Skip to content

Commit

Permalink
RANGER-5045: checkstyle compliance updates - plugin-nifi module (#467)
Browse files Browse the repository at this point in the history
  • Loading branch information
@kumaab
kumaab authored Dec 19, 2024
1 parent 7645b97 commit 15cc59f
Show file tree
Hide file tree
Showing 8 changed files with 94 additions and 123 deletions.
2 changes: 2 additions & 0 deletions plugin-nifi/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@
<name>NiFi Security Plugin</name>
<description>NiFi Security Plugin</description>
<properties>
<checkstyle.failOnViolation>true</checkstyle.failOnViolation>
<checkstyle.skip>false</checkstyle.skip>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencies>
Expand Down
19 changes: 7 additions & 12 deletions plugin-nifi/src/main/java/org/apache/ranger/services/nifi/RangerServiceNiFi.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,39 +24,35 @@
import org.apache.ranger.services.nifi.client.NiFiConnectionMgr;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.util.HashMap;
import java.util.List;

/**
* RangerService for Apache NiFi.
*/
public class RangerServiceNiFi extends RangerBaseService {

private static final Logger LOG = LoggerFactory.getLogger(RangerServiceNiFi.class);

@Override
public HashMap<String, Object> validateConfig() throws Exception {
HashMap<String, Object> ret = new HashMap<>();
String serviceName = getServiceName();
public HashMap<String, Object> validateConfig() {
HashMap<String, Object> ret = new HashMap<>();
String serviceName = getServiceName();

if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerServiceNiFi.validateConfig Service: (" + serviceName + " )");
}
LOG.debug("==> RangerServiceNiFi.validateConfig Service: ({})", serviceName);

if (configs != null) {
try {
ret = NiFiConnectionMgr.connectionTest(serviceName, configs);
} catch (Exception e) {
LOG.error("<== RangerServiceNiFi.validateConfig Error:", e);
LOG.error("<== RangerServiceNiFi.validateConfig Error: ", e);
throw e;
}
} else {
throw new IllegalStateException("No Configuration found");
}

if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerServiceNiFi.validateConfig Response : (" + ret + " )");
}
LOG.debug("<== RangerServiceNiFi.validateConfig Response : ({})", ret);

return ret;
}
Expand All @@ -66,5 +62,4 @@ public List<String> lookupResource(ResourceLookupContext context) throws Excepti
final NiFiClient client = NiFiConnectionMgr.getNiFiClient(serviceName, configs);
return client.getResources(context);
}

}
2 changes: 0 additions & 2 deletions plugin-nifi/src/main/java/org/apache/ranger/services/nifi/client/NiFiAuthType.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,6 @@
* Possible authentication types for NiFi.
*/
public enum NiFiAuthType {

NONE,
SSL

}
97 changes: 44 additions & 53 deletions plugin-nifi/src/main/java/org/apache/ranger/services/nifi/client/NiFiClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@
*/
package org.apache.ranger.services.nifi.client;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.WebResource;
Expand All @@ -28,8 +30,6 @@
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.plugin.client.BaseClient;
import org.apache.ranger.plugin.service.ResourceLookupContext;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

Expand All @@ -38,6 +38,7 @@
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.ws.rs.core.Response;

import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
Expand All @@ -50,64 +51,58 @@
* Client to communicate with NiFi and retrieve available resources.
*/
public class NiFiClient {

private static final Logger LOG = LoggerFactory.getLogger(NiFiClient.class);

static final String SUCCESS_MSG = "ConnectionTest Successful";
static final String FAILURE_MSG = "Unable to retrieve any resources using given parameters. ";

private final String url;
private final SSLContext sslContext;
private final String url;
private final SSLContext sslContext;
private final HostnameVerifier hostnameVerifier;
private final ObjectMapper mapper = new ObjectMapper();
private final ObjectMapper mapper = new ObjectMapper();

public NiFiClient(final String url, final SSLContext sslContext) {
this.url = url;
this.sslContext = sslContext;
this.url = url;
this.sslContext = sslContext;
this.hostnameVerifier = new NiFiHostnameVerifier();
}

public HashMap<String, Object> connectionTest() {
String errMsg = "";
boolean connectivityStatus;
String errMsg = "";
boolean connectivityStatus;
HashMap<String, Object> responseData = new HashMap<>();

try {
final WebResource resource = getWebResource();
final WebResource resource = getWebResource();
final ClientResponse response = getResponse(resource, "application/json");

if (LOG.isDebugEnabled()) {
LOG.debug("Got response from NiFi with status code " + response.getStatus());
}
LOG.debug("Got response from NiFi with status code {}", response.getStatus());

if (Response.Status.OK.getStatusCode() == response.getStatus()) {
connectivityStatus = true;
} else {
connectivityStatus = false;
errMsg = "Status Code = " + response.getStatus();
errMsg = "Status Code = " + response.getStatus();
}

} catch (Exception e) {
LOG.error("Connection to NiFi failed due to " + e.getMessage(), e);
LOG.error("Connection to NiFi failed due to {}", e.getMessage(), e);
connectivityStatus = false;
errMsg = e.getMessage();
errMsg = e.getMessage();
}

if (connectivityStatus) {
BaseClient.generateResponseDataMap(connectivityStatus, SUCCESS_MSG, SUCCESS_MSG, null, null, responseData);
BaseClient.generateResponseDataMap(true, SUCCESS_MSG, SUCCESS_MSG, null, null, responseData);
} else {
BaseClient.generateResponseDataMap(connectivityStatus, FAILURE_MSG, FAILURE_MSG + errMsg, null, null, responseData);
BaseClient.generateResponseDataMap(false, FAILURE_MSG, FAILURE_MSG + errMsg, null, null, responseData);
}

if (LOG.isDebugEnabled()) {
LOG.debug("Response Data - " + responseData);
}
LOG.debug("Response Data - {}", responseData);

return responseData;
}

public List<String> getResources(ResourceLookupContext context) throws Exception {
final WebResource resource = getWebResource();
final WebResource resource = getWebResource();
final ClientResponse response = getResponse(resource, "application/json");

if (Response.Status.OK.getStatusCode() != response.getStatus()) {
Expand All @@ -120,8 +115,8 @@ public List<String> getResources(ResourceLookupContext context) throws Exception
throw new Exception("Unable to retrieve resources from NiFi");
}

JsonNode resourcesNode = rootNode.findValue("resources");
List<String> identifiers = resourcesNode.findValuesAsText("identifier");
JsonNode resourcesNode = rootNode.findValue("resources");
List<String> identifiers = resourcesNode.findValuesAsText("identifier");

final String userInput = context.getUserInput();
if (StringUtils.isBlank(userInput)) {
Expand All @@ -139,6 +134,18 @@ public List<String> getResources(ResourceLookupContext context) throws Exception
}
}

public String getUrl() {
return url;
}

public SSLContext getSslContext() {
return sslContext;
}

public HostnameVerifier getHostnameVerifier() {
return hostnameVerifier;
}

protected WebResource getWebResource() {
final ClientConfig config = new DefaultClientConfig();
if (sslContext != null) {
Expand All @@ -154,37 +161,24 @@ protected ClientResponse getResponse(WebResource resource, String accept) {
return resource.accept(accept).get(ClientResponse.class);
}

public String getUrl() {
return url;
}

public SSLContext getSslContext() {
return sslContext;
}

public HostnameVerifier getHostnameVerifier() {
return hostnameVerifier;
}

/**
* Custom hostname verifier that checks subject alternative names against the hostname of the URI.
*/
private static class NiFiHostnameVerifier implements HostnameVerifier {

@Override
public boolean verify(final String hostname, final SSLSession ssls) {
try {
for (final Certificate peerCertificate : ssls.getPeerCertificates()) {
if (peerCertificate instanceof X509Certificate) {
final X509Certificate x509Cert = (X509Certificate) peerCertificate;
final List<String> subjectAltNames = getSubjectAlternativeNames(x509Cert);
final X509Certificate x509Cert = (X509Certificate) peerCertificate;
final List<String> subjectAltNames = getSubjectAlternativeNames(x509Cert);
if (subjectAltNames.contains(hostname.toLowerCase())) {
return true;
}
}
}
} catch (final SSLPeerUnverifiedException | CertificateParsingException ex) {
LOG.warn("Hostname Verification encountered exception verifying hostname due to: " + ex, ex);
LOG.warn("Hostname Verification encountered exception verifying hostname due to: {}", ex, ex);
}

return false;
Expand All @@ -196,23 +190,20 @@ private List<String> getSubjectAlternativeNames(final X509Certificate certificat
return new ArrayList<>();
}

final List<String> result = new ArrayList<>();
for (final List<?> generalName : altNames) {
final List<String> result = new ArrayList<>();
for (final List<?> generalName : altNames) {
/**
* generalName has the name type as the first element a String or byte array for the second element. We return any general names that are String types.
*
* We don't inspect the numeric name type because some certificates incorrectly put IPs and DNS names under the wrong name types.
*/
if (generalName.size() > 1) {
final Object value = generalName.get(1);
if (value instanceof String) {
result.add(((String) value).toLowerCase());
}
}

if (generalName.size() > 1) {
final Object value = generalName.get(1);
if (value instanceof String) {
result.add(((String) value).toLowerCase());
}
}
}
return result;
}
}

}
18 changes: 8 additions & 10 deletions plugin-nifi/src/main/java/org/apache/ranger/services/nifi/client/NiFiConfigs.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,18 +22,16 @@
* Config property names from the NiFi service definition.
*/
public interface NiFiConfigs {
String NIFI_URL = "nifi.url";
String NIFI_AUTHENTICATION_TYPE = "nifi.authentication";

String NIFI_URL = "nifi.url";
String NIFI_AUTHENTICATION_TYPE = "nifi.authentication";
String NIFI_SSL_KEYSTORE = "nifi.ssl.keystore";
String NIFI_SSL_KEYSTORE_TYPE = "nifi.ssl.keystoreType";
String NIFI_SSL_KEYSTORE_PASSWORD = "nifi.ssl.keystorePassword";

String NIFI_SSL_KEYSTORE = "nifi.ssl.keystore";
String NIFI_SSL_KEYSTORE_TYPE = "nifi.ssl.keystoreType";
String NIFI_SSL_KEYSTORE_PASSWORD = "nifi.ssl.keystorePassword";

String NIFI_SSL_TRUSTSTORE = "nifi.ssl.truststore";
String NIFI_SSL_TRUSTSTORE_TYPE = "nifi.ssl.truststoreType";
String NIFI_SSL_TRUSTSTORE_PASSWORD = "nifi.ssl.truststorePassword";
String NIFI_SSL_TRUSTSTORE = "nifi.ssl.truststore";
String NIFI_SSL_TRUSTSTORE_TYPE = "nifi.ssl.truststoreType";
String NIFI_SSL_TRUSTSTORE_PASSWORD = "nifi.ssl.truststorePassword";

String NIFI_SSL_USER_DEFAULT_CONTEXT = "nifi.ssl.use.default.context";

}
Loading

0 comments on commit 15cc59f

Please sign in to comment.