mirror of https://github.com/apache/nifi.git
NIFI-3004 Improved StandardSSLContextService customValidate
Signed-off-by: Andy LoPresto <alopresto@apache.org>
This commit is contained in:
parent
3259b01f8e
commit
970c46ccfe
|
@ -118,6 +118,7 @@ public class StandardSSLContextService extends AbstractControllerService impleme
|
||||||
|
|
||||||
private static final List<PropertyDescriptor> properties;
|
private static final List<PropertyDescriptor> properties;
|
||||||
private ConfigurationContext configContext;
|
private ConfigurationContext configContext;
|
||||||
|
private boolean isValidated;
|
||||||
|
|
||||||
static {
|
static {
|
||||||
List<PropertyDescriptor> props = new ArrayList<>();
|
List<PropertyDescriptor> props = new ArrayList<>();
|
||||||
|
@ -161,6 +162,12 @@ public class StandardSSLContextService extends AbstractControllerService impleme
|
||||||
createSSLContext(ClientAuth.REQUIRED);
|
createSSLContext(ClientAuth.REQUIRED);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void onPropertyModified(PropertyDescriptor descriptor, String oldValue, String newValue) {
|
||||||
|
super.onPropertyModified(descriptor, oldValue, newValue);
|
||||||
|
isValidated = false;
|
||||||
|
}
|
||||||
|
|
||||||
private static Validator createFileExistsAndReadableValidator() {
|
private static Validator createFileExistsAndReadableValidator() {
|
||||||
return new Validator() {
|
return new Validator() {
|
||||||
// Not using the FILE_EXISTS_VALIDATOR because the default is to
|
// Not using the FILE_EXISTS_VALIDATOR because the default is to
|
||||||
|
@ -200,6 +207,11 @@ public class StandardSSLContextService extends AbstractControllerService impleme
|
||||||
@Override
|
@Override
|
||||||
protected Collection<ValidationResult> customValidate(ValidationContext validationContext) {
|
protected Collection<ValidationResult> customValidate(ValidationContext validationContext) {
|
||||||
final Collection<ValidationResult> results = new ArrayList<>();
|
final Collection<ValidationResult> results = new ArrayList<>();
|
||||||
|
|
||||||
|
if(isValidated) {
|
||||||
|
return results;
|
||||||
|
}
|
||||||
|
|
||||||
results.addAll(validateStore(validationContext.getProperties(), KeystoreValidationGroup.KEYSTORE));
|
results.addAll(validateStore(validationContext.getProperties(), KeystoreValidationGroup.KEYSTORE));
|
||||||
results.addAll(validateStore(validationContext.getProperties(), KeystoreValidationGroup.TRUSTSTORE));
|
results.addAll(validateStore(validationContext.getProperties(), KeystoreValidationGroup.TRUSTSTORE));
|
||||||
|
|
||||||
|
@ -228,6 +240,9 @@ public class StandardSSLContextService extends AbstractControllerService impleme
|
||||||
.build());
|
.build());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
isValidated = results.isEmpty();
|
||||||
|
|
||||||
return results;
|
return results;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -115,6 +115,35 @@ public class SSLContextServiceTest {
|
||||||
sslService.createSSLContext(ClientAuth.NONE);
|
sslService.createSSLContext(ClientAuth.NONE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testWithChanges() throws InitializationException {
|
||||||
|
final TestRunner runner = TestRunners.newTestRunner(TestProcessor.class);
|
||||||
|
SSLContextService service = new StandardSSLContextService();
|
||||||
|
runner.addControllerService("test-good1", service);
|
||||||
|
runner.setProperty(service, StandardSSLContextService.KEYSTORE.getName(), "src/test/resources/localhost-ks.jks");
|
||||||
|
runner.setProperty(service, StandardSSLContextService.KEYSTORE_PASSWORD.getName(), "localtest");
|
||||||
|
runner.setProperty(service, StandardSSLContextService.KEYSTORE_TYPE.getName(), "JKS");
|
||||||
|
runner.setProperty(service, StandardSSLContextService.TRUSTSTORE.getName(), "src/test/resources/localhost-ts.jks");
|
||||||
|
runner.setProperty(service, StandardSSLContextService.TRUSTSTORE_PASSWORD.getName(), "localtest");
|
||||||
|
runner.setProperty(service, StandardSSLContextService.TRUSTSTORE_TYPE.getName(), "JKS");
|
||||||
|
runner.enableControllerService(service);
|
||||||
|
|
||||||
|
runner.setProperty("SSL Context Svc ID", "test-good1");
|
||||||
|
runner.assertValid(service);
|
||||||
|
|
||||||
|
runner.disableControllerService(service);
|
||||||
|
runner.setProperty(service,StandardSSLContextService.KEYSTORE.getName(), "src/test/resources/DOES-NOT-EXIST.jks");
|
||||||
|
runner.assertNotValid(service);
|
||||||
|
|
||||||
|
runner.setProperty(service, StandardSSLContextService.KEYSTORE.getName(), "src/test/resources/localhost-ks.jks");
|
||||||
|
runner.setProperty(service, StandardSSLContextService.TRUSTSTORE_PASSWORD.getName(), "badpassword");
|
||||||
|
runner.assertNotValid(service);
|
||||||
|
|
||||||
|
runner.setProperty(service, StandardSSLContextService.TRUSTSTORE_PASSWORD.getName(), "localtest");
|
||||||
|
runner.enableControllerService(service);
|
||||||
|
runner.assertValid(service);
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testGoodTrustOnly() {
|
public void testGoodTrustOnly() {
|
||||||
try {
|
try {
|
||||||
|
|
Loading…
Reference in New Issue