[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16317696#comment-16317696 ] ASF GitHub Bot commented on NIFI-4708: -- Github user asfgit closed the pull request at: https://github.com/apache/nifi/pull/2389 > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16317695#comment-16317695 ] ASF subversion and git services commented on NIFI-4708: --- Commit 182e2c6e94a4b1f225ff1902f048e9cb5c3c400c in nifi's branch refs/heads/master from [~kdoran] [ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=182e2c6 ] NIFI-4708 This closes #2389. Fixes encrypt-config log4j configuration Signed-off-by: joewitt> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16317646#comment-16317646 ] ASF GitHub Bot commented on NIFI-4708: -- GitHub user kevdoran opened a pull request: https://github.com/apache/nifi/pull/2389 NIFI-4708 Fixes encrypt-config log4j configuration Thank you for submitting a contribution to Apache NiFi. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [ ] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [ ] Does your PR title start with NIFI- where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [ ] Has your PR been rebased against the latest commit within the target branch (typically master)? - [ ] Is your initial contribution a single, squashed commit? ### For code changes: - [ ] Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder? - [ ] Have you written or updated unit tests to verify your changes? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly? - [ ] If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly? - [ ] If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties? ### For documentation related changes: - [ ] Have you ensured that format looks appropriate for the output in which it is rendered? ### Note: Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible. You can merge this pull request into a Git repository by running: $ git pull https://github.com/kevdoran/nifi NIFI-4708-fix-travis-build Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/2389.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #2389 commit 6105bc99e2af49e7193ce10a41096b57ab1d8c94 Author: Kevin DoranDate: 2018-01-09T03:28:08Z NIFI-4708 Fixes encrypt-config log4j configuration > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16317644#comment-16317644 ] Kevin Doran commented on NIFI-4708: --- [~joewitt] Yes, I agree the Travis-CI failures are related to these tests. I'll submit a patch momentarily that resolves this. > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16317629#comment-16317629 ] ASF subversion and git services commented on NIFI-4708: --- Commit 08c391067980d745fb823cb7c5a1d02eb1423304 in nifi's branch refs/heads/master from [~bbende] [ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=08c3910 ] NIFI-4708 This closes #2388. Correcting logic for determining decryption key in NiFiRegistryMode.groovy Signed-off-by: joewitt> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16317630#comment-16317630 ] ASF GitHub Bot commented on NIFI-4708: -- Github user asfgit closed the pull request at: https://github.com/apache/nifi/pull/2388 > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16317588#comment-16317588 ] Joseph Witt commented on NIFI-4708: --- rgr that -will review > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16317586#comment-16317586 ] ASF GitHub Bot commented on NIFI-4708: -- GitHub user bbende opened a pull request: https://github.com/apache/nifi/pull/2388 NIFI-4708 Correcting logic for determining decryption key in NiFiRegi… …stryMode.groovy Thank you for submitting a contribution to Apache NiFi. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [ ] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [ ] Does your PR title start with NIFI- where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [ ] Has your PR been rebased against the latest commit within the target branch (typically master)? - [ ] Is your initial contribution a single, squashed commit? ### For code changes: - [ ] Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder? - [ ] Have you written or updated unit tests to verify your changes? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly? - [ ] If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly? - [ ] If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties? ### For documentation related changes: - [ ] Have you ensured that format looks appropriate for the output in which it is rendered? ### Note: Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible. You can merge this pull request into a Git repository by running: $ git pull https://github.com/bbende/nifi NIFI-4708 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/2388.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #2388 commit e558027c5d7cc9be806d987381ff96c2d3c6ce5b Author: Bryan BendeDate: 2018-01-09T02:44:04Z NIFI-4708 Correcting logic for determining decryption key in NiFiRegistryMode.groovy > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16316822#comment-16316822 ] ASF subversion and git services commented on NIFI-4708: --- Commit a8817e023805499491f9fc62495208d198de84f0 in nifi's branch refs/heads/master from [~kdoran] [ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=a8817e0 ] NIFI-4708 Add Registry support to encrypt-config. Adds support for NiFI Registry config files to the encrypt-config tool in NiFi Toolkit. Also adds decryption capability to encrypt-config tool. This closes #2376. Signed-off-by: Andy LoPresto> Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16316823#comment-16316823 ] ASF GitHub Bot commented on NIFI-4708: -- Github user asfgit closed the pull request at: https://github.com/apache/nifi/pull/2376 > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16316797#comment-16316797 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on the issue: https://github.com/apache/nifi/pull/2376 Ran `contrib-check` and all tests pass. Ran a few scenarios using the tool. Everything looks good. The only slight issue was when I intentionally ran with the wrong arguments and it looks like the error message contains the whole option object and stacktrace in addition to the flag, but it's clear enough for a user to understand the issue. ``` hw12203:...assembly/target/nifi-toolkit-1.5.0-SNAPSHOT-bin/nifi-toolkit-1.5.0-SNAPSHOT (pr2376) alopresto 271505s @ 11:01:23 $ ./bin/encrypt-config.sh --nifiRegistry -b /Users/alopresto/Workspace/registry/nifi-registry-assembly/target/nifi-registry-0.0.1-SNAPSHOT-bin/nifi-registry-0.0.1-SNAPSHOT/conf/bootstrap.conf -r /Users/alopresto/Workspace/registry/nifi-registry-assembly/target/nifi-registry-0.0.1-SNAPSHOT-bin/nifi-registry-0.0.1-SNAPSHOT/conf/nifi-registry.properties -R /Users/alopresto/Workspace/registry/nifi-registry-assembly/target/nifi-registry-0.0.1-SNAPSHOT-bin/nifi-registry-0.0.1-SNAPSHOT/conf/nifi-registry-encrypted.properties -v --decrypt 2018-01-08 11:01:40 DEBUG EncryptConfigLogger: Verbose mode is enabled (goes to stderr by default). 2018-01-08 11:01:40 ERROR NiFiRegistryDecryptMode: Encountered an error: Invalid options: --decrypt cannot be used with [[ option: R outputNifiRegistryProperties [ARG] :: The destination nifi-registry.properties file containing protected config values. :: class java.lang.String ]]. It should only be used with -r and one of [-p, -k, -b]. java.lang.RuntimeException: Invalid options: --decrypt cannot be used with [[ option: R outputNifiRegistryProperties [ARG] :: The destination nifi-registry.properties file containing protected config values. :: class java.lang.String ]]. It should only be used with -r and one of [-p, -k, -b]. at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at org.codehaus.groovy.reflection.CachedConstructor.invoke(CachedConstructor.java:80) at org.codehaus.groovy.reflection.CachedConstructor.doConstructorInvoke(CachedConstructor.java:74) at org.codehaus.groovy.runtime.callsite.ConstructorSite$ConstructorSiteNoUnwrap.callConstructor(ConstructorSite.java:84) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallConstructor(CallSiteArray.java:60) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:235) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:247) at org.apache.nifi.toolkit.encryptconfig.NiFiRegistryDecryptMode.run(NiFiRegistryDecryptMode.groovy:63) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite$PogoCachedMethodSite.invoke(PogoMetaMethodSite.java:169) at org.codehaus.groovy.runtime.callsite.PogoMetaMethodSite.call(PogoMetaMethodSite.java:71) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125) at org.apache.nifi.toolkit.encryptconfig.EncryptConfigMain.main(EncryptConfigMain.groovy:109) Invalid options: --decrypt cannot be used with [[ option: R outputNifiRegistryProperties [ARG] :: The destination nifi-registry.properties file containing protected config values. :: class java.lang.String ]]. It should only be used with -r and one of [-p, -k, -b]. ``` +1, merging. > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16316116#comment-16316116 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on the issue: https://github.com/apache/nifi/pull/2376 @alopresto thanks for the thorough review! I've pushed an update that addresses your comments. It also adds a lot of test cases (see NiFiRegistryModeSpec and NiFiRegistryDecryptModeSpec), which cover all the functionality that I intend to expose in this version (ie, [--nifiRegistry [--decrypt] [options]]. Given that I had time to do more testing, I also removed the "experimental" warning output when the new modes are run. Let me know what you think and if you see anything else to improve in this PR. > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313918#comment-16313918 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159983212 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/util/NiFiRegistryIdentityProvidersXmlEncryptor.groovy --- @@ -0,0 +1,105 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig.util + +import groovy.xml.XmlUtil +import org.apache.nifi.properties.SensitivePropertyProvider +import org.slf4j.Logger +import org.slf4j.LoggerFactory +import org.xml.sax.SAXException + +class NiFiRegistryIdentityProvidersXmlEncryptor extends XmlEncryptor { + +private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryIdentityProvidersXmlEncryptor.class) + +private static final String LDAP_PROVIDER_CLASS = "org.apache.nifi.registry.security.ldap.LdapIdentityProvider" +private static final String LDAP_PROVIDER_REGEX = /(?s)(?:(?!).)*?\s*org\.apache\.nifi\.registry\.security\.ldap\.LdapIdentityProvider.*?<\/provider>/ +/* Explanation of LDAP_PROVIDER_REGEX: + * (?s) -> single-line mode (i.e., `.` in regex matches newlines) + * -> find occurrence of `` literally (case-sensitive) + * (?: ... )-> group but do not capture submatch + * (?! ... )-> negative lookahead + * (?:(?!).)*?-> find everything until a new `` starts. This is for not selecting multiple providers in one match + * -> find occurrence of `` literally (case-sensitive) + * \s* -> find any whitespace + * org\.apache\.nifi\.registry\.security\.ldap\.LdapIdentityProvider + *-> find occurrence of `org.apache.nifi.registry.security.ldap.LdapIdentityProvider` literally (case-sensitive) + * .*? -> find everything as needed up until and including occurrence of `` + */ + +NiFiRegistryIdentityProvidersXmlEncryptor(SensitivePropertyProvider encryptionProvider, SensitivePropertyProvider decryptionProvider) { +super(encryptionProvider, decryptionProvider) +} + +@Override +String encrypt(String plainXmlContent) { --- End diff -- - [ ] Add Javadoc to sub-classes of XMLEncryptor > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313914#comment-16313914 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159982870 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/util/NiFiRegistryIdentityProvidersXmlEncryptor.groovy --- @@ -0,0 +1,105 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig.util + +import groovy.xml.XmlUtil +import org.apache.nifi.properties.SensitivePropertyProvider +import org.slf4j.Logger +import org.slf4j.LoggerFactory +import org.xml.sax.SAXException + +class NiFiRegistryIdentityProvidersXmlEncryptor extends XmlEncryptor { + +private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryIdentityProvidersXmlEncryptor.class) + +private static final String LDAP_PROVIDER_CLASS = "org.apache.nifi.registry.security.ldap.LdapIdentityProvider" +private static final String LDAP_PROVIDER_REGEX = /(?s)(?:(?!).)*?\s*org\.apache\.nifi\.registry\.security\.ldap\.LdapIdentityProvider.*?<\/provider>/ +/* Explanation of LDAP_PROVIDER_REGEX: + * (?s) -> single-line mode (i.e., `.` in regex matches newlines) + * -> find occurrence of `` literally (case-sensitive) + * (?: ... )-> group but do not capture submatch + * (?! ... )-> negative lookahead + * (?:(?!).)*?-> find everything until a new `` starts. This is for not selecting multiple providers in one match + * -> find occurrence of `` literally (case-sensitive) + * \s* -> find any whitespace + * org\.apache\.nifi\.registry\.security\.ldap\.LdapIdentityProvider + *-> find occurrence of `org.apache.nifi.registry.security.ldap.LdapIdentityProvider` literally (case-sensitive) + * .*? -> find everything as needed up until and including occurrence of `` + */ + +NiFiRegistryIdentityProvidersXmlEncryptor(SensitivePropertyProvider encryptionProvider, SensitivePropertyProvider decryptionProvider) { +super(encryptionProvider, decryptionProvider) +} + +@Override +String encrypt(String plainXmlContent) { --- End diff -- Add Javadoc explaining operation of overriding method and why custom implementation is necessary. > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313911#comment-16313911 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159982754 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/util/NiFiRegistryAuthorizersXmlEncryptor.groovy --- @@ -0,0 +1,106 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig.util + +import groovy.xml.XmlUtil +import org.apache.nifi.properties.SensitivePropertyProvider +import org.slf4j.Logger +import org.slf4j.LoggerFactory +import org.xml.sax.SAXException + +class NiFiRegistryAuthorizersXmlEncryptor extends XmlEncryptor { + +private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryAuthorizersXmlEncryptor.class) + +private static final String LDAP_USER_GROUP_PROVIDER_CLASS = "org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider" +private static final String LDAP_USER_GROUP_PROVIDER_REGEX = + /(?s)(?:(?!).)*?\s*org\.apache\.nifi\.registry\.security\.ldap\.tenants\.LdapUserGroupProvider.*?<\/userGroupProvider>/ +/* Explanation of LDAP_USER_GROUP_PROVIDER_REGEX: + * (?s) -> single-line mode (i.e., `.` in regex matches newlines) + * -> find occurrence of `` literally (case-sensitive) + * (?: ... )-> group but do not capture submatch + * (?! ... )-> negative lookahead + * (?:(?!).)*? -> find everything until a new `` starts. This is for not selecting multiple userGroupProviders in one match + * -> find occurrence of `` literally (case-sensitive) + * \s* -> find any whitespace + * org\.apache\.nifi\.registry\.security\.ldap\.tenants\.LdapUserGroupProvider + *-> find occurrence of `org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider` literally (case-sensitive) + * .*? -> find everything as needed up until and including occurrence of '' + */ + +NiFiRegistryAuthorizersXmlEncryptor(SensitivePropertyProvider encryptionProvider, SensitivePropertyProvider decryptionProvider) { +super(encryptionProvider, decryptionProvider) +} + +@Override --- End diff -- Add Javadoc explaining operation of overriding method and why custom implementation is necessary. > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313910#comment-16313910 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159982745 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryMode.groovy --- @@ -0,0 +1,383 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.commons.cli.Options +import org.apache.http.annotation.Experimental +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.properties.SensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryAuthorizersXmlEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryIdentityProvidersXmlEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryPropertiesEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.apache.nifi.util.console.TextDevices +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +@Experimental +class NiFiRegistryMode implements ToolMode { + +private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryMode.class) + +CliBuilder cli + +NiFiRegistryMode() { +cli = cliBuilder() +} + +//private void printUsage(String message = "") { +//if (message) { +//System.out.println(message) +//System.out.println() +//} +//cli.usage() +//} + +@Override +void run(String[] args) { +logger.warn("The NiFi Registry capabilities of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +EncryptConfigMain.printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +Configuration config = new Configuration(options) +run(config) + +} catch (Exception e) { +logger.error("Encountered an error: ${e.getMessage()}") +logger.debug("", e) // stack trace only when verbose enabled +EncryptConfigMain.printUsageAndExit(e.getMessage(), EncryptConfigMain.EXIT_STATUS_FAILURE) +} +} + +void run(Configuration config) throws Exception { + +if (config.usingPassword) { +logger.info("Using encryption key derived from password.") +} else if (config.usingRawKeyHex) { +logger.info("Using encryption key provided.") +} else if (config.usingBootstrapKey) { +logger.info("Using encryption key from input bootstrap.conf.") +} + +logger.debug("(src) bootstrap.conf: ${config.inputBootstrapPath}") +logger.debug("(dest) bootstrap.conf: ${config.outputBootstrapPath}") +logger.debug("(src) nifi.properties: ${config.inputNiFiRegistryPropertiesPath}") --- End diff -- - [ ] fix file label > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313908#comment-16313908 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159982577 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryMode.groovy --- @@ -0,0 +1,383 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.commons.cli.Options +import org.apache.http.annotation.Experimental +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.properties.SensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryAuthorizersXmlEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryIdentityProvidersXmlEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryPropertiesEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.apache.nifi.util.console.TextDevices +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +@Experimental +class NiFiRegistryMode implements ToolMode { + +private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryMode.class) + +CliBuilder cli + +NiFiRegistryMode() { +cli = cliBuilder() +} + +//private void printUsage(String message = "") { +//if (message) { +//System.out.println(message) +//System.out.println() +//} +//cli.usage() +//} + +@Override +void run(String[] args) { +logger.warn("The NiFi Registry capabilities of this tool is still considered experimental. The results should be manually verified.") --- End diff -- - [ ] fix typo > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313907#comment-16313907 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159982520 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy --- @@ -0,0 +1,143 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +/** + * A special DecryptMode that can run using NiFiRegistry CLI Options + */ +class NiFiRegistryDecryptMode extends DecryptMode { + +private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryDecryptMode.class) + +CliBuilder cli + +NiFiRegistryDecryptMode() { +cli = NiFiRegistryMode.cliBuilder() +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +EncryptConfigMain.printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration() + +/* Invalid fields when used with --decrypt: */ +def invalidDecryptOptions = ["i", "a"] +def presentInvalidOptions = Arrays.stream(options.getInner().getOptions()).findAll { +invalidDecryptOptions.contains(it.getOpt()) +} +if (presentInvalidOptions.size() > 0) { +throw new RuntimeException("Invalid options: ${EncryptConfigMain.DECRYPT_OPT} cannot be used with [${presentInvalidOptions.join(", ")}]. It should only be used with [-r].") +} + +/* Required fields when using --decrypt */ +// registryPropertiesFile (-r) +if (!options.r) { +throw new RuntimeException("Invalid options: Input nifiRegistryProperties (-r) is required when using --decrypt") +} +config.inputFilePath = options.r +config.fileType = FileType.properties // disables auto-detection, which is still experimental + +// one of [--oldPassword, --oldKey] or [-p, -k, -bAdd support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313893#comment-16313893 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159981266 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy --- @@ -0,0 +1,143 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +/** + * A special DecryptMode that can run using NiFiRegistry CLI Options + */ +class NiFiRegistryDecryptMode extends DecryptMode { + +private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryDecryptMode.class) + +CliBuilder cli + +NiFiRegistryDecryptMode() { +cli = NiFiRegistryMode.cliBuilder() +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +EncryptConfigMain.printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration() + +/* Invalid fields when used with --decrypt: */ +def invalidDecryptOptions = ["i", "a"] +def presentInvalidOptions = Arrays.stream(options.getInner().getOptions()).findAll { +invalidDecryptOptions.contains(it.getOpt()) +} +if (presentInvalidOptions.size() > 0) { +throw new RuntimeException("Invalid options: ${EncryptConfigMain.DECRYPT_OPT} cannot be used with [${presentInvalidOptions.join(", ")}]. It should only be used with [-r].") +} + +/* Required fields when using --decrypt */ +// registryPropertiesFile (-r) +if (!options.r) { +throw new RuntimeException("Invalid options: Input nifiRegistryProperties (-r) is required when using --decrypt") +} +config.inputFilePath = options.r +config.fileType = FileType.properties // disables auto-detection, which is still experimental + +// one of [--oldPassword, --oldKey] or [-p, -k, -b
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313892#comment-16313892 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159980870 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy --- @@ -0,0 +1,143 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +/** + * A special DecryptMode that can run using NiFiRegistry CLI Options + */ +class NiFiRegistryDecryptMode extends DecryptMode { + +private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryDecryptMode.class) + +CliBuilder cli + +NiFiRegistryDecryptMode() { +cli = NiFiRegistryMode.cliBuilder() +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +EncryptConfigMain.printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration() + +/* Invalid fields when used with --decrypt: */ +def invalidDecryptOptions = ["i", "a"] +def presentInvalidOptions = Arrays.stream(options.getInner().getOptions()).findAll { +invalidDecryptOptions.contains(it.getOpt()) +} +if (presentInvalidOptions.size() > 0) { +throw new RuntimeException("Invalid options: ${EncryptConfigMain.DECRYPT_OPT} cannot be used with [${presentInvalidOptions.join(", ")}]. It should only be used with [-r].") +} + +/* Required fields when using --decrypt */ +// registryPropertiesFile (-r) +if (!options.r) { +throw new RuntimeException("Invalid options: Input nifiRegistryProperties (-r) is required when using --decrypt") +} +config.inputFilePath = options.r +config.fileType = FileType.properties // disables auto-detection, which is still experimental + +// one of [--oldPassword, --oldKey] or [-p, -k, -b
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313868#comment-16313868 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159978704 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy --- @@ -0,0 +1,143 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +/** + * A special DecryptMode that can run using NiFiRegistry CLI Options + */ +class NiFiRegistryDecryptMode extends DecryptMode { + +private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryDecryptMode.class) + +CliBuilder cli + +NiFiRegistryDecryptMode() { +cli = NiFiRegistryMode.cliBuilder() +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +EncryptConfigMain.printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration() + +/* Invalid fields when used with --decrypt: */ +def invalidDecryptOptions = ["i", "a"] +def presentInvalidOptions = Arrays.stream(options.getInner().getOptions()).findAll { +invalidDecryptOptions.contains(it.getOpt()) +} +if (presentInvalidOptions.size() > 0) { +throw new RuntimeException("Invalid options: ${EncryptConfigMain.DECRYPT_OPT} cannot be used with [${presentInvalidOptions.join(", ")}]. It should only be used with [-r].") +} + +/* Required fields when using --decrypt */ +// registryPropertiesFile (-r) +if (!options.r) { +throw new RuntimeException("Invalid options: Input nifiRegistryProperties (-r) is required when using --decrypt") +} +config.inputFilePath = options.r +config.fileType = FileType.properties // disables auto-detection, which is still experimental + +// one of [--oldPassword, --oldKey] or [-p, -k, -bAdd support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313867#comment-16313867 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159978565 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/EncryptConfigMain.groovy --- @@ -0,0 +1,145 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.commons.cli.Options +import org.apache.nifi.properties.ConfigEncryptionTool +import org.bouncycastle.jce.provider.BouncyCastleProvider +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +import java.security.Security + +class EncryptConfigMain { + +private static final Logger logger = LoggerFactory.getLogger(EncryptConfigMain.class) + +static final int EXIT_STATUS_SUCCESS = 0 +static final int EXIT_STATUS_FAILURE = -1 +static final int EXIT_STATUS_OTHER = 1 + +static final String NIFI_REGISTRY_OPT = "nifiRegistry" +static final String NIFI_REGISTRY_FLAG = "--${NIFI_REGISTRY_OPT}".toString() +static final String DECRYPT_OPT = "decrypt" +static final String DECRYPT_FLAG = "--${DECRYPT_OPT}".toString() + +static final int HELP_FORMAT_WIDTH = 160 + +// Access should only be through static methods +private EncryptConfigMain() { +} + +static printUsage(String message = "") { + +if (message) { +System.out.println(message) +System.out.println() +} + +String header = "\nThis tool enables easy encryption and decryption of configuration files for NiFi and its sub-projects. " + +"Unprotected files can be input to this tool to be protected by a key in a manner that is understood by NiFi. " + +"Protected files, along with a key, can be input to this tool to be unprotected, for troubleshooting or automation purposes.\n\n" + +def options = new Options() +options.addOption("h", "help", false, "Show usage information (this message)") +options.addOption(null, NIFI_REGISTRY_OPT, false, "Specifies to target NiFi Registry. When this flag is not included, NiFi is the target.") + +HelpFormatter helpFormatter = new HelpFormatter() +helpFormatter.setWidth(160) +helpFormatter.setOptionComparator(null) + helpFormatter.printHelp("${EncryptConfigMain.class.getCanonicalName()} [-h] [options]", header, options, "\n") +System.out.println() + +helpFormatter.setSyntaxPrefix("") // disable "usage: " prefix for the following outputs + +Options nifiModeOptions = ConfigEncryptionTool.getCliOptions() +helpFormatter.printHelp( +"When targeting NiFi:", +nifiModeOptions, +false) +System.out.println() + +Options nifiRegistryModeOptions = NiFiRegistryMode.getCliOptions() +nifiRegistryModeOptions.addOption(null, DECRYPT_OPT, false, "Can be used with -r to decrypt a previously encrypted NiFi Registry Properties file. Decrypted content is printed to STDOUT.") +helpFormatter.printHelp( +"When targeting NiFi Registry using the ${NIFI_REGISTRY_FLAG} flag:", +nifiRegistryModeOptions, +false) +System.out.println() + +//String footer = """ +//| +//|Encrypt a NiFi Registry properties using a password: +//|encrypt-config -p -b /path/to/nifi/conf/bootstrap.conf -r /path/to/nifi/conf/nifi.properties +//| +//|""".stripMargin() +
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313859#comment-16313859 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159977391 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/EncryptConfigMain.groovy --- @@ -0,0 +1,145 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.commons.cli.Options +import org.apache.nifi.properties.ConfigEncryptionTool +import org.bouncycastle.jce.provider.BouncyCastleProvider +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +import java.security.Security + +class EncryptConfigMain { + +private static final Logger logger = LoggerFactory.getLogger(EncryptConfigMain.class) + +static final int EXIT_STATUS_SUCCESS = 0 +static final int EXIT_STATUS_FAILURE = -1 +static final int EXIT_STATUS_OTHER = 1 + +static final String NIFI_REGISTRY_OPT = "nifiRegistry" +static final String NIFI_REGISTRY_FLAG = "--${NIFI_REGISTRY_OPT}".toString() +static final String DECRYPT_OPT = "decrypt" +static final String DECRYPT_FLAG = "--${DECRYPT_OPT}".toString() + +static final int HELP_FORMAT_WIDTH = 160 + +// Access should only be through static methods +private EncryptConfigMain() { +} + +static printUsage(String message = "") { + +if (message) { +System.out.println(message) +System.out.println() +} + +String header = "\nThis tool enables easy encryption and decryption of configuration files for NiFi and its sub-projects. " + +"Unprotected files can be input to this tool to be protected by a key in a manner that is understood by NiFi. " + +"Protected files, along with a key, can be input to this tool to be unprotected, for troubleshooting or automation purposes.\n\n" + +def options = new Options() +options.addOption("h", "help", false, "Show usage information (this message)") +options.addOption(null, NIFI_REGISTRY_OPT, false, "Specifies to target NiFi Registry. When this flag is not included, NiFi is the target.") + +HelpFormatter helpFormatter = new HelpFormatter() +helpFormatter.setWidth(160) +helpFormatter.setOptionComparator(null) + helpFormatter.printHelp("${EncryptConfigMain.class.getCanonicalName()} [-h] [options]", header, options, "\n") +System.out.println() + +helpFormatter.setSyntaxPrefix("") // disable "usage: " prefix for the following outputs + +Options nifiModeOptions = ConfigEncryptionTool.getCliOptions() +helpFormatter.printHelp( +"When targeting NiFi:", +nifiModeOptions, +false) +System.out.println() + +Options nifiRegistryModeOptions = NiFiRegistryMode.getCliOptions() +nifiRegistryModeOptions.addOption(null, DECRYPT_OPT, false, "Can be used with -r to decrypt a previously encrypted NiFi Registry Properties file. Decrypted content is printed to STDOUT.") +helpFormatter.printHelp( +"When targeting NiFi Registry using the ${NIFI_REGISTRY_FLAG} flag:", +nifiRegistryModeOptions, +false) +System.out.println() + +//String footer = """ --- End diff -- - [ ] remove dead code in EMC > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL:
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313856#comment-16313856 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159977131 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/EncryptConfigLogger.groovy --- @@ -0,0 +1,93 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.log4j.LogManager +import org.apache.log4j.PropertyConfigurator +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +class EncryptConfigLogger { + +private static final Logger logger = LoggerFactory.getLogger(EncryptConfigLogger.class) + +/** + * Configures the logger. + * + * The nifi-toolkit module uses log4j, which will be configured to append all + * log output to the system STDERR. The log level can be specified using the verboseEnabled + * argument. A value of true will set the log level to DEBUG, a value of + * false will set the log level to INFO. + * + * @param verboseEnabled flag to indicate if verbose mode is enabled, which sets the log level to DEBUG + */ +static configureLogger(boolean verboseEnabled) { + +Properties log4jProps = null +URL log4jPropsPath = this.getClass().getResource("log4j.properties") +if (log4jPropsPath) { +try { +log4jPropsPath.withReader { reader -> +log4jProps = new Properties() +log4jProps.load(reader) +} +} catch (IOException e) { +// do nothing, we will fallback to hardcoded defaults below +} +} + +if (!log4jProps) { +log4jProps = defaultProperties() +} + +if (verboseEnabled) { +// Override the log level for this package. For this to work as intended, this class must belong +// to the same package (or a parent package) of all the encrypt-config classes +log4jProps.put("log4j.logger." + EncryptConfigLogger.class.package.name, "DEBUG") +} + +LogManager.resetConfiguration() +PropertyConfigurator.configure(log4jProps) + +if (verboseEnabled) { +logger.debug("Verbose mode is enabled (goes to stderr by default).") +} +} + +/** + * A copy of the settings in /src/main/resources/log4j.properties, in case that is not on the classpath at runtime + * @return Properties containing the default properties for Log4j + */ +static Properties defaultProperties() { +Properties defaultProperties = new Properties() + +defaultProperties.setProperty("log4j.rootLogger", "INFO,console") + +defaultProperties.setProperty("log4j.appender.console", "org.apache.log4j.ConsoleAppender") +defaultProperties.setProperty("log4j.appender.console.Target", "System.err") +defaultProperties.setProperty("log4j.appender.console.layout", "org.apache.log4j.PatternLayout") + defaultProperties.setProperty("log4j.appender.console.layout.ConversionPattern", "%d{-mm-dd HH:mm:ss} %p %c{1}: %m%n") + +return defaultProperties +} + --- End diff -- - [ ] Format code > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313855#comment-16313855 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159977055 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy --- @@ -0,0 +1,322 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.properties.SensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor +import org.apache.nifi.util.console.TextDevices +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +class DecryptMode implements ToolMode { + +private static final Logger logger = LoggerFactory.getLogger(DecryptMode.class) + +enum FileType { +properties, +xml +} + +CliBuilder cli + +DecryptMode() { +cli = cliBuilder() +} + +void printUsage(String message = "") { +if (message) { +System.out.println(message) +System.out.println() +} +cli.usage() +} + +void printUsageAndExit(String message = "", int exitStatusCode) { +printUsage(message) +System.exit(exitStatusCode) +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration(options) + +run(config) + +} catch (Exception e) { +logger.error("Encountered an error: ${e.getMessage()}") +logger.debug("", e) // stack trace only when verbose enabled +printUsageAndExit(e.getMessage(), EncryptConfigMain.EXIT_STATUS_FAILURE) +} +} + +void run(DecryptConfiguration config) throws Exception { + +if (!config.fileType) { + +// Try to load the input file to auto-detect the file type +boolean isPropertiesFile = PropertiesEncryptor.supportsFile(config.inputFilePath) + +boolean isXmlFile = XmlEncryptor.supportsFile(config.inputFilePath) + +if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, isXmlFile)) { +if (isPropertiesFile) { +config.fileType = FileType.properties +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.properties}") +} +if (isXmlFile) { +config.fileType = FileType.xml +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.xml}") +} +} + +// Could we successfully auto-detect? +if (!config.fileType) { +throw new RuntimeException("Auto-detection of input file type failed. Please re-run the tool specifying the file type with the -t/--fileType flag.") +} +} +
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313847#comment-16313847 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159976358 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy --- @@ -0,0 +1,322 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.properties.SensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor +import org.apache.nifi.util.console.TextDevices +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +class DecryptMode implements ToolMode { + +private static final Logger logger = LoggerFactory.getLogger(DecryptMode.class) + +enum FileType { +properties, +xml +} + +CliBuilder cli + +DecryptMode() { +cli = cliBuilder() +} + +void printUsage(String message = "") { +if (message) { +System.out.println(message) +System.out.println() +} +cli.usage() +} + +void printUsageAndExit(String message = "", int exitStatusCode) { +printUsage(message) +System.exit(exitStatusCode) +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration(options) + +run(config) + +} catch (Exception e) { +logger.error("Encountered an error: ${e.getMessage()}") +logger.debug("", e) // stack trace only when verbose enabled +printUsageAndExit(e.getMessage(), EncryptConfigMain.EXIT_STATUS_FAILURE) +} +} + +void run(DecryptConfiguration config) throws Exception { + +if (!config.fileType) { + +// Try to load the input file to auto-detect the file type +boolean isPropertiesFile = PropertiesEncryptor.supportsFile(config.inputFilePath) + +boolean isXmlFile = XmlEncryptor.supportsFile(config.inputFilePath) + +if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, isXmlFile)) { +if (isPropertiesFile) { +config.fileType = FileType.properties +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.properties}") +} +if (isXmlFile) { +config.fileType = FileType.xml +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.xml}") +} +} + +// Could we successfully auto-detect? +if (!config.fileType) { +throw new RuntimeException("Auto-detection of input file type failed. Please re-run the tool specifying the file type with the -t/--fileType flag.") +} +} +
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313846#comment-16313846 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159976301 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy --- @@ -0,0 +1,322 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.properties.SensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor +import org.apache.nifi.util.console.TextDevices +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +class DecryptMode implements ToolMode { + +private static final Logger logger = LoggerFactory.getLogger(DecryptMode.class) + +enum FileType { +properties, +xml +} + +CliBuilder cli + +DecryptMode() { +cli = cliBuilder() +} + +void printUsage(String message = "") { +if (message) { +System.out.println(message) +System.out.println() +} +cli.usage() +} + +void printUsageAndExit(String message = "", int exitStatusCode) { +printUsage(message) +System.exit(exitStatusCode) +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration(options) + +run(config) + +} catch (Exception e) { +logger.error("Encountered an error: ${e.getMessage()}") +logger.debug("", e) // stack trace only when verbose enabled +printUsageAndExit(e.getMessage(), EncryptConfigMain.EXIT_STATUS_FAILURE) +} +} + +void run(DecryptConfiguration config) throws Exception { + +if (!config.fileType) { + +// Try to load the input file to auto-detect the file type +boolean isPropertiesFile = PropertiesEncryptor.supportsFile(config.inputFilePath) + +boolean isXmlFile = XmlEncryptor.supportsFile(config.inputFilePath) + +if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, isXmlFile)) { +if (isPropertiesFile) { +config.fileType = FileType.properties +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.properties}") +} +if (isXmlFile) { +config.fileType = FileType.xml +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.xml}") +} +} + +// Could we successfully auto-detect? +if (!config.fileType) { +throw new RuntimeException("Auto-detection of input file type failed. Please re-run the tool specifying the file type with the -t/--fileType flag.") +} +} +
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313844#comment-16313844 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159976150 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy --- @@ -0,0 +1,322 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.properties.SensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor +import org.apache.nifi.util.console.TextDevices +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +class DecryptMode implements ToolMode { + +private static final Logger logger = LoggerFactory.getLogger(DecryptMode.class) + +enum FileType { +properties, +xml +} + +CliBuilder cli + +DecryptMode() { +cli = cliBuilder() +} + +void printUsage(String message = "") { +if (message) { +System.out.println(message) +System.out.println() +} +cli.usage() +} + +void printUsageAndExit(String message = "", int exitStatusCode) { +printUsage(message) +System.exit(exitStatusCode) +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration(options) + +run(config) + +} catch (Exception e) { +logger.error("Encountered an error: ${e.getMessage()}") +logger.debug("", e) // stack trace only when verbose enabled +printUsageAndExit(e.getMessage(), EncryptConfigMain.EXIT_STATUS_FAILURE) +} +} + +void run(DecryptConfiguration config) throws Exception { + +if (!config.fileType) { + +// Try to load the input file to auto-detect the file type +boolean isPropertiesFile = PropertiesEncryptor.supportsFile(config.inputFilePath) + +boolean isXmlFile = XmlEncryptor.supportsFile(config.inputFilePath) + +if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, isXmlFile)) { +if (isPropertiesFile) { +config.fileType = FileType.properties +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.properties}") +} +if (isXmlFile) { +config.fileType = FileType.xml +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.xml}") +} +} + +// Could we successfully auto-detect? +if (!config.fileType) { +throw new RuntimeException("Auto-detection of input file type failed. Please re-run the tool specifying the file type with the -t/--fileType flag.") +} +} +
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313839#comment-16313839 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159975116 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy --- @@ -0,0 +1,322 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.properties.SensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor +import org.apache.nifi.util.console.TextDevices +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +class DecryptMode implements ToolMode { + +private static final Logger logger = LoggerFactory.getLogger(DecryptMode.class) + +enum FileType { +properties, +xml +} + +CliBuilder cli + +DecryptMode() { +cli = cliBuilder() +} + +void printUsage(String message = "") { +if (message) { +System.out.println(message) +System.out.println() +} +cli.usage() +} + +void printUsageAndExit(String message = "", int exitStatusCode) { +printUsage(message) +System.exit(exitStatusCode) +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration(options) + +run(config) + +} catch (Exception e) { +logger.error("Encountered an error: ${e.getMessage()}") +logger.debug("", e) // stack trace only when verbose enabled --- End diff -- Good call. - [ ] Change error logging to got to error, wrap in conditional if it depends on verbose > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313835#comment-16313835 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159974781 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryMode.groovy --- @@ -0,0 +1,383 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.commons.cli.Options +import org.apache.http.annotation.Experimental +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.properties.SensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryAuthorizersXmlEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryIdentityProvidersXmlEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryPropertiesEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.apache.nifi.util.console.TextDevices +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +@Experimental +class NiFiRegistryMode implements ToolMode { + +private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryMode.class) + +CliBuilder cli + +NiFiRegistryMode() { +cli = cliBuilder() +} + +//private void printUsage(String message = "") { +//if (message) { +//System.out.println(message) +//System.out.println() +//} +//cli.usage() +//} + +@Override +void run(String[] args) { +logger.warn("The NiFi Registry capabilities of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +EncryptConfigMain.printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +Configuration config = new Configuration(options) +run(config) + +} catch (Exception e) { +logger.error("Encountered an error: ${e.getMessage()}") +logger.debug("", e) // stack trace only when verbose enabled +EncryptConfigMain.printUsageAndExit(e.getMessage(), EncryptConfigMain.EXIT_STATUS_FAILURE) +} +} + +void run(Configuration config) throws Exception { + +if (config.usingPassword) { +logger.info("Using encryption key derived from password.") +} else if (config.usingRawKeyHex) { +logger.info("Using encryption key provided.") +} else if (config.usingBootstrapKey) { +logger.info("Using encryption key from input bootstrap.conf.") +} + +logger.debug("(src) bootstrap.conf: ${config.inputBootstrapPath}") +logger.debug("(dest) bootstrap.conf: ${config.outputBootstrapPath}") +logger.debug("(src) nifi.properties: ${config.inputNiFiRegistryPropertiesPath}") +logger.debug("(dest) nifi.properties: ${config.outputNiFiRegistryPropertiesPath}") +logger.debug("(src) identity-providers.xml: ${config.inputIdentityProvidersPath}") +logger.debug("(dest) identity-providers.xml: ${config.outputIdentityProvidersPath}") +logger.debug("(src) authorizers.xml: ${config.inputAuthorizersPath}") +logger.debug("(dest) authorizers.xml: ${config.outputAuthorizersPath}") + +
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313828#comment-16313828 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159973528 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/util/BootstrapUtil.groovy --- @@ -0,0 +1,132 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig.util + +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +class BootstrapUtil { + +static final String NIFI_BOOTSTRAP_KEY_PROPERTY = "nifi.bootstrap.sensitive.key"; +static final String REGISTRY_BOOTSTRAP_KEY_PROPERTY = "nifi.registry.bootstrap.sensitive.key"; + +private static final Logger logger = LoggerFactory.getLogger(BootstrapUtil.class) + +private static final String BOOTSTRAP_KEY_COMMENT = "# Master key in hexadecimal format for encrypted sensitive configuration values" + +/** + * Tries to load keyHex from input bootstrap.conf + * + * @return keyHex, if present in input bootstrap file; otherwise, null + */ +static String extractKeyFromBootstrapFile(String inputBootstrapPath, String bootstrapKeyPropertyName) throws IOException { + +File inputBootstrapConfFile +if (!(inputBootstrapPath && (inputBootstrapConfFile = new File(inputBootstrapPath)).exists() && inputBootstrapConfFile.canRead())) { --- End diff -- Good catch, will change this to use the utility method `ToolUtilities.canRead(File)` method used elsewhere > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313825#comment-16313825 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159972582 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/util/BootstrapUtil.groovy --- @@ -0,0 +1,132 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig.util + +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +class BootstrapUtil { + +static final String NIFI_BOOTSTRAP_KEY_PROPERTY = "nifi.bootstrap.sensitive.key"; +static final String REGISTRY_BOOTSTRAP_KEY_PROPERTY = "nifi.registry.bootstrap.sensitive.key"; + +private static final Logger logger = LoggerFactory.getLogger(BootstrapUtil.class) + +private static final String BOOTSTRAP_KEY_COMMENT = "# Master key in hexadecimal format for encrypted sensitive configuration values" + +/** + * Tries to load keyHex from input bootstrap.conf + * + * @return keyHex, if present in input bootstrap file; otherwise, null + */ +static String extractKeyFromBootstrapFile(String inputBootstrapPath, String bootstrapKeyPropertyName) throws IOException { + +File inputBootstrapConfFile +if (!(inputBootstrapPath && (inputBootstrapConfFile = new File(inputBootstrapPath)).exists() && inputBootstrapConfFile.canRead())) { --- End diff -- Not required for this PR, but in the future this is a good anti-pattern for extracting the control logic to a boolean checker method like `isInputBootstrapConfValid()`. > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313728#comment-16313728 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159961459 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryMode.groovy --- @@ -0,0 +1,383 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.commons.cli.Options +import org.apache.http.annotation.Experimental +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.properties.SensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryAuthorizersXmlEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryIdentityProvidersXmlEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryPropertiesEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.apache.nifi.util.console.TextDevices +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +@Experimental +class NiFiRegistryMode implements ToolMode { + +private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryMode.class) + +CliBuilder cli + +NiFiRegistryMode() { +cli = cliBuilder() +} + +//private void printUsage(String message = "") { +//if (message) { +//System.out.println(message) +//System.out.println() +//} +//cli.usage() +//} + +@Override +void run(String[] args) { +logger.warn("The NiFi Registry capabilities of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +EncryptConfigMain.printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +Configuration config = new Configuration(options) +run(config) + +} catch (Exception e) { +logger.error("Encountered an error: ${e.getMessage()}") +logger.debug("", e) // stack trace only when verbose enabled +EncryptConfigMain.printUsageAndExit(e.getMessage(), EncryptConfigMain.EXIT_STATUS_FAILURE) +} +} + +void run(Configuration config) throws Exception { + +if (config.usingPassword) { +logger.info("Using encryption key derived from password.") +} else if (config.usingRawKeyHex) { +logger.info("Using encryption key provided.") +} else if (config.usingBootstrapKey) { +logger.info("Using encryption key from input bootstrap.conf.") +} + +logger.debug("(src) bootstrap.conf: ${config.inputBootstrapPath}") +logger.debug("(dest) bootstrap.conf: ${config.outputBootstrapPath}") +logger.debug("(src) nifi.properties: ${config.inputNiFiRegistryPropertiesPath}") --- End diff -- This line and the next should print `nifi-registry.properties`. > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran >
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313727#comment-16313727 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159961206 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryMode.groovy --- @@ -0,0 +1,383 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.commons.cli.Options +import org.apache.http.annotation.Experimental +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.properties.SensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryAuthorizersXmlEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryIdentityProvidersXmlEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.NiFiRegistryPropertiesEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.apache.nifi.util.console.TextDevices +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +@Experimental +class NiFiRegistryMode implements ToolMode { + +private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryMode.class) + +CliBuilder cli + +NiFiRegistryMode() { +cli = cliBuilder() +} + +//private void printUsage(String message = "") { +//if (message) { +//System.out.println(message) +//System.out.println() +//} +//cli.usage() +//} + +@Override +void run(String[] args) { +logger.warn("The NiFi Registry capabilities of this tool is still considered experimental. The results should be manually verified.") --- End diff -- ...capabilities of this tool *are* still considered experimental. > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313716#comment-16313716 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159959534 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy --- @@ -0,0 +1,143 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +/** + * A special DecryptMode that can run using NiFiRegistry CLI Options + */ +class NiFiRegistryDecryptMode extends DecryptMode { + +private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryDecryptMode.class) + +CliBuilder cli + +NiFiRegistryDecryptMode() { +cli = NiFiRegistryMode.cliBuilder() +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +EncryptConfigMain.printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration() + +/* Invalid fields when used with --decrypt: */ +def invalidDecryptOptions = ["i", "a"] +def presentInvalidOptions = Arrays.stream(options.getInner().getOptions()).findAll { +invalidDecryptOptions.contains(it.getOpt()) +} +if (presentInvalidOptions.size() > 0) { +throw new RuntimeException("Invalid options: ${EncryptConfigMain.DECRYPT_OPT} cannot be used with [${presentInvalidOptions.join(", ")}]. It should only be used with [-r].") +} + +/* Required fields when using --decrypt */ +// registryPropertiesFile (-r) +if (!options.r) { +throw new RuntimeException("Invalid options: Input nifiRegistryProperties (-r) is required when using --decrypt") +} +config.inputFilePath = options.r +config.fileType = FileType.properties // disables auto-detection, which is still experimental + +// one of [--oldPassword, --oldKey] or [-p, -k, -b
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313715#comment-16313715 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159959488 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy --- @@ -0,0 +1,143 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +/** + * A special DecryptMode that can run using NiFiRegistry CLI Options + */ +class NiFiRegistryDecryptMode extends DecryptMode { + +private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryDecryptMode.class) + +CliBuilder cli + +NiFiRegistryDecryptMode() { +cli = NiFiRegistryMode.cliBuilder() +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +EncryptConfigMain.printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration() + +/* Invalid fields when used with --decrypt: */ +def invalidDecryptOptions = ["i", "a"] +def presentInvalidOptions = Arrays.stream(options.getInner().getOptions()).findAll { +invalidDecryptOptions.contains(it.getOpt()) +} +if (presentInvalidOptions.size() > 0) { +throw new RuntimeException("Invalid options: ${EncryptConfigMain.DECRYPT_OPT} cannot be used with [${presentInvalidOptions.join(", ")}]. It should only be used with [-r].") +} + +/* Required fields when using --decrypt */ +// registryPropertiesFile (-r) +if (!options.r) { +throw new RuntimeException("Invalid options: Input nifiRegistryProperties (-r) is required when using --decrypt") +} +config.inputFilePath = options.r +config.fileType = FileType.properties // disables auto-detection, which is still experimental + +// one of [--oldPassword, --oldKey] or [-p, -k, -b
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313695#comment-16313695 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159957605 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy --- @@ -0,0 +1,143 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +/** + * A special DecryptMode that can run using NiFiRegistry CLI Options + */ +class NiFiRegistryDecryptMode extends DecryptMode { + +private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryDecryptMode.class) + +CliBuilder cli + +NiFiRegistryDecryptMode() { +cli = NiFiRegistryMode.cliBuilder() +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +EncryptConfigMain.printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration() + +/* Invalid fields when used with --decrypt: */ +def invalidDecryptOptions = ["i", "a"] +def presentInvalidOptions = Arrays.stream(options.getInner().getOptions()).findAll { +invalidDecryptOptions.contains(it.getOpt()) +} +if (presentInvalidOptions.size() > 0) { +throw new RuntimeException("Invalid options: ${EncryptConfigMain.DECRYPT_OPT} cannot be used with [${presentInvalidOptions.join(", ")}]. It should only be used with [-r].") +} + +/* Required fields when using --decrypt */ +// registryPropertiesFile (-r) +if (!options.r) { +throw new RuntimeException("Invalid options: Input nifiRegistryProperties (-r) is required when using --decrypt") +} +config.inputFilePath = options.r +config.fileType = FileType.properties // disables auto-detection, which is still experimental + +// one of [--oldPassword, --oldKey] or [-p, -k, -bUTF-8 === --- nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy (date 1515148235000) +++ nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy (revision ) @@ -67,77 +67,112 @@ config.inputFilePath = options.r config.fileType = FileType.properties // disables auto-detection, which is still experimental -// one of [--oldPassword, --oldKey] or [-p, -k, -b
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313671#comment-16313671 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159953548 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptMode.groovy --- @@ -0,0 +1,143 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +/** + * A special DecryptMode that can run using NiFiRegistry CLI Options + */ +class NiFiRegistryDecryptMode extends DecryptMode { + +private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryDecryptMode.class) + +CliBuilder cli + +NiFiRegistryDecryptMode() { +cli = NiFiRegistryMode.cliBuilder() +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +EncryptConfigMain.printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration() + +/* Invalid fields when used with --decrypt: */ +def invalidDecryptOptions = ["i", "a"] +def presentInvalidOptions = Arrays.stream(options.getInner().getOptions()).findAll { +invalidDecryptOptions.contains(it.getOpt()) +} +if (presentInvalidOptions.size() > 0) { +throw new RuntimeException("Invalid options: ${EncryptConfigMain.DECRYPT_OPT} cannot be used with [${presentInvalidOptions.join(", ")}]. It should only be used with [-r].") +} + +/* Required fields when using --decrypt */ +// registryPropertiesFile (-r) +if (!options.r) { +throw new RuntimeException("Invalid options: Input nifiRegistryProperties (-r) is required when using --decrypt") +} +config.inputFilePath = options.r +config.fileType = FileType.properties // disables auto-detection, which is still experimental + +// one of [--oldPassword, --oldKey] or [-p, -k, -bAdd support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313475#comment-16313475 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159932352 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/EncryptConfigMain.groovy --- @@ -0,0 +1,145 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.commons.cli.Options +import org.apache.nifi.properties.ConfigEncryptionTool +import org.bouncycastle.jce.provider.BouncyCastleProvider +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +import java.security.Security + +class EncryptConfigMain { + +private static final Logger logger = LoggerFactory.getLogger(EncryptConfigMain.class) + +static final int EXIT_STATUS_SUCCESS = 0 +static final int EXIT_STATUS_FAILURE = -1 +static final int EXIT_STATUS_OTHER = 1 + +static final String NIFI_REGISTRY_OPT = "nifiRegistry" +static final String NIFI_REGISTRY_FLAG = "--${NIFI_REGISTRY_OPT}".toString() +static final String DECRYPT_OPT = "decrypt" +static final String DECRYPT_FLAG = "--${DECRYPT_OPT}".toString() + +static final int HELP_FORMAT_WIDTH = 160 + +// Access should only be through static methods +private EncryptConfigMain() { +} + +static printUsage(String message = "") { + +if (message) { +System.out.println(message) +System.out.println() +} + +String header = "\nThis tool enables easy encryption and decryption of configuration files for NiFi and its sub-projects. " + +"Unprotected files can be input to this tool to be protected by a key in a manner that is understood by NiFi. " + +"Protected files, along with a key, can be input to this tool to be unprotected, for troubleshooting or automation purposes.\n\n" + +def options = new Options() +options.addOption("h", "help", false, "Show usage information (this message)") +options.addOption(null, NIFI_REGISTRY_OPT, false, "Specifies to target NiFi Registry. When this flag is not included, NiFi is the target.") + +HelpFormatter helpFormatter = new HelpFormatter() +helpFormatter.setWidth(160) +helpFormatter.setOptionComparator(null) + helpFormatter.printHelp("${EncryptConfigMain.class.getCanonicalName()} [-h] [options]", header, options, "\n") +System.out.println() + +helpFormatter.setSyntaxPrefix("") // disable "usage: " prefix for the following outputs + +Options nifiModeOptions = ConfigEncryptionTool.getCliOptions() +helpFormatter.printHelp( +"When targeting NiFi:", +nifiModeOptions, +false) +System.out.println() + +Options nifiRegistryModeOptions = NiFiRegistryMode.getCliOptions() +nifiRegistryModeOptions.addOption(null, DECRYPT_OPT, false, "Can be used with -r to decrypt a previously encrypted NiFi Registry Properties file. Decrypted content is printed to STDOUT.") +helpFormatter.printHelp( +"When targeting NiFi Registry using the ${NIFI_REGISTRY_FLAG} flag:", +nifiRegistryModeOptions, +false) +System.out.println() + +//String footer = """ +//| +//|Encrypt a NiFi Registry properties using a password: +//|encrypt-config -p -b /path/to/nifi/conf/bootstrap.conf -r /path/to/nifi/conf/nifi.properties +//| +//|""".stripMargin() +
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313474#comment-16313474 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159931910 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/EncryptConfigMain.groovy --- @@ -0,0 +1,145 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.commons.cli.Options +import org.apache.nifi.properties.ConfigEncryptionTool +import org.bouncycastle.jce.provider.BouncyCastleProvider +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +import java.security.Security + +class EncryptConfigMain { + +private static final Logger logger = LoggerFactory.getLogger(EncryptConfigMain.class) + +static final int EXIT_STATUS_SUCCESS = 0 +static final int EXIT_STATUS_FAILURE = -1 +static final int EXIT_STATUS_OTHER = 1 + +static final String NIFI_REGISTRY_OPT = "nifiRegistry" +static final String NIFI_REGISTRY_FLAG = "--${NIFI_REGISTRY_OPT}".toString() +static final String DECRYPT_OPT = "decrypt" +static final String DECRYPT_FLAG = "--${DECRYPT_OPT}".toString() + +static final int HELP_FORMAT_WIDTH = 160 + +// Access should only be through static methods +private EncryptConfigMain() { +} + +static printUsage(String message = "") { + +if (message) { +System.out.println(message) +System.out.println() +} + +String header = "\nThis tool enables easy encryption and decryption of configuration files for NiFi and its sub-projects. " + +"Unprotected files can be input to this tool to be protected by a key in a manner that is understood by NiFi. " + +"Protected files, along with a key, can be input to this tool to be unprotected, for troubleshooting or automation purposes.\n\n" + +def options = new Options() +options.addOption("h", "help", false, "Show usage information (this message)") +options.addOption(null, NIFI_REGISTRY_OPT, false, "Specifies to target NiFi Registry. When this flag is not included, NiFi is the target.") + +HelpFormatter helpFormatter = new HelpFormatter() +helpFormatter.setWidth(160) +helpFormatter.setOptionComparator(null) + helpFormatter.printHelp("${EncryptConfigMain.class.getCanonicalName()} [-h] [options]", header, options, "\n") +System.out.println() + +helpFormatter.setSyntaxPrefix("") // disable "usage: " prefix for the following outputs + +Options nifiModeOptions = ConfigEncryptionTool.getCliOptions() +helpFormatter.printHelp( +"When targeting NiFi:", +nifiModeOptions, +false) +System.out.println() + +Options nifiRegistryModeOptions = NiFiRegistryMode.getCliOptions() +nifiRegistryModeOptions.addOption(null, DECRYPT_OPT, false, "Can be used with -r to decrypt a previously encrypted NiFi Registry Properties file. Decrypted content is printed to STDOUT.") +helpFormatter.printHelp( +"When targeting NiFi Registry using the ${NIFI_REGISTRY_FLAG} flag:", +nifiRegistryModeOptions, +false) +System.out.println() + +//String footer = """ --- End diff -- Remove dead code. > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL:
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313462#comment-16313462 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159930797 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/EncryptConfigLogger.groovy --- @@ -0,0 +1,93 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.log4j.LogManager +import org.apache.log4j.PropertyConfigurator +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +class EncryptConfigLogger { + +private static final Logger logger = LoggerFactory.getLogger(EncryptConfigLogger.class) + +/** + * Configures the logger. + * + * The nifi-toolkit module uses log4j, which will be configured to append all + * log output to the system STDERR. The log level can be specified using the verboseEnabled + * argument. A value of true will set the log level to DEBUG, a value of + * false will set the log level to INFO. + * + * @param verboseEnabled flag to indicate if verbose mode is enabled, which sets the log level to DEBUG + */ +static configureLogger(boolean verboseEnabled) { + +Properties log4jProps = null +URL log4jPropsPath = this.getClass().getResource("log4j.properties") +if (log4jPropsPath) { +try { +log4jPropsPath.withReader { reader -> +log4jProps = new Properties() +log4jProps.load(reader) +} +} catch (IOException e) { +// do nothing, we will fallback to hardcoded defaults below +} +} + +if (!log4jProps) { +log4jProps = defaultProperties() +} + +if (verboseEnabled) { +// Override the log level for this package. For this to work as intended, this class must belong +// to the same package (or a parent package) of all the encrypt-config classes +log4jProps.put("log4j.logger." + EncryptConfigLogger.class.package.name, "DEBUG") +} + +LogManager.resetConfiguration() +PropertyConfigurator.configure(log4jProps) + +if (verboseEnabled) { +logger.debug("Verbose mode is enabled (goes to stderr by default).") +} +} + +/** + * A copy of the settings in /src/main/resources/log4j.properties, in case that is not on the classpath at runtime + * @return Properties containing the default properties for Log4j + */ +static Properties defaultProperties() { +Properties defaultProperties = new Properties() + +defaultProperties.setProperty("log4j.rootLogger", "INFO,console") + +defaultProperties.setProperty("log4j.appender.console", "org.apache.log4j.ConsoleAppender") +defaultProperties.setProperty("log4j.appender.console.Target", "System.err") +defaultProperties.setProperty("log4j.appender.console.layout", "org.apache.log4j.PatternLayout") + defaultProperties.setProperty("log4j.appender.console.layout.ConversionPattern", "%d{-mm-dd HH:mm:ss} %p %c{1}: %m%n") + +return defaultProperties +} + --- End diff -- Maybe just run a "Format Code" command on this one to remove extra whitespace. > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313454#comment-16313454 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159927720 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy --- @@ -0,0 +1,322 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.properties.SensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor +import org.apache.nifi.util.console.TextDevices +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +class DecryptMode implements ToolMode { + +private static final Logger logger = LoggerFactory.getLogger(DecryptMode.class) + +enum FileType { +properties, +xml +} + +CliBuilder cli + +DecryptMode() { +cli = cliBuilder() +} + +void printUsage(String message = "") { +if (message) { +System.out.println(message) +System.out.println() +} +cli.usage() +} + +void printUsageAndExit(String message = "", int exitStatusCode) { +printUsage(message) +System.exit(exitStatusCode) +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration(options) + +run(config) + +} catch (Exception e) { +logger.error("Encountered an error: ${e.getMessage()}") +logger.debug("", e) // stack trace only when verbose enabled +printUsageAndExit(e.getMessage(), EncryptConfigMain.EXIT_STATUS_FAILURE) +} +} + +void run(DecryptConfiguration config) throws Exception { + +if (!config.fileType) { + +// Try to load the input file to auto-detect the file type +boolean isPropertiesFile = PropertiesEncryptor.supportsFile(config.inputFilePath) + +boolean isXmlFile = XmlEncryptor.supportsFile(config.inputFilePath) + +if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, isXmlFile)) { +if (isPropertiesFile) { +config.fileType = FileType.properties +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.properties}") +} +if (isXmlFile) { +config.fileType = FileType.xml +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.xml}") +} +} + +// Could we successfully auto-detect? +if (!config.fileType) { +throw new RuntimeException("Auto-detection of input file type failed. Please re-run the tool specifying the file type with the -t/--fileType flag.") +} +} +
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313452#comment-16313452 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159927195 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy --- @@ -0,0 +1,322 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.properties.SensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor +import org.apache.nifi.util.console.TextDevices +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +class DecryptMode implements ToolMode { + +private static final Logger logger = LoggerFactory.getLogger(DecryptMode.class) + +enum FileType { +properties, +xml +} + +CliBuilder cli + +DecryptMode() { +cli = cliBuilder() +} + +void printUsage(String message = "") { +if (message) { +System.out.println(message) +System.out.println() +} +cli.usage() +} + +void printUsageAndExit(String message = "", int exitStatusCode) { +printUsage(message) +System.exit(exitStatusCode) +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration(options) + +run(config) + +} catch (Exception e) { +logger.error("Encountered an error: ${e.getMessage()}") +logger.debug("", e) // stack trace only when verbose enabled +printUsageAndExit(e.getMessage(), EncryptConfigMain.EXIT_STATUS_FAILURE) +} +} + +void run(DecryptConfiguration config) throws Exception { + +if (!config.fileType) { + +// Try to load the input file to auto-detect the file type +boolean isPropertiesFile = PropertiesEncryptor.supportsFile(config.inputFilePath) + +boolean isXmlFile = XmlEncryptor.supportsFile(config.inputFilePath) + +if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, isXmlFile)) { +if (isPropertiesFile) { +config.fileType = FileType.properties +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.properties}") +} +if (isXmlFile) { +config.fileType = FileType.xml +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.xml}") +} +} + +// Could we successfully auto-detect? +if (!config.fileType) { +throw new RuntimeException("Auto-detection of input file type failed. Please re-run the tool specifying the file type with the -t/--fileType flag.") +} +} +
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313448#comment-16313448 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159926943 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy --- @@ -0,0 +1,322 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.properties.SensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor +import org.apache.nifi.util.console.TextDevices +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +class DecryptMode implements ToolMode { + +private static final Logger logger = LoggerFactory.getLogger(DecryptMode.class) + +enum FileType { +properties, +xml +} + +CliBuilder cli + +DecryptMode() { +cli = cliBuilder() +} + +void printUsage(String message = "") { +if (message) { +System.out.println(message) +System.out.println() +} +cli.usage() +} + +void printUsageAndExit(String message = "", int exitStatusCode) { +printUsage(message) +System.exit(exitStatusCode) +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration(options) + +run(config) + +} catch (Exception e) { +logger.error("Encountered an error: ${e.getMessage()}") +logger.debug("", e) // stack trace only when verbose enabled +printUsageAndExit(e.getMessage(), EncryptConfigMain.EXIT_STATUS_FAILURE) +} +} + +void run(DecryptConfiguration config) throws Exception { + +if (!config.fileType) { + +// Try to load the input file to auto-detect the file type +boolean isPropertiesFile = PropertiesEncryptor.supportsFile(config.inputFilePath) + +boolean isXmlFile = XmlEncryptor.supportsFile(config.inputFilePath) + +if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, isXmlFile)) { +if (isPropertiesFile) { +config.fileType = FileType.properties +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.properties}") +} +if (isXmlFile) { +config.fileType = FileType.xml +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.xml}") +} +} + +// Could we successfully auto-detect? +if (!config.fileType) { +throw new RuntimeException("Auto-detection of input file type failed. Please re-run the tool specifying the file type with the -t/--fileType flag.") +} +} +
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313444#comment-16313444 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159926265 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy --- @@ -0,0 +1,322 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.properties.SensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor +import org.apache.nifi.util.console.TextDevices +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +class DecryptMode implements ToolMode { + +private static final Logger logger = LoggerFactory.getLogger(DecryptMode.class) + +enum FileType { +properties, +xml +} + +CliBuilder cli + +DecryptMode() { +cli = cliBuilder() +} + +void printUsage(String message = "") { +if (message) { +System.out.println(message) +System.out.println() +} +cli.usage() +} + +void printUsageAndExit(String message = "", int exitStatusCode) { +printUsage(message) +System.exit(exitStatusCode) +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration(options) + +run(config) + +} catch (Exception e) { +logger.error("Encountered an error: ${e.getMessage()}") +logger.debug("", e) // stack trace only when verbose enabled +printUsageAndExit(e.getMessage(), EncryptConfigMain.EXIT_STATUS_FAILURE) +} +} + +void run(DecryptConfiguration config) throws Exception { + +if (!config.fileType) { + +// Try to load the input file to auto-detect the file type +boolean isPropertiesFile = PropertiesEncryptor.supportsFile(config.inputFilePath) + +boolean isXmlFile = XmlEncryptor.supportsFile(config.inputFilePath) + +if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, isXmlFile)) { +if (isPropertiesFile) { +config.fileType = FileType.properties +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.properties}") +} +if (isXmlFile) { +config.fileType = FileType.xml +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.xml}") +} +} + +// Could we successfully auto-detect? +if (!config.fileType) { +throw new RuntimeException("Auto-detection of input file type failed. Please re-run the tool specifying the file type with the -t/--fileType flag.") +} +} +
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313440#comment-16313440 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159925148 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy --- @@ -0,0 +1,322 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.properties.SensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor +import org.apache.nifi.util.console.TextDevices +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +class DecryptMode implements ToolMode { + +private static final Logger logger = LoggerFactory.getLogger(DecryptMode.class) + +enum FileType { +properties, +xml +} + +CliBuilder cli + +DecryptMode() { +cli = cliBuilder() +} + +void printUsage(String message = "") { +if (message) { +System.out.println(message) +System.out.println() +} +cli.usage() +} + +void printUsageAndExit(String message = "", int exitStatusCode) { +printUsage(message) +System.exit(exitStatusCode) +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration(options) + +run(config) + +} catch (Exception e) { +logger.error("Encountered an error: ${e.getMessage()}") +logger.debug("", e) // stack trace only when verbose enabled +printUsageAndExit(e.getMessage(), EncryptConfigMain.EXIT_STATUS_FAILURE) +} +} + +void run(DecryptConfiguration config) throws Exception { + +if (!config.fileType) { + +// Try to load the input file to auto-detect the file type +boolean isPropertiesFile = PropertiesEncryptor.supportsFile(config.inputFilePath) + +boolean isXmlFile = XmlEncryptor.supportsFile(config.inputFilePath) + +if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, isXmlFile)) { +if (isPropertiesFile) { +config.fileType = FileType.properties +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.properties}") +} +if (isXmlFile) { +config.fileType = FileType.xml +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.xml}") +} +} + +// Could we successfully auto-detect? +if (!config.fileType) { +throw new RuntimeException("Auto-detection of input file type failed. Please re-run the tool specifying the file type with the -t/--fileType flag.") +} +} +
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313429#comment-16313429 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159924367 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy --- @@ -0,0 +1,322 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.properties.SensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor +import org.apache.nifi.util.console.TextDevices +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +class DecryptMode implements ToolMode { + +private static final Logger logger = LoggerFactory.getLogger(DecryptMode.class) + +enum FileType { +properties, +xml +} + +CliBuilder cli + +DecryptMode() { +cli = cliBuilder() +} + +void printUsage(String message = "") { +if (message) { +System.out.println(message) +System.out.println() +} +cli.usage() +} + +void printUsageAndExit(String message = "", int exitStatusCode) { +printUsage(message) +System.exit(exitStatusCode) +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration(options) + +run(config) + +} catch (Exception e) { +logger.error("Encountered an error: ${e.getMessage()}") +logger.debug("", e) // stack trace only when verbose enabled +printUsageAndExit(e.getMessage(), EncryptConfigMain.EXIT_STATUS_FAILURE) +} +} + +void run(DecryptConfiguration config) throws Exception { + +if (!config.fileType) { + +// Try to load the input file to auto-detect the file type +boolean isPropertiesFile = PropertiesEncryptor.supportsFile(config.inputFilePath) + +boolean isXmlFile = XmlEncryptor.supportsFile(config.inputFilePath) + +if (ToolUtilities.isExactlyOneTrue(isPropertiesFile, isXmlFile)) { +if (isPropertiesFile) { +config.fileType = FileType.properties +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.properties}") +} +if (isXmlFile) { +config.fileType = FileType.xml +logger.debug("Auto-detection of input file type determined the type to be: ${FileType.xml}") +} +} + +// Could we successfully auto-detect? +if (!config.fileType) { +throw new RuntimeException("Auto-detection of input file type failed. Please re-run the tool specifying the file type with the -t/--fileType flag.") +} +} +
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16313412#comment-16313412 ] ASF GitHub Bot commented on NIFI-4708: -- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/2376#discussion_r159920353 --- Diff: nifi-toolkit/nifi-toolkit-encrypt-config/src/main/groovy/org/apache/nifi/toolkit/encryptconfig/DecryptMode.groovy --- @@ -0,0 +1,322 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.toolkit.encryptconfig + +import org.apache.commons.cli.HelpFormatter +import org.apache.nifi.properties.AESSensitivePropertyProvider +import org.apache.nifi.properties.SensitivePropertyProvider +import org.apache.nifi.toolkit.encryptconfig.util.BootstrapUtil +import org.apache.nifi.toolkit.encryptconfig.util.PropertiesEncryptor +import org.apache.nifi.toolkit.encryptconfig.util.ToolUtilities +import org.apache.nifi.toolkit.encryptconfig.util.XmlEncryptor +import org.apache.nifi.util.console.TextDevices +import org.slf4j.Logger +import org.slf4j.LoggerFactory + +class DecryptMode implements ToolMode { + +private static final Logger logger = LoggerFactory.getLogger(DecryptMode.class) + +enum FileType { +properties, +xml +} + +CliBuilder cli + +DecryptMode() { +cli = cliBuilder() +} + +void printUsage(String message = "") { +if (message) { +System.out.println(message) +System.out.println() +} +cli.usage() +} + +void printUsageAndExit(String message = "", int exitStatusCode) { +printUsage(message) +System.exit(exitStatusCode) +} + +@Override +void run(String[] args) { +logger.warn("The decryption capability of this tool is still considered experimental. The results should be manually verified.") +try { + +def options = cli.parse(args) + +if (!options || options.h) { +printUsageAndExit("", EncryptConfigMain.EXIT_STATUS_OTHER) +} + +EncryptConfigLogger.configureLogger(options.v) + +DecryptConfiguration config = new DecryptConfiguration(options) + +run(config) + +} catch (Exception e) { +logger.error("Encountered an error: ${e.getMessage()}") +logger.debug("", e) // stack trace only when verbose enabled --- End diff -- I understand why this was done but I think the better logic is: ``` if (isVerboseEnabled()) { logger.error("", e) } ``` Some people/tools are set up to extract messages based on levels, and this is semantically an error. > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16312873#comment-16312873 ] ASF GitHub Bot commented on NIFI-4708: -- Github user kevdoran commented on the issue: https://github.com/apache/nifi/pull/2376 FYI @alopresto and @bbende - This is ready to be reviewed for merge to master. There are still a few test cases I would like to add, time permitting, for xml files, but that could be addressed in a follow up PR, along with additional refinement and a refactoring that @alopresto and I have discussed. > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (NIFI-4708) Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit
[ https://issues.apache.org/jira/browse/NIFI-4708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16312870#comment-16312870 ] ASF GitHub Bot commented on NIFI-4708: -- GitHub user kevdoran opened a pull request: https://github.com/apache/nifi/pull/2376 NIFI-4708 Add Registry support to encrypt-config Adds support for NiFI Registry config files to the encrypt-config tool in NiFi Toolkit. Also adds decryption capability to encrypt-config tool. Thank you for submitting a contribution to Apache NiFi. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [ ] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [ ] Does your PR title start with NIFI- where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [ ] Has your PR been rebased against the latest commit within the target branch (typically master)? - [ ] Is your initial contribution a single, squashed commit? ### For code changes: - [ ] Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder? - [ ] Have you written or updated unit tests to verify your changes? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly? - [ ] If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly? - [ ] If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties? ### For documentation related changes: - [ ] Have you ensured that format looks appropriate for the output in which it is rendered? ### Note: Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible. You can merge this pull request into a Git repository by running: $ git pull https://github.com/kevdoran/nifi NIFI-4708 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/2376.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #2376 commit 7b46d1ad55eea4067e155f1ab819049949ad900b Author: Kevin DoranDate: 2017-12-30T13:54:18Z NIFI-4708 Add Registry support to encrypt-config Adds support for NiFI Registry config files to the encrypt-config tool in NiFi Toolkit. Also adds decryption capability to encrypt-config tool. commit 0bbd968d0a64a58e2e33b368ed97b499b3c5d754 Author: Andy LoPresto Date: 2018-01-03T23:34:38Z NIFI-4708 [WIP] Added skeleton of new CLI parsing logic to remove "modes" (aka subcommands) and determine which mode logic to delegate to. commit c75abdbc7af8ca449b6bd8a144fc52a1638f51e3 Author: Kevin Doran Date: 2018-01-04T23:23:53Z NIFI-4708 Remaps updated CLI logic to impl Remaps the updated CLI parsing logic (which removes modes/subcommands) to the implementation, adding necessary bridging class for DecryptMode. commit ab44bbd7f9495ae1923d608bb0dce3254ecba2fe Author: Kevin Doran Date: 2018-01-05T05:11:18Z NIFI-4708 Add test cases for encrypt-config > Add support for NiFi Registry to the encrypt-config tool in NiFi Toolkit > > > Key: NIFI-4708 > URL: https://issues.apache.org/jira/browse/NIFI-4708 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Kevin Doran >Assignee: Kevin Doran > Fix For: 1.5.0 > > > NiFi Registry now supports loading encrypted config files (e.g., > nifi-registry.properties, authorizers.xml, login-identity-providers.xml). > These files are very difficult to encrypt by hand, and is not recommended. > Because NiFi Registry utilizes the same encryption algorithms supported by > NiFi, the easiest way to build a tool for encrypting NiFi Registry config > properties is to extend the the encrypt-config tool in NiFi Toolkit to > support NiFi Registry as well. -- This message was sent by Atlassian JIRA (v6.4.14#64029)