NIFI-5370 removed custom hostname verifier implementation from OkHttpReplicationClient (default handles wildcard certs).

This closes #2869. Signed-off-by: Mark Payne <markap14@hotmail.com>
2018-07-06 22:07:46 -07:00 · 2018-07-06 22:07:46 -07:00 · 3ef8b4ab8d
parent 275789f8ca
commit 3ef8b4ab8d
3 changed files with 18 additions and 28 deletions
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/AbstractNodeProtocolSender.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/AbstractNodeProtocolSender.java
@ -62,7 +62,7 @@ public abstract class AbstractNodeProtocolSender implements NodeProtocolSender {
                response = unmarshaller.unmarshal(socket.getInputStream());
            } catch (final IOException ioe) {
                throw new ProtocolException("Failed unmarshalling '" + MessageType.CONNECTION_RESPONSE + "' protocol message from "
-                    + socket.getRemoteSocketAddress() + " due to: " + ioe, ioe);
+                        + socket.getRemoteSocketAddress() + " due to: " + ioe, ioe);
            }

            if (MessageType.CONNECTION_RESPONSE == response.getType()) {
@ -155,7 +155,7 @@ public abstract class AbstractNodeProtocolSender implements NodeProtocolSender {
                response = unmarshaller.unmarshal(socket.getInputStream());
            } catch (final IOException ioe) {
                throw new ProtocolException("Failed unmarshalling '" + MessageType.CONNECTION_RESPONSE + "' protocol message from "
-                    + socket.getRemoteSocketAddress() + " due to: " + ioe, ioe);
+                        + socket.getRemoteSocketAddress() + " due to: " + ioe, ioe);
            }

            return response;
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java
@ -17,6 +17,10 @@

 package org.apache.nifi.cluster.coordination.http.replication.okhttp;

+import com.fasterxml.jackson.annotation.JsonInclude.Include;
+import com.fasterxml.jackson.annotation.JsonInclude.Value;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.module.jaxb.JaxbAnnotationIntrospector;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.FileInputStream;
@ -35,8 +39,6 @@ import java.util.concurrent.TimeUnit;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 import java.util.zip.GZIPInputStream;
-
-import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
@ -48,7 +50,14 @@ import javax.ws.rs.HttpMethod;
 import javax.ws.rs.core.MultivaluedHashMap;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.ws.rs.core.Response;
-
+import okhttp3.Call;
+import okhttp3.ConnectionPool;
+import okhttp3.Headers;
+import okhttp3.HttpUrl;
+import okhttp3.MediaType;
+import okhttp3.OkHttpClient;
+import okhttp3.Request;
+import okhttp3.RequestBody;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.nifi.cluster.coordination.http.replication.HttpReplicationClient;
 import org.apache.nifi.cluster.coordination.http.replication.PreparedRequest;
@ -62,20 +71,6 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.util.StreamUtils;

-import com.fasterxml.jackson.annotation.JsonInclude.Include;
-import com.fasterxml.jackson.annotation.JsonInclude.Value;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.module.jaxb.JaxbAnnotationIntrospector;
-
-import okhttp3.Call;
-import okhttp3.ConnectionPool;
-import okhttp3.Headers;
-import okhttp3.HttpUrl;
-import okhttp3.MediaType;
-import okhttp3.OkHttpClient;
-import okhttp3.Request;
-import okhttp3.RequestBody;
-
 public class OkHttpReplicationClient implements HttpReplicationClient {
    private static final Logger logger = LoggerFactory.getLogger(OkHttpReplicationClient.class);
    private static final Set<String> gzipEncodings = Stream.of("gzip", "x-gzip").collect(Collectors.toSet());
@ -86,14 +81,14 @@ public class OkHttpReplicationClient implements HttpReplicationClient {
    private final ObjectMapper jsonCodec = new ObjectMapper();
    private final OkHttpClient okHttpClient;

-    public OkHttpReplicationClient(final NiFiProperties properties, final HostnameVerifier hostnameVerifier) {
+    public OkHttpReplicationClient(final NiFiProperties properties) {
        jsonCodec.setDefaultPropertyInclusion(Value.construct(Include.NON_NULL, Include.ALWAYS));
        jsonCodec.setAnnotationIntrospector(new JaxbAnnotationIntrospector(jsonCodec.getTypeFactory()));

        jsonSerializer = new JsonEntitySerializer(jsonCodec);
        xmlSerializer = new XmlEntitySerializer();

-        okHttpClient = createOkHttpClient(properties, hostnameVerifier);
+        okHttpClient = createOkHttpClient(properties);
    }

    @Override
@ -280,7 +275,7 @@ public class OkHttpReplicationClient implements HttpReplicationClient {
        }
    }

-    private OkHttpClient createOkHttpClient(final NiFiProperties properties, final HostnameVerifier hostnameVerifier) {
+    private OkHttpClient createOkHttpClient(final NiFiProperties properties) {
        final String connectionTimeout = properties.getClusterNodeConnectionTimeout();
        final long connectionTimeoutMs = FormatUtils.getTimeDuration(connectionTimeout, TimeUnit.MILLISECONDS);
        final String readTimeout = properties.getClusterNodeReadTimeout();
@ -298,10 +293,6 @@ public class OkHttpReplicationClient implements HttpReplicationClient {
            okHttpClientBuilder.sslSocketFactory(tuple.getKey(), tuple.getValue());
        }

-        if (hostnameVerifier != null) {
-            okHttpClientBuilder.hostnameVerifier(hostnameVerifier);
-        }
-
        return okHttpClientBuilder.build();
    }

--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/spring/ThreadPoolRequestReplicatorFactoryBean.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/spring/ThreadPoolRequestReplicatorFactoryBean.java
@ -23,7 +23,6 @@ import org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestRe
 import org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient;
 import org.apache.nifi.events.EventReporter;
 import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.util.NiFiHostnameVerifier;
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.FactoryBean;
 import org.springframework.context.ApplicationContext;
@ -46,7 +45,7 @@ public class ThreadPoolRequestReplicatorFactoryBean implements FactoryBean<Threa
            final int maxPoolSize = nifiProperties.getClusterNodeProtocolMaxPoolSize();
            final int maxConcurrentRequests = nifiProperties.getClusterNodeMaxConcurrentRequests();

-            final OkHttpReplicationClient replicationClient = new OkHttpReplicationClient(nifiProperties, new NiFiHostnameVerifier());
+            final OkHttpReplicationClient replicationClient = new OkHttpReplicationClient(nifiProperties);

            replicator = new ThreadPoolRequestReplicator(corePoolSize, maxPoolSize, maxConcurrentRequests, replicationClient, clusterCoordinator,
                requestCompletionCallback, eventReporter, nifiProperties);