This is an automated email from the ASF dual-hosted git repository.
bbende pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi-registry.git
The following commit(s) were added to refs/heads/master by this push:
new 564cc86 NIFIREG-368 - Fixed a transposition of the key password and
keystore password. Simplified the use of these variables a little bit. Added
some unit tests.
564cc86 is described below
commit 564cc86d09c526bcc02f914195dfe78c78fb6b38
Author: Nathan Gough <[email protected]>
AuthorDate: Thu May 21 23:49:42 2020 -0400
NIFIREG-368 - Fixed a transposition of the key password and keystore
password. Simplified the use of these variables a little bit. Added some unit
tests.
NIFIREG-368 - Added license header.
---
nifi-registry-core/nifi-registry-jetty/pom.xml | 10 ++
.../apache/nifi/registry/jetty/JettyServer.java | 26 ++--
.../registry/jetty/JettyServerGroovyTest.groovy | 136 +++++++++++++++++++++
.../test/resources/keystoreDifferentPasswords.jks | Bin 0 -> 3128 bytes
.../src/test/resources/keystoreSamePassword.jks | Bin 0 -> 3128 bytes
.../src/test/resources/truststore.jks | Bin 0 -> 935 bytes
.../nifi/registry/web/JettyITServerCustomizer.java | 14 +--
7 files changed, 172 insertions(+), 14 deletions(-)
diff --git a/nifi-registry-core/nifi-registry-jetty/pom.xml
b/nifi-registry-core/nifi-registry-jetty/pom.xml
index 19021aa..e5415b4 100644
--- a/nifi-registry-core/nifi-registry-jetty/pom.xml
+++ b/nifi-registry-core/nifi-registry-jetty/pom.xml
@@ -62,5 +62,15 @@
<artifactId>apache-jstl</artifactId>
<scope>compile</scope>
</dependency>
+ <dependency>
+ <groupId>org.codehaus.groovy</groupId>
+ <artifactId>groovy-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
diff --git
a/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java
b/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java
index d20fce4..1b15f07 100644
---
a/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java
+++
b/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java
@@ -113,6 +113,16 @@ public class JettyServer {
}
/**
+ * Instantiates this object but does not perform any configuration. Used
for unit testing.
+ */
+ JettyServer(Server server, NiFiRegistryProperties properties) {
+ this.server = server;
+ this.properties = properties;
+ this.masterKeyProvider = null;
+ this.docsLocation = null;
+ }
+
+ /**
* Returns a File object for the directory containing NIFI documentation.
* <p>
* Formerly, if the docsDirectory did not exist NIFI would fail to start
@@ -224,16 +234,18 @@ public class JettyServer {
if (StringUtils.isNotBlank(properties.getKeyStoreType())) {
contextFactory.setKeyStoreType(properties.getKeyStoreType());
}
+
+
final String keystorePassword = properties.getKeyStorePassword();
final String keyPassword = properties.getKeyPassword();
- if (StringUtils.isNotBlank(keystorePassword)) {
- // if no key password was provided, then assume the keystore
password is the same as the key password.
+
+ if (StringUtils.isEmpty(keystorePassword)) {
+ throw new IllegalArgumentException("The keystore password cannot
be null or empty");
+ } else {
+ // if no key password was provided, then assume the key password
is the same as the keystore password.
final String defaultKeyPassword =
(StringUtils.isBlank(keyPassword)) ? keystorePassword : keyPassword;
- contextFactory.setKeyManagerPassword(keystorePassword);
- contextFactory.setKeyStorePassword(defaultKeyPassword);
- } else if (StringUtils.isNotBlank(keyPassword)) {
- // since no keystore password was provided, there will be no
keystore integrity check
- contextFactory.setKeyStorePassword(keyPassword);
+ contextFactory.setKeyStorePassword(keystorePassword);
+ contextFactory.setKeyManagerPassword(defaultKeyPassword);
}
// truststore properties
diff --git
a/nifi-registry-core/nifi-registry-jetty/src/test/groovy/org/apache/nifi/registry/jetty/JettyServerGroovyTest.groovy
b/nifi-registry-core/nifi-registry-jetty/src/test/groovy/org/apache/nifi/registry/jetty/JettyServerGroovyTest.groovy
new file mode 100644
index 0000000..a96e5c1
--- /dev/null
+++
b/nifi-registry-core/nifi-registry-jetty/src/test/groovy/org/apache/nifi/registry/jetty/JettyServerGroovyTest.groovy
@@ -0,0 +1,136 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.registry.jetty
+
+import org.apache.nifi.registry.properties.NiFiRegistryProperties
+import org.eclipse.jetty.util.ssl.SslContextFactory
+import org.junit.Rule
+import org.junit.Test
+import org.junit.rules.ExpectedException
+import org.junit.runner.RunWith
+import org.mockito.junit.MockitoJUnitRunner
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+import org.eclipse.jetty.server.Server
+
+@RunWith(MockitoJUnitRunner.class)
+class JettyServerGroovyTest extends GroovyTestCase {
+
+ private static final Logger logger =
LoggerFactory.getLogger(JettyServerGroovyTest.class)
+
+ private static final keyPassword = "keyPassword"
+ private static final keystorePassword = "keystorePassword"
+ private static final truststorePassword = "truststorePassword"
+ private static final matchingPassword = "thePassword"
+
+ @Test
+ void testCreateSslContextFactoryWithKeystoreAndKeypassword() throws
Exception {
+
+ // Arrange
+ NiFiRegistryProperties properties = new NiFiRegistryProperties()
+ properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE,
"src/test/resources/truststore.jks")
+
properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE_PASSWD,
truststorePassword)
+
properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE_TYPE, "JKS")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE,
"src/test/resources/keystoreDifferentPasswords.jks")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEY_PASSWD,
keyPassword)
+
properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE_PASSWD,
keystorePassword)
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE_TYPE,
"JKS")
+
+ Server internalServer = new Server()
+ JettyServer testServer = new JettyServer(internalServer, properties)
+
+ // Act
+ SslContextFactory sslContextFactory =
testServer.createSslContextFactory()
+ sslContextFactory.start()
+
+ // Assert
+ assertNotNull(sslContextFactory)
+ assertNotNull(sslContextFactory.getSslContext())
+ }
+
+ @Test
+ void testCreateSslContextFactoryWithOnlyKeystorePassword() throws
Exception {
+
+ // Arrange
+ NiFiRegistryProperties properties = new NiFiRegistryProperties()
+ properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE,
"src/test/resources/truststore.jks")
+
properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE_PASSWD,
truststorePassword)
+
properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE_TYPE, "JKS")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE,
"src/test/resources/keystoreSamePassword.jks")
+
properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE_PASSWD,
matchingPassword)
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE_TYPE,
"JKS")
+
+ Server internalServer = new Server()
+ JettyServer testServer = new JettyServer(internalServer, properties)
+
+ // Act
+ SslContextFactory sslContextFactory =
testServer.createSslContextFactory()
+ sslContextFactory.start()
+
+ // Assert
+ assertNotNull(sslContextFactory)
+ assertNotNull(sslContextFactory.getSslContext())
+ }
+
+ @Test
+ void testCreateSslContextFactoryWithMatchingPasswordsDefined() throws
Exception {
+
+ // Arrange
+ NiFiRegistryProperties properties = new NiFiRegistryProperties()
+ properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE,
"src/test/resources/truststore.jks")
+
properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE_PASSWD,
truststorePassword)
+
properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE_TYPE, "JKS")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE,
"src/test/resources/keystoreSamePassword.jks")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEY_PASSWD,
matchingPassword)
+
properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE_PASSWD,
matchingPassword)
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE_TYPE,
"JKS")
+
+ Server internalServer = new Server()
+ JettyServer testServer = new JettyServer(internalServer, properties)
+
+ // Act
+ SslContextFactory sslContextFactory =
testServer.createSslContextFactory()
+ sslContextFactory.start()
+
+ // Assert
+ assertNotNull(sslContextFactory)
+ assertNotNull(sslContextFactory.getSslContext())
+ }
+
+ @Rule public ExpectedException exception = ExpectedException.none()
+
+ @Test
+ void testCreateSslContextFactoryWithNoKeystorePasswordFails() throws
Exception {
+
+ // Arrange
+ exception.expect(IllegalArgumentException.class)
+ exception.expectMessage("The keystore password cannot be null or
empty")
+
+ NiFiRegistryProperties properties = new NiFiRegistryProperties()
+ properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE,
"src/test/resources/truststore.jks")
+
properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE_PASSWD,
truststorePassword)
+
properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE_TYPE, "JKS")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE,
"src/test/resources/keystoreSamePassword.jks")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE_TYPE,
"JKS")
+
+ Server internalServer = new Server()
+ JettyServer testServer = new JettyServer(internalServer, properties)
+
+ // Act but expect exception
+ SslContextFactory sslContextFactory =
testServer.createSslContextFactory()
+ }
+}
diff --git
a/nifi-registry-core/nifi-registry-jetty/src/test/resources/keystoreDifferentPasswords.jks
b/nifi-registry-core/nifi-registry-jetty/src/test/resources/keystoreDifferentPasswords.jks
new file mode 100644
index 0000000..98c8903
Binary files /dev/null and
b/nifi-registry-core/nifi-registry-jetty/src/test/resources/keystoreDifferentPasswords.jks
differ
diff --git
a/nifi-registry-core/nifi-registry-jetty/src/test/resources/keystoreSamePassword.jks
b/nifi-registry-core/nifi-registry-jetty/src/test/resources/keystoreSamePassword.jks
new file mode 100644
index 0000000..aeedd7f
Binary files /dev/null and
b/nifi-registry-core/nifi-registry-jetty/src/test/resources/keystoreSamePassword.jks
differ
diff --git
a/nifi-registry-core/nifi-registry-jetty/src/test/resources/truststore.jks
b/nifi-registry-core/nifi-registry-jetty/src/test/resources/truststore.jks
new file mode 100644
index 0000000..47c8e45
Binary files /dev/null and
b/nifi-registry-core/nifi-registry-jetty/src/test/resources/truststore.jks
differ
diff --git
a/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/JettyITServerCustomizer.java
b/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/JettyITServerCustomizer.java
index c0ff5b1..15bc848 100644
---
a/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/JettyITServerCustomizer.java
+++
b/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/JettyITServerCustomizer.java
@@ -105,14 +105,14 @@ public class JettyITServerCustomizer implements
WebServerFactoryCustomizer<Jetty
}
final String keystorePassword = properties.getKeyStorePassword();
final String keyPassword = properties.getKeyPassword();
- if (StringUtils.isNotBlank(keystorePassword)) {
- // if no key password was provided, then assume the keystore
password is the same as the key password.
+
+ if (StringUtils.isEmpty(keystorePassword)) {
+ throw new IllegalArgumentException("The keystore password cannot
be null or empty");
+ } else {
+ // if no key password was provided, then assume the key password
is the same as the keystore password.
final String defaultKeyPassword =
(StringUtils.isBlank(keyPassword)) ? keystorePassword : keyPassword;
- contextFactory.setKeyManagerPassword(keystorePassword);
- contextFactory.setKeyStorePassword(defaultKeyPassword);
- } else if (StringUtils.isNotBlank(keyPassword)) {
- // since no keystore password was provided, there will be no
keystore integrity check
- contextFactory.setKeyStorePassword(keyPassword);
+ contextFactory.setKeyStorePassword(keystorePassword);
+ contextFactory.setKeyManagerPassword(defaultKeyPassword);
}
// truststore properties
