Example 81 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class DistributedMapCacheServer method createCacheServer.
@Override
protected CacheServer createCacheServer(final ConfigurationContext context) {
final int port = context.getProperty(PORT).asInteger();
final String persistencePath = context.getProperty(PERSISTENCE_PATH).getValue();
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
final int maxSize = context.getProperty(MAX_CACHE_ENTRIES).asInteger();
final String evictionPolicyName = context.getProperty(EVICTION_POLICY).getValue();
final SSLContext sslContext;
if (sslContextService == null) {
sslContext = null;
} else {
sslContext = sslContextService.createSSLContext(ClientAuth.REQUIRED);
}
final EvictionPolicy evictionPolicy;
switch(evictionPolicyName) {
case EVICTION_STRATEGY_FIFO:
evictionPolicy = EvictionPolicy.FIFO;
break;
case EVICTION_STRATEGY_LFU:
evictionPolicy = EvictionPolicy.LFU;
break;
case EVICTION_STRATEGY_LRU:
evictionPolicy = EvictionPolicy.LRU;
break;
default:
throw new IllegalArgumentException("Illegal Eviction Policy: " + evictionPolicyName);
}
try {
final File persistenceDir = persistencePath == null ? null : new File(persistencePath);
return createMapCacheServer(port, maxSize, sslContext, evictionPolicy, persistenceDir);
} catch (final Exception e) {
throw new RuntimeException(e);
}
}
Also used :
EvictionPolicy(org.apache.nifi.distributed.cache.server.EvictionPolicy)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
SSLContext(javax.net.ssl.SSLContext)
File(java.io.File)
IOException(java.io.IOException)
Example 82 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class JettyWebSocketServer method createSslFactory.
private SslContextFactory createSslFactory(final ConfigurationContext context) {
final SSLContextService sslService = context.getProperty(SSL_CONTEXT).asControllerService(SSLContextService.class);
final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
final boolean need;
final boolean want;
if (CLIENT_NEED.equals(clientAuthValue)) {
need = true;
want = false;
} else if (CLIENT_WANT.equals(clientAuthValue)) {
need = false;
want = true;
} else {
need = false;
want = false;
}
final SslContextFactory sslFactory = (sslService == null) ? null : createSslFactory(sslService, need, want);
return sslFactory;
}
Also used :
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
Example 83 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class ListenGRPC method startServer.
@OnScheduled
public void startServer(final ProcessContext context) throws NoSuchAlgorithmException, IOException, KeyStoreException, CertificateException, UnrecoverableKeyException {
final ComponentLog logger = getLogger();
// gather configured properties
final Integer port = context.getProperty(PROP_SERVICE_PORT).asInteger();
final Boolean useSecure = context.getProperty(PROP_USE_SECURE).asBoolean();
final Integer flowControlWindow = context.getProperty(PROP_FLOW_CONTROL_WINDOW).asDataSize(DataUnit.B).intValue();
final Integer maxMessageSize = context.getProperty(PROP_MAX_MESSAGE_SIZE).asDataSize(DataUnit.B).intValue();
final SSLContextService sslContextService = context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
final SSLContext sslContext = sslContextService == null ? null : sslContextService.createSSLContext(SSLContextService.ClientAuth.NONE);
final Pattern authorizedDnPattern = Pattern.compile(context.getProperty(PROP_AUTHORIZED_DN_PATTERN).getValue());
final FlowFileIngestServiceInterceptor callInterceptor = new FlowFileIngestServiceInterceptor(getLogger());
callInterceptor.enforceDNPattern(authorizedDnPattern);
final FlowFileIngestService flowFileIngestService = new FlowFileIngestService(getLogger(), sessionFactoryReference, context);
NettyServerBuilder serverBuilder = NettyServerBuilder.forPort(port).addService(ServerInterceptors.intercept(flowFileIngestService, callInterceptor)).compressorRegistry(CompressorRegistry.getDefaultInstance()).decompressorRegistry(DecompressorRegistry.getDefaultInstance()).flowControlWindow(flowControlWindow).maxMessageSize(maxMessageSize);
if (useSecure && sslContext != null) {
// construct key manager
if (StringUtils.isBlank(sslContextService.getKeyStoreFile())) {
throw new IllegalStateException("SSL is enabled, but no keystore has been configured. You must configure a keystore.");
}
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm(), sslContext.getProvider());
final KeyStore keyStore = KeyStore.getInstance(sslContextService.getKeyStoreType());
try (final InputStream is = new FileInputStream(sslContextService.getKeyStoreFile())) {
keyStore.load(is, sslContextService.getKeyStorePassword().toCharArray());
}
keyManagerFactory.init(keyStore, sslContextService.getKeyStorePassword().toCharArray());
SslContextBuilder sslContextBuilder = SslContextBuilder.forServer(keyManagerFactory);
// if the trust store is configured, then client auth is required.
if (StringUtils.isNotBlank(sslContextService.getTrustStoreFile())) {
final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm(), sslContext.getProvider());
final KeyStore trustStore = KeyStore.getInstance(sslContextService.getTrustStoreType());
try (final InputStream is = new FileInputStream(sslContextService.getTrustStoreFile())) {
trustStore.load(is, sslContextService.getTrustStorePassword().toCharArray());
}
trustManagerFactory.init(trustStore);
sslContextBuilder = sslContextBuilder.trustManager(trustManagerFactory);
sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.REQUIRE);
} else {
sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.NONE);
}
sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder);
serverBuilder = serverBuilder.sslContext(sslContextBuilder.build());
}
logger.info("Starting gRPC server on port: {}", new Object[] { port.toString() });
this.server = serverBuilder.build().start();
}
Also used :
Pattern(java.util.regex.Pattern)
NettyServerBuilder(io.grpc.netty.NettyServerBuilder)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
SSLContext(javax.net.ssl.SSLContext)
ComponentLog(org.apache.nifi.logging.ComponentLog)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
SslContextBuilder(io.netty.handler.ssl.SslContextBuilder)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
RestrictedSSLContextService(org.apache.nifi.ssl.RestrictedSSLContextService)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
OnScheduled(org.apache.nifi.annotation.lifecycle.OnScheduled)
Example 84 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class InvokeGRPC method initializeClient.
/**
* Whenever this processor is triggered, we need to construct a client in order to communicate
* with the configured gRPC service.
*
* @param context the processor context
*/
@OnScheduled
public void initializeClient(final ProcessContext context) throws Exception {
channelReference.set(null);
blockingStubReference.set(null);
final ComponentLog logger = getLogger();
final String host = context.getProperty(PROP_SERVICE_HOST).getValue();
final int port = context.getProperty(PROP_SERVICE_PORT).asInteger();
final Integer maxMessageSize = context.getProperty(PROP_MAX_MESSAGE_SIZE).asDataSize(DataUnit.B).intValue();
String userAgent = USER_AGENT_PREFIX;
try {
userAgent += "_" + InetAddress.getLocalHost().getHostName();
} catch (final UnknownHostException e) {
logger.warn("Unable to determine local hostname. Defaulting gRPC user agent to {}.", new Object[] { USER_AGENT_PREFIX }, e);
}
final NettyChannelBuilder nettyChannelBuilder = NettyChannelBuilder.forAddress(host, port).compressorRegistry(CompressorRegistry.getDefaultInstance()).decompressorRegistry(DecompressorRegistry.getDefaultInstance()).maxInboundMessageSize(maxMessageSize).userAgent(userAgent);
// configure whether or not we're using secure comms
final boolean useSecure = context.getProperty(PROP_USE_SECURE).asBoolean();
final SSLContextService sslContextService = context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
final SSLContext sslContext = sslContextService == null ? null : sslContextService.createSSLContext(SSLContextService.ClientAuth.NONE);
if (useSecure && sslContext != null) {
SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient();
if (StringUtils.isNotBlank(sslContextService.getKeyStoreFile())) {
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm(), sslContext.getProvider());
final KeyStore keyStore = KeyStore.getInstance(sslContextService.getKeyStoreType());
try (final InputStream is = new FileInputStream(sslContextService.getKeyStoreFile())) {
keyStore.load(is, sslContextService.getKeyStorePassword().toCharArray());
}
keyManagerFactory.init(keyStore, sslContextService.getKeyStorePassword().toCharArray());
sslContextBuilder.keyManager(keyManagerFactory);
}
if (StringUtils.isNotBlank(sslContextService.getTrustStoreFile())) {
final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm(), sslContext.getProvider());
final KeyStore trustStore = KeyStore.getInstance(sslContextService.getTrustStoreType());
try (final InputStream is = new FileInputStream(sslContextService.getTrustStoreFile())) {
trustStore.load(is, sslContextService.getTrustStorePassword().toCharArray());
}
trustManagerFactory.init(trustStore);
sslContextBuilder.trustManager(trustManagerFactory);
}
nettyChannelBuilder.sslContext(sslContextBuilder.build());
} else {
nettyChannelBuilder.usePlaintext(true);
}
final ManagedChannel channel = nettyChannelBuilder.build();
final FlowFileServiceGrpc.FlowFileServiceBlockingStub blockingStub = FlowFileServiceGrpc.newBlockingStub(channel);
channelReference.set(channel);
blockingStubReference.set(blockingStub);
}
Also used :
UnknownHostException(java.net.UnknownHostException)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
ByteString(com.google.protobuf.ByteString)
SSLContext(javax.net.ssl.SSLContext)
ComponentLog(org.apache.nifi.logging.ComponentLog)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
SslContextBuilder(io.netty.handler.ssl.SslContextBuilder)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
NettyChannelBuilder(io.grpc.netty.NettyChannelBuilder)
ManagedChannel(io.grpc.ManagedChannel)
OnScheduled(org.apache.nifi.annotation.lifecycle.OnScheduled)
Aggregations
SSLContextService (org.apache.nifi.ssl.SSLContextService)84
SSLContext (javax.net.ssl.SSLContext)29
Test (org.junit.Test)23
StandardSSLContextService (org.apache.nifi.ssl.StandardSSLContextService)22
RestrictedSSLContextService (org.apache.nifi.ssl.RestrictedSSLContextService)18
ArrayList (java.util.ArrayList)12
StandardRestrictedSSLContextService (org.apache.nifi.ssl.StandardRestrictedSSLContextService)12
IOException (java.io.IOException)11
ValidationResult (org.apache.nifi.components.ValidationResult)10
ComponentLog (org.apache.nifi.logging.ComponentLog)9
OnScheduled (org.apache.nifi.annotation.lifecycle.OnScheduled)7
InetSocketAddress (java.net.InetSocketAddress)6
ProcessException (org.apache.nifi.processor.exception.ProcessException)6
Charset (java.nio.charset.Charset)5
InitializationException (org.apache.nifi.reporting.InitializationException)5
MalformedURLException (java.net.MalformedURLException)4
URI (java.net.URI)4
ByteBuffer (java.nio.ByteBuffer)4
ProviderCreationException (org.apache.nifi.authentication.exception.ProviderCreationException)4
PropertyDescriptor (org.apache.nifi.components.PropertyDescriptor)4
