You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by bb...@apache.org on 2017/05/04 14:50:40 UTC

nifi git commit: NIFI-3794 - Expose the control of ListenRELP's CLIENT_AUTH property to DFM

Repository: nifi
Updated Branches:
  refs/heads/master b710420f0 -> 970ddf8f7


NIFI-3794 - Expose the control of ListenRELP's CLIENT_AUTH property to DFM

This closes #1746.

Signed-off-by: Bryan Bende <bb...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/970ddf8f
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/970ddf8f
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/970ddf8f

Branch: refs/heads/master
Commit: 970ddf8f7e471f02835b3b2e3cf46cfabcc801e0
Parents: b710420
Author: Andre F de Miranda <tr...@users.noreply.github.com>
Authored: Thu May 4 08:00:14 2017 +1000
Committer: Bryan Bende <bb...@apache.org>
Committed: Thu May 4 10:50:22 2017 -0400

----------------------------------------------------------------------
 .../nifi/processors/standard/ListenRELP.java    | 42 ++++++++++++++++++--
 1 file changed, 39 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/nifi/blob/970ddf8f/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenRELP.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenRELP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenRELP.java
index 51173ec..7400862 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenRELP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenRELP.java
@@ -16,6 +16,7 @@
  */
 package org.apache.nifi.processors.standard;
 
+import org.apache.commons.lang3.StringUtils;
 import org.apache.nifi.annotation.behavior.InputRequirement;
 import org.apache.nifi.annotation.behavior.WritesAttribute;
 import org.apache.nifi.annotation.behavior.WritesAttributes;
@@ -24,6 +25,8 @@ import org.apache.nifi.annotation.documentation.SeeAlso;
 import org.apache.nifi.annotation.documentation.Tags;
 import org.apache.nifi.annotation.lifecycle.OnScheduled;
 import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.components.ValidationContext;
+import org.apache.nifi.components.ValidationResult;
 import org.apache.nifi.flowfile.attributes.CoreAttributes;
 import org.apache.nifi.flowfile.attributes.FlowFileAttributeKey;
 import org.apache.nifi.processor.DataUnit;
@@ -43,13 +46,16 @@ import org.apache.nifi.processors.standard.relp.frame.RELPEncoder;
 import org.apache.nifi.processors.standard.relp.handler.RELPSocketChannelHandlerFactory;
 import org.apache.nifi.processors.standard.relp.response.RELPChannelResponse;
 import org.apache.nifi.processors.standard.relp.response.RELPResponse;
+import org.apache.nifi.security.util.SslContextFactory;
 import org.apache.nifi.ssl.SSLContextService;
 
 import javax.net.ssl.SSLContext;
 import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.nio.charset.Charset;
+import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -73,17 +79,26 @@ public class ListenRELP extends AbstractListenEventBatchingProcessor<RELPEvent>
 
     public static final PropertyDescriptor SSL_CONTEXT_SERVICE = new PropertyDescriptor.Builder()
             .name("SSL Context Service")
+            .displayName("SSL Context Service")
             .description("The Controller Service to use in order to obtain an SSL Context. If this property is set, " +
                     "messages will be received over a secure connection.")
             .required(false)
             .identifiesControllerService(SSLContextService.class)
             .build();
+    public static final PropertyDescriptor CLIENT_AUTH = new PropertyDescriptor.Builder()
+            .name("Client Auth")
+            .displayName("Client Auth")
+            .description("The client authentication policy to use for the SSL Context. Only used if an SSL Context Service is provided.")
+            .required(false)
+            .allowableValues(SSLContextService.ClientAuth.values())
+            .defaultValue(SSLContextService.ClientAuth.REQUIRED.name())
+            .build();
 
     private volatile RELPEncoder relpEncoder;
 
     @Override
     protected List<PropertyDescriptor> getAdditionalProperties() {
-        return Arrays.asList(MAX_CONNECTIONS, SSL_CONTEXT_SERVICE);
+        return Arrays.asList(MAX_CONNECTIONS, SSL_CONTEXT_SERVICE, CLIENT_AUTH);
     }
 
     @Override
@@ -95,6 +110,22 @@ public class ListenRELP extends AbstractListenEventBatchingProcessor<RELPEvent>
     }
 
     @Override
+    protected Collection<ValidationResult> customValidate(final ValidationContext validationContext) {
+        final List<ValidationResult> results = new ArrayList<>();
+        final SSLContextService sslContextService = validationContext.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
+
+        // Validate CLIENT_AUTH
+        final String clientAuth = validationContext.getProperty(CLIENT_AUTH).getValue();
+        if (sslContextService != null && StringUtils.isBlank(clientAuth)) {
+            results.add(new ValidationResult.Builder()
+                    .explanation("Client Auth must be provided when using TLS/SSL")
+                    .valid(false).subject("Client Auth").build());
+        }
+
+        return results;
+    }
+
+    @Override
     protected ChannelDispatcher createDispatcher(final ProcessContext context, final BlockingQueue<RELPEvent> events) throws IOException {
         final EventFactory<RELPEvent> eventFactory = new RELPEventFactory();
         final ChannelHandlerFactory<RELPEvent,AsyncChannelDispatcher> handlerFactory = new RELPSocketChannelHandlerFactory<>();
@@ -108,14 +139,19 @@ public class ListenRELP extends AbstractListenEventBatchingProcessor<RELPEvent>
 
         // if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
         SSLContext sslContext = null;
+        SslContextFactory.ClientAuth clientAuth = null;
+
         final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
         if (sslContextService != null) {
-            sslContext = sslContextService.createSSLContext(SSLContextService.ClientAuth.REQUIRED);
+            final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
+            sslContext = sslContextService.createSSLContext(SSLContextService.ClientAuth.valueOf(clientAuthValue));
+            clientAuth = SslContextFactory.ClientAuth.valueOf(clientAuthValue);
+
         }
 
         // if we decide to support SSL then get the context and pass it in here
         return new SocketChannelDispatcher<>(eventFactory, handlerFactory, bufferPool, events,
-                getLogger(), maxConnections, sslContext, charSet);
+                getLogger(), maxConnections, sslContext, clientAuth, charSet);
     }
 
     @Override