Example 56 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class ListenLumberjack method customValidate.
@Override
protected Collection<ValidationResult> customValidate(final ValidationContext validationContext) {
final List<ValidationResult> results = new ArrayList<>();
final SSLContextService sslContextService = validationContext.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null && sslContextService.isTrustStoreConfigured() == false) {
results.add(new ValidationResult.Builder().explanation("The context service must have a truststore configured for the lumberjack forwarder client to work correctly").valid(false).subject(SSL_CONTEXT_SERVICE.getName()).build());
}
return results;
}
Also used :
SSLContextService(org.apache.nifi.ssl.SSLContextService)
RestrictedSSLContextService(org.apache.nifi.ssl.RestrictedSSLContextService)
ArrayList(java.util.ArrayList)
ValidationResult(org.apache.nifi.components.ValidationResult)
Example 57 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class KafkaProcessorUtils method buildCommonKafkaProperties.
static void buildCommonKafkaProperties(final ProcessContext context, final Class<?> kafkaConfigClass, final Map<String, Object> mapToPopulate) {
for (PropertyDescriptor propertyDescriptor : context.getProperties().keySet()) {
if (propertyDescriptor.equals(SSL_CONTEXT_SERVICE)) {
// Translate SSLContext Service configuration into Kafka properties
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null && sslContextService.isKeyStoreConfigured()) {
mapToPopulate.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, sslContextService.getKeyStoreFile());
mapToPopulate.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, sslContextService.getKeyStorePassword());
final String keyPass = sslContextService.getKeyPassword() == null ? sslContextService.getKeyStorePassword() : sslContextService.getKeyPassword();
mapToPopulate.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, keyPass);
mapToPopulate.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, sslContextService.getKeyStoreType());
}
if (sslContextService != null && sslContextService.isTrustStoreConfigured()) {
mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, sslContextService.getTrustStoreFile());
mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, sslContextService.getTrustStorePassword());
mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, sslContextService.getTrustStoreType());
}
}
String propertyName = propertyDescriptor.getName();
String propertyValue = propertyDescriptor.isExpressionLanguageSupported() ? context.getProperty(propertyDescriptor).evaluateAttributeExpressions().getValue() : context.getProperty(propertyDescriptor).getValue();
if (propertyValue != null && !propertyName.equals(USER_PRINCIPAL.getName()) && !propertyName.equals(USER_KEYTAB.getName())) {
// or the standard NiFi time period such as "5 secs"
if (propertyName.endsWith(".ms") && !StringUtils.isNumeric(propertyValue.trim())) {
// kafka standard time notation
propertyValue = String.valueOf(FormatUtils.getTimeDuration(propertyValue.trim(), TimeUnit.MILLISECONDS));
}
if (isStaticStringFieldNamePresent(propertyName, kafkaConfigClass, CommonClientConfigs.class, SslConfigs.class, SaslConfigs.class)) {
mapToPopulate.put(propertyName, propertyValue);
}
}
}
String securityProtocol = context.getProperty(SECURITY_PROTOCOL).getValue();
if (SEC_SASL_PLAINTEXT.getValue().equals(securityProtocol) || SEC_SASL_SSL.getValue().equals(securityProtocol)) {
setJaasConfig(mapToPopulate, context);
}
}
Also used :
PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
Example 58 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class AbstractMongoProcessor method createClient.
@OnScheduled
public final void createClient(ProcessContext context) throws IOException {
if (mongoClient != null) {
closeClient();
}
getLogger().info("Creating MongoClient");
// Set up the client for secure (SSL/TLS communications) if configured to do so
final SSLContextService sslService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
final String rawClientAuth = context.getProperty(CLIENT_AUTH).getValue();
final SSLContext sslContext;
if (sslService != null) {
final SSLContextService.ClientAuth clientAuth;
if (StringUtils.isBlank(rawClientAuth)) {
clientAuth = SSLContextService.ClientAuth.REQUIRED;
} else {
try {
clientAuth = SSLContextService.ClientAuth.valueOf(rawClientAuth);
} catch (final IllegalArgumentException iae) {
throw new ProviderCreationException(String.format("Unrecognized client auth '%s'. Possible values are [%s]", rawClientAuth, StringUtils.join(SslContextFactory.ClientAuth.values(), ", ")));
}
}
sslContext = sslService.createSSLContext(clientAuth);
} else {
sslContext = null;
}
try {
if (sslContext == null) {
mongoClient = new MongoClient(new MongoClientURI(getURI(context)));
} else {
mongoClient = new MongoClient(new MongoClientURI(getURI(context), getClientOptions(sslContext)));
}
} catch (Exception e) {
getLogger().error("Failed to schedule {} due to {}", new Object[] { this.getClass().getName(), e }, e);
throw e;
}
}
Also used :
MongoClient(com.mongodb.MongoClient)
ProviderCreationException(org.apache.nifi.authentication.exception.ProviderCreationException)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
MongoClientURI(com.mongodb.MongoClientURI)
SSLContext(javax.net.ssl.SSLContext)
ProviderCreationException(org.apache.nifi.authentication.exception.ProviderCreationException)
IOException(java.io.IOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
OnScheduled(org.apache.nifi.annotation.lifecycle.OnScheduled)
Example 59 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class AbstractMongoProcessorTest method testcreateClientWithSSLBadClientAuth.
@Test(expected = ProviderCreationException.class)
public void testcreateClientWithSSLBadClientAuth() throws Exception {
SSLContextService sslService = mock(SSLContextService.class);
SSLContext sslContext = mock(SSLContext.class);
when(sslService.getIdentifier()).thenReturn("ssl-context");
when(sslService.createSSLContext(any(ClientAuth.class))).thenReturn(sslContext);
testRunner.addControllerService("ssl-context", sslService);
testRunner.enableControllerService(sslService);
testRunner.setProperty(AbstractMongoProcessor.URI, "mongodb://localhost:27017");
testRunner.setProperty(AbstractMongoProcessor.SSL_CONTEXT_SERVICE, "ssl-context");
testRunner.assertValid(sslService);
processor.createClient(testRunner.getProcessContext());
assertNotNull(processor.mongoClient);
processor.mongoClient = null;
testRunner.setProperty(AbstractMongoProcessor.CLIENT_AUTH, "BAD");
processor.createClient(testRunner.getProcessContext());
}
Also used :
SSLContextService(org.apache.nifi.ssl.SSLContextService)
SSLContext(javax.net.ssl.SSLContext)
ClientAuth(org.apache.nifi.ssl.SSLContextService.ClientAuth)
Test(org.junit.Test)
Example 60 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class PutTCP method createSender.
/**
* Creates a concrete instance of a ChannelSender object to use for sending messages over a TCP stream.
*
* @param context
* - the current process context.
*
* @return ChannelSender object.
*/
@Override
protected ChannelSender createSender(final ProcessContext context) throws IOException {
final String protocol = TCP_VALUE.getValue();
final String hostname = context.getProperty(HOSTNAME).evaluateAttributeExpressions().getValue();
final int port = context.getProperty(PORT).evaluateAttributeExpressions().asInteger();
final int timeout = context.getProperty(TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue();
final int bufferSize = context.getProperty(MAX_SOCKET_SEND_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
final SSLContextService sslContextService = (SSLContextService) context.getProperty(SSL_CONTEXT_SERVICE).asControllerService();
SSLContext sslContext = null;
if (sslContextService != null) {
sslContext = sslContextService.createSSLContext(SSLContextService.ClientAuth.REQUIRED);
}
return createSender(protocol, hostname, port, timeout, bufferSize, sslContext);
}
Also used :
SSLContextService(org.apache.nifi.ssl.SSLContextService)
SSLContext(javax.net.ssl.SSLContext)
Aggregations
SSLContextService (org.apache.nifi.ssl.SSLContextService)84
SSLContext (javax.net.ssl.SSLContext)29
Test (org.junit.Test)23
StandardSSLContextService (org.apache.nifi.ssl.StandardSSLContextService)22
RestrictedSSLContextService (org.apache.nifi.ssl.RestrictedSSLContextService)18
ArrayList (java.util.ArrayList)12
StandardRestrictedSSLContextService (org.apache.nifi.ssl.StandardRestrictedSSLContextService)12
IOException (java.io.IOException)11
ValidationResult (org.apache.nifi.components.ValidationResult)10
ComponentLog (org.apache.nifi.logging.ComponentLog)9
OnScheduled (org.apache.nifi.annotation.lifecycle.OnScheduled)7
InetSocketAddress (java.net.InetSocketAddress)6
ProcessException (org.apache.nifi.processor.exception.ProcessException)6
Charset (java.nio.charset.Charset)5
InitializationException (org.apache.nifi.reporting.InitializationException)5
MalformedURLException (java.net.MalformedURLException)4
URI (java.net.URI)4
ByteBuffer (java.nio.ByteBuffer)4
ProviderCreationException (org.apache.nifi.authentication.exception.ProviderCreationException)4
PropertyDescriptor (org.apache.nifi.components.PropertyDescriptor)4
