org.apache.nifi.security.util.SslContextFactory Java Examples
The following examples show how to use
org.apache.nifi.security.util.SslContextFactory.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: TestListenTCPRecord.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testTLSClientAuthNoneAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException, TlsException {
runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SslContextFactory.ClientAuth.NONE.name());
configureProcessorSslContextService();
// Make an SSLContext that only has the trust store, this should work since the processor has client auth NONE
final SSLContext clientSslContext = SslContextFactory.createSslContext(trustOnlyTlsConfiguration);
runTCP(DATA, 1, clientSslContext);
final List<MockFlowFile> mockFlowFiles = runner.getFlowFilesForRelationship(ListenTCPRecord.REL_SUCCESS);
Assert.assertEquals(1, mockFlowFiles.size());
final String content = new String(mockFlowFiles.get(0).toByteArray(), StandardCharsets.UTF_8);
Assert.assertNotNull(content);
Assert.assertTrue(content.contains("This is a test " + 1));
Assert.assertTrue(content.contains("This is a test " + 2));
Assert.assertTrue(content.contains("This is a test " + 3));
}
Example #2
| Source File: ListenTCP.java From localization_nifi with Apache License 2.0 | 6 votes |
|
@Override
protected ChannelDispatcher createDispatcher(final ProcessContext context, final BlockingQueue<StandardEvent> events)
throws IOException {
final int maxConnections = context.getProperty(MAX_CONNECTIONS).asInteger();
final int bufferSize = context.getProperty(RECV_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
final Charset charSet = Charset.forName(context.getProperty(CHARSET).getValue());
// initialize the buffer pool based on max number of connections and the buffer size
final BlockingQueue<ByteBuffer> bufferPool = createBufferPool(maxConnections, bufferSize);
// if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
SSLContext sslContext = null;
SslContextFactory.ClientAuth clientAuth = null;
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
sslContext = sslContextService.createSSLContext(SSLContextService.ClientAuth.valueOf(clientAuthValue));
clientAuth = SslContextFactory.ClientAuth.valueOf(clientAuthValue);
}
final EventFactory<StandardEvent> eventFactory = new StandardEventFactory();
final ChannelHandlerFactory<StandardEvent<SocketChannel>, AsyncChannelDispatcher> handlerFactory = new SocketChannelHandlerFactory<>();
return new SocketChannelDispatcher(eventFactory, handlerFactory, bufferPool, events, getLogger(), maxConnections, sslContext, clientAuth, charSet);
}
Example #3
| Source File: TestHttpNotificationServiceSSL.java From nifi with Apache License 2.0 | 6 votes |
|
@Before
public void startServer() throws IOException, TlsException {
tempConfigFilePath = "./target/TestHttpNotificationService-config.xml";
Files.deleteIfExists(Paths.get(tempConfigFilePath));
mockWebServer = new MockWebServer();
TlsConfiguration tlsConfiguration = new TlsConfiguration("./src/test/resources/keystore.jks", "passwordpassword", null, "JKS",
"./src/test/resources/truststore.jks", "passwordpassword", "JKS", CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
final SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.REQUIRED);
mockWebServer.useHttps(sslContext.getSocketFactory(), false);
String configFileOutput = CONFIGURATION_FILE_TEXT.replace("${test.server}", String.valueOf(mockWebServer.url("/")));
IOUtil.writeText(configFileOutput, new File(tempConfigFilePath));
}
Example #4
| Source File: LdapProvider.java From nifi with Apache License 2.0 | 6 votes |
|
public static SSLContext getConfiguredSslContext(final NonComponentConfigurationContext configurationContext) {
final String rawKeystore = configurationContext.getProperty("TLS - Keystore");
final String rawKeystorePassword = configurationContext.getProperty("TLS - Keystore Password");
// TODO: Should support different key password
final String rawKeystoreType = configurationContext.getProperty("TLS - Keystore Type");
final String rawTruststore = configurationContext.getProperty("TLS - Truststore");
final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password");
final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type");
final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth");
final String rawProtocol = configurationContext.getProperty("TLS - Protocol");
try {
TlsConfiguration tlsConfiguration = new TlsConfiguration(rawKeystore, rawKeystorePassword, null, rawKeystoreType, rawTruststore, rawTruststorePassword, rawTruststoreType, rawProtocol);
ClientAuth clientAuth = ClientAuth.isValidClientAuthType(rawClientAuth) ? ClientAuth.valueOf(rawClientAuth) : ClientAuth.NONE;
return SslContextFactory.createSslContext(tlsConfiguration, clientAuth);
} catch (TlsException e) {
logger.error("Encountered an error configuring TLS for LDAP identity provider: {}", e.getLocalizedMessage());
throw new ProviderCreationException("Error configuring TLS for LDAP identity provider", e);
}
}
Example #5
| Source File: LdapUserGroupProvider.java From nifi with Apache License 2.0 | 6 votes |
|
private SSLContext getConfiguredSslContext(final AuthorizerConfigurationContext configurationContext) {
final String rawKeystore = configurationContext.getProperty("TLS - Keystore").getValue();
final String rawKeystorePassword = configurationContext.getProperty("TLS - Keystore Password").getValue();
final String rawKeystoreType = configurationContext.getProperty("TLS - Keystore Type").getValue();
final String rawTruststore = configurationContext.getProperty("TLS - Truststore").getValue();
final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password").getValue();
final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type").getValue();
final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth").getValue();
final String rawProtocol = configurationContext.getProperty("TLS - Protocol").getValue();
try {
TlsConfiguration tlsConfiguration = new TlsConfiguration(rawKeystore, rawKeystorePassword, null, rawKeystoreType, rawTruststore, rawTruststorePassword, rawTruststoreType, rawProtocol);
ClientAuth clientAuth = ClientAuth.isValidClientAuthType(rawClientAuth) ? ClientAuth.valueOf(rawClientAuth) : ClientAuth.NONE;
return SslContextFactory.createSslContext(tlsConfiguration, clientAuth);
} catch (TlsException e) {
logger.error("Encountered an error configuring TLS for LDAP user group provider: {}", e.getLocalizedMessage());
throw new ProviderCreationException("Error configuring TLS for LDAP user group provider", e);
}
}
Example #6
| Source File: ListenLumberjack.java From nifi with Apache License 2.0 | 6 votes |
|
@Override
protected ChannelDispatcher createDispatcher(final ProcessContext context, final BlockingQueue<LumberjackEvent> events) throws IOException {
final EventFactory<LumberjackEvent> eventFactory = new LumberjackEventFactory();
final ChannelHandlerFactory<LumberjackEvent, AsyncChannelDispatcher> handlerFactory = new LumberjackSocketChannelHandlerFactory<>();
final int maxConnections = context.getProperty(MAX_CONNECTIONS).asInteger();
final int bufferSize = context.getProperty(RECV_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
final Charset charSet = Charset.forName(context.getProperty(CHARSET).getValue());
// initialize the buffer pool based on max number of connections and the buffer size
final BlockingQueue<ByteBuffer> bufferPool = createBufferPool(maxConnections, bufferSize);
// if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
SSLContext sslContext = null;
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
}
// if we decide to support SSL then get the context and pass it in here
return new SocketChannelDispatcher<>(eventFactory, handlerFactory, bufferPool, events,
getLogger(), maxConnections, sslContext, charSet);
}
Example #7
| Source File: SocketChannelDispatcher.java From nifi with Apache License 2.0 | 6 votes |
|
public SocketChannelDispatcher(final EventFactory<E> eventFactory,
final ChannelHandlerFactory<E, AsyncChannelDispatcher> handlerFactory,
final BlockingQueue<ByteBuffer> bufferPool,
final BlockingQueue<E> events,
final ComponentLog logger,
final int maxConnections,
final SSLContext sslContext,
final SslContextFactory.ClientAuth clientAuth,
final Charset charset) {
this.eventFactory = eventFactory;
this.handlerFactory = handlerFactory;
this.bufferPool = bufferPool;
this.events = events;
this.logger = logger;
this.maxConnections = maxConnections;
this.keyQueue = new LinkedBlockingQueue<>(maxConnections);
this.sslContext = sslContext;
this.clientAuth = clientAuth;
this.charset = charset;
if (bufferPool == null || bufferPool.size() == 0 || bufferPool.size() != maxConnections) {
throw new IllegalArgumentException(
"A pool of available ByteBuffers equal to the maximum number of connections is required");
}
}
Example #8
| Source File: SocketChannelRecordReaderDispatcher.java From nifi with Apache License 2.0 | 6 votes |
|
public SocketChannelRecordReaderDispatcher(final ServerSocketChannel serverSocketChannel,
final SSLContext sslContext,
final SslContextFactory.ClientAuth clientAuth,
final int socketReadTimeout,
final int receiveBufferSize,
final int maxConnections,
final RecordReaderFactory readerFactory,
final BlockingQueue<SocketChannelRecordReader> recordReaders,
final ComponentLog logger) {
this.serverSocketChannel = serverSocketChannel;
this.sslContext = sslContext;
this.clientAuth = clientAuth;
this.socketReadTimeout = socketReadTimeout;
this.receiveBufferSize = receiveBufferSize;
this.maxConnections = maxConnections;
this.readerFactory = readerFactory;
this.recordReaders = recordReaders;
this.logger = logger;
}
Example #9
| Source File: PutSplunk.java From nifi with Apache License 2.0 | 6 votes |
|
@Override
protected ChannelSender createSender(ProcessContext context) throws IOException {
final int port = context.getProperty(PORT).evaluateAttributeExpressions().asInteger();
final String host = context.getProperty(HOSTNAME).evaluateAttributeExpressions().getValue();
final String protocol = context.getProperty(PROTOCOL).getValue();
final int timeout = context.getProperty(TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue();
final int maxSendBuffer = context.getProperty(MAX_SOCKET_SEND_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
SSLContext sslContext = null;
if (sslContextService != null) {
sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
}
return createSender(protocol, host, port, timeout, maxSendBuffer, sslContext);
}
Example #10
| Source File: TestListenTCP.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testTLSClientAuthRequiredAndClientCertNotProvided() throws InitializationException, TlsException {
runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
configureProcessorSslContextService();
final List<String> messages = new ArrayList<>();
messages.add("This is message 1\n");
messages.add("This is message 2\n");
messages.add("This is message 3\n");
messages.add("This is message 4\n");
messages.add("This is message 5\n");
// Make an SSLContext that only has the trust store, this should not work since the processor has client auth REQUIRED
final SSLContext clientSslContext = SslContextFactory.createSslContext(trustOnlyTlsConfiguration);
try {
runTCP(messages, messages.size(), clientSslContext);
Assert.fail("Should have thrown exception");
} catch (Exception e) {
}
}
Example #11
| Source File: TestListenTCP.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testTLSClientAuthRequiredAndClientCertProvided() throws InitializationException, IOException, InterruptedException,
TlsException {
runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
configureProcessorSslContextService();
final List<String> messages = new ArrayList<>();
messages.add("This is message 1\n");
messages.add("This is message 2\n");
messages.add("This is message 3\n");
messages.add("This is message 4\n");
messages.add("This is message 5\n");
// Make an SSLContext with a key and trust store to send the test messages
final SSLContext clientSslContext = SslContextFactory.createSslContext(clientTlsConfiguration, SslContextFactory.ClientAuth.NONE);
runTCP(messages, messages.size(), clientSslContext);
List<MockFlowFile> mockFlowFiles = runner.getFlowFilesForRelationship(ListenTCP.REL_SUCCESS);
for (int i = 0; i < mockFlowFiles.size(); i++) {
mockFlowFiles.get(i).assertContentEquals("This is message " + (i + 1));
}
}
Example #12
| Source File: PutTCP.java From nifi with Apache License 2.0 | 6 votes |
|
/**
* Creates a concrete instance of a ChannelSender object to use for sending messages over a TCP stream.
*
* @param context
* - the current process context.
*
* @return ChannelSender object.
*/
@Override
protected ChannelSender createSender(final ProcessContext context) throws IOException {
final String protocol = TCP_VALUE.getValue();
final String hostname = context.getProperty(HOSTNAME).evaluateAttributeExpressions().getValue();
final int port = context.getProperty(PORT).evaluateAttributeExpressions().asInteger();
final int timeout = context.getProperty(TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue();
final int bufferSize = context.getProperty(MAX_SOCKET_SEND_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
final SSLContextService sslContextService = (SSLContextService) context.getProperty(SSL_CONTEXT_SERVICE).asControllerService();
SSLContext sslContext = null;
if (sslContextService != null) {
sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
}
return createSender(protocol, hostname, port, timeout, bufferSize, sslContext);
}
Example #13
| Source File: ListenSyslog.java From nifi with Apache License 2.0 | 6 votes |
|
protected ChannelDispatcher createChannelReader(final ProcessContext context, final String protocol, final BlockingQueue<ByteBuffer> bufferPool,
final BlockingQueue<RawSyslogEvent> events, final int maxConnections,
final SSLContextService sslContextService, final Charset charset) throws IOException {
final EventFactory<RawSyslogEvent> eventFactory = new RawSyslogEventFactory();
if (UDP_VALUE.getValue().equals(protocol)) {
return new DatagramChannelDispatcher(eventFactory, bufferPool, events, getLogger());
} else {
// if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
SSLContext sslContext = null;
SslContextFactory.ClientAuth clientAuth = null;
if (sslContextService != null) {
final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.valueOf(clientAuthValue));
clientAuth = SslContextFactory.ClientAuth.valueOf(clientAuthValue);
}
final ChannelHandlerFactory<RawSyslogEvent<SocketChannel>, AsyncChannelDispatcher> handlerFactory = new SocketChannelHandlerFactory<>();
return new SocketChannelDispatcher(eventFactory, handlerFactory, bufferPool, events, getLogger(), maxConnections, sslContext, clientAuth, charset);
}
}
Example #14
| Source File: ListenTCP.java From nifi with Apache License 2.0 | 6 votes |
|
@Override
protected ChannelDispatcher createDispatcher(final ProcessContext context, final BlockingQueue<StandardEvent> events)
throws IOException {
final int maxConnections = context.getProperty(MAX_CONNECTIONS).asInteger();
final int bufferSize = context.getProperty(RECV_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
final Charset charSet = Charset.forName(context.getProperty(CHARSET).getValue());
// initialize the buffer pool based on max number of connections and the buffer size
final BlockingQueue<ByteBuffer> bufferPool = createBufferPool(maxConnections, bufferSize);
// if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
SSLContext sslContext = null;
SslContextFactory.ClientAuth clientAuth = null;
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.valueOf(clientAuthValue));
clientAuth = SslContextFactory.ClientAuth.valueOf(clientAuthValue);
}
final EventFactory<StandardEvent> eventFactory = new StandardEventFactory();
final ChannelHandlerFactory<StandardEvent<SocketChannel>, AsyncChannelDispatcher> handlerFactory = new SocketChannelHandlerFactory<>();
return new SocketChannelDispatcher(eventFactory, handlerFactory, bufferPool, events, getLogger(), maxConnections, sslContext, clientAuth, charSet);
}
Example #15
| Source File: PutSyslog.java From nifi with Apache License 2.0 | 6 votes |
|
protected ChannelSender createSender(final SSLContextService sslContextService, final String protocol, final String host,
final int port, final int maxSendBufferSize, final int timeout)
throws IOException {
ChannelSender sender;
if (protocol.equals(UDP_VALUE.getValue())) {
sender = new DatagramChannelSender(host, port, maxSendBufferSize, getLogger());
} else {
// if an SSLContextService is provided then we make a secure sender
if (sslContextService != null) {
final SSLContext sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
sender = new SSLSocketChannelSender(host, port, maxSendBufferSize, sslContext, getLogger());
} else {
sender = new SocketChannelSender(host, port, maxSendBufferSize, getLogger());
}
}
sender.setTimeout(timeout);
sender.open();
return sender;
}
Example #16
| Source File: TestListenTCP.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testTLSClientAuthNoneAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException, TlsException {
runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.NONE.name());
configureProcessorSslContextService();
final List<String> messages = new ArrayList<>();
messages.add("This is message 1\n");
messages.add("This is message 2\n");
messages.add("This is message 3\n");
messages.add("This is message 4\n");
messages.add("This is message 5\n");
// Make an SSLContext that only has the trust store, this should not work since the processor has client auth REQUIRED
final SSLContext clientSslContext = SslContextFactory.createSslContext(trustOnlyTlsConfiguration);
runTCP(messages, messages.size(), clientSslContext);
List<MockFlowFile> mockFlowFiles = runner.getFlowFilesForRelationship(ListenTCP.REL_SUCCESS);
for (int i = 0; i < mockFlowFiles.size(); i++) {
mockFlowFiles.get(i).assertContentEquals("This is message " + (i + 1));
}
}
Example #17
| Source File: TestListenTCPRecord.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testTLSClientAuthRequiredAndClientCertProvided() throws InitializationException, IOException, InterruptedException, TlsException {
runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
configureProcessorSslContextService();
// Make an SSLContext with a key and trust store to send the test messages
final SSLContext clientSslContext = SslContextFactory.createSslContext(clientTlsConfiguration);
runTCP(DATA, 1, clientSslContext);
final List<MockFlowFile> mockFlowFiles = runner.getFlowFilesForRelationship(ListenTCPRecord.REL_SUCCESS);
Assert.assertEquals(1, mockFlowFiles.size());
final String content = new String(mockFlowFiles.get(0).toByteArray(), StandardCharsets.UTF_8);
Assert.assertNotNull(content);
Assert.assertTrue(content.contains("This is a test " + 1));
Assert.assertTrue(content.contains("This is a test " + 2));
Assert.assertTrue(content.contains("This is a test " + 3));
}
Example #18
| Source File: SocketChannelDispatcher.java From localization_nifi with Apache License 2.0 | 6 votes |
|
public SocketChannelDispatcher(final EventFactory<E> eventFactory,
final ChannelHandlerFactory<E, AsyncChannelDispatcher> handlerFactory,
final BlockingQueue<ByteBuffer> bufferPool,
final BlockingQueue<E> events,
final ComponentLog logger,
final int maxConnections,
final SSLContext sslContext,
final SslContextFactory.ClientAuth clientAuth,
final Charset charset) {
this.eventFactory = eventFactory;
this.handlerFactory = handlerFactory;
this.bufferPool = bufferPool;
this.events = events;
this.logger = logger;
this.maxConnections = maxConnections;
this.keyQueue = new LinkedBlockingQueue<>(maxConnections);
this.sslContext = sslContext;
this.clientAuth = clientAuth;
this.charset = charset;
if (bufferPool == null || bufferPool.size() == 0 || bufferPool.size() != maxConnections) {
throw new IllegalArgumentException(
"A pool of available ByteBuffers equal to the maximum number of connections is required");
}
}
Example #19
| Source File: ListenRELP.java From nifi with Apache License 2.0 | 5 votes |
|
@Override
protected ChannelDispatcher createDispatcher(final ProcessContext context, final BlockingQueue<RELPEvent> events) throws IOException {
final EventFactory<RELPEvent> eventFactory = new RELPEventFactory();
final ChannelHandlerFactory<RELPEvent,AsyncChannelDispatcher> handlerFactory = new RELPSocketChannelHandlerFactory<>();
final int maxConnections = context.getProperty(MAX_CONNECTIONS).asInteger();
final int bufferSize = context.getProperty(RECV_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
final Charset charSet = Charset.forName(context.getProperty(CHARSET).getValue());
// initialize the buffer pool based on max number of connections and the buffer size
final BlockingQueue<ByteBuffer> bufferPool = createBufferPool(maxConnections, bufferSize);
// if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
SSLContext sslContext = null;
SslContextFactory.ClientAuth clientAuth = null;
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.valueOf(clientAuthValue));
clientAuth = SslContextFactory.ClientAuth.valueOf(clientAuthValue);
}
// if we decide to support SSL then get the context and pass it in here
return new SocketChannelDispatcher<>(eventFactory, handlerFactory, bufferPool, events,
getLogger(), maxConnections, sslContext, clientAuth, charSet);
}
Example #20
| Source File: StandardSSLContextService.java From localization_nifi with Apache License 2.0 | 5 votes |
|
private void verifySslConfig(final ValidationContext validationContext) throws ProcessException {
final String protocol = validationContext.getProperty(SSL_ALGORITHM).getValue();
try {
final PropertyValue keyPasswdProp = validationContext.getProperty(KEY_PASSWORD);
final char[] keyPassword = keyPasswdProp.isSet() ? keyPasswdProp.getValue().toCharArray() : null;
final String keystoreFile = validationContext.getProperty(KEYSTORE).getValue();
if (keystoreFile == null) {
SslContextFactory.createTrustSslContext(
validationContext.getProperty(TRUSTSTORE).getValue(),
validationContext.getProperty(TRUSTSTORE_PASSWORD).getValue().toCharArray(),
validationContext.getProperty(TRUSTSTORE_TYPE).getValue(),
protocol);
return;
}
final String truststoreFile = validationContext.getProperty(TRUSTSTORE).getValue();
if (truststoreFile == null) {
SslContextFactory.createSslContext(
validationContext.getProperty(KEYSTORE).getValue(),
validationContext.getProperty(KEYSTORE_PASSWORD).getValue().toCharArray(),
keyPassword,
validationContext.getProperty(KEYSTORE_TYPE).getValue(),
protocol);
return;
}
SslContextFactory.createSslContext(
validationContext.getProperty(KEYSTORE).getValue(),
validationContext.getProperty(KEYSTORE_PASSWORD).getValue().toCharArray(),
keyPassword,
validationContext.getProperty(KEYSTORE_TYPE).getValue(),
validationContext.getProperty(TRUSTSTORE).getValue(),
validationContext.getProperty(TRUSTSTORE_PASSWORD).getValue().toCharArray(),
validationContext.getProperty(TRUSTSTORE_TYPE).getValue(),
org.apache.nifi.security.util.SslContextFactory.ClientAuth.REQUIRED,
protocol);
} catch (final Exception e) {
throw new ProcessException(e);
}
}
Example #21
| Source File: TestListenTCP.java From localization_nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testTLSClienAuthRequiredAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException,
UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
runner.setProperty(ListenTCP.CLIENT_AUTH, SSLContextService.ClientAuth.REQUIRED.name());
configureProcessorSslContextService();
final List<String> messages = new ArrayList<>();
messages.add("This is message 1\n");
messages.add("This is message 2\n");
messages.add("This is message 3\n");
messages.add("This is message 4\n");
messages.add("This is message 5\n");
// Make an SSLContext that only has the trust store, this should not work since the processor has client auth REQUIRED
final SSLContext clientSslContext = SslContextFactory.createTrustSslContext(
"src/test/resources/localhost-ts.jks",
"localtest".toCharArray(),
"jks",
"TLS");
try {
runTCP(messages, messages.size(), clientSslContext);
Assert.fail("Should have thrown exception");
} catch (Exception e) {
}
}
Example #22
| Source File: SocketChannelDispatcher.java From localization_nifi with Apache License 2.0 | 5 votes |
|
public SocketChannelDispatcher(final EventFactory<E> eventFactory,
final ChannelHandlerFactory<E, AsyncChannelDispatcher> handlerFactory,
final BlockingQueue<ByteBuffer> bufferPool,
final BlockingQueue<E> events,
final ComponentLog logger,
final int maxConnections,
final SSLContext sslContext,
final Charset charset) {
this(eventFactory, handlerFactory, bufferPool, events, logger, maxConnections, sslContext, SslContextFactory.ClientAuth.REQUIRED, charset);
}
Example #23
| Source File: TestListenTCPRecord.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testTLSClientAuthRequiredAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException, TlsException {
runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
runner.setProperty(ListenTCPRecord.READ_TIMEOUT, "5 seconds");
configureProcessorSslContextService();
// Make an SSLContext that only has the trust store, this should not work since the processor has client auth REQUIRED
final SSLContext clientSslContext = SslContextFactory.createSslContext(trustOnlyTlsConfiguration);
runTCP(DATA, 0, clientSslContext);
}
Example #24
| Source File: ITestHandleHttpRequest.java From nifi with Apache License 2.0 | 5 votes |
|
private static SSLContext useSSLContextService(final TestRunner controller, final Map<String, String> sslProperties, SslContextFactory.ClientAuth clientAuth) {
final SSLContextService service = new StandardRestrictedSSLContextService();
try {
controller.addControllerService("ssl-service", service, sslProperties);
controller.enableControllerService(service);
} catch (InitializationException ex) {
ex.printStackTrace();
Assert.fail("Could not create SSL Context Service");
}
controller.setProperty(HandleHttpRequest.SSL_CONTEXT, "ssl-service");
return service.createSSLContext(clientAuth);
}
Example #25
| Source File: TestListenTCPRecord.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testCustomValidate() throws InitializationException {
runner.setProperty(ListenTCPRecord.PORT, "1");
runner.assertValid();
configureProcessorSslContextService();
runner.setProperty(ListenTCPRecord.CLIENT_AUTH, "");
runner.assertNotValid();
runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
runner.assertValid();
}
Example #26
| Source File: TestListenTCP.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testCustomValidate() throws InitializationException {
runner.setProperty(ListenTCP.PORT, "1");
runner.assertValid();
configureProcessorSslContextService();
runner.setProperty(ListenTCP.CLIENT_AUTH, "");
runner.assertNotValid();
runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
runner.assertValid();
}
Example #27
| Source File: TestListenTCP.java From localization_nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testCustomValidate() throws InitializationException {
runner.setProperty(ListenTCP.PORT, "1");
runner.assertValid();
configureProcessorSslContextService();
runner.setProperty(ListenTCP.CLIENT_AUTH, "");
runner.assertNotValid();
runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
runner.assertValid();
}
Example #28
| Source File: ListenBeats.java From nifi with Apache License 2.0 | 5 votes |
|
@Override
protected ChannelDispatcher createDispatcher(final ProcessContext context, final BlockingQueue<BeatsEvent> events) throws IOException {
final EventFactory<BeatsEvent> eventFactory = new BeatsEventFactory();
final ChannelHandlerFactory<BeatsEvent, AsyncChannelDispatcher> handlerFactory = new BeatsSocketChannelHandlerFactory<>();
final int maxConnections = context.getProperty(MAX_CONNECTIONS).asInteger();
final int bufferSize = context.getProperty(RECV_BUFFER_SIZE).asDataSize(DataUnit.B).intValue();
final Charset charSet = Charset.forName(context.getProperty(CHARSET).getValue());
// initialize the buffer pool based on max number of connections and the buffer size
final BlockingQueue<ByteBuffer> bufferPool = createBufferPool(maxConnections, bufferSize);
// if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
SSLContext sslContext = null;
SslContextFactory.ClientAuth clientAuth = null;
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.valueOf(clientAuthValue));
clientAuth = SslContextFactory.ClientAuth.valueOf(clientAuthValue);
}
// if we decide to support SSL then get the context and pass it in here
return new SocketChannelDispatcher<>(eventFactory, handlerFactory, bufferPool, events,
getLogger(), maxConnections, sslContext, clientAuth, charSet);
}
Example #29
| Source File: TestListenTCP.java From localization_nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testTLSClienAuthRequiredAndClientCertProvided() throws InitializationException, IOException, InterruptedException,
UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
runner.setProperty(ListenTCP.CLIENT_AUTH, SSLContextService.ClientAuth.REQUIRED.name());
configureProcessorSslContextService();
final List<String> messages = new ArrayList<>();
messages.add("This is message 1\n");
messages.add("This is message 2\n");
messages.add("This is message 3\n");
messages.add("This is message 4\n");
messages.add("This is message 5\n");
// Make an SSLContext with a key and trust store to send the test messages
final SSLContext clientSslContext = SslContextFactory.createSslContext(
"src/test/resources/localhost-ks.jks",
"localtest".toCharArray(),
"jks",
"src/test/resources/localhost-ts.jks",
"localtest".toCharArray(),
"jks",
org.apache.nifi.security.util.SslContextFactory.ClientAuth.valueOf("NONE"),
"TLS");
runTCP(messages, messages.size(), clientSslContext);
List<MockFlowFile> mockFlowFiles = runner.getFlowFilesForRelationship(ListenTCP.REL_SUCCESS);
for (int i=0; i < mockFlowFiles.size(); i++) {
mockFlowFiles.get(i).assertContentEquals("This is message " + (i + 1));
}
}
Example #30
| Source File: TestListenHTTP.java From nifi with Apache License 2.0 | 5 votes |
|
private static HttpsURLConnection buildSecureConnection(boolean twoWaySsl, URL url) throws IOException, TlsException {
final HttpsURLConnection sslCon = (HttpsURLConnection) url.openConnection();
SSLContext clientSslContext;
if (twoWaySsl) {
// Use a client certificate, do not reuse the server's keystore
clientSslContext = SslContextFactory.createSslContext(clientTlsConfiguration);
} else {
// With one-way SSL, the client still needs a truststore
clientSslContext = SslContextFactory.createSslContext(trustOnlyTlsConfiguration);
}
sslCon.setSSLSocketFactory(clientSslContext.getSocketFactory());
return sslCon;
}
