Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-1753

Legacy X.509 certificate handling code should be upgraded

    XMLWordPrintableJSON

Details

    Description

      There are multiple instances throughout the codebase [1][2] where legacy javax.security.cert.X509Certificate class is used rather than the current (Java SE 6) java.security.cert.X509Certificate. The javax.* classes are provided for legacy compatibility with JSSE [3][4]. This can manifest as an exception:

      java.lang.ClassCastException: [Ljava.security.cert.X509Certificate; cannot be cast to [Ljavax.security.cert.X509Certificate

      The CertificateFactory class allows conversion to the new format.

      [1] https://git1-us-west.apache.org/repos/asf?p=nifi.git;a=blob;f=nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java;hb=ffbfffce
      [2 ]https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/HandleHttpRequest.java#L40
      [3] http://stackoverflow.com/a/24600621/70465
      [4] https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSession.html#getPeerCertificates%28%29

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. NIFI-1981 Cluster communication requires client certificates even if needClientAuth set to false

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Activity

            People

              alopresto Andy LoPresto
              alopresto Andy LoPresto
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: