Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi/pull/695#discussion_r73251864
--- Diff:
nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java
---
@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.toolkit.tls.standalone;
+
+import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.toolkit.tls.configuration.TlsClientConfig;
+import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
+import org.apache.nifi.toolkit.tls.manager.TlsCertificateAuthorityManager;
+import org.apache.nifi.toolkit.tls.manager.TlsClientManager;
+import
org.apache.nifi.toolkit.tls.manager.writer.NifiPropertiesTlsClientConfigWriter;
+import org.apache.nifi.toolkit.tls.properties.NiFiPropertiesWriterFactory;
+import org.apache.nifi.toolkit.tls.util.OutputStreamFactory;
+import org.apache.nifi.toolkit.tls.util.TlsHelper;
+import org.bouncycastle.openssl.jcajce.JcaMiscPEMGenerator;
+import org.bouncycastle.util.io.pem.PemWriter;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.OutputStreamWriter;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+public class TlsToolkitStandalone {
+ public static final String NIFI_KEY = "nifi-key";
+ public static final String NIFI_CERT = "nifi-cert";
+ public static final String ROOT_CERT_PRIVATE_KEY = "rootCert.key";
+ public static final String ROOT_CERT_CRT = "rootCert.crt";
+ public static final String NIFI_PROPERTIES = "nifi.properties";
+
+ private final OutputStreamFactory outputStreamFactory;
+
+ public TlsToolkitStandalone() {
+ this(FileOutputStream::new);
+ }
+
+ public TlsToolkitStandalone(OutputStreamFactory outputStreamFactory) {
+ this.outputStreamFactory = outputStreamFactory;
+ }
+
+ public void createNifiKeystoresAndTrustStores(File baseDir, TlsConfig
tlsConfig, NiFiPropertiesWriterFactory niFiPropertiesWriterFactory,
List<String> hostnames, List<String> keyStorePasswords,
+ List<String>
keyPasswords, List<String> trustStorePasswords, String httpsPort) throws
GeneralSecurityException, IOException {
+ String signingAlgorithm = tlsConfig.getSigningAlgorithm();
+ int days = tlsConfig.getDays();
+ String keyPairAlgorithm = tlsConfig.getKeyPairAlgorithm();
+ int keySize = tlsConfig.getKeySize();
+ TlsCertificateAuthorityManager tlsCertificateAuthorityManager =
new TlsCertificateAuthorityManager(tlsConfig);
+ KeyStore.PrivateKeyEntry privateKeyEntry =
tlsCertificateAuthorityManager.getOrGenerateCertificateAuthority();
+ X509Certificate certificate = (X509Certificate)
privateKeyEntry.getCertificateChain()[0];
+ KeyPair caKeyPair = new KeyPair(certificate.getPublicKey(),
privateKeyEntry.getPrivateKey());
+
+ try (PemWriter pemWriter = new PemWriter(new
OutputStreamWriter(outputStreamFactory.create(new File(baseDir,
ROOT_CERT_CRT))))) {
+ pemWriter.writeObject(new JcaMiscPEMGenerator(certificate));
+ }
+
+ try (PemWriter pemWriter = new PemWriter(new
OutputStreamWriter(outputStreamFactory.create(new File(baseDir,
ROOT_CERT_PRIVATE_KEY))))) {
+ pemWriter.writeObject(new JcaMiscPEMGenerator(caKeyPair));
+ }
+
+ for (int i = 0; i < hostnames.size(); i++) {
+ String hostname = hostnames.get(i);
+ File hostDir = new File(baseDir, hostname);
+
+ if (!hostDir.mkdirs()) {
--- End diff --
If the directory already exists, this will return `false` and throw an
exception. Check if the directory exists and either log a warning before
clearing it, or skip generating that hostname's directory.
Example:
```bash
hw12203:...assembly/target/nifi-toolkit-1.0.0-SNAPSHOT-bin/nifi-toolkit-1.0.0-SNAPSHOT
(pr695) alopresto
ð 355s @ 15:34:06 $ ./bin/tls-toolkit.sh standalone -n host1, host2
hw12203:...assembly/target/nifi-toolkit-1.0.0-SNAPSHOT-bin/nifi-toolkit-1.0.0-SNAPSHOT
(pr695) alopresto
ð 15s @ 15:34:22 $ tree
.
âââ host1
â  âââ keystore.jks
â  âââ nifi.properties
â  âââ truststore.jks
âââ localhost
â  âââ keystore.jks
â  âââ nifi.properties
â  âââ truststore.jks
âââ rootCert.crt
âââ rootCert.key
5 directories, 37 files
hw12203:...assembly/target/nifi-toolkit-1.0.0-SNAPSHOT-bin/nifi-toolkit-1.0.0-SNAPSHOT
(pr695) alopresto
ð 65s @ 15:35:31 $ ./bin/tls-toolkit.sh standalone -n host1,host2
Error creating generating tls configuration. (Unable to make directory:
/Users/alopresto/Workspace/nifi/nifi-toolkit/nifi-toolkit-assembly/target/nifi-toolkit-1.0.0-SNAPSHOT-bin/nifi-toolkit-1.0.0-SNAPSHOT/./host1)
```
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
