Example 36 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class TestScrollElasticsearchHttp method testSetupSecureClient.
@Test
public void testSetupSecureClient() throws Exception {
ScrollElasticsearchHttpTestProcessor processor = new ScrollElasticsearchHttpTestProcessor();
runner = TestRunners.newTestRunner(processor);
SSLContextService sslService = mock(SSLContextService.class);
when(sslService.getIdentifier()).thenReturn("ssl-context");
runner.addControllerService("ssl-context", sslService);
runner.enableControllerService(sslService);
runner.setProperty(ScrollElasticsearchHttp.PROP_SSL_CONTEXT_SERVICE, "ssl-context");
runner.setProperty(AbstractElasticsearchHttpProcessor.ES_URL, "http://127.0.0.1:9200");
runner.setProperty(ScrollElasticsearchHttp.INDEX, "doc");
runner.setValidateExpressionUsage(true);
runner.setProperty(ScrollElasticsearchHttp.QUERY, "${doc_id}");
runner.setIncomingConnection(false);
// Allow time for the controller service to fully initialize
Thread.sleep(500);
runner.enqueue("".getBytes(), new HashMap<String, String>() {
{
put("doc_id", "28039652140");
}
});
runner.run(1, true, true);
}
Also used :
SSLContextService(org.apache.nifi.ssl.SSLContextService)
Test(org.junit.Test)
Example 37 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class ListenSMTP method prepareServer.
private SMTPServer prepareServer(final ProcessContext context, final ProcessSessionFactory sessionFactory) {
final int port = context.getProperty(SMTP_PORT).asInteger();
final String host = context.getProperty(SMTP_HOSTNAME).getValue();
final ComponentLog log = getLogger();
final int maxMessageSize = context.getProperty(SMTP_MAXIMUM_MSG_SIZE).asDataSize(DataUnit.B).intValue();
// create message handler factory
final MessageHandlerFactory messageHandlerFactory = (final MessageContext mc) -> {
return new SmtpConsumer(mc, sessionFactory, port, host, log, maxMessageSize);
};
// create smtp server
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
final SMTPServer smtpServer = sslContextService == null ? new SMTPServer(messageHandlerFactory) : new SMTPServer(messageHandlerFactory) {
@Override
public SSLSocket createSSLSocket(Socket socket) throws IOException {
InetSocketAddress remoteAddress = (InetSocketAddress) socket.getRemoteSocketAddress();
String clientAuth = context.getProperty(CLIENT_AUTH).getValue();
SSLContext sslContext = sslContextService.createSSLContext(SSLContextService.ClientAuth.valueOf(clientAuth));
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
SSLSocket sslSocket = (SSLSocket) (socketFactory.createSocket(socket, remoteAddress.getHostName(), socket.getPort(), true));
sslSocket.setUseClientMode(false);
if (SSLContextService.ClientAuth.REQUIRED.toString().equals(clientAuth)) {
this.setRequireTLS(true);
sslSocket.setNeedClientAuth(true);
}
return sslSocket;
}
};
if (sslContextService != null) {
smtpServer.setEnableTLS(true);
} else {
smtpServer.setHideTLS(true);
}
smtpServer.setSoftwareName("Apache NiFi SMTP");
smtpServer.setPort(port);
smtpServer.setMaxConnections(context.getProperty(SMTP_MAXIMUM_CONNECTIONS).asInteger());
smtpServer.setMaxMessageSize(maxMessageSize);
smtpServer.setConnectionTimeout(context.getProperty(SMTP_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue());
if (context.getProperty(SMTP_HOSTNAME).isSet()) {
smtpServer.setHostName(context.getProperty(SMTP_HOSTNAME).getValue());
}
return smtpServer;
}
Also used :
MessageHandlerFactory(org.subethamail.smtp.MessageHandlerFactory)
InetSocketAddress(java.net.InetSocketAddress)
SSLSocket(javax.net.ssl.SSLSocket)
IOException(java.io.IOException)
SSLContext(javax.net.ssl.SSLContext)
ComponentLog(org.apache.nifi.logging.ComponentLog)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
RestrictedSSLContextService(org.apache.nifi.ssl.RestrictedSSLContextService)
SMTPServer(org.subethamail.smtp.server.SMTPServer)
MessageContext(org.subethamail.smtp.MessageContext)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
Socket(java.net.Socket)
SSLSocket(javax.net.ssl.SSLSocket)
SmtpConsumer(org.apache.nifi.processors.email.smtp.SmtpConsumer)
Example 38 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class ListenSMTP method customValidate.
@Override
protected Collection<ValidationResult> customValidate(ValidationContext validationContext) {
List<ValidationResult> results = new ArrayList<>();
String clientAuth = validationContext.getProperty(CLIENT_AUTH).getValue();
SSLContextService sslContextService = validationContext.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null && !StringUtils.hasText(clientAuth)) {
results.add(new ValidationResult.Builder().subject(CLIENT_AUTH.getDisplayName()).explanation(CLIENT_AUTH.getDisplayName() + " must be provided when using " + SSL_CONTEXT_SERVICE.getDisplayName()).valid(false).build());
} else if (sslContextService == null && StringUtils.hasText(clientAuth)) {
results.add(new ValidationResult.Builder().subject(SSL_CONTEXT_SERVICE.getDisplayName()).explanation(SSL_CONTEXT_SERVICE.getDisplayName() + " must be provided when selecting " + CLIENT_AUTH.getDisplayName()).valid(false).build());
}
return results;
}
Also used :
SSLContextService(org.apache.nifi.ssl.SSLContextService)
RestrictedSSLContextService(org.apache.nifi.ssl.RestrictedSSLContextService)
ArrayList(java.util.ArrayList)
ValidationResult(org.apache.nifi.components.ValidationResult)
Example 39 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class TestListenSMTP method validateSuccessfulInteractionWithTls.
@Test
public void validateSuccessfulInteractionWithTls() throws Exception, EmailException {
System.setProperty("mail.smtp.ssl.trust", "*");
System.setProperty("javax.net.ssl.keyStore", "src/test/resources/localhost-ks.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "localtest");
int port = NetworkUtils.availablePort();
TestRunner runner = TestRunners.newTestRunner(ListenSMTP.class);
runner.setProperty(ListenSMTP.SMTP_PORT, String.valueOf(port));
runner.setProperty(ListenSMTP.SMTP_MAXIMUM_CONNECTIONS, "3");
// Setup the SSL Context
SSLContextService sslContextService = new StandardRestrictedSSLContextService();
runner.addControllerService("ssl-context", sslContextService);
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE, "src/test/resources/localhost-ts.jks");
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_PASSWORD, "localtest");
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_TYPE, "JKS");
runner.setProperty(sslContextService, StandardSSLContextService.KEYSTORE, "src/test/resources/localhost-ks.jks");
runner.setProperty(sslContextService, StandardSSLContextService.KEYSTORE_PASSWORD, "localtest");
runner.setProperty(sslContextService, StandardSSLContextService.KEYSTORE_TYPE, "JKS");
runner.enableControllerService(sslContextService);
// and add the SSL context to the runner
runner.setProperty(ListenSMTP.SSL_CONTEXT_SERVICE, "ssl-context");
runner.setProperty(ListenSMTP.CLIENT_AUTH, SSLContextService.ClientAuth.NONE.name());
runner.assertValid();
int messageCount = 5;
CountDownLatch latch = new CountDownLatch(messageCount);
runner.run(messageCount, false);
this.executor.schedule(() -> {
for (int i = 0; i < messageCount; i++) {
try {
Email email = new SimpleEmail();
email.setHostName("localhost");
email.setSmtpPort(port);
email.setFrom("alice@nifi.apache.org");
email.setSubject("This is a test");
email.setMsg("MSG-" + i);
email.addTo("bob@nifi.apache.org");
// Enable STARTTLS but ignore the cert
email.setStartTLSEnabled(true);
email.setStartTLSRequired(true);
email.setSSLCheckServerIdentity(false);
email.send();
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException(e);
} finally {
latch.countDown();
}
}
}, 1500, TimeUnit.MILLISECONDS);
boolean complete = latch.await(5000, TimeUnit.MILLISECONDS);
runner.shutdown();
assertTrue(complete);
runner.assertAllFlowFilesTransferred("success", messageCount);
}
Also used :
Email(org.apache.commons.mail.Email)
SimpleEmail(org.apache.commons.mail.SimpleEmail)
TestRunner(org.apache.nifi.util.TestRunner)
StandardRestrictedSSLContextService(org.apache.nifi.ssl.StandardRestrictedSSLContextService)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
StandardSSLContextService(org.apache.nifi.ssl.StandardSSLContextService)
StandardRestrictedSSLContextService(org.apache.nifi.ssl.StandardRestrictedSSLContextService)
CountDownLatch(java.util.concurrent.CountDownLatch)
SimpleEmail(org.apache.commons.mail.SimpleEmail)
EmailException(org.apache.commons.mail.EmailException)
Test(org.junit.Test)
Example 40 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class HandleHttpRequest method initializeServer.
private synchronized void initializeServer(final ProcessContext context) throws Exception {
if (initialized.get()) {
return;
}
this.containerQueue = new LinkedBlockingQueue<>(context.getProperty(CONTAINER_QUEUE_SIZE).asInteger());
final String host = context.getProperty(HOSTNAME).getValue();
final int port = context.getProperty(PORT).asInteger();
final SSLContextService sslService = context.getProperty(SSL_CONTEXT).asControllerService(SSLContextService.class);
final HttpContextMap httpContextMap = context.getProperty(HTTP_CONTEXT_MAP).asControllerService(HttpContextMap.class);
final long requestTimeout = httpContextMap.getRequestTimeout(TimeUnit.MILLISECONDS);
final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
final boolean need;
final boolean want;
if (CLIENT_NEED.equals(clientAuthValue)) {
need = true;
want = false;
} else if (CLIENT_WANT.equals(clientAuthValue)) {
need = false;
want = true;
} else {
need = false;
want = false;
}
final SslContextFactory sslFactory = (sslService == null) ? null : createSslFactory(sslService, need, want);
final Server server = new Server(port);
// create the http configuration
final HttpConfiguration httpConfiguration = new HttpConfiguration();
if (sslFactory == null) {
// create the connector
final ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(httpConfiguration));
// set host and port
if (StringUtils.isNotBlank(host)) {
http.setHost(host);
}
http.setPort(port);
// add this connector
server.setConnectors(new Connector[] { http });
} else {
// add some secure config
final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
httpsConfiguration.setSecureScheme("https");
httpsConfiguration.setSecurePort(port);
httpsConfiguration.addCustomizer(new SecureRequestCustomizer());
// build the connector
final ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslFactory, "http/1.1"), new HttpConnectionFactory(httpsConfiguration));
// set host and port
if (StringUtils.isNotBlank(host)) {
https.setHost(host);
}
https.setPort(port);
// add this connector
server.setConnectors(new Connector[] { https });
}
final Set<String> allowedMethods = new HashSet<>();
if (context.getProperty(ALLOW_GET).asBoolean()) {
allowedMethods.add("GET");
}
if (context.getProperty(ALLOW_POST).asBoolean()) {
allowedMethods.add("POST");
}
if (context.getProperty(ALLOW_PUT).asBoolean()) {
allowedMethods.add("PUT");
}
if (context.getProperty(ALLOW_DELETE).asBoolean()) {
allowedMethods.add("DELETE");
}
if (context.getProperty(ALLOW_HEAD).asBoolean()) {
allowedMethods.add("HEAD");
}
if (context.getProperty(ALLOW_OPTIONS).asBoolean()) {
allowedMethods.add("OPTIONS");
}
final String additionalMethods = context.getProperty(ADDITIONAL_METHODS).getValue();
if (additionalMethods != null) {
for (final String additionalMethod : additionalMethods.split(",")) {
final String trimmed = additionalMethod.trim();
if (!trimmed.isEmpty()) {
allowedMethods.add(trimmed.toUpperCase());
}
}
}
final String pathRegex = context.getProperty(PATH_REGEX).getValue();
final Pattern pathPattern = (pathRegex == null) ? null : Pattern.compile(pathRegex);
server.setHandler(new AbstractHandler() {
@Override
public void handle(final String target, final Request baseRequest, final HttpServletRequest request, final HttpServletResponse response) throws IOException, ServletException {
final String requestUri = request.getRequestURI();
if (!allowedMethods.contains(request.getMethod().toUpperCase())) {
getLogger().info("Sending back METHOD_NOT_ALLOWED response to {}; method was {}; request URI was {}", new Object[] { request.getRemoteAddr(), request.getMethod(), requestUri });
response.sendError(Status.METHOD_NOT_ALLOWED.getStatusCode());
return;
}
if (pathPattern != null) {
final URI uri;
try {
uri = new URI(requestUri);
} catch (final URISyntaxException e) {
throw new ServletException(e);
}
if (!pathPattern.matcher(uri.getPath()).matches()) {
response.sendError(Status.NOT_FOUND.getStatusCode());
getLogger().info("Sending back NOT_FOUND response to {}; request was {} {}", new Object[] { request.getRemoteAddr(), request.getMethod(), requestUri });
return;
}
}
// If destination queues full, send back a 503: Service Unavailable.
if (context.getAvailableRelationships().isEmpty()) {
response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
return;
}
// Right now, that information, though, is only in the ProcessSession, not the ProcessContext,
// so it is not known to us. Should see if it can be added to the ProcessContext.
final AsyncContext async = baseRequest.startAsync();
async.setTimeout(requestTimeout);
final boolean added = containerQueue.offer(new HttpRequestContainer(request, response, async));
if (added) {
getLogger().debug("Added Http Request to queue for {} {} from {}", new Object[] { request.getMethod(), requestUri, request.getRemoteAddr() });
} else {
getLogger().info("Sending back a SERVICE_UNAVAILABLE response to {}; request was {} {}", new Object[] { request.getRemoteAddr(), request.getMethod(), request.getRemoteAddr() });
response.sendError(Status.SERVICE_UNAVAILABLE.getStatusCode());
response.flushBuffer();
async.complete();
}
}
});
this.server = server;
server.start();
getLogger().info("Server started and listening on port " + getPort());
initialized.set(true);
}
Also used :
Server(org.eclipse.jetty.server.Server)
HttpContextMap(org.apache.nifi.http.HttpContextMap)
AsyncContext(javax.servlet.AsyncContext)
HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration)
URISyntaxException(java.net.URISyntaxException)
SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)
URI(java.net.URI)
AbstractHandler(org.eclipse.jetty.server.handler.AbstractHandler)
ServerConnector(org.eclipse.jetty.server.ServerConnector)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServletException(javax.servlet.ServletException)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
HashSet(java.util.HashSet)
Pattern(java.util.regex.Pattern)
SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer)
HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory)
Request(org.eclipse.jetty.server.Request)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
IOException(java.io.IOException)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
RestrictedSSLContextService(org.apache.nifi.ssl.RestrictedSSLContextService)
Aggregations
SSLContextService (org.apache.nifi.ssl.SSLContextService)84
SSLContext (javax.net.ssl.SSLContext)29
Test (org.junit.Test)23
StandardSSLContextService (org.apache.nifi.ssl.StandardSSLContextService)22
RestrictedSSLContextService (org.apache.nifi.ssl.RestrictedSSLContextService)18
ArrayList (java.util.ArrayList)12
StandardRestrictedSSLContextService (org.apache.nifi.ssl.StandardRestrictedSSLContextService)12
IOException (java.io.IOException)11
ValidationResult (org.apache.nifi.components.ValidationResult)10
ComponentLog (org.apache.nifi.logging.ComponentLog)9
OnScheduled (org.apache.nifi.annotation.lifecycle.OnScheduled)7
InetSocketAddress (java.net.InetSocketAddress)6
ProcessException (org.apache.nifi.processor.exception.ProcessException)6
Charset (java.nio.charset.Charset)5
InitializationException (org.apache.nifi.reporting.InitializationException)5
MalformedURLException (java.net.MalformedURLException)4
URI (java.net.URI)4
ByteBuffer (java.nio.ByteBuffer)4
ProviderCreationException (org.apache.nifi.authentication.exception.ProviderCreationException)4
PropertyDescriptor (org.apache.nifi.components.PropertyDescriptor)4
