Search in sources :

Example 31 with SSLContextService

use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.

the class JMSConnectionFactoryProvider method setConnectionFactoryProperties.

/**
 * This operation follows standard bean convention by matching property name
 * to its corresponding 'setter' method. Once the method was located it is
 * invoked to set the corresponding property to a value provided by during
 * service configuration. For example, 'channel' property will correspond to
 * 'setChannel(..) method and 'queueManager' property will correspond to
 * setQueueManager(..) method with a single argument.
 * <p>
 * There are also few adjustments to accommodate well known brokers. For
 * example ActiveMQ ConnectionFactory accepts address of the Message Broker
 * in a form of URL while IBMs in the form of host/port pair (more common).
 * So this method will use value retrieved from the 'BROKER_URI' static
 * property 'as is' if ConnectionFactory implementation is coming from
 * ActiveMQ and for all others (for now) the 'BROKER_URI' value will be
 * split on ':' and the resulting pair will be used to execute
 * setHostName(..) and setPort(..) methods on the provided
 * ConnectionFactory. This may need to be maintained and adjusted to
 * accommodate other implementation of ConnectionFactory, but only for
 * URL/Host/Port issue. All other properties are set as dynamic properties
 * where user essentially provides both property name and value, The bean
 * convention is also explained in user manual for this component with links
 * pointing to documentation of various ConnectionFactories.
 *
 * @see #setProperty(String, String) method
 */
private void setConnectionFactoryProperties(ConfigurationContext context) {
    for (final Entry<PropertyDescriptor, String> entry : context.getProperties().entrySet()) {
        PropertyDescriptor descriptor = entry.getKey();
        String propertyName = descriptor.getName();
        if (descriptor.isDynamic()) {
            this.setProperty(propertyName, entry.getValue());
        } else {
            if (propertyName.equals(BROKER)) {
                String brokerValue = context.getProperty(descriptor).evaluateAttributeExpressions().getValue();
                if (context.getProperty(CONNECTION_FACTORY_IMPL).evaluateAttributeExpressions().getValue().startsWith("org.apache.activemq")) {
                    this.setProperty("brokerURL", brokerValue);
                } else {
                    String[] hostPort = brokerValue.split(":");
                    if (hostPort.length == 2) {
                        this.setProperty("hostName", hostPort[0]);
                        this.setProperty("port", hostPort[1]);
                    } else if (hostPort.length != 2) {
                        // for tibco
                        this.setProperty("serverUrl", brokerValue);
                    } else {
                        throw new IllegalArgumentException("Failed to parse broker url: " + brokerValue);
                    }
                }
                SSLContextService sc = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
                if (sc != null) {
                    SSLContext ssl = sc.createSSLContext(ClientAuth.NONE);
                    this.setProperty("sSLSocketFactory", ssl.getSocketFactory());
                }
            }
        // ignore 'else', since it's the only non-dynamic property that is relevant to CF configuration
        }
    }
}
Also used : PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor) SSLContextService(org.apache.nifi.ssl.SSLContextService) SSLContext(javax.net.ssl.SSLContext)

Example 32 with SSLContextService

use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.

the class ElasticSearchClientServiceImpl method setupClient.

private void setupClient(ConfigurationContext context) throws MalformedURLException, InitializationException {
    final String hosts = context.getProperty(HTTP_HOSTS).evaluateAttributeExpressions().getValue();
    String[] hostsSplit = hosts.split(",[\\s]*");
    this.url = hostsSplit[0];
    final SSLContextService sslService = context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
    final String username = context.getProperty(USERNAME).evaluateAttributeExpressions().getValue();
    final String password = context.getProperty(PASSWORD).evaluateAttributeExpressions().getValue();
    final Integer connectTimeout = context.getProperty(CONNECT_TIMEOUT).asInteger();
    final Integer readTimeout = context.getProperty(SOCKET_TIMEOUT).asInteger();
    final Integer retryTimeout = context.getProperty(RETRY_TIMEOUT).asInteger();
    HttpHost[] hh = new HttpHost[hostsSplit.length];
    for (int x = 0; x < hh.length; x++) {
        URL u = new URL(hostsSplit[x]);
        hh[x] = new HttpHost(u.getHost(), u.getPort(), u.getProtocol());
    }
    final SSLContext sslContext;
    try {
        sslContext = (sslService != null && sslService.isKeyStoreConfigured() && sslService.isTrustStoreConfigured()) ? buildSslContext(sslService) : null;
    } catch (IOException | CertificateException | NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException | KeyManagementException e) {
        getLogger().error("Error building up SSL Context from the supplied configuration.", e);
        throw new InitializationException(e);
    }
    RestClientBuilder builder = RestClient.builder(hh).setHttpClientConfigCallback(httpClientBuilder -> {
        if (sslContext != null) {
            httpClientBuilder = httpClientBuilder.setSSLContext(sslContext);
        }
        if (username != null && password != null) {
            final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
            credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));
            httpClientBuilder = httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
        }
        return httpClientBuilder;
    }).setRequestConfigCallback(requestConfigBuilder -> {
        requestConfigBuilder.setConnectTimeout(connectTimeout);
        requestConfigBuilder.setSocketTimeout(readTimeout);
        return requestConfigBuilder;
    }).setMaxRetryTimeoutMillis(retryTimeout);
    this.client = builder.build();
}
Also used : RestClient(org.elasticsearch.client.RestClient) SSLContext(javax.net.ssl.SSLContext) RestClientBuilder(org.elasticsearch.client.RestClientBuilder) ConfigurationContext(org.apache.nifi.controller.ConfigurationContext) InitializationException(org.apache.nifi.reporting.InitializationException) URL(java.net.URL) HashMap(java.util.HashMap) KeyStoreException(java.security.KeyStoreException) PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor) ArrayList(java.util.ArrayList) SecureRandom(java.security.SecureRandom) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) Charset(java.nio.charset.Charset) UnrecoverableKeyException(java.security.UnrecoverableKeyException) Map(java.util.Map) AbstractControllerService(org.apache.nifi.controller.AbstractControllerService) NStringEntity(org.apache.http.nio.entity.NStringEntity) OnEnabled(org.apache.nifi.annotation.lifecycle.OnEnabled) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) MalformedURLException(java.net.MalformedURLException) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) HttpEntity(org.apache.http.HttpEntity) ContentType(org.apache.http.entity.ContentType) SSLContextService(org.apache.nifi.ssl.SSLContextService) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) IOException(java.io.IOException) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) KeyManagementException(java.security.KeyManagementException) CertificateException(java.security.cert.CertificateException) UsernamePasswordCredentials(org.apache.http.auth.UsernamePasswordCredentials) IOUtils(org.apache.commons.io.IOUtils) List(java.util.List) AuthScope(org.apache.http.auth.AuthScope) Response(org.elasticsearch.client.Response) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CredentialsProvider(org.apache.http.client.CredentialsProvider) HttpHost(org.apache.http.HttpHost) Collections(java.util.Collections) OnDisabled(org.apache.nifi.annotation.lifecycle.OnDisabled) InputStream(java.io.InputStream) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) RestClientBuilder(org.elasticsearch.client.RestClientBuilder) CertificateException(java.security.cert.CertificateException) SSLContext(javax.net.ssl.SSLContext) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) CredentialsProvider(org.apache.http.client.CredentialsProvider) InitializationException(org.apache.nifi.reporting.InitializationException) URL(java.net.URL) KeyManagementException(java.security.KeyManagementException) UsernamePasswordCredentials(org.apache.http.auth.UsernamePasswordCredentials) UnrecoverableKeyException(java.security.UnrecoverableKeyException) HttpHost(org.apache.http.HttpHost) SSLContextService(org.apache.nifi.ssl.SSLContextService)

Example 33 with SSLContextService

use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.

the class AbstractElasticsearchHttpProcessor method createElasticsearchClient.

@Override
protected void createElasticsearchClient(ProcessContext context) throws ProcessException {
    okHttpClientAtomicReference.set(null);
    OkHttpClient.Builder okHttpClient = new OkHttpClient.Builder();
    // Add a proxy if set
    final String proxyHost = context.getProperty(PROXY_HOST).evaluateAttributeExpressions().getValue();
    final Integer proxyPort = context.getProperty(PROXY_PORT).evaluateAttributeExpressions().asInteger();
    if (proxyHost != null && proxyPort != null) {
        final Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHost, proxyPort));
        okHttpClient.proxy(proxy);
    }
    // Set timeouts
    okHttpClient.connectTimeout((context.getProperty(CONNECT_TIMEOUT).evaluateAttributeExpressions().asTimePeriod(TimeUnit.MILLISECONDS).intValue()), TimeUnit.MILLISECONDS);
    okHttpClient.readTimeout(context.getProperty(RESPONSE_TIMEOUT).evaluateAttributeExpressions().asTimePeriod(TimeUnit.MILLISECONDS).intValue(), TimeUnit.MILLISECONDS);
    final SSLContextService sslService = context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
    final SSLContext sslContext = sslService == null ? null : sslService.createSSLContext(SSLContextService.ClientAuth.NONE);
    // check if the ssl context is set and add the factory if so
    if (sslContext != null) {
        okHttpClient.sslSocketFactory(sslContext.getSocketFactory());
    }
    okHttpClientAtomicReference.set(okHttpClient.build());
}
Also used : Proxy(java.net.Proxy) OkHttpClient(okhttp3.OkHttpClient) InetSocketAddress(java.net.InetSocketAddress) SSLContextService(org.apache.nifi.ssl.SSLContextService) SSLContext(javax.net.ssl.SSLContext)

Example 34 with SSLContextService

use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.

the class TestFetchElasticsearch method testSetupSecureClient.

@Test
public void testSetupSecureClient() throws Exception {
    FetchElasticsearchTestProcessor processor = new FetchElasticsearchTestProcessor(true);
    runner = TestRunners.newTestRunner(processor);
    SSLContextService sslService = mock(SSLContextService.class);
    when(sslService.getIdentifier()).thenReturn("ssl-context");
    runner.addControllerService("ssl-context", sslService);
    runner.enableControllerService(sslService);
    runner.setProperty(FetchElasticsearch.PROP_SSL_CONTEXT_SERVICE, "ssl-context");
    runner.setProperty(AbstractElasticsearchTransportClientProcessor.CLUSTER_NAME, "elasticsearch");
    runner.setProperty(AbstractElasticsearchTransportClientProcessor.HOSTS, "127.0.0.1:9300");
    runner.setProperty(AbstractElasticsearchTransportClientProcessor.PING_TIMEOUT, "5s");
    runner.setProperty(AbstractElasticsearchTransportClientProcessor.SAMPLER_INTERVAL, "5s");
    runner.setProperty(FetchElasticsearch.INDEX, "doc");
    runner.setProperty(FetchElasticsearch.TYPE, "status");
    runner.setValidateExpressionUsage(true);
    runner.setProperty(FetchElasticsearch.DOC_ID, "${doc_id}");
    // Allow time for the controller service to fully initialize
    Thread.sleep(500);
    runner.enqueue(docExample, new HashMap<String, String>() {

        {
            put("doc_id", "28039652140");
        }
    });
    runner.run(1, true, true);
}
Also used : SSLContextService(org.apache.nifi.ssl.SSLContextService) Matchers.anyString(org.mockito.Matchers.anyString) Test(org.junit.Test)

Example 35 with SSLContextService

use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.

the class TestQueryElasticsearchHttp method testSetupSecureClient.

@Test
public void testSetupSecureClient() throws Exception {
    QueryElasticsearchHttpTestProcessor processor = new QueryElasticsearchHttpTestProcessor();
    runner = TestRunners.newTestRunner(processor);
    SSLContextService sslService = mock(SSLContextService.class);
    when(sslService.getIdentifier()).thenReturn("ssl-context");
    runner.addControllerService("ssl-context", sslService);
    runner.enableControllerService(sslService);
    runner.setProperty(QueryElasticsearchHttp.PROP_SSL_CONTEXT_SERVICE, "ssl-context");
    runner.setProperty(AbstractElasticsearchHttpProcessor.ES_URL, "http://127.0.0.1:9200");
    runner.setProperty(QueryElasticsearchHttp.INDEX, "doc");
    runner.setValidateExpressionUsage(true);
    runner.setProperty(QueryElasticsearchHttp.QUERY, "${doc_id}");
    // Allow time for the controller service to fully initialize
    Thread.sleep(500);
    runner.enqueue("".getBytes(), new HashMap<String, String>() {

        {
            put("doc_id", "28039652140");
        }
    });
    runner.run(1, true, true);
}
Also used : SSLContextService(org.apache.nifi.ssl.SSLContextService) Test(org.junit.Test)

Aggregations

SSLContextService (org.apache.nifi.ssl.SSLContextService)84 SSLContext (javax.net.ssl.SSLContext)29 Test (org.junit.Test)23 StandardSSLContextService (org.apache.nifi.ssl.StandardSSLContextService)22 RestrictedSSLContextService (org.apache.nifi.ssl.RestrictedSSLContextService)18 ArrayList (java.util.ArrayList)12 StandardRestrictedSSLContextService (org.apache.nifi.ssl.StandardRestrictedSSLContextService)12 IOException (java.io.IOException)11 ValidationResult (org.apache.nifi.components.ValidationResult)10 ComponentLog (org.apache.nifi.logging.ComponentLog)9 OnScheduled (org.apache.nifi.annotation.lifecycle.OnScheduled)7 InetSocketAddress (java.net.InetSocketAddress)6 ProcessException (org.apache.nifi.processor.exception.ProcessException)6 Charset (java.nio.charset.Charset)5 InitializationException (org.apache.nifi.reporting.InitializationException)5 MalformedURLException (java.net.MalformedURLException)4 URI (java.net.URI)4 ByteBuffer (java.nio.ByteBuffer)4 ProviderCreationException (org.apache.nifi.authentication.exception.ProviderCreationException)4 PropertyDescriptor (org.apache.nifi.components.PropertyDescriptor)4