Example 41 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class InvokeHTTP method setUpClient.
@OnScheduled
public void setUpClient(final ProcessContext context) throws IOException, UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
okHttpClientAtomicReference.set(null);
OkHttpClient.Builder okHttpClientBuilder = new OkHttpClient().newBuilder();
// Add a proxy if set
final String proxyHost = context.getProperty(PROP_PROXY_HOST).evaluateAttributeExpressions().getValue();
final Integer proxyPort = context.getProperty(PROP_PROXY_PORT).evaluateAttributeExpressions().asInteger();
final String proxyType = context.getProperty(PROP_PROXY_TYPE).evaluateAttributeExpressions().getValue();
boolean isHttpsProxy = false;
if (proxyHost != null && proxyPort != null) {
final Proxy proxy = new Proxy(Type.HTTP, new InetSocketAddress(proxyHost, proxyPort));
okHttpClientBuilder.proxy(proxy);
isHttpsProxy = HTTPS.equals(proxyType);
}
// configure ETag cache if enabled
final boolean etagEnabled = context.getProperty(PROP_USE_ETAG).asBoolean();
if (etagEnabled) {
final int maxCacheSizeBytes = context.getProperty(PROP_ETAG_MAX_CACHE_SIZE).asDataSize(DataUnit.B).intValue();
okHttpClientBuilder.cache(new Cache(getETagCacheDir(), maxCacheSizeBytes));
}
// Set timeouts
okHttpClientBuilder.connectTimeout((context.getProperty(PROP_CONNECT_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue()), TimeUnit.MILLISECONDS);
okHttpClientBuilder.readTimeout(context.getProperty(PROP_READ_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue(), TimeUnit.MILLISECONDS);
// Set whether to follow redirects
okHttpClientBuilder.followRedirects(context.getProperty(PROP_FOLLOW_REDIRECTS).asBoolean());
final SSLContextService sslService = context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
final SSLContext sslContext = sslService == null ? null : sslService.createSSLContext(ClientAuth.NONE);
// check if the ssl context is set and add the factory if so
if (sslContext != null) {
setSslSocketFactory(okHttpClientBuilder, sslService, sslContext, isHttpsProxy);
}
// check the trusted hostname property and override the HostnameVerifier
String trustedHostname = trimToEmpty(context.getProperty(PROP_TRUSTED_HOSTNAME).getValue());
if (!trustedHostname.isEmpty()) {
okHttpClientBuilder.hostnameVerifier(new OverrideHostnameVerifier(trustedHostname, OkHostnameVerifier.INSTANCE));
}
setAuthenticator(okHttpClientBuilder, context);
useChunked = context.getProperty(PROP_USE_CHUNKED_ENCODING).asBoolean();
okHttpClientAtomicReference.set(okHttpClientBuilder.build());
}
Also used :
Proxy(java.net.Proxy)
OkHttpClient(okhttp3.OkHttpClient)
InetSocketAddress(java.net.InetSocketAddress)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
SSLContext(javax.net.ssl.SSLContext)
Cache(okhttp3.Cache)
OnScheduled(org.apache.nifi.annotation.lifecycle.OnScheduled)
Example 42 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class ListenHTTP method createHttpServerFromService.
private void createHttpServerFromService(final ProcessContext context) throws Exception {
final String basePath = context.getProperty(BASE_PATH).evaluateAttributeExpressions().getValue();
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
final Double maxBytesPerSecond = context.getProperty(MAX_DATA_RATE).asDataSize(DataUnit.B);
final StreamThrottler streamThrottler = (maxBytesPerSecond == null) ? null : new LeakyBucketStreamThrottler(maxBytesPerSecond.intValue());
final int returnCode = context.getProperty(RETURN_CODE).asInteger();
throttlerRef.set(streamThrottler);
final boolean needClientAuth = sslContextService != null && sslContextService.getTrustStoreFile() != null;
final SslContextFactory contextFactory = new SslContextFactory();
contextFactory.setNeedClientAuth(needClientAuth);
if (needClientAuth) {
contextFactory.setTrustStorePath(sslContextService.getTrustStoreFile());
contextFactory.setTrustStoreType(sslContextService.getTrustStoreType());
contextFactory.setTrustStorePassword(sslContextService.getTrustStorePassword());
}
final String keystorePath = sslContextService == null ? null : sslContextService.getKeyStoreFile();
if (keystorePath != null) {
final String keystorePassword = sslContextService.getKeyStorePassword();
final String keyStoreType = sslContextService.getKeyStoreType();
contextFactory.setKeyStorePath(keystorePath);
contextFactory.setKeyManagerPassword(keystorePassword);
contextFactory.setKeyStorePassword(keystorePassword);
contextFactory.setKeyStoreType(keyStoreType);
}
if (sslContextService != null) {
contextFactory.setProtocol(sslContextService.getSslAlgorithm());
}
// thread pool for the jetty instance
final QueuedThreadPool threadPool = new QueuedThreadPool();
threadPool.setName(String.format("%s (%s) Web Server", getClass().getSimpleName(), getIdentifier()));
// create the server instance
final Server server = new Server(threadPool);
// get the configured port
final int port = context.getProperty(PORT).evaluateAttributeExpressions().asInteger();
final ServerConnector connector;
final HttpConfiguration httpConfiguration = new HttpConfiguration();
if (keystorePath == null) {
// create the connector
connector = new ServerConnector(server, new HttpConnectionFactory(httpConfiguration));
} else {
// configure the ssl connector
httpConfiguration.setSecureScheme("https");
httpConfiguration.setSecurePort(port);
httpConfiguration.addCustomizer(new SecureRequestCustomizer());
// build the connector
connector = new ServerConnector(server, new SslConnectionFactory(contextFactory, "http/1.1"), new HttpConnectionFactory(httpConfiguration));
}
// configure the port
connector.setPort(port);
// add the connector to the server
server.setConnectors(new Connector[] { connector });
final ServletContextHandler contextHandler = new ServletContextHandler(server, "/", true, (keystorePath != null));
for (final Class<? extends Servlet> cls : getServerClasses()) {
final Path path = cls.getAnnotation(Path.class);
// also, servlets other than ListenHttpServlet must have a path starting with /
if (basePath.isEmpty() && !path.value().isEmpty()) {
// Note: this is to handle the condition of an empty uri, otherwise pathSpec would start with //
contextHandler.addServlet(cls, path.value());
} else {
contextHandler.addServlet(cls, "/" + basePath + path.value());
}
}
contextHandler.setAttribute(CONTEXT_ATTRIBUTE_PROCESSOR, this);
contextHandler.setAttribute(CONTEXT_ATTRIBUTE_LOGGER, getLogger());
contextHandler.setAttribute(CONTEXT_ATTRIBUTE_SESSION_FACTORY_HOLDER, sessionFactoryReference);
contextHandler.setAttribute(CONTEXT_ATTRIBUTE_PROCESS_CONTEXT_HOLDER, context);
contextHandler.setAttribute(CONTEXT_ATTRIBUTE_FLOWFILE_MAP, flowFileMap);
contextHandler.setAttribute(CONTEXT_ATTRIBUTE_AUTHORITY_PATTERN, Pattern.compile(context.getProperty(AUTHORIZED_DN_PATTERN).getValue()));
contextHandler.setAttribute(CONTEXT_ATTRIBUTE_STREAM_THROTTLER, streamThrottler);
contextHandler.setAttribute(CONTEXT_ATTRIBUTE_BASE_PATH, basePath);
contextHandler.setAttribute(CONTEXT_ATTRIBUTE_RETURN_CODE, returnCode);
if (context.getProperty(HEADERS_AS_ATTRIBUTES_REGEX).isSet()) {
contextHandler.setAttribute(CONTEXT_ATTRIBUTE_HEADER_PATTERN, Pattern.compile(context.getProperty(HEADERS_AS_ATTRIBUTES_REGEX).getValue()));
}
try {
server.start();
} catch (Exception e) {
shutdownHttpServer(server);
throw e;
}
this.server = server;
}
Also used :
Path(javax.ws.rs.Path)
SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer)
Server(org.eclipse.jetty.server.Server)
HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory)
HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration)
SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)
IOException(java.io.IOException)
ServerConnector(org.eclipse.jetty.server.ServerConnector)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
QueuedThreadPool(org.eclipse.jetty.util.thread.QueuedThreadPool)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
RestrictedSSLContextService(org.apache.nifi.ssl.RestrictedSSLContextService)
LeakyBucketStreamThrottler(org.apache.nifi.stream.io.LeakyBucketStreamThrottler)
ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler)
StreamThrottler(org.apache.nifi.stream.io.StreamThrottler)
LeakyBucketStreamThrottler(org.apache.nifi.stream.io.LeakyBucketStreamThrottler)
Example 43 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class ListenRELP method createDispatcher.
@Override
protected ChannelDispatcher createDispatcher(final ProcessContext context, final BlockingQueue<RELPEvent> events) throws IOException {
final EventFactory<RELPEvent> eventFactory = new RELPEventFactory();
final ChannelHandlerFactory<RELPEvent, AsyncChannelDispatcher> handlerFactory = new RELPSocketChannelHandlerFactory<>();
final int maxConnections = context.getProperty(MAX_CONNECTIONS).asInteger();
final int bufferSize = context.getProperty(RECV_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
final Charset charSet = Charset.forName(context.getProperty(CHARSET).getValue());
// initialize the buffer pool based on max number of connections and the buffer size
final BlockingQueue<ByteBuffer> bufferPool = createBufferPool(maxConnections, bufferSize);
// if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
SSLContext sslContext = null;
SslContextFactory.ClientAuth clientAuth = null;
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
sslContext = sslContextService.createSSLContext(SSLContextService.ClientAuth.valueOf(clientAuthValue));
clientAuth = SslContextFactory.ClientAuth.valueOf(clientAuthValue);
}
// if we decide to support SSL then get the context and pass it in here
return new SocketChannelDispatcher<>(eventFactory, handlerFactory, bufferPool, events, getLogger(), maxConnections, sslContext, clientAuth, charSet);
}
Also used :
RELPSocketChannelHandlerFactory(org.apache.nifi.processors.standard.relp.handler.RELPSocketChannelHandlerFactory)
RELPEventFactory(org.apache.nifi.processors.standard.relp.event.RELPEventFactory)
Charset(java.nio.charset.Charset)
SSLContext(javax.net.ssl.SSLContext)
ByteBuffer(java.nio.ByteBuffer)
SslContextFactory(org.apache.nifi.security.util.SslContextFactory)
AsyncChannelDispatcher(org.apache.nifi.processor.util.listen.dispatcher.AsyncChannelDispatcher)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
RestrictedSSLContextService(org.apache.nifi.ssl.RestrictedSSLContextService)
SocketChannelDispatcher(org.apache.nifi.processor.util.listen.dispatcher.SocketChannelDispatcher)
RELPEvent(org.apache.nifi.processors.standard.relp.event.RELPEvent)
Example 44 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class ListenSyslog method onScheduled.
@OnScheduled
public void onScheduled(final ProcessContext context) throws IOException {
final int port = context.getProperty(PORT).evaluateAttributeExpressions().asInteger();
final int bufferSize = context.getProperty(RECV_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
final int maxChannelBufferSize = context.getProperty(MAX_SOCKET_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
final int maxMessageQueueSize = context.getProperty(MAX_MESSAGE_QUEUE_SIZE).asInteger();
final String protocol = context.getProperty(PROTOCOL).getValue();
final String nicIPAddressStr = context.getProperty(NETWORK_INTF_NAME).evaluateAttributeExpressions().getValue();
final String charSet = context.getProperty(CHARSET).evaluateAttributeExpressions().getValue();
final String msgDemarcator = context.getProperty(MESSAGE_DELIMITER).getValue().replace("\\n", "\n").replace("\\r", "\r").replace("\\t", "\t");
messageDemarcatorBytes = msgDemarcator.getBytes(Charset.forName(charSet));
final int maxConnections;
if (UDP_VALUE.getValue().equals(protocol)) {
maxConnections = 1;
} else {
maxConnections = context.getProperty(MAX_CONNECTIONS).asLong().intValue();
}
bufferPool = new LinkedBlockingQueue<>(maxConnections);
for (int i = 0; i < maxConnections; i++) {
bufferPool.offer(ByteBuffer.allocate(bufferSize));
}
parser = new SyslogParser(Charset.forName(charSet));
syslogEvents = new LinkedBlockingQueue<>(maxMessageQueueSize);
InetAddress nicIPAddress = null;
if (!StringUtils.isEmpty(nicIPAddressStr)) {
NetworkInterface netIF = NetworkInterface.getByName(nicIPAddressStr);
nicIPAddress = netIF.getInetAddresses().nextElement();
}
// create either a UDP or TCP reader and call open() to bind to the given port
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
channelDispatcher = createChannelReader(context, protocol, bufferPool, syslogEvents, maxConnections, sslContextService, Charset.forName(charSet));
channelDispatcher.open(nicIPAddress, port, maxChannelBufferSize);
final Thread readerThread = new Thread(channelDispatcher);
readerThread.setName("ListenSyslog [" + getIdentifier() + "]");
readerThread.setDaemon(true);
readerThread.start();
}
Also used :
SyslogParser(org.apache.nifi.processors.standard.syslog.SyslogParser)
SSLContextService(org.apache.nifi.ssl.SSLContextService)
RestrictedSSLContextService(org.apache.nifi.ssl.RestrictedSSLContextService)
NetworkInterface(java.net.NetworkInterface)
InetAddress(java.net.InetAddress)
OnScheduled(org.apache.nifi.annotation.lifecycle.OnScheduled)
Example 45 with SSLContextService
use of org.apache.nifi.ssl.SSLContextService in project nifi by apache.
the class ListenTCP method customValidate.
@Override
protected Collection<ValidationResult> customValidate(final ValidationContext validationContext) {
final List<ValidationResult> results = new ArrayList<>();
final String clientAuth = validationContext.getProperty(CLIENT_AUTH).getValue();
final SSLContextService sslContextService = validationContext.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null && StringUtils.isBlank(clientAuth)) {
results.add(new ValidationResult.Builder().explanation("Client Auth must be provided when using TLS/SSL").valid(false).subject("Client Auth").build());
}
return results;
}
Also used :
SSLContextService(org.apache.nifi.ssl.SSLContextService)
RestrictedSSLContextService(org.apache.nifi.ssl.RestrictedSSLContextService)
ArrayList(java.util.ArrayList)
ValidationResult(org.apache.nifi.components.ValidationResult)
Aggregations
SSLContextService (org.apache.nifi.ssl.SSLContextService)84
SSLContext (javax.net.ssl.SSLContext)29
Test (org.junit.Test)23
StandardSSLContextService (org.apache.nifi.ssl.StandardSSLContextService)22
RestrictedSSLContextService (org.apache.nifi.ssl.RestrictedSSLContextService)18
ArrayList (java.util.ArrayList)12
StandardRestrictedSSLContextService (org.apache.nifi.ssl.StandardRestrictedSSLContextService)12
IOException (java.io.IOException)11
ValidationResult (org.apache.nifi.components.ValidationResult)10
ComponentLog (org.apache.nifi.logging.ComponentLog)9
OnScheduled (org.apache.nifi.annotation.lifecycle.OnScheduled)7
InetSocketAddress (java.net.InetSocketAddress)6
ProcessException (org.apache.nifi.processor.exception.ProcessException)6
Charset (java.nio.charset.Charset)5
InitializationException (org.apache.nifi.reporting.InitializationException)5
MalformedURLException (java.net.MalformedURLException)4
URI (java.net.URI)4
ByteBuffer (java.nio.ByteBuffer)4
ProviderCreationException (org.apache.nifi.authentication.exception.ProviderCreationException)4
PropertyDescriptor (org.apache.nifi.components.PropertyDescriptor)4
