minifi-commons/minifi-commons-schema/src/main/java/org/apache/nifi/minifi/commons/schema/SecurityPropertiesSchema.java - nifi-minifi - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.nifi.minifi.commons.schema;

 import org.apache.nifi.minifi.commons.schema.common.BaseSchema;
 import org.apache.nifi.minifi.commons.schema.common.StringUtil;
 import org.apache.nifi.minifi.commons.schema.common.WritableSchema;

 import java.util.Map;

 import static org.apache.nifi.minifi.commons.schema.common.CommonPropertyKeys.SECURITY_PROPS_KEY;
 import static org.apache.nifi.minifi.commons.schema.common.CommonPropertyKeys.SENSITIVE_PROPS_KEY;

 /**
  *
  */
 public class SecurityPropertiesSchema extends BaseSchema implements WritableSchema {

     public static final String KEYSTORE_KEY = "keystore";
     public static final String KEYSTORE_TYPE_KEY = "keystore type";
     public static final String KEYSTORE_PASSWORD_KEY = "keystore password";
     public static final String KEY_PASSWORD_KEY = "key password";
     public static final String TRUSTSTORE_KEY = "truststore";
     public static final String TRUSTSTORE_TYPE_KEY = "truststore type";
     public static final String TRUSTSTORE_PASSWORD_KEY = "truststore password";
     public static final String SSL_PROTOCOL_KEY = "ssl protocol";

     private String keystore = "";
     private String keystoreType = "";
     private String keystorePassword = "";
     private String keyPassword = "";
     private String truststore = "";
     private String truststoreType = "";
     private String truststorePassword = "";
     private String sslProtocol = "";
     private SensitivePropsSchema sensitiveProps;

     public SecurityPropertiesSchema() {
         sensitiveProps = new SensitivePropsSchema();
     }

     public SecurityPropertiesSchema(Map map) {
         keystore = getOptionalKeyAsType(map, KEYSTORE_KEY, String.class, SECURITY_PROPS_KEY, "");

         keystoreType = getOptionalKeyAsType(map, KEYSTORE_TYPE_KEY, String.class, SECURITY_PROPS_KEY, "");
         if (!StringUtil.isNullOrEmpty(keystoreType)) {
             if (validateStoreType(keystoreType)) {
                 addValidationIssue(KEYSTORE_TYPE_KEY, SECURITY_PROPS_KEY, "it is not a supported type (must be either PKCS12 or JKS format)");
             }
         }

         keystorePassword = getOptionalKeyAsType(map, KEYSTORE_PASSWORD_KEY, String.class, SECURITY_PROPS_KEY, "");

         keyPassword = getOptionalKeyAsType(map, KEY_PASSWORD_KEY, String.class, SECURITY_PROPS_KEY, "");

         truststore = getOptionalKeyAsType(map, TRUSTSTORE_KEY, String.class, SECURITY_PROPS_KEY, "");

         truststoreType = getOptionalKeyAsType(map, TRUSTSTORE_TYPE_KEY, String.class, SECURITY_PROPS_KEY, "");
         if (!StringUtil.isNullOrEmpty(truststoreType)) {
             if (validateStoreType(truststoreType)) {
                 addValidationIssue(TRUSTSTORE_TYPE_KEY, SECURITY_PROPS_KEY, "it is not a supported type (must be either PKCS12 or JKS format)");
             }
         }

         truststorePassword = getOptionalKeyAsType(map, TRUSTSTORE_PASSWORD_KEY, String.class, SECURITY_PROPS_KEY, "");

         sslProtocol = getOptionalKeyAsType(map, SSL_PROTOCOL_KEY, String.class, SECURITY_PROPS_KEY, "");
         if (!StringUtil.isNullOrEmpty(sslProtocol)) {
             switch (sslProtocol) {
                 case "SSL":
                     break;
                 case "SSLv2Hello":
                     break;
                 case "SSLv3":
                     break;
                 case "TLS":
                     break;
                 case "TLSv1":
                     break;
                 case "TLSv1.1":
                     break;
                 case "TLSv1.2":
                     break;
                 default:
                     addValidationIssue(SSL_PROTOCOL_KEY, SECURITY_PROPS_KEY, "it is not an allowable value of SSL protocol");
                     break;
             }
             if (StringUtil.isNullOrEmpty(keystore)) {
                 addValidationIssue("When the '" + SSL_PROTOCOL_KEY + "' key of '" + SECURITY_PROPS_KEY + "' is set, the '" + KEYSTORE_KEY + "' must also be set");
             } else if (StringUtil.isNullOrEmpty(keystoreType) || StringUtil.isNullOrEmpty(keystorePassword) || StringUtil.isNullOrEmpty(keyPassword)) {
                 addValidationIssue("When the '" + KEYSTORE_KEY + "' key of '" + SECURITY_PROPS_KEY + "' is set, the '" + KEYSTORE_TYPE_KEY + "', '" + KEYSTORE_PASSWORD_KEY +
                         "' and '" + KEY_PASSWORD_KEY + "' all must also be set");
             }

             if (!StringUtil.isNullOrEmpty(truststore) && (StringUtil.isNullOrEmpty(truststoreType) || StringUtil.isNullOrEmpty(truststorePassword))) {
                 addValidationIssue("When the '" + TRUSTSTORE_KEY + "' key of '" + SECURITY_PROPS_KEY + "' is set, the '" + TRUSTSTORE_TYPE_KEY + "' and '" +
                         TRUSTSTORE_PASSWORD_KEY + "' must also be set");
             }
         }

         sensitiveProps = getMapAsType(map, SENSITIVE_PROPS_KEY, SensitivePropsSchema.class, SECURITY_PROPS_KEY, false);

         addIssuesIfNotNull(sensitiveProps);
     }

     @Override
     public Map<String, Object> toMap() {
         Map<String, Object> result = mapSupplier.get();
         result.put(KEYSTORE_KEY, keystore);
         result.put(KEYSTORE_TYPE_KEY, keystoreType);
         result.put(KEYSTORE_PASSWORD_KEY, keystorePassword);
         result.put(KEY_PASSWORD_KEY, keyPassword);
         result.put(TRUSTSTORE_KEY, truststore);
         result.put(TRUSTSTORE_TYPE_KEY, truststoreType);
         result.put(TRUSTSTORE_PASSWORD_KEY, truststorePassword);
         result.put(SSL_PROTOCOL_KEY, sslProtocol);
         putIfNotNull(result, SENSITIVE_PROPS_KEY, sensitiveProps);
         return result;
     }

     private boolean validateStoreType(String store) {
         return !store.isEmpty() && !(store.equalsIgnoreCase("JKS") || store.equalsIgnoreCase("PKCS12"));
     }

     public boolean useSSL() {
         return !StringUtil.isNullOrEmpty(sslProtocol);
     }

     public String getKeystore() {
         return keystore;
     }

     public String getKeystoreType() {
         return keystoreType;
     }

     public String getKeystorePassword() {
         return keystorePassword;
     }

     public String getKeyPassword() {
         return keyPassword;
     }

     public String getTruststore() {
         return truststore;
     }

     public String getTruststoreType() {
         return truststoreType;
     }

     public String getTruststorePassword() {
         return truststorePassword;
     }

     public String getSslProtocol() {
         return sslProtocol;
     }

     public SensitivePropsSchema getSensitiveProps() {
         return sensitiveProps;
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.nifi.minifi.commons.schema;

	import org.apache.nifi.minifi.commons.schema.common.BaseSchema;
	import org.apache.nifi.minifi.commons.schema.common.StringUtil;
	import org.apache.nifi.minifi.commons.schema.common.WritableSchema;

	import java.util.Map;

	import static org.apache.nifi.minifi.commons.schema.common.CommonPropertyKeys.SECURITY_PROPS_KEY;
	import static org.apache.nifi.minifi.commons.schema.common.CommonPropertyKeys.SENSITIVE_PROPS_KEY;

	/**
	*
	*/
	public class SecurityPropertiesSchema extends BaseSchema implements WritableSchema {

	public static final String KEYSTORE_KEY = "keystore";
	public static final String KEYSTORE_TYPE_KEY = "keystore type";
	public static final String KEYSTORE_PASSWORD_KEY = "keystore password";
	public static final String KEY_PASSWORD_KEY = "key password";
	public static final String TRUSTSTORE_KEY = "truststore";
	public static final String TRUSTSTORE_TYPE_KEY = "truststore type";
	public static final String TRUSTSTORE_PASSWORD_KEY = "truststore password";
	public static final String SSL_PROTOCOL_KEY = "ssl protocol";

	private String keystore = "";
	private String keystoreType = "";
	private String keystorePassword = "";
	private String keyPassword = "";
	private String truststore = "";
	private String truststoreType = "";
	private String truststorePassword = "";
	private String sslProtocol = "";
	private SensitivePropsSchema sensitiveProps;

	public SecurityPropertiesSchema() {
	sensitiveProps = new SensitivePropsSchema();
	}

	public SecurityPropertiesSchema(Map map) {
	keystore = getOptionalKeyAsType(map, KEYSTORE_KEY, String.class, SECURITY_PROPS_KEY, "");

	keystoreType = getOptionalKeyAsType(map, KEYSTORE_TYPE_KEY, String.class, SECURITY_PROPS_KEY, "");
	if (!StringUtil.isNullOrEmpty(keystoreType)) {
	if (validateStoreType(keystoreType)) {
	addValidationIssue(KEYSTORE_TYPE_KEY, SECURITY_PROPS_KEY, "it is not a supported type (must be either PKCS12 or JKS format)");
	}
	}

	keystorePassword = getOptionalKeyAsType(map, KEYSTORE_PASSWORD_KEY, String.class, SECURITY_PROPS_KEY, "");

	keyPassword = getOptionalKeyAsType(map, KEY_PASSWORD_KEY, String.class, SECURITY_PROPS_KEY, "");

	truststore = getOptionalKeyAsType(map, TRUSTSTORE_KEY, String.class, SECURITY_PROPS_KEY, "");

	truststoreType = getOptionalKeyAsType(map, TRUSTSTORE_TYPE_KEY, String.class, SECURITY_PROPS_KEY, "");
	if (!StringUtil.isNullOrEmpty(truststoreType)) {
	if (validateStoreType(truststoreType)) {
	addValidationIssue(TRUSTSTORE_TYPE_KEY, SECURITY_PROPS_KEY, "it is not a supported type (must be either PKCS12 or JKS format)");
	}
	}

	truststorePassword = getOptionalKeyAsType(map, TRUSTSTORE_PASSWORD_KEY, String.class, SECURITY_PROPS_KEY, "");

	sslProtocol = getOptionalKeyAsType(map, SSL_PROTOCOL_KEY, String.class, SECURITY_PROPS_KEY, "");
	if (!StringUtil.isNullOrEmpty(sslProtocol)) {
	switch (sslProtocol) {
	case "SSL":
	break;
	case "SSLv2Hello":
	break;
	case "SSLv3":
	break;
	case "TLS":
	break;
	case "TLSv1":
	break;
	case "TLSv1.1":
	break;
	case "TLSv1.2":
	break;
	default:
	addValidationIssue(SSL_PROTOCOL_KEY, SECURITY_PROPS_KEY, "it is not an allowable value of SSL protocol");
	break;
	}
	if (StringUtil.isNullOrEmpty(keystore)) {
	addValidationIssue("When the '" + SSL_PROTOCOL_KEY + "' key of '" + SECURITY_PROPS_KEY + "' is set, the '" + KEYSTORE_KEY + "' must also be set");
	} else if (StringUtil.isNullOrEmpty(keystoreType) \|\| StringUtil.isNullOrEmpty(keystorePassword) \|\| StringUtil.isNullOrEmpty(keyPassword)) {
	addValidationIssue("When the '" + KEYSTORE_KEY + "' key of '" + SECURITY_PROPS_KEY + "' is set, the '" + KEYSTORE_TYPE_KEY + "', '" + KEYSTORE_PASSWORD_KEY +
	"' and '" + KEY_PASSWORD_KEY + "' all must also be set");
	}

	if (!StringUtil.isNullOrEmpty(truststore) && (StringUtil.isNullOrEmpty(truststoreType) \|\| StringUtil.isNullOrEmpty(truststorePassword))) {
	addValidationIssue("When the '" + TRUSTSTORE_KEY + "' key of '" + SECURITY_PROPS_KEY + "' is set, the '" + TRUSTSTORE_TYPE_KEY + "' and '" +
	TRUSTSTORE_PASSWORD_KEY + "' must also be set");
	}
	}

	sensitiveProps = getMapAsType(map, SENSITIVE_PROPS_KEY, SensitivePropsSchema.class, SECURITY_PROPS_KEY, false);

	addIssuesIfNotNull(sensitiveProps);
	}

	@Override
	public Map<String, Object> toMap() {
	Map<String, Object> result = mapSupplier.get();
	result.put(KEYSTORE_KEY, keystore);
	result.put(KEYSTORE_TYPE_KEY, keystoreType);
	result.put(KEYSTORE_PASSWORD_KEY, keystorePassword);
	result.put(KEY_PASSWORD_KEY, keyPassword);
	result.put(TRUSTSTORE_KEY, truststore);
	result.put(TRUSTSTORE_TYPE_KEY, truststoreType);
	result.put(TRUSTSTORE_PASSWORD_KEY, truststorePassword);
	result.put(SSL_PROTOCOL_KEY, sslProtocol);
	putIfNotNull(result, SENSITIVE_PROPS_KEY, sensitiveProps);
	return result;
	}

	private boolean validateStoreType(String store) {
	return !store.isEmpty() && !(store.equalsIgnoreCase("JKS") \|\| store.equalsIgnoreCase("PKCS12"));
	}

	public boolean useSSL() {
	return !StringUtil.isNullOrEmpty(sslProtocol);
	}

	public String getKeystore() {
	return keystore;
	}

	public String getKeystoreType() {
	return keystoreType;
	}

	public String getKeystorePassword() {
	return keystorePassword;
	}

	public String getKeyPassword() {
	return keyPassword;
	}

	public String getTruststore() {
	return truststore;
	}

	public String getTruststoreType() {
	return truststoreType;
	}

	public String getTruststorePassword() {
	return truststorePassword;
	}

	public String getSslProtocol() {
	return sslProtocol;
	}

	public SensitivePropsSchema getSensitiveProps() {
	return sensitiveProps;
	}
	}