Github user kevdoran commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2376#discussion_r159983212
--- Diff:
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/util/NiFiRegistryIdentityProvidersXmlEncryptor.groovy
---
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig.util
+
+import groovy.xml.XmlUtil
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+import org.xml.sax.SAXException
+
+class NiFiRegistryIdentityProvidersXmlEncryptor extends XmlEncryptor {
+
+ private static final Logger logger =
LoggerFactory.getLogger(NiFiRegistryIdentityProvidersXmlEncryptor.class)
+
+ private static final String LDAP_PROVIDER_CLASS =
"org.apache.nifi.registry.security.ldap.LdapIdentityProvider"
+ private static final String LDAP_PROVIDER_REGEX =
/(?s)<provider>(?:(?!<provider>).)*?<class>\s*org\.apache\.nifi\.registry\.security\.ldap\.LdapIdentityProvider.*?<\/provider>/
+ /* Explanation of LDAP_PROVIDER_REGEX:
+ * (?s) -> single-line mode (i.e., `.`
in regex matches newlines)
+ * <provider> -> find occurrence of
`<provider>` literally (case-sensitive)
+ * (?: ... ) -> group but do not capture
submatch
+ * (?! ... ) -> negative lookahead
+ * (?:(?!<provider>).)*? -> find everything until a new
`<provider>` starts. This is for not selecting multiple providers in one match
+ * <class> -> find occurrence of `<class>`
literally (case-sensitive)
+ * \s* -> find any whitespace
+ * org\.apache\.nifi\.registry\.security\.ldap\.LdapIdentityProvider
+ * -> find occurrence of
`org.apache.nifi.registry.security.ldap.LdapIdentityProvider` literally
(case-sensitive)
+ * .*?</provider> -> find everything as needed up
until and including occurrence of `</provider>`
+ */
+
+ NiFiRegistryIdentityProvidersXmlEncryptor(SensitivePropertyProvider
encryptionProvider, SensitivePropertyProvider decryptionProvider) {
+ super(encryptionProvider, decryptionProvider)
+ }
+
+ @Override
+ String encrypt(String plainXmlContent) {
--- End diff --
- [ ] Add Javadoc to sub-classes of XMLEncryptor
---
