Search in sources :

Example 6 with SecurityProviderCreationException

use of org.apache.nifi.registry.security.exception.SecurityProviderCreationException in project nifi-registry by apache.

the class LdapUserGroupProvider method getConfiguredSslContext.

private SSLContext getConfiguredSslContext(final AuthorizerConfigurationContext configurationContext) {
    final String rawKeystore = configurationContext.getProperty("TLS - Keystore").getValue();
    final String rawKeystorePassword = configurationContext.getProperty("TLS - Keystore Password").getValue();
    final String rawKeystoreType = configurationContext.getProperty("TLS - Keystore Type").getValue();
    final String rawTruststore = configurationContext.getProperty("TLS - Truststore").getValue();
    final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password").getValue();
    final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type").getValue();
    final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth").getValue();
    final String rawProtocol = configurationContext.getProperty("TLS - Protocol").getValue();
    // create the ssl context
    final SSLContext sslContext;
    try {
        if (StringUtils.isBlank(rawKeystore) && StringUtils.isBlank(rawTruststore)) {
            sslContext = null;
        } else {
            // ensure the protocol is specified
            if (StringUtils.isBlank(rawProtocol)) {
                throw new SecurityProviderCreationException("TLS - Protocol must be specified.");
            }
            if (StringUtils.isBlank(rawKeystore)) {
                sslContext = SslContextFactory.createTrustSslContext(rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, rawProtocol);
            } else if (StringUtils.isBlank(rawTruststore)) {
                sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, rawProtocol);
            } else {
                // determine the client auth if specified
                final ClientAuth clientAuth;
                if (StringUtils.isBlank(rawClientAuth)) {
                    clientAuth = ClientAuth.NONE;
                } else {
                    try {
                        clientAuth = ClientAuth.valueOf(rawClientAuth);
                    } catch (final IllegalArgumentException iae) {
                        throw new SecurityProviderCreationException(String.format("Unrecognized client auth '%s'. Possible values are [%s]", rawClientAuth, StringUtils.join(ClientAuth.values(), ", ")));
                    }
                }
                sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, clientAuth, rawProtocol);
            }
        }
    } catch (final KeyStoreException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException | KeyManagementException | IOException e) {
        throw new SecurityProviderCreationException(e.getMessage(), e);
    }
    return sslContext;
}
Also used : SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) CertificateException(java.security.cert.CertificateException) SSLContext(javax.net.ssl.SSLContext) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) ClientAuth(org.apache.nifi.registry.security.util.SslContextFactory.ClientAuth) KeyManagementException(java.security.KeyManagementException)

Example 7 with SecurityProviderCreationException

use of org.apache.nifi.registry.security.exception.SecurityProviderCreationException in project nifi-registry by apache.

the class LdapUserGroupProvider method setTimeout.

private void setTimeout(final AuthorizerConfigurationContext configurationContext, final Map<String, Object> baseEnvironment, final String configurationProperty, final String environmentKey) {
    final PropertyValue rawTimeout = configurationContext.getProperty(configurationProperty);
    if (rawTimeout.isSet()) {
        try {
            final Long timeout = FormatUtils.getTimeDuration(rawTimeout.getValue(), TimeUnit.MILLISECONDS);
            baseEnvironment.put(environmentKey, timeout.toString());
        } catch (final IllegalArgumentException iae) {
            throw new SecurityProviderCreationException(String.format("The %s '%s' is not a valid time duration", configurationProperty, rawTimeout));
        }
    }
}
Also used : SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException) PropertyValue(org.apache.nifi.registry.util.PropertyValue)

Example 8 with SecurityProviderCreationException

use of org.apache.nifi.registry.security.exception.SecurityProviderCreationException in project nifi-registry by apache.

the class FileUserGroupProvider method onConfigured.

@Override
public void onConfigured(AuthorizerConfigurationContext configurationContext) throws SecurityProviderCreationException {
    try {
        final PropertyValue tenantsPath = configurationContext.getProperty(PROP_TENANTS_FILE);
        if (StringUtils.isBlank(tenantsPath.getValue())) {
            throw new SecurityProviderCreationException("The users file must be specified.");
        }
        // get the tenants file and ensure it exists
        tenantsFile = new File(tenantsPath.getValue());
        if (!tenantsFile.exists()) {
            logger.info("Creating new users file at {}", new Object[] { tenantsFile.getAbsolutePath() });
            saveTenants(new Tenants());
        }
        final File tenantsFileDirectory = tenantsFile.getAbsoluteFile().getParentFile();
        // extract the identity mappings from nifi-registry.properties if any are provided
        identityMappings = Collections.unmodifiableList(IdentityMappingUtil.getIdentityMappings(properties));
        // extract any nifi identities
        initialUserIdentities = new HashSet<>();
        for (Map.Entry<String, String> entry : configurationContext.getProperties().entrySet()) {
            Matcher matcher = INITIAL_USER_IDENTITY_PATTERN.matcher(entry.getKey());
            if (matcher.matches() && !StringUtils.isBlank(entry.getValue())) {
                initialUserIdentities.add(IdentityMappingUtil.mapIdentity(entry.getValue(), identityMappings));
            }
        }
        load();
        // if we've copied the authorizations file to a restore directory synchronize it
        if (restoreTenantsFile != null) {
            FileUtils.copyFile(tenantsFile, restoreTenantsFile, false, false, logger);
        }
        logger.info(String.format("Users/Groups file loaded at %s", new Date().toString()));
    } catch (IOException | SecurityProviderCreationException | JAXBException | IllegalStateException | SAXException e) {
        throw new SecurityProviderCreationException(e);
    }
}
Also used : SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException) Matcher(java.util.regex.Matcher) JAXBException(javax.xml.bind.JAXBException) PropertyValue(org.apache.nifi.registry.util.PropertyValue) Tenants(org.apache.nifi.registry.security.authorization.file.tenants.generated.Tenants) IOException(java.io.IOException) Date(java.util.Date) SAXException(org.xml.sax.SAXException) File(java.io.File) Map(java.util.Map)

Example 9 with SecurityProviderCreationException

use of org.apache.nifi.registry.security.exception.SecurityProviderCreationException in project nifi-registry by apache.

the class FileUserGroupProvider method initialize.

@Override
public void initialize(UserGroupProviderInitializationContext initializationContext) throws SecurityProviderCreationException {
    try {
        final SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
        tenantsSchema = schemaFactory.newSchema(FileAuthorizer.class.getResource(TENANTS_XSD));
    // usersSchema = schemaFactory.newSchema(FileAuthorizer.class.getResource(USERS_XSD));
    } catch (Exception e) {
        throw new SecurityProviderCreationException(e);
    }
}
Also used : SchemaFactory(javax.xml.validation.SchemaFactory) SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException) XMLStreamException(javax.xml.stream.XMLStreamException) UninheritableAuthorizationsException(org.apache.nifi.registry.security.authorization.exception.UninheritableAuthorizationsException) JAXBException(javax.xml.bind.JAXBException) SAXException(org.xml.sax.SAXException) SecurityProviderDestructionException(org.apache.nifi.registry.security.exception.SecurityProviderDestructionException) AuthorizationAccessException(org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException) SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException) IOException(java.io.IOException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)

Example 10 with SecurityProviderCreationException

use of org.apache.nifi.registry.security.exception.SecurityProviderCreationException in project nifi-registry by apache.

the class KerberosIdentityProvider method onConfigured.

@Override
public void onConfigured(IdentityProviderConfigurationContext configurationContext) throws SecurityProviderCreationException {
    String rawDebug = configurationContext.getProperty("Enable Debug");
    boolean enableDebug = (rawDebug != null && rawDebug.equalsIgnoreCase("true"));
    String rawExpiration = configurationContext.getProperty("Authentication Expiration");
    if (StringUtils.isBlank(rawExpiration)) {
        rawExpiration = default_expiration;
        logger.info("No Authentication Expiration specified, defaulting to " + default_expiration);
    }
    try {
        expiration = FormatUtils.getTimeDuration(rawExpiration, TimeUnit.MILLISECONDS);
    } catch (final IllegalArgumentException iae) {
        throw new SecurityProviderCreationException(String.format("The Expiration Duration '%s' is not a valid time duration", rawExpiration));
    }
    provider = new KerberosAuthenticationProvider();
    SunJaasKerberosClient client = new SunJaasKerberosClient();
    client.setDebug(enableDebug);
    provider.setKerberosClient(client);
    provider.setUserDetailsService(new KerberosUserDetailsService());
}
Also used : SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException) KerberosAuthenticationProvider(org.springframework.security.kerberos.authentication.KerberosAuthenticationProvider) SunJaasKerberosClient(org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient)

Aggregations

SecurityProviderCreationException (org.apache.nifi.registry.security.exception.SecurityProviderCreationException)14 IOException (java.io.IOException)7 PropertyValue (org.apache.nifi.registry.util.PropertyValue)6 KeyManagementException (java.security.KeyManagementException)4 KeyStoreException (java.security.KeyStoreException)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 UnrecoverableKeyException (java.security.UnrecoverableKeyException)4 CertificateException (java.security.cert.CertificateException)4 Map (java.util.Map)4 Matcher (java.util.regex.Matcher)4 SSLContext (javax.net.ssl.SSLContext)4 JAXBException (javax.xml.bind.JAXBException)4 SecurityProviderDestructionException (org.apache.nifi.registry.security.exception.SecurityProviderDestructionException)4 SAXException (org.xml.sax.SAXException)4 AuthorizationAccessException (org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException)3 File (java.io.File)2 Date (java.util.Date)2 HashMap (java.util.HashMap)2 ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)2 XMLStreamException (javax.xml.stream.XMLStreamException)2