mirror of https://github.com/apache/nifi.git
NIFI-1907 Moving lazy init of SSLContext to StandardSiteToSiteClientConfig rather than the builder
This closes #457.
This commit is contained in:
parent
714925358e
commit
5df67c5dc2
|
@ -572,60 +572,9 @@ public interface SiteToSiteClient extends Closeable {
|
|||
* @return the SSL Context that is configured for this builder
|
||||
*/
|
||||
public SSLContext getSslContext() {
|
||||
if (sslContext != null) {
|
||||
return sslContext;
|
||||
}
|
||||
|
||||
final KeyManagerFactory keyManagerFactory;
|
||||
if (keystoreFilename != null && keystorePass != null && keystoreType != null) {
|
||||
try {
|
||||
// prepare the keystore
|
||||
final KeyStore keyStore = KeyStore.getInstance(getKeystoreType().name());
|
||||
try (final InputStream keyStoreStream = new FileInputStream(new File(getKeystoreFilename()))) {
|
||||
keyStore.load(keyStoreStream, getKeystorePass().toCharArray());
|
||||
}
|
||||
keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
||||
keyManagerFactory.init(keyStore, getKeystorePass().toCharArray());
|
||||
} catch (final Exception e) {
|
||||
throw new RuntimeException("Failed to load Keystore", e);
|
||||
}
|
||||
} else {
|
||||
keyManagerFactory = null;
|
||||
}
|
||||
|
||||
final TrustManagerFactory trustManagerFactory;
|
||||
if (truststoreFilename != null && truststorePass != null && truststoreType != null) {
|
||||
try {
|
||||
// prepare the truststore
|
||||
final KeyStore trustStore = KeyStore.getInstance(getTruststoreType().name());
|
||||
try (final InputStream trustStoreStream = new FileInputStream(new File(getTruststoreFilename()))) {
|
||||
trustStore.load(trustStoreStream, getTruststorePass().toCharArray());
|
||||
}
|
||||
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
|
||||
trustManagerFactory.init(trustStore);
|
||||
} catch (final Exception e) {
|
||||
throw new RuntimeException("Failed to load Truststore", e);
|
||||
}
|
||||
} else {
|
||||
trustManagerFactory = null;
|
||||
}
|
||||
|
||||
if (keyManagerFactory != null && trustManagerFactory != null) {
|
||||
try {
|
||||
// initialize the ssl context
|
||||
final SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
|
||||
sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
|
||||
|
||||
return sslContext;
|
||||
} catch (final Exception e) {
|
||||
throw new RuntimeException("Created keystore and truststore but failed to initialize SSLContext");
|
||||
}
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the EventReporter that is to be used by clients to report
|
||||
* events
|
||||
|
@ -758,9 +707,60 @@ public interface SiteToSiteClient extends Closeable {
|
|||
|
||||
@Override
|
||||
public SSLContext getSslContext() {
|
||||
if (sslContext != null) {
|
||||
return sslContext;
|
||||
}
|
||||
|
||||
final KeyManagerFactory keyManagerFactory;
|
||||
if (keystoreFilename != null && keystorePass != null && keystoreType != null) {
|
||||
try {
|
||||
// prepare the keystore
|
||||
final KeyStore keyStore = KeyStore.getInstance(getKeystoreType().name());
|
||||
try (final InputStream keyStoreStream = new FileInputStream(new File(getKeystoreFilename()))) {
|
||||
keyStore.load(keyStoreStream, keystorePass.toCharArray());
|
||||
}
|
||||
keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
||||
keyManagerFactory.init(keyStore, keystorePass.toCharArray());
|
||||
} catch (final Exception e) {
|
||||
throw new IllegalStateException("Failed to load Keystore", e);
|
||||
}
|
||||
} else {
|
||||
keyManagerFactory = null;
|
||||
}
|
||||
|
||||
final TrustManagerFactory trustManagerFactory;
|
||||
if (truststoreFilename != null && truststorePass != null && truststoreType != null) {
|
||||
try {
|
||||
// prepare the truststore
|
||||
final KeyStore trustStore = KeyStore.getInstance(getTruststoreType().name());
|
||||
try (final InputStream trustStoreStream = new FileInputStream(new File(getTruststoreFilename()))) {
|
||||
trustStore.load(trustStoreStream, truststorePass.toCharArray());
|
||||
}
|
||||
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
|
||||
trustManagerFactory.init(trustStore);
|
||||
} catch (final Exception e) {
|
||||
throw new IllegalStateException("Failed to load Truststore", e);
|
||||
}
|
||||
} else {
|
||||
trustManagerFactory = null;
|
||||
}
|
||||
|
||||
if (keyManagerFactory != null && trustManagerFactory != null) {
|
||||
try {
|
||||
// initialize the ssl context
|
||||
final SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
|
||||
sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
|
||||
|
||||
return sslContext;
|
||||
} catch (final Exception e) {
|
||||
throw new IllegalStateException("Created keystore and truststore but failed to initialize SSLContext", e);
|
||||
}
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPortName() {
|
||||
return portName;
|
||||
|
|
|
@ -54,6 +54,7 @@ public interface SiteToSiteClientConfig extends Serializable {
|
|||
|
||||
/**
|
||||
* @return the SSL Context that is configured for this builder
|
||||
* @throws IllegalStateException if an SSLContext is being constructed and an error occurs doing so
|
||||
*/
|
||||
SSLContext getSslContext();
|
||||
|
||||
|
|
Loading…
Reference in New Issue