nifi-commons/nifi-vault-utils/src/main/java/org/apache/nifi/vault/hashicorp/config/HashiCorpVaultProperties.java - nifi - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.nifi.vault.hashicorp.config;

 import org.apache.nifi.vault.hashicorp.HashiCorpVaultConfigurationException;

 import java.io.File;
 import java.nio.file.Paths;
 import java.util.Objects;
 import java.util.Optional;

 /**
  * Properties to configure the HashiCorpVaultCommunicationService.  The only properties considered mandatory are uri and
  * authPropertiesFilename. See the following link for valid vault authentication properties (default is
  * vault.authentication=TOKEN, expecting a vault.token property to be supplied).
  *
  * @see <a href="https://docs.spring.io/spring-vault/docs/2.3.1/reference/html/#vault.core.environment-vault-configuration">
  *     https://docs.spring.io/spring-vault/docs/2.3.1/reference/html/#vault.core.environment-vault-configuration</a>
  */
 public class HashiCorpVaultProperties {
     public static final String HTTPS = "https";
     private final String uri;
     private final String authPropertiesFilename;
     private final HashiCorpVaultSslProperties ssl;
     private final Optional<String> connectionTimeout;
     private final Optional<String> readTimeout;

     private HashiCorpVaultProperties(final String uri, String keyStore, final String keyStoreType, final String keyStorePassword, final String trustStore,
                                      final String trustStoreType, final String trustStorePassword, final String authPropertiesFilename,
                                      final String enabledTlsCipherSuites, final String enabledTlsProtocols, final String connectionTimeout, final String readTimeout) {
         Objects.requireNonNull(uri, "Vault URI is required");
         Objects.requireNonNull(authPropertiesFilename, "Vault auth properties filename is required");
         this.uri = uri;
         this.authPropertiesFilename = authPropertiesFilename;
         this.ssl = new HashiCorpVaultSslProperties(keyStore, keyStoreType, keyStorePassword, trustStore, trustStoreType, trustStorePassword,
                 enabledTlsCipherSuites, enabledTlsProtocols);
         this.connectionTimeout = connectionTimeout == null ? Optional.empty() : Optional.of(connectionTimeout);
         this.readTimeout = readTimeout == null ? Optional.empty() : Optional.of(readTimeout);

         if (uri.startsWith(HTTPS)) {
             Objects.requireNonNull(keyStore, "KeyStore is required with an https URI");
             Objects.requireNonNull(keyStorePassword, "KeyStore password is required with an https URI");
             Objects.requireNonNull(keyStoreType, "KeyStore type is required with an https URI");
             Objects.requireNonNull(trustStore, "TrustStore is required with an https URI");
             Objects.requireNonNull(trustStorePassword, "TrustStore password is required with an https URI");
             Objects.requireNonNull(trustStoreType, "TrustStore type is required with an https URI");
         }
         validateAuthProperties();
     }

     private void validateAuthProperties() throws HashiCorpVaultConfigurationException {
         final File authPropertiesFile = Paths.get(authPropertiesFilename).toFile();
         if (!authPropertiesFile.exists()) {
             throw new HashiCorpVaultConfigurationException(String.format("Auth properties file [%s] does not exist", authPropertiesFilename));
         }
     }

     @HashiCorpVaultProperty
     public String getUri() {
         return uri;
     }

     @HashiCorpVaultProperty
     public HashiCorpVaultSslProperties getSsl() {
         return ssl;
     }

     @HashiCorpVaultProperty(key = "authentication.properties.file")
     public String getAuthPropertiesFilename() {
         return authPropertiesFilename;
     }

     public Optional<String> getConnectionTimeout() {
         return connectionTimeout;
     }

     public Optional<String> getReadTimeout() {
         return readTimeout;
     }

     /**
      * Builder for HashiCorpVaultProperties.  The only properties that are considered mandatory are uri and authPropertiesFilename.
      */
     public static class HashiCorpVaultPropertiesBuilder {
         private String uri;
         private String keyStore;
         private String keyStoreType;
         private String keyStorePassword;
         private String trustStore;
         private String trustStoreType;
         private String trustStorePassword;
         private String authPropertiesFilename;
         private String enabledTlsCipherSuites;
         private String enabledTlsProtocols;
         private String connectionTimeout;
         private String readTimeout;

         /**
          * Set the Vault URI (e.g., http://localhost:8200).  If using https protocol, the KeyStore and TrustStore
          * properties are expected to also be set.
          * @param uri Vault's URI
          * @return
          */
         public HashiCorpVaultPropertiesBuilder setUri(String uri) {
             this.uri = uri;
             return this;
         }

         /**
          * Sets the path to the keyStore.
          * @param keyStore Path to the keyStore
          * @return
          */
         public HashiCorpVaultPropertiesBuilder setKeyStore(String keyStore) {
             this.keyStore = keyStore;
             return this;
         }

         /**
          * Sets keyStore type (e.g., JKS, PKCS12).
          * @param keyStoreType KeyStore type
          * @return
          */
         public HashiCorpVaultPropertiesBuilder setKeyStoreType(String keyStoreType) {
             this.keyStoreType = keyStoreType;
             return this;
         }

         /**
          * Sets the keyStore password.
          * @param keyStorePassword KeyStore password
          * @return
          */
         public HashiCorpVaultPropertiesBuilder setKeyStorePassword(String keyStorePassword) {
             this.keyStorePassword = keyStorePassword;
             return this;
         }

         /**
          * Sets the path to the trustStore.
          * @param trustStore Path to the trustStore
          * @return
          */
         public HashiCorpVaultPropertiesBuilder setTrustStore(String trustStore) {
             this.trustStore = trustStore;
             return this;
         }

         /**
          * Sets the trustStore type (e.g., JKS, PKCS12).
          * @param trustStoreType TrustStore type
          * @return
          */
         public HashiCorpVaultPropertiesBuilder setTrustStoreType(String trustStoreType) {
             this.trustStoreType = trustStoreType;
             return this;
         }

         /**
          * Sets the trustStore passsword.
          * @param trustStorePassword TrustStore password
          * @return
          */
         public HashiCorpVaultPropertiesBuilder setTrustStorePassword(String trustStorePassword) {
             this.trustStorePassword = trustStorePassword;
             return this;
         }

         /**
          * Sets the path to the vault authentication properties file.  See the following link for valid
          * vault authentication properties (default is vault.authentication=TOKEN, expecting a vault.token property
          * to be supplied).
          * @see <a href="https://docs.spring.io/spring-vault/docs/2.3.1/reference/html/#vault.core.environment-vault-configuration">
          *     https://docs.spring.io/spring-vault/docs/2.3.1/reference/html/#vault.core.environment-vault-configuration</a>
          * @param authPropertiesFilename The filename of a properties file containing Spring Vault authentication
          *                               properties
          * @return
          */
         public HashiCorpVaultPropertiesBuilder setAuthPropertiesFilename(String authPropertiesFilename) {
             this.authPropertiesFilename = authPropertiesFilename;
             return this;
         }

         /**
          * Sets an optional comma-separated list of enabled TLS cipher suites.
          * @param enabledTlsCipherSuites Enabled TLS cipher suites (only these will be enabled)
          * @return
          */
         public HashiCorpVaultPropertiesBuilder setEnabledTlsCipherSuites(String enabledTlsCipherSuites) {
             this.enabledTlsCipherSuites = enabledTlsCipherSuites;
             return this;
         }

         /**
          * Sets an optional comma-separated list of enabled TLS protocols.
          * @param enabledTlsProtocols Enabled TLS protocols (only these will be enabled)
          * @return
          */
         public HashiCorpVaultPropertiesBuilder setEnabledTlsProtocols(String enabledTlsProtocols) {
             this.enabledTlsProtocols = enabledTlsProtocols;
             return this;
         }

         /**
          * Sets the connection timeout for the HTTP client, using the standard NiFi duration format (e.g., 5 secs)
          * @param connectionTimeout Connection timeout (default is 5 secs)
          * @return
          */
         public HashiCorpVaultPropertiesBuilder setConnectionTimeout(String connectionTimeout) {
             this.connectionTimeout = connectionTimeout;
             return this;
         }

         /**
          * Sets the read timeout for the HTTP client, using the standard NiFi duration format (e.g., 15 secs).
          * @param readTimeout Read timeout (default is 15 secs)
          * @return
          */
         public HashiCorpVaultPropertiesBuilder setReadTimeout(String readTimeout) {
             this.readTimeout = readTimeout;
             return this;
         }

         /**
          * Build the VaultProperties.
          * @return
          */
         public HashiCorpVaultProperties build() {
             return new HashiCorpVaultProperties(uri, keyStore, keyStoreType, keyStorePassword, trustStore, trustStoreType,
                     trustStorePassword, authPropertiesFilename, enabledTlsCipherSuites, enabledTlsProtocols, connectionTimeout, readTimeout);
         }
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.nifi.vault.hashicorp.config;

	import org.apache.nifi.vault.hashicorp.HashiCorpVaultConfigurationException;

	import java.io.File;
	import java.nio.file.Paths;
	import java.util.Objects;
	import java.util.Optional;

	/**
	* Properties to configure the HashiCorpVaultCommunicationService. The only properties considered mandatory are uri and
	* authPropertiesFilename. See the following link for valid vault authentication properties (default is
	* vault.authentication=TOKEN, expecting a vault.token property to be supplied).
	*
	* @see <a href="https://docs.spring.io/spring-vault/docs/2.3.1/reference/html/#vault.core.environment-vault-configuration">
	* https://docs.spring.io/spring-vault/docs/2.3.1/reference/html/#vault.core.environment-vault-configuration</a>
	*/
	public class HashiCorpVaultProperties {
	public static final String HTTPS = "https";
	private final String uri;
	private final String authPropertiesFilename;
	private final HashiCorpVaultSslProperties ssl;
	private final Optional<String> connectionTimeout;
	private final Optional<String> readTimeout;

	private HashiCorpVaultProperties(final String uri, String keyStore, final String keyStoreType, final String keyStorePassword, final String trustStore,
	final String trustStoreType, final String trustStorePassword, final String authPropertiesFilename,
	final String enabledTlsCipherSuites, final String enabledTlsProtocols, final String connectionTimeout, final String readTimeout) {
	Objects.requireNonNull(uri, "Vault URI is required");
	Objects.requireNonNull(authPropertiesFilename, "Vault auth properties filename is required");
	this.uri = uri;
	this.authPropertiesFilename = authPropertiesFilename;
	this.ssl = new HashiCorpVaultSslProperties(keyStore, keyStoreType, keyStorePassword, trustStore, trustStoreType, trustStorePassword,
	enabledTlsCipherSuites, enabledTlsProtocols);
	this.connectionTimeout = connectionTimeout == null ? Optional.empty() : Optional.of(connectionTimeout);
	this.readTimeout = readTimeout == null ? Optional.empty() : Optional.of(readTimeout);

	if (uri.startsWith(HTTPS)) {
	Objects.requireNonNull(keyStore, "KeyStore is required with an https URI");
	Objects.requireNonNull(keyStorePassword, "KeyStore password is required with an https URI");
	Objects.requireNonNull(keyStoreType, "KeyStore type is required with an https URI");
	Objects.requireNonNull(trustStore, "TrustStore is required with an https URI");
	Objects.requireNonNull(trustStorePassword, "TrustStore password is required with an https URI");
	Objects.requireNonNull(trustStoreType, "TrustStore type is required with an https URI");
	}
	validateAuthProperties();
	}

	private void validateAuthProperties() throws HashiCorpVaultConfigurationException {
	final File authPropertiesFile = Paths.get(authPropertiesFilename).toFile();
	if (!authPropertiesFile.exists()) {
	throw new HashiCorpVaultConfigurationException(String.format("Auth properties file [%s] does not exist", authPropertiesFilename));
	}
	}

	@HashiCorpVaultProperty
	public String getUri() {
	return uri;
	}

	@HashiCorpVaultProperty
	public HashiCorpVaultSslProperties getSsl() {
	return ssl;
	}

	@HashiCorpVaultProperty(key = "authentication.properties.file")
	public String getAuthPropertiesFilename() {
	return authPropertiesFilename;
	}

	public Optional<String> getConnectionTimeout() {
	return connectionTimeout;
	}

	public Optional<String> getReadTimeout() {
	return readTimeout;
	}

	/**
	* Builder for HashiCorpVaultProperties. The only properties that are considered mandatory are uri and authPropertiesFilename.
	*/
	public static class HashiCorpVaultPropertiesBuilder {
	private String uri;
	private String keyStore;
	private String keyStoreType;
	private String keyStorePassword;
	private String trustStore;
	private String trustStoreType;
	private String trustStorePassword;
	private String authPropertiesFilename;
	private String enabledTlsCipherSuites;
	private String enabledTlsProtocols;
	private String connectionTimeout;
	private String readTimeout;

	/**
	* Set the Vault URI (e.g., http://localhost:8200). If using https protocol, the KeyStore and TrustStore
	* properties are expected to also be set.
	* @param uri Vault's URI
	* @return
	*/
	public HashiCorpVaultPropertiesBuilder setUri(String uri) {
	this.uri = uri;
	return this;
	}

	/**
	* Sets the path to the keyStore.
	* @param keyStore Path to the keyStore
	* @return
	*/
	public HashiCorpVaultPropertiesBuilder setKeyStore(String keyStore) {
	this.keyStore = keyStore;
	return this;
	}

	/**
	* Sets keyStore type (e.g., JKS, PKCS12).
	* @param keyStoreType KeyStore type
	* @return
	*/
	public HashiCorpVaultPropertiesBuilder setKeyStoreType(String keyStoreType) {
	this.keyStoreType = keyStoreType;
	return this;
	}

	/**
	* Sets the keyStore password.
	* @param keyStorePassword KeyStore password
	* @return
	*/
	public HashiCorpVaultPropertiesBuilder setKeyStorePassword(String keyStorePassword) {
	this.keyStorePassword = keyStorePassword;
	return this;
	}

	/**
	* Sets the path to the trustStore.
	* @param trustStore Path to the trustStore
	* @return
	*/
	public HashiCorpVaultPropertiesBuilder setTrustStore(String trustStore) {
	this.trustStore = trustStore;
	return this;
	}

	/**
	* Sets the trustStore type (e.g., JKS, PKCS12).
	* @param trustStoreType TrustStore type
	* @return
	*/
	public HashiCorpVaultPropertiesBuilder setTrustStoreType(String trustStoreType) {
	this.trustStoreType = trustStoreType;
	return this;
	}

	/**
	* Sets the trustStore passsword.
	* @param trustStorePassword TrustStore password
	* @return
	*/
	public HashiCorpVaultPropertiesBuilder setTrustStorePassword(String trustStorePassword) {
	this.trustStorePassword = trustStorePassword;
	return this;
	}

	/**
	* Sets the path to the vault authentication properties file. See the following link for valid
	* vault authentication properties (default is vault.authentication=TOKEN, expecting a vault.token property
	* to be supplied).
	* @see <a href="https://docs.spring.io/spring-vault/docs/2.3.1/reference/html/#vault.core.environment-vault-configuration">
	* https://docs.spring.io/spring-vault/docs/2.3.1/reference/html/#vault.core.environment-vault-configuration</a>
	* @param authPropertiesFilename The filename of a properties file containing Spring Vault authentication
	* properties
	* @return
	*/
	public HashiCorpVaultPropertiesBuilder setAuthPropertiesFilename(String authPropertiesFilename) {
	this.authPropertiesFilename = authPropertiesFilename;
	return this;
	}

	/**
	* Sets an optional comma-separated list of enabled TLS cipher suites.
	* @param enabledTlsCipherSuites Enabled TLS cipher suites (only these will be enabled)
	* @return
	*/
	public HashiCorpVaultPropertiesBuilder setEnabledTlsCipherSuites(String enabledTlsCipherSuites) {
	this.enabledTlsCipherSuites = enabledTlsCipherSuites;
	return this;
	}

	/**
	* Sets an optional comma-separated list of enabled TLS protocols.
	* @param enabledTlsProtocols Enabled TLS protocols (only these will be enabled)
	* @return
	*/
	public HashiCorpVaultPropertiesBuilder setEnabledTlsProtocols(String enabledTlsProtocols) {
	this.enabledTlsProtocols = enabledTlsProtocols;
	return this;
	}

	/**
	* Sets the connection timeout for the HTTP client, using the standard NiFi duration format (e.g., 5 secs)
	* @param connectionTimeout Connection timeout (default is 5 secs)
	* @return
	*/
	public HashiCorpVaultPropertiesBuilder setConnectionTimeout(String connectionTimeout) {
	this.connectionTimeout = connectionTimeout;
	return this;
	}

	/**
	* Sets the read timeout for the HTTP client, using the standard NiFi duration format (e.g., 15 secs).
	* @param readTimeout Read timeout (default is 15 secs)
	* @return
	*/
	public HashiCorpVaultPropertiesBuilder setReadTimeout(String readTimeout) {
	this.readTimeout = readTimeout;
	return this;
	}

	/**
	* Build the VaultProperties.
	* @return
	*/
	public HashiCorpVaultProperties build() {
	return new HashiCorpVaultProperties(uri, keyStore, keyStoreType, keyStorePassword, trustStore, trustStoreType,
	trustStorePassword, authPropertiesFilename, enabledTlsCipherSuites, enabledTlsProtocols, connectionTimeout, readTimeout);
	}
	}
	}