NIFI-5737:

- Removing needClientAuth property since cluster comms now requires two way ssl. Jetty client auth settings are based on configured features.
- Removing dead code.
- Updating documentation.
- Removing references to needClientAuth property in all test resources.
- Removing overloaded util method with strict parameter.

This closes #3102.
This commit is contained in:
Matt Gilman 2018-10-22 14:58:43 -04:00 committed by Jeff Storck
parent c6106d1d88
commit 02261311b3
63 changed files with 31 additions and 122 deletions

View File

@ -139,7 +139,6 @@ public abstract class NiFiProperties {
public static final String SECURITY_TRUSTSTORE = "nifi.security.truststore";
public static final String SECURITY_TRUSTSTORE_TYPE = "nifi.security.truststoreType";
public static final String SECURITY_TRUSTSTORE_PASSWD = "nifi.security.truststorePasswd";
public static final String SECURITY_NEED_CLIENT_AUTH = "nifi.security.needClientAuth";
public static final String SECURITY_USER_AUTHORIZER = "nifi.security.user.authorizer";
public static final String SECURITY_USER_LOGIN_IDENTITY_PROVIDER = "nifi.security.user.login.identity.provider";
public static final String SECURITY_OCSP_RESPONDER_URL = "nifi.security.ocsp.responder.url";
@ -573,20 +572,6 @@ public abstract class NiFiProperties {
}
}
/**
* Will default to true unless the value is explicitly set to false.
*
* @return Whether client auth is required
*/
public boolean getNeedClientAuth() {
boolean needClientAuth = true;
String rawNeedClientAuth = getProperty(SECURITY_NEED_CLIENT_AUTH);
if ("false".equalsIgnoreCase(rawNeedClientAuth)) {
needClientAuth = false;
}
return needClientAuth;
}
// getters for web properties //
public Integer getPort() {
Integer port = null;

View File

@ -81,7 +81,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -79,7 +79,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -81,7 +81,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -53,7 +53,6 @@ case ${AUTH} in
echo 'Enabling LDAP user authentication'
# Reference ldap-provider in properties
prop_replace 'nifi.security.user.login.identity.provider' 'ldap-provider'
prop_replace 'nifi.security.needClientAuth' 'WANT'
. "${scripts_dir}/secure.sh"
. "${scripts_dir}/update_login_providers.sh"

View File

@ -53,7 +53,6 @@ case ${AUTH} in
echo 'Enabling LDAP user authentication'
# Reference ldap-provider in properties
prop_replace 'nifi.security.user.login.identity.provider' 'ldap-provider'
prop_replace 'nifi.security.needClientAuth' 'WANT'
. "${scripts_dir}/secure.sh"
. "${scripts_dir}/update_login_providers.sh"

View File

@ -168,7 +168,6 @@ NiFi provides several different configuration options for security purposes. The
|`nifi.security.truststore` | Filename of the Truststore that will be used to authorize those connecting to NiFi. A secured instance with no Truststore will refuse all incoming connections.
|`nifi.security.truststoreType` | The type of the Truststore. Must be either `PKCS12` or `JKS`. JKS is the preferred type, PKCS12 files will be loaded with BouncyCastle provider.
|`nifi.security.truststorePasswd` | The password for the Truststore.
|`nifi.security.needClientAuth` | Set to `true` to specify that connecting clients must authenticate themselves. This property is used by the NiFi cluster protocol to indicate that nodes in the cluster will be authenticated and must have certificates that are trusted by the Truststores. If not set, the default value is `true`.
|==================================================================================================================================================
Once the above properties have been configured, we can enable the User Interface to be accessed over HTTPS instead of HTTP. This is accomplished
@ -179,14 +178,14 @@ properties can be specified.
NOTE: It is important when enabling HTTPS that the `nifi.web.http.port` property be unset. NiFi only supports running on HTTP *or* HTTPS, not both simultaneously.
Similar to `nifi.security.needClientAuth`, the web server can be configured to require certificate based client authentication for users accessing
the User Interface. In order to do this it must be configured to not support username/password authentication using <<ldap_login_identity_provider>> or <<kerberos_login_identity_provider>>. Either of these options
will configure the web server to WANT certificate based client authentication. This will allow it to support users with certificates and those without
that may be logging in with their credentials or those accessing anonymously. If username/password authentication and anonymous access are not configured,
the web server will REQUIRE certificate based client authentication. See <<user_authentication>> for more details.
NiFi's web server will REQUIRE certificate based client authentication for users accessing the User Interface when not configured with an alternative
authentication mechanism which would require one way SSL (for instance LDAP, OpenId Connect, etc). Enabling an alternative authentication mechanism will
configure the web server to WANT certificate base client authentication. This will allow it to support users with certificates and those without that
may be logging in with credentials. See <<user_authentication>> for more details.
Now that the User Interface has been secured, we can easily secure Site-to-Site connections and inner-cluster communications, as well. This is
accomplished by setting the `nifi.remote.input.secure` and `nifi.cluster.protocol.is.secure` properties, respectively, to `true`.
accomplished by setting the `nifi.remote.input.secure` and `nifi.cluster.protocol.is.secure` properties, respectively, to `true`. These communications
will always REQUIRE two way SSL as the nodes will use their configured keystore/truststore for authentication.
[[tls_generation_toolkit]]
=== TLS Generation Toolkit
@ -3929,7 +3928,6 @@ These properties pertain to various security features in NiFi. Many of these pro
|`nifi.security.truststore`*|The full path and name of the truststore. It is blank by default.
|`nifi.security.truststoreType`|The truststore type. It is blank by default.
|`nifi.security.truststorePasswd`|The truststore password. It is blank by default.
|`nifi.security.needClientAuth`|This indicates whether client authentication in the cluster protocol. It is blank by default.
|`nifi.security.user.authorizer`|Specifies which of the configured Authorizers in the _authorizers.xml_ file to use. By default, it is set to `file-provider`.
|`nifi.security.user.login.identity.provider`|This indicates what type of login identity provider to use. The default value is blank, can be set to the identifier from a provider
in the file specified in `nifi.login.identity.provider.configuration.file`. Setting this property will trigger NiFi to support username/password authentication.

View File

@ -82,7 +82,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -36,7 +36,7 @@ public class ServerSocketConfigurationFactoryBean implements FactoryBean<ServerS
public ServerSocketConfiguration getObject() throws Exception {
if (configuration == null) {
configuration = new ServerSocketConfiguration();
configuration.setNeedClientAuth(properties.getNeedClientAuth());
configuration.setNeedClientAuth(true);
final int timeout = (int) FormatUtils.getTimeDuration(properties.getClusterNodeReadTimeout(), TimeUnit.MILLISECONDS);
configuration.setSocketTimeout(timeout);

View File

@ -95,7 +95,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.authorizedUsers.file=./target/conf/authorized-users.xml
nifi.security.user.credential.cache.duration=24 hours
nifi.security.user.authority.provider=nifi.authorization.FileAuthorizationProvider

View File

@ -513,7 +513,7 @@ public class FlowController implements EventAccess, ControllerServiceProvider, R
this.encryptor = encryptor;
this.nifiProperties = nifiProperties;
this.heartbeatMonitor = heartbeatMonitor;
sslContext = SslContextFactory.createSslContext(nifiProperties, false);
sslContext = SslContextFactory.createSslContext(nifiProperties);
extensionManager = new ExtensionManager();
this.clusterCoordinator = clusterCoordinator;

View File

@ -194,7 +194,7 @@ public class StandardStateManagerProvider implements StateManagerProvider{
propertyMap.put(descriptor, new StandardPropertyValue(entry.getValue(),null, variableRegistry));
}
final SSLContext sslContext = SslContextFactory.createSslContext(properties, false);
final SSLContext sslContext = SslContextFactory.createSslContext(properties);
final ComponentLog logger = new SimpleProcessLogger(providerId, provider);
final StateProviderInitializationContext initContext = new StandardStateProviderInitializationContext(providerId, propertyMap, sslContext, logger);

View File

@ -17,17 +17,16 @@
package org.apache.nifi.registry.flow;
import org.apache.nifi.framework.security.util.SslContextFactory;
import org.apache.nifi.util.NiFiProperties;
import javax.net.ssl.SSLContext;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.net.ssl.SSLContext;
import org.apache.nifi.framework.security.util.SslContextFactory;
import org.apache.nifi.util.NiFiProperties;
public class StandardFlowRegistryClient implements FlowRegistryClient {
private NiFiProperties nifiProperties;
private ConcurrentMap<String, FlowRegistry> registryById = new ConcurrentHashMap<>();
@ -76,7 +75,7 @@ public class StandardFlowRegistryClient implements FlowRegistryClient {
final FlowRegistry registry;
if (uriScheme.equalsIgnoreCase("http") || uriScheme.equalsIgnoreCase("https")) {
final SSLContext sslContext = SslContextFactory.createSslContext(nifiProperties, false);
final SSLContext sslContext = SslContextFactory.createSslContext(nifiProperties);
if (sslContext == null && uriScheme.equalsIgnoreCase("https")) {
throw new IllegalStateException("Failed to create Flow Registry for URI " + registryUrl
+ " because this NiFi is not configured with a Keystore/Truststore, so it is not capable of communicating with a secure Registry. "

View File

@ -80,7 +80,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -85,7 +85,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -85,7 +85,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -80,7 +80,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -85,7 +85,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -85,7 +85,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -85,7 +85,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -83,7 +83,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -143,7 +143,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=file-provider
nifi.security.user.login.identity.provider=
nifi.security.ocsp.responder.url=

View File

@ -143,7 +143,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=file-provider
nifi.security.user.login.identity.provider=
nifi.security.ocsp.responder.url=

View File

@ -86,7 +86,6 @@ nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=/X/RSlNr2QCJ1Kwe||dENJevX5P61ix+97airrtoBQoyasMFS6DG6fHbX+SZtw2VAMllSSnDeT97Q=
nifi.security.truststorePasswd.protected=aes/gcm/256
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -81,7 +81,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -79,7 +79,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -81,7 +81,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -82,7 +82,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -86,7 +86,6 @@ nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=/X/RSlNr2QCJ1Kwe||dENJevX5P61ix+97airrtoBQoyasMFS6DG6fHbX+SZtw2VAMllSSnDeT97Q=
nifi.security.truststorePasswd.protected=aes/gcm/256
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -82,7 +82,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -85,7 +85,6 @@ nifi.security.keyPasswd.protected=aes/gcm/256
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -85,7 +85,6 @@ nifi.security.keyPasswd.protected=aes/gcm/128
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -85,7 +85,6 @@ nifi.security.keyPasswd.protected=aes/gcm/128
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -85,7 +85,6 @@ nifi.security.keyPasswd.protected=aes/gcm/256
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -85,7 +85,6 @@ nifi.security.keyPasswd.protected=aes/gcm/256
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -85,7 +85,6 @@ nifi.security.keyPasswd.protected=unknown
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -82,7 +82,6 @@ nifi.security.keyPasswd=thisIsABadKeyPassword
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -83,7 +83,6 @@ nifi.security.keyPasswd=thisIsABadKeyPassword
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -144,7 +144,6 @@
<nifi.security.truststore />
<nifi.security.truststoreType />
<nifi.security.truststorePasswd />
<nifi.security.needClientAuth />
<nifi.security.user.authorizer>managed-authorizer</nifi.security.user.authorizer>
<nifi.security.user.login.identity.provider />
<nifi.security.x509.principal.extractor />

View File

@ -158,7 +158,6 @@ nifi.security.keyPasswd=${nifi.security.keyPasswd}
nifi.security.truststore=${nifi.security.truststore}
nifi.security.truststoreType=${nifi.security.truststoreType}
nifi.security.truststorePasswd=${nifi.security.truststorePasswd}
nifi.security.needClientAuth=${nifi.security.needClientAuth}
nifi.security.user.authorizer=${nifi.security.user.authorizer}
nifi.security.user.login.identity.provider=${nifi.security.user.login.identity.provider}
nifi.security.ocsp.responder.url=${nifi.security.ocsp.responder.url}

View File

@ -141,7 +141,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=file-provider
nifi.security.user.login.identity.provider=
nifi.security.ocsp.responder.url=

View File

@ -142,7 +142,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=file-provider
nifi.security.user.login.identity.provider=
nifi.security.ocsp.responder.url=

View File

@ -142,7 +142,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=file-provider
nifi.security.user.login.identity.provider=
nifi.security.ocsp.responder.url=

View File

@ -145,7 +145,6 @@ nifi.security.keyPasswd.protected=aes/gcm/256
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=file-provider
nifi.security.user.login.identity.provider=
nifi.security.ocsp.responder.url=

View File

@ -145,7 +145,6 @@ nifi.security.keyPasswd.protected=aes/gcm/128
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=file-provider
nifi.security.user.login.identity.provider=
nifi.security.ocsp.responder.url=

View File

@ -16,6 +16,13 @@
*/
package org.apache.nifi.framework.security.util;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.security.util.KeyStoreUtils;
import org.apache.nifi.util.NiFiProperties;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
@ -25,13 +32,6 @@ import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.nifi.security.util.KeyStoreUtils;
import org.apache.nifi.util.NiFiProperties;
import org.apache.commons.lang3.StringUtils;
/**
* A factory for creating SSL contexts using the application's security
@ -40,30 +40,13 @@ import org.apache.commons.lang3.StringUtils;
*/
public final class SslContextFactory {
public static enum ClientAuth {
WANT,
REQUIRED,
NONE
}
public static SSLContext createSslContext(final NiFiProperties props)
throws SslContextCreationException {
return createSslContext(props, false);
}
public static SSLContext createSslContext(final NiFiProperties props, final boolean strict)
throws SslContextCreationException {
final boolean hasKeystoreProperties = hasKeystoreProperties(props);
if (hasKeystoreProperties == false) {
if (strict) {
throw new SslContextCreationException("SSL context cannot be created because keystore properties have not been configured.");
} else {
if (hasKeystoreProperties(props) == false) {
return null;
}
} else if (props.getNeedClientAuth() && hasTruststoreProperties(props) == false) {
throw new SslContextCreationException("Need client auth is set to 'true', but no truststore properties are configured.");
} else if (hasTruststoreProperties(props) == false) {
throw new SslContextCreationException("SSL context cannot be created because truststore properties have not been configured.");
}
try {
@ -98,7 +81,7 @@ public final class SslContextFactory {
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory.getTrustManagers(), null);
sslContext.getDefaultSSLParameters().setNeedClientAuth(props.getNeedClientAuth());
sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
return sslContext;

View File

@ -17,11 +17,13 @@
package org.apache.nifi.framework.security.util;
import org.apache.nifi.security.util.KeystoreType;
import java.io.File;
import org.apache.nifi.util.NiFiProperties;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import java.io.File;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@ -42,7 +44,6 @@ public class SslContextFactoryTest {
when(authProps.getProperty(NiFiProperties.SECURITY_KEYSTORE)).thenReturn(ksFile.getAbsolutePath());
when(authProps.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE)).thenReturn(KeystoreType.JKS.toString());
when(authProps.getProperty(NiFiProperties.SECURITY_KEYSTORE_PASSWD)).thenReturn("passwordpassword");
when(authProps.getNeedClientAuth()).thenReturn(false);
mutualAuthProps = mock(NiFiProperties.class);
when(mutualAuthProps.getProperty(NiFiProperties.SECURITY_KEYSTORE)).thenReturn(ksFile.getAbsolutePath());
@ -51,7 +52,6 @@ public class SslContextFactoryTest {
when(mutualAuthProps.getProperty(NiFiProperties.SECURITY_TRUSTSTORE)).thenReturn(trustFile.getAbsolutePath());
when(mutualAuthProps.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE)).thenReturn(KeystoreType.JKS.toString());
when(mutualAuthProps.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD)).thenReturn("passwordpassword");
when(mutualAuthProps.getNeedClientAuth()).thenReturn(true);
}
@ -60,9 +60,9 @@ public class SslContextFactoryTest {
Assert.assertNotNull(SslContextFactory.createSslContext(mutualAuthProps));
}
@Test
@Test(expected = SslContextCreationException.class)
public void testCreateSslContextWithNoMutualAuth() {
Assert.assertNotNull(SslContextFactory.createSslContext(authProps));
SslContextFactory.createSslContext(authProps);
}
}

View File

@ -61,7 +61,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=src/test/resources/dummy-certs/localhost-ts.jks
nifi.security.truststoreType=JKS
nifi.security.truststorePasswd=localtest
nifi.security.needClientAuth=true
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -96,7 +96,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=target/test-classes/access-control/truststore.jks
nifi.security.truststoreType=JKS
nifi.security.truststorePasswd=passwordpassword
nifi.security.needClientAuth=true
nifi.security.user.login.identity.provider=test-provider
nifi.security.user.authorizer=flow-test-provider

View File

@ -96,7 +96,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=target/test-classes/access-control/truststore.jks
nifi.security.truststoreType=JKS
nifi.security.truststorePasswd=passwordpassword
nifi.security.needClientAuth=true
nifi.security.user.login.identity.provider=test-provider
nifi.security.user.authorizer=test-provider

View File

@ -137,7 +137,6 @@ nifi.security.keyPasswd=${nifi.security.keyPasswd}
nifi.security.truststore=${nifi.security.truststore}
nifi.security.truststoreType=${nifi.security.truststoreType}
nifi.security.truststorePasswd=${nifi.security.truststorePasswd}
nifi.security.needClientAuth=${nifi.security.needClientAuth}
nifi.security.user.authorizer=${nifi.security.user.authorizer}
nifi.security.user.login.identity.provider=${nifi.security.user.login.identity.provider}
nifi.security.ocsp.responder.url=${nifi.security.ocsp.responder.url}

View File

@ -62,7 +62,6 @@ nifi.security.keyPasswd=badKeyPass
nifi.security.truststore=target/tmp/keys/localhost/truststore.jks
nifi.security.truststoreType=JKS
nifi.security.truststorePasswd=badTrustPass
nifi.security.needClientAuth=true
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -143,7 +143,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=file-provider
nifi.security.user.login.identity.provider=
nifi.security.ocsp.responder.url=

View File

@ -62,7 +62,6 @@ nifi.security.keyPasswd=badKeyPass
nifi.security.truststore=target/tmp/keys/localhost/truststore.jks
nifi.security.truststoreType=JKS
nifi.security.truststorePasswd=badTrustPass
nifi.security.needClientAuth=true
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -82,7 +82,6 @@ nifi.security.keyPasswd=
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -85,7 +85,6 @@ nifi.security.keyPasswd.protected=aes/gcm/256
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -85,7 +85,6 @@ nifi.security.keyPasswd.protected=aes/gcm/128
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -85,7 +85,6 @@ nifi.security.keyPasswd.protected=aes/gcm/256
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -86,7 +86,6 @@ nifi.security.keyPasswd.protected=aes/gcm/128
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -82,7 +82,6 @@ nifi.security.keyPasswd=thisIsABadKeyPassword
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -84,7 +84,6 @@ nifi.security.keyPasswd=thisIsABadKeyPassword
nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #

View File

@ -72,7 +72,6 @@ public class SiteToSiteCliMain {
public static final String PROXY_PASSWORD_OPTION = "proxyPassword";
public static final String PROXY_PORT_OPTION_DEFAULT = "80";
public static final String KEYSTORE_TYPE_OPTION_DEFAULT = KeystoreType.JKS.toString();
public static final String NEED_CLIENT_AUTH_OPTION = "needClientAuth";
/**
* Prints the usage to System.out
@ -141,7 +140,6 @@ public class SiteToSiteCliMain {
options.addOption(null, TRUST_STORE_OPTION, true, "Truststore");
options.addOption(null, TRUST_STORE_TYPE_OPTION, true, "Truststore type (default: " + KEYSTORE_TYPE_OPTION_DEFAULT + ")");
options.addOption(null, TRUST_STORE_PASSWORD_OPTION, true, "Truststore password");
options.addOption(null, NEED_CLIENT_AUTH_OPTION, false, "Need client auth");
options.addOption("c", COMPRESSION_OPTION, false, "Use compression");
options.addOption(null, PEER_PERSISTENCE_FILE_OPTION, true, "File to write peer information to so it can be recovered on restart");
options.addOption("p", TRANSPORT_PROTOCOL_OPTION, true, "Site to site transport protocol (default: " + TRANSPORT_PROTOCOL_OPTION_DEFAULT + ")");

View File

@ -140,7 +140,6 @@ nifi.security.keyPasswd=qgs57rmnot6p8gm97pfjutnu5g
nifi.security.truststore=./conf/truststore.jks
nifi.security.truststoreType=jks
nifi.security.truststorePasswd=t7rmn1fg8np2ck1sduqdd85opv
nifi.security.needClientAuth=
nifi.security.user.authorizer=file-provider
nifi.security.user.login.identity.provider=
nifi.security.ocsp.responder.url=