NIFI-3004 Improved StandardSSLContextService customValidate

Signed-off-by: Andy LoPresto <alopresto@apache.org>
This commit is contained in:
Pierre Villard 2016-12-30 12:37:04 +01:00 committed by Andy LoPresto
parent 3259b01f8e
commit 970c46ccfe
No known key found for this signature in database
GPG Key ID: 3C6EF65B2F7DEF69
2 changed files with 44 additions and 0 deletions

View File

@ -118,6 +118,7 @@ public class StandardSSLContextService extends AbstractControllerService impleme
private static final List<PropertyDescriptor> properties; private static final List<PropertyDescriptor> properties;
private ConfigurationContext configContext; private ConfigurationContext configContext;
private boolean isValidated;
static { static {
List<PropertyDescriptor> props = new ArrayList<>(); List<PropertyDescriptor> props = new ArrayList<>();
@ -161,6 +162,12 @@ public class StandardSSLContextService extends AbstractControllerService impleme
createSSLContext(ClientAuth.REQUIRED); createSSLContext(ClientAuth.REQUIRED);
} }
@Override
public void onPropertyModified(PropertyDescriptor descriptor, String oldValue, String newValue) {
super.onPropertyModified(descriptor, oldValue, newValue);
isValidated = false;
}
private static Validator createFileExistsAndReadableValidator() { private static Validator createFileExistsAndReadableValidator() {
return new Validator() { return new Validator() {
// Not using the FILE_EXISTS_VALIDATOR because the default is to // Not using the FILE_EXISTS_VALIDATOR because the default is to
@ -200,6 +207,11 @@ public class StandardSSLContextService extends AbstractControllerService impleme
@Override @Override
protected Collection<ValidationResult> customValidate(ValidationContext validationContext) { protected Collection<ValidationResult> customValidate(ValidationContext validationContext) {
final Collection<ValidationResult> results = new ArrayList<>(); final Collection<ValidationResult> results = new ArrayList<>();
if(isValidated) {
return results;
}
results.addAll(validateStore(validationContext.getProperties(), KeystoreValidationGroup.KEYSTORE)); results.addAll(validateStore(validationContext.getProperties(), KeystoreValidationGroup.KEYSTORE));
results.addAll(validateStore(validationContext.getProperties(), KeystoreValidationGroup.TRUSTSTORE)); results.addAll(validateStore(validationContext.getProperties(), KeystoreValidationGroup.TRUSTSTORE));
@ -228,6 +240,9 @@ public class StandardSSLContextService extends AbstractControllerService impleme
.build()); .build());
} }
} }
isValidated = results.isEmpty();
return results; return results;
} }

View File

@ -115,6 +115,35 @@ public class SSLContextServiceTest {
sslService.createSSLContext(ClientAuth.NONE); sslService.createSSLContext(ClientAuth.NONE);
} }
@Test
public void testWithChanges() throws InitializationException {
final TestRunner runner = TestRunners.newTestRunner(TestProcessor.class);
SSLContextService service = new StandardSSLContextService();
runner.addControllerService("test-good1", service);
runner.setProperty(service, StandardSSLContextService.KEYSTORE.getName(), "src/test/resources/localhost-ks.jks");
runner.setProperty(service, StandardSSLContextService.KEYSTORE_PASSWORD.getName(), "localtest");
runner.setProperty(service, StandardSSLContextService.KEYSTORE_TYPE.getName(), "JKS");
runner.setProperty(service, StandardSSLContextService.TRUSTSTORE.getName(), "src/test/resources/localhost-ts.jks");
runner.setProperty(service, StandardSSLContextService.TRUSTSTORE_PASSWORD.getName(), "localtest");
runner.setProperty(service, StandardSSLContextService.TRUSTSTORE_TYPE.getName(), "JKS");
runner.enableControllerService(service);
runner.setProperty("SSL Context Svc ID", "test-good1");
runner.assertValid(service);
runner.disableControllerService(service);
runner.setProperty(service,StandardSSLContextService.KEYSTORE.getName(), "src/test/resources/DOES-NOT-EXIST.jks");
runner.assertNotValid(service);
runner.setProperty(service, StandardSSLContextService.KEYSTORE.getName(), "src/test/resources/localhost-ks.jks");
runner.setProperty(service, StandardSSLContextService.TRUSTSTORE_PASSWORD.getName(), "badpassword");
runner.assertNotValid(service);
runner.setProperty(service, StandardSSLContextService.TRUSTSTORE_PASSWORD.getName(), "localtest");
runner.enableControllerService(service);
runner.assertValid(service);
}
@Test @Test
public void testGoodTrustOnly() { public void testGoodTrustOnly() {
try { try {