org.apache.nifi.ssl.SSLContextService Java Examples

private SSLContext createSSLContext(final SSLContextService service)
        throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException {
    SSLContextBuilder builder = SSLContexts.custom();
    final String trustFilename = service.getTrustStoreFile();
    if (trustFilename != null) {
        final KeyStore truststore = KeyStoreUtils.getTrustStore(service.getTrustStoreType());
        try (final InputStream in = new FileInputStream(new File(service.getTrustStoreFile()))) {
            truststore.load(in, service.getTrustStorePassword().toCharArray());
        }
        builder = builder.loadTrustMaterial(truststore, new TrustSelfSignedStrategy());
    }

    final String keyFilename = service.getKeyStoreFile();
    if (keyFilename != null) {
        final KeyStore keystore = KeyStoreUtils.getKeyStore(service.getKeyStoreType());
        try (final InputStream in = new FileInputStream(new File(service.getKeyStoreFile()))) {
            keystore.load(in, service.getKeyStorePassword().toCharArray());
        }
        builder = builder.loadKeyMaterial(keystore, service.getKeyStorePassword().toCharArray());
    }

    builder = builder.useProtocol(service.getSslAlgorithm());

    final SSLContext sslContext = builder.build();
    return sslContext;
}
 

@OnEnabled
public void onEnabled(final ConfigurationContext context) {
    final List<String> baseUrls = getBaseURLs(context);
    final int timeoutMillis = context.getProperty(TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue();

    final SSLContext sslContext;
    final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT).asControllerService(SSLContextService.class);
    if (sslContextService == null) {
        sslContext = null;
    } else {
        sslContext = sslContextService.createSSLContext(ClientAuth.REQUIRED);
    }

    final SchemaRegistryClient restClient = new RestSchemaRegistryClient(baseUrls, timeoutMillis, sslContext, getLogger());

    final int cacheSize = context.getProperty(CACHE_SIZE).asInteger();
    final long cacheExpiration = context.getProperty(CACHE_EXPIRATION).asTimePeriod(TimeUnit.NANOSECONDS).longValue();

    client = new CachingSchemaRegistryClient(restClient, cacheSize, cacheExpiration);
}
 

public CommsSession createCommsSession(final ConfigurationContext context) throws IOException {
    final String hostname = context.getProperty(HOSTNAME).getValue();
    final int port = context.getProperty(PORT).asInteger();
    final int timeoutMillis = context.getProperty(COMMUNICATIONS_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue();
    final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);

    final CommsSession commsSession;
    if (sslContextService == null) {
        commsSession = new StandardCommsSession(hostname, port, timeoutMillis);
    } else {
        commsSession = new SSLCommsSession(sslContextService.createSSLContext(ClientAuth.REQUIRED), hostname, port, timeoutMillis);
    }

    commsSession.setTimeout(timeoutMillis, TimeUnit.MILLISECONDS);
    return commsSession;
}
 

@Test
public void testConnectToCassandraWithSSL() throws Exception {
    SSLContextService sslService = mock(SSLContextService.class);
    when(sslService.getIdentifier()).thenReturn("ssl-context");
    testRunner.addControllerService("ssl-context", sslService);
    testRunner.enableControllerService(sslService);
    testRunner.setProperty(AbstractCassandraProcessor.PROP_SSL_CONTEXT_SERVICE, "ssl-context");
    testRunner.setProperty(AbstractCassandraProcessor.CONSISTENCY_LEVEL, "ONE");
    testRunner.assertValid(sslService);
    processor.connectToCassandra(testRunner.getProcessContext());
    assertNotNull(processor.getCluster());
    processor.setCluster(null);
    // Try with a ClientAuth value
    testRunner.setProperty(AbstractCassandraProcessor.CLIENT_AUTH, "WANT");
    processor.connectToCassandra(testRunner.getProcessContext());
    assertNotNull(processor.getCluster());
}
 

@Test
public void testSetupSecureClient() throws Exception {
    FetchElasticsearchTestProcessor processor = new FetchElasticsearchTestProcessor(true);
    runner = TestRunners.newTestRunner(processor);
    SSLContextService sslService = mock(SSLContextService.class);
    when(sslService.getIdentifier()).thenReturn("ssl-context");
    runner.addControllerService("ssl-context", sslService);
    runner.enableControllerService(sslService);
    runner.setProperty(FetchElasticsearch.PROP_SSL_CONTEXT_SERVICE, "ssl-context");
    runner.setProperty(AbstractElasticsearchTransportClientProcessor.CLUSTER_NAME, "elasticsearch");
    runner.setProperty(AbstractElasticsearchTransportClientProcessor.HOSTS, "127.0.0.1:9300");
    runner.setProperty(AbstractElasticsearchTransportClientProcessor.PING_TIMEOUT, "5s");
    runner.setProperty(AbstractElasticsearchTransportClientProcessor.SAMPLER_INTERVAL, "5s");
    runner.setProperty(FetchElasticsearch.INDEX, "doc");
    runner.setProperty(FetchElasticsearch.TYPE, "status");
    runner.setProperty(FetchElasticsearch.DOC_ID, "${doc_id}");

    // Allow time for the controller service to fully initialize
    Thread.sleep(500);

    runner.enqueue(docExample, new HashMap<String, String>() {{
        put("doc_id", "28039652140");
    }});
    runner.run(1, true, true);

}
 

@Override
protected ChannelDispatcher createDispatcher(final ProcessContext context, final BlockingQueue<LumberjackEvent> events) throws IOException {
    final EventFactory<LumberjackEvent> eventFactory = new LumberjackEventFactory();
    final ChannelHandlerFactory<LumberjackEvent, AsyncChannelDispatcher> handlerFactory = new LumberjackSocketChannelHandlerFactory<>();

    final int maxConnections = context.getProperty(MAX_CONNECTIONS).asInteger();
    final int bufferSize = context.getProperty(RECV_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
    final Charset charSet = Charset.forName(context.getProperty(CHARSET).getValue());

    // initialize the buffer pool based on max number of connections and the buffer size
    final BlockingQueue<ByteBuffer> bufferPool = createBufferPool(maxConnections, bufferSize);

    // if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
    SSLContext sslContext = null;
    final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
    if (sslContextService != null) {
        sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
    }

    // if we decide to support SSL then get the context and pass it in here
    return new SocketChannelDispatcher<>(eventFactory, handlerFactory, bufferPool, events,
        getLogger(), maxConnections, sslContext, charSet);
}
 

private SslContextFactory createSslFactory(final ConfigurationContext context) {
    final SSLContextService sslService = context.getProperty(SSL_CONTEXT).asControllerService(SSLContextService.class);

    final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
    final boolean need;
    final boolean want;
    if (CLIENT_NEED.equals(clientAuthValue)) {
        need = true;
        want = false;
    } else if (CLIENT_WANT.equals(clientAuthValue)) {
        need = false;
        want = true;
    } else {
        need = false;
        want = false;
    }

    final SslContextFactory sslFactory = (sslService == null) ? null : createSslFactory(sslService, need, want);
    return sslFactory;
}
 

@Test
public void testHttpUrlShouldNotAllowSSLContext() throws InitializationException {
    final TestRunner runner = TestRunners.newTestRunner(PutSolrRecord.class);
    MockRecordParser recordParser = new MockRecordParser();
    recordParser.addRecord(1, "Abhinav","R",8,"Chemistry","term1", 98);
    runner.addControllerService("parser", recordParser);
    runner.enableControllerService(recordParser);
    runner.setProperty(PutSolrRecord.RECORD_READER, "parser");

    runner.setProperty(SolrUtils.SOLR_TYPE, SolrUtils.SOLR_TYPE_STANDARD.getValue());
    runner.setProperty(SolrUtils.SOLR_LOCATION, "http://localhost:8443/solr");
    runner.assertValid();

    final SSLContextService sslContextService = new MockSSLContextService();
    runner.addControllerService("ssl-context", sslContextService);
    runner.enableControllerService(sslContextService);

    runner.setProperty(SolrUtils.SSL_CONTEXT_SERVICE, "ssl-context");
    runner.assertNotValid();
}
 

/**
 * Creates a concrete instance of a ChannelSender object to use for sending messages over a TCP stream.
 *
 * @param context
 *            - the current process context.
 *
 * @return ChannelSender object.
 */
@Override
protected ChannelSender createSender(final ProcessContext context) throws IOException {
    final String protocol = TCP_VALUE.getValue();
    final String hostname = context.getProperty(HOSTNAME).evaluateAttributeExpressions().getValue();
    final int port = context.getProperty(PORT).evaluateAttributeExpressions().asInteger();
    final int timeout = context.getProperty(TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue();
    final int bufferSize = context.getProperty(MAX_SOCKET_SEND_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
    final SSLContextService sslContextService = (SSLContextService) context.getProperty(SSL_CONTEXT_SERVICE).asControllerService();

    SSLContext sslContext = null;
    if (sslContextService != null) {
        sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
    }

    return createSender(protocol, hostname, port, timeout, bufferSize, sslContext);
}
 

@Test
public void testHttpsUrlShouldRequireSSLContext() throws InitializationException {
    final TestRunner runner = TestRunners.newTestRunner(PutSolrRecord.class);
    MockRecordParser recordParser = new MockRecordParser();
    recordParser.addRecord(1, "Abhinav","R",8,"Chemistry","term1", 98);
    runner.addControllerService("parser", recordParser);
    runner.enableControllerService(recordParser);
    runner.setProperty(PutSolrRecord.RECORD_READER, "parser");

    runner.setProperty(SolrUtils.SOLR_TYPE, SolrUtils.SOLR_TYPE_STANDARD.getValue());
    runner.setProperty(SolrUtils.SOLR_LOCATION, "https://localhost:8443/solr");
    runner.assertNotValid();

    final SSLContextService sslContextService = new MockSSLContextService();
    runner.addControllerService("ssl-context", sslContextService);
    runner.enableControllerService(sslContextService);

    runner.setProperty(SolrUtils.SSL_CONTEXT_SERVICE, "ssl-context");
    runner.assertValid();
}
 

@Test
public void testSslContextService() throws IOException, InitializationException {
    final QuerySolr proc = Mockito.mock(QuerySolr.class);
    TestRunner runner = TestRunners.newTestRunner(proc);
    runner.setProperty(SolrUtils.SOLR_TYPE, SolrUtils.SOLR_TYPE_CLOUD.getValue());
    runner.setProperty(SolrUtils.SOLR_LOCATION, SOLR_LOCATION);
    runner.setProperty(SolrUtils.COLLECTION, SOLR_COLLECTION);

    final SSLContextService sslContextService = new MockSSLContextService();
    runner.addControllerService("ssl-context", sslContextService);
    runner.enableControllerService(sslContextService);

    runner.setProperty(SolrUtils.SSL_CONTEXT_SERVICE, "ssl-context");
    proc.onScheduled(runner.getProcessContext());
    Mockito.verify(proc, Mockito.times(1)).createSolrClient(Mockito.any(ProcessContext.class), Mockito.eq(SOLR_LOCATION));

}
 

public CommsSession createCommsSession(final ConfigurationContext context) throws IOException {
    final String hostname = context.getProperty(HOSTNAME).getValue();
    final int port = context.getProperty(PORT).asInteger();
    final long timeoutMillis = context.getProperty(COMMUNICATIONS_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS);
    final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);

    final CommsSession commsSession;
    if (sslContextService == null) {
        commsSession = new StandardCommsSession(hostname, port);
    } else {
        commsSession = new SSLCommsSession(sslContextService.createSSLContext(ClientAuth.REQUIRED), hostname, port);
    }

    commsSession.setTimeout(timeoutMillis, TimeUnit.MILLISECONDS);
    return commsSession;
}
 

@Test
public void testTruststoreSSLOnly() throws Exception {
    final Map<String, String> sslProps = new HashMap<>();
    sslProps.put(TestServer.NEED_CLIENT_AUTH, "false");
    sslProps.put(StandardSSLContextService.KEYSTORE.getName(), KEYSTORE_PATH);
    sslProps.put(StandardSSLContextService.KEYSTORE_PASSWORD.getName(), KEYSTORE_AND_TRUSTSTORE_PASSWORD);
    sslProps.put(StandardSSLContextService.KEYSTORE_TYPE.getName(), JKS_TYPE);
    setup(sslProps);

    final SSLContextService sslContextService = new StandardSSLContextService();
    runner.addControllerService("ssl-context", sslContextService);
    runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE, TRUSTSTORE_PATH);
    runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_PASSWORD, KEYSTORE_AND_TRUSTSTORE_PASSWORD);
    runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_TYPE, JKS_TYPE);
    runner.enableControllerService(sslContextService);

    runner.setProperty(org.apache.nifi.processors.standard.PostHTTP.URL, server.getSecureUrl());
    runner.setProperty(org.apache.nifi.processors.standard.PostHTTP.SSL_CONTEXT_SERVICE, "ssl-context");
    runner.setProperty(org.apache.nifi.processors.standard.PostHTTP.CHUNKED_ENCODING, "false");

    runner.enqueue("Hello world".getBytes());
    runner.run();

    runner.assertAllFlowFilesTransferred(org.apache.nifi.processors.standard.PostHTTP.REL_SUCCESS, 1);
}
 

public PrometheusServer(int addr, SSLContextService sslContextService, ComponentLog logger, boolean needClientAuth, boolean wantClientAuth) throws Exception {
    PrometheusServer.logger = logger;
    this.server = new Server();
    this.handler = new ServletContextHandler(server, "/metrics");
    this.handler.addServlet(new ServletHolder(new MetricsServlet()), "/");

    SslContextFactory sslFactory = createSslFactory(sslContextService, needClientAuth, wantClientAuth);
    HttpConfiguration httpsConfiguration = new HttpConfiguration();
    httpsConfiguration.setSecureScheme("https");
    httpsConfiguration.setSecurePort(addr);
    httpsConfiguration.addCustomizer(new SecureRequestCustomizer());

    ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslFactory, "http/1.1"),
            new HttpConnectionFactory(httpsConfiguration));
    https.setPort(addr);
    this.server.setConnectors(new Connector[]{https});
    this.server.start();

}
 

@Test
public void testSetupSecureClient() throws Exception {
    FetchElasticsearchHttpTestProcessor processor = new FetchElasticsearchHttpTestProcessor(true);
    runner = TestRunners.newTestRunner(processor);
    SSLContextService sslService = mock(SSLContextService.class);
    when(sslService.getIdentifier()).thenReturn("ssl-context");
    runner.addControllerService("ssl-context", sslService);
    runner.enableControllerService(sslService);
    runner.setProperty(FetchElasticsearchHttp.PROP_SSL_CONTEXT_SERVICE, "ssl-context");
    runner.setProperty(AbstractElasticsearchHttpProcessor.ES_URL, "http://127.0.0.1:9200");
    runner.setProperty(FetchElasticsearchHttp.INDEX, "doc");
    runner.setProperty(FetchElasticsearchHttp.DOC_ID, "${doc_id}");

    // Allow time for the controller service to fully initialize
    Thread.sleep(500);

    runner.enqueue(docExample, new HashMap<String, String>() {{
        put("doc_id", "28039652140");
    }});
    runner.run(1, true, true);

}
 

/**
 * Creates a concrete instance of a ChannelSender object to use for sending messages over a TCP stream.
 *
 * @param context
 *            - the current process context.
 *
 * @return ChannelSender object.
 */
@Override
protected ChannelSender createSender(final ProcessContext context) throws IOException {
    final String protocol = TCP_VALUE.getValue();
    final String hostname = context.getProperty(HOSTNAME).evaluateAttributeExpressions().getValue();
    final int port = context.getProperty(PORT).evaluateAttributeExpressions().asInteger();
    final int timeout = context.getProperty(TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue();
    final int bufferSize = context.getProperty(MAX_SOCKET_SEND_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
    final SSLContextService sslContextService = (SSLContextService) context.getProperty(SSL_CONTEXT_SERVICE).asControllerService();

    SSLContext sslContext = null;
    if (sslContextService != null) {
        sslContext = sslContextService.createSSLContext(SSLContextService.ClientAuth.REQUIRED);
    }

    return createSender(protocol, hostname, port, timeout, bufferSize, sslContext);
}
 

private SslContextFactory createSslFactory(final SSLContextService sslService, boolean needClientAuth, boolean wantClientAuth) {
    SslContextFactory sslFactory = new SslContextFactory();

    sslFactory.setNeedClientAuth(needClientAuth);
    sslFactory.setWantClientAuth(wantClientAuth);
    sslFactory.setProtocol(sslService.getSslAlgorithm());

    if (sslService.isKeyStoreConfigured()) {
        sslFactory.setKeyStorePath(sslService.getKeyStoreFile());
        sslFactory.setKeyStorePassword(sslService.getKeyStorePassword());
        sslFactory.setKeyStoreType(sslService.getKeyStoreType());
    }

    if (sslService.isTrustStoreConfigured()) {
        sslFactory.setTrustStorePath(sslService.getTrustStoreFile());
        sslFactory.setTrustStorePassword(sslService.getTrustStorePassword());
        sslFactory.setTrustStoreType(sslService.getTrustStoreType());
    }

    return sslFactory;
}
 

protected ChannelDispatcher createChannelReader(final String protocol, final BlockingQueue<ByteBuffer> bufferPool,
                                                final BlockingQueue<RawSyslogEvent> events, final int maxConnections,
                                                final SSLContextService sslContextService, final Charset charset) throws IOException {

    final EventFactory<RawSyslogEvent> eventFactory = new RawSyslogEventFactory();

    if (UDP_VALUE.getValue().equals(protocol)) {
        return new DatagramChannelDispatcher(eventFactory, bufferPool, events, getLogger());
    } else {
        // if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
        SSLContext sslContext = null;
        if (sslContextService != null) {
            sslContext = sslContextService.createSSLContext(SSLContextService.ClientAuth.REQUIRED);
        }

        final ChannelHandlerFactory<RawSyslogEvent<SocketChannel>, AsyncChannelDispatcher> handlerFactory = new SocketChannelHandlerFactory<>();
        return new SocketChannelDispatcher(eventFactory, handlerFactory, bufferPool, events, getLogger(), maxConnections, sslContext, charset);
    }
}
 

private PrometheusRecordSink initTask() throws InitializationException {

        final ComponentLog logger = mock(ComponentLog.class);
        final PrometheusRecordSink task = new PrometheusRecordSink();
        ConfigurationContext context = mock(ConfigurationContext.class);
        final StateManager stateManager = new MockStateManager(task);

        final PropertyValue pValue = mock(StandardPropertyValue.class);
        when(context.getProperty(PrometheusMetricsUtil.METRICS_ENDPOINT_PORT)).thenReturn(new MockPropertyValue(portString));
        when(context.getProperty(PrometheusRecordSink.SSL_CONTEXT)).thenReturn(pValue);
        when(pValue.asControllerService(SSLContextService.class)).thenReturn(null);

        final ControllerServiceInitializationContext initContext = new MockControllerServiceInitializationContext(task, UUID.randomUUID().toString(), logger, stateManager);
        task.initialize(initContext);
        task.onScheduled(context);

        return task;
    }
 

@Override
protected ChannelDispatcher createDispatcher(final ProcessContext context, final BlockingQueue<StandardEvent> events)
        throws IOException {

    final int maxConnections = context.getProperty(MAX_CONNECTIONS).asInteger();
    final int bufferSize = context.getProperty(RECV_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
    final Charset charSet = Charset.forName(context.getProperty(CHARSET).getValue());

    // initialize the buffer pool based on max number of connections and the buffer size
    final BlockingQueue<ByteBuffer> bufferPool = createBufferPool(maxConnections, bufferSize);

    // if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
    SSLContext sslContext = null;
    SslContextFactory.ClientAuth clientAuth = null;

    final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
    if (sslContextService != null) {
        final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
        sslContext = sslContextService.createSSLContext(SSLContextService.ClientAuth.valueOf(clientAuthValue));
        clientAuth = SslContextFactory.ClientAuth.valueOf(clientAuthValue);
    }

    final EventFactory<StandardEvent> eventFactory = new StandardEventFactory();
    final ChannelHandlerFactory<StandardEvent<SocketChannel>, AsyncChannelDispatcher> handlerFactory = new SocketChannelHandlerFactory<>();
    return new SocketChannelDispatcher(eventFactory, handlerFactory, bufferPool, events, getLogger(), maxConnections, sslContext, clientAuth, charSet);
}
 

@Override
protected ChannelDispatcher createDispatcher(final ProcessContext context, final BlockingQueue<RELPEvent> events) throws IOException {
    final EventFactory<RELPEvent> eventFactory = new RELPEventFactory();
    final ChannelHandlerFactory<RELPEvent,AsyncChannelDispatcher> handlerFactory = new RELPSocketChannelHandlerFactory<>();

    final int maxConnections = context.getProperty(MAX_CONNECTIONS).asInteger();
    final int bufferSize = context.getProperty(RECV_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
    final Charset charSet = Charset.forName(context.getProperty(CHARSET).getValue());

    // initialize the buffer pool based on max number of connections and the buffer size
    final BlockingQueue<ByteBuffer> bufferPool = createBufferPool(maxConnections, bufferSize);

    // if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
    SSLContext sslContext = null;
    final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
    if (sslContextService != null) {
        sslContext = sslContextService.createSSLContext(SSLContextService.ClientAuth.REQUIRED);
    }

    // if we decide to support SSL then get the context and pass it in here
    return new SocketChannelDispatcher<>(eventFactory, handlerFactory, bufferPool, events,
            getLogger(), maxConnections, sslContext, charSet);
}
 

protected ChannelSender createSender(final SSLContextService sslContextService, final String protocol, final String host,
                                     final int port, final int maxSendBufferSize, final int timeout)
        throws IOException {

    ChannelSender sender;
    if (protocol.equals(UDP_VALUE.getValue())) {
        sender = new DatagramChannelSender(host, port, maxSendBufferSize, getLogger());
    } else {
        // if an SSLContextService is provided then we make a secure sender
        if (sslContextService != null) {
            final SSLContext sslContext = sslContextService.createSSLContext(SSLContextService.ClientAuth.REQUIRED);
            sender = new SSLSocketChannelSender(host, port, maxSendBufferSize, sslContext, getLogger());
        } else {
            sender = new SocketChannelSender(host, port, maxSendBufferSize, getLogger());
        }
    }
    sender.setTimeout(timeout);
    sender.open();
    return sender;
}
 

@Test
public void testTLS() throws InitializationException, IOException, InterruptedException {
    final SSLContextService sslContextService = new StandardSSLContextService();
    runner.addControllerService("ssl-context", sslContextService);
    runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE, "src/test/resources/localhost-ts.jks");
    runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_PASSWORD, "localtest");
    runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_TYPE, "JKS");
    runner.setProperty(sslContextService, StandardSSLContextService.KEYSTORE, "src/test/resources/localhost-ks.jks");
    runner.setProperty(sslContextService, StandardSSLContextService.KEYSTORE_PASSWORD, "localtest");
    runner.setProperty(sslContextService, StandardSSLContextService.KEYSTORE_TYPE, "JKS");
    runner.enableControllerService(sslContextService);

    runner.setProperty(PostHTTP.SSL_CONTEXT_SERVICE, "ssl-context");

    final List<RELPFrame> frames = new ArrayList<>();
    frames.add(OPEN_FRAME);
    frames.add(SYSLOG_FRAME);
    frames.add(SYSLOG_FRAME);
    frames.add(SYSLOG_FRAME);
    frames.add(SYSLOG_FRAME);
    frames.add(SYSLOG_FRAME);
    frames.add(CLOSE_FRAME);

    // three syslog frames should be transferred and three responses should be sent
    run(frames, 5, 5, sslContextService);
}
 

@Override
protected ChannelSender createSender(ProcessContext context) throws IOException {
    final int port = context.getProperty(PORT).evaluateAttributeExpressions().asInteger();
    final String host = context.getProperty(HOSTNAME).evaluateAttributeExpressions().getValue();
    final String protocol = context.getProperty(PROTOCOL).getValue();
    final int timeout = context.getProperty(TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue();
    final int maxSendBuffer = context.getProperty(MAX_SOCKET_SEND_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
    final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);

    SSLContext sslContext = null;
    if (sslContextService != null) {
        sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
    }

    return createSender(protocol, host, port, timeout, maxSendBuffer, sslContext);
}
 

@Test
public void testSetupSecureClient() throws Exception {
    ScrollElasticsearchHttpTestProcessor processor = new ScrollElasticsearchHttpTestProcessor();
    runner = TestRunners.newTestRunner(processor);
    SSLContextService sslService = mock(SSLContextService.class);
    when(sslService.getIdentifier()).thenReturn("ssl-context");
    runner.addControllerService("ssl-context", sslService);
    runner.enableControllerService(sslService);
    runner.setProperty(ScrollElasticsearchHttp.PROP_SSL_CONTEXT_SERVICE, "ssl-context");
    runner.setProperty(AbstractElasticsearchHttpProcessor.ES_URL, "http://127.0.0.1:9200");
    runner.setProperty(ScrollElasticsearchHttp.INDEX, "doc");
    runner.setProperty(ScrollElasticsearchHttp.QUERY, "${doc_id}");
    runner.setIncomingConnection(false);

    // Allow time for the controller service to fully initialize
    Thread.sleep(500);

    runner.enqueue("".getBytes(), new HashMap<String, String>() {
        {
            put("doc_id", "28039652140");
        }
    });
    runner.run(1, true, true);

}
 

@Test
public void testcreateClientWithSSL() throws Exception {
    SSLContextService sslService = mock(SSLContextService.class);
    SSLContext sslContext = mock(SSLContext.class);
    when(sslService.getIdentifier()).thenReturn("ssl-context");
    when(sslService.createSSLContext(any(ClientAuth.class))).thenReturn(sslContext);
    testRunner.addControllerService("ssl-context", sslService);
    testRunner.enableControllerService(sslService);
    testRunner.setProperty(AbstractMongoProcessor.URI, "mongodb://localhost:27017");
    testRunner.setProperty(AbstractMongoProcessor.SSL_CONTEXT_SERVICE, "ssl-context");
    testRunner.assertValid(sslService);
    processor.createClient(testRunner.getProcessContext());
    assertNotNull(processor.mongoClient);
    processor.mongoClient = null;
    testRunner.setProperty(AbstractMongoProcessor.CLIENT_AUTH, "WANT");
    processor.createClient(testRunner.getProcessContext());
    assertNotNull(processor.mongoClient);
}
 

@Override
protected ChannelDispatcher createDispatcher(final ProcessContext context, final BlockingQueue<LumberjackEvent> events) throws IOException {
    final EventFactory<LumberjackEvent> eventFactory = new LumberjackEventFactory();
    final ChannelHandlerFactory<LumberjackEvent, AsyncChannelDispatcher> handlerFactory = new LumberjackSocketChannelHandlerFactory<>();

    final int maxConnections = context.getProperty(MAX_CONNECTIONS).asInteger();
    final int bufferSize = context.getProperty(RECV_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
    final Charset charSet = Charset.forName(context.getProperty(CHARSET).getValue());

    // initialize the buffer pool based on max number of connections and the buffer size
    final BlockingQueue<ByteBuffer> bufferPool = createBufferPool(maxConnections, bufferSize);

    // if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
    SSLContext sslContext = null;
    final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
    if (sslContextService != null) {
        sslContext = sslContextService.createSSLContext(SSLContextService.ClientAuth.REQUIRED);
    }

    // if we decide to support SSL then get the context and pass it in here
    return new SocketChannelDispatcher<>(eventFactory, handlerFactory, bufferPool, events,
        getLogger(), maxConnections, sslContext, charSet);
}
 

protected ChannelDispatcher createChannelReader(final ProcessContext context, final String protocol, final BlockingQueue<ByteBuffer> bufferPool,
                                                final BlockingQueue<RawSyslogEvent> events, final int maxConnections,
                                                final SSLContextService sslContextService, final Charset charset) throws IOException {

    final EventFactory<RawSyslogEvent> eventFactory = new RawSyslogEventFactory();

    if (UDP_VALUE.getValue().equals(protocol)) {
        return new DatagramChannelDispatcher(eventFactory, bufferPool, events, getLogger());
    } else {
        // if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
        SSLContext sslContext = null;
        SslContextFactory.ClientAuth clientAuth = null;

        if (sslContextService != null) {
            final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
            sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.valueOf(clientAuthValue));
            clientAuth = SslContextFactory.ClientAuth.valueOf(clientAuthValue);
        }

        final ChannelHandlerFactory<RawSyslogEvent<SocketChannel>, AsyncChannelDispatcher> handlerFactory = new SocketChannelHandlerFactory<>();
        return new SocketChannelDispatcher(eventFactory, handlerFactory, bufferPool, events, getLogger(), maxConnections, sslContext, clientAuth, charset);
    }
}
 

private SSLContextService configureProcessorSslContextService() throws InitializationException {
    final SSLContextService sslContextService = new StandardRestrictedSSLContextService();
    runner.addControllerService("ssl-context", sslContextService);
    runner.setProperty(sslContextService, StandardSSLContextService.KEYSTORE, KEYSTORE);
    runner.setProperty(sslContextService, StandardSSLContextService.KEYSTORE_PASSWORD, KEYSTORE_PASSWORD);
    runner.setProperty(sslContextService, StandardSSLContextService.KEYSTORE_TYPE, KEYSTORE_TYPE);
    runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE, TRUSTSTORE);
    runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_PASSWORD, TRUSTSTORE_PASSWORD);
    runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_TYPE, TRUSTSTORE_TYPE);
    runner.setProperty(sslContextService, StandardSSLContextService.SSL_ALGORITHM, TLS_PROTOCOL_VERSION);
    runner.enableControllerService(sslContextService);

    runner.setProperty(ListenTCP.SSL_CONTEXT_SERVICE, "ssl-context");
    return sslContextService;
}
 

@Test
public void testSecureTwoWaySslPOSTRequestsReturnCodeReceivedWithEL() throws Exception {
    SSLContextService sslContextService = configureProcessorSslContextService(true);
    runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
    runner.enableControllerService(sslContextService);

    runner.setProperty(ListenHTTP.PORT, Integer.toString(availablePort));
    runner.setProperty(ListenHTTP.BASE_PATH, HTTP_BASE_PATH);
    runner.setProperty(ListenHTTP.RETURN_CODE, Integer.toString(HttpServletResponse.SC_NO_CONTENT));
    runner.assertValid();

    testPOSTRequestsReceived(HttpServletResponse.SC_NO_CONTENT, true, true);
}