This is an automated email from the ASF dual-hosted git repository.
thenatog pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/master by this push:
new 25d8f64 NIFI-6178: Implemented capability to add IP SANs to certs
Regenerated test certs for nifi-livy-processors and nifi-standard-processors to
fix some broken SSL tests in those modules
25d8f64 is described below
commit 25d8f64bedc3867f8eab7cd74166cc22edb91527
Author: Jeff Storck <[email protected]>
AuthorDate: Wed Apr 3 01:06:04 2019 -0400
NIFI-6178: Implemented capability to add IP SANs to certs
Regenerated test certs for nifi-livy-processors and
nifi-standard-processors to fix some broken SSL tests in those modules
This closes #3416.
---
.../src/test/resources/keystore.jks | Bin 3088 -> 3095 bytes
.../src/test/resources/truststore.jks | Bin 911 -> 911 bytes
.../src/test/resources/keystore.jks | Bin 3088 -> 3095 bytes
.../src/test/resources/truststore.jks | Bin 911 -> 911 bytes
.../org/apache/nifi/toolkit/tls/util/TlsHelper.java | 3 ++-
.../apache/nifi/toolkit/tls/util/TlsHelperTest.java | 5 ++++-
6 files changed, 6 insertions(+), 2 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-spark-bundle/nifi-livy-processors/src/test/resources/keystore.jks
b/nifi-nar-bundles/nifi-spark-bundle/nifi-livy-processors/src/test/resources/keystore.jks
index 246fe88..5f3cbe3 100644
Binary files
a/nifi-nar-bundles/nifi-spark-bundle/nifi-livy-processors/src/test/resources/keystore.jks
and
b/nifi-nar-bundles/nifi-spark-bundle/nifi-livy-processors/src/test/resources/keystore.jks
differ
diff --git
a/nifi-nar-bundles/nifi-spark-bundle/nifi-livy-processors/src/test/resources/truststore.jks
b/nifi-nar-bundles/nifi-spark-bundle/nifi-livy-processors/src/test/resources/truststore.jks
index 87f4be1..d26ec92 100644
Binary files
a/nifi-nar-bundles/nifi-spark-bundle/nifi-livy-processors/src/test/resources/truststore.jks
and
b/nifi-nar-bundles/nifi-spark-bundle/nifi-livy-processors/src/test/resources/truststore.jks
differ
diff --git
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/resources/keystore.jks
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/resources/keystore.jks
index 246fe88..5f3cbe3 100644
Binary files
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/resources/keystore.jks
and
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/resources/keystore.jks
differ
diff --git
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/resources/truststore.jks
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/resources/truststore.jks
index 87f4be1..d26ec92 100644
Binary files
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/resources/truststore.jks
and
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/resources/truststore.jks
differ
diff --git
a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/util/TlsHelper.java
b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/util/TlsHelper.java
index 3d6d5c5..3ce3897 100644
---
a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/util/TlsHelper.java
+++
b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/util/TlsHelper.java
@@ -49,6 +49,7 @@ import
org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
+import org.bouncycastle.util.IPAddress;
import org.bouncycastle.util.io.pem.PemWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -366,7 +367,7 @@ public class TlsHelper {
if (StringUtils.isNotBlank(domainAlternativeNames)) {
for (String alternativeName : domainAlternativeNames.split(",")) {
- namesList.add(new GeneralName(GeneralName.dNSName,
alternativeName));
+ namesList.add(new
GeneralName(IPAddress.isValid(alternativeName) ? GeneralName.iPAddress :
GeneralName.dNSName, alternativeName));
}
}
diff --git
a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/util/TlsHelperTest.java
b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/util/TlsHelperTest.java
index 5ed4e91..490a3b7 100644
---
a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/util/TlsHelperTest.java
+++
b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/util/TlsHelperTest.java
@@ -34,6 +34,7 @@ import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
+import org.bouncycastle.util.IPAddress;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
@@ -373,7 +374,9 @@ public class TlsHelperTest {
List<String> extractedSans = extractSanFromCsr(csrWithSan);
assert extractedSans.size() == SAN_COUNT + 1;
- List<String> formattedSans = SAN_ENTRIES.stream().map(s -> "DNS: " +
s).collect(Collectors.toList());
+ List<String> formattedSans = SAN_ENTRIES.stream()
+ .map(s -> (IPAddress.isValid(s) ? "IP Address: " + new
GeneralName(GeneralName.iPAddress, s).getName() : "DNS: " + s))
+ .collect(Collectors.toList());
assert extractedSans.containsAll(formattedSans);
// We check that the SANs also contain the CN
