This is an automated email from the ASF dual-hosted git repository.
martinzink pushed a commit to branch MINIFICPP-2584-apache
in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git
The following commit(s) were added to refs/heads/MINIFICPP-2584-apache by this
push:
new d2c025aa4 fips2
d2c025aa4 is described below
commit d2c025aa4d47e50d6172ee8bd1cb705e965b1b81
Author: Martin Zink <[email protected]>
AuthorDate: Tue Jul 15 11:43:58 2025 +0200
fips2
---
libminifi/include/properties/LocationsImpl.h | 16 ++++++++--------
minifi-api/include/minifi-cpp/properties/Locations.h | 16 ++++++++--------
minifi_main/Fips.cpp | 19 ++++++++++---------
3 files changed, 26 insertions(+), 25 deletions(-)
diff --git a/libminifi/include/properties/LocationsImpl.h
b/libminifi/include/properties/LocationsImpl.h
index e6a537260..5f602e11f 100644
--- a/libminifi/include/properties/LocationsImpl.h
+++ b/libminifi/include/properties/LocationsImpl.h
@@ -65,14 +65,14 @@ class LocationsImpl final : public Locations {
}));
}
- [[nodiscard]] std::filesystem::path getWorkingDir() const override { return
m.working_dir_; }
- [[nodiscard]] std::filesystem::path getLockPath() const override { return
m.lock_path_; }
- [[nodiscard]] std::filesystem::path getLogPropertiesPath() const override {
return m.log_properties_path_; }
- [[nodiscard]] std::filesystem::path getUidPropertiesPath() const override {
return m.uid_properties_path_; }
- [[nodiscard]] std::filesystem::path getPropertiesPath() const override {
return m.properties_path_; }
- [[nodiscard]] std::filesystem::path getFipsBinPath() const override { return
m.fips_bin_path_; }
- [[nodiscard]] std::filesystem::path getFipsConfPath() const override {
return m.fips_conf_path_; }
- [[nodiscard]] std::filesystem::path getLogsDirs() const override { return
m.logs_dir_; }
+ [[nodiscard]] const std::filesystem::path& getWorkingDir() const override {
return m.working_dir_; }
+ [[nodiscard]] const std::filesystem::path& getLockPath() const override {
return m.lock_path_; }
+ [[nodiscard]] const std::filesystem::path& getLogPropertiesPath() const
override { return m.log_properties_path_; }
+ [[nodiscard]] const std::filesystem::path& getUidPropertiesPath() const
override { return m.uid_properties_path_; }
+ [[nodiscard]] const std::filesystem::path& getPropertiesPath() const
override { return m.properties_path_; }
+ [[nodiscard]] const std::filesystem::path& getFipsBinPath() const override {
return m.fips_bin_path_; }
+ [[nodiscard]] const std::filesystem::path& getFipsConfPath() const override
{ return m.fips_conf_path_; }
+ [[nodiscard]] const std::filesystem::path& getLogsDirs() const override {
return m.logs_dir_; }
[[nodiscard]] std::string_view getDefaultExtensionsPattern() const override
{ return m.extensions_pattern_; }
[[nodiscard]] std::string toString() const override {
diff --git a/minifi-api/include/minifi-cpp/properties/Locations.h
b/minifi-api/include/minifi-cpp/properties/Locations.h
index 1fc7c76ba..3643d36cb 100644
--- a/minifi-api/include/minifi-cpp/properties/Locations.h
+++ b/minifi-api/include/minifi-cpp/properties/Locations.h
@@ -22,14 +22,14 @@ namespace org::apache::nifi::minifi {
class Locations {
public:
virtual ~Locations() = default;
- [[nodiscard]] virtual std::filesystem::path getWorkingDir() const = 0;
- [[nodiscard]] virtual std::filesystem::path getLockPath() const = 0;
- [[nodiscard]] virtual std::filesystem::path getLogPropertiesPath() const = 0;
- [[nodiscard]] virtual std::filesystem::path getUidPropertiesPath() const = 0;
- [[nodiscard]] virtual std::filesystem::path getPropertiesPath() const = 0;
- [[nodiscard]] virtual std::filesystem::path getFipsBinPath() const = 0;
- [[nodiscard]] virtual std::filesystem::path getFipsConfPath() const = 0;
- [[nodiscard]] virtual std::filesystem::path getLogsDirs() const = 0;
+ [[nodiscard]] virtual const std::filesystem::path& getWorkingDir() const = 0;
+ [[nodiscard]] virtual const std::filesystem::path& getLockPath() const = 0;
+ [[nodiscard]] virtual const std::filesystem::path& getLogPropertiesPath()
const = 0;
+ [[nodiscard]] virtual const std::filesystem::path& getUidPropertiesPath()
const = 0;
+ [[nodiscard]] virtual const std::filesystem::path& getPropertiesPath() const
= 0;
+ [[nodiscard]] virtual const std::filesystem::path& getFipsBinPath() const =
0;
+ [[nodiscard]] virtual const std::filesystem::path& getFipsConfPath() const =
0;
+ [[nodiscard]] virtual const std::filesystem::path& getLogsDirs() const = 0;
[[nodiscard]] virtual std::string_view getDefaultExtensionsPattern() const =
0;
[[nodiscard]] virtual std::string toString() const = 0;
diff --git a/minifi_main/Fips.cpp b/minifi_main/Fips.cpp
index d0cbd4b90..d03674bcc 100644
--- a/minifi_main/Fips.cpp
+++ b/minifi_main/Fips.cpp
@@ -72,17 +72,18 @@ bool substituteFipsDirVariable(const std::filesystem::path&
file_path, const std
return true;
}
-bool generateFipsModuleConfig(const std::filesystem::path& fips_dir, const
std::shared_ptr<core::logging::Logger>& logger) {
- std::filesystem::path output_file(fips_dir / "fipsmodule.cnf");
+bool generateFipsModuleConfig(const Locations& locations, const
std::shared_ptr<core::logging::Logger>& logger) {
+ const auto& fips_bin_path = locations.getFipsBinPath();
+ const auto& fips_conf_path = locations.getFipsConfPath();
+ std::filesystem::path output_file(fips_conf_path / "fipsmodule.cnf");
logger->log_info("fipsmodule.cnf was not found, trying to run fipsinstall
command to generate the file");
#ifdef WIN32
- std::string command = "\"\"" + (fips_dir / "openssl.exe").string() + "\"
fipsinstall -out \"" + output_file.string() + "\" -module \"" + (fips_dir /
FIPS_LIB).string() + "\"\"";
+ std::string command = fmt::format(R"("{}" fipsinstall -out "{}" -module
"{}")", fips_bin_path / "openssl.exe", output_file, fips_bin_path / FIPS_LIB);
#else
- std::string command = "\"" + (fips_dir / "openssl").string() + "\"
fipsinstall -out \"" + output_file.string() + "\" -module \"" + (fips_dir /
FIPS_LIB).string() + "\"";
+ std::string command = fmt::format(R"("{}" fipsinstall -out "{}" -module
"{}")", fips_bin_path / "openssl", output_file, fips_bin_path / FIPS_LIB);
#endif
- auto ret = std::system(command.c_str());
- if (ret != 0) {
+ if (std::system(command.c_str()) != 0) {
logger->log_error("Failed to generate fipsmodule.cnf file");
return false;
}
@@ -92,8 +93,8 @@ bool generateFipsModuleConfig(const std::filesystem::path&
fips_dir, const std::
} // namespace
void initializeFipsMode(const std::shared_ptr<minifi::Configure>& configure,
const Locations& locations, const std::shared_ptr<core::logging::Logger>&
logger) {
- const auto fips_bin_path = locations.getFipsBinPath();
- const auto fips_conf_path = locations.getFipsConfPath();
+ const auto& fips_bin_path = locations.getFipsBinPath();
+ const auto& fips_conf_path = locations.getFipsConfPath();
if (!(configure->get(minifi::Configure::nifi_openssl_fips_support_enable) |
utils::andThen(utils::string::toBool)).value_or(false)) {
logger->log_info("FIPS mode is disabled. FIPS configs and modules will NOT
be loaded.");
return;
@@ -104,7 +105,7 @@ void initializeFipsMode(const
std::shared_ptr<minifi::Configure>& configure, con
std::exit(1);
}
- if (!std::filesystem::exists(fips_conf_path / "fipsmodule.cnf") &&
!generateFipsModuleConfig(fips_conf_path, logger)) {
+ if (!std::filesystem::exists(fips_conf_path / "fipsmodule.cnf") &&
!generateFipsModuleConfig(locations, logger)) {
logger->log_error("FIPS mode is enabled, but fipsmodule.cnf is not
available in {fips_conf_dir} directory, and minifi couldn't generate it
automatically. "
"Run {fips_bin_dir}/openssl fipsinstall -out
{fips_conf_dir}/fipsmodule.cnf -module {fips_bin_dir}/{fips_lib_name} command
to generate the configuration file", fmt::arg("fips_conf_dir", fips_conf_path),
fmt::arg("fips_bin_dir", fips_bin_path), fmt::arg("fips_lib_name", FIPS_LIB));
std::exit(1);
