[
https://issues.apache.org/jira/browse/MINIFI-183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15864020#comment-15864020
]
ASF GitHub Bot commented on MINIFI-183:
---------------------------------------
Github user phrocker commented on a diff in the pull request:
https://github.com/apache/nifi-minifi-cpp/pull/43#discussion_r100847768
--- Diff: libminifi/src/ListenHTTP.cpp ---
@@ -0,0 +1,395 @@
+/**
+ * @file ListenHTTP.cpp
+ * ListenHTTP class implementation
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <sstream>
+#include <stdio.h>
+#include <string>
+#include <iostream>
+#include <fstream>
+#include <uuid/uuid.h>
+
+#include <CivetServer.h>
+
+#include "ListenHTTP.h"
+
+#include "TimeUtil.h"
+#include "ProcessContext.h"
+#include "ProcessSession.h"
+#include "ProcessSessionFactory.h"
+
+const std::string ListenHTTP::ProcessorName("ListenHTTP");
+
+Property ListenHTTP::BasePath("Base Path", "Base path for incoming
connections", "contentListener");
+Property ListenHTTP::Port("Listening Port", "The Port to listen on for
incoming connections", "");
+Property ListenHTTP::AuthorizedDNPattern("Authorized DN Pattern", "A
Regular Expression to apply against the Distinguished Name of incoming
connections. If the Pattern does not match the DN, the connection will be
refused.", ".*");
+Property ListenHTTP::SSLCertificate("SSL Certificate", "File containing
PEM-formatted file including TLS/SSL certificate and key", "");
+Property ListenHTTP::SSLCertificateAuthority("SSL Certificate Authority",
"File containing trusted PEM-formatted certificates", "");
+Property ListenHTTP::SSLVerifyPeer("SSL Verify Peer", "Whether or not to
verify the client's certificate (yes/no)", "no");
+Property ListenHTTP::SSLMinimumVersion("SSL Minimum Version", "Minimum
TLS/SSL version allowed (SSL2, SSL3, TLS1.0, TLS1.1, TLS1.2)", "SSL2");
+Property ListenHTTP::HeadersAsAttributesRegex("HTTP Headers to receive as
Attributes (Regex)", "Specifies the Regular Expression that determines the
names of HTTP Headers that should be passed along as FlowFile attributes", "");
+
+Relationship ListenHTTP::Success("success", "All files are routed to
success");
+
+void ListenHTTP::initialize()
+{
+ _logger->log_info("Initializing ListenHTTP");
+
+ //! Set the supported properties
+ std::set<Property> properties;
+ properties.insert(BasePath);
+ properties.insert(Port);
+ properties.insert(AuthorizedDNPattern);
+ properties.insert(SSLCertificate);
+ properties.insert(SSLCertificateAuthority);
+ properties.insert(SSLVerifyPeer);
+ properties.insert(SSLMinimumVersion);
+ properties.insert(HeadersAsAttributesRegex);
+ setSupportedProperties(properties);
+ //! Set the supported relationships
+ std::set<Relationship> relationships;
+ relationships.insert(Success);
+ setSupportedRelationships(relationships);
+}
+
+void ListenHTTP::onSchedule(ProcessContext *context, ProcessSessionFactory
*sessionFactory)
+{
+
+ std::string basePath;
+
+ if (!context->getProperty(BasePath.getName(), basePath))
+ {
+ _logger->log_info("%s attribute is missing, so default value of
%s will be used",
+ BasePath.getName().c_str(),
+ BasePath.getValue().c_str());
+ basePath = BasePath.getValue();
+ }
+
+ basePath.insert(0, "/");
+
+ std::string listeningPort;
+
+ if (!context->getProperty(Port.getName(), listeningPort))
+ {
+ _logger->log_error("%s attribute is missing or invalid",
+ Port.getName().c_str());
+ return;
+ }
+
+ std::string authDNPattern;
+
+ if (context->getProperty(AuthorizedDNPattern.getName(), authDNPattern)
&& !authDNPattern.empty())
+ {
+ _logger->log_info("ListenHTTP using %s: %s",
+ AuthorizedDNPattern.getName().c_str(),
+ authDNPattern.c_str());
+ }
+
+ std::string sslCertFile;
+
+ if (context->getProperty(SSLCertificate.getName(), sslCertFile) &&
!sslCertFile.empty())
+ {
+ _logger->log_info("ListenHTTP using %s: %s",
+ SSLCertificate.getName().c_str(),
+ sslCertFile.c_str());
+ }
+
+ // Read further TLS/SSL options only if TLS/SSL usage is implied by
virtue of certificate value being set
+ std::string sslCertAuthorityFile;
+ std::string sslVerifyPeer;
+ std::string sslMinVer;
+
+ if (!sslCertFile.empty())
+ {
+ if (context->getProperty(SSLCertificateAuthority.getName(),
sslCertAuthorityFile)
+ && !sslCertAuthorityFile.empty())
+ {
+ _logger->log_info("ListenHTTP using %s: %s",
+
SSLCertificateAuthority.getName().c_str(),
+ sslCertAuthorityFile.c_str());
+ }
+
+ if (context->getProperty(SSLVerifyPeer.getName(),
sslVerifyPeer))
+ {
+ if (sslVerifyPeer.empty() ||
sslVerifyPeer.compare("no") == 0)
+ {
+ _logger->log_info("ListenHTTP will not verify
peers");
+ }
+ else
+ {
+ _logger->log_info("ListenHTTP will verify
peers");
+ }
+ }
+ else
+ {
+ _logger->log_info("ListenHTTP will not verify peers");
+ }
+
+ if (context->getProperty(SSLMinimumVersion.getName(),
sslMinVer))
+ {
+ _logger->log_info("ListenHTTP using %s: %s",
+ SSLMinimumVersion.getName().c_str(),
+ sslMinVer.c_str());
+ }
+ }
+
+ std::string headersAsAttributesPattern;
+
+ if
(context->getProperty(HeadersAsAttributesRegex.getName(),headersAsAttributesPattern)
+ && !headersAsAttributesPattern.empty())
+ {
+ _logger->log_info("ListenHTTP using %s: %s",
+ HeadersAsAttributesRegex.getName().c_str(),
+ headersAsAttributesPattern.c_str());
+ }
+
+ auto numThreads = getMaxConcurrentTasks();
+
+ _logger->log_info("ListenHTTP starting HTTP server on port %s and path
%s with %d threads",
+ listeningPort.c_str(),
+ basePath.c_str(),
+ numThreads);
+
+ // Initialize web server
+ std::vector<std::string> options;
+ options.push_back("enable_keep_alive");
+ options.push_back("yes");
+ options.push_back("keep_alive_timeout_ms");
+ options.push_back("15000");
+ options.push_back("num_threads");
+ options.push_back(std::to_string(numThreads));
+
+ if (sslCertFile.empty())
+ {
+ options.push_back("listening_ports");
+ options.push_back(listeningPort);
+ }
+ else
+ {
+ listeningPort += "s";
+ options.push_back("listening_ports");
+ options.push_back(listeningPort);
+
+ options.push_back("ssl_certificate");
+ options.push_back(sslCertFile);
+
+ if (!sslCertAuthorityFile.empty())
+ {
+ options.push_back("ssl_ca_file");
+ options.push_back(sslCertAuthorityFile);
+ }
+
+ if (sslVerifyPeer.empty() || sslVerifyPeer.compare("no") == 0)
+ {
+ options.push_back("ssl_verify_peer");
+ options.push_back("no");
+ }
+ else
+ {
+ options.push_back("ssl_verify_peer");
+ options.push_back("yes");
+ }
+
+ if (sslMinVer.compare("SSL2") == 0)
+ {
+ options.push_back("ssl_protocol_version");
+ options.push_back(std::to_string(0));
+ }
+ else if (sslMinVer.compare("SSL3") == 0)
--- End diff --
@apiri Are we concerned about POODLE? Do we want to disallow any version <
TLS1.2?
> Create ListenHTTP processor
> ---------------------------
>
> Key: MINIFI-183
> URL: https://issues.apache.org/jira/browse/MINIFI-183
> Project: Apache NiFi MiNiFi
> Issue Type: Task
> Components: C++
> Reporter: Andrew Christianson
> Assignee: Andrew Christianson
>
> Create a ListenHTTP processor of similar design/function to the ListenHTTP in
> the parent Apache NiFi project.
> Being a part of MiNiFi, the server should be very lightweight, handle
> requests asynchronously, have optional threading, and should support
> streaming of request/response content to minimize memory requirements.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
