diff --git a/nifi-commons/nifi-web-utils/pom.xml b/nifi-commons/nifi-web-utils/pom.xml
index 006139f229..c2f9623bb7 100644
--- a/nifi-commons/nifi-web-utils/pom.xml
+++ b/nifi-commons/nifi-web-utils/pom.xml
@@ -22,16 +22,6 @@
nifi-web-utils
-
- org.apache.nifi
- nifi-security-utils
- 1.14.0-SNAPSHOT
-
-
- commons-codec
- commons-codec
- 1.14
-
org.apache.commons
commons-lang3
@@ -97,10 +87,5 @@
org.slf4j
jcl-over-slf4j
-
- com.squareup.okhttp3
- okhttp
- ${okhttp.version}
-
diff --git a/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/security/util/OkHttpClientUtils.java b/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/security/util/OkHttpClientUtils.java
deleted file mode 100644
index 6aeb1511f6..0000000000
--- a/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/security/util/OkHttpClientUtils.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.security.util;
-
-import java.security.UnrecoverableKeyException;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-import okhttp3.OkHttpClient;
-import org.apache.nifi.processor.exception.ProcessException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * This class contains utility methods for working with the {@link OkHttpClient} that many components use for external HTTP communication.
- */
-public class OkHttpClientUtils {
- private static final Logger logger = LoggerFactory.getLogger(OkHttpClientUtils.class);
-
- /**
- * If the {@link TlsConfiguration} contains valid properties to configure an
- * {@link SSLSocketFactory}, parses the necessary values and applies the config to the client
- * builder. If the properties are not populated, no action is taken.
- *
- * @param tlsConfiguration the TLS configuration container object
- * @param okHttpClient the OkHttp client builder
- * @return true if the TLS configuration was applied to the builder
- */
- public static boolean applyTlsToOkHttpClientBuilder(TlsConfiguration tlsConfiguration, OkHttpClient.Builder okHttpClient) {
- try {
- final X509TrustManager trustManager = SslContextFactory.getX509TrustManager(tlsConfiguration);
- if (trustManager == null) {
- return false;
- }
-
- final SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, new TrustManager[]{trustManager});
- if (sslContext == null) {
- return false;
- }
-
- final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
- okHttpClient.sslSocketFactory(sslSocketFactory, trustManager);
- return true;
- } catch (TlsException e) {
- if (e.getCause() instanceof UnrecoverableKeyException) {
- logger.error("Key password may be incorrect or not set. Check your keystore passwords." + e.getMessage());
- } else {
- logger.error("Encountered an error configuring TLS: {}", e.getLocalizedMessage());
- throw new ProcessException("Error configuring TLS", e);
- }
- }
- return false;
- }
-}
diff --git a/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/web/filter/SanitizeContextPathFilter.java b/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/web/filter/SanitizeContextPathFilter.java
index 075f72d50f..02d8bc3b60 100644
--- a/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/web/filter/SanitizeContextPathFilter.java
+++ b/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/web/filter/SanitizeContextPathFilter.java
@@ -23,7 +23,8 @@ import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
-import org.apache.nifi.util.StringUtils;
+
+import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
diff --git a/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/web/util/ClientUtils.java b/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/web/util/ClientUtils.java
deleted file mode 100644
index 04eb346e43..0000000000
--- a/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/web/util/ClientUtils.java
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.util;
-
-import javax.ws.rs.client.Client;
-import javax.ws.rs.client.Entity;
-import javax.ws.rs.client.Invocation;
-import javax.ws.rs.client.WebTarget;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedHashMap;
-import javax.ws.rs.core.Response;
-import java.net.URI;
-import java.util.Map;
-
-/**
- *
- */
-public class ClientUtils {
-
- private final Client client;
-
- public ClientUtils(Client client) {
- this.client = client;
- }
-
- /**
- * Gets the content at the specified URI.
- *
- * @param uri the URI to get the content of
- * @return the client response resulting from getting the content of the URI
- */
- public Response get(final URI uri) {
- return get(uri, null);
- }
-
- /**
- * Gets the content at the specified URI using the given query parameters.
- *
- * @param uri the URI to get the content of
- * @param queryParams the query parameters to use in the request
- * @return the client response resulting from getting the content of the URI
- */
- public Response get(final URI uri, final Map queryParams) {
- // perform the request
- WebTarget webTarget = client.target(uri);
- if (queryParams != null) {
- for (final Map.Entry queryEntry : queryParams.entrySet()) {
- webTarget = webTarget.queryParam(queryEntry.getKey(), queryEntry.getValue());
- }
- }
-
- return webTarget.request().accept(MediaType.APPLICATION_JSON).get();
- }
-
- /**
- * Performs a POST using the specified url and entity body.
- *
- * @param uri the URI to post to
- * @param entity the item to post
- * @return the client response of the request
- */
- public Response post(URI uri, Object entity) {
- // get the resource
- Invocation.Builder builder = client.target(uri).request().accept(MediaType.APPLICATION_JSON);
-
- // perform the request
- return builder.post(Entity.json(entity));
- }
-
- /**
- * Performs a POST using the specified url and form data.
- *
- * @param uri the uri to post to
- * @param formData the data to post
- * @return the client response of the post
- */
- public Response post(URI uri, Map formData) {
- // convert the form data
- final MultivaluedHashMap entity = new MultivaluedHashMap();
- for (String key : formData.keySet()) {
- entity.add(key, formData.get(key));
- }
-
- // get the resource
- Invocation.Builder builder = client.target(uri).request().accept(MediaType.APPLICATION_JSON);
-
- // get the resource
- return builder.post(Entity.form(entity));
- }
-
- /**
- * Performs a HEAD request to the specified URI.
- *
- * @param uri the uri to request the head of
- * @return the client response of the request
- */
- public Response head(final URI uri) {
- // perform the request
- WebTarget webTarget = client.target(uri);
- return webTarget.request().head();
- }
-}
diff --git a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-processors/pom.xml b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-processors/pom.xml
index e408e297fc..e0de9b43d9 100644
--- a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-processors/pom.xml
@@ -138,12 +138,6 @@ language governing permissions and limitations under the License. -->
nifi-standard-record-utils
1.14.0-SNAPSHOT
-
- org.apache.nifi
- nifi-web-utils
- 1.14.0-SNAPSHOT
- compile
-
diff --git a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-processors/src/main/java/org/apache/nifi/processors/elasticsearch/AbstractElasticsearchHttpProcessor.java b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-processors/src/main/java/org/apache/nifi/processors/elasticsearch/AbstractElasticsearchHttpProcessor.java
index 0374eb7dca..dae3d4f11b 100644
--- a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-processors/src/main/java/org/apache/nifi/processors/elasticsearch/AbstractElasticsearchHttpProcessor.java
+++ b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-processors/src/main/java/org/apache/nifi/processors/elasticsearch/AbstractElasticsearchHttpProcessor.java
@@ -46,11 +46,12 @@ import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.proxy.ProxyConfiguration;
import org.apache.nifi.proxy.ProxySpec;
-import org.apache.nifi.security.util.OkHttpClientUtils;
-import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.util.StringUtils;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.X509TrustManager;
+
/**
* A base class for Elasticsearch processors that use the HTTP API
*/
@@ -208,8 +209,9 @@ public abstract class AbstractElasticsearchHttpProcessor extends AbstractElastic
// Apply the TLS configuration if present
final SSLContextService sslService = context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslService != null) {
- final TlsConfiguration tlsConfiguration = sslService.createTlsConfiguration();
- OkHttpClientUtils.applyTlsToOkHttpClientBuilder(tlsConfiguration, okHttpClient);
+ final SSLContext sslContext = sslService.createContext();
+ final X509TrustManager trustManager = sslService.createTrustManager();
+ okHttpClient.sslSocketFactory(sslContext.getSocketFactory(), trustManager);
}
okHttpClientAtomicReference.set(okHttpClient.build());
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml
index 8132c39fed..67d4c85ed4 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/pom.xml
@@ -67,7 +67,7 @@
org.apache.nifi
- nifi-web-utils
+ nifi-security-utils
org.apache.nifi
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java
index e8506bdab4..72d0ffb9a1 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java
@@ -37,6 +37,9 @@ import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.zip.GZIPInputStream;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
import javax.ws.rs.HttpMethod;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;
@@ -53,7 +56,7 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.cluster.coordination.http.replication.HttpReplicationClient;
import org.apache.nifi.cluster.coordination.http.replication.PreparedRequest;
import org.apache.nifi.remote.protocol.http.HttpHeaders;
-import org.apache.nifi.security.util.OkHttpClientUtils;
+import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.stream.io.GZIPOutputStream;
@@ -317,8 +320,11 @@ public class OkHttpReplicationClient implements HttpReplicationClient {
// Apply the TLS configuration, if present
try {
- TlsConfiguration tlsConfiguration = StandardTlsConfiguration.fromNiFiProperties(properties);
- tlsConfigured = OkHttpClientUtils.applyTlsToOkHttpClientBuilder(tlsConfiguration, okHttpClientBuilder);
+ final TlsConfiguration tlsConfiguration = StandardTlsConfiguration.fromNiFiProperties(properties);
+ final X509TrustManager trustManager = SslContextFactory.getX509TrustManager(tlsConfiguration);
+ final SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, new TrustManager[]{trustManager});
+ okHttpClientBuilder.sslSocketFactory(sslContext.getSocketFactory(), trustManager);
+ tlsConfigured = true;
} catch (Exception e) {
// Legacy expectations around this client are that it does not throw an exception on invalid TLS configuration
// TODO: The only current use of this class is ThreadPoolRequestReplicatorFactoryBean#getObject() which should be evaluated to see if that can change
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-stateless-bundle/nifi-stateless-engine/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-stateless-bundle/nifi-stateless-engine/pom.xml
index 6c46d603e6..68155f424d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-stateless-bundle/nifi-stateless-engine/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-stateless-bundle/nifi-stateless-engine/pom.xml
@@ -82,6 +82,11 @@
org.glassfish.jersey.core
jersey-client
+
+ com.squareup.okhttp3
+ okhttp
+ ${okhttp.version}
+
com.fasterxml.jackson.core
jackson-databind
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-stateless-bundle/nifi-stateless-engine/src/main/java/org/apache/nifi/extensions/NexusExtensionClient.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-stateless-bundle/nifi-stateless-engine/src/main/java/org/apache/nifi/extensions/NexusExtensionClient.java
index b4e012bedd..6f620581d2 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-stateless-bundle/nifi-stateless-engine/src/main/java/org/apache/nifi/extensions/NexusExtensionClient.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-stateless-bundle/nifi-stateless-engine/src/main/java/org/apache/nifi/extensions/NexusExtensionClient.java
@@ -22,14 +22,17 @@ import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import org.apache.nifi.bundle.BundleCoordinate;
-import org.apache.nifi.security.util.OkHttpClientUtils;
+import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.security.util.TlsConfiguration;
+import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.stateless.config.SslConfigurationUtil;
import org.apache.nifi.stateless.config.SslContextDefinition;
import org.apache.nifi.util.FormatUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.X509TrustManager;
import java.io.FilterInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -104,7 +107,13 @@ public class NexusExtensionClient implements ExtensionClient {
if (sslContextDefinition != null) {
final TlsConfiguration tlsConfiguration = SslConfigurationUtil.createTlsConfiguration(sslContextDefinition);
- OkHttpClientUtils.applyTlsToOkHttpClientBuilder(tlsConfiguration, okHttpClientBuilder);
+ try {
+ final X509TrustManager trustManager = SslContextFactory.getX509TrustManager(tlsConfiguration);
+ final SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration);
+ okHttpClientBuilder.sslSocketFactory(sslContext.getSocketFactory(), trustManager);
+ } catch (final TlsException e) {
+ throw new IllegalArgumentException("TLS Configuration Failed: Check SSL Context Properties", e);
+ }
}
return okHttpClientBuilder.build();
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-stateless-bundle/nifi-stateless-engine/src/main/java/org/apache/nifi/stateless/config/PropertiesFileFlowDefinitionParser.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-stateless-bundle/nifi-stateless-engine/src/main/java/org/apache/nifi/stateless/config/PropertiesFileFlowDefinitionParser.java
index b39aded1e9..2922f85030 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-stateless-bundle/nifi-stateless-engine/src/main/java/org/apache/nifi/stateless/config/PropertiesFileFlowDefinitionParser.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-stateless-bundle/nifi-stateless-engine/src/main/java/org/apache/nifi/stateless/config/PropertiesFileFlowDefinitionParser.java
@@ -26,8 +26,9 @@ import okhttp3.ResponseBody;
import org.apache.nifi.registry.client.NiFiRegistryException;
import org.apache.nifi.registry.flow.VersionedFlowSnapshot;
import org.apache.nifi.registry.flow.VersionedFlowSnapshotMetadata;
-import org.apache.nifi.security.util.OkHttpClientUtils;
+import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.security.util.TlsConfiguration;
+import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.stateless.core.RegistryUtil;
import org.apache.nifi.stateless.engine.StatelessEngineConfiguration;
import org.apache.nifi.stateless.flow.DataflowDefinition;
@@ -37,6 +38,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.X509TrustManager;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
@@ -354,7 +356,13 @@ public class PropertiesFileFlowDefinitionParser implements DataflowDefinitionPar
if (sslContextDefinition != null) {
final TlsConfiguration tlsConfiguration = SslConfigurationUtil.createTlsConfiguration(sslContextDefinition);
- OkHttpClientUtils.applyTlsToOkHttpClientBuilder(tlsConfiguration, clientBuilder);
+ try {
+ final X509TrustManager trustManager = SslContextFactory.getX509TrustManager(tlsConfiguration);
+ final SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration);
+ clientBuilder.sslSocketFactory(sslContext.getSocketFactory(), trustManager);
+ } catch (final TlsException e) {
+ throw new IllegalArgumentException("TLS Configuration Failed: Check SSL Context Properties", e);
+ }
}
final OkHttpClient client = clientBuilder.build();
diff --git a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/MockSSLContextService.java b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/MockSSLContextService.java
deleted file mode 100644
index 005c6f6d24..0000000000
--- a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/MockSSLContextService.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.processors.solr;
-
-import javax.net.ssl.SSLContext;
-import org.apache.nifi.controller.AbstractControllerService;
-import org.apache.nifi.processor.exception.ProcessException;
-import org.apache.nifi.security.util.TlsConfiguration;
-import org.apache.nifi.ssl.SSLContextService;
-
-/**
- * Mock implementation (copied from unit and integration tests) so we don't need to have a real keystore/truststore available for testing.
- *
- * // TODO: Remove and use regular mocking or Groovy rather than shell implementation
- */
-public class MockSSLContextService extends AbstractControllerService implements SSLContextService {
-
- @Override
- public TlsConfiguration createTlsConfiguration() {
- return null;
- }
-
- @Override
- public SSLContext createContext() {
- return null;
- }
-
- @Override
- public SSLContext createSSLContext(org.apache.nifi.security.util.ClientAuth clientAuth) throws ProcessException {
- return null;
- }
-
- @Override
- public SSLContext createSSLContext(SSLContextService.ClientAuth clientAuth) throws ProcessException {
- return null;
- }
-
- @Override
- public String getTrustStoreFile() {
- return null;
- }
-
- @Override
- public String getTrustStoreType() {
- return null;
- }
-
- @Override
- public String getTrustStorePassword() {
- return null;
- }
-
- @Override
- public boolean isTrustStoreConfigured() {
- return false;
- }
-
- @Override
- public String getKeyStoreFile() {
- return null;
- }
-
- @Override
- public String getKeyStoreType() {
- return null;
- }
-
- @Override
- public String getKeyStorePassword() {
- return null;
- }
-
- @Override
- public String getKeyPassword() {
- return null;
- }
-
- @Override
- public boolean isKeyStoreConfigured() {
- return false;
- }
-
- @Override
- public String getSslAlgorithm() {
- return null;
- }
-}
\ No newline at end of file
diff --git a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/QuerySolrIT.java b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/QuerySolrIT.java
index eed6584a5f..a02c525c28 100644
--- a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/QuerySolrIT.java
+++ b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/QuerySolrIT.java
@@ -638,7 +638,8 @@ public class QuerySolrIT {
runner.setProperty(SolrUtils.SOLR_LOCATION, SOLR_LOCATION);
runner.setProperty(SolrUtils.COLLECTION, SOLR_COLLECTION);
- final SSLContextService sslContextService = new MockSSLContextService();
+ final SSLContextService sslContextService = Mockito.mock(SSLContextService.class);
+ Mockito.when(sslContextService.getIdentifier()).thenReturn("ssl-context");
runner.addControllerService("ssl-context", sslContextService);
runner.enableControllerService(sslContextService);
diff --git a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/TestPutSolrContentStream.java b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/TestPutSolrContentStream.java
index fa719242f9..d4c0c213d3 100644
--- a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/TestPutSolrContentStream.java
+++ b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/TestPutSolrContentStream.java
@@ -374,7 +374,8 @@ public class TestPutSolrContentStream {
runner.setProperty(SolrUtils.SOLR_LOCATION, "https://localhost:8443/solr");
runner.assertNotValid();
- final SSLContextService sslContextService = new MockSSLContextService();
+ final SSLContextService sslContextService = Mockito.mock(SSLContextService.class);
+ Mockito.when(sslContextService.getIdentifier()).thenReturn("ssl-context");
runner.addControllerService("ssl-context", sslContextService);
runner.enableControllerService(sslContextService);
@@ -389,7 +390,8 @@ public class TestPutSolrContentStream {
runner.setProperty(SolrUtils.SOLR_LOCATION, "http://localhost:8443/solr");
runner.assertValid();
- final SSLContextService sslContextService = new MockSSLContextService();
+ final SSLContextService sslContextService = Mockito.mock(SSLContextService.class);
+ Mockito.when(sslContextService.getIdentifier()).thenReturn("ssl-context");
runner.addControllerService("ssl-context", sslContextService);
runner.enableControllerService(sslContextService);
diff --git a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/TestPutSolrRecord.java b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/TestPutSolrRecord.java
index 7e98164891..18be5f931c 100644
--- a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/TestPutSolrRecord.java
+++ b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/TestPutSolrRecord.java
@@ -541,7 +541,8 @@ public class TestPutSolrRecord {
runner.setProperty(SolrUtils.SOLR_LOCATION, "https://localhost:8443/solr");
runner.assertNotValid();
- final SSLContextService sslContextService = new MockSSLContextService();
+ final SSLContextService sslContextService = Mockito.mock(SSLContextService.class);
+ Mockito.when(sslContextService.getIdentifier()).thenReturn("ssl-context");
runner.addControllerService("ssl-context", sslContextService);
runner.enableControllerService(sslContextService);
@@ -562,7 +563,8 @@ public class TestPutSolrRecord {
runner.setProperty(SolrUtils.SOLR_LOCATION, "http://localhost:8443/solr");
runner.assertValid();
- final SSLContextService sslContextService = new MockSSLContextService();
+ final SSLContextService sslContextService = Mockito.mock(SSLContextService.class);
+ Mockito.when(sslContextService.getIdentifier()).thenReturn("ssl-context");
runner.addControllerService("ssl-context", sslContextService);
runner.enableControllerService(sslContextService);
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
index 2dab8116c1..6cbfd097d1 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml
@@ -389,12 +389,6 @@
${nifi.groovy.version}
test
-
- org.apache.nifi
- nifi-web-utils
- 1.14.0-SNAPSHOT
- compile
-
org.hamcrest
hamcrest-all
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml
index 2b11d867a0..bb67c97496 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/pom.xml
@@ -169,12 +169,6 @@
${nifi.groovy.version}
test
-
- org.apache.nifi
- nifi-web-utils
- 1.14.0-SNAPSHOT
- compile
-
org.apache.nifi
nifi-security-utils
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/RestLookupService.java b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/RestLookupService.java
index f2c7cf4048..055ee1d185 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/RestLookupService.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-lookup-services-bundle/nifi-lookup-services/src/main/java/org/apache/nifi/lookup/RestLookupService.java
@@ -48,8 +48,6 @@ import org.apache.nifi.record.path.FieldValue;
import org.apache.nifi.record.path.RecordPath;
import org.apache.nifi.record.path.validation.RecordPathValidator;
import org.apache.nifi.schema.access.SchemaNotFoundException;
-import org.apache.nifi.security.util.OkHttpClientUtils;
-import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.serialization.MalformedRecordException;
import org.apache.nifi.serialization.RecordReader;
import org.apache.nifi.serialization.RecordReaderFactory;
@@ -60,6 +58,9 @@ import org.apache.nifi.serialization.record.RecordSchema;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.util.StringUtils;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.X509TrustManager;
+
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -234,8 +235,9 @@ public class RestLookupService extends AbstractControllerService implements Reco
// Apply the TLS configuration if present
final SSLContextService sslService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslService != null) {
- final TlsConfiguration tlsConfiguration = sslService.createTlsConfiguration();
- OkHttpClientUtils.applyTlsToOkHttpClientBuilder(tlsConfiguration, builder);
+ final SSLContext sslContext = sslService.createContext();
+ final X509TrustManager trustManager = sslService.createTrustManager();
+ builder.sslSocketFactory(sslContext.getSocketFactory(), trustManager);
}
client = builder.build();
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/pom.xml b/nifi-nar-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/pom.xml
index 74453df72c..9e885413cf 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/pom.xml
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/pom.xml
@@ -94,11 +94,5 @@
jetty-server
test
-
- org.apache.nifi
- nifi-web-utils
- 1.14.0-SNAPSHOT
- compile
-
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/OAuth2TokenProviderImpl.java b/nifi-nar-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/OAuth2TokenProviderImpl.java
index 4407f46cc7..056c4f2356 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/OAuth2TokenProviderImpl.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/OAuth2TokenProviderImpl.java
@@ -22,6 +22,8 @@ import java.io.IOException;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.X509TrustManager;
+
import okhttp3.FormBody;
import okhttp3.OkHttpClient;
import okhttp3.Request;
@@ -34,8 +36,6 @@ import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.processor.exception.ProcessException;
-import org.apache.nifi.security.util.OkHttpClientUtils;
-import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.util.StringUtils;
@@ -89,8 +89,8 @@ public class OAuth2TokenProviderImpl extends AbstractControllerService implement
OkHttpClient.Builder clientBuilder = new OkHttpClient.Builder();
if (sslService != null) {
- final TlsConfiguration tlsConfiguration = sslService.createTlsConfiguration();
- OkHttpClientUtils.applyTlsToOkHttpClientBuilder(tlsConfiguration, clientBuilder);
+ final X509TrustManager trustManager = sslService.createTrustManager();
+ clientBuilder.sslSocketFactory(sslContext.getSocketFactory(), trustManager);
}
return clientBuilder;
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardSSLContextService.java b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardSSLContextService.java
index a111f7a296..7080e3d62e 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardSSLContextService.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardSSLContextService.java
@@ -25,6 +25,7 @@ import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
@@ -252,7 +253,7 @@ public class StandardSSLContextService extends AbstractControllerService impleme
final TrustManager[] trustManagers = SslContextFactory.getTrustManagers(tlsConfiguration);
return SslContextFactory.createSslContext(tlsConfiguration, trustManagers);
} catch (final TlsException e) {
- getLogger().error("Unable to create SSLContext: {}", new String[]{e.getLocalizedMessage()});
+ getLogger().error("Unable to create SSLContext: {}", e.getLocalizedMessage());
throw new ProcessException("Unable to create SSLContext", e);
}
}
@@ -288,6 +289,24 @@ public class StandardSSLContextService extends AbstractControllerService impleme
return createContext();
}
+ /**
+ * Create X.509 Trust Manager using configured properties
+ *
+ * @return {@link X509TrustManager} initialized using configured properties
+ */
+ @Override
+ public X509TrustManager createTrustManager() {
+ try {
+ final X509TrustManager trustManager = SslContextFactory.getX509TrustManager(createTlsConfiguration());
+ if (trustManager == null) {
+ throw new ProcessException("X.509 Trust Manager not found using configured properties");
+ }
+ return trustManager;
+ } catch (final TlsException e) {
+ throw new ProcessException("Unable to create X.509 Trust Manager", e);
+ }
+ }
+
@Override
public String getTrustStoreFile() {
return configContext.getProperty(TRUSTSTORE).getValue();
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/SSLContextService.java b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/SSLContextService.java
index fe97caeb35..1497d87796 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/SSLContextService.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/SSLContextService.java
@@ -24,6 +24,8 @@ import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.X509TrustManager;
+
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.components.AllowableValue;
@@ -89,6 +91,13 @@ public interface SSLContextService extends ControllerService {
@Deprecated
SSLContext createSSLContext(ClientAuth clientAuth) throws ProcessException;
+ /**
+ * Create X.509 Trust Manager using configured properties
+ *
+ * @return {@link X509TrustManager} initialized using configured properties
+ */
+ X509TrustManager createTrustManager();
+
String getTrustStoreFile();
String getTrustStoreType();
diff --git a/nifi-nar-bundles/nifi-update-attribute-bundle/nifi-update-attribute-ui/pom.xml b/nifi-nar-bundles/nifi-update-attribute-bundle/nifi-update-attribute-ui/pom.xml
index 2748274fa6..809155b861 100644
--- a/nifi-nar-bundles/nifi-update-attribute-bundle/nifi-update-attribute-ui/pom.xml
+++ b/nifi-nar-bundles/nifi-update-attribute-bundle/nifi-update-attribute-ui/pom.xml
@@ -108,11 +108,6 @@
nifi-expression-language
1.14.0-SNAPSHOT
-
- org.apache.nifi
- nifi-web-utils
- 1.14.0-SNAPSHOT
-
javax.servlet
javax.servlet-api