NIFI-1521 Added SSL configuration to AMQP processor.

fixed build failure (+5 squashed commits) Squashed commits: [a3405f8] NIFI-1521 fixed build failure [bf91743] NIFI-1521 fixed name/displayName in properties [a44beaa] NIFI-1521 Added unit test [c523689] NIFI-1521 Added client auth property and reverted modification on SSL context service [75f3457] NIFI-1521 Allows use of SSL in AMQP Processor This closes #232. Signed-off-by: Andy LoPresto <alopresto@apache.org>
2016-02-17 16:30:09 +01:00 · 2016-02-17 16:30:09 +01:00 · b50cf7d4d4
parent f94b0f2ed2
commit b50cf7d4d4
4 changed files with 136 additions and 1 deletions
--- a/nifi-nar-bundles/nifi-amqp-bundle/nifi-amqp-nar/pom.xml
+++ b/nifi-nar-bundles/nifi-amqp-bundle/nifi-amqp-nar/pom.xml
@ -28,6 +28,11 @@
        <source.skip>true</source.skip>
    </properties>
    <dependencies>
        <dependency>
            <groupId>org.apache.nifi</groupId>
            <artifactId>nifi-standard-services-api-nar</artifactId>
            <type>nar</type>
        </dependency>
        <dependency>
            <groupId>org.apache.nifi</groupId>
            <artifactId>nifi-amqp-processors</artifactId>
--- a/nifi-nar-bundles/nifi-amqp-bundle/nifi-amqp-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-amqp-bundle/nifi-amqp-processors/pom.xml
@ -33,7 +33,10 @@
 			<groupId>org.apache.nifi</groupId>
 			<artifactId>nifi-api</artifactId>
 		</dependency>
-		
+        <dependency>
            <groupId>org.apache.nifi</groupId>
            <artifactId>nifi-ssl-context-service-api</artifactId>
        </dependency>
 		<dependency>
 			<groupId>org.apache.nifi</groupId>
 			<artifactId>nifi-processor-utils</artifactId>
--- a/nifi-nar-bundles/nifi-amqp-bundle/nifi-amqp-processors/src/main/java/org/apache/nifi/amqp/processors/AbstractAMQPProcessor.java
+++ b/nifi-nar-bundles/nifi-amqp-bundle/nifi-amqp-processors/src/main/java/org/apache/nifi/amqp/processors/AbstractAMQPProcessor.java
@ -20,7 +20,11 @@ import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 import javax.net.ssl.SSLContext;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.nifi.annotation.lifecycle.OnStopped;
 import org.apache.nifi.authentication.exception.ProviderCreationException;
 import org.apache.nifi.components.PropertyDescriptor;
 import org.apache.nifi.processor.AbstractProcessor;
 import org.apache.nifi.processor.ProcessContext;
@ -28,6 +32,8 @@ import org.apache.nifi.processor.ProcessSession;
 import org.apache.nifi.processor.Processor;
 import org.apache.nifi.processor.exception.ProcessException;
 import org.apache.nifi.processor.util.StandardValidators;
 import org.apache.nifi.security.util.SslContextFactory;
 import org.apache.nifi.ssl.SSLContextService;
 import com.rabbitmq.client.Connection;
 import com.rabbitmq.client.ConnectionFactory;
@ -84,6 +90,23 @@ abstract class AbstractAMQPProcessor<T extends AMQPWorker> extends AbstractProce
            .allowableValues("0.9.1")
            .defaultValue("0.9.1")
            .build();
    public static final PropertyDescriptor SSL_CONTEXT_SERVICE = new PropertyDescriptor.Builder()
            .name("ssl-context-service")
            .displayName("SSL Context Service")
            .description("The SSL Context Service used to provide client certificate information for TLS/SSL connections.")
            .required(false)
            .identifiesControllerService(SSLContextService.class)
            .build();
    public static final PropertyDescriptor CLIENT_AUTH = new PropertyDescriptor.Builder()
            .name("ssl-client-auth")
            .displayName("Client Auth")
            .description("Client authentication policy when connecting to secure (TLS/SSL) AMQP broker. "
                    + "Possible values are REQUIRED, WANT, NONE. This property is only used when an SSL Context "
                    + "has been defined and enabled.")
            .required(false)
            .allowableValues(SSLContextService.ClientAuth.values())
            .defaultValue("REQUIRED")
            .build();
    static List<PropertyDescriptor> descriptors = new ArrayList<>();
@ -98,6 +121,8 @@ abstract class AbstractAMQPProcessor<T extends AMQPWorker> extends AbstractProce
        descriptors.add(USER);
        descriptors.add(PASSWORD);
        descriptors.add(AMQP_VERSION);
        descriptors.add(SSL_CONTEXT_SERVICE);
        descriptors.add(CLIENT_AUTH);
    }
    protected volatile Connection amqpConnection;
@ -192,6 +217,33 @@ abstract class AbstractAMQPProcessor<T extends AMQPWorker> extends AbstractProce
            cf.setVirtualHost(vHost);
        }
        // handles TLS/SSL aspects
        final SSLContextService sslService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
        final String rawClientAuth = context.getProperty(CLIENT_AUTH).getValue();
        final SSLContext sslContext;
        if (sslService != null) {
            final SSLContextService.ClientAuth clientAuth;
            if (StringUtils.isBlank(rawClientAuth)) {
                clientAuth = SSLContextService.ClientAuth.REQUIRED;
            } else {
                try {
                    clientAuth = SSLContextService.ClientAuth.valueOf(rawClientAuth);
                } catch (final IllegalArgumentException iae) {
                    throw new ProviderCreationException(String.format("Unrecognized client auth '%s'. Possible values are [%s]",
                            rawClientAuth, StringUtils.join(SslContextFactory.ClientAuth.values(), ", ")));
                }
            }
            sslContext = sslService.createSSLContext(clientAuth);
        } else {
            sslContext = null;
        }
        // check if the ssl context is set and add it to the factory if so
        if (sslContext != null) {
            cf.useSslProtocol(sslContext);
        }
        try {
            Connection connection = cf.newConnection();
            return connection;
--- a/nifi-nar-bundles/nifi-amqp-bundle/nifi-amqp-processors/src/test/java/org/apache/nifi/amqp/processors/AbstractAMQPProcessorTest.java
+++ b/nifi-nar-bundles/nifi-amqp-bundle/nifi-amqp-processors/src/test/java/org/apache/nifi/amqp/processors/AbstractAMQPProcessorTest.java
@ -0,0 +1,75 @@
 /*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.apache.nifi.amqp.processors;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 import org.apache.nifi.authentication.exception.ProviderCreationException;
 import org.apache.nifi.processor.ProcessContext;
 import org.apache.nifi.processor.ProcessSession;
 import org.apache.nifi.processor.exception.ProcessException;
 import org.apache.nifi.ssl.SSLContextService;
 import org.apache.nifi.util.TestRunner;
 import org.apache.nifi.util.TestRunners;
 import org.junit.Before;
 import org.junit.Test;
 /**
 * Unit tests for the AbstractAMQPProcessor class
 */
 public class AbstractAMQPProcessorTest {
    MockAbstractAMQPProcessor processor;
    private TestRunner testRunner;
    @Before
    public void setUp() throws Exception {
        processor = new MockAbstractAMQPProcessor();
        testRunner = TestRunners.newTestRunner(processor);
    }
    @Test(expected = ProviderCreationException.class)
    public void testConnectToCassandraWithSSLBadClientAuth() throws Exception {
        SSLContextService sslService = mock(SSLContextService.class);
        when(sslService.getIdentifier()).thenReturn("ssl-context");
        testRunner.addControllerService("ssl-context", sslService);
        testRunner.enableControllerService(sslService);
        testRunner.setProperty(AbstractAMQPProcessor.SSL_CONTEXT_SERVICE, "ssl-context");
        testRunner.setProperty(AbstractAMQPProcessor.HOST, "test");
        testRunner.setProperty(AbstractAMQPProcessor.PORT, "9999");
        testRunner.setProperty(AbstractAMQPProcessor.USER, "test");
        testRunner.setProperty(AbstractAMQPProcessor.PASSWORD, "test");
        testRunner.assertValid(sslService);
        testRunner.setProperty(AbstractAMQPProcessor.CLIENT_AUTH, "BAD");
        processor.onTrigger(testRunner.getProcessContext(), testRunner.getProcessSessionFactory());
    }
    /**
     * Provides a stubbed processor instance for testing
     */
    public static class MockAbstractAMQPProcessor extends AbstractAMQPProcessor<AMQPConsumer> {
        @Override
        protected void rendezvousWithAmqp(ProcessContext context, ProcessSession session) throws ProcessException {
            // nothing to do
        }
        @Override
        protected AMQPConsumer finishBuildingTargetResource(ProcessContext context) {
            return null;
        }
    }
 }