Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-3004 Improved StandardSSLContextService customValidate 

Signed-off-by: Andy LoPresto <alopresto@apache.org>
This commit is contained in:
Pierre Villard 2016-12-30 12:37:04 +01:00 committed by Andy LoPresto
parent 3259b01f8e
commit 970c46ccfe
No known key found for this signature in database
GPG Key ID: 3C6EF65B2F7DEF69
2 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardSSLContextService.java
View File

@ -118,6 +118,7 @@ public class StandardSSLContextService extends AbstractControllerService impleme
private static final List<PropertyDescriptor> properties;
private ConfigurationContext configContext;
private boolean isValidated;
static {
List<PropertyDescriptor> props = new ArrayList<>();
@ -161,6 +162,12 @@ public class StandardSSLContextService extends AbstractControllerService impleme
createSSLContext(ClientAuth.REQUIRED);
}
@Override
public void onPropertyModified(PropertyDescriptor descriptor, String oldValue, String newValue) {
super.onPropertyModified(descriptor, oldValue, newValue);
isValidated = false;
}
private static Validator createFileExistsAndReadableValidator() {
return new Validator() {
// Not using the FILE_EXISTS_VALIDATOR because the default is to
@ -200,6 +207,11 @@ public class StandardSSLContextService extends AbstractControllerService impleme
@Override
protected Collection<ValidationResult> customValidate(ValidationContext validationContext) {
final Collection<ValidationResult> results = new ArrayList<>();
if(isValidated) {
return results;
}
results.addAll(validateStore(validationContext.getProperties(), KeystoreValidationGroup.KEYSTORE));
results.addAll(validateStore(validationContext.getProperties(), KeystoreValidationGroup.TRUSTSTORE));
@ -228,6 +240,9 @@ public class StandardSSLContextService extends AbstractControllerService impleme
.build());
}
}
isValidated = results.isEmpty();
return results;
}

29
nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/java/org/apache/nifi/ssl/SSLContextServiceTest.java
View File

@ -115,6 +115,35 @@ public class SSLContextServiceTest {
sslService.createSSLContext(ClientAuth.NONE);
}
@Test
public void testWithChanges() throws InitializationException {
final TestRunner runner = TestRunners.newTestRunner(TestProcessor.class);
SSLContextService service = new StandardSSLContextService();
runner.addControllerService("test-good1", service);
runner.setProperty(service, StandardSSLContextService.KEYSTORE.getName(), "src/test/resources/localhost-ks.jks");
runner.setProperty(service, StandardSSLContextService.KEYSTORE_PASSWORD.getName(), "localtest");
runner.setProperty(service, StandardSSLContextService.KEYSTORE_TYPE.getName(), "JKS");
runner.setProperty(service, StandardSSLContextService.TRUSTSTORE.getName(), "src/test/resources/localhost-ts.jks");
runner.setProperty(service, StandardSSLContextService.TRUSTSTORE_PASSWORD.getName(), "localtest");
runner.setProperty(service, StandardSSLContextService.TRUSTSTORE_TYPE.getName(), "JKS");
runner.enableControllerService(service);
runner.setProperty("SSL Context Svc ID", "test-good1");
runner.assertValid(service);
runner.disableControllerService(service);
runner.setProperty(service,StandardSSLContextService.KEYSTORE.getName(), "src/test/resources/DOES-NOT-EXIST.jks");
runner.assertNotValid(service);
runner.setProperty(service, StandardSSLContextService.KEYSTORE.getName(), "src/test/resources/localhost-ks.jks");
runner.setProperty(service, StandardSSLContextService.TRUSTSTORE_PASSWORD.getName(), "badpassword");
runner.assertNotValid(service);
runner.setProperty(service, StandardSSLContextService.TRUSTSTORE_PASSWORD.getName(), "localtest");
runner.enableControllerService(service);
runner.assertValid(service);
}
@Test
public void testGoodTrustOnly() {
try {