[nifi] branch support/nifi-1.x updated: NIFI-11679 Refactored EncryptedRepoContentAccessIT Configuration (#7369)

Tue, 13 Jun 2023 08:09:03 -0700 

This is an automated email from the ASF dual-hosted git repository.

markap14 pushed a commit to branch support/nifi-1.x
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/support/nifi-1.x by this push:
     new e5474f7d22 NIFI-11679 Refactored EncryptedRepoContentAccessIT 
Configuration (#7369)
e5474f7d22 is described below

commit e5474f7d221644db7f2cac4d794344adbf486470
Author: exceptionfactory <[email protected]>
AuthorDate: Tue Jun 13 10:06:45 2023 -0500

    NIFI-11679 Refactored EncryptedRepoContentAccessIT Configuration (#7369)
---
 .../repositories/EncryptedRepoContentAccessIT.java | 56 ++++++++++++++++++++--
 1 file changed, 52 insertions(+), 4 deletions(-)

diff --git 
a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/repositories/EncryptedRepoContentAccessIT.java
 
b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/repositories/EncryptedRepoContentAccessIT.java
index 2cfdb44473..6fb10f6fd9 100644
--- 
a/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/repositories/EncryptedRepoContentAccessIT.java
+++ 
b/nifi-system-tests/nifi-system-test-suite/src/test/java/org/apache/nifi/tests/system/repositories/EncryptedRepoContentAccessIT.java
@@ -17,17 +17,65 @@
 
 package org.apache.nifi.tests.system.repositories;
 
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.io.TempDir;
+
+import javax.crypto.spec.SecretKeySpec;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.SecureRandom;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.UUID;
 
 public class EncryptedRepoContentAccessIT extends ContentAccessIT {
+    private static final String KEYSTORE_CREDENTIALS = 
UUID.randomUUID().toString();
+
+    private static final String KEYSTORE_NAME = "repository.p12";
+
+    private static final String KEY_ID = "primary-key";
+
+    private static final String KEYSTORE_TYPE = "PKCS12";
+
+    private static final int KEY_LENGTH = 32;
+
+    private static final String KEY_ALGORITHM = "AES";
+
+    private static Path keyStorePath;
+
+    @BeforeAll
+    public static void setRepositoryKeystore(@TempDir final Path 
temporaryDirectory) throws GeneralSecurityException, IOException {
+        keyStorePath = temporaryDirectory.resolve(KEYSTORE_NAME);
+
+        final SecureRandom secureRandom = new SecureRandom();
+        final byte[] key = new byte[KEY_LENGTH];
+        secureRandom.nextBytes(key);
+        final SecretKeySpec secretKeySpec = new SecretKeySpec(key, 
KEY_ALGORITHM);
+
+        final KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
+        keyStore.load(null);
+
+        final KeyStore.SecretKeyEntry secretKeyEntry = new 
KeyStore.SecretKeyEntry(secretKeySpec);
+        final KeyStore.PasswordProtection passwordProtection = new 
KeyStore.PasswordProtection(KEYSTORE_CREDENTIALS.toCharArray());
+        keyStore.setEntry(KEY_ID, secretKeyEntry, passwordProtection);
+
+        try (final OutputStream outputStream = 
Files.newOutputStream(keyStorePath)) {
+            keyStore.store(outputStream, KEYSTORE_CREDENTIALS.toCharArray());
+        }
+    }
+
     @Override
     protected Map<String, String> getNifiPropertiesOverrides() {
         final Map<String, String> encryptedRepoProperties = new HashMap<>();
-        encryptedRepoProperties.put("nifi.content.repository.implementation", 
"org.apache.nifi.controller.repository.crypto.EncryptedFileSystemRepository");
-        encryptedRepoProperties.put("nifi.content.repository.encryption.key", 
"0123456789ABCDEFFEDCBA9876543210");
-        
encryptedRepoProperties.put("nifi.content.repository.encryption.key.id", "k1");
-        
encryptedRepoProperties.put("nifi.content.repository.encryption.key.provider.implementation",
 "StaticKeyProvider");
+        
encryptedRepoProperties.put("nifi.repository.encryption.protocol.version", "1");
+        encryptedRepoProperties.put("nifi.repository.encryption.key.id", 
KEY_ID);
+        encryptedRepoProperties.put("nifi.repository.encryption.key.provider", 
"KEYSTORE");
+        
encryptedRepoProperties.put("nifi.repository.encryption.key.provider.keystore.location",
 keyStorePath.toString());
+        
encryptedRepoProperties.put("nifi.repository.encryption.key.provider.keystore.password",
 KEYSTORE_CREDENTIALS);
         return encryptedRepoProperties;
     }
 }

Reply via email to