Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added support for SSL connections with client authentication #31

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Added support for SSL connections with client authentication #31

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c9cb213
Added support for SSL connections with client authentication
simonellistonball Jun 22, 2016
3a40dc4
Added option to shield hostname verification
simonellistonball Jul 5, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 33 additions & 2 deletions NiFiDeploy.groovy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,13 @@ import static groovyx.net.http.ContentType.JSON
import static groovyx.net.http.ContentType.URLENC
import static groovyx.net.http.Method.POST


import java.security.KeyStore
import org.apache.http.conn.scheme.Scheme
import org.apache.http.conn.ssl.SSLSocketFactory;

@Grab(group='org.codehaus.groovy.modules.http-builder',
module='http-builder',
version='0.7.1')
version='0.7.2')
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@simonellistonball any reason for this upgrade required for this PR or was it just a general pull up?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just tidying. The only significant change is better docs around ignoreSSL, which I don't use.

@Grab(group='org.yaml',
module='snakeyaml',
version='1.17')
Expand All @@ -40,6 +42,15 @@ cli.with {
args:1, argName:'uri', type:String.class
c longOpt: 'client-id', 'Client ID for API calls, any unique string (override)',
args:1, argName:'id', type:String.class
k longOpt: 'keystore', 'The keystore file for ssl',
args:1, argName:'keystore', type:String.class
p longOpt: 'keypasswd', 'The password for the keystore',
args:1, argName:'keypasswd', type:String.class
u longOpt: 'truststore', 'The keystore file for ssl',
args:1, argName:'truststore', type:String.class
r longOpt: 'truststorePasswd', 'The password for the truststore',
args:1, argName:'truststorePasswd', type:String.class
o longOpt: 'noverify', 'Do not verify host names for SSL'
}

def opts = cli.parse(args)
Expand Down Expand Up @@ -568,6 +579,26 @@ nifiHostPort = nifiHostPort.endsWith('/') ? nifiHostPort[0..-2] : nifiHostPort
assert nifiHostPort : "No NiFI REST API endpoint provided"

nifi = new RESTClient("$nifiHostPort/nifi-api/")

if (nifiHostPort.startsWith("https")) {
// add keystore
def keyStore = KeyStore.getInstance( KeyStore.defaultType )
keyStore.load(new FileInputStream(opts.keystore), opts.keypasswd.toCharArray())
// add trustStore
SSLSocketFactory sf;
if (opts.truststore) {
def trustStore = KeyStore.getInstance( KeyStore.defaultType )
trustStore.load(new FileInputStream(opts.truststore), opts.truststorePasswd.toCharArray())
sf = new SSLSocketFactory(keyStore, opts.keypasswd, trustStore)
} else {
sf = new SSLSocketFactory(keyStore)
}
if (opts.noverify) {
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
}
nifi.client.connectionManager.schemeRegistry.register(new Scheme("https", sf, 443))
}

nifi.handler.failure = { resp, data ->
resp.setData(data?.text)
println "[ERROR] HTTP call failed. Status code: $resp.statusLine: $resp.data"
Expand Down