[jira] [Commented] (NIFI-1355) Provide dynamic code-generated certificates for HTTP tests to avoid expiry

Wed, 03 Feb 2021 06:55:05 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17278047#comment-17278047
 ] 

ASF subversion and git services commented on NIFI-1355:
-------------------------------------------------------

Commit 6e1f737c53523843b7a3222d0c6dbc2d84e4aa09 in nifi's branch 
refs/heads/main from mtien
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=6e1f737 ]

NIFI-1355  Implemented new methods in KeyStoreUtils to 
programmatically-generate certificates, Keystores, and Truststores and return 
it wrapped in a TLS configuration.
Updated TestInvokeHTTP, TestInvokeHttpSSL, TestInvokeHttpTwoWaySSL, and 
TestListenHTTP to use new Keystore functionality.

NIFI-1355 Refactored and removed unnecessary unit tests in 
KeyStoreUtilsGroovyTest.

NIFI-1355 Added a password requirement when creating a new truststore.
Handled exception when loading a passwordless truststore type of Bouncy Castle 
PKCS12.

This closes #4801

Signed-off-by: David Handermann <[email protected]>


> Provide dynamic code-generated certificates for HTTP tests to avoid expiry
> --------------------------------------------------------------------------
>
>                 Key: NIFI-1355
>                 URL: https://issues.apache.org/jira/browse/NIFI-1355
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>    Affects Versions: 0.4.0, 0.4.1
>            Reporter: Andy LoPresto
>            Assignee: M Tien
>            Priority: Major
>              Labels: certificate, security, test
>          Time Spent: 7h 50m
>  Remaining Estimate: 0h
>
> As documented, the test certificates/keys used in the TestInvokeHttp and 
> TestInvokeHttpSSL tests expired in 2014. With the constant removal of 
> non-certificate based cipher suites from client libraries, the lack of valid 
> certificates meant that the Jetty server could not offer any compatible 
> cipher suites, and the tests failed. I manually generated and loaded new 
> certificates but they expire after 1 year. Adding code to dynamically 
> generate and load these certificates into the keystore and truststore would 
> remove this inconsistent blocker. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to