[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16313671#comment-16313671 ]
ASF GitHub Bot commented on NIFI-4708: -------------------------------------- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159953548 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy --- @@ -0,0 +1,143 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +/** + * A special DecryptMode that can run using NiFiRegistry CLI Options + */ +class NiFiRegistryDecryptMode extends DecryptMode { + + private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryDecryptMode.class) + + CliBuilder cli + + NiFiRegistryDecryptMode() { + cli = NiFiRegistryMode.cliBuilder() + } + + @Override + void run(String[] args) { + logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") + try { + + def options = cli.parse(args) + + if (!options || options.h) { + EncryptConfigMain.printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) + } + + EncryptConfigLogger.configureLogger(options.v) + + DecryptConfiguration config = new DecryptConfiguration() + + /* Invalid fields when used with --decrypt: */ + def invalidDecryptOptions = ["i", "a"] + def presentInvalidOptions = Arrays.stream(options.getInner().getOptions()).findAll { + invalidDecryptOptions.contains(it.getOpt()) + } + if (presentInvalidOptions.size() > 0) { + throw new RuntimeException("Invalid options: ${EncryptConfigMain.DECRYPT_OPT} cannot be used with [${presentInvalidOptions.join(", ")}]. It should only be used with [-r].") + } + + /* Required fields when using --decrypt */ + // registryPropertiesFile (-r) + if (!options.r) { + throw new RuntimeException("Invalid options: Input nifiRegistryProperties (-r) is required when using --decrypt") + } + config.inputFilePath = options.r + config.fileType = FileType.properties // disables auto-detection, which is still experimental + + // one of [--oldPassword, --oldKey] or [-p, -k, -b <file] --- End diff -- Typo in comment -- `[-p, -k, -b <file>]`. > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > ------------------------------------------------------------------------ > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement > Reporter: Kevin Doran > Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)