Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-4622 Adding status tool to TLS toolkit 

This closes #2280.

Signed-off-by: Bryan Bende <bbende@apache.org>
This commit is contained in:
Bryan Bende 2017-11-17 17:15:03 -05:00
parent 16a23f5a0f
commit ce9787a414
No known key found for this signature in database
GPG Key ID: A0DDA9ED50711C39
11 changed files with 549 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nifi-toolkit/nifi-toolkit-tls/pom.xml
View File

@ -62,6 +62,16 @@
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.core</groupId>
<artifactId>jersey-client</artifactId>
<version>${jersey.version}</version>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.inject</groupId>
<artifactId>jersey-hk2</artifactId>
<version>${jersey.version}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>

2
nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/TlsToolkitMain.java
View File

@ -21,6 +21,7 @@ import org.apache.nifi.toolkit.tls.commandLine.ExitCode;
import org.apache.nifi.toolkit.tls.service.client.TlsCertificateAuthorityClientCommandLine;
import org.apache.nifi.toolkit.tls.service.server.TlsCertificateAuthorityServiceCommandLine;
import org.apache.nifi.toolkit.tls.standalone.TlsToolkitStandaloneCommandLine;
import org.apache.nifi.toolkit.tls.status.TlsToolkitGetStatusCommandLine;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
@ -42,6 +43,7 @@ public class TlsToolkitMain {
mainMap.put("standalone", TlsToolkitStandaloneCommandLine.class);
mainMap.put("server", TlsCertificateAuthorityServiceCommandLine.class);
mainMap.put("client", TlsCertificateAuthorityClientCommandLine.class);
mainMap.put("status", TlsToolkitGetStatusCommandLine.class);
}
/**

134
nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/commandLine/BaseCommandLine.java
View File

@ -14,7 +14,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.nifi.toolkit.tls.commandLine;
import org.apache.commons.cli.CommandLine;
@ -23,72 +22,23 @@ import org.apache.commons.cli.DefaultParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.apache.nifi.security.util.KeystoreType;
import org.apache.nifi.toolkit.tls.TlsToolkitMain;
import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Base class with common CLI parsing functionality as well as arguments shared by multiple entry points
*/
public abstract class BaseCommandLine {
private static final Logger logger = LoggerFactory.getLogger(BaseCommandLine.class);
public static final String HELP_ARG = "help";
public static final String JAVA_HOME = "JAVA_HOME";
public static final String NIFI_TOOLKIT_HOME = "NIFI_TOOLKIT_HOME";
public static final String FOOTER = new StringBuilder(System.lineSeparator()).append("Java home: ")
.append(System.getenv(JAVA_HOME)).append(System.lineSeparator()).append("NiFi Toolkit home: ").append(System.getenv(NIFI_TOOLKIT_HOME)).toString();
public static final String KEY_SIZE_ARG = "keySize";
public static final String KEY_ALGORITHM_ARG = "keyAlgorithm";
public static final String CERTIFICATE_AUTHORITY_HOSTNAME_ARG = "certificateAuthorityHostname";
public static final String DAYS_ARG = "days";
public static final String KEY_STORE_TYPE_ARG = "keyStoreType";
public static final String SIGNING_ALGORITHM_ARG = "signingAlgorithm";
public static final String DN_ARG = "dn";
public static final String DIFFERENT_KEY_AND_KEYSTORE_PASSWORDS_ARG = "differentKeyAndKeystorePasswords";
public static final String KEYSTORE = "keystore.";
public static final String TRUSTSTORE = "truststore.";
private final Options options;
private final String header;
private int keySize;
private String keyAlgorithm;
private String certificateAuthorityHostname;
private String keyStoreType;
private int days;
private String signingAlgorithm;
private boolean differentPasswordForKeyAndKeystore;
public BaseCommandLine(String header) {
this.header = System.lineSeparator() + header + System.lineSeparator() + System.lineSeparator();
this.options = new Options();
if (shouldAddDaysArg()) {
addOptionWithArg("d", DAYS_ARG, "Number of days issued certificate should be valid for.", TlsConfig.DEFAULT_DAYS);
}
addOptionWithArg("T", KEY_STORE_TYPE_ARG, "The type of keyStores to generate.", getKeyStoreTypeDefault());
options.addOption("h", HELP_ARG, false, "Print help and exit.");
addOptionWithArg("c", CERTIFICATE_AUTHORITY_HOSTNAME_ARG, "Hostname of NiFi Certificate Authority", TlsConfig.DEFAULT_HOSTNAME);
addOptionWithArg("a", KEY_ALGORITHM_ARG, "Algorithm to use for generated keys.", TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM);
addOptionWithArg("k", KEY_SIZE_ARG, "Number of bits for generated keys.", TlsConfig.DEFAULT_KEY_SIZE);
if (shouldAddSigningAlgorithmArg()) {
addOptionWithArg("s", SIGNING_ALGORITHM_ARG, "Algorithm to use for signing certificates.", TlsConfig.DEFAULT_SIGNING_ALGORITHM);
}
addOptionNoArg("g", DIFFERENT_KEY_AND_KEYSTORE_PASSWORDS_ARG, "Use different generated password for the key and the keyStore.");
}
protected String getKeyStoreTypeDefault() {
return TlsConfig.DEFAULT_KEY_STORE_TYPE;
}
protected boolean shouldAddSigningAlgorithmArg() {
return true;
}
protected boolean shouldAddDaysArg() {
return true;
this.options.addOption("h", HELP_ARG, false, "Print help and exit.");
}
protected void addOptionWithArg(String arg, String longArg, String description) {
@ -130,69 +80,6 @@ public abstract class BaseCommandLine {
}
}
/**
* Returns the number of bits used when generating KeyPairs
*
* @return the number of bits used when generating KeyPairs
*/
public int getKeySize() {
return keySize;
}
/**
* Returns the algorithm used when generating KeyPairs
*
* @return the algorithm used when generating KeyPairs
*/
public String getKeyAlgorithm() {
return keyAlgorithm;
}
/**
* Returns the CA Hostname
*
* @return the CA Hostname
*/
public String getCertificateAuthorityHostname() {
return certificateAuthorityHostname;
}
/**
* Returns the type to use for KeyStores
*
* @return the type to use for KeyStores
*/
public String getKeyStoreType() {
return keyStoreType;
}
/**
* Returns the number of Certificates should be valid for
*
* @return the number of Certificates should be valid for
*/
public int getDays() {
return days;
}
/**
* Returns the signing algorithm to use for cryptographic operations
*
* @return the signing algorithm to use for cryptographic operations
*/
public String getSigningAlgorithm() {
return signingAlgorithm;
}
/**
* Returns true if different passwords should be used for KeyStore and individual Key entries
*
* @return true if different passwords should be used for KeyStore and individual Key entries
*/
public boolean differentPasswordForKeyAndKeystore() {
return differentPasswordForKeyAndKeystore;
}
protected CommandLine doParse(String[] args) throws CommandLineParseException {
CommandLineParser parser = new DefaultParser();
CommandLine commandLine;
@ -201,23 +88,17 @@ public abstract class BaseCommandLine {
if (commandLine.hasOption(HELP_ARG)) {
return printUsageAndThrow(null, ExitCode.HELP);
}
certificateAuthorityHostname = commandLine.getOptionValue(CERTIFICATE_AUTHORITY_HOSTNAME_ARG, TlsConfig.DEFAULT_HOSTNAME);
days = getIntValue(commandLine, DAYS_ARG, TlsConfig.DEFAULT_DAYS);
keySize = getIntValue(commandLine, KEY_SIZE_ARG, TlsConfig.DEFAULT_KEY_SIZE);
keyAlgorithm = commandLine.getOptionValue(KEY_ALGORITHM_ARG, TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM);
keyStoreType = commandLine.getOptionValue(KEY_STORE_TYPE_ARG, getKeyStoreTypeDefault());
if (KeystoreType.PKCS12.toString().equalsIgnoreCase(keyStoreType)) {
logger.info("Command line argument --" + KEY_STORE_TYPE_ARG + "=" + keyStoreType + " only applies to keystore, recommended truststore type of " + KeystoreType.JKS.toString() +
" unaffected.");
}
signingAlgorithm = commandLine.getOptionValue(SIGNING_ALGORITHM_ARG, TlsConfig.DEFAULT_SIGNING_ALGORITHM);
differentPasswordForKeyAndKeystore = commandLine.hasOption(DIFFERENT_KEY_AND_KEYSTORE_PASSWORDS_ARG);
postParse(commandLine);
} catch (ParseException e) {
return printUsageAndThrow("Error parsing command line. (" + e.getMessage() + ")", ExitCode.ERROR_PARSING_COMMAND_LINE);
}
return commandLine;
}
protected void postParse(CommandLine commandLine) throws CommandLineParseException {
}
/**
* Parses the command line arguments
*
@ -227,4 +108,5 @@ public abstract class BaseCommandLine {
public void parse(String... args) throws CommandLineParseException {
doParse(args);
}
}

157
nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/commandLine/BaseTlsToolkitCommandLine.java Normal file
View File

@ -0,0 +1,157 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.nifi.toolkit.tls.commandLine;
import org.apache.commons.cli.CommandLine;
import org.apache.nifi.security.util.KeystoreType;
import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Base class with common CLI parsing functionality as well as arguments shared by multiple entry points
*/
public abstract class BaseTlsToolkitCommandLine extends BaseCommandLine {
private static final Logger logger = LoggerFactory.getLogger(BaseTlsToolkitCommandLine.class);
public static final String KEY_SIZE_ARG = "keySize";
public static final String KEY_ALGORITHM_ARG = "keyAlgorithm";
public static final String CERTIFICATE_AUTHORITY_HOSTNAME_ARG = "certificateAuthorityHostname";
public static final String DAYS_ARG = "days";
public static final String KEY_STORE_TYPE_ARG = "keyStoreType";
public static final String SIGNING_ALGORITHM_ARG = "signingAlgorithm";
public static final String DN_ARG = "dn";
public static final String DIFFERENT_KEY_AND_KEYSTORE_PASSWORDS_ARG = "differentKeyAndKeystorePasswords";
public static final String KEYSTORE = "keystore.";
public static final String TRUSTSTORE = "truststore.";
private int keySize;
private String keyAlgorithm;
private String certificateAuthorityHostname;
private String keyStoreType;
private int days;
private String signingAlgorithm;
private boolean differentPasswordForKeyAndKeystore;
public BaseTlsToolkitCommandLine(String header) {
super(header);
if (shouldAddDaysArg()) {
addOptionWithArg("d", DAYS_ARG, "Number of days issued certificate should be valid for.", TlsConfig.DEFAULT_DAYS);
}
addOptionWithArg("T", KEY_STORE_TYPE_ARG, "The type of keyStores to generate.", getKeyStoreTypeDefault());
addOptionWithArg("c", CERTIFICATE_AUTHORITY_HOSTNAME_ARG, "Hostname of NiFi Certificate Authority", TlsConfig.DEFAULT_HOSTNAME);
addOptionWithArg("a", KEY_ALGORITHM_ARG, "Algorithm to use for generated keys.", TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM);
addOptionWithArg("k", KEY_SIZE_ARG, "Number of bits for generated keys.", TlsConfig.DEFAULT_KEY_SIZE);
if (shouldAddSigningAlgorithmArg()) {
addOptionWithArg("s", SIGNING_ALGORITHM_ARG, "Algorithm to use for signing certificates.", TlsConfig.DEFAULT_SIGNING_ALGORITHM);
}
addOptionNoArg("g", DIFFERENT_KEY_AND_KEYSTORE_PASSWORDS_ARG, "Use different generated password for the key and the keyStore.");
}
protected String getKeyStoreTypeDefault() {
return TlsConfig.DEFAULT_KEY_STORE_TYPE;
}
protected boolean shouldAddSigningAlgorithmArg() {
return true;
}
protected boolean shouldAddDaysArg() {
return true;
}
/**
* Returns the number of bits used when generating KeyPairs
*
* @return the number of bits used when generating KeyPairs
*/
public int getKeySize() {
return keySize;
}
/**
* Returns the algorithm used when generating KeyPairs
*
* @return the algorithm used when generating KeyPairs
*/
public String getKeyAlgorithm() {
return keyAlgorithm;
}
/**
* Returns the CA Hostname
*
* @return the CA Hostname
*/
public String getCertificateAuthorityHostname() {
return certificateAuthorityHostname;
}
/**
* Returns the type to use for KeyStores
*
* @return the type to use for KeyStores
*/
public String getKeyStoreType() {
return keyStoreType;
}
/**
* Returns the number of Certificates should be valid for
*
* @return the number of Certificates should be valid for
*/
public int getDays() {
return days;
}
/**
* Returns the signing algorithm to use for cryptographic operations
*
* @return the signing algorithm to use for cryptographic operations
*/
public String getSigningAlgorithm() {
return signingAlgorithm;
}
/**
* Returns true if different passwords should be used for KeyStore and individual Key entries
*
* @return true if different passwords should be used for KeyStore and individual Key entries
*/
public boolean differentPasswordForKeyAndKeystore() {
return differentPasswordForKeyAndKeystore;
}
@Override
protected void postParse(CommandLine commandLine) throws CommandLineParseException {
certificateAuthorityHostname = commandLine.getOptionValue(CERTIFICATE_AUTHORITY_HOSTNAME_ARG, TlsConfig.DEFAULT_HOSTNAME);
days = getIntValue(commandLine, DAYS_ARG, TlsConfig.DEFAULT_DAYS);
keySize = getIntValue(commandLine, KEY_SIZE_ARG, TlsConfig.DEFAULT_KEY_SIZE);
keyAlgorithm = commandLine.getOptionValue(KEY_ALGORITHM_ARG, TlsConfig.DEFAULT_KEY_PAIR_ALGORITHM);
keyStoreType = commandLine.getOptionValue(KEY_STORE_TYPE_ARG, getKeyStoreTypeDefault());
if (KeystoreType.PKCS12.toString().equalsIgnoreCase(keyStoreType)) {
logger.info("Command line argument --" + KEY_STORE_TYPE_ARG + "=" + keyStoreType + " only applies to keystore, recommended truststore type of " + KeystoreType.JKS.toString() +
" unaffected.");
}
signingAlgorithm = commandLine.getOptionValue(SIGNING_ALGORITHM_ARG, TlsConfig.DEFAULT_SIGNING_ALGORITHM);
differentPasswordForKeyAndKeystore = commandLine.hasOption(DIFFERENT_KEY_AND_KEYSTORE_PASSWORDS_ARG);
}
}

41
nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/configuration/GetStatusConfig.java Normal file
View File

@ -0,0 +1,41 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.nifi.toolkit.tls.configuration;
import javax.net.ssl.SSLContext;
import java.net.URI;
public class GetStatusConfig {
private final URI url;
private final SSLContext sslContext;
public GetStatusConfig(final URI url, final SSLContext sslContext) {
this.url = url;
this.sslContext = sslContext;
}
public URI getUrl() {
return url;
}
public SSLContext getSslContext() {
return sslContext;
}
}

4
nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/BaseCertificateAuthorityCommandLine.java
View File

@ -18,7 +18,7 @@
package org.apache.nifi.toolkit.tls.service;
import org.apache.commons.cli.CommandLine;
import org.apache.nifi.toolkit.tls.commandLine.BaseCommandLine;
import org.apache.nifi.toolkit.tls.commandLine.BaseTlsToolkitCommandLine;
import org.apache.nifi.toolkit.tls.commandLine.CommandLineParseException;
import org.apache.nifi.toolkit.tls.commandLine.ExitCode;
import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
@ -29,7 +29,7 @@ import java.io.File;
/**
* Common base argument logic for the CA server and client
*/
public abstract class BaseCertificateAuthorityCommandLine extends BaseCommandLine {
public abstract class BaseCertificateAuthorityCommandLine extends BaseTlsToolkitCommandLine {
public static final String TOKEN_ARG = "token";
public static final String CONFIG_JSON_ARG = "configJson";
public static final String READ_CONFIG_JSON_ARG = "configJsonIn";

4
nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneCommandLine.java
View File

@ -31,7 +31,7 @@ import java.util.stream.IntStream;
import java.util.stream.Stream;
import org.apache.commons.cli.CommandLine;
import org.apache.nifi.toolkit.tls.commandLine.BaseCommandLine;
import org.apache.nifi.toolkit.tls.commandLine.BaseTlsToolkitCommandLine;
import org.apache.nifi.toolkit.tls.commandLine.CommandLineParseException;
import org.apache.nifi.toolkit.tls.commandLine.ExitCode;
import org.apache.nifi.toolkit.tls.configuration.InstanceDefinition;
@ -46,7 +46,7 @@ import org.slf4j.LoggerFactory;
/**
* Command line parser for a StandaloneConfig object and a main entry point to invoke the parser and run the standalone generator
*/
public class TlsToolkitStandaloneCommandLine extends BaseCommandLine {
public class TlsToolkitStandaloneCommandLine extends BaseTlsToolkitCommandLine {
public static final String OUTPUT_DIRECTORY_ARG = "outputDirectory";
public static final String NIFI_PROPERTIES_FILE_ARG = "nifiPropertiesFile";
public static final String KEY_STORE_PASSWORD_ARG = "keyStorePassword";

50
nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/status/TlsToolkitGetStatus.java Normal file
View File

@ -0,0 +1,50 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.nifi.toolkit.tls.status;
import org.apache.nifi.toolkit.tls.configuration.GetStatusConfig;
import org.glassfish.jersey.client.ClientConfig;
import org.glassfish.jersey.client.ClientProperties;
import javax.net.ssl.SSLContext;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Response;
public class TlsToolkitGetStatus {
public void get(final GetStatusConfig config) {
final SSLContext sslContext = config.getSslContext();
final ClientBuilder clientBuilder = ClientBuilder.newBuilder();
if (sslContext != null) {
clientBuilder.sslContext(sslContext);
}
final ClientConfig clientConfig = new ClientConfig();
clientConfig.property(ClientProperties.CONNECT_TIMEOUT, 10000);
clientConfig.property(ClientProperties.READ_TIMEOUT, 10000);
clientBuilder.withConfig(clientConfig);
final Client client = clientBuilder.build();
final WebTarget target = client.target(config.getUrl());
final Response response = target.request().get();
System.out.println("Response Code - " + response.getStatus());
}
}

154
nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/status/TlsToolkitGetStatusCommandLine.java Normal file
View File

@ -0,0 +1,154 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.nifi.toolkit.tls.status;
import org.apache.commons.cli.CommandLine;
import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.toolkit.tls.commandLine.BaseCommandLine;
import org.apache.nifi.toolkit.tls.commandLine.CommandLineParseException;
import org.apache.nifi.toolkit.tls.commandLine.ExitCode;
import org.apache.nifi.toolkit.tls.configuration.GetStatusConfig;
import org.apache.nifi.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.net.ssl.SSLContext;
import java.net.URI;
import java.net.URISyntaxException;
public class TlsToolkitGetStatusCommandLine extends BaseCommandLine {
private final Logger logger = LoggerFactory.getLogger(TlsToolkitGetStatusCommandLine.class);
public static final String URL_ARG = "url";
public static final String KEYSTORE_ARG = "keyStore";
public static final String KEYSTORE_TYPE_ARG = "keyStoreType";
public static final String KEYSTORE_PASSWORD_ARG = "keyStorePassword";
public static final String KEY_PASSWORD_ARG = "keyPassword";
public static final String TRUSTSTORE_ARG = "trustStore";
public static final String TRUSTSTORE_TYPE_ARG = "trustStoreType";
public static final String TRUSTSTORE_PASSWORD_ARG = "trustStorePassword";
public static final String PROTOCOL_ARG = "protocol";
public static final String DEFAULT_PROTOCOL = "TLS";
public static final String DEFAULT_KEYSTORE_TYPE = "JKS";
public static final String DESCRIPTION = "Checks the status of an HTTPS endpoint by making a GET request using a supplied keystore and truststore.";
private URI url;
private SSLContext sslContext;
public TlsToolkitGetStatusCommandLine() {
super(DESCRIPTION);
addOptionWithArg("u", URL_ARG, "The full url to connect to, for example: https://localhost:8443/v1/api");
addOptionWithArg("ks", KEYSTORE_ARG, "The key store to use");
addOptionWithArg("kst", KEYSTORE_TYPE_ARG, "The type of key store being used (PKCS12 or JKS)", DEFAULT_KEYSTORE_TYPE);
addOptionWithArg("ksp", KEYSTORE_PASSWORD_ARG, "The password of the key store being used");
addOptionWithArg("kp", KEY_PASSWORD_ARG, "The key password of the key store being used");
addOptionWithArg("ts", TRUSTSTORE_ARG, "The trust store being used");
addOptionWithArg("tst", TRUSTSTORE_TYPE_ARG, "The type of trust store being used (PKCS12 or JKS)", DEFAULT_KEYSTORE_TYPE);
addOptionWithArg("tsp", TRUSTSTORE_PASSWORD_ARG, "The password of the trust store being used");
addOptionWithArg("p", PROTOCOL_ARG, "The protocol to use", DEFAULT_PROTOCOL);
}
public static void main(String[] args) {
TlsToolkitGetStatusCommandLine commandLine = new TlsToolkitGetStatusCommandLine();
try {
commandLine.parse(args);
} catch (CommandLineParseException e) {
System.exit(e.getExitCode().ordinal());
}
final GetStatusConfig config = commandLine.createConfig();
try {
final TlsToolkitGetStatus tlsToolkitGetStatus = new TlsToolkitGetStatus();
tlsToolkitGetStatus.get(config);
} catch (Exception e) {
commandLine.printUsage("Error communicating with " + config.getUrl().toString() + " (" + e.getMessage() + ")");
System.exit(ExitCode.SERVICE_ERROR.ordinal());
}
System.exit(ExitCode.SUCCESS.ordinal());
}
@Override
protected void postParse(CommandLine commandLine) throws CommandLineParseException {
super.postParse(commandLine);
final String urlValue = commandLine.getOptionValue(URL_ARG);
if (StringUtils.isBlank(urlValue)) {
printUsageAndThrow("Url was missing or blank", ExitCode.INVALID_ARGS);
}
try {
this.url = new URI(urlValue);
} catch (URISyntaxException e) {
printUsageAndThrow("Invalid Url", ExitCode.INVALID_ARGS);
}
final String keystoreFilename = commandLine.getOptionValue(KEYSTORE_ARG);
final String keystoreTypeStr = commandLine.getOptionValue(KEYSTORE_TYPE_ARG, DEFAULT_KEYSTORE_TYPE);
final String keystorePassword = commandLine.getOptionValue(KEYSTORE_PASSWORD_ARG);
final String keyPassword = commandLine.getOptionValue(KEY_PASSWORD_ARG);
final String truststoreFilename = commandLine.getOptionValue(TRUSTSTORE_ARG);
final String truststoreTypeStr = commandLine.getOptionValue(TRUSTSTORE_TYPE_ARG, DEFAULT_KEYSTORE_TYPE);
final String truststorePassword = commandLine.getOptionValue(TRUSTSTORE_PASSWORD_ARG);
final String protocol = commandLine.getOptionValue(PROTOCOL_ARG, DEFAULT_PROTOCOL);
final boolean keystoreProvided = !StringUtils.isBlank(keystoreFilename);
final boolean truststoreProvided = !StringUtils.isBlank(truststoreFilename);
try {
final char[] keystorePass = keystorePassword == null ? null : keystorePassword.toCharArray();
final char[] keyPass = keyPassword == null ? null : keyPassword.toCharArray();
final char[] trustPass = truststorePassword == null ? null : truststorePassword.toCharArray();
if (keystoreProvided && truststoreProvided) {
this.sslContext = SslContextFactory.createSslContext(
keystoreFilename,
keystorePass,
keyPass,
keystoreTypeStr,
truststoreFilename,
trustPass,
truststoreTypeStr,
SslContextFactory.ClientAuth.NONE, protocol);
} else if (truststoreProvided) {
this.sslContext = SslContextFactory.createTrustSslContext(
truststoreFilename,
trustPass,
truststoreTypeStr,
protocol);
} else {
printUsageAndThrow("No keystore or truststore was provided", ExitCode.INVALID_ARGS);
}
} catch (Exception e) {
logger.error(e.getMessage(), e);
printUsageAndThrow("Failed to create SSL Context: " + e.getMessage(), ExitCode.INVALID_ARGS);
}
}
public GetStatusConfig createConfig() {
return new GetStatusConfig(url, sslContext);
}
}

6
nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java
View File

@ -23,7 +23,7 @@ import org.apache.nifi.security.util.CertificateUtils;
import org.apache.nifi.security.util.KeystoreType;
import org.apache.nifi.security.util.KeyStoreUtils;
import org.apache.nifi.toolkit.tls.SystemExitCapturer;
import org.apache.nifi.toolkit.tls.commandLine.BaseCommandLine;
import org.apache.nifi.toolkit.tls.commandLine.BaseTlsToolkitCommandLine;
import org.apache.nifi.toolkit.tls.commandLine.ExitCode;
import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
import org.apache.nifi.toolkit.tls.service.TlsCertificateAuthorityTest;
@ -251,14 +251,14 @@ public class TlsToolkitStandaloneTest {
trustStore.load(inputStream, nifiProperties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD).toCharArray());
}
String trustStoreFilename = BaseCommandLine.TRUSTSTORE + trustStoreType;
String trustStoreFilename = BaseTlsToolkitCommandLine.TRUSTSTORE + trustStoreType;
assertEquals("./conf/" + trustStoreFilename, nifiProperties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE));
Certificate certificate = trustStore.getCertificate(TlsToolkitStandalone.NIFI_CERT);
assertEquals(rootCert, certificate);
String keyStoreType = nifiProperties.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE);
String keyStoreFilename = BaseCommandLine.KEYSTORE + keyStoreType;
String keyStoreFilename = BaseTlsToolkitCommandLine.KEYSTORE + keyStoreType;
File keyStoreFile = new File(hostDir, keyStoreFilename);
assertEquals("./conf/" + keyStoreFilename, nifiProperties.getProperty(NiFiProperties.SECURITY_KEYSTORE));

120
nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/status/TlsToolkitGetStatusCommandLineTest.java Normal file
View File

@ -0,0 +1,120 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.nifi.toolkit.tls.status;
import org.apache.nifi.toolkit.tls.commandLine.CommandLineParseException;
import org.apache.nifi.toolkit.tls.commandLine.ExitCode;
import org.apache.nifi.toolkit.tls.configuration.GetStatusConfig;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import javax.net.ssl.SSLContext;
import java.net.URI;
import static org.junit.Assert.fail;
public class TlsToolkitGetStatusCommandLineTest {
private TlsToolkitGetStatusCommandLine commandLine;
@Before
public void setup() {
commandLine = new TlsToolkitGetStatusCommandLine();
}
@Test
public void testHelp() {
try {
commandLine.parse("-h");
fail("Expected usage and help exit");
} catch (CommandLineParseException e) {
Assert.assertEquals(ExitCode.HELP, e.getExitCode());
}
}
@Test
public void testSuccess() {
try {
final String urlStr = "https://localhost:8443/test";
commandLine.parse(
"-u", urlStr,
"-ts", "src/test/resources/localhost/truststore.jks",
"-tst", "JKS",
"-tsp", "t7rmn1fg8np2ck1sduqdd85opv");
final GetStatusConfig config = commandLine.createConfig();
Assert.assertNotNull(config);
final URI url = config.getUrl();
Assert.assertNotNull(url);
Assert.assertEquals(urlStr, url.toString());
final SSLContext sslContext = config.getSslContext();
Assert.assertNotNull(sslContext);
} catch (CommandLineParseException e) {
fail("Expected success");
}
}
@Test
public void testMissingUrl() {
try {
commandLine.parse(
"-ts", "src/test/resources/localhost/truststore.jks",
"-tst", "JKS",
"-tsp", "t7rmn1fg8np2ck1sduqdd85opv");
fail("Expected invalid args");
} catch (CommandLineParseException e) {
Assert.assertEquals(ExitCode.INVALID_ARGS, e.getExitCode());
}
}
@Test
public void testTruststoreDoesNotExist() {
try {
final String urlStr = "https://localhost:8443/test";
commandLine.parse(
"-u", urlStr,
"-ts", "does/not/exist/truststore.jks",
"-tst", "JKS",
"-tsp", "t7rmn1fg8np2ck1sduqdd85opv");
fail("Expected invalid args");
} catch (CommandLineParseException e) {
Assert.assertEquals(ExitCode.INVALID_ARGS, e.getExitCode());
}
}
@Test
public void testInvalidTruststoreType() {
try {
final String urlStr = "https://localhost:8443/test";
commandLine.parse(
"-u", urlStr,
"-ts", "src/test/resources/localhost/truststore.jks",
"-tst", "INVALID",
"-tsp", "t7rmn1fg8np2ck1sduqdd85opv");
fail("Expected invalid args");
} catch (CommandLineParseException e) {
Assert.assertEquals(ExitCode.INVALID_ARGS, e.getExitCode());
}
}
}