[
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16313859#comment-16313859
]
ASF GitHub Bot commented on NIFI-4708:
--------------------------------------
Github user kevdoran commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2376#discussion_r159977391
--- Diff:
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/EncryptConfigMain.groovy
---
@@ -0,0 +1,145 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.commons.cli.Options
+import org.apache.nifi.properties.ConfigEncryptionTool
+import org.bouncycastle.jce.provider.BouncyCastleProvider
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+import java.security.Security
+
+class EncryptConfigMain {
+
+ private static final Logger logger =
LoggerFactory.getLogger(EncryptConfigMain.class)
+
+ static final int EXIT_STATUS_SUCCESS = 0
+ static final int EXIT_STATUS_FAILURE = -1
+ static final int EXIT_STATUS_OTHER = 1
+
+ static final String NIFI_REGISTRY_OPT = "nifiRegistry"
+ static final String NIFI_REGISTRY_FLAG =
"--${NIFI_REGISTRY_OPT}".toString()
+ static final String DECRYPT_OPT = "decrypt"
+ static final String DECRYPT_FLAG = "--${DECRYPT_OPT}".toString()
+
+ static final int HELP_FORMAT_WIDTH = 160
+
+ // Access should only be through static methods
+ private EncryptConfigMain() {
+ }
+
+ static printUsage(String message = "") {
+
+ if (message) {
+ System.out.println(message)
+ System.out.println()
+ }
+
+ String header = "\nThis tool enables easy encryption and
decryption of configuration files for NiFi and its sub-projects. " +
+ "Unprotected files can be input to this tool to be
protected by a key in a manner that is understood by NiFi. " +
+ "Protected files, along with a key, can be input to this
tool to be unprotected, for troubleshooting or automation purposes.\n\n"
+
+ def options = new Options()
+ options.addOption("h", "help", false, "Show usage information
(this message)")
+ options.addOption(null, NIFI_REGISTRY_OPT, false, "Specifies to
target NiFi Registry. When this flag is not included, NiFi is the target.")
+
+ HelpFormatter helpFormatter = new HelpFormatter()
+ helpFormatter.setWidth(160)
+ helpFormatter.setOptionComparator(null)
+
helpFormatter.printHelp("${EncryptConfigMain.class.getCanonicalName()} [-h]
[options]", header, options, "\n")
+ System.out.println()
+
+ helpFormatter.setSyntaxPrefix("") // disable "usage: " prefix for
the following outputs
+
+ Options nifiModeOptions = ConfigEncryptionTool.getCliOptions()
+ helpFormatter.printHelp(
+ "When targeting NiFi:",
+ nifiModeOptions,
+ false)
+ System.out.println()
+
+ Options nifiRegistryModeOptions = NiFiRegistryMode.getCliOptions()
+ nifiRegistryModeOptions.addOption(null, DECRYPT_OPT, false, "Can
be used with -r to decrypt a previously encrypted NiFi Registry Properties
file. Decrypted content is printed to STDOUT.")
+ helpFormatter.printHelp(
+ "When targeting NiFi Registry using the
${NIFI_REGISTRY_FLAG} flag:",
+ nifiRegistryModeOptions,
+ false)
+ System.out.println()
+
+// String footer = """
--- End diff --
- [ ] remove dead code in EMC
> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> ------------------------------------------------------------------------
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Kevin Doran
> Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g.,
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml).
> These files are very difficult to encrypt by hand, and is not recommended.
> Because NiFi Registry utilizes the same encryption algorithms supported by
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config
> properties is to extend the the encrypt-config tool in NiFi Toolkit to
> support NiFi Registry as well.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
