我有一个用于NIFI的ExecuteScript处理器,它运行以下脚本:
import requests
导入json 导入日志记录
postMap = { '一个':' https://a/v/1&#39 ;, ' B':' https://b/v/2' }
flowFile = session.get() if(flowFile!= None):
title = flowFile.getAttribute('title')
tag = flowFile.getAttribute('tag')
link = flowFile.getAttribute('link')
descp = flowFile.getAttribute('descp')
url = _postMap.get(tag)
headers = { 'content-type': "application/json", 'cache-control': "no-cache" }
payload = { "text": "You have a new Notification",
"attachments": [
{
"title": title,
"title_link": link,
"text": descp,
"color": "#764FA5"
}
]
}
logging.error(json.dumps(payload))
response = requests.post(url, headers=headers, verify=False, data=json.dumps(payload))
flowFile = session.putAttribute(flowFile, "status","posted")
session.transfer(flowFile, REL_SUCCESS)
session.commit()
现在即使验证= False我也会收到此错误:
ExecuteScript[id=9af4a34e-0158-1000-7cf5-2beca58c972e] ExecuteScript[id=9af4a34e-0158-1000-7cf5-2beca58c972e] failed to process due to org.apache.nifi.processor.exception.ProcessException: javax.script.ScriptException: requests.exceptions.SSLError: [Errno 1] General SSLEngine problem (javax.net.ssl.SSLHandshakeException: General SSLEngine problem) in <script> at line number 61; rolling back session: org.apache.nifi.processor.exception.ProcessException: javax.script.ScriptException: requests.exceptions.SSLError: [Errno 1] General SSLEngine problem (javax.net.ssl.SSLHandshakeException: General SSLEngine problem) in <script> at line number 61
可能导致这种情况的原因是什么?
答案 0 :(得分:1)
似乎确定了根本原因:NiFi的python脚本引擎实际上是Jython而不是通常假设的cpython。现在我们来看看Jython是如何产生问题的?因此,基本上Jython是在JVM中运行的Python,而JVM绝不允许绕过SSL证书验证而不显式编写自定义信任管理器,该信任管理器对所有证书都返回true。
我在Google上发现了一些实施自定义TrustManager的帖子。 供参考:
import java.net.Socket;
import java.security.KeyStore;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactorySpi;
import javax.net.ssl.X509ExtendedTrustManager;
public class MyProvider extends Provider {
public MyProvider() {
super("MyProvider", 1.0, "Trust certificates");
put("TrustManagerFactory.TrustAllCertificates", MyTrustManagerFactory.class.getName());
}
public static class MyTrustManagerFactory extends TrustManagerFactorySpi {
public MyTrustManagerFactory() {}
protected void engineInit( KeyStore keystore ) {}
protected void engineInit(ManagerFactoryParameters mgrparams ) {}
protected TrustManager[] engineGetTrustManagers() {
return new TrustManager[] {
new X509ExtendedTrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {}
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {}
}
};
}
}
}
但是,当包含在Nifi JVM中时,MyProvider对象不提供指定的效果,对其进行处理,将很快解决并返回。