[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16317696#comment-16317696
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user asfgit closed the pull request at:

https://github.com/apache/nifi/pull/2389


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16317695#comment-16317695
 ] 

ASF subversion and git services commented on NIFI-4708:
---

Commit 182e2c6e94a4b1f225ff1902f048e9cb5c3c400c in nifi's branch 
refs/heads/master from [~kdoran]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=182e2c6 ]

NIFI-4708 This closes #2389. Fixes encrypt-config log4j configuration

Signed-off-by: joewitt 


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16317646#comment-16317646
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

GitHub user kevdoran opened a pull request:

https://github.com/apache/nifi/pull/2389

NIFI-4708 Fixes encrypt-config log4j configuration

Thank you for submitting a contribution to Apache NiFi.

In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:

### For all changes:
- [ ] Is there a JIRA ticket associated with this PR? Is it referenced 
 in the commit message?

- [ ] Does your PR title start with NIFI- where  is the JIRA number 
you are trying to resolve? Pay particular attention to the hyphen "-" character.

- [ ] Has your PR been rebased against the latest commit within the target 
branch (typically master)?

- [ ] Is your initial contribution a single, squashed commit?

### For code changes:
- [ ] Have you ensured that the full suite of tests is executed via mvn 
-Pcontrib-check clean install at the root nifi folder?
- [ ] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)? 
- [ ] If applicable, have you updated the LICENSE file, including the main 
LICENSE file under nifi-assembly?
- [ ] If applicable, have you updated the NOTICE file, including the main 
NOTICE file found under nifi-assembly?
- [ ] If adding new Properties, have you added .displayName in addition to 
.name (programmatic access) for each of the new properties?

### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in 
which it is rendered?

### Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/kevdoran/nifi NIFI-4708-fix-travis-build

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/nifi/pull/2389.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2389


commit 6105bc99e2af49e7193ce10a41096b57ab1d8c94
Author: Kevin Doran 
Date:   2018-01-09T03:28:08Z

NIFI-4708 Fixes encrypt-config log4j configuration




> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[Kevin Doran (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16317644#comment-16317644
 ] 

Kevin Doran commented on NIFI-4708:
---

[~joewitt] Yes, I agree the Travis-CI failures are related to these tests. I'll 
submit a patch momentarily that resolves this.

> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16317629#comment-16317629
 ] 

ASF subversion and git services commented on NIFI-4708:
---

Commit 08c391067980d745fb823cb7c5a1d02eb1423304 in nifi's branch 
refs/heads/master from [~bbende]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=08c3910 ]

NIFI-4708 This closes #2388. Correcting logic for determining decryption key in 
NiFiRegistryMode.groovy

Signed-off-by: joewitt 


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16317630#comment-16317630
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user asfgit closed the pull request at:

https://github.com/apache/nifi/pull/2388


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[Joseph Witt (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16317588#comment-16317588
 ] 

Joseph Witt commented on NIFI-4708:
---

rgr that -will review 

> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16317586#comment-16317586
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

GitHub user bbende opened a pull request:

https://github.com/apache/nifi/pull/2388

NIFI-4708 Correcting logic for determining decryption key in NiFiRegi…

…stryMode.groovy

Thank you for submitting a contribution to Apache NiFi.

In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:

### For all changes:
- [ ] Is there a JIRA ticket associated with this PR? Is it referenced 
 in the commit message?

- [ ] Does your PR title start with NIFI- where  is the JIRA number 
you are trying to resolve? Pay particular attention to the hyphen "-" character.

- [ ] Has your PR been rebased against the latest commit within the target 
branch (typically master)?

- [ ] Is your initial contribution a single, squashed commit?

### For code changes:
- [ ] Have you ensured that the full suite of tests is executed via mvn 
-Pcontrib-check clean install at the root nifi folder?
- [ ] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)? 
- [ ] If applicable, have you updated the LICENSE file, including the main 
LICENSE file under nifi-assembly?
- [ ] If applicable, have you updated the NOTICE file, including the main 
NOTICE file found under nifi-assembly?
- [ ] If adding new Properties, have you added .displayName in addition to 
.name (programmatic access) for each of the new properties?

### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in 
which it is rendered?

### Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/bbende/nifi NIFI-4708

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/nifi/pull/2388.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2388


commit e558027c5d7cc9be806d987381ff96c2d3c6ce5b
Author: Bryan Bende 
Date:   2018-01-09T02:44:04Z

NIFI-4708 Correcting logic for determining decryption key in 
NiFiRegistryMode.groovy




> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF subversion and git services (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16316822#comment-16316822
 ] 

ASF subversion and git services commented on NIFI-4708:
---

Commit a8817e023805499491f9fc62495208d198de84f0 in nifi's branch 
refs/heads/master from [~kdoran]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=a8817e0 ]

NIFI-4708 Add Registry support to encrypt-config.
Adds support for NiFI Registry config files to the encrypt-config tool
in NiFi Toolkit.
Also adds decryption capability to encrypt-config tool.

This closes #2376.

Signed-off-by: Andy LoPresto 


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16316823#comment-16316823
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user asfgit closed the pull request at:

https://github.com/apache/nifi/pull/2376


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16316797#comment-16316797
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on the issue:

https://github.com/apache/nifi/pull/2376
  
Ran `contrib-check` and all tests pass. 

Ran a few scenarios using the tool. Everything looks good. The only slight 
issue was when I intentionally ran with the wrong arguments and it looks like 
the error message contains the whole option object and stacktrace in addition 
to the flag, but it's clear enough for a user to understand the issue. 

```

hw12203:...assembly/target/nifi-toolkit-1.5.0-SNAPSHOT-bin/nifi-toolkit-1.5.0-SNAPSHOT
 (pr2376) alopresto
 271505s @ 11:01:23 $ ./bin/encrypt-config.sh --nifiRegistry -b 
/Users/alopresto/Workspace/registry/nifi-registry-assembly/target/nifi-registry-0.0.1-SNAPSHOT-bin/nifi-registry-0.0.1-SNAPSHOT/conf/bootstrap.conf
 -r 
/Users/alopresto/Workspace/registry/nifi-registry-assembly/target/nifi-registry-0.0.1-SNAPSHOT-bin/nifi-registry-0.0.1-SNAPSHOT/conf/nifi-registry.properties
 -R 
/Users/alopresto/Workspace/registry/nifi-registry-assembly/target/nifi-registry-0.0.1-SNAPSHOT-bin/nifi-registry-0.0.1-SNAPSHOT/conf/nifi-registry-encrypted.properties
 -v --decrypt
2018-01-08 11:01:40 DEBUG EncryptConfigLogger: Verbose mode is enabled 
(goes to stderr by default).
2018-01-08 11:01:40 ERROR NiFiRegistryDecryptMode: Encountered an error: 
Invalid options: --decrypt cannot be used with [[ option: R 
outputNifiRegistryProperties  [ARG] :: The destination nifi-registry.properties 
file containing protected config values. :: class java.lang.String ]]. It 
should only be used with -r and one of [-p, -k, -b].
java.lang.RuntimeException: Invalid options: --decrypt cannot be used with 
[[ option: R outputNifiRegistryProperties  [ARG] :: The destination 
nifi-registry.properties file containing protected config values. :: class 
java.lang.String ]]. It should only be used with -r and one of [-p, -k, -b].
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at 
org.codehaus.groovy.reflection.CachedConstructor.invoke(CachedConstructor.java:80)
at 
org.codehaus.groovy.reflection.CachedConstructor.doConstructorInvoke(CachedConstructor.java:74)
at 
org.codehaus.groovy.runtime.callsite.ConstructorSite$ConstructorSiteNoUnwrap.callConstructor(ConstructorSite.java:84)
at 
org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallConstructor(CallSiteArray.java:60)
at 
org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:235)
at 
org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:247)
at 
org.apache.nifi.toolkit.encryptconfig.NiFiRegistryDecryptMode.run(NiFiRegistryDecryptMode.groovy:63)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at 
org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSite.invoke(PogoMetaMethodSite.java:169)
at 
org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.call(PogoMetaMethodSite.java:71)
at 
org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at 
org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at 
org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
at 
org.apache.nifi.toolkit.encryptconfig.EncryptConfigMain.main(EncryptConfigMain.groovy:109)
Invalid options: --decrypt cannot be used with [[ option: R 
outputNifiRegistryProperties  [ARG] :: The destination nifi-registry.properties 
file containing protected config values. :: class java.lang.String ]]. It 
should only be used with -r and one of [-p, -k, -b].
```
 
+1, merging. 


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports 

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16316116#comment-16316116
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on the issue:

https://github.com/apache/nifi/pull/2376
  
@alopresto thanks for the thorough review! I've pushed an update that 
addresses your comments. It also adds a lot of test cases (see 
NiFiRegistryModeSpec and NiFiRegistryDecryptModeSpec), which cover all the 
functionality that I intend to expose in this version (ie, [--nifiRegistry 
[--decrypt] [options]]. Given that I had time to do more testing, I also 
removed the "experimental" warning output when the new modes are run. Let me 
know what you think and if you see anything else to improve in this PR.


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313918#comment-16313918
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159983212
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/util/NiFiRegistryIdentityProvidersXmlEncryptor.groovy
 ---
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig.util
+
+import groovy.xml.XmlUtil
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+import org.xml.sax.SAXException
+
+class NiFiRegistryIdentityProvidersXmlEncryptor extends XmlEncryptor {
+
+private static final Logger logger = 
LoggerFactory.getLogger(NiFiRegistryIdentityProvidersXmlEncryptor.class)
+
+private static final String LDAP_PROVIDER_CLASS = 
"org.apache.nifi.registry.security.ldap.LdapIdentityProvider"
+private static final String LDAP_PROVIDER_REGEX = 
/(?s)(?:(?!).)*?\s*org\.apache\.nifi\.registry\.security\.ldap\.LdapIdentityProvider.*?<\/provider>/
+/* Explanation of LDAP_PROVIDER_REGEX:
+ *   (?s) -> single-line mode (i.e., `.` 
in regex matches newlines)
+ *  -> find occurrence of 
`` literally (case-sensitive)
+ *   (?: ... )-> group but do not capture 
submatch
+ *   (?! ... )-> negative lookahead
+ *   (?:(?!).)*?-> find everything until a new 
`` starts. This is for not selecting multiple providers in one match
+ * -> find occurrence of `` 
literally (case-sensitive)
+ *   \s*  -> find any whitespace
+ *   org\.apache\.nifi\.registry\.security\.ldap\.LdapIdentityProvider
+ *-> find occurrence of 
`org.apache.nifi.registry.security.ldap.LdapIdentityProvider` literally 
(case-sensitive)
+ *   .*?   -> find everything as needed up 
until and including occurrence of ``
+ */
+
+NiFiRegistryIdentityProvidersXmlEncryptor(SensitivePropertyProvider 
encryptionProvider, SensitivePropertyProvider decryptionProvider) {
+super(encryptionProvider, decryptionProvider)
+}
+
+@Override
+String encrypt(String plainXmlContent) {
--- End diff --

- [ ] Add Javadoc to sub-classes of XMLEncryptor 


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313914#comment-16313914
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159982870
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/util/NiFiRegistryIdentityProvidersXmlEncryptor.groovy
 ---
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig.util
+
+import groovy.xml.XmlUtil
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+import org.xml.sax.SAXException
+
+class NiFiRegistryIdentityProvidersXmlEncryptor extends XmlEncryptor {
+
+private static final Logger logger = 
LoggerFactory.getLogger(NiFiRegistryIdentityProvidersXmlEncryptor.class)
+
+private static final String LDAP_PROVIDER_CLASS = 
"org.apache.nifi.registry.security.ldap.LdapIdentityProvider"
+private static final String LDAP_PROVIDER_REGEX = 
/(?s)(?:(?!).)*?\s*org\.apache\.nifi\.registry\.security\.ldap\.LdapIdentityProvider.*?<\/provider>/
+/* Explanation of LDAP_PROVIDER_REGEX:
+ *   (?s) -> single-line mode (i.e., `.` 
in regex matches newlines)
+ *  -> find occurrence of 
`` literally (case-sensitive)
+ *   (?: ... )-> group but do not capture 
submatch
+ *   (?! ... )-> negative lookahead
+ *   (?:(?!).)*?-> find everything until a new 
`` starts. This is for not selecting multiple providers in one match
+ * -> find occurrence of `` 
literally (case-sensitive)
+ *   \s*  -> find any whitespace
+ *   org\.apache\.nifi\.registry\.security\.ldap\.LdapIdentityProvider
+ *-> find occurrence of 
`org.apache.nifi.registry.security.ldap.LdapIdentityProvider` literally 
(case-sensitive)
+ *   .*?   -> find everything as needed up 
until and including occurrence of ``
+ */
+
+NiFiRegistryIdentityProvidersXmlEncryptor(SensitivePropertyProvider 
encryptionProvider, SensitivePropertyProvider decryptionProvider) {
+super(encryptionProvider, decryptionProvider)
+}
+
+@Override
+String encrypt(String plainXmlContent) {
--- End diff --

Add Javadoc explaining operation of overriding method and why custom 
implementation is necessary. 


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313911#comment-16313911
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159982754
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/util/NiFiRegistryAuthorizersXmlEncryptor.groovy
 ---
@@ -0,0 +1,106 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig.util
+
+import groovy.xml.XmlUtil
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+import org.xml.sax.SAXException
+
+class NiFiRegistryAuthorizersXmlEncryptor extends XmlEncryptor {
+
+private static final Logger logger = 
LoggerFactory.getLogger(NiFiRegistryAuthorizersXmlEncryptor.class)
+
+private static final String LDAP_USER_GROUP_PROVIDER_CLASS = 
"org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider"
+private static final String LDAP_USER_GROUP_PROVIDER_REGEX =
+
/(?s)(?:(?!).)*?\s*org\.apache\.nifi\.registry\.security\.ldap\.tenants\.LdapUserGroupProvider.*?<\/userGroupProvider>/
+/* Explanation of LDAP_USER_GROUP_PROVIDER_REGEX:
+ *   (?s) -> single-line mode (i.e., `.` 
in regex matches newlines)
+ * -> find occurrence of 
`` literally (case-sensitive)
+ *   (?: ... )-> group but do not capture 
submatch
+ *   (?! ... )-> negative lookahead
+ *   (?:(?!).)*?   -> find everything until a new 
`` starts. This is for not selecting multiple 
userGroupProviders in one match
+ * -> find occurrence of `` 
literally (case-sensitive)
+ *   \s*  -> find any whitespace
+ *   
org\.apache\.nifi\.registry\.security\.ldap\.tenants\.LdapUserGroupProvider
+ *-> find occurrence of 
`org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider` 
literally (case-sensitive)
+ *   .*?  -> find everything as needed up 
until and including occurrence of ''
+ */
+
+NiFiRegistryAuthorizersXmlEncryptor(SensitivePropertyProvider 
encryptionProvider, SensitivePropertyProvider decryptionProvider) {
+super(encryptionProvider, decryptionProvider)
+}
+
+@Override
--- End diff --

Add Javadoc explaining operation of overriding method and why custom 
implementation is necessary. 


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313910#comment-16313910
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159982745
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryMode.groovy
 ---
@@ -0,0 +1,383 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.commons.cli.Options
+import org.apache.http.annotation.Experimental
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import 
org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryAuthorizersXmlEncryptor
+import 
org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryIdentityProvidersXmlEncryptor
+import 
org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryPropertiesEncryptor
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.apache.nifi.util.console.TextDevices
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+@Experimental
+class NiFiRegistryMode implements ToolMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(NiFiRegistryMode.class)
+
+CliBuilder cli
+
+NiFiRegistryMode() {
+cli = cliBuilder()
+}
+
+//private void printUsage(String message = "") {
+//if (message) {
+//System.out.println(message)
+//System.out.println()
+//}
+//cli.usage()
+//}
+
+@Override
+void run(String[] args) {
+logger.warn("The NiFi Registry capabilities of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+EncryptConfigMain.printUsageAndExit("", 
EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+Configuration config = new Configuration(options)
+run(config)
+
+} catch (Exception e) {
+logger.error("Encountered an error: ${e.getMessage()}")
+logger.debug("", e) // stack trace only when verbose enabled
+EncryptConfigMain.printUsageAndExit(e.getMessage(), 
EncryptConfigMain.EXIT_STATUS_FAILURE)
+}
+}
+
+void run(Configuration config) throws Exception {
+
+if (config.usingPassword) {
+logger.info("Using encryption key derived from password.")
+} else if (config.usingRawKeyHex) {
+logger.info("Using encryption key provided.")
+} else if (config.usingBootstrapKey) {
+logger.info("Using encryption key from input bootstrap.conf.")
+}
+
+logger.debug("(src)  bootstrap.conf: 
${config.inputBootstrapPath}")
+logger.debug("(dest) bootstrap.conf: 
${config.outputBootstrapPath}")
+logger.debug("(src)  nifi.properties:
${config.inputNiFiRegistryPropertiesPath}")
--- End diff --

- [ ] fix file label


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now 

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313908#comment-16313908
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159982577
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryMode.groovy
 ---
@@ -0,0 +1,383 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.commons.cli.Options
+import org.apache.http.annotation.Experimental
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import 
org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryAuthorizersXmlEncryptor
+import 
org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryIdentityProvidersXmlEncryptor
+import 
org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryPropertiesEncryptor
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.apache.nifi.util.console.TextDevices
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+@Experimental
+class NiFiRegistryMode implements ToolMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(NiFiRegistryMode.class)
+
+CliBuilder cli
+
+NiFiRegistryMode() {
+cli = cliBuilder()
+}
+
+//private void printUsage(String message = "") {
+//if (message) {
+//System.out.println(message)
+//System.out.println()
+//}
+//cli.usage()
+//}
+
+@Override
+void run(String[] args) {
+logger.warn("The NiFi Registry capabilities of this tool is still 
considered experimental. The results should be manually verified.")
--- End diff --

- [ ] fix typo


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313907#comment-16313907
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159982520
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy
 ---
@@ -0,0 +1,143 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+/**
+ * A special DecryptMode that can run using NiFiRegistry CLI Options
+ */
+class NiFiRegistryDecryptMode extends DecryptMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(NiFiRegistryDecryptMode.class)
+
+CliBuilder cli
+
+NiFiRegistryDecryptMode() {
+cli = NiFiRegistryMode.cliBuilder()
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+EncryptConfigMain.printUsageAndExit("", 
EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration()
+
+/* Invalid fields when used with --decrypt: */
+def invalidDecryptOptions = ["i", "a"]
+def presentInvalidOptions = 
Arrays.stream(options.getInner().getOptions()).findAll {
+invalidDecryptOptions.contains(it.getOpt())
+}
+if (presentInvalidOptions.size() > 0) {
+throw new RuntimeException("Invalid options: 
${EncryptConfigMain.DECRYPT_OPT} cannot be used with 
[${presentInvalidOptions.join(", ")}]. It should only be used with [-r].")
+}
+
+/* Required fields when using --decrypt */
+// registryPropertiesFile (-r)
+if (!options.r) {
+throw new RuntimeException("Invalid options: Input 
nifiRegistryProperties (-r) is required when using --decrypt")
+}
+config.inputFilePath = options.r
+config.fileType = FileType.properties  // disables 
auto-detection, which is still experimental
+
+// one of [--oldPassword, --oldKey] or [-p, -k, -b  Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313893#comment-16313893
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159981266
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy
 ---
@@ -0,0 +1,143 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+/**
+ * A special DecryptMode that can run using NiFiRegistry CLI Options
+ */
+class NiFiRegistryDecryptMode extends DecryptMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(NiFiRegistryDecryptMode.class)
+
+CliBuilder cli
+
+NiFiRegistryDecryptMode() {
+cli = NiFiRegistryMode.cliBuilder()
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+EncryptConfigMain.printUsageAndExit("", 
EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration()
+
+/* Invalid fields when used with --decrypt: */
+def invalidDecryptOptions = ["i", "a"]
+def presentInvalidOptions = 
Arrays.stream(options.getInner().getOptions()).findAll {
+invalidDecryptOptions.contains(it.getOpt())
+}
+if (presentInvalidOptions.size() > 0) {
+throw new RuntimeException("Invalid options: 
${EncryptConfigMain.DECRYPT_OPT} cannot be used with 
[${presentInvalidOptions.join(", ")}]. It should only be used with [-r].")
+}
+
+/* Required fields when using --decrypt */
+// registryPropertiesFile (-r)
+if (!options.r) {
+throw new RuntimeException("Invalid options: Input 
nifiRegistryProperties (-r) is required when using --decrypt")
+}
+config.inputFilePath = options.r
+config.fileType = FileType.properties  // disables 
auto-detection, which is still experimental
+
+// one of [--oldPassword, --oldKey] or [-p, -k, -b 

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313892#comment-16313892
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159980870
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy
 ---
@@ -0,0 +1,143 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+/**
+ * A special DecryptMode that can run using NiFiRegistry CLI Options
+ */
+class NiFiRegistryDecryptMode extends DecryptMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(NiFiRegistryDecryptMode.class)
+
+CliBuilder cli
+
+NiFiRegistryDecryptMode() {
+cli = NiFiRegistryMode.cliBuilder()
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+EncryptConfigMain.printUsageAndExit("", 
EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration()
+
+/* Invalid fields when used with --decrypt: */
+def invalidDecryptOptions = ["i", "a"]
+def presentInvalidOptions = 
Arrays.stream(options.getInner().getOptions()).findAll {
+invalidDecryptOptions.contains(it.getOpt())
+}
+if (presentInvalidOptions.size() > 0) {
+throw new RuntimeException("Invalid options: 
${EncryptConfigMain.DECRYPT_OPT} cannot be used with 
[${presentInvalidOptions.join(", ")}]. It should only be used with [-r].")
+}
+
+/* Required fields when using --decrypt */
+// registryPropertiesFile (-r)
+if (!options.r) {
+throw new RuntimeException("Invalid options: Input 
nifiRegistryProperties (-r) is required when using --decrypt")
+}
+config.inputFilePath = options.r
+config.fileType = FileType.properties  // disables 
auto-detection, which is still experimental
+
+// one of [--oldPassword, --oldKey] or [-p, -k, -b 

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313868#comment-16313868
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159978704
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy
 ---
@@ -0,0 +1,143 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+/**
+ * A special DecryptMode that can run using NiFiRegistry CLI Options
+ */
+class NiFiRegistryDecryptMode extends DecryptMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(NiFiRegistryDecryptMode.class)
+
+CliBuilder cli
+
+NiFiRegistryDecryptMode() {
+cli = NiFiRegistryMode.cliBuilder()
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+EncryptConfigMain.printUsageAndExit("", 
EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration()
+
+/* Invalid fields when used with --decrypt: */
+def invalidDecryptOptions = ["i", "a"]
+def presentInvalidOptions = 
Arrays.stream(options.getInner().getOptions()).findAll {
+invalidDecryptOptions.contains(it.getOpt())
+}
+if (presentInvalidOptions.size() > 0) {
+throw new RuntimeException("Invalid options: 
${EncryptConfigMain.DECRYPT_OPT} cannot be used with 
[${presentInvalidOptions.join(", ")}]. It should only be used with [-r].")
+}
+
+/* Required fields when using --decrypt */
+// registryPropertiesFile (-r)
+if (!options.r) {
+throw new RuntimeException("Invalid options: Input 
nifiRegistryProperties (-r) is required when using --decrypt")
+}
+config.inputFilePath = options.r
+config.fileType = FileType.properties  // disables 
auto-detection, which is still experimental
+
+// one of [--oldPassword, --oldKey] or [-p, -k, -b  Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313867#comment-16313867
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159978565
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/EncryptConfigMain.groovy
 ---
@@ -0,0 +1,145 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.commons.cli.Options
+import org.apache.nifi.properties.ConfigEncryptionTool
+import org.bouncycastle.jce.provider.BouncyCastleProvider
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+import java.security.Security
+
+class EncryptConfigMain {
+
+private static final Logger logger = 
LoggerFactory.getLogger(EncryptConfigMain.class)
+
+static final int EXIT_STATUS_SUCCESS = 0
+static final int EXIT_STATUS_FAILURE = -1
+static final int EXIT_STATUS_OTHER = 1
+
+static final String NIFI_REGISTRY_OPT = "nifiRegistry"
+static final String NIFI_REGISTRY_FLAG = 
"--${NIFI_REGISTRY_OPT}".toString()
+static final String DECRYPT_OPT = "decrypt"
+static final String DECRYPT_FLAG = "--${DECRYPT_OPT}".toString()
+
+static final int HELP_FORMAT_WIDTH = 160
+
+// Access should only be through static methods
+private EncryptConfigMain() {
+}
+
+static printUsage(String message = "") {
+
+if (message) {
+System.out.println(message)
+System.out.println()
+}
+
+String header = "\nThis tool enables easy encryption and 
decryption of configuration files for NiFi and its sub-projects. " +
+"Unprotected files can be input to this tool to be 
protected by a key in a manner that is understood by NiFi. " +
+"Protected files, along with a key, can be input to this 
tool to be unprotected, for troubleshooting or automation purposes.\n\n"
+
+def options = new Options()
+options.addOption("h", "help", false, "Show usage information 
(this message)")
+options.addOption(null, NIFI_REGISTRY_OPT, false, "Specifies to 
target NiFi Registry. When this flag is not included, NiFi is the target.")
+
+HelpFormatter helpFormatter = new HelpFormatter()
+helpFormatter.setWidth(160)
+helpFormatter.setOptionComparator(null)
+
helpFormatter.printHelp("${EncryptConfigMain.class.getCanonicalName()} [-h] 
[options]", header, options, "\n")
+System.out.println()
+
+helpFormatter.setSyntaxPrefix("") // disable "usage: " prefix for 
the following outputs
+
+Options nifiModeOptions = ConfigEncryptionTool.getCliOptions()
+helpFormatter.printHelp(
+"When targeting NiFi:",
+nifiModeOptions,
+false)
+System.out.println()
+
+Options nifiRegistryModeOptions = NiFiRegistryMode.getCliOptions()
+nifiRegistryModeOptions.addOption(null, DECRYPT_OPT, false, "Can 
be used with -r to decrypt a previously encrypted NiFi Registry Properties 
file. Decrypted content is printed to STDOUT.")
+helpFormatter.printHelp(
+"When targeting NiFi Registry using the 
${NIFI_REGISTRY_FLAG} flag:",
+nifiRegistryModeOptions,
+false)
+System.out.println()
+
+//String footer = """
+//|
+//|Encrypt a NiFi Registry properties using a password:
+//|encrypt-config -p  -b 
/path/to/nifi/conf/bootstrap.conf -r /path/to/nifi/conf/nifi.properties
+//|
+//|""".stripMargin()
+

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313859#comment-16313859
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159977391
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/EncryptConfigMain.groovy
 ---
@@ -0,0 +1,145 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.commons.cli.Options
+import org.apache.nifi.properties.ConfigEncryptionTool
+import org.bouncycastle.jce.provider.BouncyCastleProvider
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+import java.security.Security
+
+class EncryptConfigMain {
+
+private static final Logger logger = 
LoggerFactory.getLogger(EncryptConfigMain.class)
+
+static final int EXIT_STATUS_SUCCESS = 0
+static final int EXIT_STATUS_FAILURE = -1
+static final int EXIT_STATUS_OTHER = 1
+
+static final String NIFI_REGISTRY_OPT = "nifiRegistry"
+static final String NIFI_REGISTRY_FLAG = 
"--${NIFI_REGISTRY_OPT}".toString()
+static final String DECRYPT_OPT = "decrypt"
+static final String DECRYPT_FLAG = "--${DECRYPT_OPT}".toString()
+
+static final int HELP_FORMAT_WIDTH = 160
+
+// Access should only be through static methods
+private EncryptConfigMain() {
+}
+
+static printUsage(String message = "") {
+
+if (message) {
+System.out.println(message)
+System.out.println()
+}
+
+String header = "\nThis tool enables easy encryption and 
decryption of configuration files for NiFi and its sub-projects. " +
+"Unprotected files can be input to this tool to be 
protected by a key in a manner that is understood by NiFi. " +
+"Protected files, along with a key, can be input to this 
tool to be unprotected, for troubleshooting or automation purposes.\n\n"
+
+def options = new Options()
+options.addOption("h", "help", false, "Show usage information 
(this message)")
+options.addOption(null, NIFI_REGISTRY_OPT, false, "Specifies to 
target NiFi Registry. When this flag is not included, NiFi is the target.")
+
+HelpFormatter helpFormatter = new HelpFormatter()
+helpFormatter.setWidth(160)
+helpFormatter.setOptionComparator(null)
+
helpFormatter.printHelp("${EncryptConfigMain.class.getCanonicalName()} [-h] 
[options]", header, options, "\n")
+System.out.println()
+
+helpFormatter.setSyntaxPrefix("") // disable "usage: " prefix for 
the following outputs
+
+Options nifiModeOptions = ConfigEncryptionTool.getCliOptions()
+helpFormatter.printHelp(
+"When targeting NiFi:",
+nifiModeOptions,
+false)
+System.out.println()
+
+Options nifiRegistryModeOptions = NiFiRegistryMode.getCliOptions()
+nifiRegistryModeOptions.addOption(null, DECRYPT_OPT, false, "Can 
be used with -r to decrypt a previously encrypted NiFi Registry Properties 
file. Decrypted content is printed to STDOUT.")
+helpFormatter.printHelp(
+"When targeting NiFi Registry using the 
${NIFI_REGISTRY_FLAG} flag:",
+nifiRegistryModeOptions,
+false)
+System.out.println()
+
+//String footer = """
--- End diff --

- [ ] remove dead code in EMC


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: 

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313856#comment-16313856
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159977131
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/EncryptConfigLogger.groovy
 ---
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.log4j.LogManager
+import org.apache.log4j.PropertyConfigurator
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class EncryptConfigLogger {
+
+private static final Logger logger = 
LoggerFactory.getLogger(EncryptConfigLogger.class)
+
+/**
+ * Configures the logger.
+ *
+ * The nifi-toolkit module uses log4j, which will be configured to 
append all
+ * log output to the system STDERR. The log level can be specified 
using the verboseEnabled
+ * argument. A value of true will set the log level to 
DEBUG, a value of
+ * false will set the log level to INFO.
+ *
+ * @param verboseEnabled flag to indicate if verbose mode is enabled, 
which sets the log level to DEBUG
+ */
+static configureLogger(boolean verboseEnabled) {
+
+Properties log4jProps = null
+URL log4jPropsPath = 
this.getClass().getResource("log4j.properties")
+if (log4jPropsPath) {
+try {
+log4jPropsPath.withReader { reader ->
+log4jProps = new Properties()
+log4jProps.load(reader)
+}
+} catch (IOException e) {
+// do nothing, we will fallback to hardcoded defaults below
+}
+}
+
+if (!log4jProps) {
+log4jProps = defaultProperties()
+}
+
+if (verboseEnabled) {
+// Override the log level for this package. For this to work 
as intended, this class must belong
+// to the same package (or a parent package) of all the 
encrypt-config classes
+log4jProps.put("log4j.logger." + 
EncryptConfigLogger.class.package.name, "DEBUG")
+}
+
+LogManager.resetConfiguration()
+PropertyConfigurator.configure(log4jProps)
+
+if (verboseEnabled) {
+logger.debug("Verbose mode is enabled (goes to stderr by 
default).")
+}
+}
+
+/**
+ * A copy of the settings in /src/main/resources/log4j.properties, in 
case that is not on the classpath at runtime
+ * @return Properties containing the default properties for Log4j
+ */
+static Properties defaultProperties() {
+Properties defaultProperties = new Properties()
+
+defaultProperties.setProperty("log4j.rootLogger", "INFO,console")
+
+defaultProperties.setProperty("log4j.appender.console", 
"org.apache.log4j.ConsoleAppender")
+defaultProperties.setProperty("log4j.appender.console.Target", 
"System.err")
+defaultProperties.setProperty("log4j.appender.console.layout", 
"org.apache.log4j.PatternLayout")
+
defaultProperties.setProperty("log4j.appender.console.layout.ConversionPattern",
 "%d{-mm-dd HH:mm:ss} %p %c{1}: %m%n")
+
+return defaultProperties
+}
+
--- End diff --

- [ ] Format code


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin 

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313855#comment-16313855
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159977055
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy
 ---
@@ -0,0 +1,322 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor
+import org.apache.nifi.util.console.TextDevices
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class DecryptMode implements ToolMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(DecryptMode.class)
+
+enum FileType {
+properties,
+xml
+}
+
+CliBuilder cli
+
+DecryptMode() {
+cli = cliBuilder()
+}
+
+void printUsage(String message = "") {
+if (message) {
+System.out.println(message)
+System.out.println()
+}
+cli.usage()
+}
+
+void printUsageAndExit(String message = "", int exitStatusCode) {
+printUsage(message)
+System.exit(exitStatusCode)
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration(options)
+
+run(config)
+
+} catch (Exception e) {
+logger.error("Encountered an error: ${e.getMessage()}")
+logger.debug("", e) // stack trace only when verbose enabled
+printUsageAndExit(e.getMessage(), 
EncryptConfigMain.EXIT_STATUS_FAILURE)
+}
+}
+
+void run(DecryptConfiguration config) throws Exception {
+
+if (!config.fileType) {
+
+// Try to load the input file to auto-detect the file type
+boolean isPropertiesFile = 
PropertiesEncryptor.supportsFile(config.inputFilePath)
+
+boolean isXmlFile = 
XmlEncryptor.supportsFile(config.inputFilePath)
+
+if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, 
isXmlFile)) {
+if (isPropertiesFile) {
+config.fileType = FileType.properties
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.properties}")
+}
+if (isXmlFile) {
+config.fileType = FileType.xml
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.xml}")
+}
+}
+
+// Could we successfully auto-detect?
+if (!config.fileType) {
+throw new RuntimeException("Auto-detection of input file 
type failed. Please re-run the tool specifying the file type with the 
-t/--fileType flag.")
+}
+}
+
  

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313847#comment-16313847
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159976358
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy
 ---
@@ -0,0 +1,322 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor
+import org.apache.nifi.util.console.TextDevices
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class DecryptMode implements ToolMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(DecryptMode.class)
+
+enum FileType {
+properties,
+xml
+}
+
+CliBuilder cli
+
+DecryptMode() {
+cli = cliBuilder()
+}
+
+void printUsage(String message = "") {
+if (message) {
+System.out.println(message)
+System.out.println()
+}
+cli.usage()
+}
+
+void printUsageAndExit(String message = "", int exitStatusCode) {
+printUsage(message)
+System.exit(exitStatusCode)
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration(options)
+
+run(config)
+
+} catch (Exception e) {
+logger.error("Encountered an error: ${e.getMessage()}")
+logger.debug("", e) // stack trace only when verbose enabled
+printUsageAndExit(e.getMessage(), 
EncryptConfigMain.EXIT_STATUS_FAILURE)
+}
+}
+
+void run(DecryptConfiguration config) throws Exception {
+
+if (!config.fileType) {
+
+// Try to load the input file to auto-detect the file type
+boolean isPropertiesFile = 
PropertiesEncryptor.supportsFile(config.inputFilePath)
+
+boolean isXmlFile = 
XmlEncryptor.supportsFile(config.inputFilePath)
+
+if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, 
isXmlFile)) {
+if (isPropertiesFile) {
+config.fileType = FileType.properties
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.properties}")
+}
+if (isXmlFile) {
+config.fileType = FileType.xml
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.xml}")
+}
+}
+
+// Could we successfully auto-detect?
+if (!config.fileType) {
+throw new RuntimeException("Auto-detection of input file 
type failed. Please re-run the tool specifying the file type with the 
-t/--fileType flag.")
+}
+}
+
  

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313846#comment-16313846
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159976301
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy
 ---
@@ -0,0 +1,322 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor
+import org.apache.nifi.util.console.TextDevices
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class DecryptMode implements ToolMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(DecryptMode.class)
+
+enum FileType {
+properties,
+xml
+}
+
+CliBuilder cli
+
+DecryptMode() {
+cli = cliBuilder()
+}
+
+void printUsage(String message = "") {
+if (message) {
+System.out.println(message)
+System.out.println()
+}
+cli.usage()
+}
+
+void printUsageAndExit(String message = "", int exitStatusCode) {
+printUsage(message)
+System.exit(exitStatusCode)
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration(options)
+
+run(config)
+
+} catch (Exception e) {
+logger.error("Encountered an error: ${e.getMessage()}")
+logger.debug("", e) // stack trace only when verbose enabled
+printUsageAndExit(e.getMessage(), 
EncryptConfigMain.EXIT_STATUS_FAILURE)
+}
+}
+
+void run(DecryptConfiguration config) throws Exception {
+
+if (!config.fileType) {
+
+// Try to load the input file to auto-detect the file type
+boolean isPropertiesFile = 
PropertiesEncryptor.supportsFile(config.inputFilePath)
+
+boolean isXmlFile = 
XmlEncryptor.supportsFile(config.inputFilePath)
+
+if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, 
isXmlFile)) {
+if (isPropertiesFile) {
+config.fileType = FileType.properties
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.properties}")
+}
+if (isXmlFile) {
+config.fileType = FileType.xml
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.xml}")
+}
+}
+
+// Could we successfully auto-detect?
+if (!config.fileType) {
+throw new RuntimeException("Auto-detection of input file 
type failed. Please re-run the tool specifying the file type with the 
-t/--fileType flag.")
+}
+}
+
  

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313844#comment-16313844
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159976150
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy
 ---
@@ -0,0 +1,322 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor
+import org.apache.nifi.util.console.TextDevices
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class DecryptMode implements ToolMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(DecryptMode.class)
+
+enum FileType {
+properties,
+xml
+}
+
+CliBuilder cli
+
+DecryptMode() {
+cli = cliBuilder()
+}
+
+void printUsage(String message = "") {
+if (message) {
+System.out.println(message)
+System.out.println()
+}
+cli.usage()
+}
+
+void printUsageAndExit(String message = "", int exitStatusCode) {
+printUsage(message)
+System.exit(exitStatusCode)
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration(options)
+
+run(config)
+
+} catch (Exception e) {
+logger.error("Encountered an error: ${e.getMessage()}")
+logger.debug("", e) // stack trace only when verbose enabled
+printUsageAndExit(e.getMessage(), 
EncryptConfigMain.EXIT_STATUS_FAILURE)
+}
+}
+
+void run(DecryptConfiguration config) throws Exception {
+
+if (!config.fileType) {
+
+// Try to load the input file to auto-detect the file type
+boolean isPropertiesFile = 
PropertiesEncryptor.supportsFile(config.inputFilePath)
+
+boolean isXmlFile = 
XmlEncryptor.supportsFile(config.inputFilePath)
+
+if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, 
isXmlFile)) {
+if (isPropertiesFile) {
+config.fileType = FileType.properties
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.properties}")
+}
+if (isXmlFile) {
+config.fileType = FileType.xml
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.xml}")
+}
+}
+
+// Could we successfully auto-detect?
+if (!config.fileType) {
+throw new RuntimeException("Auto-detection of input file 
type failed. Please re-run the tool specifying the file type with the 
-t/--fileType flag.")
+}
+}
+
  

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313839#comment-16313839
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159975116
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy
 ---
@@ -0,0 +1,322 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor
+import org.apache.nifi.util.console.TextDevices
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class DecryptMode implements ToolMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(DecryptMode.class)
+
+enum FileType {
+properties,
+xml
+}
+
+CliBuilder cli
+
+DecryptMode() {
+cli = cliBuilder()
+}
+
+void printUsage(String message = "") {
+if (message) {
+System.out.println(message)
+System.out.println()
+}
+cli.usage()
+}
+
+void printUsageAndExit(String message = "", int exitStatusCode) {
+printUsage(message)
+System.exit(exitStatusCode)
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration(options)
+
+run(config)
+
+} catch (Exception e) {
+logger.error("Encountered an error: ${e.getMessage()}")
+logger.debug("", e) // stack trace only when verbose enabled
--- End diff --

Good call.
- [ ] Change error logging to got to error, wrap in conditional if it 
depends on verbose


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313835#comment-16313835
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159974781
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryMode.groovy
 ---
@@ -0,0 +1,383 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.commons.cli.Options
+import org.apache.http.annotation.Experimental
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import 
org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryAuthorizersXmlEncryptor
+import 
org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryIdentityProvidersXmlEncryptor
+import 
org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryPropertiesEncryptor
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.apache.nifi.util.console.TextDevices
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+@Experimental
+class NiFiRegistryMode implements ToolMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(NiFiRegistryMode.class)
+
+CliBuilder cli
+
+NiFiRegistryMode() {
+cli = cliBuilder()
+}
+
+//private void printUsage(String message = "") {
+//if (message) {
+//System.out.println(message)
+//System.out.println()
+//}
+//cli.usage()
+//}
+
+@Override
+void run(String[] args) {
+logger.warn("The NiFi Registry capabilities of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+EncryptConfigMain.printUsageAndExit("", 
EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+Configuration config = new Configuration(options)
+run(config)
+
+} catch (Exception e) {
+logger.error("Encountered an error: ${e.getMessage()}")
+logger.debug("", e) // stack trace only when verbose enabled
+EncryptConfigMain.printUsageAndExit(e.getMessage(), 
EncryptConfigMain.EXIT_STATUS_FAILURE)
+}
+}
+
+void run(Configuration config) throws Exception {
+
+if (config.usingPassword) {
+logger.info("Using encryption key derived from password.")
+} else if (config.usingRawKeyHex) {
+logger.info("Using encryption key provided.")
+} else if (config.usingBootstrapKey) {
+logger.info("Using encryption key from input bootstrap.conf.")
+}
+
+logger.debug("(src)  bootstrap.conf: 
${config.inputBootstrapPath}")
+logger.debug("(dest) bootstrap.conf: 
${config.outputBootstrapPath}")
+logger.debug("(src)  nifi.properties:
${config.inputNiFiRegistryPropertiesPath}")
+logger.debug("(dest) nifi.properties:
${config.outputNiFiRegistryPropertiesPath}")
+logger.debug("(src)  identity-providers.xml: 
${config.inputIdentityProvidersPath}")
+logger.debug("(dest) identity-providers.xml: 
${config.outputIdentityProvidersPath}")
+logger.debug("(src)  authorizers.xml:
${config.inputAuthorizersPath}")
+logger.debug("(dest) authorizers.xml:
${config.outputAuthorizersPath}")
+
+

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313828#comment-16313828
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159973528
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/util/BootstrapUtil.groovy
 ---
@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig.util
+
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class BootstrapUtil {
+
+static final String NIFI_BOOTSTRAP_KEY_PROPERTY = 
"nifi.bootstrap.sensitive.key";
+static final String REGISTRY_BOOTSTRAP_KEY_PROPERTY = 
"nifi.registry.bootstrap.sensitive.key";
+
+private static final Logger logger = 
LoggerFactory.getLogger(BootstrapUtil.class)
+
+private static final String BOOTSTRAP_KEY_COMMENT = "# Master key in 
hexadecimal format for encrypted sensitive configuration values"
+
+/**
+ * Tries to load keyHex from input bootstrap.conf
+ *
+ * @return keyHex, if present in input bootstrap file; otherwise, null
+ */
+static String extractKeyFromBootstrapFile(String inputBootstrapPath, 
String bootstrapKeyPropertyName) throws IOException {
+
+File inputBootstrapConfFile
+if (!(inputBootstrapPath && (inputBootstrapConfFile = new 
File(inputBootstrapPath)).exists() && inputBootstrapConfFile.canRead())) {
--- End diff --

Good catch, will change this to use the utility method 
`ToolUtilities.canRead(File)` method used elsewhere


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313825#comment-16313825
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159972582
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/util/BootstrapUtil.groovy
 ---
@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig.util
+
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class BootstrapUtil {
+
+static final String NIFI_BOOTSTRAP_KEY_PROPERTY = 
"nifi.bootstrap.sensitive.key";
+static final String REGISTRY_BOOTSTRAP_KEY_PROPERTY = 
"nifi.registry.bootstrap.sensitive.key";
+
+private static final Logger logger = 
LoggerFactory.getLogger(BootstrapUtil.class)
+
+private static final String BOOTSTRAP_KEY_COMMENT = "# Master key in 
hexadecimal format for encrypted sensitive configuration values"
+
+/**
+ * Tries to load keyHex from input bootstrap.conf
+ *
+ * @return keyHex, if present in input bootstrap file; otherwise, null
+ */
+static String extractKeyFromBootstrapFile(String inputBootstrapPath, 
String bootstrapKeyPropertyName) throws IOException {
+
+File inputBootstrapConfFile
+if (!(inputBootstrapPath && (inputBootstrapConfFile = new 
File(inputBootstrapPath)).exists() && inputBootstrapConfFile.canRead())) {
--- End diff --

Not required for this PR, but in the future this is a good anti-pattern for 
extracting the control logic to a boolean checker method like 
`isInputBootstrapConfValid()`.  


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313728#comment-16313728
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159961459
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryMode.groovy
 ---
@@ -0,0 +1,383 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.commons.cli.Options
+import org.apache.http.annotation.Experimental
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import 
org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryAuthorizersXmlEncryptor
+import 
org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryIdentityProvidersXmlEncryptor
+import 
org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryPropertiesEncryptor
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.apache.nifi.util.console.TextDevices
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+@Experimental
+class NiFiRegistryMode implements ToolMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(NiFiRegistryMode.class)
+
+CliBuilder cli
+
+NiFiRegistryMode() {
+cli = cliBuilder()
+}
+
+//private void printUsage(String message = "") {
+//if (message) {
+//System.out.println(message)
+//System.out.println()
+//}
+//cli.usage()
+//}
+
+@Override
+void run(String[] args) {
+logger.warn("The NiFi Registry capabilities of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+EncryptConfigMain.printUsageAndExit("", 
EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+Configuration config = new Configuration(options)
+run(config)
+
+} catch (Exception e) {
+logger.error("Encountered an error: ${e.getMessage()}")
+logger.debug("", e) // stack trace only when verbose enabled
+EncryptConfigMain.printUsageAndExit(e.getMessage(), 
EncryptConfigMain.EXIT_STATUS_FAILURE)
+}
+}
+
+void run(Configuration config) throws Exception {
+
+if (config.usingPassword) {
+logger.info("Using encryption key derived from password.")
+} else if (config.usingRawKeyHex) {
+logger.info("Using encryption key provided.")
+} else if (config.usingBootstrapKey) {
+logger.info("Using encryption key from input bootstrap.conf.")
+}
+
+logger.debug("(src)  bootstrap.conf: 
${config.inputBootstrapPath}")
+logger.debug("(dest) bootstrap.conf: 
${config.outputBootstrapPath}")
+logger.debug("(src)  nifi.properties:
${config.inputNiFiRegistryPropertiesPath}")
--- End diff --

This line and the next should print `nifi-registry.properties`. 


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> 

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313727#comment-16313727
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159961206
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryMode.groovy
 ---
@@ -0,0 +1,383 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.commons.cli.Options
+import org.apache.http.annotation.Experimental
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import 
org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryAuthorizersXmlEncryptor
+import 
org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryIdentityProvidersXmlEncryptor
+import 
org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryPropertiesEncryptor
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.apache.nifi.util.console.TextDevices
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+@Experimental
+class NiFiRegistryMode implements ToolMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(NiFiRegistryMode.class)
+
+CliBuilder cli
+
+NiFiRegistryMode() {
+cli = cliBuilder()
+}
+
+//private void printUsage(String message = "") {
+//if (message) {
+//System.out.println(message)
+//System.out.println()
+//}
+//cli.usage()
+//}
+
+@Override
+void run(String[] args) {
+logger.warn("The NiFi Registry capabilities of this tool is still 
considered experimental. The results should be manually verified.")
--- End diff --

...capabilities of this tool *are* still considered experimental. 


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313716#comment-16313716
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159959534
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy
 ---
@@ -0,0 +1,143 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+/**
+ * A special DecryptMode that can run using NiFiRegistry CLI Options
+ */
+class NiFiRegistryDecryptMode extends DecryptMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(NiFiRegistryDecryptMode.class)
+
+CliBuilder cli
+
+NiFiRegistryDecryptMode() {
+cli = NiFiRegistryMode.cliBuilder()
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+EncryptConfigMain.printUsageAndExit("", 
EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration()
+
+/* Invalid fields when used with --decrypt: */
+def invalidDecryptOptions = ["i", "a"]
+def presentInvalidOptions = 
Arrays.stream(options.getInner().getOptions()).findAll {
+invalidDecryptOptions.contains(it.getOpt())
+}
+if (presentInvalidOptions.size() > 0) {
+throw new RuntimeException("Invalid options: 
${EncryptConfigMain.DECRYPT_OPT} cannot be used with 
[${presentInvalidOptions.join(", ")}]. It should only be used with [-r].")
+}
+
+/* Required fields when using --decrypt */
+// registryPropertiesFile (-r)
+if (!options.r) {
+throw new RuntimeException("Invalid options: Input 
nifiRegistryProperties (-r) is required when using --decrypt")
+}
+config.inputFilePath = options.r
+config.fileType = FileType.properties  // disables 
auto-detection, which is still experimental
+
+// one of [--oldPassword, --oldKey] or [-p, -k, -b 

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313715#comment-16313715
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159959488
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy
 ---
@@ -0,0 +1,143 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+/**
+ * A special DecryptMode that can run using NiFiRegistry CLI Options
+ */
+class NiFiRegistryDecryptMode extends DecryptMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(NiFiRegistryDecryptMode.class)
+
+CliBuilder cli
+
+NiFiRegistryDecryptMode() {
+cli = NiFiRegistryMode.cliBuilder()
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+EncryptConfigMain.printUsageAndExit("", 
EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration()
+
+/* Invalid fields when used with --decrypt: */
+def invalidDecryptOptions = ["i", "a"]
+def presentInvalidOptions = 
Arrays.stream(options.getInner().getOptions()).findAll {
+invalidDecryptOptions.contains(it.getOpt())
+}
+if (presentInvalidOptions.size() > 0) {
+throw new RuntimeException("Invalid options: 
${EncryptConfigMain.DECRYPT_OPT} cannot be used with 
[${presentInvalidOptions.join(", ")}]. It should only be used with [-r].")
+}
+
+/* Required fields when using --decrypt */
+// registryPropertiesFile (-r)
+if (!options.r) {
+throw new RuntimeException("Invalid options: Input 
nifiRegistryProperties (-r) is required when using --decrypt")
+}
+config.inputFilePath = options.r
+config.fileType = FileType.properties  // disables 
auto-detection, which is still experimental
+
+// one of [--oldPassword, --oldKey] or [-p, -k, -b 

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313695#comment-16313695
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159957605
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy
 ---
@@ -0,0 +1,143 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+/**
+ * A special DecryptMode that can run using NiFiRegistry CLI Options
+ */
+class NiFiRegistryDecryptMode extends DecryptMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(NiFiRegistryDecryptMode.class)
+
+CliBuilder cli
+
+NiFiRegistryDecryptMode() {
+cli = NiFiRegistryMode.cliBuilder()
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+EncryptConfigMain.printUsageAndExit("", 
EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration()
+
+/* Invalid fields when used with --decrypt: */
+def invalidDecryptOptions = ["i", "a"]
+def presentInvalidOptions = 
Arrays.stream(options.getInner().getOptions()).findAll {
+invalidDecryptOptions.contains(it.getOpt())
+}
+if (presentInvalidOptions.size() > 0) {
+throw new RuntimeException("Invalid options: 
${EncryptConfigMain.DECRYPT_OPT} cannot be used with 
[${presentInvalidOptions.join(", ")}]. It should only be used with [-r].")
+}
+
+/* Required fields when using --decrypt */
+// registryPropertiesFile (-r)
+if (!options.r) {
+throw new RuntimeException("Invalid options: Input 
nifiRegistryProperties (-r) is required when using --decrypt")
+}
+config.inputFilePath = options.r
+config.fileType = FileType.properties  // disables 
auto-detection, which is still experimental
+
+// one of [--oldPassword, --oldKey] or [-p, -k, -b UTF-8
===
--- 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy
   (date 1515148235000)
+++ 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy
   (revision )
@@ -67,77 +67,112 @@
 config.inputFilePath = options.r
 config.fileType = FileType.properties  // disables 
auto-detection, which is still experimental
 
-// one of [--oldPassword, --oldKey] or [-p, -k, -b 

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313671#comment-16313671
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159953548
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy
 ---
@@ -0,0 +1,143 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+/**
+ * A special DecryptMode that can run using NiFiRegistry CLI Options
+ */
+class NiFiRegistryDecryptMode extends DecryptMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(NiFiRegistryDecryptMode.class)
+
+CliBuilder cli
+
+NiFiRegistryDecryptMode() {
+cli = NiFiRegistryMode.cliBuilder()
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+EncryptConfigMain.printUsageAndExit("", 
EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration()
+
+/* Invalid fields when used with --decrypt: */
+def invalidDecryptOptions = ["i", "a"]
+def presentInvalidOptions = 
Arrays.stream(options.getInner().getOptions()).findAll {
+invalidDecryptOptions.contains(it.getOpt())
+}
+if (presentInvalidOptions.size() > 0) {
+throw new RuntimeException("Invalid options: 
${EncryptConfigMain.DECRYPT_OPT} cannot be used with 
[${presentInvalidOptions.join(", ")}]. It should only be used with [-r].")
+}
+
+/* Required fields when using --decrypt */
+// registryPropertiesFile (-r)
+if (!options.r) {
+throw new RuntimeException("Invalid options: Input 
nifiRegistryProperties (-r) is required when using --decrypt")
+}
+config.inputFilePath = options.r
+config.fileType = FileType.properties  // disables 
auto-detection, which is still experimental
+
+// one of [--oldPassword, --oldKey] or [-p, -k, -b  Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313475#comment-16313475
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159932352
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/EncryptConfigMain.groovy
 ---
@@ -0,0 +1,145 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.commons.cli.Options
+import org.apache.nifi.properties.ConfigEncryptionTool
+import org.bouncycastle.jce.provider.BouncyCastleProvider
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+import java.security.Security
+
+class EncryptConfigMain {
+
+private static final Logger logger = 
LoggerFactory.getLogger(EncryptConfigMain.class)
+
+static final int EXIT_STATUS_SUCCESS = 0
+static final int EXIT_STATUS_FAILURE = -1
+static final int EXIT_STATUS_OTHER = 1
+
+static final String NIFI_REGISTRY_OPT = "nifiRegistry"
+static final String NIFI_REGISTRY_FLAG = 
"--${NIFI_REGISTRY_OPT}".toString()
+static final String DECRYPT_OPT = "decrypt"
+static final String DECRYPT_FLAG = "--${DECRYPT_OPT}".toString()
+
+static final int HELP_FORMAT_WIDTH = 160
+
+// Access should only be through static methods
+private EncryptConfigMain() {
+}
+
+static printUsage(String message = "") {
+
+if (message) {
+System.out.println(message)
+System.out.println()
+}
+
+String header = "\nThis tool enables easy encryption and 
decryption of configuration files for NiFi and its sub-projects. " +
+"Unprotected files can be input to this tool to be 
protected by a key in a manner that is understood by NiFi. " +
+"Protected files, along with a key, can be input to this 
tool to be unprotected, for troubleshooting or automation purposes.\n\n"
+
+def options = new Options()
+options.addOption("h", "help", false, "Show usage information 
(this message)")
+options.addOption(null, NIFI_REGISTRY_OPT, false, "Specifies to 
target NiFi Registry. When this flag is not included, NiFi is the target.")
+
+HelpFormatter helpFormatter = new HelpFormatter()
+helpFormatter.setWidth(160)
+helpFormatter.setOptionComparator(null)
+
helpFormatter.printHelp("${EncryptConfigMain.class.getCanonicalName()} [-h] 
[options]", header, options, "\n")
+System.out.println()
+
+helpFormatter.setSyntaxPrefix("") // disable "usage: " prefix for 
the following outputs
+
+Options nifiModeOptions = ConfigEncryptionTool.getCliOptions()
+helpFormatter.printHelp(
+"When targeting NiFi:",
+nifiModeOptions,
+false)
+System.out.println()
+
+Options nifiRegistryModeOptions = NiFiRegistryMode.getCliOptions()
+nifiRegistryModeOptions.addOption(null, DECRYPT_OPT, false, "Can 
be used with -r to decrypt a previously encrypted NiFi Registry Properties 
file. Decrypted content is printed to STDOUT.")
+helpFormatter.printHelp(
+"When targeting NiFi Registry using the 
${NIFI_REGISTRY_FLAG} flag:",
+nifiRegistryModeOptions,
+false)
+System.out.println()
+
+//String footer = """
+//|
+//|Encrypt a NiFi Registry properties using a password:
+//|encrypt-config -p  -b 
/path/to/nifi/conf/bootstrap.conf -r /path/to/nifi/conf/nifi.properties
+//|
+//|""".stripMargin()
+   

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313474#comment-16313474
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159931910
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/EncryptConfigMain.groovy
 ---
@@ -0,0 +1,145 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.commons.cli.Options
+import org.apache.nifi.properties.ConfigEncryptionTool
+import org.bouncycastle.jce.provider.BouncyCastleProvider
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+import java.security.Security
+
+class EncryptConfigMain {
+
+private static final Logger logger = 
LoggerFactory.getLogger(EncryptConfigMain.class)
+
+static final int EXIT_STATUS_SUCCESS = 0
+static final int EXIT_STATUS_FAILURE = -1
+static final int EXIT_STATUS_OTHER = 1
+
+static final String NIFI_REGISTRY_OPT = "nifiRegistry"
+static final String NIFI_REGISTRY_FLAG = 
"--${NIFI_REGISTRY_OPT}".toString()
+static final String DECRYPT_OPT = "decrypt"
+static final String DECRYPT_FLAG = "--${DECRYPT_OPT}".toString()
+
+static final int HELP_FORMAT_WIDTH = 160
+
+// Access should only be through static methods
+private EncryptConfigMain() {
+}
+
+static printUsage(String message = "") {
+
+if (message) {
+System.out.println(message)
+System.out.println()
+}
+
+String header = "\nThis tool enables easy encryption and 
decryption of configuration files for NiFi and its sub-projects. " +
+"Unprotected files can be input to this tool to be 
protected by a key in a manner that is understood by NiFi. " +
+"Protected files, along with a key, can be input to this 
tool to be unprotected, for troubleshooting or automation purposes.\n\n"
+
+def options = new Options()
+options.addOption("h", "help", false, "Show usage information 
(this message)")
+options.addOption(null, NIFI_REGISTRY_OPT, false, "Specifies to 
target NiFi Registry. When this flag is not included, NiFi is the target.")
+
+HelpFormatter helpFormatter = new HelpFormatter()
+helpFormatter.setWidth(160)
+helpFormatter.setOptionComparator(null)
+
helpFormatter.printHelp("${EncryptConfigMain.class.getCanonicalName()} [-h] 
[options]", header, options, "\n")
+System.out.println()
+
+helpFormatter.setSyntaxPrefix("") // disable "usage: " prefix for 
the following outputs
+
+Options nifiModeOptions = ConfigEncryptionTool.getCliOptions()
+helpFormatter.printHelp(
+"When targeting NiFi:",
+nifiModeOptions,
+false)
+System.out.println()
+
+Options nifiRegistryModeOptions = NiFiRegistryMode.getCliOptions()
+nifiRegistryModeOptions.addOption(null, DECRYPT_OPT, false, "Can 
be used with -r to decrypt a previously encrypted NiFi Registry Properties 
file. Decrypted content is printed to STDOUT.")
+helpFormatter.printHelp(
+"When targeting NiFi Registry using the 
${NIFI_REGISTRY_FLAG} flag:",
+nifiRegistryModeOptions,
+false)
+System.out.println()
+
+//String footer = """
--- End diff --

Remove dead code. 


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: 

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313462#comment-16313462
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159930797
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/EncryptConfigLogger.groovy
 ---
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.log4j.LogManager
+import org.apache.log4j.PropertyConfigurator
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class EncryptConfigLogger {
+
+private static final Logger logger = 
LoggerFactory.getLogger(EncryptConfigLogger.class)
+
+/**
+ * Configures the logger.
+ *
+ * The nifi-toolkit module uses log4j, which will be configured to 
append all
+ * log output to the system STDERR. The log level can be specified 
using the verboseEnabled
+ * argument. A value of true will set the log level to 
DEBUG, a value of
+ * false will set the log level to INFO.
+ *
+ * @param verboseEnabled flag to indicate if verbose mode is enabled, 
which sets the log level to DEBUG
+ */
+static configureLogger(boolean verboseEnabled) {
+
+Properties log4jProps = null
+URL log4jPropsPath = 
this.getClass().getResource("log4j.properties")
+if (log4jPropsPath) {
+try {
+log4jPropsPath.withReader { reader ->
+log4jProps = new Properties()
+log4jProps.load(reader)
+}
+} catch (IOException e) {
+// do nothing, we will fallback to hardcoded defaults below
+}
+}
+
+if (!log4jProps) {
+log4jProps = defaultProperties()
+}
+
+if (verboseEnabled) {
+// Override the log level for this package. For this to work 
as intended, this class must belong
+// to the same package (or a parent package) of all the 
encrypt-config classes
+log4jProps.put("log4j.logger." + 
EncryptConfigLogger.class.package.name, "DEBUG")
+}
+
+LogManager.resetConfiguration()
+PropertyConfigurator.configure(log4jProps)
+
+if (verboseEnabled) {
+logger.debug("Verbose mode is enabled (goes to stderr by 
default).")
+}
+}
+
+/**
+ * A copy of the settings in /src/main/resources/log4j.properties, in 
case that is not on the classpath at runtime
+ * @return Properties containing the default properties for Log4j
+ */
+static Properties defaultProperties() {
+Properties defaultProperties = new Properties()
+
+defaultProperties.setProperty("log4j.rootLogger", "INFO,console")
+
+defaultProperties.setProperty("log4j.appender.console", 
"org.apache.log4j.ConsoleAppender")
+defaultProperties.setProperty("log4j.appender.console.Target", 
"System.err")
+defaultProperties.setProperty("log4j.appender.console.layout", 
"org.apache.log4j.PatternLayout")
+
defaultProperties.setProperty("log4j.appender.console.layout.ConversionPattern",
 "%d{-mm-dd HH:mm:ss} %p %c{1}: %m%n")
+
+return defaultProperties
+}
+
--- End diff --

Maybe just run a "Format Code" command on this one to remove extra 
whitespace. 


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313454#comment-16313454
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159927720
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy
 ---
@@ -0,0 +1,322 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor
+import org.apache.nifi.util.console.TextDevices
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class DecryptMode implements ToolMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(DecryptMode.class)
+
+enum FileType {
+properties,
+xml
+}
+
+CliBuilder cli
+
+DecryptMode() {
+cli = cliBuilder()
+}
+
+void printUsage(String message = "") {
+if (message) {
+System.out.println(message)
+System.out.println()
+}
+cli.usage()
+}
+
+void printUsageAndExit(String message = "", int exitStatusCode) {
+printUsage(message)
+System.exit(exitStatusCode)
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration(options)
+
+run(config)
+
+} catch (Exception e) {
+logger.error("Encountered an error: ${e.getMessage()}")
+logger.debug("", e) // stack trace only when verbose enabled
+printUsageAndExit(e.getMessage(), 
EncryptConfigMain.EXIT_STATUS_FAILURE)
+}
+}
+
+void run(DecryptConfiguration config) throws Exception {
+
+if (!config.fileType) {
+
+// Try to load the input file to auto-detect the file type
+boolean isPropertiesFile = 
PropertiesEncryptor.supportsFile(config.inputFilePath)
+
+boolean isXmlFile = 
XmlEncryptor.supportsFile(config.inputFilePath)
+
+if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, 
isXmlFile)) {
+if (isPropertiesFile) {
+config.fileType = FileType.properties
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.properties}")
+}
+if (isXmlFile) {
+config.fileType = FileType.xml
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.xml}")
+}
+}
+
+// Could we successfully auto-detect?
+if (!config.fileType) {
+throw new RuntimeException("Auto-detection of input file 
type failed. Please re-run the tool specifying the file type with the 
-t/--fileType flag.")
+}
+}
+
 

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313452#comment-16313452
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159927195
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy
 ---
@@ -0,0 +1,322 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor
+import org.apache.nifi.util.console.TextDevices
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class DecryptMode implements ToolMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(DecryptMode.class)
+
+enum FileType {
+properties,
+xml
+}
+
+CliBuilder cli
+
+DecryptMode() {
+cli = cliBuilder()
+}
+
+void printUsage(String message = "") {
+if (message) {
+System.out.println(message)
+System.out.println()
+}
+cli.usage()
+}
+
+void printUsageAndExit(String message = "", int exitStatusCode) {
+printUsage(message)
+System.exit(exitStatusCode)
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration(options)
+
+run(config)
+
+} catch (Exception e) {
+logger.error("Encountered an error: ${e.getMessage()}")
+logger.debug("", e) // stack trace only when verbose enabled
+printUsageAndExit(e.getMessage(), 
EncryptConfigMain.EXIT_STATUS_FAILURE)
+}
+}
+
+void run(DecryptConfiguration config) throws Exception {
+
+if (!config.fileType) {
+
+// Try to load the input file to auto-detect the file type
+boolean isPropertiesFile = 
PropertiesEncryptor.supportsFile(config.inputFilePath)
+
+boolean isXmlFile = 
XmlEncryptor.supportsFile(config.inputFilePath)
+
+if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, 
isXmlFile)) {
+if (isPropertiesFile) {
+config.fileType = FileType.properties
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.properties}")
+}
+if (isXmlFile) {
+config.fileType = FileType.xml
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.xml}")
+}
+}
+
+// Could we successfully auto-detect?
+if (!config.fileType) {
+throw new RuntimeException("Auto-detection of input file 
type failed. Please re-run the tool specifying the file type with the 
-t/--fileType flag.")
+}
+}
+
 

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313448#comment-16313448
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159926943
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy
 ---
@@ -0,0 +1,322 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor
+import org.apache.nifi.util.console.TextDevices
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class DecryptMode implements ToolMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(DecryptMode.class)
+
+enum FileType {
+properties,
+xml
+}
+
+CliBuilder cli
+
+DecryptMode() {
+cli = cliBuilder()
+}
+
+void printUsage(String message = "") {
+if (message) {
+System.out.println(message)
+System.out.println()
+}
+cli.usage()
+}
+
+void printUsageAndExit(String message = "", int exitStatusCode) {
+printUsage(message)
+System.exit(exitStatusCode)
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration(options)
+
+run(config)
+
+} catch (Exception e) {
+logger.error("Encountered an error: ${e.getMessage()}")
+logger.debug("", e) // stack trace only when verbose enabled
+printUsageAndExit(e.getMessage(), 
EncryptConfigMain.EXIT_STATUS_FAILURE)
+}
+}
+
+void run(DecryptConfiguration config) throws Exception {
+
+if (!config.fileType) {
+
+// Try to load the input file to auto-detect the file type
+boolean isPropertiesFile = 
PropertiesEncryptor.supportsFile(config.inputFilePath)
+
+boolean isXmlFile = 
XmlEncryptor.supportsFile(config.inputFilePath)
+
+if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, 
isXmlFile)) {
+if (isPropertiesFile) {
+config.fileType = FileType.properties
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.properties}")
+}
+if (isXmlFile) {
+config.fileType = FileType.xml
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.xml}")
+}
+}
+
+// Could we successfully auto-detect?
+if (!config.fileType) {
+throw new RuntimeException("Auto-detection of input file 
type failed. Please re-run the tool specifying the file type with the 
-t/--fileType flag.")
+}
+}
+
 

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313444#comment-16313444
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159926265
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy
 ---
@@ -0,0 +1,322 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor
+import org.apache.nifi.util.console.TextDevices
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class DecryptMode implements ToolMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(DecryptMode.class)
+
+enum FileType {
+properties,
+xml
+}
+
+CliBuilder cli
+
+DecryptMode() {
+cli = cliBuilder()
+}
+
+void printUsage(String message = "") {
+if (message) {
+System.out.println(message)
+System.out.println()
+}
+cli.usage()
+}
+
+void printUsageAndExit(String message = "", int exitStatusCode) {
+printUsage(message)
+System.exit(exitStatusCode)
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration(options)
+
+run(config)
+
+} catch (Exception e) {
+logger.error("Encountered an error: ${e.getMessage()}")
+logger.debug("", e) // stack trace only when verbose enabled
+printUsageAndExit(e.getMessage(), 
EncryptConfigMain.EXIT_STATUS_FAILURE)
+}
+}
+
+void run(DecryptConfiguration config) throws Exception {
+
+if (!config.fileType) {
+
+// Try to load the input file to auto-detect the file type
+boolean isPropertiesFile = 
PropertiesEncryptor.supportsFile(config.inputFilePath)
+
+boolean isXmlFile = 
XmlEncryptor.supportsFile(config.inputFilePath)
+
+if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, 
isXmlFile)) {
+if (isPropertiesFile) {
+config.fileType = FileType.properties
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.properties}")
+}
+if (isXmlFile) {
+config.fileType = FileType.xml
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.xml}")
+}
+}
+
+// Could we successfully auto-detect?
+if (!config.fileType) {
+throw new RuntimeException("Auto-detection of input file 
type failed. Please re-run the tool specifying the file type with the 
-t/--fileType flag.")
+}
+}
+
 

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313440#comment-16313440
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159925148
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy
 ---
@@ -0,0 +1,322 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor
+import org.apache.nifi.util.console.TextDevices
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class DecryptMode implements ToolMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(DecryptMode.class)
+
+enum FileType {
+properties,
+xml
+}
+
+CliBuilder cli
+
+DecryptMode() {
+cli = cliBuilder()
+}
+
+void printUsage(String message = "") {
+if (message) {
+System.out.println(message)
+System.out.println()
+}
+cli.usage()
+}
+
+void printUsageAndExit(String message = "", int exitStatusCode) {
+printUsage(message)
+System.exit(exitStatusCode)
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration(options)
+
+run(config)
+
+} catch (Exception e) {
+logger.error("Encountered an error: ${e.getMessage()}")
+logger.debug("", e) // stack trace only when verbose enabled
+printUsageAndExit(e.getMessage(), 
EncryptConfigMain.EXIT_STATUS_FAILURE)
+}
+}
+
+void run(DecryptConfiguration config) throws Exception {
+
+if (!config.fileType) {
+
+// Try to load the input file to auto-detect the file type
+boolean isPropertiesFile = 
PropertiesEncryptor.supportsFile(config.inputFilePath)
+
+boolean isXmlFile = 
XmlEncryptor.supportsFile(config.inputFilePath)
+
+if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, 
isXmlFile)) {
+if (isPropertiesFile) {
+config.fileType = FileType.properties
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.properties}")
+}
+if (isXmlFile) {
+config.fileType = FileType.xml
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.xml}")
+}
+}
+
+// Could we successfully auto-detect?
+if (!config.fileType) {
+throw new RuntimeException("Auto-detection of input file 
type failed. Please re-run the tool specifying the file type with the 
-t/--fileType flag.")
+}
+}
+
  

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313429#comment-16313429
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159924367
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy
 ---
@@ -0,0 +1,322 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor
+import org.apache.nifi.util.console.TextDevices
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class DecryptMode implements ToolMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(DecryptMode.class)
+
+enum FileType {
+properties,
+xml
+}
+
+CliBuilder cli
+
+DecryptMode() {
+cli = cliBuilder()
+}
+
+void printUsage(String message = "") {
+if (message) {
+System.out.println(message)
+System.out.println()
+}
+cli.usage()
+}
+
+void printUsageAndExit(String message = "", int exitStatusCode) {
+printUsage(message)
+System.exit(exitStatusCode)
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration(options)
+
+run(config)
+
+} catch (Exception e) {
+logger.error("Encountered an error: ${e.getMessage()}")
+logger.debug("", e) // stack trace only when verbose enabled
+printUsageAndExit(e.getMessage(), 
EncryptConfigMain.EXIT_STATUS_FAILURE)
+}
+}
+
+void run(DecryptConfiguration config) throws Exception {
+
+if (!config.fileType) {
+
+// Try to load the input file to auto-detect the file type
+boolean isPropertiesFile = 
PropertiesEncryptor.supportsFile(config.inputFilePath)
+
+boolean isXmlFile = 
XmlEncryptor.supportsFile(config.inputFilePath)
+
+if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, 
isXmlFile)) {
+if (isPropertiesFile) {
+config.fileType = FileType.properties
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.properties}")
+}
+if (isXmlFile) {
+config.fileType = FileType.xml
+logger.debug("Auto-detection of input file type 
determined the type to be: ${FileType.xml}")
+}
+}
+
+// Could we successfully auto-detect?
+if (!config.fileType) {
+throw new RuntimeException("Auto-detection of input file 
type failed. Please re-run the tool specifying the file type with the 
-t/--fileType flag.")
+}
+}
+
 

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313412#comment-16313412
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2376#discussion_r159920353
  
--- Diff: 
nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy
 ---
@@ -0,0 +1,322 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.toolkit.encryptconfig
+
+import org.apache.commons.cli.HelpFormatter
+import org.apache.nifi.properties.AESSensitivePropertyProvider
+import org.apache.nifi.properties.SensitivePropertyProvider
+import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil
+import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor
+import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities
+import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor
+import org.apache.nifi.util.console.TextDevices
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+class DecryptMode implements ToolMode {
+
+private static final Logger logger = 
LoggerFactory.getLogger(DecryptMode.class)
+
+enum FileType {
+properties,
+xml
+}
+
+CliBuilder cli
+
+DecryptMode() {
+cli = cliBuilder()
+}
+
+void printUsage(String message = "") {
+if (message) {
+System.out.println(message)
+System.out.println()
+}
+cli.usage()
+}
+
+void printUsageAndExit(String message = "", int exitStatusCode) {
+printUsage(message)
+System.exit(exitStatusCode)
+}
+
+@Override
+void run(String[] args) {
+logger.warn("The decryption capability of this tool is still 
considered experimental. The results should be manually verified.")
+try {
+
+def options = cli.parse(args)
+
+if (!options || options.h) {
+printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER)
+}
+
+EncryptConfigLogger.configureLogger(options.v)
+
+DecryptConfiguration config = new DecryptConfiguration(options)
+
+run(config)
+
+} catch (Exception e) {
+logger.error("Encountered an error: ${e.getMessage()}")
+logger.debug("", e) // stack trace only when verbose enabled
--- End diff --

I understand why this was done but I think the better logic is:

```
if (isVerboseEnabled()) {
logger.error("", e)
}
```
Some people/tools are set up to extract messages based on levels, and this 
is semantically an error. 


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16312873#comment-16312873
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

Github user kevdoran commented on the issue:

https://github.com/apache/nifi/pull/2376
  
FYI @alopresto and @bbende - This is ready to be reviewed for merge to 
master.

There are still a few test cases I would like to add, time permitting, for 
xml files, but that could be addressed in a follow up PR, along with additional 
refinement and a refactoring that @alopresto and I have discussed.


> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit

[ASF GitHub Bot (JIRA)]

[ 
https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16312870#comment-16312870
 ] 

ASF GitHub Bot commented on NIFI-4708:
--

GitHub user kevdoran opened a pull request:

https://github.com/apache/nifi/pull/2376

NIFI-4708 Add Registry support to encrypt-config

Adds support for NiFI Registry config files to the encrypt-config tool in 
NiFi Toolkit.

Also adds decryption capability to encrypt-config tool.


Thank you for submitting a contribution to Apache NiFi.

In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:

### For all changes:
- [ ] Is there a JIRA ticket associated with this PR? Is it referenced 
 in the commit message?

- [ ] Does your PR title start with NIFI- where  is the JIRA number 
you are trying to resolve? Pay particular attention to the hyphen "-" character.

- [ ] Has your PR been rebased against the latest commit within the target 
branch (typically master)?

- [ ] Is your initial contribution a single, squashed commit?

### For code changes:
- [ ] Have you ensured that the full suite of tests is executed via mvn 
-Pcontrib-check clean install at the root nifi folder?
- [ ] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)? 
- [ ] If applicable, have you updated the LICENSE file, including the main 
LICENSE file under nifi-assembly?
- [ ] If applicable, have you updated the NOTICE file, including the main 
NOTICE file found under nifi-assembly?
- [ ] If adding new Properties, have you added .displayName in addition to 
.name (programmatic access) for each of the new properties?

### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in 
which it is rendered?

### Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/kevdoran/nifi NIFI-4708

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/nifi/pull/2376.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2376


commit 7b46d1ad55eea4067e155f1ab819049949ad900b
Author: Kevin Doran 
Date:   2017-12-30T13:54:18Z

NIFI-4708 Add Registry support to encrypt-config

Adds support for NiFI Registry config files to the encrypt-config tool
in NiFi Toolkit.

Also adds decryption capability to encrypt-config tool.

commit 0bbd968d0a64a58e2e33b368ed97b499b3c5d754
Author: Andy LoPresto 
Date:   2018-01-03T23:34:38Z

NIFI-4708 [WIP] Added skeleton of new CLI parsing logic to remove "modes" 
(aka subcommands) and determine which mode logic to delegate to.

commit c75abdbc7af8ca449b6bd8a144fc52a1638f51e3
Author: Kevin Doran 
Date:   2018-01-04T23:23:53Z

NIFI-4708 Remaps updated CLI logic to impl

Remaps the updated CLI parsing logic (which removes modes/subcommands)
to the implementation, adding necessary bridging class for DecryptMode.

commit ab44bbd7f9495ae1923d608bb0dce3254ecba2fe
Author: Kevin Doran 
Date:   2018-01-05T05:11:18Z

NIFI-4708 Add test cases for encrypt-config




> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
> 
>
> Key: NIFI-4708
> URL: https://issues.apache.org/jira/browse/NIFI-4708
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 1.5.0
>
>
> NiFi Registry now supports loading encrypted config files (e.g., 
> nifi-registry.properties, authorizers.xml, login-identity-providers.xml). 
> These files are very difficult to encrypt by hand, and is not recommended. 
> Because NiFi Registry utilizes the same encryption algorithms supported by 
> NiFi, the easiest way to build a tool for encrypting NiFi Registry config 
> properties is to extend the the encrypt-config tool in NiFi Toolkit to 
> support NiFi Registry as well.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)