[jira] [Commented] (NIFI-2162) InvokeHttp's underlying library for Digest Auth uses the Android logger

Thu, 13 Jul 2017 18:19:59 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-2162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16086694#comment-16086694
 ] 

ASF GitHub Bot commented on NIFI-2162:
--------------------------------------

Github user trkurc commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2004#discussion_r127367937
  
    --- Diff: 
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
 ---
    @@ -500,48 +512,88 @@ public void onPropertyModified(final 
PropertyDescriptor descriptor, final String
         }
     
         @OnScheduled
    -    public void setUpClient(final ProcessContext context) throws 
IOException {
    +    public void setUpClient(final ProcessContext context) throws 
IOException, UnrecoverableKeyException, CertificateException, 
NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
             okHttpClientAtomicReference.set(null);
     
    -        OkHttpClient okHttpClient = new OkHttpClient();
    +        OkHttpClient.Builder okHttpClientBuilder = new 
OkHttpClient().newBuilder();
     
             // Add a proxy if set
             final String proxyHost = 
context.getProperty(PROP_PROXY_HOST).getValue();
             final Integer proxyPort = 
context.getProperty(PROP_PROXY_PORT).asInteger();
             if (proxyHost != null && proxyPort != null) {
                 final Proxy proxy = new Proxy(Type.HTTP, new 
InetSocketAddress(proxyHost, proxyPort));
    -            okHttpClient.setProxy(proxy);
    +            okHttpClientBuilder.proxy(proxy);
             }
     
             // Set timeouts
    -        
okHttpClient.setConnectTimeout((context.getProperty(PROP_CONNECT_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue()),
 TimeUnit.MILLISECONDS);
    -        
okHttpClient.setReadTimeout(context.getProperty(PROP_READ_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue(),
 TimeUnit.MILLISECONDS);
    +        
okHttpClientBuilder.connectTimeout((context.getProperty(PROP_CONNECT_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue()),
 TimeUnit.MILLISECONDS);
    +        
okHttpClientBuilder.readTimeout(context.getProperty(PROP_READ_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue(),
 TimeUnit.MILLISECONDS);
     
             // Set whether to follow redirects
    -        
okHttpClient.setFollowRedirects(context.getProperty(PROP_FOLLOW_REDIRECTS).asBoolean());
    +        
okHttpClientBuilder.followRedirects(context.getProperty(PROP_FOLLOW_REDIRECTS).asBoolean());
     
             final SSLContextService sslService = 
context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
             final SSLContext sslContext = sslService == null ? null : 
sslService.createSSLContext(ClientAuth.NONE);
     
             // check if the ssl context is set and add the factory if so
             if (sslContext != null) {
    -            
okHttpClient.setSslSocketFactory(sslContext.getSocketFactory());
    +            setSslSocketFactory(okHttpClientBuilder, sslService, 
sslContext);
             }
     
             // check the trusted hostname property and override the 
HostnameVerifier
             String trustedHostname = 
trimToEmpty(context.getProperty(PROP_TRUSTED_HOSTNAME).getValue());
             if (!trustedHostname.isEmpty()) {
    -            okHttpClient.setHostnameVerifier(new 
OverrideHostnameVerifier(trustedHostname, okHttpClient.getHostnameVerifier()));
    +            okHttpClientBuilder.hostnameVerifier(new 
OverrideHostnameVerifier(trustedHostname, OkHostnameVerifier.INSTANCE));
             }
     
    -        setAuthenticator(okHttpClient, context);
    +        setAuthenticator(okHttpClientBuilder, context);
     
             useChunked = 
context.getProperty(PROP_USE_CHUNKED_ENCODING).asBoolean();
     
    -        okHttpClientAtomicReference.set(okHttpClient);
    +        okHttpClientAtomicReference.set(okHttpClientBuilder.build());
    +    }
    +
    +    private void setSslSocketFactory(OkHttpClient.Builder 
okHttpClientBuilder, SSLContextService sslService, SSLContext sslContext)
    +            throws IOException, KeyStoreException, CertificateException, 
NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
    +        final String keystoreLocation = sslService.getKeyStoreFile();
    +        final String keystorePass = sslService.getKeyStorePassword();
    +        final String keystoreType = sslService.getKeyStoreType();
    +
    +        // prepare the keystore
    +        final KeyStore keyStore = KeyStore.getInstance(keystoreType);
    +
    +        try (FileInputStream keyStoreStream = new 
FileInputStream(keystoreLocation)) {
    +            keyStore.load(keyStoreStream, keystorePass.toCharArray());
    +        }
    +
    +        final KeyManagerFactory keyManagerFactory = 
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    +        keyManagerFactory.init(keyStore, keystorePass.toCharArray());
    +
    +        // load truststore
    +        final String truststoreLocation = sslService.getTrustStoreFile();
    +        final String truststorePass = sslService.getTrustStorePassword();
    +        final String truststoreType = sslService.getTrustStoreType();
    +
    +        KeyStore truststore = KeyStore.getInstance(truststoreType);
    +        final TrustManagerFactory trustManagerFactory = 
TrustManagerFactory.getInstance("X509");
    +        truststore.load(new FileInputStream(truststoreLocation), 
truststorePass.toCharArray());
    +        trustManagerFactory.init(truststore);
    +
    +        final X509TrustManager x509TrustManager;
    +        TrustManager[] trustManagers = 
trustManagerFactory.getTrustManagers();
    +        if (trustManagers[0] != null) {
    --- End diff --
    
    when reading this code, I thought to myself "what if trustManagers is null? 
what if the one you want isn't the 0th item in the list", and had to do some 
digging to convince myself that those are very unlikely scenarios - comments 
here would _greatly_ help maintainability.


> InvokeHttp's underlying library for Digest Auth uses the Android logger
> -----------------------------------------------------------------------
>
>                 Key: NIFI-2162
>                 URL: https://issues.apache.org/jira/browse/NIFI-2162
>             Project: Apache NiFi
>          Issue Type: Bug
>            Reporter: Joseph Percivall
>            Assignee: Joseph Percivall
>
> A user emailed the User mailing list with an issue that InvokeHttp was 
> failing due to not being able to find "android/util/Log"[1]. InvokeHttp uses 
> OkHttp and the library they recommend for digest authentication is 
> okhttp-digest[2]. Currently okhttp-digest assumes it's running on an Android 
> device and has access to the Android logger (OkHttp does not assume it's on 
> an Android device). 
> I raised an issue about it on the project's github page[3] and the creator 
> said he "Will change this soonish."
> Once that is addressed, InvokeHttp will need to update the versions of OkHttp 
> and okhttp-digest. 
> [1] http://mail-archives.apache.org/mod_mbox/nifi-users/201606.mbox/browser
> [2] https://github.com/square/okhttp/issues/205
> [3] https://github.com/rburgst/okhttp-digest/issues/13



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to