mirror of https://github.com/apache/nifi.git
NIFI-4335: Changed SSLContextService implementations to RestrictedSSLContextService for all Listen* processors
This closes #2131. Signed-off-by: Andy LoPresto <alopresto@apache.org>
This commit is contained in:
m-hogue
Andy LoPresto
parent
c10ff574c4
commit
03e51ee8ac
|
|
@ -58,6 +58,7 @@ import org.apache.nifi.processors.beats.frame.BeatsEncoder;
|
|||
import org.apache.nifi.processors.beats.handler.BeatsSocketChannelHandlerFactory;
|
||||
import org.apache.nifi.processors.beats.response.BeatsChannelResponse;
|
||||
import org.apache.nifi.processors.beats.response.BeatsResponse;
|
||||
import org.apache.nifi.ssl.RestrictedSSLContextService;
|
||||
import org.apache.nifi.ssl.SSLContextService;
|
||||
|
||||
@InputRequirement(InputRequirement.Requirement.INPUT_FORBIDDEN)
|
||||
|
|
@ -81,7 +82,7 @@ public class ListenBeats extends AbstractListenEventBatchingProcessor<BeatsEvent
|
|||
"messages will be received over a secure connection.")
|
||||
// Nearly all Lumberjack v1 implementations require TLS to work. v2 implementations (i.e. beats) have TLS as optional
|
||||
.required(false)
|
||||
.identifiesControllerService(SSLContextService.class)
|
||||
.identifiesControllerService(RestrictedSSLContextService.class)
|
||||
.build();
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -50,6 +50,7 @@ import org.apache.nifi.processor.Relationship;
|
|||
import org.apache.nifi.processor.exception.ProcessException;
|
||||
import org.apache.nifi.processor.util.StandardValidators;
|
||||
import org.apache.nifi.processors.email.smtp.SmtpConsumer;
|
||||
import org.apache.nifi.ssl.RestrictedSSLContextService;
|
||||
import org.apache.nifi.ssl.SSLContextService;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.subethamail.smtp.MessageContext;
|
||||
|
|
@ -124,7 +125,7 @@ public class ListenSMTP extends AbstractSessionFactoryProcessor {
|
|||
.description("The Controller Service to use in order to obtain an SSL Context. If this property is set, "
|
||||
+ "messages will be received over a secure connection.")
|
||||
.required(false)
|
||||
.identifiesControllerService(SSLContextService.class)
|
||||
.identifiesControllerService(RestrictedSSLContextService.class)
|
||||
.build();
|
||||
|
||||
static final PropertyDescriptor CLIENT_AUTH = new PropertyDescriptor.Builder()
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import org.apache.commons.mail.EmailException;
|
|||
import org.apache.commons.mail.SimpleEmail;
|
||||
import org.apache.nifi.remote.io.socket.NetworkUtils;
|
||||
import org.apache.nifi.ssl.SSLContextService;
|
||||
import org.apache.nifi.ssl.StandardRestrictedSSLContextService;
|
||||
import org.apache.nifi.ssl.StandardSSLContextService;
|
||||
import org.apache.nifi.util.TestRunner;
|
||||
import org.apache.nifi.util.TestRunners;
|
||||
|
|
@ -100,7 +101,7 @@ public class TestListenSMTP {
|
|||
runner.setProperty(ListenSMTP.SMTP_MAXIMUM_CONNECTIONS, "3");
|
||||
|
||||
// Setup the SSL Context
|
||||
SSLContextService sslContextService = new StandardSSLContextService();
|
||||
SSLContextService sslContextService = new StandardRestrictedSSLContextService();
|
||||
runner.addControllerService("ssl-context", sslContextService);
|
||||
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE, "src/test/resources/localhost-ts.jks");
|
||||
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_PASSWORD, "localtest");
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ import org.apache.nifi.processor.ProcessSessionFactory;
|
|||
import org.apache.nifi.processor.Relationship;
|
||||
import org.apache.nifi.processor.exception.ProcessException;
|
||||
import org.apache.nifi.processor.util.StandardValidators;
|
||||
import org.apache.nifi.ssl.RestrictedSSLContextService;
|
||||
import org.apache.nifi.ssl.SSLContextService;
|
||||
|
||||
import java.io.FileInputStream;
|
||||
|
|
@ -82,25 +83,29 @@ public class ListenGRPC extends AbstractSessionFactoryProcessor {
|
|||
// properties
|
||||
public static final PropertyDescriptor PROP_SERVICE_PORT = new PropertyDescriptor.Builder()
|
||||
.name("Local gRPC service port")
|
||||
.displayName("Local gRPC Service Port")
|
||||
.description("The local port that the gRPC service will listen on.")
|
||||
.required(true)
|
||||
.addValidator(StandardValidators.PORT_VALIDATOR)
|
||||
.build();
|
||||
public static final PropertyDescriptor PROP_USE_SECURE = new PropertyDescriptor.Builder()
|
||||
.name("Use SSL/TLS")
|
||||
.description("Whether or not to use SSL/TLS to send the contents of the gRPC messages.")
|
||||
.name("Use TLS")
|
||||
.displayName("Use TLS")
|
||||
.description("Whether or not to use TLS to send the contents of the gRPC messages.")
|
||||
.required(false)
|
||||
.defaultValue("false")
|
||||
.allowableValues("true", "false")
|
||||
.build();
|
||||
public static final PropertyDescriptor PROP_SSL_CONTEXT_SERVICE = new PropertyDescriptor.Builder()
|
||||
.name("SSL Context Service")
|
||||
.description("The SSL Context Service used to provide client certificate information for TLS/SSL (https) connections.")
|
||||
.displayName("SSL Context Service")
|
||||
.description("The SSL Context Service used to provide client certificate information for TLS (https) connections.")
|
||||
.required(false)
|
||||
.identifiesControllerService(SSLContextService.class)
|
||||
.identifiesControllerService(RestrictedSSLContextService.class)
|
||||
.build();
|
||||
public static final PropertyDescriptor PROP_FLOW_CONTROL_WINDOW = new PropertyDescriptor.Builder()
|
||||
.name("Flow Control Window")
|
||||
.displayName("Flow Control Window")
|
||||
.description("The initial HTTP/2 flow control window for both new streams and overall connection." +
|
||||
" Flow-control schemes ensure that streams on the same connection do not destructively interfere with each other." +
|
||||
" The default is 1MB.")
|
||||
|
|
@ -110,6 +115,7 @@ public class ListenGRPC extends AbstractSessionFactoryProcessor {
|
|||
.build();
|
||||
public static final PropertyDescriptor PROP_MAX_MESSAGE_SIZE = new PropertyDescriptor.Builder()
|
||||
.name("Max Message Size")
|
||||
.displayName("Maximum Message Size")
|
||||
.description("The maximum size of FlowFiles that this processor will allow to be received." +
|
||||
" The default is 4MB. If FlowFiles exceed this size, you should consider using another transport mechanism" +
|
||||
" as gRPC isn't designed for heavy payloads.")
|
||||
|
|
@ -119,6 +125,7 @@ public class ListenGRPC extends AbstractSessionFactoryProcessor {
|
|||
.build();
|
||||
public static final PropertyDescriptor PROP_AUTHORIZED_DN_PATTERN = new PropertyDescriptor.Builder()
|
||||
.name("Authorized DN Pattern")
|
||||
.displayName("Authorized DN Pattern")
|
||||
.description("A Regular Expression to apply against the Distinguished Name of incoming connections. If the Pattern does not match the DN, the connection will be refused.")
|
||||
.required(true)
|
||||
.defaultValue(".*")
|
||||
|
|
|
|||
|
|
@ -58,6 +58,7 @@ import org.apache.nifi.processors.lumberjack.frame.LumberjackEncoder;
|
|||
import org.apache.nifi.processors.lumberjack.handler.LumberjackSocketChannelHandlerFactory;
|
||||
import org.apache.nifi.processors.lumberjack.response.LumberjackChannelResponse;
|
||||
import org.apache.nifi.processors.lumberjack.response.LumberjackResponse;
|
||||
import org.apache.nifi.ssl.RestrictedSSLContextService;
|
||||
import org.apache.nifi.ssl.SSLContextService;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
|
|
@ -89,7 +90,7 @@ public class ListenLumberjack extends AbstractListenEventBatchingProcessor<Lumbe
|
|||
"two-way SSL authentication, the controller MUST have a truststore and a keystore to work" +
|
||||
"properly.")
|
||||
.required(true)
|
||||
.identifiesControllerService(SSLContextService.class)
|
||||
.identifiesControllerService(RestrictedSSLContextService.class)
|
||||
.build();
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ import org.apache.nifi.processor.util.StandardValidators;
|
|||
import org.apache.nifi.remote.client.SiteToSiteClient;
|
||||
import org.apache.nifi.remote.protocol.SiteToSiteTransportProtocol;
|
||||
import org.apache.nifi.remote.protocol.http.HttpProxy;
|
||||
import org.apache.nifi.ssl.RestrictedSSLContextService;
|
||||
import org.apache.nifi.ssl.SSLContextService;
|
||||
import org.apache.nifi.util.StringUtils;
|
||||
|
||||
|
|
@ -67,7 +68,7 @@ public abstract class AbstractSiteToSiteReportingTask extends AbstractReportingT
|
|||
.displayName("SSL Context Service")
|
||||
.description("The SSL Context Service to use when communicating with the destination. If not specified, communications will not be secure.")
|
||||
.required(false)
|
||||
.identifiesControllerService(SSLContextService.class)
|
||||
.identifiesControllerService(RestrictedSSLContextService.class)
|
||||
.build();
|
||||
static final PropertyDescriptor INSTANCE_URL = new PropertyDescriptor.Builder()
|
||||
.name("Instance URL")
|
||||
|
|
|
|||
|
|
@ -80,5 +80,10 @@
|
|||
<artifactId>nifi-ssl-context-service</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.nifi</groupId>
|
||||
<artifactId>nifi-ssl-context-service-api</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
*/
|
||||
package org.apache.nifi.processors.slack;
|
||||
|
||||
import org.apache.nifi.ssl.StandardSSLContextService;
|
||||
import org.apache.nifi.ssl.StandardRestrictedSSLContextService;
|
||||
import org.eclipse.jetty.server.Handler;
|
||||
import org.eclipse.jetty.server.Server;
|
||||
import org.eclipse.jetty.server.ServerConnector;
|
||||
|
|
@ -79,16 +79,16 @@ public class TestServer {
|
|||
private void createSecureConnector(final Map<String, String> sslProperties) {
|
||||
SslContextFactory ssl = new SslContextFactory();
|
||||
|
||||
if (sslProperties.get(StandardSSLContextService.KEYSTORE.getName()) != null) {
|
||||
ssl.setKeyStorePath(sslProperties.get(StandardSSLContextService.KEYSTORE.getName()));
|
||||
ssl.setKeyStorePassword(sslProperties.get(StandardSSLContextService.KEYSTORE_PASSWORD.getName()));
|
||||
ssl.setKeyStoreType(sslProperties.get(StandardSSLContextService.KEYSTORE_TYPE.getName()));
|
||||
if (sslProperties.get(StandardRestrictedSSLContextService.KEYSTORE.getName()) != null) {
|
||||
ssl.setKeyStorePath(sslProperties.get(StandardRestrictedSSLContextService.KEYSTORE.getName()));
|
||||
ssl.setKeyStorePassword(sslProperties.get(StandardRestrictedSSLContextService.KEYSTORE_PASSWORD.getName()));
|
||||
ssl.setKeyStoreType(sslProperties.get(StandardRestrictedSSLContextService.KEYSTORE_TYPE.getName()));
|
||||
}
|
||||
|
||||
if (sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName()) != null) {
|
||||
ssl.setTrustStorePath(sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName()));
|
||||
ssl.setTrustStorePassword(sslProperties.get(StandardSSLContextService.TRUSTSTORE_PASSWORD.getName()));
|
||||
ssl.setTrustStoreType(sslProperties.get(StandardSSLContextService.TRUSTSTORE_TYPE.getName()));
|
||||
if (sslProperties.get(StandardRestrictedSSLContextService.TRUSTSTORE.getName()) != null) {
|
||||
ssl.setTrustStorePath(sslProperties.get(StandardRestrictedSSLContextService.TRUSTSTORE.getName()));
|
||||
ssl.setTrustStorePassword(sslProperties.get(StandardRestrictedSSLContextService.TRUSTSTORE_PASSWORD.getName()));
|
||||
ssl.setTrustStoreType(sslProperties.get(StandardRestrictedSSLContextService.TRUSTSTORE_TYPE.getName()));
|
||||
}
|
||||
|
||||
final String clientAuth = sslProperties.get(NEED_CLIENT_AUTH);
|
||||
|
|
|
|||
|
|
@ -64,6 +64,7 @@ import org.apache.nifi.processor.Relationship;
|
|||
import org.apache.nifi.processor.exception.ProcessException;
|
||||
import org.apache.nifi.processor.util.StandardValidators;
|
||||
import org.apache.nifi.processors.standard.util.HTTPUtils;
|
||||
import org.apache.nifi.ssl.RestrictedSSLContextService;
|
||||
import org.apache.nifi.ssl.SSLContextService;
|
||||
import org.eclipse.jetty.server.Connector;
|
||||
import org.eclipse.jetty.server.HttpConfiguration;
|
||||
|
|
@ -145,7 +146,7 @@ public class HandleHttpRequest extends AbstractProcessor {
|
|||
.description("The SSL Context Service to use in order to secure the server. If specified, the server will accept only HTTPS requests; "
|
||||
+ "otherwise, the server will accept only HTTP requests")
|
||||
.required(false)
|
||||
.identifiesControllerService(SSLContextService.class)
|
||||
.identifiesControllerService(RestrictedSSLContextService.class)
|
||||
.build();
|
||||
public static final PropertyDescriptor URL_CHARACTER_SET = new PropertyDescriptor.Builder()
|
||||
.name("Default URL Character Set")
|
||||
|
|
|
|||
|
|
@ -47,6 +47,7 @@ import org.apache.nifi.processors.standard.relp.handler.RELPSocketChannelHandler
|
|||
import org.apache.nifi.processors.standard.relp.response.RELPChannelResponse;
|
||||
import org.apache.nifi.processors.standard.relp.response.RELPResponse;
|
||||
import org.apache.nifi.security.util.SslContextFactory;
|
||||
import org.apache.nifi.ssl.RestrictedSSLContextService;
|
||||
import org.apache.nifi.ssl.SSLContextService;
|
||||
|
||||
import javax.net.ssl.SSLContext;
|
||||
|
|
@ -83,7 +84,7 @@ public class ListenRELP extends AbstractListenEventBatchingProcessor<RELPEvent>
|
|||
.description("The Controller Service to use in order to obtain an SSL Context. If this property is set, " +
|
||||
"messages will be received over a secure connection.")
|
||||
.required(false)
|
||||
.identifiesControllerService(SSLContextService.class)
|
||||
.identifiesControllerService(RestrictedSSLContextService.class)
|
||||
.build();
|
||||
public static final PropertyDescriptor CLIENT_AUTH = new PropertyDescriptor.Builder()
|
||||
.name("Client Auth")
|
||||
|
|
|
|||
|
|
@ -74,6 +74,7 @@ import org.apache.nifi.processors.standard.syslog.SyslogAttributes;
|
|||
import org.apache.nifi.processors.standard.syslog.SyslogEvent;
|
||||
import org.apache.nifi.processors.standard.syslog.SyslogParser;
|
||||
import org.apache.nifi.security.util.SslContextFactory;
|
||||
import org.apache.nifi.ssl.RestrictedSSLContextService;
|
||||
import org.apache.nifi.ssl.SSLContextService;
|
||||
|
||||
@SupportsBatching
|
||||
|
|
@ -175,7 +176,7 @@ public class ListenSyslog extends AbstractSyslogProcessor {
|
|||
.description("The Controller Service to use in order to obtain an SSL Context. If this property is set, syslog " +
|
||||
"messages will be received over a secure connection.")
|
||||
.required(false)
|
||||
.identifiesControllerService(SSLContextService.class)
|
||||
.identifiesControllerService(RestrictedSSLContextService.class)
|
||||
.build();
|
||||
public static final PropertyDescriptor CLIENT_AUTH = new PropertyDescriptor.Builder()
|
||||
.name("Client Auth")
|
||||
|
|
|
|||
|
|
@ -38,6 +38,7 @@ import org.apache.nifi.processor.util.listen.event.StandardEventFactory;
|
|||
import org.apache.nifi.processor.util.listen.handler.ChannelHandlerFactory;
|
||||
import org.apache.nifi.processor.util.listen.handler.socket.SocketChannelHandlerFactory;
|
||||
import org.apache.nifi.security.util.SslContextFactory;
|
||||
import org.apache.nifi.ssl.RestrictedSSLContextService;
|
||||
import org.apache.nifi.ssl.SSLContextService;
|
||||
|
||||
import javax.net.ssl.SSLContext;
|
||||
|
|
@ -72,7 +73,7 @@ public class ListenTCP extends AbstractListenEventBatchingProcessor<StandardEven
|
|||
.description("The Controller Service to use in order to obtain an SSL Context. If this property is set, " +
|
||||
"messages will be received over a secure connection.")
|
||||
.required(false)
|
||||
.identifiesControllerService(SSLContextService.class)
|
||||
.identifiesControllerService(RestrictedSSLContextService.class)
|
||||
.build();
|
||||
|
||||
public static final PropertyDescriptor CLIENT_AUTH = new PropertyDescriptor.Builder()
|
||||
|
|
|
|||
|
|
@ -50,6 +50,7 @@ import org.apache.nifi.serialization.RecordSetWriterFactory;
|
|||
import org.apache.nifi.serialization.WriteResult;
|
||||
import org.apache.nifi.serialization.record.Record;
|
||||
import org.apache.nifi.serialization.record.RecordSchema;
|
||||
import org.apache.nifi.ssl.RestrictedSSLContextService;
|
||||
import org.apache.nifi.ssl.SSLContextService;
|
||||
|
||||
import javax.net.ssl.SSLContext;
|
||||
|
|
@ -181,7 +182,7 @@ public class ListenTCPRecord extends AbstractProcessor {
|
|||
.description("The Controller Service to use in order to obtain an SSL Context. If this property is set, " +
|
||||
"messages will be received over a secure connection.")
|
||||
.required(false)
|
||||
.identifiesControllerService(SSLContextService.class)
|
||||
.identifiesControllerService(RestrictedSSLContextService.class)
|
||||
.build();
|
||||
|
||||
static final PropertyDescriptor CLIENT_AUTH = new PropertyDescriptor.Builder()
|
||||
|
|
|
|||
|
|
@ -17,7 +17,8 @@
|
|||
package org.apache.nifi.processors.slack;
|
||||
|
||||
import java.util.Map;
|
||||
import org.apache.nifi.ssl.StandardSSLContextService;
|
||||
|
||||
import org.apache.nifi.ssl.StandardRestrictedSSLContextService;
|
||||
import org.eclipse.jetty.server.Handler;
|
||||
import org.eclipse.jetty.server.Server;
|
||||
import org.eclipse.jetty.server.ServerConnector;
|
||||
|
|
@ -78,16 +79,16 @@ public class TestServer {
|
|||
private void createSecureConnector(final Map<String, String> sslProperties) {
|
||||
SslContextFactory ssl = new SslContextFactory();
|
||||
|
||||
if (sslProperties.get(StandardSSLContextService.KEYSTORE.getName()) != null) {
|
||||
ssl.setKeyStorePath(sslProperties.get(StandardSSLContextService.KEYSTORE.getName()));
|
||||
ssl.setKeyStorePassword(sslProperties.get(StandardSSLContextService.KEYSTORE_PASSWORD.getName()));
|
||||
ssl.setKeyStoreType(sslProperties.get(StandardSSLContextService.KEYSTORE_TYPE.getName()));
|
||||
if (sslProperties.get(StandardRestrictedSSLContextService.KEYSTORE.getName()) != null) {
|
||||
ssl.setKeyStorePath(sslProperties.get(StandardRestrictedSSLContextService.KEYSTORE.getName()));
|
||||
ssl.setKeyStorePassword(sslProperties.get(StandardRestrictedSSLContextService.KEYSTORE_PASSWORD.getName()));
|
||||
ssl.setKeyStoreType(sslProperties.get(StandardRestrictedSSLContextService.KEYSTORE_TYPE.getName()));
|
||||
}
|
||||
|
||||
if (sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName()) != null) {
|
||||
ssl.setTrustStorePath(sslProperties.get(StandardSSLContextService.TRUSTSTORE.getName()));
|
||||
ssl.setTrustStorePassword(sslProperties.get(StandardSSLContextService.TRUSTSTORE_PASSWORD.getName()));
|
||||
ssl.setTrustStoreType(sslProperties.get(StandardSSLContextService.TRUSTSTORE_TYPE.getName()));
|
||||
if (sslProperties.get(StandardRestrictedSSLContextService.TRUSTSTORE.getName()) != null) {
|
||||
ssl.setTrustStorePath(sslProperties.get(StandardRestrictedSSLContextService.TRUSTSTORE.getName()));
|
||||
ssl.setTrustStorePassword(sslProperties.get(StandardRestrictedSSLContextService.TRUSTSTORE_PASSWORD.getName()));
|
||||
ssl.setTrustStoreType(sslProperties.get(StandardRestrictedSSLContextService.TRUSTSTORE_TYPE.getName()));
|
||||
}
|
||||
|
||||
final String clientAuth = sslProperties.get(NEED_CLIENT_AUTH);
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ import org.apache.nifi.processor.ProcessSessionFactory;
|
|||
import org.apache.nifi.reporting.InitializationException;
|
||||
import org.apache.nifi.security.util.SslContextFactory;
|
||||
import org.apache.nifi.ssl.SSLContextService;
|
||||
import org.apache.nifi.ssl.StandardRestrictedSSLContextService;
|
||||
import org.apache.nifi.ssl.StandardSSLContextService;
|
||||
import org.apache.nifi.util.MockFlowFile;
|
||||
import org.apache.nifi.util.TestRunner;
|
||||
|
|
@ -107,7 +108,7 @@ public class TestListenTCP {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void testTLSClienAuthRequiredAndClientCertProvided() throws InitializationException, IOException, InterruptedException,
|
||||
public void testTLSClientAuthRequiredAndClientCertProvided() throws InitializationException, IOException, InterruptedException,
|
||||
UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
|
||||
|
||||
runner.setProperty(ListenTCP.CLIENT_AUTH, SSLContextService.ClientAuth.REQUIRED.name());
|
||||
|
|
@ -140,7 +141,7 @@ public class TestListenTCP {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void testTLSClienAuthRequiredAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException,
|
||||
public void testTLSClientAuthRequiredAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException,
|
||||
UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
|
||||
|
||||
runner.setProperty(ListenTCP.CLIENT_AUTH, SSLContextService.ClientAuth.REQUIRED.name());
|
||||
|
|
@ -169,7 +170,7 @@ public class TestListenTCP {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void testTLSClienAuthNoneAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException,
|
||||
public void testTLSClientAuthNoneAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException,
|
||||
UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
|
||||
|
||||
runner.setProperty(ListenTCP.CLIENT_AUTH, SSLContextService.ClientAuth.NONE.name());
|
||||
|
|
@ -258,7 +259,7 @@ public class TestListenTCP {
|
|||
}
|
||||
|
||||
private SSLContextService configureProcessorSslContextService() throws InitializationException {
|
||||
final SSLContextService sslContextService = new StandardSSLContextService();
|
||||
final SSLContextService sslContextService = new StandardRestrictedSSLContextService();
|
||||
runner.addControllerService("ssl-context", sslContextService);
|
||||
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE, "src/test/resources/localhost-ts.jks");
|
||||
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_PASSWORD, "localtest");
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ import org.apache.nifi.serialization.RecordReaderFactory;
|
|||
import org.apache.nifi.serialization.RecordSetWriterFactory;
|
||||
import org.apache.nifi.serialization.record.MockRecordWriter;
|
||||
import org.apache.nifi.ssl.SSLContextService;
|
||||
import org.apache.nifi.ssl.StandardRestrictedSSLContextService;
|
||||
import org.apache.nifi.ssl.StandardSSLContextService;
|
||||
import org.apache.nifi.util.MockFlowFile;
|
||||
import org.apache.nifi.util.TestRunner;
|
||||
|
|
@ -152,7 +153,7 @@ public class TestListenTCPRecord {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void testTLSClienAuthRequiredAndClientCertProvided() throws InitializationException, IOException, InterruptedException, UnrecoverableKeyException,
|
||||
public void testTLSClientAuthRequiredAndClientCertProvided() throws InitializationException, IOException, InterruptedException, UnrecoverableKeyException,
|
||||
CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
|
||||
|
||||
runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SSLContextService.ClientAuth.REQUIRED.name());
|
||||
|
|
@ -182,7 +183,7 @@ public class TestListenTCPRecord {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void testTLSClienAuthRequiredAndClientCertNotProvided() throws InitializationException, CertificateException, UnrecoverableKeyException,
|
||||
public void testTLSClientAuthRequiredAndClientCertNotProvided() throws InitializationException, CertificateException, UnrecoverableKeyException,
|
||||
NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException, InterruptedException {
|
||||
|
||||
runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SSLContextService.ClientAuth.REQUIRED.name());
|
||||
|
|
@ -200,7 +201,7 @@ public class TestListenTCPRecord {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void testTLSClienAuthNoneAndClientCertNotProvided() throws InitializationException, CertificateException, UnrecoverableKeyException,
|
||||
public void testTLSClientAuthNoneAndClientCertNotProvided() throws InitializationException, CertificateException, UnrecoverableKeyException,
|
||||
NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException, InterruptedException {
|
||||
|
||||
runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SSLContextService.ClientAuth.NONE.name());
|
||||
|
|
@ -263,7 +264,7 @@ public class TestListenTCPRecord {
|
|||
}
|
||||
|
||||
private SSLContextService configureProcessorSslContextService() throws InitializationException {
|
||||
final SSLContextService sslContextService = new StandardSSLContextService();
|
||||
final SSLContextService sslContextService = new StandardRestrictedSSLContextService();
|
||||
runner.addControllerService("ssl-context", sslContextService);
|
||||
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE, "src/test/resources/localhost-ts.jks");
|
||||
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_PASSWORD, "localtest");
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ import org.apache.nifi.components.PropertyDescriptor;
|
|||
import org.apache.nifi.controller.AbstractControllerService;
|
||||
import org.apache.nifi.controller.ConfigurationContext;
|
||||
import org.apache.nifi.processor.util.StandardValidators;
|
||||
import org.apache.nifi.ssl.SSLContextService;
|
||||
import org.apache.nifi.ssl.RestrictedSSLContextService;
|
||||
|
||||
public abstract class DistributedCacheServer extends AbstractControllerService {
|
||||
|
||||
|
|
@ -46,7 +46,7 @@ public abstract class DistributedCacheServer extends AbstractControllerService {
|
|||
.description("If specified, this service will be used to create an SSL Context that will be used "
|
||||
+ "to secure communications; if not specified, communications will not be secure")
|
||||
.required(false)
|
||||
.identifiesControllerService(SSLContextService.class)
|
||||
.identifiesControllerService(RestrictedSSLContextService.class)
|
||||
.build();
|
||||
public static final PropertyDescriptor MAX_CACHE_ENTRIES = new PropertyDescriptor.Builder()
|
||||
.name("Maximum Cache Entries")
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ package org.apache.nifi.websocket;
|
|||
import org.apache.nifi.components.PropertyDescriptor;
|
||||
import org.apache.nifi.controller.ControllerService;
|
||||
import org.apache.nifi.processor.Processor;
|
||||
import org.apache.nifi.ssl.SSLContextService;
|
||||
import org.apache.nifi.ssl.RestrictedSSLContextService;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
|
|
@ -34,7 +34,7 @@ public interface WebSocketService extends ControllerService {
|
|||
.description("The SSL Context Service to use in order to secure the server. If specified, the server will accept only WSS requests; "
|
||||
+ "otherwise, the server will accept only WS requests")
|
||||
.required(false)
|
||||
.identifiesControllerService(SSLContextService.class)
|
||||
.identifiesControllerService(RestrictedSSLContextService.class)
|
||||
.build();
|
||||
|
||||
void registerProcessor(final String endpointId, final Processor processor) throws WebSocketConfigurationException;
|
||||
|
|
|
|||
Loading…
Reference in New Issue