Java Code Examples for org.apache.nifi.ssl.SSLContextService#isTrustStoreConfigured()

The following examples show how to use org.apache.nifi.ssl.SSLContextService#isTrustStoreConfigured() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: HandleHttpRequest.java    From localization_nifi with Apache License 2.0 6 votes vote down vote up
private SslContextFactory createSslFactory(final SSLContextService sslService, final boolean needClientAuth, final boolean wantClientAuth) {
    final SslContextFactory sslFactory = new SslContextFactory();

    sslFactory.setNeedClientAuth(needClientAuth);
    sslFactory.setWantClientAuth(wantClientAuth);

    if (sslService.isKeyStoreConfigured()) {
        sslFactory.setKeyStorePath(sslService.getKeyStoreFile());
        sslFactory.setKeyStorePassword(sslService.getKeyStorePassword());
        sslFactory.setKeyStoreType(sslService.getKeyStoreType());
    }

    if (sslService.isTrustStoreConfigured()) {
        sslFactory.setTrustStorePath(sslService.getTrustStoreFile());
        sslFactory.setTrustStorePassword(sslService.getTrustStorePassword());
        sslFactory.setTrustStoreType(sslService.getTrustStoreType());
    }

    return sslFactory;
}
 
Example 2
Source File: ListenBeats.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Override
protected Collection<ValidationResult> customValidate(final ValidationContext validationContext) {
    final List<ValidationResult> results = new ArrayList<>();

    final SSLContextService sslContextService = validationContext.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);

    if (sslContextService != null && sslContextService.isTrustStoreConfigured() == false) {
        results.add(new ValidationResult.Builder()
            .explanation("The context service must have a truststore  configured for the beats forwarder client to work correctly")
            .valid(false).subject(SSL_CONTEXT_SERVICE.getName()).build());
    }

    // Validate CLIENT_AUTH
    final String clientAuth = validationContext.getProperty(CLIENT_AUTH).getValue();
    if (sslContextService != null && StringUtils.isBlank(clientAuth)) {
        results.add(new ValidationResult.Builder()
                .explanation("Client Auth must be provided when using TLS/SSL")
                .valid(false).subject("Client Auth").build());
    }

    return results;
}
 
Example 3
Source File: AbstractJettyWebSocketService.java    From localization_nifi with Apache License 2.0 6 votes vote down vote up
protected SslContextFactory createSslFactory(final SSLContextService sslService, final boolean needClientAuth, final boolean wantClientAuth) {
    final SslContextFactory sslFactory = new SslContextFactory();

    sslFactory.setNeedClientAuth(needClientAuth);
    sslFactory.setWantClientAuth(wantClientAuth);

    if (sslService.isKeyStoreConfigured()) {
        sslFactory.setKeyStorePath(sslService.getKeyStoreFile());
        sslFactory.setKeyStorePassword(sslService.getKeyStorePassword());
        sslFactory.setKeyStoreType(sslService.getKeyStoreType());
    }

    if (sslService.isTrustStoreConfigured()) {
        sslFactory.setTrustStorePath(sslService.getTrustStoreFile());
        sslFactory.setTrustStorePassword(sslService.getTrustStorePassword());
        sslFactory.setTrustStoreType(sslService.getTrustStoreType());
    }

    return sslFactory;
}
 
Example 4
Source File: AbstractJettyWebSocketService.java    From nifi with Apache License 2.0 6 votes vote down vote up
protected SslContextFactory createSslFactory(final SSLContextService sslService, final boolean needClientAuth, final boolean wantClientAuth, final String endpointIdentificationAlgorithm) {
    final SslContextFactory sslFactory = new SslContextFactory();

    sslFactory.setNeedClientAuth(needClientAuth);
    sslFactory.setWantClientAuth(wantClientAuth);

    // Need to set SslContextFactory's endpointIdentificationAlgorithm.
    // For clients, hostname verification should be enabled.
    // For servers, hostname verification should be disabled.
    // Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS".
    sslFactory.setEndpointIdentificationAlgorithm(endpointIdentificationAlgorithm);

    if (sslService.isKeyStoreConfigured()) {
        sslFactory.setKeyStorePath(sslService.getKeyStoreFile());
        sslFactory.setKeyStorePassword(sslService.getKeyStorePassword());
        sslFactory.setKeyStoreType(sslService.getKeyStoreType());
    }

    if (sslService.isTrustStoreConfigured()) {
        sslFactory.setTrustStorePath(sslService.getTrustStoreFile());
        sslFactory.setTrustStorePassword(sslService.getTrustStorePassword());
        sslFactory.setTrustStoreType(sslService.getTrustStoreType());
    }

    return sslFactory;
}
 
Example 5
Source File: PrometheusServer.java    From nifi with Apache License 2.0 6 votes vote down vote up
private SslContextFactory createSslFactory(final SSLContextService sslService, boolean needClientAuth, boolean wantClientAuth) {
    SslContextFactory sslFactory = new SslContextFactory();

    sslFactory.setNeedClientAuth(needClientAuth);
    sslFactory.setWantClientAuth(wantClientAuth);
    sslFactory.setProtocol(sslService.getSslAlgorithm());

    if (sslService.isKeyStoreConfigured()) {
        sslFactory.setKeyStorePath(sslService.getKeyStoreFile());
        sslFactory.setKeyStorePassword(sslService.getKeyStorePassword());
        sslFactory.setKeyStoreType(sslService.getKeyStoreType());
    }

    if (sslService.isTrustStoreConfigured()) {
        sslFactory.setTrustStorePath(sslService.getTrustStoreFile());
        sslFactory.setTrustStorePassword(sslService.getTrustStorePassword());
        sslFactory.setTrustStoreType(sslService.getTrustStoreType());
    }

    return sslFactory;
}
 
Example 6
Source File: ReportLineageToAtlas.java    From nifi with Apache License 2.0 5 votes vote down vote up
private void setAtlasSSLConfig(Properties atlasProperties, ConfigurationContext context, List<String> urls, File confDir) throws Exception {
    boolean isAtlasApiSecure = urls.stream().anyMatch(url -> url.toLowerCase().startsWith("https"));
    atlasProperties.put(ATLAS_PROPERTY_ENABLE_TLS, String.valueOf(isAtlasApiSecure));

    // ssl-client.xml must be deleted, Atlas will not regenerate it otherwise
    Path credStorePath = new File(confDir, CRED_STORE_FILENAME).toPath();
    Files.deleteIfExists(credStorePath);
    Path sslClientXmlPath = new File(confDir, SSL_CLIENT_XML_FILENAME).toPath();
    Files.deleteIfExists(sslClientXmlPath);

    if (isAtlasApiSecure) {
        SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
        if (sslContextService == null) {
            getLogger().warn("No SSLContextService configured, the system default truststore will be used.");
        } else if (!sslContextService.isTrustStoreConfigured()) {
            getLogger().warn("No truststore configured on SSLContextService, the system default truststore will be used.");
        } else if (!KEYSTORE_TYPE_JKS.equalsIgnoreCase(sslContextService.getTrustStoreType())) {
            getLogger().warn("The configured truststore type is not supported by Atlas (not JKS), the system default truststore will be used.");
        } else {
            atlasProperties.put(ATLAS_PROPERTY_TRUSTSTORE_FILE, sslContextService.getTrustStoreFile());

            String password = sslContextService.getTrustStorePassword();
            // Hadoop Credential Provider JCEKS URI format: localjceks://file/PATH/TO/JCEKS
            String credStoreUri = credStorePath.toUri().toString().replaceFirst("^file://", "localjceks://file");

            CredentialProvider credentialProvider = new LocalJavaKeyStoreProvider.Factory().createProvider(new URI(credStoreUri), new Configuration());
            credentialProvider.createCredentialEntry(TRUSTSTORE_PASSWORD_ALIAS, password.toCharArray());
            credentialProvider.flush();

            atlasProperties.put(ATLAS_PROPERTY_CRED_STORE_PATH, credStoreUri);
        }
    }
}
 
Example 7
Source File: KafkaProcessorUtils.java    From nifi with Apache License 2.0 5 votes vote down vote up
static void buildCommonKafkaProperties(final ProcessContext context, final Class<?> kafkaConfigClass, final Map<String, Object> mapToPopulate) {
    for (PropertyDescriptor propertyDescriptor : context.getProperties().keySet()) {
        if (propertyDescriptor.equals(SSL_CONTEXT_SERVICE)) {
            // Translate SSLContext Service configuration into Kafka properties
            final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
            if (sslContextService != null && sslContextService.isKeyStoreConfigured()) {
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, sslContextService.getKeyStoreFile());
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, sslContextService.getKeyStorePassword());
                final String keyPass = sslContextService.getKeyPassword() == null ? sslContextService.getKeyStorePassword() : sslContextService.getKeyPassword();
                mapToPopulate.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, keyPass);
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, sslContextService.getKeyStoreType());
            }

            if (sslContextService != null && sslContextService.isTrustStoreConfigured()) {
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, sslContextService.getTrustStoreFile());
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, sslContextService.getTrustStorePassword());
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, sslContextService.getTrustStoreType());
            }
        }

        String propertyName = propertyDescriptor.getName();
        String propertyValue = propertyDescriptor.isExpressionLanguageSupported()
                ? context.getProperty(propertyDescriptor).evaluateAttributeExpressions().getValue()
                : context.getProperty(propertyDescriptor).getValue();

        if (propertyValue != null) {
            // If the property name ends in ".ms" then it is a time period. We want to accept either an integer as number of milliseconds
            // or the standard NiFi time period such as "5 secs"
            if (propertyName.endsWith(".ms") && !StringUtils.isNumeric(propertyValue.trim())) { // kafka standard time notation
                propertyValue = String.valueOf(FormatUtils.getTimeDuration(propertyValue.trim(), TimeUnit.MILLISECONDS));
            }

            if (isStaticStringFieldNamePresent(propertyName, kafkaConfigClass, CommonClientConfigs.class, SslConfigs.class, SaslConfigs.class)) {
                mapToPopulate.put(propertyName, propertyValue);
            }
        }
    }
}
 
Example 8
Source File: ListenLumberjack.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Override
protected Collection<ValidationResult> customValidate(final ValidationContext validationContext) {
    final List<ValidationResult> results = new ArrayList<>();

    final SSLContextService sslContextService = validationContext.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);

    if (sslContextService != null && sslContextService.isTrustStoreConfigured() == false) {
        results.add(new ValidationResult.Builder()
            .explanation("The context service must have a truststore  configured for the lumberjack forwarder client to work correctly")
            .valid(false).subject(SSL_CONTEXT_SERVICE.getName()).build());
    }

    return results;
}
 
Example 9
Source File: HandleHttpRequest.java    From nifi with Apache License 2.0 5 votes vote down vote up
private SslContextFactory createSslFactory(final SSLContextService sslService, final boolean needClientAuth, final boolean wantClientAuth) {
    final SslContextFactory sslFactory = new SslContextFactory();

    sslFactory.setNeedClientAuth(needClientAuth);
    sslFactory.setWantClientAuth(wantClientAuth);

    sslFactory.setProtocol(sslService.getSslAlgorithm());

    // Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server,
    // not a client.  Server does not need to perform hostname verification on the client.
    // Previous to Jetty 9.4.15.v20190215, this defaulted to null.
    sslFactory.setEndpointIdentificationAlgorithm(null);

    if (sslService.isKeyStoreConfigured()) {
        sslFactory.setKeyStorePath(sslService.getKeyStoreFile());
        sslFactory.setKeyStorePassword(sslService.getKeyStorePassword());
        sslFactory.setKeyStoreType(sslService.getKeyStoreType());
    }

    if (sslService.isTrustStoreConfigured()) {
        sslFactory.setTrustStorePath(sslService.getTrustStoreFile());
        sslFactory.setTrustStorePassword(sslService.getTrustStorePassword());
        sslFactory.setTrustStoreType(sslService.getTrustStoreType());
    }

    return sslFactory;
}
 
Example 10
Source File: ReportLineageToAtlas.java    From nifi with Apache License 2.0 5 votes vote down vote up
private void setKafkaConfig(Map<Object, Object> mapToPopulate, PropertyContext context) {

        final String kafkaBootStrapServers = context.getProperty(KAFKA_BOOTSTRAP_SERVERS).evaluateAttributeExpressions().getValue();
        mapToPopulate.put(ATLAS_PROPERTY_KAFKA_BOOTSTRAP_SERVERS, kafkaBootStrapServers);
        mapToPopulate.put(ATLAS_PROPERTY_KAFKA_CLIENT_ID, String.format("%s.%s", getName(), getIdentifier()));

        final String kafkaSecurityProtocol = context.getProperty(KAFKA_SECURITY_PROTOCOL).getValue();
        mapToPopulate.put(ATLAS_KAFKA_PREFIX + "security.protocol", kafkaSecurityProtocol);

        // Translate SSLContext Service configuration into Kafka properties
        final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
        if (sslContextService != null && sslContextService.isKeyStoreConfigured()) {
            mapToPopulate.put(ATLAS_KAFKA_PREFIX + SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, sslContextService.getKeyStoreFile());
            mapToPopulate.put(ATLAS_KAFKA_PREFIX + SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, sslContextService.getKeyStorePassword());
            final String keyPass = sslContextService.getKeyPassword() == null ? sslContextService.getKeyStorePassword() : sslContextService.getKeyPassword();
            mapToPopulate.put(ATLAS_KAFKA_PREFIX + SslConfigs.SSL_KEY_PASSWORD_CONFIG, keyPass);
            mapToPopulate.put(ATLAS_KAFKA_PREFIX + SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, sslContextService.getKeyStoreType());
        }

        if (sslContextService != null && sslContextService.isTrustStoreConfigured()) {
            mapToPopulate.put(ATLAS_KAFKA_PREFIX + SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, sslContextService.getTrustStoreFile());
            mapToPopulate.put(ATLAS_KAFKA_PREFIX + SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, sslContextService.getTrustStorePassword());
            mapToPopulate.put(ATLAS_KAFKA_PREFIX + SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, sslContextService.getTrustStoreType());
        }

        if (SEC_SASL_PLAINTEXT.equals(kafkaSecurityProtocol) || SEC_SASL_SSL.equals(kafkaSecurityProtocol)) {
            setKafkaJaasConfig(mapToPopulate, context);
        }

    }
 
Example 11
Source File: KafkaProcessorUtils.java    From localization_nifi with Apache License 2.0 5 votes vote down vote up
static void buildCommonKafkaProperties(final ProcessContext context, final Class<?> kafkaConfigClass, final Map<String, Object> mapToPopulate) {
    for (PropertyDescriptor propertyDescriptor : context.getProperties().keySet()) {
        if (propertyDescriptor.equals(SSL_CONTEXT_SERVICE)) {
            // Translate SSLContext Service configuration into Kafka properties
            final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
            if (sslContextService != null && sslContextService.isKeyStoreConfigured()) {
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, sslContextService.getKeyStoreFile());
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, sslContextService.getKeyStorePassword());
                final String keyPass = sslContextService.getKeyPassword() == null ? sslContextService.getKeyStorePassword() : sslContextService.getKeyPassword();
                mapToPopulate.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, keyPass);
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, sslContextService.getKeyStoreType());
            }

            if (sslContextService != null && sslContextService.isTrustStoreConfigured()) {
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, sslContextService.getTrustStoreFile());
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, sslContextService.getTrustStorePassword());
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, sslContextService.getTrustStoreType());
            }
        }

        String propertyName = propertyDescriptor.getName();
        String propertyValue = propertyDescriptor.isExpressionLanguageSupported()
                ? context.getProperty(propertyDescriptor).evaluateAttributeExpressions().getValue()
                : context.getProperty(propertyDescriptor).getValue();

        if (propertyValue != null) {
            // If the property name ends in ".ms" then it is a time period. We want to accept either an integer as number of milliseconds
            // or the standard NiFi time period such as "5 secs"
            if (propertyName.endsWith(".ms") && !StringUtils.isNumeric(propertyValue.trim())) { // kafka standard time notation
                propertyValue = String.valueOf(FormatUtils.getTimeDuration(propertyValue.trim(), TimeUnit.MILLISECONDS));
            }

            if (isStaticStringFieldNamePresent(propertyName, kafkaConfigClass, CommonClientConfigs.class, SslConfigs.class, SaslConfigs.class)) {
                mapToPopulate.put(propertyName, propertyValue);
            }
        }
    }
}
 
Example 12
Source File: ListenLumberjack.java    From localization_nifi with Apache License 2.0 5 votes vote down vote up
@Override
protected Collection<ValidationResult> customValidate(final ValidationContext validationContext) {
    final List<ValidationResult> results = new ArrayList<>();

    final SSLContextService sslContextService = validationContext.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);

    if (sslContextService != null && sslContextService.isTrustStoreConfigured() == false) {
        results.add(new ValidationResult.Builder()
            .explanation("The context service must have a truststore  configured for the lumberjack forwarder client to work correctly")
            .valid(false).subject(SSL_CONTEXT_SERVICE.getName()).build());
    }

    return results;
}
 
Example 13
Source File: ElasticSearchClientServiceImpl.java    From nifi with Apache License 2.0 4 votes vote down vote up
private void setupClient(ConfigurationContext context) throws MalformedURLException, InitializationException {
    final String hosts = context.getProperty(HTTP_HOSTS).evaluateAttributeExpressions().getValue();
    String[] hostsSplit = hosts.split(",[\\s]*");
    this.url = hostsSplit[0];
    final SSLContextService sslService =
            context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
    final String username = context.getProperty(USERNAME).evaluateAttributeExpressions().getValue();
    final String password = context.getProperty(PASSWORD).evaluateAttributeExpressions().getValue();

    final Integer connectTimeout = context.getProperty(CONNECT_TIMEOUT).asInteger();
    final Integer readTimeout    = context.getProperty(SOCKET_TIMEOUT).asInteger();
    final Integer retryTimeout   = context.getProperty(RETRY_TIMEOUT).asInteger();

    HttpHost[] hh = new HttpHost[hostsSplit.length];
    for (int x = 0; x < hh.length; x++) {
        URL u = new URL(hostsSplit[x]);
        hh[x] = new HttpHost(u.getHost(), u.getPort(), u.getProtocol());
    }

    final SSLContext sslContext;
    try {
        sslContext = (sslService != null && (sslService.isKeyStoreConfigured() || sslService.isTrustStoreConfigured()))
            ? sslService.createSSLContext(SslContextFactory.ClientAuth.NONE) : null;
    } catch (Exception e) {
        getLogger().error("Error building up SSL Context from the supplied configuration.", e);
        throw new InitializationException(e);
    }

    RestClientBuilder builder = RestClient.builder(hh)
        .setHttpClientConfigCallback(httpClientBuilder -> {
            if (sslContext != null) {
                httpClientBuilder = httpClientBuilder.setSSLContext(sslContext);
            }

            if (username != null && password != null) {
                final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
                credentialsProvider.setCredentials(AuthScope.ANY,
                        new UsernamePasswordCredentials(username, password));
                httpClientBuilder = httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
            }

            return httpClientBuilder;
        })
        .setRequestConfigCallback(requestConfigBuilder -> {
            requestConfigBuilder.setConnectTimeout(connectTimeout);
            requestConfigBuilder.setSocketTimeout(readTimeout);
            return requestConfigBuilder;
        })
        .setMaxRetryTimeoutMillis(retryTimeout);

    this.client = builder.build();
}
 
Example 14
Source File: Util.java    From nifi with Apache License 2.0 4 votes vote down vote up
/**
 * This code as taken from the InvokeHttp processor from Apache NiFi 1.10-SNAPSHOT found here:
 *
 * https://github.com/apache/nifi/blob/1cadc722229ad50cf569ee107eaeeb95dc216ea2/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
 */
public static void setSslSocketFactory(OkHttpClient.Builder okHttpClientBuilder, SSLContextService sslService, SSLContext sslContext, boolean setAsSocketFactory)
        throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {

    final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
    // initialize the KeyManager array to null and we will overwrite later if a keystore is loaded
    KeyManager[] keyManagers = null;

    // we will only initialize the keystore if properties have been supplied by the SSLContextService
    if (sslService.isKeyStoreConfigured()) {
        final String keystoreLocation = sslService.getKeyStoreFile();
        final String keystorePass = sslService.getKeyStorePassword();
        final String keystoreType = sslService.getKeyStoreType();

        // prepare the keystore
        final KeyStore keyStore = KeyStore.getInstance(keystoreType);

        try (FileInputStream keyStoreStream = new FileInputStream(keystoreLocation)) {
            keyStore.load(keyStoreStream, keystorePass.toCharArray());
        }

        keyManagerFactory.init(keyStore, keystorePass.toCharArray());
        keyManagers = keyManagerFactory.getKeyManagers();
    }

    // we will only initialize the truststure if properties have been supplied by the SSLContextService
    if (sslService.isTrustStoreConfigured()) {
        // load truststore
        final String truststoreLocation = sslService.getTrustStoreFile();
        final String truststorePass = sslService.getTrustStorePassword();
        final String truststoreType = sslService.getTrustStoreType();

        KeyStore truststore = KeyStore.getInstance(truststoreType);
        truststore.load(new FileInputStream(truststoreLocation), truststorePass.toCharArray());
        trustManagerFactory.init(truststore);
    }

     /*
        TrustManagerFactory.getTrustManagers returns a trust manager for each type of trust material. Since we are getting a trust manager factory that uses "X509"
        as it's trust management algorithm, we are able to grab the first (and thus the most preferred) and use it as our x509 Trust Manager
        https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/TrustManagerFactory.html#getTrustManagers--
     */
    final X509TrustManager x509TrustManager;
    TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
    if (trustManagers[0] != null) {
        x509TrustManager = (X509TrustManager) trustManagers[0];
    } else {
        throw new IllegalStateException("List of trust managers is null");
    }

    // if keystore properties were not supplied, the keyManagers array will be null
    sslContext.init(keyManagers, trustManagerFactory.getTrustManagers(), null);

    final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
    okHttpClientBuilder.sslSocketFactory(sslSocketFactory, x509TrustManager);
    if (setAsSocketFactory) {
        okHttpClientBuilder.socketFactory(sslSocketFactory);
    }
}
 
Example 15
Source File: KafkaProcessorUtils.java    From nifi with Apache License 2.0 4 votes vote down vote up
static void buildCommonKafkaProperties(final ProcessContext context, final Class<?> kafkaConfigClass, final Map<String, Object> mapToPopulate) {
    for (PropertyDescriptor propertyDescriptor : context.getProperties().keySet()) {
        if (propertyDescriptor.equals(SSL_CONTEXT_SERVICE)) {
            // Translate SSLContext Service configuration into Kafka properties
            final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
            if (sslContextService != null && sslContextService.isKeyStoreConfigured()) {
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, sslContextService.getKeyStoreFile());
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, sslContextService.getKeyStorePassword());
                final String keyPass = sslContextService.getKeyPassword() == null ? sslContextService.getKeyStorePassword() : sslContextService.getKeyPassword();
                mapToPopulate.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, keyPass);
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, sslContextService.getKeyStoreType());
            }

            if (sslContextService != null && sslContextService.isTrustStoreConfigured()) {
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, sslContextService.getTrustStoreFile());
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, sslContextService.getTrustStorePassword());
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, sslContextService.getTrustStoreType());
            }
        }

        String propertyName = propertyDescriptor.getName();
        String propertyValue = propertyDescriptor.isExpressionLanguageSupported()
                ? context.getProperty(propertyDescriptor).evaluateAttributeExpressions().getValue()
                : context.getProperty(propertyDescriptor).getValue();

        if (propertyValue != null && !propertyName.equals(USER_PRINCIPAL.getName()) && !propertyName.equals(USER_KEYTAB.getName())) {
            // If the property name ends in ".ms" then it is a time period. We want to accept either an integer as number of milliseconds
            // or the standard NiFi time period such as "5 secs"
            if (propertyName.endsWith(".ms") && !StringUtils.isNumeric(propertyValue.trim())) { // kafka standard time notation
                propertyValue = String.valueOf(FormatUtils.getTimeDuration(propertyValue.trim(), TimeUnit.MILLISECONDS));
            }

            if (isStaticStringFieldNamePresent(propertyName, kafkaConfigClass, CommonClientConfigs.class, SslConfigs.class, SaslConfigs.class)) {
                mapToPopulate.put(propertyName, propertyValue);
            }
        }
    }

    String securityProtocol = context.getProperty(SECURITY_PROTOCOL).getValue();
    if (SEC_SASL_PLAINTEXT.getValue().equals(securityProtocol) || SEC_SASL_SSL.getValue().equals(securityProtocol)) {
        setJaasConfig(mapToPopulate, context);
    }
}
 
Example 16
Source File: Neo4JCypherClientService.java    From nifi with Apache License 2.0 4 votes vote down vote up
protected Driver getDriver(ConfigurationContext context) {
    connectionUrl = context.getProperty(CONNECTION_URL).evaluateAttributeExpressions().getValue();
    username = context.getProperty(USERNAME).evaluateAttributeExpressions().getValue();
    password = context.getProperty(PASSWORD).getValue();

    Config.ConfigBuilder configBuilder = Config.build();
    String loadBalancingStrategyValue = context.getProperty(LOAD_BALANCING_STRATEGY).getValue();
    if ( ! StringUtils.isBlank(loadBalancingStrategyValue) ) {
        configBuilder = configBuilder.withLoadBalancingStrategy(
                Config.LoadBalancingStrategy.valueOf(loadBalancingStrategyValue));
    }

    configBuilder.withMaxConnectionPoolSize(context.getProperty(MAX_CONNECTION_POOL_SIZE).evaluateAttributeExpressions().asInteger());

    configBuilder.withConnectionTimeout(context.getProperty(CONNECTION_TIMEOUT).evaluateAttributeExpressions().asTimePeriod(TimeUnit.SECONDS), TimeUnit.SECONDS);

    configBuilder.withConnectionAcquisitionTimeout(context.getProperty(MAX_CONNECTION_ACQUISITION_TIMEOUT).evaluateAttributeExpressions().asTimePeriod(TimeUnit.SECONDS), TimeUnit.SECONDS);

    configBuilder.withMaxConnectionLifetime(context.getProperty(MAX_CONNECTION_LIFETIME).evaluateAttributeExpressions().asTimePeriod(TimeUnit.SECONDS), TimeUnit.SECONDS);

    configBuilder.withConnectionLivenessCheckTimeout(context.getProperty(IDLE_TIME_BEFORE_CONNECTION_TEST).evaluateAttributeExpressions().asTimePeriod(TimeUnit.SECONDS), TimeUnit.SECONDS);

    if ( context.getProperty(ENCRYPTION).asBoolean() ) {
        configBuilder.withEncryption();
    } else {
        configBuilder.withoutEncryption();
    }

    final SSLContextService sslService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
    if (sslService != null) {
        if ( sslService.isTrustStoreConfigured()) {
            configBuilder.withTrustStrategy(Config.TrustStrategy.trustCustomCertificateSignedBy(new File(
                    sslService.getTrustStoreFile())));
        } else {
            configBuilder.withTrustStrategy(Config.TrustStrategy.trustSystemCertificates());
        }
    }

    return GraphDatabase.driver( connectionUrl, AuthTokens.basic( username, password),
            configBuilder.toConfig());
}
 
Example 17
Source File: KafkaProcessorUtils.java    From nifi with Apache License 2.0 4 votes vote down vote up
static void buildCommonKafkaProperties(final ProcessContext context, final Class<?> kafkaConfigClass, final Map<String, Object> mapToPopulate) {
    for (PropertyDescriptor propertyDescriptor : context.getProperties().keySet()) {
        if (propertyDescriptor.equals(SSL_CONTEXT_SERVICE)) {
            // Translate SSLContext Service configuration into Kafka properties
            final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
            if (sslContextService != null && sslContextService.isKeyStoreConfigured()) {
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, sslContextService.getKeyStoreFile());
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, sslContextService.getKeyStorePassword());
                final String keyPass = sslContextService.getKeyPassword() == null ? sslContextService.getKeyStorePassword() : sslContextService.getKeyPassword();
                mapToPopulate.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, keyPass);
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, sslContextService.getKeyStoreType());
            }

            if (sslContextService != null && sslContextService.isTrustStoreConfigured()) {
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, sslContextService.getTrustStoreFile());
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, sslContextService.getTrustStorePassword());
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, sslContextService.getTrustStoreType());
            }
        }

        String propertyName = propertyDescriptor.getName();
        String propertyValue = propertyDescriptor.isExpressionLanguageSupported()
                ? context.getProperty(propertyDescriptor).evaluateAttributeExpressions().getValue()
                : context.getProperty(propertyDescriptor).getValue();

        if (propertyValue != null && !propertyName.equals(USER_PRINCIPAL.getName()) && !propertyName.equals(USER_KEYTAB.getName())) {
            // If the property name ends in ".ms" then it is a time period. We want to accept either an integer as number of milliseconds
            // or the standard NiFi time period such as "5 secs"
            if (propertyName.endsWith(".ms") && !StringUtils.isNumeric(propertyValue.trim())) { // kafka standard time notation
                propertyValue = String.valueOf(FormatUtils.getTimeDuration(propertyValue.trim(), TimeUnit.MILLISECONDS));
            }

            if (isStaticStringFieldNamePresent(propertyName, kafkaConfigClass, CommonClientConfigs.class, SslConfigs.class, SaslConfigs.class)) {
                mapToPopulate.put(propertyName, propertyValue);
            }
        }
    }

    String securityProtocol = context.getProperty(SECURITY_PROTOCOL).getValue();
    if (SEC_SASL_PLAINTEXT.getValue().equals(securityProtocol) || SEC_SASL_SSL.getValue().equals(securityProtocol)) {
        setJaasConfig(mapToPopulate, context);
    }
}
 
Example 18
Source File: KafkaRecordSink_1_0.java    From nifi with Apache License 2.0 4 votes vote down vote up
static void buildCommonKafkaProperties(final ConfigurationContext context, final Class<?> kafkaConfigClass, final Map<String, Object> mapToPopulate) {
    for (PropertyDescriptor propertyDescriptor : context.getProperties().keySet()) {
        if (propertyDescriptor.equals(KafkaProcessorUtils.SSL_CONTEXT_SERVICE)) {
            // Translate SSLContext Service configuration into Kafka properties
            final SSLContextService sslContextService = context.getProperty(KafkaProcessorUtils.SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
            if (sslContextService != null && sslContextService.isKeyStoreConfigured()) {
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, sslContextService.getKeyStoreFile());
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, sslContextService.getKeyStorePassword());
                final String keyPass = sslContextService.getKeyPassword() == null ? sslContextService.getKeyStorePassword() : sslContextService.getKeyPassword();
                mapToPopulate.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, keyPass);
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, sslContextService.getKeyStoreType());
            }

            if (sslContextService != null && sslContextService.isTrustStoreConfigured()) {
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, sslContextService.getTrustStoreFile());
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, sslContextService.getTrustStorePassword());
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, sslContextService.getTrustStoreType());
            }
        }

        String propertyName = propertyDescriptor.getName();
        String propertyValue = propertyDescriptor.isExpressionLanguageSupported()
                ? context.getProperty(propertyDescriptor).evaluateAttributeExpressions().getValue()
                : context.getProperty(propertyDescriptor).getValue();

        if (propertyValue != null) {
            // If the property name ends in ".ms" then it is a time period. We want to accept either an integer as number of milliseconds
            // or the standard NiFi time period such as "5 secs"
            if (propertyName.endsWith(".ms") && !StringUtils.isNumeric(propertyValue.trim())) { // kafka standard time notation
                propertyValue = String.valueOf(FormatUtils.getTimeDuration(propertyValue.trim(), TimeUnit.MILLISECONDS));
            }

            if (KafkaProcessorUtils.isStaticStringFieldNamePresent(propertyName, kafkaConfigClass, CommonClientConfigs.class, SslConfigs.class, SaslConfigs.class)) {
                mapToPopulate.put(propertyName, propertyValue);
            }
        }
    }

    String securityProtocol = context.getProperty(KafkaProcessorUtils.SECURITY_PROTOCOL).getValue();
    if (KafkaProcessorUtils.SEC_SASL_PLAINTEXT.getValue().equals(securityProtocol) || KafkaProcessorUtils.SEC_SASL_SSL.getValue().equals(securityProtocol)) {
        setJaasConfig(mapToPopulate, context);
    }
}
 
Example 19
Source File: KafkaProcessorUtils.java    From nifi with Apache License 2.0 4 votes vote down vote up
static void buildCommonKafkaProperties(final ProcessContext context, final Class<?> kafkaConfigClass, final Map<String, Object> mapToPopulate) {
    for (PropertyDescriptor propertyDescriptor : context.getProperties().keySet()) {
        if (propertyDescriptor.equals(SSL_CONTEXT_SERVICE)) {
            // Translate SSLContext Service configuration into Kafka properties
            final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
            if (sslContextService != null && sslContextService.isKeyStoreConfigured()) {
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, sslContextService.getKeyStoreFile());
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, sslContextService.getKeyStorePassword());
                final String keyPass = sslContextService.getKeyPassword() == null ? sslContextService.getKeyStorePassword() : sslContextService.getKeyPassword();
                mapToPopulate.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, keyPass);
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, sslContextService.getKeyStoreType());
            }

            if (sslContextService != null && sslContextService.isTrustStoreConfigured()) {
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, sslContextService.getTrustStoreFile());
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, sslContextService.getTrustStorePassword());
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, sslContextService.getTrustStoreType());
            }
        }

        String propertyName = propertyDescriptor.getName();
        String propertyValue = propertyDescriptor.isExpressionLanguageSupported()
                ? context.getProperty(propertyDescriptor).evaluateAttributeExpressions().getValue()
                : context.getProperty(propertyDescriptor).getValue();

        if (propertyValue != null && !propertyName.equals(USER_PRINCIPAL.getName()) && !propertyName.equals(USER_KEYTAB.getName())) {
            // If the property name ends in ".ms" then it is a time period. We want to accept either an integer as number of milliseconds
            // or the standard NiFi time period such as "5 secs"
            if (propertyName.endsWith(".ms") && !StringUtils.isNumeric(propertyValue.trim())) { // kafka standard time notation
                propertyValue = String.valueOf(FormatUtils.getTimeDuration(propertyValue.trim(), TimeUnit.MILLISECONDS));
            }

            if (isStaticStringFieldNamePresent(propertyName, kafkaConfigClass, CommonClientConfigs.class, SslConfigs.class, SaslConfigs.class)) {
                mapToPopulate.put(propertyName, propertyValue);
            }
        }
    }

    String securityProtocol = context.getProperty(SECURITY_PROTOCOL).getValue();
    if (SEC_SASL_PLAINTEXT.getValue().equals(securityProtocol) || SEC_SASL_SSL.getValue().equals(securityProtocol)) {
        setJaasConfig(mapToPopulate, context);
    }
}
 
Example 20
Source File: KafkaProcessorUtils.java    From nifi with Apache License 2.0 4 votes vote down vote up
static void buildCommonKafkaProperties(final ProcessContext context, final Class<?> kafkaConfigClass, final Map<String, Object> mapToPopulate) {
    for (PropertyDescriptor propertyDescriptor : context.getProperties().keySet()) {
        if (propertyDescriptor.equals(SSL_CONTEXT_SERVICE)) {
            // Translate SSLContext Service configuration into Kafka properties
            final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
            if (sslContextService != null && sslContextService.isKeyStoreConfigured()) {
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, sslContextService.getKeyStoreFile());
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, sslContextService.getKeyStorePassword());
                final String keyPass = sslContextService.getKeyPassword() == null ? sslContextService.getKeyStorePassword() : sslContextService.getKeyPassword();
                mapToPopulate.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, keyPass);
                mapToPopulate.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, sslContextService.getKeyStoreType());
            }

            if (sslContextService != null && sslContextService.isTrustStoreConfigured()) {
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, sslContextService.getTrustStoreFile());
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, sslContextService.getTrustStorePassword());
                mapToPopulate.put(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, sslContextService.getTrustStoreType());
            }
        }

        String propertyName = propertyDescriptor.getName();
        String propertyValue = propertyDescriptor.isExpressionLanguageSupported()
                ? context.getProperty(propertyDescriptor).evaluateAttributeExpressions().getValue()
                : context.getProperty(propertyDescriptor).getValue();

        if (propertyValue != null && !propertyName.equals(USER_PRINCIPAL.getName()) && !propertyName.equals(USER_KEYTAB.getName())) {
            // If the property name ends in ".ms" then it is a time period. We want to accept either an integer as number of milliseconds
            // or the standard NiFi time period such as "5 secs"
            if (propertyName.endsWith(".ms") && !StringUtils.isNumeric(propertyValue.trim())) { // kafka standard time notation
                propertyValue = String.valueOf(FormatUtils.getTimeDuration(propertyValue.trim(), TimeUnit.MILLISECONDS));
            }

            if (isStaticStringFieldNamePresent(propertyName, kafkaConfigClass, CommonClientConfigs.class, SslConfigs.class, SaslConfigs.class)) {
                mapToPopulate.put(propertyName, propertyValue);
            }
        }
    }

    String securityProtocol = context.getProperty(SECURITY_PROTOCOL).getValue();
    if (SEC_SASL_PLAINTEXT.getValue().equals(securityProtocol) || SEC_SASL_SSL.getValue().equals(securityProtocol)) {
        setJaasConfig(mapToPopulate, context);
    }
}