance(keyStoreType);
|
||||||
} catch (Exception e) {
|
|
||||||
logger.error("Unable to load " + keyStoreProvider + " " + keyStoreType
|
|
||||||
+ " keystore. This may cause issues getting trusted CA certificates as well as Certificate Chains for use in TLS.", e);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return KeyStore.getInstance(keyStoreType);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,7 +16,6 @@
|
||||||
*/
|
*/
|
||||||
package org.apache.nifi.registry.security.util;
|
package org.apache.nifi.registry.security.util;
|
||||||
|
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
|
@ -24,7 +23,6 @@ import java.security.KeyStoreException;
|
||||||
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||||
import static org.junit.jupiter.api.Assertions.assertNull;
|
|
||||||
|
|
||||||
public class KeyStoreUtilsTest {
|
public class KeyStoreUtilsTest {
|
||||||
|
|
||||||
|
@ -36,16 +34,4 @@ public class KeyStoreUtilsTest {
|
||||||
assertEquals(keystoreType.name(), keyStore.getType());
|
assertEquals(keystoreType.name(), keyStore.getType());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testGetKeyStoreProviderNullType() {
|
|
||||||
final String keyStoreProvider = KeyStoreUtils.getKeyStoreProvider(null);
|
|
||||||
assertNull(keyStoreProvider);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testGetKeyStoreProviderBouncyCastleProvider() {
|
|
||||||
final String keyStoreProvider = KeyStoreUtils.getKeyStoreProvider(KeystoreType.PKCS12.name());
|
|
||||||
assertEquals(BouncyCastleProvider.PROVIDER_NAME, keyStoreProvider);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -43,7 +43,6 @@ import org.apache.nifi.util.NiFiProperties
|
||||||
import org.apache.nifi.util.console.TextDevice
|
import org.apache.nifi.util.console.TextDevice
|
||||||
import org.apache.nifi.util.console.TextDevices
|
import org.apache.nifi.util.console.TextDevices
|
||||||
import org.bouncycastle.crypto.generators.SCrypt
|
import org.bouncycastle.crypto.generators.SCrypt
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider
|
|
||||||
import org.slf4j.Logger
|
import org.slf4j.Logger
|
||||||
import org.slf4j.LoggerFactory
|
import org.slf4j.LoggerFactory
|
||||||
import org.xml.sax.SAXException
|
import org.xml.sax.SAXException
|
||||||
|
@ -56,7 +55,6 @@ import java.nio.file.Path
|
||||||
import java.nio.file.Paths
|
import java.nio.file.Paths
|
||||||
import java.nio.file.StandardCopyOption
|
import java.nio.file.StandardCopyOption
|
||||||
import java.security.KeyException
|
import java.security.KeyException
|
||||||
import java.security.Security
|
|
||||||
import java.util.function.Supplier
|
import java.util.function.Supplier
|
||||||
import java.util.regex.Matcher
|
import java.util.regex.Matcher
|
||||||
import java.util.zip.GZIPInputStream
|
import java.util.zip.GZIPInputStream
|
||||||
|
@ -1348,8 +1346,6 @@ class ConfigEncryptionTool {
|
||||||
* @param args the command-line arguments
|
* @param args the command-line arguments
|
||||||
*/
|
*/
|
||||||
static void main(String[] args) {
|
static void main(String[] args) {
|
||||||
Security.addProvider(new BouncyCastleProvider())
|
|
||||||
|
|
||||||
ConfigEncryptionTool tool = new ConfigEncryptionTool()
|
ConfigEncryptionTool tool = new ConfigEncryptionTool()
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
|
@ -19,12 +19,9 @@ package org.apache.nifi.toolkit.encryptconfig
|
||||||
import org.apache.commons.cli.HelpFormatter
|
import org.apache.commons.cli.HelpFormatter
|
||||||
import org.apache.commons.cli.Options
|
import org.apache.commons.cli.Options
|
||||||
import org.apache.nifi.properties.ConfigEncryptionTool
|
import org.apache.nifi.properties.ConfigEncryptionTool
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider
|
|
||||||
import org.slf4j.Logger
|
import org.slf4j.Logger
|
||||||
import org.slf4j.LoggerFactory
|
import org.slf4j.LoggerFactory
|
||||||
|
|
||||||
import java.security.Security
|
|
||||||
|
|
||||||
class EncryptConfigMain {
|
class EncryptConfigMain {
|
||||||
|
|
||||||
private static final Logger logger = LoggerFactory.getLogger(EncryptConfigMain.class)
|
private static final Logger logger = LoggerFactory.getLogger(EncryptConfigMain.class)
|
||||||
|
@ -90,8 +87,6 @@ class EncryptConfigMain {
|
||||||
}
|
}
|
||||||
|
|
||||||
static void main(String[] args) {
|
static void main(String[] args) {
|
||||||
Security.addProvider(new BouncyCastleProvider())
|
|
||||||
|
|
||||||
if (args.length < 1) {
|
if (args.length < 1) {
|
||||||
printUsageAndExit(EXIT_STATUS_FAILURE)
|
printUsageAndExit(EXIT_STATUS_FAILURE)
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,10 +28,8 @@ import org.bouncycastle.asn1.x509.GeneralName;
|
||||||
import org.bouncycastle.asn1.x509.GeneralNames;
|
import org.bouncycastle.asn1.x509.GeneralNames;
|
||||||
import org.bouncycastle.cert.X509CertificateHolder;
|
import org.bouncycastle.cert.X509CertificateHolder;
|
||||||
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
|
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
|
||||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
|
||||||
import org.bouncycastle.openssl.PEMKeyPair;
|
import org.bouncycastle.openssl.PEMKeyPair;
|
||||||
import org.bouncycastle.openssl.PEMParser;
|
import org.bouncycastle.openssl.PEMParser;
|
||||||
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
|
|
||||||
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
|
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
|
||||||
import org.bouncycastle.util.IPAddress;
|
import org.bouncycastle.util.IPAddress;
|
||||||
import org.junit.jupiter.api.BeforeAll;
|
import org.junit.jupiter.api.BeforeAll;
|
||||||
|
@ -59,7 +57,6 @@ import java.security.KeyStoreException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.PrivateKey;
|
import java.security.PrivateKey;
|
||||||
import java.security.PublicKey;
|
import java.security.PublicKey;
|
||||||
import java.security.Security;
|
|
||||||
import java.security.UnrecoverableKeyException;
|
import java.security.UnrecoverableKeyException;
|
||||||
import java.security.cert.Certificate;
|
import java.security.cert.Certificate;
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
|
@ -89,25 +86,11 @@ public class TlsHelperTest {
|
||||||
private int keySize;
|
private int keySize;
|
||||||
private String keyPairAlgorithm;
|
private String keyPairAlgorithm;
|
||||||
|
|
||||||
public static KeyPair loadKeyPair(final Reader reader) throws IOException {
|
|
||||||
try (PEMParser pemParser = new PEMParser(reader)) {
|
|
||||||
Object object = pemParser.readObject();
|
|
||||||
assertEquals(PEMKeyPair.class, object.getClass());
|
|
||||||
return new JcaPEMKeyConverter().getKeyPair((PEMKeyPair) object);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static KeyPair loadKeyPair(File file) throws IOException {
|
|
||||||
try (final FileReader fileReader = new FileReader(file)) {
|
|
||||||
return loadKeyPair(fileReader);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public static X509Certificate loadCertificate(final Reader reader) throws IOException, CertificateException {
|
public static X509Certificate loadCertificate(final Reader reader) throws IOException, CertificateException {
|
||||||
try (PEMParser pemParser = new PEMParser(reader)) {
|
try (PEMParser pemParser = new PEMParser(reader)) {
|
||||||
Object object = pemParser.readObject();
|
Object object = pemParser.readObject();
|
||||||
assertEquals(X509CertificateHolder.class, object.getClass());
|
assertEquals(X509CertificateHolder.class, object.getClass());
|
||||||
return new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate((X509CertificateHolder) object);
|
return new JcaX509CertificateConverter().getCertificate((X509CertificateHolder) object);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -310,8 +293,6 @@ public class TlsHelperTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testOutputToFileTwoCertsAsPem(@TempDir final File folder) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException {
|
public void testOutputToFileTwoCertsAsPem(@TempDir final File folder) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException {
|
||||||
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
|
|
||||||
|
|
||||||
KeyStore keyStore = setupKeystore();
|
KeyStore keyStore = setupKeystore();
|
||||||
HashMap<String, Certificate> certs = TlsHelper.extractCerts(keyStore);
|
HashMap<String, Certificate> certs = TlsHelper.extractCerts(keyStore);
|
||||||
TlsHelper.outputCertsAsPem(certs, folder,".crt");
|
TlsHelper.outputCertsAsPem(certs, folder,".crt");
|
||||||
|
|
Loading…
Reference in New Issue