Example 31 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class JMSConnectionFactoryProvider method setConnectionFactoryProperties.
/**
* This operation follows standard bean convention by matching property name
* to its corresponding 'setter' method. Once the method was located it is
* invoked to set the corresponding property to a value provided by during
* service configuration. For example, 'channel' property will correspond to
* 'setChannel(..) method and 'queueManager' property will correspond to
* setQueueManager(..) method with a single argument.
* <p>
* There are also few adjustments to accommodate well known brokers. For
* example ActiveMQ ConnectionFactory accepts address of the Message Broker
* in a form of URL while IBMs in the form of host/port pair (more common).
* So this method will use value retrieved from the 'BROKER_URI' static
* property 'as is' if ConnectionFactory implementation is coming from
* ActiveMQ and for all others (for now) the 'BROKER_URI' value will be
* split on ':' and the resulting pair will be used to execute
* setHostName(..) and setPort(..) methods on the provided
* ConnectionFactory. This may need to be maintained and adjusted to
* accommodate other implementation of ConnectionFactory, but only for
* URL/Host/Port issue. All other properties are set as dynamic properties
* where user essentially provides both property name and value, The bean
* convention is also explained in user manual for this component with links
* pointing to documentation of various ConnectionFactories.
*
* @see #setProperty(String, String) method
*/
private void setConnectionFactoryProperties(ConfigurationContext context) {
for (final Entry<PropertyDescriptor, String> entry : context.getProperties().entrySet()) {
PropertyDescriptor descriptor = entry.getKey();
String propertyName = descriptor.getName();
if (descriptor.isDynamic()) {
this.setProperty(propertyName, entry.getValue());
} else {
if (propertyName.equals(BROKER)) {
String brokerValue = context.getProperty(descriptor).evaluateAttributeExpressions().getValue();
if (context.getProperty(CONNECTION_FACTORY_IMPL).evaluateAttributeExpressions().getValue().startsWith("org.apache.activemq")) {
this.setProperty("brokerURL", brokerValue);
} else {
String[] hostPort = brokerValue.split(":");
if (hostPort.length == 2) {
this.setProperty("hostName", hostPort[0]);
this.setProperty("port", hostPort[1]);
} else if (hostPort.length != 2) {
// for tibco
this.setProperty("serverUrl", brokerValue);
} else {
throw new IllegalArgumentException("Failed to parse broker url: " + brokerValue);
}
}
SSLContextService sc = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sc != null) {
SSLContext ssl = sc.createSSLContext(ClientAuth.NONE);
this.setProperty("sSLSocketFactory", ssl.getSocketFactory());
}
}
// ignore 'else', since it's the only non-dynamic property that is relevant to CF configuration
}
}
}
Also used :
PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
SSLContext(javax.net.ssl.SSLContext)
Example 32 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class ElasticSearchClientServiceImpl method setupClient.
private void setupClient(ConfigurationContext context) throws MalformedURLException, InitializationException {
final String hosts = context.getProperty(HTTP_HOSTS).evaluateAttributeExpressions().getValue();
String[] hostsSplit = hosts.split(",[\\s]*");
this.url = hostsSplit[0];
final SSLContextService sslService = context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
final String username = context.getProperty(USERNAME).evaluateAttributeExpressions().getValue();
final String password = context.getProperty(PASSWORD).evaluateAttributeExpressions().getValue();
final Integer connectTimeout = context.getProperty(CONNECT_TIMEOUT).asInteger();
final Integer readTimeout = context.getProperty(SOCKET_TIMEOUT).asInteger();
final Integer retryTimeout = context.getProperty(RETRY_TIMEOUT).asInteger();
HttpHost[] hh = new HttpHost[hostsSplit.length];
for (int x = 0; x < hh.length; x++) {
URL u = new URL(hostsSplit[x]);
hh[x] = new HttpHost(u.getHost(), u.getPort(), u.getProtocol());
}
final SSLContext sslContext;
try {
sslContext = (sslService != null && sslService.isKeyStoreConfigured() && sslService.isTrustStoreConfigured()) ? buildSslContext(sslService) : null;
} catch (IOException | CertificateException | NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException | KeyManagementException e) {
getLogger().error("Error building up SSL Context from the supplied configuration.", e);
throw new InitializationException(e);
}
RestClientBuilder builder = RestClient.builder(hh).setHttpClientConfigCallback(httpClientBuilder -> {
if (sslContext != null) {
httpClientBuilder = httpClientBuilder.setSSLContext(sslContext);
}
if (username != null && password != null) {
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));
httpClientBuilder = httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
}
return httpClientBuilder;
}).setRequestConfigCallback(requestConfigBuilder -> {
requestConfigBuilder.setConnectTimeout(connectTimeout);
requestConfigBuilder.setSocketTimeout(readTimeout);
return requestConfigBuilder;
}).setMaxRetryTimeoutMillis(retryTimeout);
this.client = builder.build();
}
Also used :
RestClient(org.elasticsearch.client.RestClient)
SSLContext(javax.net.ssl.SSLContext)
RestClientBuilder(org.elasticsearch.client.RestClientBuilder)
ConfigurationContext(org.apache.nifi.controller.ConfigurationContext)
InitializationException(org.apache.nifi.reporting.InitializationException)
URL(java.net.URL)
HashMap(java.util.HashMap)
KeyStoreException(java.security.KeyStoreException)
PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor)
ArrayList(java.util.ArrayList)
SecureRandom(java.security.SecureRandom)
BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider)
Charset(java.nio.charset.Charset)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
Map(java.util.Map)
AbstractControllerService(org.apache.nifi.controller.AbstractControllerService)
NStringEntity(org.apache.http.nio.entity.NStringEntity)
OnEnabled(org.apache.nifi.annotation.lifecycle.OnEnabled)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
MalformedURLException(java.net.MalformedURLException)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
HttpEntity(org.apache.http.HttpEntity)
ContentType(org.apache.http.entity.ContentType)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
KeyManagementException(java.security.KeyManagementException)
CertificateException(java.security.cert.CertificateException)
UsernamePasswordCredentials(org.apache.http.auth.UsernamePasswordCredentials)
IOUtils(org.apache.commons.io.IOUtils)
List(java.util.List)
AuthScope(org.apache.http.auth.AuthScope)
Response(org.elasticsearch.client.Response)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CredentialsProvider(org.apache.http.client.CredentialsProvider)
HttpHost(org.apache.http.HttpHost)
Collections(java.util.Collections)
OnDisabled(org.apache.nifi.annotation.lifecycle.OnDisabled)
InputStream(java.io.InputStream)
BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider)
RestClientBuilder(org.elasticsearch.client.RestClientBuilder)
CertificateException(java.security.cert.CertificateException)
SSLContext(javax.net.ssl.SSLContext)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider)
CredentialsProvider(org.apache.http.client.CredentialsProvider)
InitializationException(org.apache.nifi.reporting.InitializationException)
URL(java.net.URL)
KeyManagementException(java.security.KeyManagementException)
UsernamePasswordCredentials(org.apache.http.auth.UsernamePasswordCredentials)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
HttpHost(org.apache.http.HttpHost)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
Example 33 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class AbstractElasticsearchHttpProcessor method createElasticsearchClient.
@Override
protected void createElasticsearchClient(ProcessContext context) throws ProcessException {
okHttpClientAtomicReference.set(null);
OkHttpClient.Builder okHttpClient = new OkHttpClient.Builder();
// Add a proxy if set
final String proxyHost = context.getProperty(PROXY_HOST).evaluateAttributeExpressions().getValue();
final Integer proxyPort = context.getProperty(PROXY_PORT).evaluateAttributeExpressions().asInteger();
if (proxyHost != null && proxyPort != null) {
final Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHost, proxyPort));
okHttpClient.proxy(proxy);
}
// Set timeouts
okHttpClient.connectTimeout((context.getProperty(CONNECT_TIMEOUT).evaluateAttributeExpressions().asTimePeriod(TimeUnit.MILLISECONDS).intValue()), TimeUnit.MILLISECONDS);
okHttpClient.readTimeout(context.getProperty(RESPONSE_TIMEOUT).evaluateAttributeExpressions().asTimePeriod(TimeUnit.MILLISECONDS).intValue(), TimeUnit.MILLISECONDS);
final SSLContextService sslService = context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
final SSLContext sslContext = sslService == null ? null : sslService.createSSLContext(SSLContextService.ClientAuth.NONE);
// check if the ssl context is set and add the factory if so
if (sslContext != null) {
okHttpClient.sslSocketFactory(sslContext.getSocketFactory());
}
okHttpClientAtomicReference.set(okHttpClient.build());
}
Also used :
Proxy(java.net.Proxy)
OkHttpClient(okhttp3.OkHttpClient)
InetSocketAddress(java.net.InetSocketAddress)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
SSLContext(javax.net.ssl.SSLContext)
Example 34 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class TestFetchElasticsearch method testSetupSecureClient.
@Test
public void testSetupSecureClient() throws Exception {
FetchElasticsearchTestProcessor processor = new FetchElasticsearchTestProcessor(true);
runner = TestRunners.newTestRunner(processor);
SSLContextService sslService = mock(SSLContextService.class);
when(sslService.getIdentifier()).thenReturn("ssl-context");
runner.addControllerService("ssl-context", sslService);
runner.enableControllerService(sslService);
runner.setProperty(FetchElasticsearch.PROP_SSL_CONTEXT_SERVICE, "ssl-context");
runner.setProperty(AbstractElasticsearchTransportClientProcessor.CLUSTER_NAME, "elasticsearch");
runner.setProperty(AbstractElasticsearchTransportClientProcessor.HOSTS, "127.0.0.1:9300");
runner.setProperty(AbstractElasticsearchTransportClientProcessor.PING_TIMEOUT, "5s");
runner.setProperty(AbstractElasticsearchTransportClientProcessor.SAMPLER_INTERVAL, "5s");
runner.setProperty(FetchElasticsearch.INDEX, "doc");
runner.setProperty(FetchElasticsearch.TYPE, "status");
runner.setValidateExpressionUsage(true);
runner.setProperty(FetchElasticsearch.DOC_ID, "${doc_id}");
// Allow time for the controller service to fully initialize
Thread.sleep(500);
runner.enqueue(docExample, new HashMap<String, String>() {
{
put("doc_id", "28039652140");
}
});
runner.run(1, true, true);
}
Also used :
SSLContextService(org.apache.nifi.ssl.SSLContextService)
Matchers.anyString(org.mockito.Matchers.anyString)
Test(org.junit.Test)
Example 35 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class TestQueryElasticsearchHttp method testSetupSecureClient.
@Test
public void testSetupSecureClient() throws Exception {
QueryElasticsearchHttpTestProcessor processor = new QueryElasticsearchHttpTestProcessor();
runner = TestRunners.newTestRunner(processor);
SSLContextService sslService = mock(SSLContextService.class);
when(sslService.getIdentifier()).thenReturn("ssl-context");
runner.addControllerService("ssl-context", sslService);
runner.enableControllerService(sslService);
runner.setProperty(QueryElasticsearchHttp.PROP_SSL_CONTEXT_SERVICE, "ssl-context");
runner.setProperty(AbstractElasticsearchHttpProcessor.ES_URL, "http://127.0.0.1:9200");
runner.setProperty(QueryElasticsearchHttp.INDEX, "doc");
runner.setValidateExpressionUsage(true);
runner.setProperty(QueryElasticsearchHttp.QUERY, "${doc_id}");
// Allow time for the controller service to fully initialize
Thread.sleep(500);
runner.enqueue("".getBytes(), new HashMap<String, String>() {
{
put("doc_id", "28039652140");
}
});
runner.run(1, true, true);
}
Also used :
SSLContextService(org.apache.nifi.ssl.SSLContextService)
Test(org.junit.Test)
Aggregations
SSLContextService (org.apache.nifi.ssl.SSLContextService)84
SSLContext (javax.net.ssl.SSLContext)29
Test (org.junit.Test)23
StandardSSLContextService (org.apache.nifi.ssl.StandardSSLContextService)22
RestrictedSSLContextService (org.apache.nifi.ssl.RestrictedSSLContextService)18
ArrayList (java.util.ArrayList)12
StandardRestrictedSSLContextService (org.apache.nifi.ssl.StandardRestrictedSSLContextService)12
IOException (java.io.IOException)11
ValidationResult (org.apache.nifi.components.ValidationResult)10
ComponentLog (org.apache.nifi.logging.ComponentLog)9
OnScheduled (org.apache.nifi.annotation.lifecycle.OnScheduled)7
InetSocketAddress (java.net.InetSocketAddress)6
ProcessException (org.apache.nifi.processor.exception.ProcessException)6
Charset (java.nio.charset.Charset)5
InitializationException (org.apache.nifi.reporting.InitializationException)5
MalformedURLException (java.net.MalformedURLException)4
URI (java.net.URI)4
ByteBuffer (java.nio.ByteBuffer)4
ProviderCreationException (org.apache.nifi.authentication.exception.ProviderCreationException)4
PropertyDescriptor (org.apache.nifi.components.PropertyDescriptor)4
