Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-1907 Moving lazy init of SSLContext to StandardSiteToSiteClientConfig rather than the builder 

This closes #457.
This commit is contained in:
Bryan Bende 2016-05-20 11:15:36 -04:00
parent 714925358e
commit 5df67c5dc2
2 changed files with 54 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClient.java
View File

@ -572,58 +572,7 @@ public interface SiteToSiteClient extends Closeable {
* @return the SSL Context that is configured for this builder * @return the SSL Context that is configured for this builder
*/ */
public SSLContext getSslContext() { public SSLContext getSslContext() {
if (sslContext != null) { return sslContext;
return sslContext;
}
final KeyManagerFactory keyManagerFactory;
if (keystoreFilename != null && keystorePass != null && keystoreType != null) {
try {
// prepare the keystore
final KeyStore keyStore = KeyStore.getInstance(getKeystoreType().name());
try (final InputStream keyStoreStream = new FileInputStream(new File(getKeystoreFilename()))) {
keyStore.load(keyStoreStream, getKeystorePass().toCharArray());
}
keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, getKeystorePass().toCharArray());
} catch (final Exception e) {
throw new RuntimeException("Failed to load Keystore", e);
}
} else {
keyManagerFactory = null;
}
final TrustManagerFactory trustManagerFactory;
if (truststoreFilename != null && truststorePass != null && truststoreType != null) {
try {
// prepare the truststore
final KeyStore trustStore = KeyStore.getInstance(getTruststoreType().name());
try (final InputStream trustStoreStream = new FileInputStream(new File(getTruststoreFilename()))) {
trustStore.load(trustStoreStream, getTruststorePass().toCharArray());
}
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
} catch (final Exception e) {
throw new RuntimeException("Failed to load Truststore", e);
}
} else {
trustManagerFactory = null;
}
if (keyManagerFactory != null && trustManagerFactory != null) {
try {
// initialize the ssl context
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
return sslContext;
} catch (final Exception e) {
throw new RuntimeException("Created keystore and truststore but failed to initialize SSLContext");
}
} else {
return null;
}
} }
/** /**
@ -758,7 +707,58 @@ public interface SiteToSiteClient extends Closeable {
@Override @Override
public SSLContext getSslContext() { public SSLContext getSslContext() {
return sslContext; if (sslContext != null) {
return sslContext;
}
final KeyManagerFactory keyManagerFactory;
if (keystoreFilename != null && keystorePass != null && keystoreType != null) {
try {
// prepare the keystore
final KeyStore keyStore = KeyStore.getInstance(getKeystoreType().name());
try (final InputStream keyStoreStream = new FileInputStream(new File(getKeystoreFilename()))) {
keyStore.load(keyStoreStream, keystorePass.toCharArray());
}
keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keystorePass.toCharArray());
} catch (final Exception e) {
throw new IllegalStateException("Failed to load Keystore", e);
}
} else {
keyManagerFactory = null;
}
final TrustManagerFactory trustManagerFactory;
if (truststoreFilename != null && truststorePass != null && truststoreType != null) {
try {
// prepare the truststore
final KeyStore trustStore = KeyStore.getInstance(getTruststoreType().name());
try (final InputStream trustStoreStream = new FileInputStream(new File(getTruststoreFilename()))) {
trustStore.load(trustStoreStream, truststorePass.toCharArray());
}
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
} catch (final Exception e) {
throw new IllegalStateException("Failed to load Truststore", e);
}
} else {
trustManagerFactory = null;
}
if (keyManagerFactory != null && trustManagerFactory != null) {
try {
// initialize the ssl context
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
return sslContext;
} catch (final Exception e) {
throw new IllegalStateException("Created keystore and truststore but failed to initialize SSLContext", e);
}
} else {
return null;
}
} }
@Override @Override

1
nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClientConfig.java
View File

@ -54,6 +54,7 @@ public interface SiteToSiteClientConfig extends Serializable {
/** /**
* @return the SSL Context that is configured for this builder * @return the SSL Context that is configured for this builder
* @throws IllegalStateException if an SSLContext is being constructed and an error occurs doing so
*/ */
SSLContext getSslContext(); SSLContext getSslContext();