mirror of https://github.com/apache/nifi.git
NIFI-1907 Moving lazy init of SSLContext to StandardSiteToSiteClientConfig rather than the builder
This closes #457.
This commit is contained in:
parent
714925358e
commit
5df67c5dc2
|
@ -572,60 +572,9 @@ public interface SiteToSiteClient extends Closeable {
|
||||||
* @return the SSL Context that is configured for this builder
|
* @return the SSL Context that is configured for this builder
|
||||||
*/
|
*/
|
||||||
public SSLContext getSslContext() {
|
public SSLContext getSslContext() {
|
||||||
if (sslContext != null) {
|
|
||||||
return sslContext;
|
return sslContext;
|
||||||
}
|
}
|
||||||
|
|
||||||
final KeyManagerFactory keyManagerFactory;
|
|
||||||
if (keystoreFilename != null && keystorePass != null && keystoreType != null) {
|
|
||||||
try {
|
|
||||||
// prepare the keystore
|
|
||||||
final KeyStore keyStore = KeyStore.getInstance(getKeystoreType().name());
|
|
||||||
try (final InputStream keyStoreStream = new FileInputStream(new File(getKeystoreFilename()))) {
|
|
||||||
keyStore.load(keyStoreStream, getKeystorePass().toCharArray());
|
|
||||||
}
|
|
||||||
keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
|
||||||
keyManagerFactory.init(keyStore, getKeystorePass().toCharArray());
|
|
||||||
} catch (final Exception e) {
|
|
||||||
throw new RuntimeException("Failed to load Keystore", e);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
keyManagerFactory = null;
|
|
||||||
}
|
|
||||||
|
|
||||||
final TrustManagerFactory trustManagerFactory;
|
|
||||||
if (truststoreFilename != null && truststorePass != null && truststoreType != null) {
|
|
||||||
try {
|
|
||||||
// prepare the truststore
|
|
||||||
final KeyStore trustStore = KeyStore.getInstance(getTruststoreType().name());
|
|
||||||
try (final InputStream trustStoreStream = new FileInputStream(new File(getTruststoreFilename()))) {
|
|
||||||
trustStore.load(trustStoreStream, getTruststorePass().toCharArray());
|
|
||||||
}
|
|
||||||
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
|
|
||||||
trustManagerFactory.init(trustStore);
|
|
||||||
} catch (final Exception e) {
|
|
||||||
throw new RuntimeException("Failed to load Truststore", e);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
trustManagerFactory = null;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (keyManagerFactory != null && trustManagerFactory != null) {
|
|
||||||
try {
|
|
||||||
// initialize the ssl context
|
|
||||||
final SSLContext sslContext = SSLContext.getInstance("TLS");
|
|
||||||
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
|
|
||||||
sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
|
|
||||||
|
|
||||||
return sslContext;
|
|
||||||
} catch (final Exception e) {
|
|
||||||
throw new RuntimeException("Created keystore and truststore but failed to initialize SSLContext");
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return the EventReporter that is to be used by clients to report
|
* @return the EventReporter that is to be used by clients to report
|
||||||
* events
|
* events
|
||||||
|
@ -758,9 +707,60 @@ public interface SiteToSiteClient extends Closeable {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public SSLContext getSslContext() {
|
public SSLContext getSslContext() {
|
||||||
|
if (sslContext != null) {
|
||||||
return sslContext;
|
return sslContext;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
final KeyManagerFactory keyManagerFactory;
|
||||||
|
if (keystoreFilename != null && keystorePass != null && keystoreType != null) {
|
||||||
|
try {
|
||||||
|
// prepare the keystore
|
||||||
|
final KeyStore keyStore = KeyStore.getInstance(getKeystoreType().name());
|
||||||
|
try (final InputStream keyStoreStream = new FileInputStream(new File(getKeystoreFilename()))) {
|
||||||
|
keyStore.load(keyStoreStream, keystorePass.toCharArray());
|
||||||
|
}
|
||||||
|
keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
||||||
|
keyManagerFactory.init(keyStore, keystorePass.toCharArray());
|
||||||
|
} catch (final Exception e) {
|
||||||
|
throw new IllegalStateException("Failed to load Keystore", e);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
keyManagerFactory = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
final TrustManagerFactory trustManagerFactory;
|
||||||
|
if (truststoreFilename != null && truststorePass != null && truststoreType != null) {
|
||||||
|
try {
|
||||||
|
// prepare the truststore
|
||||||
|
final KeyStore trustStore = KeyStore.getInstance(getTruststoreType().name());
|
||||||
|
try (final InputStream trustStoreStream = new FileInputStream(new File(getTruststoreFilename()))) {
|
||||||
|
trustStore.load(trustStoreStream, truststorePass.toCharArray());
|
||||||
|
}
|
||||||
|
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
|
||||||
|
trustManagerFactory.init(trustStore);
|
||||||
|
} catch (final Exception e) {
|
||||||
|
throw new IllegalStateException("Failed to load Truststore", e);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
trustManagerFactory = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (keyManagerFactory != null && trustManagerFactory != null) {
|
||||||
|
try {
|
||||||
|
// initialize the ssl context
|
||||||
|
final SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||||
|
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
|
||||||
|
sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
|
||||||
|
|
||||||
|
return sslContext;
|
||||||
|
} catch (final Exception e) {
|
||||||
|
throw new IllegalStateException("Created keystore and truststore but failed to initialize SSLContext", e);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getPortName() {
|
public String getPortName() {
|
||||||
return portName;
|
return portName;
|
||||||
|
|
|
@ -54,6 +54,7 @@ public interface SiteToSiteClientConfig extends Serializable {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return the SSL Context that is configured for this builder
|
* @return the SSL Context that is configured for this builder
|
||||||
|
* @throws IllegalStateException if an SSLContext is being constructed and an error occurs doing so
|
||||||
*/
|
*/
|
||||||
SSLContext getSslContext();
|
SSLContext getSslContext();
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue