NIFI-1907 Moving lazy init of SSLContext to StandardSiteToSiteClientConfig rather than the builder

This closes #457.
This commit is contained in:
Bryan Bende 2016-05-20 11:15:36 -04:00
parent 714925358e
commit 5df67c5dc2
2 changed files with 54 additions and 53 deletions

View File

@ -572,60 +572,9 @@ public interface SiteToSiteClient extends Closeable {
* @return the SSL Context that is configured for this builder * @return the SSL Context that is configured for this builder
*/ */
public SSLContext getSslContext() { public SSLContext getSslContext() {
if (sslContext != null) {
return sslContext; return sslContext;
} }
final KeyManagerFactory keyManagerFactory;
if (keystoreFilename != null && keystorePass != null && keystoreType != null) {
try {
// prepare the keystore
final KeyStore keyStore = KeyStore.getInstance(getKeystoreType().name());
try (final InputStream keyStoreStream = new FileInputStream(new File(getKeystoreFilename()))) {
keyStore.load(keyStoreStream, getKeystorePass().toCharArray());
}
keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, getKeystorePass().toCharArray());
} catch (final Exception e) {
throw new RuntimeException("Failed to load Keystore", e);
}
} else {
keyManagerFactory = null;
}
final TrustManagerFactory trustManagerFactory;
if (truststoreFilename != null && truststorePass != null && truststoreType != null) {
try {
// prepare the truststore
final KeyStore trustStore = KeyStore.getInstance(getTruststoreType().name());
try (final InputStream trustStoreStream = new FileInputStream(new File(getTruststoreFilename()))) {
trustStore.load(trustStoreStream, getTruststorePass().toCharArray());
}
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
} catch (final Exception e) {
throw new RuntimeException("Failed to load Truststore", e);
}
} else {
trustManagerFactory = null;
}
if (keyManagerFactory != null && trustManagerFactory != null) {
try {
// initialize the ssl context
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
return sslContext;
} catch (final Exception e) {
throw new RuntimeException("Created keystore and truststore but failed to initialize SSLContext");
}
} else {
return null;
}
}
/** /**
* @return the EventReporter that is to be used by clients to report * @return the EventReporter that is to be used by clients to report
* events * events
@ -758,9 +707,60 @@ public interface SiteToSiteClient extends Closeable {
@Override @Override
public SSLContext getSslContext() { public SSLContext getSslContext() {
if (sslContext != null) {
return sslContext; return sslContext;
} }
final KeyManagerFactory keyManagerFactory;
if (keystoreFilename != null && keystorePass != null && keystoreType != null) {
try {
// prepare the keystore
final KeyStore keyStore = KeyStore.getInstance(getKeystoreType().name());
try (final InputStream keyStoreStream = new FileInputStream(new File(getKeystoreFilename()))) {
keyStore.load(keyStoreStream, keystorePass.toCharArray());
}
keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keystorePass.toCharArray());
} catch (final Exception e) {
throw new IllegalStateException("Failed to load Keystore", e);
}
} else {
keyManagerFactory = null;
}
final TrustManagerFactory trustManagerFactory;
if (truststoreFilename != null && truststorePass != null && truststoreType != null) {
try {
// prepare the truststore
final KeyStore trustStore = KeyStore.getInstance(getTruststoreType().name());
try (final InputStream trustStoreStream = new FileInputStream(new File(getTruststoreFilename()))) {
trustStore.load(trustStoreStream, truststorePass.toCharArray());
}
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
} catch (final Exception e) {
throw new IllegalStateException("Failed to load Truststore", e);
}
} else {
trustManagerFactory = null;
}
if (keyManagerFactory != null && trustManagerFactory != null) {
try {
// initialize the ssl context
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
return sslContext;
} catch (final Exception e) {
throw new IllegalStateException("Created keystore and truststore but failed to initialize SSLContext", e);
}
} else {
return null;
}
}
@Override @Override
public String getPortName() { public String getPortName() {
return portName; return portName;

View File

@ -54,6 +54,7 @@ public interface SiteToSiteClientConfig extends Serializable {
/** /**
* @return the SSL Context that is configured for this builder * @return the SSL Context that is configured for this builder
* @throws IllegalStateException if an SSLContext is being constructed and an error occurs doing so
*/ */
SSLContext getSslContext(); SSLContext getSslContext();