You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2015/11/23 21:46:15 UTC
[04/50] [abbrv] nifi git commit: NIFI-1163: Providing handling of
SSLContext creation in GetHTTP in case of only performing a one-way SSL
request and accompanying test to verify the configuration/usage.
NIFI-1163: Providing handling of SSLContext creation in GetHTTP in case of only performing a one-way SSL request and accompanying test to verify the configuration/usage.
Reviewed by Tony Kurc (tkurc@apache.org)
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/01539ed3
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/01539ed3
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/01539ed3
Branch: refs/heads/NIFI-655
Commit: 01539ed3230894b062a7c2e42ffd9b50e3d51bf3
Parents: 90f6830
Author: Aldrin Piri <al...@apache.org>
Authored: Sat Nov 14 18:43:49 2015 -0500
Committer: Tony Kurc <tr...@gmail.com>
Committed: Sat Nov 14 18:47:50 2015 -0500
----------------------------------------------------------------------
.../nifi/processors/standard/GetHTTP.java | 28 +++---
.../nifi/processors/standard/TestGetHTTP.java | 94 ++++++++++++++------
2 files changed, 87 insertions(+), 35 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi/blob/01539ed3/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java
index e846b82..2245080 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java
@@ -49,6 +49,7 @@ import java.util.regex.Pattern;
import javax.net.ssl.SSLContext;
+import org.apache.commons.lang3.StringUtils;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.HttpResponse;
@@ -64,11 +65,11 @@ import org.apache.http.conn.HttpClientConnectionManager;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
+import org.apache.http.ssl.SSLContextBuilder;
import org.apache.nifi.annotation.behavior.InputRequirement;
import org.apache.nifi.annotation.behavior.InputRequirement.Requirement;
import org.apache.nifi.annotation.behavior.WritesAttribute;
@@ -320,19 +321,26 @@ public class GetHTTP extends AbstractSessionFactoryProcessor {
private SSLContext createSSLContext(final SSLContextService service)
throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException {
- final KeyStore truststore = KeyStore.getInstance(service.getTrustStoreType());
- try (final InputStream in = new FileInputStream(new File(service.getTrustStoreFile()))) {
- truststore.load(in, service.getTrustStorePassword().toCharArray());
- }
- final KeyStore keystore = KeyStore.getInstance(service.getKeyStoreType());
- try (final InputStream in = new FileInputStream(new File(service.getKeyStoreFile()))) {
- keystore.load(in, service.getKeyStorePassword().toCharArray());
+ final SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
+
+ if (StringUtils.isNotBlank(service.getTrustStoreFile())) {
+ final KeyStore truststore = KeyStore.getInstance(service.getTrustStoreType());
+ try (final InputStream in = new FileInputStream(new File(service.getTrustStoreFile()))) {
+ truststore.load(in, service.getTrustStorePassword().toCharArray());
+ }
+ sslContextBuilder.loadTrustMaterial(truststore, new TrustSelfSignedStrategy());
}
- final SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(truststore, new TrustSelfSignedStrategy()).loadKeyMaterial(keystore, service.getKeyStorePassword().toCharArray()).build();
+ if (StringUtils.isNotBlank(service.getKeyStoreFile())){
+ final KeyStore keystore = KeyStore.getInstance(service.getKeyStoreType());
+ try (final InputStream in = new FileInputStream(new File(service.getKeyStoreFile()))) {
+ keystore.load(in, service.getKeyStorePassword().toCharArray());
+ }
+ sslContextBuilder.loadKeyMaterial(keystore, service.getKeyStorePassword().toCharArray());
+ }
- return sslContext;
+ return sslContextBuilder.build();
}
@Override
http://git-wip-us.apache.org/repos/asf/nifi/blob/01539ed3/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestGetHTTP.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestGetHTTP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestGetHTTP.java
index bb3d286..29ce429 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestGetHTTP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestGetHTTP.java
@@ -317,48 +317,63 @@ public class TestGetHTTP {
}
}
- private Map<String, String> getSslProperties() {
- Map<String, String> props = new HashMap<String, String>();
- props.put(StandardSSLContextService.KEYSTORE.getName(), "src/test/resources/localhost-ks.jks");
- props.put(StandardSSLContextService.KEYSTORE_PASSWORD.getName(), "localtest");
- props.put(StandardSSLContextService.KEYSTORE_TYPE.getName(), "JKS");
- props.put(StandardSSLContextService.TRUSTSTORE.getName(), "src/test/resources/localhost-ts.jks");
- props.put(StandardSSLContextService.TRUSTSTORE_PASSWORD.getName(), "localtest");
- props.put(StandardSSLContextService.TRUSTSTORE_TYPE.getName(), "JKS");
- return props;
- }
+ @Test
+ public final void testSecure_oneWaySsl() throws Exception {
+ // set up web service
+ final ServletHandler handler = new ServletHandler();
+ handler.addServletWithMapping(HelloWorldServlet.class, "/*");
+
+ // create the service, disabling the need for client auth
+ final Map<String, String> serverSslProperties = getKeystoreProperties();
+ serverSslProperties.put(TestServer.NEED_CLIENT_AUTH, Boolean.toString(false));
+ final TestServer server = new TestServer(serverSslProperties);
+ server.addHandler(handler);
- private void useSSLContextService() {
- final SSLContextService service = new StandardSSLContextService();
try {
- controller.addControllerService("ssl-service", service, getSslProperties());
- controller.enableControllerService(service);
- } catch (InitializationException ex) {
- ex.printStackTrace();
- Assert.fail("Could not create SSL Context Service");
- }
+ server.startServer();
- controller.setProperty(GetHTTP.SSL_CONTEXT_SERVICE, "ssl-service");
+ final String destination = server.getSecureUrl();
+
+ // set up NiFi mock controller
+ controller = TestRunners.newTestRunner(GetHTTP.class);
+ // Use context service with only a truststore
+ useSSLContextService(getTruststoreProperties());
+
+ controller.setProperty(GetHTTP.CONNECTION_TIMEOUT, "5 secs");
+ controller.setProperty(GetHTTP.URL, destination);
+ controller.setProperty(GetHTTP.FILENAME, "testFile");
+ controller.setProperty(GetHTTP.ACCEPT_CONTENT_TYPE, "application/json");
+
+ controller.run();
+ controller.assertAllFlowFilesTransferred(GetHTTP.REL_SUCCESS, 1);
+ final MockFlowFile mff = controller.getFlowFilesForRelationship(GetHTTP.REL_SUCCESS).get(0);
+ mff.assertContentEquals("Hello, World!");
+ } finally {
+ server.shutdownServer();
+ }
}
@Test
- public final void testSecure() throws Exception {
+ public final void testSecure_twoWaySsl() throws Exception {
// set up web service
- ServletHandler handler = new ServletHandler();
+ final ServletHandler handler = new ServletHandler();
handler.addServletWithMapping(HelloWorldServlet.class, "/*");
- // create the service
- TestServer server = new TestServer(getSslProperties());
+ // create the service, providing both truststore and keystore properties, requiring client auth (default)
+ final Map<String, String> twoWaySslProperties = getKeystoreProperties();
+ twoWaySslProperties.putAll(getTruststoreProperties());
+ final TestServer server = new TestServer(twoWaySslProperties);
server.addHandler(handler);
try {
server.startServer();
- String destination = server.getSecureUrl();
+ final String destination = server.getSecureUrl();
// set up NiFi mock controller
controller = TestRunners.newTestRunner(GetHTTP.class);
- useSSLContextService();
+ // Use context service with a keystore and a truststore
+ useSSLContextService(twoWaySslProperties);
controller.setProperty(GetHTTP.CONNECTION_TIMEOUT, "5 secs");
controller.setProperty(GetHTTP.URL, destination);
@@ -374,4 +389,33 @@ public class TestGetHTTP {
}
}
+ private static Map<String, String> getTruststoreProperties() {
+ final Map<String, String> props = new HashMap<>();
+ props.put(StandardSSLContextService.TRUSTSTORE.getName(), "src/test/resources/localhost-ts.jks");
+ props.put(StandardSSLContextService.TRUSTSTORE_PASSWORD.getName(), "localtest");
+ props.put(StandardSSLContextService.TRUSTSTORE_TYPE.getName(), "JKS");
+ return props;
+ }
+
+ private static Map<String, String> getKeystoreProperties() {
+ final Map<String, String> properties = new HashMap<>();
+ properties.put(StandardSSLContextService.KEYSTORE.getName(), "src/test/resources/localhost-ks.jks");
+ properties.put(StandardSSLContextService.KEYSTORE_PASSWORD.getName(), "localtest");
+ properties.put(StandardSSLContextService.KEYSTORE_TYPE.getName(), "JKS");
+ return properties;
+ }
+
+ private void useSSLContextService(final Map<String, String> sslProperties) {
+ final SSLContextService service = new StandardSSLContextService();
+ try {
+ controller.addControllerService("ssl-service", service, sslProperties);
+ controller.enableControllerService(service);
+ } catch (InitializationException ex) {
+ ex.printStackTrace();
+ Assert.fail("Could not create SSL Context Service");
+ }
+
+ controller.setProperty(GetHTTP.SSL_CONTEXT_SERVICE, "ssl-service");
+ }
+
}