nifi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joseph Witt (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (NIFI-1753) Legacy X.509 certificate handling code should be upgraded
Date Thu, 14 Apr 2016 00:59:25 GMT

    [ https://issues.apache.org/jira/browse/NIFI-1753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15240342#comment-15240342
] 

Joseph Witt commented on NIFI-1753:
-----------------------------------

built locally, reviewed code, all checks out.  +1

Looks like a nice surgical effort.

> Legacy X.509 certificate handling code should be upgraded
> ---------------------------------------------------------
>
>                 Key: NIFI-1753
>                 URL: https://issues.apache.org/jira/browse/NIFI-1753
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 0.6.1
>            Reporter: Andy LoPresto
>            Assignee: Andy LoPresto
>             Fix For: 1.0.0, 0.7.0
>
>
> There are multiple instances throughout the codebase [1][2] where legacy {{javax.security.cert.X509Certificate}}
class is used rather than the current (Java SE 6) {{java.security.cert.X509Certificate}}.
The {{javax.*}} classes are provided for legacy compatibility with JSSE [3][4]. This can manifest
as an exception:
> {{java.lang.ClassCastException: [Ljava.security.cert.X509Certificate; cannot be cast
to [Ljavax.security.cert.X509Certificate}}
> The {{CertificateFactory}} class allows conversion to the new format. 
> [1] https://git1-us-west.apache.org/repos/asf?p=nifi.git;a=blob;f=nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java;hb=ffbfffce
> [2 ]https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/HandleHttpRequest.java#L40
> [3] http://stackoverflow.com/a/24600621/70465
> [4] https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSession.html#getPeerCertificates%28%29



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message