Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-8956 Changed TestListenHTTP to expect IOException 

- Replaced expected SSLException with IOException in assertThrows
- Removed conditional override of jdk.tls.disabledAlgorithms in test SslContextUtils

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #5260.
This commit is contained in:
exceptionfactory 2021-07-28 17:57:22 -05:00 committed by Pierre Villard
parent 2daac5714a
commit f539d9886e
No known key found for this signature in database
GPG Key ID: F92A93B30C07C6D5
2 changed files with 2 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenHTTP.java
View File

@ -31,7 +31,6 @@ import java.util.List;
import java.util.Optional;
import java.util.Random;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
@ -391,7 +390,7 @@ public class TestListenHTTP {
public void testSecureServerTrustStoreConfiguredClientAuthenticationRequired() throws Exception {
configureProcessorSslContextService(ListenHTTP.ClientAuthentication.REQUIRED, serverConfiguration);
startSecureServer();
assertThrows(SSLException.class, () -> postMessage(null, true, false));
assertThrows(IOException.class, () -> postMessage(null, true, false));
}
@Test
@ -493,7 +492,7 @@ public class TestListenHTTP {
startWebServer();
}
private int postMessage(String message, boolean secure, boolean clientAuthRequired) throws Exception {
private int postMessage(String message, boolean secure, boolean clientAuthRequired) throws IOException {
final OkHttpClient okHttpClient = getOkHttpClient(secure, clientAuthRequired);
final Request.Builder requestBuilder = new Request.Builder();
final String url = buildUrl(secure);

20
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-web-test-utils/src/main/java/org/apache/nifi/web/util/ssl/SslContextUtils.java
View File

@ -22,31 +22,11 @@ import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.net.ssl.SSLContext;
import java.io.File;
import java.security.Security;
public class SslContextUtils {
private static final Logger LOGGER = LoggerFactory.getLogger(SslContextUtils.class);
private static final String TLS_DISABLED_ALGORITHMS_PROPERTY = "jdk.tls.disabledAlgorithms";
private static final String DISABLED_ALGORITHMS = "SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, include jdk.disabled.namedCurves";
static {
final String disabledAlgorithms = Security.getProperty(TLS_DISABLED_ALGORITHMS_PROPERTY);
if (DISABLED_ALGORITHMS.equals(disabledAlgorithms)) {
LOGGER.debug("Found Expected Default TLS Disabled Algorithms: {}", DISABLED_ALGORITHMS);
} else {
LOGGER.warn("Found System Default TLS Disabled Algorithms: {}", disabledAlgorithms);
LOGGER.warn("Setting TLS Disabled Algorithms: {}", DISABLED_ALGORITHMS);
Security.setProperty(TLS_DISABLED_ALGORITHMS_PROPERTY, DISABLED_ALGORITHMS);
}
}
private static final String KEYSTORE_PATH = "src/test/resources/keystore.jks";
private static final String KEYSTORE_AND_TRUSTSTORE_PASSWORD = "passwordpassword";