Github user alopresto commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2463#discussion_r167382434
  
    --- Diff: 
nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/util/TlsHelperTest.java
 ---
    @@ -171,6 +172,43 @@ private Date inFuture(int days) {
             return new Date(System.currentTimeMillis() + 
TimeUnit.DAYS.toMillis(days));
         }
     
    +    @Test
    +    public void testTokenLengthInCalculateHmac() throws 
CertificateException, NoSuchAlgorithmException {
    +        List<String> badTokens = new ArrayList<>();
    +        List<String> goodTokens = new ArrayList<>();
    +        badTokens.add(null);
    +        badTokens.add("");
    +        badTokens.add("123");
    +        goodTokens.add("0123456789abcdefghijklm");
    +        goodTokens.add("0123456789abcdef");
    +
    +        String dn = "CN=testDN,O=testOrg";
    +        X509Certificate x509Certificate = 
CertificateUtils.generateSelfSignedX509Certificate(TlsHelper.generateKeyPair(keyPairAlgorithm,
 keySize), dn, signingAlgorithm, days);
    +        PublicKey pubKey = x509Certificate.getPublicKey();
    +
    +        for (String token : badTokens) {
    +            try {
    +                TlsHelper.calculateHMac(token, pubKey);
    +                fail("HMAC was calculated with a token that was too 
short.");
    +            } catch (GeneralSecurityException e) {
    +                assertEquals("Token does not meet minimum size of 16 
bytes.", e.getMessage());
    +            } catch (IllegalArgumentException e) {
    +                assertEquals("Token cannot be null", e.getMessage());
    +            }
    +        }
    +
    +        for (String token : goodTokens) {
    +            try {
    +                byte[] hmac = TlsHelper.calculateHMac(token, pubKey);
    +                assertTrue("HMAC length ok", hmac.length > 0);
    +            } catch (GeneralSecurityException e) {
    +                fail(e.getMessage());
    +            }
    +        }
    +
    --- End diff --
    
    Please remove unnecessary whitespace. 


---

Reply via email to