Java Code Examples for org.apache.nifi.security.util.SslContextFactory#createSslContext()

The following examples show how to use org.apache.nifi.security.util.SslContextFactory#createSslContext() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TestListenTCP.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testTLSClientAuthNoneAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException, TlsException {

    runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.NONE.name());
    configureProcessorSslContextService();

    final List<String> messages = new ArrayList<>();
    messages.add("This is message 1\n");
    messages.add("This is message 2\n");
    messages.add("This is message 3\n");
    messages.add("This is message 4\n");
    messages.add("This is message 5\n");

    // Make an SSLContext that only has the trust store, this should not work since the processor has client auth REQUIRED
    final SSLContext clientSslContext = SslContextFactory.createSslContext(trustOnlyTlsConfiguration);

    runTCP(messages, messages.size(), clientSslContext);

    List<MockFlowFile> mockFlowFiles = runner.getFlowFilesForRelationship(ListenTCP.REL_SUCCESS);
    for (int i = 0; i < mockFlowFiles.size(); i++) {
        mockFlowFiles.get(i).assertContentEquals("This is message " + (i + 1));
    }
}
 
Example 2
Source File: TestListenTCP.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testTLSClientAuthRequiredAndClientCertNotProvided() throws InitializationException, TlsException {

    runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
    configureProcessorSslContextService();

    final List<String> messages = new ArrayList<>();
    messages.add("This is message 1\n");
    messages.add("This is message 2\n");
    messages.add("This is message 3\n");
    messages.add("This is message 4\n");
    messages.add("This is message 5\n");

    // Make an SSLContext that only has the trust store, this should not work since the processor has client auth REQUIRED
    final SSLContext clientSslContext = SslContextFactory.createSslContext(trustOnlyTlsConfiguration);

    try {
        runTCP(messages, messages.size(), clientSslContext);
        Assert.fail("Should have thrown exception");
    } catch (Exception e) {

    }
}
 
Example 3
Source File: TestListenTCP.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testTLSClientAuthRequiredAndClientCertProvided() throws InitializationException, IOException, InterruptedException,
        TlsException {

    runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
    configureProcessorSslContextService();

    final List<String> messages = new ArrayList<>();
    messages.add("This is message 1\n");
    messages.add("This is message 2\n");
    messages.add("This is message 3\n");
    messages.add("This is message 4\n");
    messages.add("This is message 5\n");

    // Make an SSLContext with a key and trust store to send the test messages
    final SSLContext clientSslContext = SslContextFactory.createSslContext(clientTlsConfiguration, SslContextFactory.ClientAuth.NONE);

    runTCP(messages, messages.size(), clientSslContext);

    List<MockFlowFile> mockFlowFiles = runner.getFlowFilesForRelationship(ListenTCP.REL_SUCCESS);
    for (int i = 0; i < mockFlowFiles.size(); i++) {
        mockFlowFiles.get(i).assertContentEquals("This is message " + (i + 1));
    }
}
 
Example 4
Source File: TestHttpNotificationServiceSSL.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Before
public void startServer() throws IOException, TlsException {
    tempConfigFilePath = "./target/TestHttpNotificationService-config.xml";

    Files.deleteIfExists(Paths.get(tempConfigFilePath));

    mockWebServer = new MockWebServer();

    TlsConfiguration tlsConfiguration = new TlsConfiguration("./src/test/resources/keystore.jks", "passwordpassword", null, "JKS",
            "./src/test/resources/truststore.jks", "passwordpassword", "JKS", CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
    final SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.REQUIRED);
    mockWebServer.useHttps(sslContext.getSocketFactory(), false);

    String configFileOutput = CONFIGURATION_FILE_TEXT.replace("${test.server}", String.valueOf(mockWebServer.url("/")));
    IOUtil.writeText(configFileOutput, new File(tempConfigFilePath));
}
 
Example 5
Source File: TestListenTCPRecord.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testTLSClientAuthNoneAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException, TlsException {

    runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SslContextFactory.ClientAuth.NONE.name());
    configureProcessorSslContextService();

    // Make an SSLContext that only has the trust store, this should work since the processor has client auth NONE
    final SSLContext clientSslContext = SslContextFactory.createSslContext(trustOnlyTlsConfiguration);

    runTCP(DATA, 1, clientSslContext);

    final List<MockFlowFile> mockFlowFiles = runner.getFlowFilesForRelationship(ListenTCPRecord.REL_SUCCESS);
    Assert.assertEquals(1, mockFlowFiles.size());

    final String content = new String(mockFlowFiles.get(0).toByteArray(), StandardCharsets.UTF_8);
    Assert.assertNotNull(content);
    Assert.assertTrue(content.contains("This is a test " + 1));
    Assert.assertTrue(content.contains("This is a test " + 2));
    Assert.assertTrue(content.contains("This is a test " + 3));
}
 
Example 6
Source File: LdapProvider.java    From nifi with Apache License 2.0 6 votes vote down vote up
public static SSLContext getConfiguredSslContext(final NonComponentConfigurationContext configurationContext) {
    final String rawKeystore = configurationContext.getProperty("TLS - Keystore");
    final String rawKeystorePassword = configurationContext.getProperty("TLS - Keystore Password");
    // TODO: Should support different key password
    final String rawKeystoreType = configurationContext.getProperty("TLS - Keystore Type");
    final String rawTruststore = configurationContext.getProperty("TLS - Truststore");
    final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password");
    final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type");
    final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth");
    final String rawProtocol = configurationContext.getProperty("TLS - Protocol");

    try {
        TlsConfiguration tlsConfiguration = new TlsConfiguration(rawKeystore, rawKeystorePassword, null, rawKeystoreType, rawTruststore, rawTruststorePassword, rawTruststoreType, rawProtocol);
        ClientAuth clientAuth = ClientAuth.isValidClientAuthType(rawClientAuth) ? ClientAuth.valueOf(rawClientAuth) : ClientAuth.NONE;
        return SslContextFactory.createSslContext(tlsConfiguration, clientAuth);
    } catch (TlsException e) {
        logger.error("Encountered an error configuring TLS for LDAP identity provider: {}", e.getLocalizedMessage());
        throw new ProviderCreationException("Error configuring TLS for LDAP identity provider", e);
    }
}
 
Example 7
Source File: LdapUserGroupProvider.java    From nifi with Apache License 2.0 6 votes vote down vote up
private SSLContext getConfiguredSslContext(final AuthorizerConfigurationContext configurationContext) {
    final String rawKeystore = configurationContext.getProperty("TLS - Keystore").getValue();
    final String rawKeystorePassword = configurationContext.getProperty("TLS - Keystore Password").getValue();
    final String rawKeystoreType = configurationContext.getProperty("TLS - Keystore Type").getValue();
    final String rawTruststore = configurationContext.getProperty("TLS - Truststore").getValue();
    final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password").getValue();
    final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type").getValue();
    final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth").getValue();
    final String rawProtocol = configurationContext.getProperty("TLS - Protocol").getValue();

    try {
        TlsConfiguration tlsConfiguration = new TlsConfiguration(rawKeystore, rawKeystorePassword, null, rawKeystoreType, rawTruststore, rawTruststorePassword, rawTruststoreType, rawProtocol);
        ClientAuth clientAuth = ClientAuth.isValidClientAuthType(rawClientAuth) ? ClientAuth.valueOf(rawClientAuth) : ClientAuth.NONE;
        return SslContextFactory.createSslContext(tlsConfiguration, clientAuth);
    } catch (TlsException e) {
        logger.error("Encountered an error configuring TLS for LDAP user group provider: {}", e.getLocalizedMessage());
        throw new ProviderCreationException("Error configuring TLS for LDAP user group provider", e);
    }
}
 
Example 8
Source File: TestListenTCPRecord.java    From nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testTLSClientAuthRequiredAndClientCertProvided() throws InitializationException, IOException, InterruptedException, TlsException {

    runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
    configureProcessorSslContextService();

    // Make an SSLContext with a key and trust store to send the test messages
    final SSLContext clientSslContext = SslContextFactory.createSslContext(clientTlsConfiguration);

    runTCP(DATA, 1, clientSslContext);

    final List<MockFlowFile> mockFlowFiles = runner.getFlowFilesForRelationship(ListenTCPRecord.REL_SUCCESS);
    Assert.assertEquals(1, mockFlowFiles.size());

    final String content = new String(mockFlowFiles.get(0).toByteArray(), StandardCharsets.UTF_8);
    Assert.assertNotNull(content);
    Assert.assertTrue(content.contains("This is a test " + 1));
    Assert.assertTrue(content.contains("This is a test " + 2));
    Assert.assertTrue(content.contains("This is a test " + 3));
}
 
Example 9
Source File: StandardSSLContextService.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Override
public SSLContext createSSLContext(final SslContextFactory.ClientAuth clientAuth) throws ProcessException {
    try {
        return SslContextFactory.createSslContext(createTlsConfiguration(), clientAuth);
    } catch (TlsException e) {
        getLogger().error("Encountered an error creating the SSL context from the SSL context service: {}", new String[]{e.getLocalizedMessage()});
        throw new ProcessException("Error creating SSL context", e);
    }
}
 
Example 10
Source File: StatelessFlow.java    From nifi with Apache License 2.0 5 votes vote down vote up
public static SSLContext getSSLContext(final JsonObject config) {
    if (!config.has(SSL)) {
        return null;
    }

    final JsonObject sslObject = config.get(SSL).getAsJsonObject();
    // TODO: Only evaluates to true when all properties are present; some flows can have truststore properties and no keystore or vice-versa
    if (sslObject.has(KEYSTORE) && sslObject.has(KEYSTORE_PASS) && sslObject.has(KEYSTORE_TYPE)
            && sslObject.has(TRUSTSTORE) && sslObject.has(TRUSTSTORE_PASS) && sslObject.has(TRUSTSTORE_TYPE)) {

        final String keystore = sslObject.get(KEYSTORE).getAsString();
        final String keystorePass = sslObject.get(KEYSTORE_PASS).getAsString();
        final String keyPass = sslObject.has(KEY_PASS) ? sslObject.get(KEY_PASS).getAsString() : keystorePass;
        final String keystoreType = sslObject.get(KEYSTORE_TYPE).getAsString();

        final String truststore = sslObject.get(TRUSTSTORE).getAsString();
        final String truststorePass = sslObject.get(TRUSTSTORE_PASS).getAsString();
        final String truststoreType = sslObject.get(TRUSTSTORE_TYPE).getAsString();

        try {
            TlsConfiguration tlsConfiguration = new TlsConfiguration(keystore, keystorePass, keyPass, keystoreType,
                    truststore, truststorePass, truststoreType, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
            return SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.REQUIRED);
        } catch (final Exception e) {
            throw new RuntimeException("Failed to create Keystore", e);
        }
    }

    return null;
}
 
Example 11
Source File: TestListenHTTP.java    From nifi with Apache License 2.0 5 votes vote down vote up
private static HttpsURLConnection buildSecureConnection(boolean twoWaySsl, URL url) throws IOException, TlsException {
    final HttpsURLConnection sslCon = (HttpsURLConnection) url.openConnection();
    SSLContext clientSslContext;
    if (twoWaySsl) {
        // Use a client certificate, do not reuse the server's keystore
        clientSslContext = SslContextFactory.createSslContext(clientTlsConfiguration);
    } else {
        // With one-way SSL, the client still needs a truststore
        clientSslContext = SslContextFactory.createSslContext(trustOnlyTlsConfiguration);
    }
    sslCon.setSSLSocketFactory(clientSslContext.getSocketFactory());
    return sslCon;
}
 
Example 12
Source File: TestListenTCPRecord.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testTLSClientAuthRequiredAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException, TlsException {

    runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
    runner.setProperty(ListenTCPRecord.READ_TIMEOUT, "5 seconds");
    configureProcessorSslContextService();

    // Make an SSLContext that only has the trust store, this should not work since the processor has client auth REQUIRED
    final SSLContext clientSslContext = SslContextFactory.createSslContext(trustOnlyTlsConfiguration);

    runTCP(DATA, 0, clientSslContext);
}
 
Example 13
Source File: AbstractTestSecure.java    From nifi-minifi with Apache License 2.0 5 votes vote down vote up
protected SSLContext loadSslContext(String username, Path directory) throws GeneralSecurityException, IOException {
    char[] keystorePasswd;
    try (InputStream inputStream = Files.newInputStream(directory.resolve("CN=" + username + ".password"))) {
        keystorePasswd = IOUtils.toString(inputStream, StandardCharsets.UTF_8).toCharArray();
    }
    return SslContextFactory.createSslContext(
            directory.resolve("CN=" + username + ".p12").toFile().getAbsolutePath(),
            keystorePasswd,
            "PKCS12",
            certificatesDirectory.resolve("c2").resolve("truststore.jks").toFile().getAbsolutePath(),
            "badTrustPass".toCharArray(), "jks", SslContextFactory.ClientAuth.NONE, "TLS");
}
 
Example 14
Source File: TestListenTCP.java    From localization_nifi with Apache License 2.0 5 votes vote down vote up
@Test
public void testTLSClienAuthRequiredAndClientCertProvided() throws InitializationException, IOException, InterruptedException,
        UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {

    runner.setProperty(ListenTCP.CLIENT_AUTH, SSLContextService.ClientAuth.REQUIRED.name());
    configureProcessorSslContextService();

    final List<String> messages = new ArrayList<>();
    messages.add("This is message 1\n");
    messages.add("This is message 2\n");
    messages.add("This is message 3\n");
    messages.add("This is message 4\n");
    messages.add("This is message 5\n");

    // Make an SSLContext with a key and trust store to send the test messages
    final SSLContext clientSslContext = SslContextFactory.createSslContext(
            "src/test/resources/localhost-ks.jks",
            "localtest".toCharArray(),
            "jks",
            "src/test/resources/localhost-ts.jks",
            "localtest".toCharArray(),
            "jks",
            org.apache.nifi.security.util.SslContextFactory.ClientAuth.valueOf("NONE"),
            "TLS");

    runTCP(messages, messages.size(), clientSslContext);

    List<MockFlowFile> mockFlowFiles = runner.getFlowFilesForRelationship(ListenTCP.REL_SUCCESS);
    for (int i=0; i < mockFlowFiles.size(); i++) {
        mockFlowFiles.get(i).assertContentEquals("This is message " + (i + 1));
    }
}
 
Example 15
Source File: StandardSSLContextService.java    From localization_nifi with Apache License 2.0 5 votes vote down vote up
private void verifySslConfig(final ValidationContext validationContext) throws ProcessException {
    final String protocol = validationContext.getProperty(SSL_ALGORITHM).getValue();
    try {
        final PropertyValue keyPasswdProp = validationContext.getProperty(KEY_PASSWORD);
        final char[] keyPassword = keyPasswdProp.isSet() ? keyPasswdProp.getValue().toCharArray() : null;

        final String keystoreFile = validationContext.getProperty(KEYSTORE).getValue();
        if (keystoreFile == null) {
            SslContextFactory.createTrustSslContext(
                    validationContext.getProperty(TRUSTSTORE).getValue(),
                    validationContext.getProperty(TRUSTSTORE_PASSWORD).getValue().toCharArray(),
                    validationContext.getProperty(TRUSTSTORE_TYPE).getValue(),
                    protocol);
            return;
        }
        final String truststoreFile = validationContext.getProperty(TRUSTSTORE).getValue();
        if (truststoreFile == null) {
            SslContextFactory.createSslContext(
                    validationContext.getProperty(KEYSTORE).getValue(),
                    validationContext.getProperty(KEYSTORE_PASSWORD).getValue().toCharArray(),
                    keyPassword,
                    validationContext.getProperty(KEYSTORE_TYPE).getValue(),
                    protocol);
            return;
        }

        SslContextFactory.createSslContext(
                validationContext.getProperty(KEYSTORE).getValue(),
                validationContext.getProperty(KEYSTORE_PASSWORD).getValue().toCharArray(),
                keyPassword,
                validationContext.getProperty(KEYSTORE_TYPE).getValue(),
                validationContext.getProperty(TRUSTSTORE).getValue(),
                validationContext.getProperty(TRUSTSTORE_PASSWORD).getValue().toCharArray(),
                validationContext.getProperty(TRUSTSTORE_TYPE).getValue(),
                org.apache.nifi.security.util.SslContextFactory.ClientAuth.REQUIRED,
                protocol);
    } catch (final Exception e) {
        throw new ProcessException(e);
    }
}
 
Example 16
Source File: LdapProvider.java    From localization_nifi with Apache License 2.0 4 votes vote down vote up
private SSLContext getConfiguredSslContext(final LoginIdentityProviderConfigurationContext configurationContext) {
    final String rawKeystore = configurationContext.getProperty("TLS - Keystore");
    final String rawKeystorePassword = configurationContext.getProperty("TLS - Keystore Password");
    final String rawKeystoreType = configurationContext.getProperty("TLS - Keystore Type");
    final String rawTruststore = configurationContext.getProperty("TLS - Truststore");
    final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password");
    final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type");
    final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth");
    final String rawProtocol = configurationContext.getProperty("TLS - Protocol");

    // create the ssl context
    final SSLContext sslContext;
    try {
        if (StringUtils.isBlank(rawKeystore) && StringUtils.isBlank(rawTruststore)) {
            sslContext = null;
        } else {
            // ensure the protocol is specified
            if (StringUtils.isBlank(rawProtocol)) {
                throw new ProviderCreationException("TLS - Protocol must be specified.");
            }

            if (StringUtils.isBlank(rawKeystore)) {
                sslContext = SslContextFactory.createTrustSslContext(rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, rawProtocol);
            } else if (StringUtils.isBlank(rawTruststore)) {
                sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, rawProtocol);
            } else {
                // determine the client auth if specified
                final ClientAuth clientAuth;
                if (StringUtils.isBlank(rawClientAuth)) {
                    clientAuth = ClientAuth.NONE;
                } else {
                    try {
                        clientAuth = ClientAuth.valueOf(rawClientAuth);
                    } catch (final IllegalArgumentException iae) {
                        throw new ProviderCreationException(String.format("Unrecognized client auth '%s'. Possible values are [%s]",
                                rawClientAuth, StringUtils.join(ClientAuth.values(), ", ")));
                    }
                }

                sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType,
                        rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, clientAuth, rawProtocol);
            }
        }
    } catch (final KeyStoreException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException | KeyManagementException | IOException e) {
        throw new ProviderCreationException(e.getMessage(), e);
    }

    return sslContext;
}
 
Example 17
Source File: ServerSocketConfiguration.java    From nifi with Apache License 2.0 4 votes vote down vote up
public SSLContext createSSLContext() throws TlsException {
    // ClientAuth was hardcoded to REQUIRED in removed SSLContextFactory and overridden in SocketUtils when the socket is created
    return SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.REQUIRED);
}
 
Example 18
Source File: ITestHandleHttpRequest.java    From nifi with Apache License 2.0 4 votes vote down vote up
private void secureTest(boolean twoWaySsl) throws Exception {
    CountDownLatch serverReady = new CountDownLatch(1);
    CountDownLatch requestSent = new CountDownLatch(1);

    processor = createProcessor(serverReady, requestSent);
    final TestRunner runner = TestRunners.newTestRunner(processor);
    runner.setProperty(HandleHttpRequest.PORT, "0");

    final MockHttpContextMap contextMap = new MockHttpContextMap();
    runner.addControllerService("http-context-map", contextMap);
    runner.enableControllerService(contextMap);
    runner.setProperty(HandleHttpRequest.HTTP_CONTEXT_MAP, "http-context-map");

    final Map<String, String> sslProperties = getServerKeystoreProperties();
    sslProperties.putAll(getTruststoreProperties());
    sslProperties.put(StandardSSLContextService.SSL_ALGORITHM.getName(), CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
    useSSLContextService(runner, sslProperties, twoWaySsl ? SslContextFactory.ClientAuth.REQUIRED : SslContextFactory.ClientAuth.NONE);

    final Thread httpThread = new Thread(new Runnable() {
        @Override
        public void run() {
            try {
                serverReady.await();

                final int port = ((HandleHttpRequest) runner.getProcessor()).getPort();
                final HttpsURLConnection connection = (HttpsURLConnection) new URL("https://localhost:"
                        + port + "/my/path?query=true&value1=value1&value2=&value3&value4=apple=orange").openConnection();

                SSLContext clientSslContext;
                if (twoWaySsl) {
                    // Use a client certificate, do not reuse the server's keystore
                    clientSslContext = SslContextFactory.createSslContext(clientTlsConfiguration);
                } else {
                    // With one-way SSL, the client still needs a truststore
                    clientSslContext = SslContextFactory.createSslContext(trustOnlyTlsConfiguration);
                }
                connection.setSSLSocketFactory(clientSslContext.getSocketFactory());
                connection.setDoOutput(false);
                connection.setRequestMethod("GET");
                connection.setRequestProperty("header1", "value1");
                connection.setRequestProperty("header2", "");
                connection.setRequestProperty("header3", "apple=orange");
                connection.setConnectTimeout(3000);
                connection.setReadTimeout(3000);

                sendRequest(connection, requestSent);
            } catch (final Throwable t) {
                // Do nothing as HandleHttpRequest doesn't respond normally
            }
        }
    });

    httpThread.start();
    runner.run(1, false, false);

    runner.assertAllFlowFilesTransferred(HandleHttpRequest.REL_SUCCESS, 1);
    assertEquals(1, contextMap.size());

    final MockFlowFile mff = runner.getFlowFilesForRelationship(HandleHttpRequest.REL_SUCCESS).get(0);
    mff.assertAttributeEquals("http.query.param.query", "true");
    mff.assertAttributeEquals("http.query.param.value1", "value1");
    mff.assertAttributeEquals("http.query.param.value2", "");
    mff.assertAttributeEquals("http.query.param.value3", "");
    mff.assertAttributeEquals("http.query.param.value4", "apple=orange");
    mff.assertAttributeEquals("http.headers.header1", "value1");
    mff.assertAttributeEquals("http.headers.header3", "apple=orange");
    mff.assertAttributeEquals("http.protocol", "HTTP/1.1");
}
 
Example 19
Source File: SocketConfiguration.java    From nifi with Apache License 2.0 4 votes vote down vote up
public SSLContext createSSLContext() throws TlsException {
    // This is only used for client sockets, so the client auth setting is ignored
    return SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.NONE);
}
 
Example 20
Source File: StandardSSLContextService.java    From localization_nifi with Apache License 2.0 4 votes vote down vote up
@Override
public SSLContext createSSLContext(final ClientAuth clientAuth) throws ProcessException {
    final String protocol = configContext.getProperty(SSL_ALGORITHM).getValue();
    try {
        final PropertyValue keyPasswdProp = configContext.getProperty(KEY_PASSWORD);
        final char[] keyPassword = keyPasswdProp.isSet() ? keyPasswdProp.getValue().toCharArray() : null;

        final String keystoreFile = configContext.getProperty(KEYSTORE).getValue();
        if (keystoreFile == null) {
            // If keystore not specified, create SSL Context based only on trust store.
            return SslContextFactory.createTrustSslContext(
                    configContext.getProperty(TRUSTSTORE).getValue(),
                    configContext.getProperty(TRUSTSTORE_PASSWORD).getValue().toCharArray(),
                    configContext.getProperty(TRUSTSTORE_TYPE).getValue(),
                    protocol);
        }

        final String truststoreFile = configContext.getProperty(TRUSTSTORE).getValue();
        if (truststoreFile == null) {
            // If truststore not specified, create SSL Context based only on key store.
            return SslContextFactory.createSslContext(
                    configContext.getProperty(KEYSTORE).getValue(),
                    configContext.getProperty(KEYSTORE_PASSWORD).getValue().toCharArray(),
                    keyPassword,
                    configContext.getProperty(KEYSTORE_TYPE).getValue(),
                    protocol);
        }

        return SslContextFactory.createSslContext(
                configContext.getProperty(KEYSTORE).getValue(),
                configContext.getProperty(KEYSTORE_PASSWORD).getValue().toCharArray(),
                keyPassword,
                configContext.getProperty(KEYSTORE_TYPE).getValue(),
                configContext.getProperty(TRUSTSTORE).getValue(),
                configContext.getProperty(TRUSTSTORE_PASSWORD).getValue().toCharArray(),
                configContext.getProperty(TRUSTSTORE_TYPE).getValue(),
                org.apache.nifi.security.util.SslContextFactory.ClientAuth.valueOf(clientAuth.name()),
                protocol);
    } catch (final Exception e) {
        throw new ProcessException(e);
    }
}