[
https://issues.apache.org/jira/browse/NIFI-1753?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andy LoPresto updated NIFI-1753:
--------------------------------
Description:
There are multiple instances throughout the codebase [1][2] where legacy
{{javax.security.cert.X509Certificate}} class is used rather than the current
(Java SE 6) {{java.security.cert.X509Certificate}}. The {{javax.*}} classes are
provided for legacy compatibility with JSSE [3][4]. This can manifest as an
exception:
{{java.lang.ClassCastException: [Ljava.security.cert.X509Certificate; cannot be
cast to [Ljavax.security.cert.X509Certificate}}
The {{CertificateFactory}} class allows conversion to the new format.
[1]
https://git1-us-west.apache.org/repos/asf?p=nifi.git;a=blob;f=nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java;hb=ffbfffce
[2
]https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/HandleHttpRequest.java#L40
[3] http://stackoverflow.com/a/24600621/70465
[4]
https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSession.html#getPeerCertificates%28%29
was:
There are multiple instances throughout the codebase [1][2] where legacy
`javax.security.cert.X509Certificate` class is used rather than the current
(Java SE 6) `java.security.cert.X509Certificate`. The `javax.*` classes are
provided for legacy compatibility with JSSE [3][4]. This can manifest as an
exception:
`java.lang.ClassCastException: [Ljava.security.cert.X509Certificate; cannot be
cast to [Ljavax.security.cert.X509Certificate`
The `CertificateFactory` class allows conversion to the new format.
[1]
https://git1-us-west.apache.org/repos/asf?p=nifi.git;a=blob;f=nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java;hb=ffbfffce
[2
]https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/HandleHttpRequest.java#L40
[3] http://stackoverflow.com/a/24600621/70465
[4]
https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSession.html#getPeerCertificates%28%29
> Legacy X.509 certificate handling code should be upgraded
> ---------------------------------------------------------
>
> Key: NIFI-1753
> URL: https://issues.apache.org/jira/browse/NIFI-1753
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 0.6.1
> Reporter: Andy LoPresto
> Assignee: Andy LoPresto
>
> There are multiple instances throughout the codebase [1][2] where legacy
> {{javax.security.cert.X509Certificate}} class is used rather than the current
> (Java SE 6) {{java.security.cert.X509Certificate}}. The {{javax.*}} classes
> are provided for legacy compatibility with JSSE [3][4]. This can manifest as
> an exception:
> {{java.lang.ClassCastException: [Ljava.security.cert.X509Certificate; cannot
> be cast to [Ljavax.security.cert.X509Certificate}}
> The {{CertificateFactory}} class allows conversion to the new format.
> [1]
> https://git1-us-west.apache.org/repos/asf?p=nifi.git;a=blob;f=nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java;hb=ffbfffce
> [2
> ]https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/HandleHttpRequest.java#L40
> [3] http://stackoverflow.com/a/24600621/70465
> [4]
> https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSession.html#getPeerCertificates%28%29
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
