[nifi-minifi-cpp] 05/05: MINIFICPP-2110 Fix default CA path for S3 on CentOS

Wed, 03 May 2023 06:34:45 -0700 

This is an automated email from the ASF dual-hosted git repository.

fgerlits pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git

commit 6e0878bb4447fafff7103a81c16c05f0435d0381
Author: Gabor Gyimesi <[email protected]>
AuthorDate: Tue Apr 25 17:02:50 2023 +0200

    MINIFICPP-2110 Fix default CA path for S3 on CentOS
    
    Signed-off-by: Ferenc Gerlits <[email protected]>
    This closes #1565
---
 extensions/aws/processors/S3Processor.cpp          |  6 +++
 extensions/coap/tests/CoapC2VerifyHeartbeat.cpp    |  2 +-
 extensions/coap/tests/CoapIntegrationBase.h        |  2 +-
 extensions/http-curl/client/HTTPClient.cpp         | 22 +----------
 extensions/http-curl/client/HTTPClient.h           |  1 -
 extensions/http-curl/tests/C2NullConfiguration.cpp |  2 +-
 extensions/http-curl/tests/C2PauseResumeTest.cpp   |  2 +-
 .../http-curl/tests/C2VerifyServeResults.cpp       |  2 +-
 extensions/http-curl/tests/HTTPHandlers.h          |  2 +-
 extensions/http-curl/tests/HTTPIntegrationBase.h   |  2 +-
 extensions/http-curl/tests/VerifyInvokeHTTP.h      |  2 +-
 libminifi/include/utils/HTTPUtils.h                | 11 ++++--
 libminifi/src/utils/HTTPUtils.cpp                  | 43 ++++++++++++++++++++++
 libminifi/test/integration/IntegrationBase.h       |  2 +-
 14 files changed, 68 insertions(+), 33 deletions(-)

diff --git a/extensions/aws/processors/S3Processor.cpp 
b/extensions/aws/processors/S3Processor.cpp
index 695bc9a10..7e8e55579 100644
--- a/extensions/aws/processors/S3Processor.cpp
+++ b/extensions/aws/processors/S3Processor.cpp
@@ -26,6 +26,7 @@
 #include "AWSCredentialsService.h"
 #include "properties/Properties.h"
 #include "utils/StringUtils.h"
+#include "utils/HTTPUtils.h"
 
 namespace org::apache::nifi::minifi::aws::processors {
 
@@ -123,6 +124,11 @@ void S3Processor::onSchedule(const 
std::shared_ptr<core::ProcessContext>& contex
   } else {
     throw Exception(PROCESS_SCHEDULE_EXCEPTION, "Communications Timeout 
missing or invalid");
   }
+
+  static const auto default_ca_path = minifi::utils::getDefaultCAPath();
+  if (default_ca_path) {
+    client_config_->caFile = default_ca_path->string();
+  }
 }
 
 std::optional<CommonProperties> S3Processor::getCommonELSupportedProperties(
diff --git a/extensions/coap/tests/CoapC2VerifyHeartbeat.cpp 
b/extensions/coap/tests/CoapC2VerifyHeartbeat.cpp
index 23007e233..aba295de2 100644
--- a/extensions/coap/tests/CoapC2VerifyHeartbeat.cpp
+++ b/extensions/coap/tests/CoapC2VerifyHeartbeat.cpp
@@ -104,7 +104,7 @@ class VerifyCoAPServer : public CoapIntegrationBase {
     std::string scheme;
     std::string path;
 
-    parse_http_components(url, port, scheme, path);
+    minifi::utils::parse_http_components(url, port, scheme, path);
     uint16_t newport = std::stoi(port) + 2;
     auto new_port_str = std::to_string(newport);
 
diff --git a/extensions/coap/tests/CoapIntegrationBase.h 
b/extensions/coap/tests/CoapIntegrationBase.h
index e7fbc1e65..5ded576e6 100644
--- a/extensions/coap/tests/CoapIntegrationBase.h
+++ b/extensions/coap/tests/CoapIntegrationBase.h
@@ -94,7 +94,7 @@ class CoapIntegrationBase : public IntegrationBase {
 
 void CoapIntegrationBase::setUrl(std::string url, CivetHandler *handler) {
   std::string path;
-  parse_http_components(url, port, scheme, path);
+  minifi::utils::parse_http_components(url, port, scheme, path);
   CivetCallbacks callback{};
   if (url.find("localhost") != std::string::npos) {
     if (server != nullptr) {
diff --git a/extensions/http-curl/client/HTTPClient.cpp 
b/extensions/http-curl/client/HTTPClient.cpp
index 21a1d037e..4d2452269 100644
--- a/extensions/http-curl/client/HTTPClient.cpp
+++ b/extensions/http-curl/client/HTTPClient.cpp
@@ -30,6 +30,7 @@
 #include "utils/RegexUtils.h"
 #include "range/v3/algorithm/all_of.hpp"
 #include "range/v3/action/transform.hpp"
+#include "utils/HTTPUtils.h"
 
 using namespace std::literals::chrono_literals;
 
@@ -418,7 +419,7 @@ void HTTPClient::configure_secure_connection() {
     curl_easy_setopt(http_session_.get(), CURLOPT_CAINFO, nullptr);
     curl_easy_setopt(http_session_.get(), CURLOPT_CAPATH, nullptr);
   } else {
-    static const auto default_ca_path = getDefaultCAPath();
+    static const auto default_ca_path = utils::getDefaultCAPath();
 
     if (default_ca_path)
       logger_->log_debug("Using CA certificate file \"%s\"", 
default_ca_path->string());
@@ -469,25 +470,6 @@ std::string 
HTTPClient::replaceInvalidCharactersInHttpHeaderFieldName(std::strin
   return field_name;
 }
 
-std::optional<std::filesystem::path> HTTPClient::getDefaultCAPath() {
-#ifndef WIN32
-  const std::vector<std::filesystem::path> possible_ca_paths = {
-      "/etc/ssl/certs/ca-certificates.crt",
-      "/etc/pki/tls/certs/ca-bundle.crt",
-      "/usr/share/ssl/certs/ca-bundle.crt",
-      "/usr/local/share/certs/ca-root-nss.crt",
-      "/etc/ssl/cert.pem"
-  };
-
-  for (const auto& possible_ca_path : possible_ca_paths) {
-    if (std::filesystem::exists(possible_ca_path)) {
-      return possible_ca_path;
-    }
-  }
-#endif
-  return std::nullopt;
-}
-
 void HTTPClient::CurlEasyCleanup::operator()(CURL* curl) const {
   curl_easy_cleanup(curl);
 }
diff --git a/extensions/http-curl/client/HTTPClient.h 
b/extensions/http-curl/client/HTTPClient.h
index acc650380..4f90c3b9d 100644
--- a/extensions/http-curl/client/HTTPClient.h
+++ b/extensions/http-curl/client/HTTPClient.h
@@ -188,7 +188,6 @@ class HTTPClient : public utils::BaseHTTPClient, public 
core::Connectable {
 
   static bool isValidHttpHeaderField(std::string_view field_name);
   static std::string replaceInvalidCharactersInHttpHeaderFieldName(std::string 
field_name);
-  static std::optional<std::filesystem::path> getDefaultCAPath();
 
  private:
   static int onProgress(void *client, curl_off_t dltotal, curl_off_t dlnow, 
curl_off_t ultotal, curl_off_t ulnow);
diff --git a/extensions/http-curl/tests/C2NullConfiguration.cpp 
b/extensions/http-curl/tests/C2NullConfiguration.cpp
index 4bbbdf670..ef02b1bec 100644
--- a/extensions/http-curl/tests/C2NullConfiguration.cpp
+++ b/extensions/http-curl/tests/C2NullConfiguration.cpp
@@ -75,7 +75,7 @@ class VerifyC2Server : public HTTPIntegrationBase {
     std::string port;
     std::string scheme;
     std::string path;
-    parse_http_components(url, port, scheme, path);
+    minifi::utils::parse_http_components(url, port, scheme, path);
     configuration->set(Configuration::nifi_c2_enable, "true");
     configuration->set(Configuration::nifi_c2_agent_class, "test");
     configuration->set(Configuration::nifi_c2_agent_protocol_class, 
"RESTSender");
diff --git a/extensions/http-curl/tests/C2PauseResumeTest.cpp 
b/extensions/http-curl/tests/C2PauseResumeTest.cpp
index cf8e137a9..0ac86416e 100644
--- a/extensions/http-curl/tests/C2PauseResumeTest.cpp
+++ b/extensions/http-curl/tests/C2PauseResumeTest.cpp
@@ -154,7 +154,7 @@ int main(int argc, char **argv) {
   std::string scheme;
   std::string path;
   std::unique_ptr<TestServer> server;
-  parse_http_components(url, port, scheme, path);
+  minifi::utils::parse_http_components(url, port, scheme, path);
   server = std::make_unique<TestServer>(port, path, &responder);
 
   harness.setUrl(args.url, &responder);
diff --git a/extensions/http-curl/tests/C2VerifyServeResults.cpp 
b/extensions/http-curl/tests/C2VerifyServeResults.cpp
index acc0ff0e3..e8262278c 100644
--- a/extensions/http-curl/tests/C2VerifyServeResults.cpp
+++ b/extensions/http-curl/tests/C2VerifyServeResults.cpp
@@ -72,7 +72,7 @@ class VerifyC2Server : public HTTPIntegrationBase {
     std::string port;
     std::string scheme;
     std::string path;
-    parse_http_components(url, port, scheme, path);
+    minifi::utils::parse_http_components(url, port, scheme, path);
     
configuration->set(org::apache::nifi::minifi::Configuration::nifi_c2_enable, 
"true");
     
configuration->set(org::apache::nifi::minifi::Configuration::nifi_c2_agent_class,
 "test");
     
configuration->set(org::apache::nifi::minifi::Configuration::nifi_c2_agent_heartbeat_reporter_classes,
 "RESTReceiver");
diff --git a/extensions/http-curl/tests/HTTPHandlers.h 
b/extensions/http-curl/tests/HTTPHandlers.h
index f95d372bc..aaeb37bee 100644
--- a/extensions/http-curl/tests/HTTPHandlers.h
+++ b/extensions/http-curl/tests/HTTPHandlers.h
@@ -95,7 +95,7 @@ class PeerResponder : public ServerAwareHandler {
   explicit PeerResponder(std::string base_url) {
     (void)base_url;  // unused in release builds
     std::string scheme;
-    assert(parse_http_components(base_url, port, scheme, path));
+    assert(minifi::utils::parse_http_components(base_url, port, scheme, path));
   }
 
   bool handleGet(CivetServer* /*server*/, struct mg_connection *conn) override 
{
diff --git a/extensions/http-curl/tests/HTTPIntegrationBase.h 
b/extensions/http-curl/tests/HTTPIntegrationBase.h
index 47dc5c83b..f7c7733a9 100644
--- a/extensions/http-curl/tests/HTTPIntegrationBase.h
+++ b/extensions/http-curl/tests/HTTPIntegrationBase.h
@@ -80,7 +80,7 @@ class HTTPIntegrationBase : public IntegrationBase {
 
 void HTTPIntegrationBase::setUrl(const std::string &url, ServerAwareHandler 
*handler) {
   std::string url_port, url_scheme, url_path;
-  parse_http_components(url, url_port, url_scheme, url_path);
+  minifi::utils::parse_http_components(url, url_port, url_scheme, url_path);
   if (server) {
     if (url_port != "0" && url_port != port) {
       throw std::logic_error("Inconsistent port requirements");
diff --git a/extensions/http-curl/tests/VerifyInvokeHTTP.h 
b/extensions/http-curl/tests/VerifyInvokeHTTP.h
index 2996489cd..32993e9db 100644
--- a/extensions/http-curl/tests/VerifyInvokeHTTP.h
+++ b/extensions/http-curl/tests/VerifyInvokeHTTP.h
@@ -55,7 +55,7 @@ class VerifyInvokeHTTP : public HTTPIntegrationBase {
       throw std::logic_error("Url is already set");
     }
     std::string port, scheme, path;
-    parse_http_components(url, port, scheme, path);
+    minifi::utils::parse_http_components(url, port, scheme, path);
     path_ = path;
     HTTPIntegrationBase::setUrl(url, handler);
   }
diff --git a/libminifi/include/utils/HTTPUtils.h 
b/libminifi/include/utils/HTTPUtils.h
index 708525e98..f748b1d54 100644
--- a/libminifi/include/utils/HTTPUtils.h
+++ b/libminifi/include/utils/HTTPUtils.h
@@ -16,14 +16,17 @@
  * limitations under the License.
  */
 
-#ifndef LIBMINIFI_INCLUDE_UTILS_HTTPUTILS_H_
-#define LIBMINIFI_INCLUDE_UTILS_HTTPUTILS_H_
+#pragma once
 
 #include <string>
+#include <optional>
+#include <filesystem>
 
 #include "io/ClientSocket.h"
 #include "utils/RegexUtils.h"
 
+namespace org::apache::nifi::minifi::utils {
+
 /**
 This function, unfortunately, assumes that we're parsing http components of a 
local host. On windows this is problematic
 so we convert localhost to our local hostname.
@@ -49,4 +52,6 @@ inline bool parse_http_components(const std::string &url, 
std::string &port, std
   return false;
 }
 
-#endif  // LIBMINIFI_INCLUDE_UTILS_HTTPUTILS_H_
+std::optional<std::filesystem::path> getDefaultCAPath();
+
+}  // namespace org::apache::nifi::minifi::utils
diff --git a/libminifi/src/utils/HTTPUtils.cpp 
b/libminifi/src/utils/HTTPUtils.cpp
new file mode 100644
index 000000000..30b84150f
--- /dev/null
+++ b/libminifi/src/utils/HTTPUtils.cpp
@@ -0,0 +1,43 @@
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "utils/HTTPUtils.h"
+
+#include <vector>
+
+namespace org::apache::nifi::minifi::utils {
+
+std::optional<std::filesystem::path> getDefaultCAPath() {
+#ifndef WIN32
+  const std::vector<std::filesystem::path> possible_ca_paths = {
+      "/etc/ssl/certs/ca-certificates.crt",
+      "/etc/pki/tls/certs/ca-bundle.crt",
+      "/usr/share/ssl/certs/ca-bundle.crt",
+      "/usr/local/share/certs/ca-root-nss.crt",
+      "/etc/ssl/cert.pem"
+  };
+
+  for (const auto& possible_ca_path : possible_ca_paths) {
+    if (std::filesystem::exists(possible_ca_path)) {
+      return possible_ca_path;
+    }
+  }
+#endif
+  return std::nullopt;
+}
+
+}  // namespace org::apache::nifi::minifi::utils
diff --git a/libminifi/test/integration/IntegrationBase.h 
b/libminifi/test/integration/IntegrationBase.h
index 00631ffdf..05cd07b17 100644
--- a/libminifi/test/integration/IntegrationBase.h
+++ b/libminifi/test/integration/IntegrationBase.h
@@ -267,7 +267,7 @@ cmd_args parse_cmdline_args_with_url(int argc, char ** 
argv) {
 #ifdef WIN32
     if (url.find("localhost") != std::string::npos) {
       std::string port, scheme, path;
-      parse_http_components(url, port, scheme, path);
+      minifi::utils::parse_http_components(url, port, scheme, path);
       url = scheme + "://" + 
org::apache::nifi::minifi::io::Socket::getMyHostName() + ":" + port +  path;
     }
 #endif

Reply via email to