Examples with SSLContextService org.apache.nifi.ssl.SSLContextService used on opensource projects

Example 1 with SSLContextService

use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.

the class AbstractCassandraProcessorTest method testConnectToCassandraWithSSLBadClientAuth.

@Test(expected = ProviderCreationException.class)
public void testConnectToCassandraWithSSLBadClientAuth() throws Exception {
    SSLContextService sslService = mock(SSLContextService.class);
    when(sslService.getIdentifier()).thenReturn("ssl-context");
    testRunner.addControllerService("ssl-context", sslService);
    testRunner.enableControllerService(sslService);
    testRunner.setProperty(AbstractCassandraProcessor.PROP_SSL_CONTEXT_SERVICE, "ssl-context");
    testRunner.setProperty(AbstractCassandraProcessor.CONSISTENCY_LEVEL, "ONE");
    testRunner.assertValid(sslService);
    processor.connectToCassandra(testRunner.getProcessContext());
    assertNotNull(processor.getCluster());
    processor.setCluster(null);
    // Try with a ClientAuth value
    testRunner.setProperty(AbstractCassandraProcessor.CLIENT_AUTH, "BAD");
    processor.connectToCassandra(testRunner.getProcessContext());
}

Example 2 with SSLContextService

use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.

the class AbstractCassandraProcessorTest method testConnectToCassandraWithSSL.

@Test
public void testConnectToCassandraWithSSL() throws Exception {
    SSLContextService sslService = mock(SSLContextService.class);
    when(sslService.getIdentifier()).thenReturn("ssl-context");
    testRunner.addControllerService("ssl-context", sslService);
    testRunner.enableControllerService(sslService);
    testRunner.setProperty(AbstractCassandraProcessor.PROP_SSL_CONTEXT_SERVICE, "ssl-context");
    testRunner.setProperty(AbstractCassandraProcessor.CONSISTENCY_LEVEL, "ONE");
    testRunner.assertValid(sslService);
    processor.connectToCassandra(testRunner.getProcessContext());
    assertNotNull(processor.getCluster());
    processor.setCluster(null);
    // Try with a ClientAuth value
    testRunner.setProperty(AbstractCassandraProcessor.CLIENT_AUTH, "WANT");
    processor.connectToCassandra(testRunner.getProcessContext());
    assertNotNull(processor.getCluster());
}

Example 3 with SSLContextService

use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.

the class ConfluentSchemaRegistry method onEnabled.

@OnEnabled
public void onEnabled(final ConfigurationContext context) {
    final List<String> baseUrls = getBaseURLs(context);
    final int timeoutMillis = context.getProperty(TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue();
    final SSLContext sslContext;
    final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT).asControllerService(SSLContextService.class);
    if (sslContextService == null) {
        sslContext = null;
    } else {
        sslContext = sslContextService.createSSLContext(ClientAuth.REQUIRED);
    }
    final SchemaRegistryClient restClient = new RestSchemaRegistryClient(baseUrls, timeoutMillis, sslContext, getLogger());
    final int cacheSize = context.getProperty(CACHE_SIZE).asInteger();
    final long cacheExpiration = context.getProperty(CACHE_EXPIRATION).asTimePeriod(TimeUnit.NANOSECONDS).longValue();
    client = new CachingSchemaRegistryClient(restClient, cacheSize, cacheExpiration);
}

Example 4 with SSLContextService

use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.

the class ListenBeats method customValidate.

@Override
protected Collection<ValidationResult> customValidate(final ValidationContext validationContext) {
    final List<ValidationResult> results = new ArrayList<>();
    final SSLContextService sslContextService = validationContext.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
    if (sslContextService != null && sslContextService.isTrustStoreConfigured() == false) {
        results.add(new ValidationResult.Builder().explanation("The context service must have a truststore  configured for the beats forwarder client to work correctly").valid(false).subject(SSL_CONTEXT_SERVICE.getName()).build());
    }
    return results;
}

Example 5 with SSLContextService

use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.

the class AbstractElasticsearch5TransportClientProcessor method createElasticsearchClient.

/**
 * Instantiate ElasticSearch Client. This should be called by subclasses' @OnScheduled method to create a client
 * if one does not yet exist. If called when scheduled, closeClient() should be called by the subclasses' @OnStopped
 * method so the client will be destroyed when the processor is stopped.
 *
 * @param context The context for this processor
 * @throws ProcessException if an error occurs while creating an Elasticsearch client
 */
@Override
protected void createElasticsearchClient(ProcessContext context) throws ProcessException {
    ComponentLog log = getLogger();
    if (esClient.get() != null) {
        return;
    }
    log.debug("Creating ElasticSearch Client");
    try {
        final String clusterName = context.getProperty(CLUSTER_NAME).evaluateAttributeExpressions().getValue();
        final String pingTimeout = context.getProperty(PING_TIMEOUT).evaluateAttributeExpressions().getValue();
        final String samplerInterval = context.getProperty(SAMPLER_INTERVAL).evaluateAttributeExpressions().getValue();
        final String username = context.getProperty(USERNAME).evaluateAttributeExpressions().getValue();
        final String password = context.getProperty(PASSWORD).getValue();
        final SSLContextService sslService = context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
        Settings.Builder settingsBuilder = Settings.builder().put("cluster.name", clusterName).put("client.transport.ping_timeout", pingTimeout).put("client.transport.nodes_sampler_interval", samplerInterval);
        String xPackUrl = context.getProperty(PROP_XPACK_LOCATION).evaluateAttributeExpressions().getValue();
        if (sslService != null) {
            settingsBuilder.put("xpack.security.transport.ssl.enabled", "true");
            if (!StringUtils.isEmpty(sslService.getKeyStoreFile())) {
                settingsBuilder.put("xpack.ssl.keystore.path", sslService.getKeyStoreFile());
            }
            if (!StringUtils.isEmpty(sslService.getKeyStorePassword())) {
                settingsBuilder.put("xpack.ssl.keystore.password", sslService.getKeyStorePassword());
            }
            if (!StringUtils.isEmpty(sslService.getKeyPassword())) {
                settingsBuilder.put("xpack.ssl.keystore.key_password", sslService.getKeyPassword());
            }
            if (!StringUtils.isEmpty(sslService.getTrustStoreFile())) {
                settingsBuilder.put("xpack.ssl.truststore.path", sslService.getTrustStoreFile());
            }
            if (!StringUtils.isEmpty(sslService.getTrustStorePassword())) {
                settingsBuilder.put("xpack.ssl.truststore.password", sslService.getTrustStorePassword());
            }
        }
        // Set username and password for X-Pack
        if (!StringUtils.isEmpty(username)) {
            StringBuffer secureUser = new StringBuffer(username);
            if (!StringUtils.isEmpty(password)) {
                secureUser.append(":");
                secureUser.append(password);
            }
            settingsBuilder.put("xpack.security.user", secureUser);
        }
        final String hosts = context.getProperty(HOSTS).evaluateAttributeExpressions().getValue();
        esHosts = getEsHosts(hosts);
        Client transportClient = getTransportClient(settingsBuilder, xPackUrl, username, password, esHosts, log);
        esClient.set(transportClient);
    } catch (Exception e) {
        log.error("Failed to create Elasticsearch client due to {}", new Object[] { e }, e);
        throw new ProcessException(e);
    }
}