[ 
https://issues.apache.org/jira/browse/NIFI-2162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16120719#comment-16120719
 ] 

ASF GitHub Bot commented on NIFI-2162:
--------------------------------------

Github user JPercivall commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2004#discussion_r132318693
  
    --- Diff: 
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
 ---
    @@ -500,48 +512,88 @@ public void onPropertyModified(final 
PropertyDescriptor descriptor, final String
         }
     
         @OnScheduled
    -    public void setUpClient(final ProcessContext context) throws 
IOException {
    +    public void setUpClient(final ProcessContext context) throws 
IOException, UnrecoverableKeyException, CertificateException, 
NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
             okHttpClientAtomicReference.set(null);
     
    -        OkHttpClient okHttpClient = new OkHttpClient();
    +        OkHttpClient.Builder okHttpClientBuilder = new 
OkHttpClient().newBuilder();
     
             // Add a proxy if set
             final String proxyHost = 
context.getProperty(PROP_PROXY_HOST).getValue();
             final Integer proxyPort = 
context.getProperty(PROP_PROXY_PORT).asInteger();
             if (proxyHost != null && proxyPort != null) {
                 final Proxy proxy = new Proxy(Type.HTTP, new 
InetSocketAddress(proxyHost, proxyPort));
    -            okHttpClient.setProxy(proxy);
    +            okHttpClientBuilder.proxy(proxy);
             }
     
             // Set timeouts
    -        
okHttpClient.setConnectTimeout((context.getProperty(PROP_CONNECT_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue()),
 TimeUnit.MILLISECONDS);
    -        
okHttpClient.setReadTimeout(context.getProperty(PROP_READ_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue(),
 TimeUnit.MILLISECONDS);
    +        
okHttpClientBuilder.connectTimeout((context.getProperty(PROP_CONNECT_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue()),
 TimeUnit.MILLISECONDS);
    +        
okHttpClientBuilder.readTimeout(context.getProperty(PROP_READ_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue(),
 TimeUnit.MILLISECONDS);
     
             // Set whether to follow redirects
    -        
okHttpClient.setFollowRedirects(context.getProperty(PROP_FOLLOW_REDIRECTS).asBoolean());
    +        
okHttpClientBuilder.followRedirects(context.getProperty(PROP_FOLLOW_REDIRECTS).asBoolean());
     
             final SSLContextService sslService = 
context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
             final SSLContext sslContext = sslService == null ? null : 
sslService.createSSLContext(ClientAuth.NONE);
     
             // check if the ssl context is set and add the factory if so
             if (sslContext != null) {
    -            
okHttpClient.setSslSocketFactory(sslContext.getSocketFactory());
    +            setSslSocketFactory(okHttpClientBuilder, sslService, 
sslContext);
             }
     
             // check the trusted hostname property and override the 
HostnameVerifier
             String trustedHostname = 
trimToEmpty(context.getProperty(PROP_TRUSTED_HOSTNAME).getValue());
             if (!trustedHostname.isEmpty()) {
    -            okHttpClient.setHostnameVerifier(new 
OverrideHostnameVerifier(trustedHostname, okHttpClient.getHostnameVerifier()));
    +            okHttpClientBuilder.hostnameVerifier(new 
OverrideHostnameVerifier(trustedHostname, OkHostnameVerifier.INSTANCE));
             }
     
    -        setAuthenticator(okHttpClient, context);
    +        setAuthenticator(okHttpClientBuilder, context);
     
             useChunked = 
context.getProperty(PROP_USE_CHUNKED_ENCODING).asBoolean();
     
    -        okHttpClientAtomicReference.set(okHttpClient);
    +        okHttpClientAtomicReference.set(okHttpClientBuilder.build());
    +    }
    +
    +    private void setSslSocketFactory(OkHttpClient.Builder 
okHttpClientBuilder, SSLContextService sslService, SSLContext sslContext)
    +            throws IOException, KeyStoreException, CertificateException, 
NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
    +        final String keystoreLocation = sslService.getKeyStoreFile();
    +        final String keystorePass = sslService.getKeyStorePassword();
    +        final String keystoreType = sslService.getKeyStoreType();
    +
    +        // prepare the keystore
    +        final KeyStore keyStore = KeyStore.getInstance(keystoreType);
    +
    +        try (FileInputStream keyStoreStream = new 
FileInputStream(keystoreLocation)) {
    +            keyStore.load(keyStoreStream, keystorePass.toCharArray());
    +        }
    +
    +        final KeyManagerFactory keyManagerFactory = 
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    +        keyManagerFactory.init(keyStore, keystorePass.toCharArray());
    +
    +        // load truststore
    +        final String truststoreLocation = sslService.getTrustStoreFile();
    +        final String truststorePass = sslService.getTrustStorePassword();
    +        final String truststoreType = sslService.getTrustStoreType();
    +
    +        KeyStore truststore = KeyStore.getInstance(truststoreType);
    +        final TrustManagerFactory trustManagerFactory = 
TrustManagerFactory.getInstance("X509");
    +        truststore.load(new FileInputStream(truststoreLocation), 
truststorePass.toCharArray());
    +        trustManagerFactory.init(truststore);
    +
    +        final X509TrustManager x509TrustManager;
    +        TrustManager[] trustManagers = 
trustManagerFactory.getTrustManagers();
    +        if (trustManagers[0] != null) {
    --- End diff --
    
    Yeah, I admittedly did a poor job with that because I just pulled it from 
my work I did a little bit ago on MiNiFi-java which did the exact same thing. I 
can add some comments though.


> InvokeHttp's underlying library for Digest Auth uses the Android logger
> -----------------------------------------------------------------------
>
>                 Key: NIFI-2162
>                 URL: https://issues.apache.org/jira/browse/NIFI-2162
>             Project: Apache NiFi
>          Issue Type: Bug
>            Reporter: Joseph Percivall
>            Assignee: Joseph Percivall
>
> A user emailed the User mailing list with an issue that InvokeHttp was 
> failing due to not being able to find "android/util/Log"[1]. InvokeHttp uses 
> OkHttp and the library they recommend for digest authentication is 
> okhttp-digest[2]. Currently okhttp-digest assumes it's running on an Android 
> device and has access to the Android logger (OkHttp does not assume it's on 
> an Android device). 
> I raised an issue about it on the project's github page[3] and the creator 
> said he "Will change this soonish."
> Once that is addressed, InvokeHttp will need to update the versions of OkHttp 
> and okhttp-digest. 
> [1] http://mail-archives.apache.org/mod_mbox/nifi-users/201606.mbox/browser
> [2] https://github.com/square/okhttp/issues/205
> [3] https://github.com/rburgst/okhttp-digest/issues/13



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to