mirror of https://github.com/apache/nifi.git
NIFI-7913 Added getEnabledProtocols() to TlsConfiguration and updated ListenSMTP to set enabled protocols on SSL Sockets
NIFI-7913 Changed order of supported protocols to match existing comments in SSLContextService This closes #4599 Signed-off-by: Nathan Gough <thenatog@gmail.com>
This commit is contained in:
parent
8e4948322e
commit
7bff64b3cf
|
@ -25,6 +25,13 @@ import java.util.regex.Pattern;
|
||||||
* {@link javax.net.ssl.SSLContext}s.
|
* {@link javax.net.ssl.SSLContext}s.
|
||||||
*/
|
*/
|
||||||
public interface TlsConfiguration {
|
public interface TlsConfiguration {
|
||||||
|
String SSL_PROTOCOL = "SSL";
|
||||||
|
String TLS_PROTOCOL = "TLS";
|
||||||
|
|
||||||
|
String TLS_1_0_PROTOCOL = "TLSv1";
|
||||||
|
String TLS_1_1_PROTOCOL = "TLSv1.1";
|
||||||
|
String[] LEGACY_TLS_PROTOCOL_VERSIONS = new String[]{TLS_1_0_PROTOCOL, TLS_1_1_PROTOCOL};
|
||||||
|
|
||||||
String JAVA_8_MAX_SUPPORTED_TLS_PROTOCOL_VERSION = "TLSv1.2";
|
String JAVA_8_MAX_SUPPORTED_TLS_PROTOCOL_VERSION = "TLSv1.2";
|
||||||
String JAVA_11_MAX_SUPPORTED_TLS_PROTOCOL_VERSION = "TLSv1.3";
|
String JAVA_11_MAX_SUPPORTED_TLS_PROTOCOL_VERSION = "TLSv1.3";
|
||||||
String[] JAVA_8_SUPPORTED_TLS_PROTOCOL_VERSIONS = new String[]{JAVA_8_MAX_SUPPORTED_TLS_PROTOCOL_VERSION};
|
String[] JAVA_8_SUPPORTED_TLS_PROTOCOL_VERSIONS = new String[]{JAVA_8_MAX_SUPPORTED_TLS_PROTOCOL_VERSION};
|
||||||
|
@ -157,6 +164,13 @@ public interface TlsConfiguration {
|
||||||
*/
|
*/
|
||||||
String[] getTruststorePropertiesForLogging();
|
String[] getTruststorePropertiesForLogging();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get Enabled TLS Protocol Versions
|
||||||
|
*
|
||||||
|
* @return Enabled TLS Protocols
|
||||||
|
*/
|
||||||
|
String[] getEnabledProtocols();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the JVM Java major version based on the System properties (e.g. {@code JVM 1.8.0.231} -> {code 8}).
|
* Returns the JVM Java major version based on the System properties (e.g. {@code JVM 1.8.0.231} -> {code 8}).
|
||||||
*
|
*
|
||||||
|
|
|
@ -18,6 +18,9 @@ package org.apache.nifi.security.util;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.net.MalformedURLException;
|
import java.net.MalformedURLException;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.List;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
import org.apache.nifi.util.NiFiProperties;
|
import org.apache.nifi.util.NiFiProperties;
|
||||||
import org.apache.nifi.util.StringUtils;
|
import org.apache.nifi.util.StringUtils;
|
||||||
|
@ -432,6 +435,29 @@ public class StandardTlsConfiguration implements TlsConfiguration {
|
||||||
return new String[]{getTruststorePath(), getTruststorePasswordForLogging(), getKeystoreType() != null ? getTruststoreType().getType() : NULL_LOG};
|
return new String[]{getTruststorePath(), getTruststorePasswordForLogging(), getKeystoreType() != null ? getTruststoreType().getType() : NULL_LOG};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get Enabled TLS Protocols translates SSL to legacy protocols and TLS to current protocols or returns configured protocol
|
||||||
|
*
|
||||||
|
* @return Enabled TLS Protocols
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public String[] getEnabledProtocols() {
|
||||||
|
final List<String> enabledProtocols = new ArrayList<>();
|
||||||
|
|
||||||
|
final String configuredProtocol = getProtocol();
|
||||||
|
if (TLS_PROTOCOL.equals(configuredProtocol)) {
|
||||||
|
enabledProtocols.addAll(Arrays.asList(TlsConfiguration.getCurrentSupportedTlsProtocolVersions()));
|
||||||
|
} else if (SSL_PROTOCOL.equals(configuredProtocol)) {
|
||||||
|
enabledProtocols.addAll(Arrays.asList(LEGACY_TLS_PROTOCOL_VERSIONS));
|
||||||
|
enabledProtocols.addAll(Arrays.asList(TlsConfiguration.getCurrentSupportedTlsProtocolVersions()));
|
||||||
|
} else if (configuredProtocol != null) {
|
||||||
|
enabledProtocols.add(configuredProtocol);
|
||||||
|
}
|
||||||
|
|
||||||
|
return enabledProtocols.toArray(new String[enabledProtocols.size()]);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String toString() {
|
public String toString() {
|
||||||
StringBuilder sb = new StringBuilder("[TlsConfiguration]");
|
StringBuilder sb = new StringBuilder("[TlsConfiguration]");
|
||||||
|
|
|
@ -209,4 +209,43 @@ class StandardTlsConfigurationTest extends GroovyTestCase {
|
||||||
assert !wrongPasswordIsValid
|
assert !wrongPasswordIsValid
|
||||||
assert !invalidIsValid
|
assert !invalidIsValid
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void testShouldReturnLegacyAndCurrentEnabledProtocolsForSsl() {
|
||||||
|
TlsConfiguration configuration = getTlsConfiguration(TlsConfiguration.SSL_PROTOCOL)
|
||||||
|
|
||||||
|
String[] enabledProtocols = configuration.enabledProtocols
|
||||||
|
assert enabledProtocols.toList().containsAll(TlsConfiguration.LEGACY_TLS_PROTOCOL_VERSIONS)
|
||||||
|
assert enabledProtocols.toList().containsAll(TlsConfiguration.getCurrentSupportedTlsProtocolVersions())
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void testShouldReturnCurrentEnabledProtocolsForTls() {
|
||||||
|
TlsConfiguration configuration = getTlsConfiguration(TlsConfiguration.TLS_PROTOCOL)
|
||||||
|
|
||||||
|
String[] enabledProtocols = configuration.enabledProtocols
|
||||||
|
assert !enabledProtocols.toList().containsAll(TlsConfiguration.LEGACY_TLS_PROTOCOL_VERSIONS)
|
||||||
|
assert enabledProtocols.toList().containsAll(TlsConfiguration.getCurrentSupportedTlsProtocolVersions())
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void testShouldReturnConfiguredEnabledProtocols() {
|
||||||
|
String currentProtocol = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion()
|
||||||
|
TlsConfiguration configuration = getTlsConfiguration(currentProtocol)
|
||||||
|
|
||||||
|
String[] enabledProtocols = configuration.enabledProtocols
|
||||||
|
assert enabledProtocols == [currentProtocol]
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void testShouldReturnEmptyEnabledProtocolsForNullProtocol() {
|
||||||
|
TlsConfiguration configuration = getTlsConfiguration(null)
|
||||||
|
|
||||||
|
String[] enabledProtocols = configuration.enabledProtocols
|
||||||
|
assert enabledProtocols.toList().isEmpty()
|
||||||
|
}
|
||||||
|
|
||||||
|
TlsConfiguration getTlsConfiguration(String protocol) {
|
||||||
|
new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, protocol)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -50,6 +50,7 @@ import org.apache.nifi.processor.exception.ProcessException;
|
||||||
import org.apache.nifi.processor.util.StandardValidators;
|
import org.apache.nifi.processor.util.StandardValidators;
|
||||||
import org.apache.nifi.processors.email.smtp.SmtpConsumer;
|
import org.apache.nifi.processors.email.smtp.SmtpConsumer;
|
||||||
import org.apache.nifi.security.util.ClientAuth;
|
import org.apache.nifi.security.util.ClientAuth;
|
||||||
|
import org.apache.nifi.security.util.TlsConfiguration;
|
||||||
import org.apache.nifi.ssl.RestrictedSSLContextService;
|
import org.apache.nifi.ssl.RestrictedSSLContextService;
|
||||||
import org.apache.nifi.ssl.SSLContextService;
|
import org.apache.nifi.ssl.SSLContextService;
|
||||||
import org.springframework.util.StringUtils;
|
import org.springframework.util.StringUtils;
|
||||||
|
@ -252,6 +253,9 @@ public class ListenSMTP extends AbstractSessionFactoryProcessor {
|
||||||
SSLContext sslContext = sslContextService.createSSLContext(ClientAuth.valueOf(clientAuth));
|
SSLContext sslContext = sslContextService.createSSLContext(ClientAuth.valueOf(clientAuth));
|
||||||
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
|
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
|
||||||
SSLSocket sslSocket = (SSLSocket) (socketFactory.createSocket(socket, remoteAddress.getHostName(), socket.getPort(), true));
|
SSLSocket sslSocket = (SSLSocket) (socketFactory.createSocket(socket, remoteAddress.getHostName(), socket.getPort(), true));
|
||||||
|
final TlsConfiguration tlsConfiguration = sslContextService.createTlsConfiguration();
|
||||||
|
sslSocket.setEnabledProtocols(tlsConfiguration.getEnabledProtocols());
|
||||||
|
|
||||||
sslSocket.setUseClientMode(false);
|
sslSocket.setUseClientMode(false);
|
||||||
|
|
||||||
if (ClientAuth.REQUIRED.toString().equals(clientAuth)) {
|
if (ClientAuth.REQUIRED.toString().equals(clientAuth)) {
|
||||||
|
|
|
@ -16,6 +16,8 @@
|
||||||
*/
|
*/
|
||||||
package org.apache.nifi.processors.email;
|
package org.apache.nifi.processors.email;
|
||||||
|
|
||||||
|
import static org.junit.Assert.assertEquals;
|
||||||
|
import static org.junit.Assert.assertThrows;
|
||||||
import static org.junit.Assert.assertTrue;
|
import static org.junit.Assert.assertTrue;
|
||||||
|
|
||||||
import java.util.Properties;
|
import java.util.Properties;
|
||||||
|
@ -26,7 +28,9 @@ import javax.mail.Transport;
|
||||||
import javax.mail.internet.InternetAddress;
|
import javax.mail.internet.InternetAddress;
|
||||||
import javax.mail.internet.MimeMessage;
|
import javax.mail.internet.MimeMessage;
|
||||||
import org.apache.nifi.remote.io.socket.NetworkUtils;
|
import org.apache.nifi.remote.io.socket.NetworkUtils;
|
||||||
|
import org.apache.nifi.reporting.InitializationException;
|
||||||
import org.apache.nifi.security.util.ClientAuth;
|
import org.apache.nifi.security.util.ClientAuth;
|
||||||
|
import org.apache.nifi.security.util.TlsConfiguration;
|
||||||
import org.apache.nifi.ssl.SSLContextService;
|
import org.apache.nifi.ssl.SSLContextService;
|
||||||
import org.apache.nifi.ssl.StandardRestrictedSSLContextService;
|
import org.apache.nifi.ssl.StandardRestrictedSSLContextService;
|
||||||
import org.apache.nifi.ssl.StandardSSLContextService;
|
import org.apache.nifi.ssl.StandardSSLContextService;
|
||||||
|
@ -35,38 +39,20 @@ import org.apache.nifi.util.TestRunners;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
public class TestListenSMTP {
|
public class TestListenSMTP {
|
||||||
|
private static final String SSL_SERVICE_IDENTIFIER = "ssl-context";
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testListenSMTP() throws Exception {
|
public void testListenSMTP() throws Exception {
|
||||||
final ListenSMTP processor = new ListenSMTP();
|
|
||||||
final TestRunner runner = TestRunners.newTestRunner(processor);
|
|
||||||
|
|
||||||
final int port = NetworkUtils.availablePort();
|
final int port = NetworkUtils.availablePort();
|
||||||
runner.setProperty(ListenSMTP.SMTP_PORT, String.valueOf(port));
|
final TestRunner runner = newTestRunner(port);
|
||||||
runner.setProperty(ListenSMTP.SMTP_MAXIMUM_CONNECTIONS, "3");
|
|
||||||
|
|
||||||
runner.run(1, false);
|
runner.run(1, false);
|
||||||
|
assertPortListening(port);
|
||||||
|
|
||||||
assertTrue(String.format("expected server listening on %s:%d", "localhost", port), NetworkUtils.isListening("localhost", port, 5000));
|
final Session session = getSession(port);
|
||||||
|
|
||||||
final Properties config = new Properties();
|
|
||||||
config.put("mail.smtp.host", "localhost");
|
|
||||||
config.put("mail.smtp.port", String.valueOf(port));
|
|
||||||
config.put("mail.smtp.connectiontimeout", "5000");
|
|
||||||
config.put("mail.smtp.timeout", "5000");
|
|
||||||
config.put("mail.smtp.writetimeout", "5000");
|
|
||||||
|
|
||||||
final Session session = Session.getInstance(config);
|
|
||||||
session.setDebug(true);
|
|
||||||
|
|
||||||
final int numMessages = 5;
|
final int numMessages = 5;
|
||||||
for (int i = 0; i < numMessages; i++) {
|
for (int i = 0; i < numMessages; i++) {
|
||||||
final Message email = new MimeMessage(session);
|
sendMessage(session, i);
|
||||||
email.setFrom(new InternetAddress("alice@nifi.apache.org"));
|
|
||||||
email.setRecipients(Message.RecipientType.TO, InternetAddress.parse("bob@nifi.apache.org"));
|
|
||||||
email.setSubject("This is a test");
|
|
||||||
email.setText("MSG-" + i);
|
|
||||||
Transport.send(email);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
runner.shutdown();
|
runner.shutdown();
|
||||||
|
@ -74,34 +60,92 @@ public class TestListenSMTP {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testListenSMTPwithTLS() throws Exception {
|
public void testListenSMTPwithTLSCurrentVersion() throws Exception {
|
||||||
final ListenSMTP processor = new ListenSMTP();
|
|
||||||
final TestRunner runner = TestRunners.newTestRunner(processor);
|
|
||||||
|
|
||||||
final int port = NetworkUtils.availablePort();
|
final int port = NetworkUtils.availablePort();
|
||||||
runner.setProperty(ListenSMTP.SMTP_PORT, String.valueOf(port));
|
final TestRunner runner = newTestRunner(port);
|
||||||
runner.setProperty(ListenSMTP.SMTP_MAXIMUM_CONNECTIONS, "3");
|
|
||||||
|
|
||||||
// Setup the SSL Context
|
final String tlsProtocol = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion();
|
||||||
final SSLContextService sslContextService = new StandardRestrictedSSLContextService();
|
configureSslContextService(runner, tlsProtocol);
|
||||||
runner.addControllerService("ssl-context", sslContextService);
|
runner.setProperty(ListenSMTP.SSL_CONTEXT_SERVICE, SSL_SERVICE_IDENTIFIER);
|
||||||
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE, "src/test/resources/truststore.jks");
|
|
||||||
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_PASSWORD, "passwordpassword");
|
|
||||||
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_TYPE, "JKS");
|
|
||||||
runner.setProperty(sslContextService, StandardSSLContextService.KEYSTORE, "src/test/resources/keystore.jks");
|
|
||||||
runner.setProperty(sslContextService, StandardSSLContextService.KEYSTORE_PASSWORD, "passwordpassword");
|
|
||||||
runner.setProperty(sslContextService, StandardSSLContextService.KEYSTORE_TYPE, "JKS");
|
|
||||||
runner.enableControllerService(sslContextService);
|
|
||||||
|
|
||||||
// and add the SSL context to the runner
|
|
||||||
runner.setProperty(ListenSMTP.SSL_CONTEXT_SERVICE, "ssl-context");
|
|
||||||
runner.setProperty(ListenSMTP.CLIENT_AUTH, ClientAuth.NONE.name());
|
runner.setProperty(ListenSMTP.CLIENT_AUTH, ClientAuth.NONE.name());
|
||||||
runner.assertValid();
|
runner.assertValid();
|
||||||
|
|
||||||
runner.run(1, false);
|
runner.run(1, false);
|
||||||
|
assertPortListening(port);
|
||||||
|
final Session session = getSessionTls(port, tlsProtocol);
|
||||||
|
|
||||||
|
final int numMessages = 5;
|
||||||
|
for (int i = 0; i < numMessages; i++) {
|
||||||
|
sendMessage(session, i);
|
||||||
|
}
|
||||||
|
|
||||||
|
runner.shutdown();
|
||||||
|
runner.assertAllFlowFilesTransferred(ListenSMTP.REL_SUCCESS, numMessages);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testListenSMTPwithTLSLegacyProtocolException() throws Exception {
|
||||||
|
final int port = NetworkUtils.availablePort();
|
||||||
|
final TestRunner runner = newTestRunner(port);
|
||||||
|
|
||||||
|
configureSslContextService(runner, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
|
||||||
|
runner.setProperty(ListenSMTP.SSL_CONTEXT_SERVICE, SSL_SERVICE_IDENTIFIER);
|
||||||
|
runner.setProperty(ListenSMTP.CLIENT_AUTH, ClientAuth.NONE.name());
|
||||||
|
runner.assertValid();
|
||||||
|
|
||||||
|
runner.run(1, false);
|
||||||
|
assertPortListening(port);
|
||||||
|
|
||||||
|
final Session session = getSessionTls(port, TlsConfiguration.TLS_1_0_PROTOCOL);
|
||||||
|
final MessagingException exception = assertThrows(MessagingException.class, () -> sendMessage(session, 0));
|
||||||
|
assertEquals(exception.getMessage(), "Could not convert socket to TLS");
|
||||||
|
|
||||||
|
runner.shutdown();
|
||||||
|
runner.assertAllFlowFilesTransferred(ListenSMTP.REL_SUCCESS, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testListenSMTPwithTooLargeMessage() throws Exception {
|
||||||
|
final int port = NetworkUtils.availablePort();
|
||||||
|
final TestRunner runner = newTestRunner(port);
|
||||||
|
runner.setProperty(ListenSMTP.SMTP_MAXIMUM_MSG_SIZE, "10 B");
|
||||||
|
|
||||||
|
runner.run(1, false);
|
||||||
|
assertPortListening(port);
|
||||||
|
|
||||||
|
final Session session = getSession(port);
|
||||||
|
assertThrows(MessagingException.class, () -> sendMessage(session, 0));
|
||||||
|
|
||||||
|
runner.shutdown();
|
||||||
|
runner.assertAllFlowFilesTransferred(ListenSMTP.REL_SUCCESS, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
private TestRunner newTestRunner(final int port) {
|
||||||
|
final ListenSMTP processor = new ListenSMTP();
|
||||||
|
final TestRunner runner = TestRunners.newTestRunner(processor);
|
||||||
|
|
||||||
|
runner.setProperty(ListenSMTP.SMTP_PORT, String.valueOf(port));
|
||||||
|
runner.setProperty(ListenSMTP.SMTP_MAXIMUM_CONNECTIONS, "3");
|
||||||
|
return runner;
|
||||||
|
}
|
||||||
|
|
||||||
|
private void assertPortListening(final int port) {
|
||||||
assertTrue(String.format("expected server listening on %s:%d", "localhost", port), NetworkUtils.isListening("localhost", port, 5000));
|
assertTrue(String.format("expected server listening on %s:%d", "localhost", port), NetworkUtils.isListening("localhost", port, 5000));
|
||||||
|
}
|
||||||
|
|
||||||
|
private Session getSession(final int port) {
|
||||||
|
final Properties config = new Properties();
|
||||||
|
config.put("mail.smtp.host", "localhost");
|
||||||
|
config.put("mail.smtp.port", String.valueOf(port));
|
||||||
|
config.put("mail.smtp.connectiontimeout", "5000");
|
||||||
|
config.put("mail.smtp.timeout", "5000");
|
||||||
|
config.put("mail.smtp.writetimeout", "5000");
|
||||||
|
final Session session = Session.getInstance(config);
|
||||||
|
session.setDebug(true);
|
||||||
|
return session;
|
||||||
|
}
|
||||||
|
|
||||||
|
private Session getSessionTls(final int port, final String tlsProtocol) {
|
||||||
final Properties config = new Properties();
|
final Properties config = new Properties();
|
||||||
config.put("mail.smtp.host", "localhost");
|
config.put("mail.smtp.host", "localhost");
|
||||||
config.put("mail.smtp.port", String.valueOf(port));
|
config.put("mail.smtp.port", String.valueOf(port));
|
||||||
|
@ -112,12 +156,14 @@ public class TestListenSMTP {
|
||||||
config.put("mail.smtp.connectiontimeout", "5000");
|
config.put("mail.smtp.connectiontimeout", "5000");
|
||||||
config.put("mail.smtp.timeout", "5000");
|
config.put("mail.smtp.timeout", "5000");
|
||||||
config.put("mail.smtp.writetimeout", "5000");
|
config.put("mail.smtp.writetimeout", "5000");
|
||||||
|
config.put("mail.smtp.ssl.protocols", tlsProtocol);
|
||||||
|
|
||||||
final Session session = Session.getInstance(config);
|
final Session session = Session.getInstance(config);
|
||||||
session.setDebug(true);
|
session.setDebug(true);
|
||||||
|
return session;
|
||||||
|
}
|
||||||
|
|
||||||
final int numMessages = 5;
|
private void sendMessage(final Session session, final int i) throws MessagingException {
|
||||||
for (int i = 0; i < numMessages; i++) {
|
|
||||||
final Message email = new MimeMessage(session);
|
final Message email = new MimeMessage(session);
|
||||||
email.setFrom(new InternetAddress("alice@nifi.apache.org"));
|
email.setFrom(new InternetAddress("alice@nifi.apache.org"));
|
||||||
email.setRecipients(Message.RecipientType.TO, InternetAddress.parse("bob@nifi.apache.org"));
|
email.setRecipients(Message.RecipientType.TO, InternetAddress.parse("bob@nifi.apache.org"));
|
||||||
|
@ -126,50 +172,16 @@ public class TestListenSMTP {
|
||||||
Transport.send(email);
|
Transport.send(email);
|
||||||
}
|
}
|
||||||
|
|
||||||
runner.shutdown();
|
private void configureSslContextService(final TestRunner runner, final String tlsProtocol) throws InitializationException {
|
||||||
runner.assertAllFlowFilesTransferred(ListenSMTP.REL_SUCCESS, numMessages);
|
final SSLContextService sslContextService = new StandardRestrictedSSLContextService();
|
||||||
|
runner.addControllerService(SSL_SERVICE_IDENTIFIER, sslContextService);
|
||||||
|
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE, "src/test/resources/truststore.jks");
|
||||||
|
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_PASSWORD, "passwordpassword");
|
||||||
|
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_TYPE, "JKS");
|
||||||
|
runner.setProperty(sslContextService, StandardSSLContextService.KEYSTORE, "src/test/resources/keystore.jks");
|
||||||
|
runner.setProperty(sslContextService, StandardSSLContextService.KEYSTORE_PASSWORD, "passwordpassword");
|
||||||
|
runner.setProperty(sslContextService, StandardSSLContextService.KEYSTORE_TYPE, "JKS");
|
||||||
|
runner.setProperty(sslContextService, StandardSSLContextService.SSL_ALGORITHM, tlsProtocol);
|
||||||
|
runner.enableControllerService(sslContextService);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test(expected = MessagingException.class)
|
|
||||||
public void testListenSMTPwithTooLargeMessage() throws Exception {
|
|
||||||
final ListenSMTP processor = new ListenSMTP();
|
|
||||||
final TestRunner runner = TestRunners.newTestRunner(processor);
|
|
||||||
|
|
||||||
final int port = NetworkUtils.availablePort();
|
|
||||||
runner.setProperty(ListenSMTP.SMTP_PORT, String.valueOf(port));
|
|
||||||
runner.setProperty(ListenSMTP.SMTP_MAXIMUM_CONNECTIONS, "3");
|
|
||||||
runner.setProperty(ListenSMTP.SMTP_MAXIMUM_MSG_SIZE, "10 B");
|
|
||||||
|
|
||||||
runner.run(1, false);
|
|
||||||
|
|
||||||
assertTrue(String.format("expected server listening on %s:%d", "localhost", port), NetworkUtils.isListening("localhost", port, 5000));
|
|
||||||
|
|
||||||
final Properties config = new Properties();
|
|
||||||
config.put("mail.smtp.host", "localhost");
|
|
||||||
config.put("mail.smtp.port", String.valueOf(port));
|
|
||||||
config.put("mail.smtp.connectiontimeout", "5000");
|
|
||||||
config.put("mail.smtp.timeout", "5000");
|
|
||||||
config.put("mail.smtp.writetimeout", "5000");
|
|
||||||
|
|
||||||
final Session session = Session.getInstance(config);
|
|
||||||
session.setDebug(true);
|
|
||||||
|
|
||||||
MessagingException messagingException = null;
|
|
||||||
try {
|
|
||||||
final Message email = new MimeMessage(session);
|
|
||||||
email.setFrom(new InternetAddress("alice@nifi.apache.org"));
|
|
||||||
email.setRecipients(Message.RecipientType.TO, InternetAddress.parse("bob@nifi.apache.org"));
|
|
||||||
email.setSubject("This is a test");
|
|
||||||
email.setText("MSG-0");
|
|
||||||
Transport.send(email);
|
|
||||||
} catch (final MessagingException e) {
|
|
||||||
messagingException = e;
|
|
||||||
}
|
|
||||||
|
|
||||||
runner.shutdown();
|
|
||||||
runner.assertAllFlowFilesTransferred(ListenSMTP.REL_SUCCESS, 0);
|
|
||||||
|
|
||||||
if (messagingException != null) throw messagingException;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -87,7 +87,7 @@ public class StandardRestrictedSSLContextService extends StandardSSLContextServi
|
||||||
static AllowableValue[] buildAlgorithmAllowableValues() {
|
static AllowableValue[] buildAlgorithmAllowableValues() {
|
||||||
final Set<String> supportedProtocols = new HashSet<>();
|
final Set<String> supportedProtocols = new HashSet<>();
|
||||||
|
|
||||||
supportedProtocols.add("TLS");
|
supportedProtocols.add(TlsConfiguration.TLS_PROTOCOL);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Add specifically supported TLS versions
|
* Add specifically supported TLS versions
|
||||||
|
|
|
@ -109,10 +109,10 @@ public interface SSLContextService extends ControllerService {
|
||||||
* Prepopulate protocols with generic instance types commonly used
|
* Prepopulate protocols with generic instance types commonly used
|
||||||
* see: http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext
|
* see: http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext
|
||||||
*/
|
*/
|
||||||
supportedProtocols.add("TLS");
|
supportedProtocols.add(TlsConfiguration.TLS_PROTOCOL);
|
||||||
|
|
||||||
// This is still available for outgoing connections to legacy services, but can be disabled with jdk.tls.disabledAlgorithms
|
// This is still available for outgoing connections to legacy services, but can be disabled with jdk.tls.disabledAlgorithms
|
||||||
supportedProtocols.add("SSL");
|
supportedProtocols.add(TlsConfiguration.SSL_PROTOCOL);
|
||||||
|
|
||||||
// Determine those provided by the JVM on the system
|
// Determine those provided by the JVM on the system
|
||||||
try {
|
try {
|
||||||
|
|
Loading…
Reference in New Issue