NIFI-13874 Refactored KeyStore and SSLContext Creation for Tests

- Added EphemeralKeyStoreBuilder to nifi-security-ssl - Removed nifi-security-utils - Moved StandardTlsConfiguration to nifi-ssl-context-service - Refactored tests to use EphemeralKeyStoreBuilder and nifi-security-cert-builder for TLS
exceptionfactory · Oct 15, 2024 · bb7fab6 · bb7fab6
1 parent cc5a363
commit bb7fab6
Show file tree

Hide file tree

Showing 65 changed files with 1,546 additions and 2,121 deletions.
diff --git a/minifi/minifi-bootstrap/pom.xml b/minifi/minifi-bootstrap/pom.xml
@@ -51,11 +51,6 @@ limitations under the License.
             <artifactId>nifi-utils</artifactId>
             <version>2.0.0-SNAPSHOT</version>
         </dependency>
-        <dependency>
-            <groupId>org.apache.nifi</groupId>
-            <artifactId>nifi-security-ssl</artifactId>
-            <version>2.0.0-SNAPSHOT</version>
-        </dependency>
         <dependency>
             <groupId>org.apache.nifi</groupId>
             <artifactId>c2-protocol-api</artifactId>
@@ -125,12 +120,6 @@ limitations under the License.
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-annotations</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.apache.nifi</groupId>
-            <artifactId>nifi-security-utils</artifactId>
-            <version>2.0.0-SNAPSHOT</version>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk18on</artifactId>

diff --git a/...a/org/apache/nifi/minifi/bootstrap/configuration/ingestors/RestChangeIngestorSSLTest.java b/...a/org/apache/nifi/minifi/bootstrap/configuration/ingestors/RestChangeIngestorSSLTest.java
diff --git a/minifi/minifi-nar-bundles/minifi-framework-bundle/pom.xml b/minifi/minifi-nar-bundles/minifi-framework-bundle/pom.xml
@@ -59,11 +59,6 @@ limitations under the License.
                 <artifactId>nifi-framework-nar-loading-utils</artifactId>
                 <version>2.0.0-SNAPSHOT</version>
             </dependency>
-            <dependency>
-                <groupId>org.apache.nifi</groupId>
-                <artifactId>nifi-security-utils</artifactId>
-                <version>2.0.0-SNAPSHOT</version>
-            </dependency>
             <dependency>
                 <groupId>org.apache.nifi</groupId>
                 <artifactId>nifi-security-utils-api</artifactId>

diff --git a/nifi-code-coverage/pom.xml b/nifi-code-coverage/pom.xml
@@ -352,11 +352,6 @@
             <artifactId>nifi-security-ssl</artifactId>
             <version>2.0.0-SNAPSHOT</version>
         </dependency>
-        <dependency>
-            <groupId>org.apache.nifi</groupId>
-            <artifactId>nifi-security-utils</artifactId>
-            <version>2.0.0-SNAPSHOT</version>
-        </dependency>
         <dependency>
             <groupId>org.apache.nifi</groupId>
             <artifactId>nifi-security-utils-api</artifactId>

diff --git a/nifi-commons/nifi-hashicorp-vault/pom.xml b/nifi-commons/nifi-hashicorp-vault/pom.xml
@@ -65,12 +65,6 @@
             <version>2.0.0-SNAPSHOT</version>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.apache.nifi</groupId>
-            <artifactId>nifi-security-utils</artifactId>
-            <version>2.0.0-SNAPSHOT</version>
-            <scope>test</scope>
-        </dependency>
     </dependencies>
 </project>
 
diff --git a/.../java/org/apache/nifi/vault/hashicorp/TestStandardHashiCorpVaultCommunicationService.java b/.../java/org/apache/nifi/vault/hashicorp/TestStandardHashiCorpVaultCommunicationService.java
@@ -16,10 +16,7 @@
  */
 package org.apache.nifi.vault.hashicorp;
 
-import org.apache.nifi.security.util.TemporaryKeyStoreBuilder;
-import org.apache.nifi.security.util.TlsConfiguration;
 import org.apache.nifi.vault.hashicorp.config.HashiCorpVaultProperties;
-import org.apache.nifi.vault.hashicorp.config.HashiCorpVaultSslProperties;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -28,30 +25,24 @@
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
-import java.util.Arrays;
 import java.util.Optional;
-import java.util.stream.Collectors;
 
 import static org.mockito.Mockito.when;
 
 public class TestStandardHashiCorpVaultCommunicationService {
     public static final String URI_VALUE = "http://127.0.0.1:8200";
-    public static final String CIPHER_SUITE_VALUE = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
 
     private HashiCorpVaultProperties properties;
-    private HashiCorpVaultSslProperties sslProperties;
     private File authProps;
 
     @BeforeEach
     public void init() throws IOException {
         authProps = TestHashiCorpVaultConfiguration.writeBasicVaultAuthProperties();
 
         properties = Mockito.mock(HashiCorpVaultProperties.class);
-        sslProperties = Mockito.mock(HashiCorpVaultSslProperties.class);
 
         when(properties.getUri()).thenReturn(URI_VALUE);
         when(properties.getAuthPropertiesFilename()).thenReturn(authProps.getAbsolutePath());
-        when(properties.getSsl()).thenReturn(sslProperties);
         when(properties.getKvVersion()).thenReturn(1);
     }
 
@@ -73,18 +64,6 @@ public void testBasicConfiguration() {
 
         // Once to check if the property is set, and once to retrieve the value
         Mockito.verify(properties, Mockito.times(2)).getAuthPropertiesFilename();
-
-        // These should not be called because TLS is not configured
-        this.ensureTlsPropertiesAccessed(0);
-    }
-
-    private void ensureTlsPropertiesAccessed(int numberOfTimes) {
-        Mockito.verify(sslProperties, Mockito.times(numberOfTimes)).getKeyStore();
-        Mockito.verify(sslProperties, Mockito.times(numberOfTimes)).getKeyStoreType();
-        Mockito.verify(sslProperties, Mockito.times(numberOfTimes)).getKeyStorePassword();
-        Mockito.verify(sslProperties, Mockito.times(numberOfTimes)).getTrustStore();
-        Mockito.verify(sslProperties, Mockito.times(numberOfTimes)).getTrustStoreType();
-        Mockito.verify(sslProperties, Mockito.times(numberOfTimes)).getTrustStorePassword();
     }
 
     @Test
@@ -93,26 +72,4 @@ public void testTimeouts() {
         when(properties.getReadTimeout()).thenReturn(Optional.of("40 secs"));
         this.configureService();
     }
-
-    @Test
-    public void testTLS() {
-        TlsConfiguration tlsConfiguration = new TemporaryKeyStoreBuilder().build();
-
-        when(sslProperties.getKeyStore()).thenReturn(tlsConfiguration.getKeystorePath());
-        when(sslProperties.getKeyStorePassword()).thenReturn(tlsConfiguration.getKeystorePassword());
-        when(sslProperties.getKeyStoreType()).thenReturn(tlsConfiguration.getKeystoreType().getType());
-        when(sslProperties.getTrustStore()).thenReturn(tlsConfiguration.getTruststorePath());
-        when(sslProperties.getTrustStorePassword()).thenReturn(tlsConfiguration.getTruststorePassword());
-        when(sslProperties.getTrustStoreType()).thenReturn(tlsConfiguration.getTruststoreType().getType());
-        when(sslProperties.getEnabledProtocols()).thenReturn(Arrays.stream(tlsConfiguration.getEnabledProtocols())
-                .collect(Collectors.joining(",")));
-        when(sslProperties.getEnabledCipherSuites()).thenReturn(CIPHER_SUITE_VALUE);
-
-        when(properties.getUri()).thenReturn(URI_VALUE.replace("http", "https"));
-        this.configureService();
-
-        this.ensureTlsPropertiesAccessed(2);
-        Mockito.verify(sslProperties, Mockito.times(1)).getEnabledProtocols();
-        Mockito.verify(sslProperties, Mockito.times(1)).getEnabledCipherSuites();
-    }
 }