From 3ef8b4ab8d732af9af4fbdb9d6df407af6481993 Mon Sep 17 00:00:00 2001 From: Andy LoPresto Date: Fri, 6 Jul 2018 22:07:46 -0700 Subject: [PATCH] NIFI-5370 removed custom hostname verifier implementation from OkHttpReplicationClient (default handles wildcard certs). This closes #2869. Signed-off-by: Mark Payne --- .../protocol/AbstractNodeProtocolSender.java | 4 +- .../okhttp/OkHttpReplicationClient.java | 39 +++++++------------ ...hreadPoolRequestReplicatorFactoryBean.java | 3 +- 3 files changed, 18 insertions(+), 28 deletions(-) diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/AbstractNodeProtocolSender.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/AbstractNodeProtocolSender.java index db3fc1d9f3..2e507c7348 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/AbstractNodeProtocolSender.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/AbstractNodeProtocolSender.java @@ -62,7 +62,7 @@ public abstract class AbstractNodeProtocolSender implements NodeProtocolSender { response = unmarshaller.unmarshal(socket.getInputStream()); } catch (final IOException ioe) { throw new ProtocolException("Failed unmarshalling '" + MessageType.CONNECTION_RESPONSE + "' protocol message from " - + socket.getRemoteSocketAddress() + " due to: " + ioe, ioe); + + socket.getRemoteSocketAddress() + " due to: " + ioe, ioe); } if (MessageType.CONNECTION_RESPONSE == response.getType()) { @@ -155,7 +155,7 @@ public abstract class AbstractNodeProtocolSender implements NodeProtocolSender { response = unmarshaller.unmarshal(socket.getInputStream()); } catch (final IOException ioe) { throw new ProtocolException("Failed unmarshalling '" + MessageType.CONNECTION_RESPONSE + "' protocol message from " - + socket.getRemoteSocketAddress() + " due to: " + ioe, ioe); + + socket.getRemoteSocketAddress() + " due to: " + ioe, ioe); } return response; diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java index c4016de77c..a300fc2280 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java @@ -17,6 +17,10 @@ package org.apache.nifi.cluster.coordination.http.replication.okhttp; +import com.fasterxml.jackson.annotation.JsonInclude.Include; +import com.fasterxml.jackson.annotation.JsonInclude.Value; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.module.jaxb.JaxbAnnotationIntrospector; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileInputStream; @@ -35,8 +39,6 @@ import java.util.concurrent.TimeUnit; import java.util.stream.Collectors; import java.util.stream.Stream; import java.util.zip.GZIPInputStream; - -import javax.net.ssl.HostnameVerifier; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; @@ -48,7 +50,14 @@ import javax.ws.rs.HttpMethod; import javax.ws.rs.core.MultivaluedHashMap; import javax.ws.rs.core.MultivaluedMap; import javax.ws.rs.core.Response; - +import okhttp3.Call; +import okhttp3.ConnectionPool; +import okhttp3.Headers; +import okhttp3.HttpUrl; +import okhttp3.MediaType; +import okhttp3.OkHttpClient; +import okhttp3.Request; +import okhttp3.RequestBody; import org.apache.commons.lang3.StringUtils; import org.apache.nifi.cluster.coordination.http.replication.HttpReplicationClient; import org.apache.nifi.cluster.coordination.http.replication.PreparedRequest; @@ -62,20 +71,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.util.StreamUtils; -import com.fasterxml.jackson.annotation.JsonInclude.Include; -import com.fasterxml.jackson.annotation.JsonInclude.Value; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.module.jaxb.JaxbAnnotationIntrospector; - -import okhttp3.Call; -import okhttp3.ConnectionPool; -import okhttp3.Headers; -import okhttp3.HttpUrl; -import okhttp3.MediaType; -import okhttp3.OkHttpClient; -import okhttp3.Request; -import okhttp3.RequestBody; - public class OkHttpReplicationClient implements HttpReplicationClient { private static final Logger logger = LoggerFactory.getLogger(OkHttpReplicationClient.class); private static final Set gzipEncodings = Stream.of("gzip", "x-gzip").collect(Collectors.toSet()); @@ -86,14 +81,14 @@ public class OkHttpReplicationClient implements HttpReplicationClient { private final ObjectMapper jsonCodec = new ObjectMapper(); private final OkHttpClient okHttpClient; - public OkHttpReplicationClient(final NiFiProperties properties, final HostnameVerifier hostnameVerifier) { + public OkHttpReplicationClient(final NiFiProperties properties) { jsonCodec.setDefaultPropertyInclusion(Value.construct(Include.NON_NULL, Include.ALWAYS)); jsonCodec.setAnnotationIntrospector(new JaxbAnnotationIntrospector(jsonCodec.getTypeFactory())); jsonSerializer = new JsonEntitySerializer(jsonCodec); xmlSerializer = new XmlEntitySerializer(); - okHttpClient = createOkHttpClient(properties, hostnameVerifier); + okHttpClient = createOkHttpClient(properties); } @Override @@ -280,7 +275,7 @@ public class OkHttpReplicationClient implements HttpReplicationClient { } } - private OkHttpClient createOkHttpClient(final NiFiProperties properties, final HostnameVerifier hostnameVerifier) { + private OkHttpClient createOkHttpClient(final NiFiProperties properties) { final String connectionTimeout = properties.getClusterNodeConnectionTimeout(); final long connectionTimeoutMs = FormatUtils.getTimeDuration(connectionTimeout, TimeUnit.MILLISECONDS); final String readTimeout = properties.getClusterNodeReadTimeout(); @@ -298,10 +293,6 @@ public class OkHttpReplicationClient implements HttpReplicationClient { okHttpClientBuilder.sslSocketFactory(tuple.getKey(), tuple.getValue()); } - if (hostnameVerifier != null) { - okHttpClientBuilder.hostnameVerifier(hostnameVerifier); - } - return okHttpClientBuilder.build(); } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/spring/ThreadPoolRequestReplicatorFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/spring/ThreadPoolRequestReplicatorFactoryBean.java index e0477a7afc..2bb3f608e0 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/spring/ThreadPoolRequestReplicatorFactoryBean.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/spring/ThreadPoolRequestReplicatorFactoryBean.java @@ -23,7 +23,6 @@ import org.apache.nifi.cluster.coordination.http.replication.ThreadPoolRequestRe import org.apache.nifi.cluster.coordination.http.replication.okhttp.OkHttpReplicationClient; import org.apache.nifi.events.EventReporter; import org.apache.nifi.util.NiFiProperties; -import org.apache.nifi.web.util.NiFiHostnameVerifier; import org.springframework.beans.BeansException; import org.springframework.beans.factory.FactoryBean; import org.springframework.context.ApplicationContext; @@ -46,7 +45,7 @@ public class ThreadPoolRequestReplicatorFactoryBean implements FactoryBean