NIFIREG-368 - Fixed a transposition of the key password and keystore password. Simplified the use of these variables a little bit. Added some unit tests.
NIFIREG-368 - Added license header.
diff --git a/nifi-registry-core/nifi-registry-jetty/pom.xml b/nifi-registry-core/nifi-registry-jetty/pom.xml
index 19021aa..e5415b4 100644
--- a/nifi-registry-core/nifi-registry-jetty/pom.xml
+++ b/nifi-registry-core/nifi-registry-jetty/pom.xml
@@ -62,5 +62,15 @@
<artifactId>apache-jstl</artifactId>
<scope>compile</scope>
</dependency>
+ <dependency>
+ <groupId>org.codehaus.groovy</groupId>
+ <artifactId>groovy-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
diff --git a/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java b/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java
index d20fce4..1b15f07 100644
--- a/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java
+++ b/nifi-registry-core/nifi-registry-jetty/src/main/java/org/apache/nifi/registry/jetty/JettyServer.java
@@ -113,6 +113,16 @@
}
/**
+ * Instantiates this object but does not perform any configuration. Used for unit testing.
+ */
+ JettyServer(Server server, NiFiRegistryProperties properties) {
+ this.server = server;
+ this.properties = properties;
+ this.masterKeyProvider = null;
+ this.docsLocation = null;
+ }
+
+ /**
* Returns a File object for the directory containing NIFI documentation.
* <p>
* Formerly, if the docsDirectory did not exist NIFI would fail to start
@@ -224,16 +234,18 @@
if (StringUtils.isNotBlank(properties.getKeyStoreType())) {
contextFactory.setKeyStoreType(properties.getKeyStoreType());
}
+
+
final String keystorePassword = properties.getKeyStorePassword();
final String keyPassword = properties.getKeyPassword();
- if (StringUtils.isNotBlank(keystorePassword)) {
- // if no key password was provided, then assume the keystore password is the same as the key password.
+
+ if (StringUtils.isEmpty(keystorePassword)) {
+ throw new IllegalArgumentException("The keystore password cannot be null or empty");
+ } else {
+ // if no key password was provided, then assume the key password is the same as the keystore password.
final String defaultKeyPassword = (StringUtils.isBlank(keyPassword)) ? keystorePassword : keyPassword;
- contextFactory.setKeyManagerPassword(keystorePassword);
- contextFactory.setKeyStorePassword(defaultKeyPassword);
- } else if (StringUtils.isNotBlank(keyPassword)) {
- // since no keystore password was provided, there will be no keystore integrity check
- contextFactory.setKeyStorePassword(keyPassword);
+ contextFactory.setKeyStorePassword(keystorePassword);
+ contextFactory.setKeyManagerPassword(defaultKeyPassword);
}
// truststore properties
diff --git a/nifi-registry-core/nifi-registry-jetty/src/test/groovy/org/apache/nifi/registry/jetty/JettyServerGroovyTest.groovy b/nifi-registry-core/nifi-registry-jetty/src/test/groovy/org/apache/nifi/registry/jetty/JettyServerGroovyTest.groovy
new file mode 100644
index 0000000..a96e5c1
--- /dev/null
+++ b/nifi-registry-core/nifi-registry-jetty/src/test/groovy/org/apache/nifi/registry/jetty/JettyServerGroovyTest.groovy
@@ -0,0 +1,136 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.registry.jetty
+
+import org.apache.nifi.registry.properties.NiFiRegistryProperties
+import org.eclipse.jetty.util.ssl.SslContextFactory
+import org.junit.Rule
+import org.junit.Test
+import org.junit.rules.ExpectedException
+import org.junit.runner.RunWith
+import org.mockito.junit.MockitoJUnitRunner
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+import org.eclipse.jetty.server.Server
+
+@RunWith(MockitoJUnitRunner.class)
+class JettyServerGroovyTest extends GroovyTestCase {
+
+ private static final Logger logger = LoggerFactory.getLogger(JettyServerGroovyTest.class)
+
+ private static final keyPassword = "keyPassword"
+ private static final keystorePassword = "keystorePassword"
+ private static final truststorePassword = "truststorePassword"
+ private static final matchingPassword = "thePassword"
+
+ @Test
+ void testCreateSslContextFactoryWithKeystoreAndKeypassword() throws Exception {
+
+ // Arrange
+ NiFiRegistryProperties properties = new NiFiRegistryProperties()
+ properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE, "src/test/resources/truststore.jks")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE_PASSWD, truststorePassword)
+ properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE_TYPE, "JKS")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE, "src/test/resources/keystoreDifferentPasswords.jks")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEY_PASSWD, keyPassword)
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE_PASSWD, keystorePassword)
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE_TYPE, "JKS")
+
+ Server internalServer = new Server()
+ JettyServer testServer = new JettyServer(internalServer, properties)
+
+ // Act
+ SslContextFactory sslContextFactory = testServer.createSslContextFactory()
+ sslContextFactory.start()
+
+ // Assert
+ assertNotNull(sslContextFactory)
+ assertNotNull(sslContextFactory.getSslContext())
+ }
+
+ @Test
+ void testCreateSslContextFactoryWithOnlyKeystorePassword() throws Exception {
+
+ // Arrange
+ NiFiRegistryProperties properties = new NiFiRegistryProperties()
+ properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE, "src/test/resources/truststore.jks")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE_PASSWD, truststorePassword)
+ properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE_TYPE, "JKS")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE, "src/test/resources/keystoreSamePassword.jks")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE_PASSWD, matchingPassword)
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE_TYPE, "JKS")
+
+ Server internalServer = new Server()
+ JettyServer testServer = new JettyServer(internalServer, properties)
+
+ // Act
+ SslContextFactory sslContextFactory = testServer.createSslContextFactory()
+ sslContextFactory.start()
+
+ // Assert
+ assertNotNull(sslContextFactory)
+ assertNotNull(sslContextFactory.getSslContext())
+ }
+
+ @Test
+ void testCreateSslContextFactoryWithMatchingPasswordsDefined() throws Exception {
+
+ // Arrange
+ NiFiRegistryProperties properties = new NiFiRegistryProperties()
+ properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE, "src/test/resources/truststore.jks")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE_PASSWD, truststorePassword)
+ properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE_TYPE, "JKS")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE, "src/test/resources/keystoreSamePassword.jks")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEY_PASSWD, matchingPassword)
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE_PASSWD, matchingPassword)
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE_TYPE, "JKS")
+
+ Server internalServer = new Server()
+ JettyServer testServer = new JettyServer(internalServer, properties)
+
+ // Act
+ SslContextFactory sslContextFactory = testServer.createSslContextFactory()
+ sslContextFactory.start()
+
+ // Assert
+ assertNotNull(sslContextFactory)
+ assertNotNull(sslContextFactory.getSslContext())
+ }
+
+ @Rule public ExpectedException exception = ExpectedException.none()
+
+ @Test
+ void testCreateSslContextFactoryWithNoKeystorePasswordFails() throws Exception {
+
+ // Arrange
+ exception.expect(IllegalArgumentException.class)
+ exception.expectMessage("The keystore password cannot be null or empty")
+
+ NiFiRegistryProperties properties = new NiFiRegistryProperties()
+ properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE, "src/test/resources/truststore.jks")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE_PASSWD, truststorePassword)
+ properties.setProperty(NiFiRegistryProperties.SECURITY_TRUSTSTORE_TYPE, "JKS")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE, "src/test/resources/keystoreSamePassword.jks")
+ properties.setProperty(NiFiRegistryProperties.SECURITY_KEYSTORE_TYPE, "JKS")
+
+ Server internalServer = new Server()
+ JettyServer testServer = new JettyServer(internalServer, properties)
+
+ // Act but expect exception
+ SslContextFactory sslContextFactory = testServer.createSslContextFactory()
+ }
+}
diff --git a/nifi-registry-core/nifi-registry-jetty/src/test/resources/keystoreDifferentPasswords.jks b/nifi-registry-core/nifi-registry-jetty/src/test/resources/keystoreDifferentPasswords.jks
new file mode 100644
index 0000000..98c8903
--- /dev/null
+++ b/nifi-registry-core/nifi-registry-jetty/src/test/resources/keystoreDifferentPasswords.jks
Binary files differ
diff --git a/nifi-registry-core/nifi-registry-jetty/src/test/resources/keystoreSamePassword.jks b/nifi-registry-core/nifi-registry-jetty/src/test/resources/keystoreSamePassword.jks
new file mode 100644
index 0000000..aeedd7f
--- /dev/null
+++ b/nifi-registry-core/nifi-registry-jetty/src/test/resources/keystoreSamePassword.jks
Binary files differ
diff --git a/nifi-registry-core/nifi-registry-jetty/src/test/resources/truststore.jks b/nifi-registry-core/nifi-registry-jetty/src/test/resources/truststore.jks
new file mode 100644
index 0000000..47c8e45
--- /dev/null
+++ b/nifi-registry-core/nifi-registry-jetty/src/test/resources/truststore.jks
Binary files differ
diff --git a/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/JettyITServerCustomizer.java b/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/JettyITServerCustomizer.java
index c0ff5b1..15bc848 100644
--- a/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/JettyITServerCustomizer.java
+++ b/nifi-registry-core/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/JettyITServerCustomizer.java
@@ -105,14 +105,14 @@
}
final String keystorePassword = properties.getKeyStorePassword();
final String keyPassword = properties.getKeyPassword();
- if (StringUtils.isNotBlank(keystorePassword)) {
- // if no key password was provided, then assume the keystore password is the same as the key password.
+
+ if (StringUtils.isEmpty(keystorePassword)) {
+ throw new IllegalArgumentException("The keystore password cannot be null or empty");
+ } else {
+ // if no key password was provided, then assume the key password is the same as the keystore password.
final String defaultKeyPassword = (StringUtils.isBlank(keyPassword)) ? keystorePassword : keyPassword;
- contextFactory.setKeyManagerPassword(keystorePassword);
- contextFactory.setKeyStorePassword(defaultKeyPassword);
- } else if (StringUtils.isNotBlank(keyPassword)) {
- // since no keystore password was provided, there will be no keystore integrity check
- contextFactory.setKeyStorePassword(keyPassword);
+ contextFactory.setKeyStorePassword(keystorePassword);
+ contextFactory.setKeyManagerPassword(defaultKeyPassword);
}
// truststore properties