[
https://issues.apache.org/jira/browse/NIFI-2162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16120719#comment-16120719
]
ASF GitHub Bot commented on NIFI-2162:
--------------------------------------
Github user JPercivall commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2004#discussion_r132318693
--- Diff:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
---
@@ -500,48 +512,88 @@ public void onPropertyModified(final
PropertyDescriptor descriptor, final String
}
@OnScheduled
- public void setUpClient(final ProcessContext context) throws
IOException {
+ public void setUpClient(final ProcessContext context) throws
IOException, UnrecoverableKeyException, CertificateException,
NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
okHttpClientAtomicReference.set(null);
- OkHttpClient okHttpClient = new OkHttpClient();
+ OkHttpClient.Builder okHttpClientBuilder = new
OkHttpClient().newBuilder();
// Add a proxy if set
final String proxyHost =
context.getProperty(PROP_PROXY_HOST).getValue();
final Integer proxyPort =
context.getProperty(PROP_PROXY_PORT).asInteger();
if (proxyHost != null && proxyPort != null) {
final Proxy proxy = new Proxy(Type.HTTP, new
InetSocketAddress(proxyHost, proxyPort));
- okHttpClient.setProxy(proxy);
+ okHttpClientBuilder.proxy(proxy);
}
// Set timeouts
-
okHttpClient.setConnectTimeout((context.getProperty(PROP_CONNECT_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue()),
TimeUnit.MILLISECONDS);
-
okHttpClient.setReadTimeout(context.getProperty(PROP_READ_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue(),
TimeUnit.MILLISECONDS);
+
okHttpClientBuilder.connectTimeout((context.getProperty(PROP_CONNECT_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue()),
TimeUnit.MILLISECONDS);
+
okHttpClientBuilder.readTimeout(context.getProperty(PROP_READ_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue(),
TimeUnit.MILLISECONDS);
// Set whether to follow redirects
-
okHttpClient.setFollowRedirects(context.getProperty(PROP_FOLLOW_REDIRECTS).asBoolean());
+
okHttpClientBuilder.followRedirects(context.getProperty(PROP_FOLLOW_REDIRECTS).asBoolean());
final SSLContextService sslService =
context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
final SSLContext sslContext = sslService == null ? null :
sslService.createSSLContext(ClientAuth.NONE);
// check if the ssl context is set and add the factory if so
if (sslContext != null) {
-
okHttpClient.setSslSocketFactory(sslContext.getSocketFactory());
+ setSslSocketFactory(okHttpClientBuilder, sslService,
sslContext);
}
// check the trusted hostname property and override the
HostnameVerifier
String trustedHostname =
trimToEmpty(context.getProperty(PROP_TRUSTED_HOSTNAME).getValue());
if (!trustedHostname.isEmpty()) {
- okHttpClient.setHostnameVerifier(new
OverrideHostnameVerifier(trustedHostname, okHttpClient.getHostnameVerifier()));
+ okHttpClientBuilder.hostnameVerifier(new
OverrideHostnameVerifier(trustedHostname, OkHostnameVerifier.INSTANCE));
}
- setAuthenticator(okHttpClient, context);
+ setAuthenticator(okHttpClientBuilder, context);
useChunked =
context.getProperty(PROP_USE_CHUNKED_ENCODING).asBoolean();
- okHttpClientAtomicReference.set(okHttpClient);
+ okHttpClientAtomicReference.set(okHttpClientBuilder.build());
+ }
+
+ private void setSslSocketFactory(OkHttpClient.Builder
okHttpClientBuilder, SSLContextService sslService, SSLContext sslContext)
+ throws IOException, KeyStoreException, CertificateException,
NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
+ final String keystoreLocation = sslService.getKeyStoreFile();
+ final String keystorePass = sslService.getKeyStorePassword();
+ final String keystoreType = sslService.getKeyStoreType();
+
+ // prepare the keystore
+ final KeyStore keyStore = KeyStore.getInstance(keystoreType);
+
+ try (FileInputStream keyStoreStream = new
FileInputStream(keystoreLocation)) {
+ keyStore.load(keyStoreStream, keystorePass.toCharArray());
+ }
+
+ final KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ keyManagerFactory.init(keyStore, keystorePass.toCharArray());
+
+ // load truststore
+ final String truststoreLocation = sslService.getTrustStoreFile();
+ final String truststorePass = sslService.getTrustStorePassword();
+ final String truststoreType = sslService.getTrustStoreType();
+
+ KeyStore truststore = KeyStore.getInstance(truststoreType);
+ final TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance("X509");
+ truststore.load(new FileInputStream(truststoreLocation),
truststorePass.toCharArray());
+ trustManagerFactory.init(truststore);
+
+ final X509TrustManager x509TrustManager;
+ TrustManager[] trustManagers =
trustManagerFactory.getTrustManagers();
+ if (trustManagers[0] != null) {
--- End diff --
Yeah, I admittedly did a poor job with that because I just pulled it from
my work I did a little bit ago on MiNiFi-java which did the exact same thing. I
can add some comments though.
> InvokeHttp's underlying library for Digest Auth uses the Android logger
> -----------------------------------------------------------------------
>
> Key: NIFI-2162
> URL: https://issues.apache.org/jira/browse/NIFI-2162
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Joseph Percivall
> Assignee: Joseph Percivall
>
> A user emailed the User mailing list with an issue that InvokeHttp was
> failing due to not being able to find "android/util/Log"[1]. InvokeHttp uses
> OkHttp and the library they recommend for digest authentication is
> okhttp-digest[2]. Currently okhttp-digest assumes it's running on an Android
> device and has access to the Android logger (OkHttp does not assume it's on
> an Android device).
> I raised an issue about it on the project's github page[3] and the creator
> said he "Will change this soonish."
> Once that is addressed, InvokeHttp will need to update the versions of OkHttp
> and okhttp-digest.
> [1] http://mail-archives.apache.org/mod_mbox/nifi-users/201606.mbox/browser
> [2] https://github.com/square/okhttp/issues/205
> [3] https://github.com/rburgst/okhttp-digest/issues/13
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
