Github user kevdoran commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2376#discussion_r159982520
--- Diff:
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy
---
@@ -0,0 +1,143 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+/**
+ * A special DecryptMode that can run using NiFiRegistry CLI Options
+ */
+class NiFiRegistryDecryptMode extends DecryptMode {
+
+ private static final Logger logger =
LoggerFactory.getLogger(NiFiRegistryDecryptMode.class)
+
+ CliBuilder cli
+
+ NiFiRegistryDecryptMode() {
+ cli = NiFiRegistryMode.cliBuilder()
+ }
+
+ @Override
+ void run(String[] args) {
+ logger.warn("The decryption capability of this tool is still
considered experimental. The results should be manually verified.")
+ try {
+
+ def options = cli.parse(args)
+
+ if (!options || options.h) {
+ EncryptConfigMain.printUsageAndExit("",
EncryptConfigMain.EXIT_STATUS_OTHER)
+ }
+
+ EncryptConfigLogger.configureLogger(options.v)
+
+ DecryptConfiguration config = new DecryptConfiguration()
+
+ /* Invalid fields when used with --decrypt: */
+ def invalidDecryptOptions = ["i", "a"]
+ def presentInvalidOptions =
Arrays.stream(options.getInner().getOptions()).findAll {
+ invalidDecryptOptions.contains(it.getOpt())
+ }
+ if (presentInvalidOptions.size() > 0) {
+ throw new RuntimeException("Invalid options:
${EncryptConfigMain.DECRYPT_OPT} cannot be used with
[${presentInvalidOptions.join(", ")}]. It should only be used with [-r].")
+ }
+
+ /* Required fields when using --decrypt */
+ // registryPropertiesFile (-r)
+ if (!options.r) {
+ throw new RuntimeException("Invalid options: Input
nifiRegistryProperties (-r) is required when using --decrypt")
+ }
+ config.inputFilePath = options.r
+ config.fileType = FileType.properties // disables
auto-detection, which is still experimental
+
+ // one of [--oldPassword, --oldKey] or [-p, -k, -b <file]
+ String keyHex = null
--- End diff --
- [ ] apply patch and remove options for --oldPassword and --oldKey as
discussed
---
