diff --git a/checkstyle.xml b/checkstyle.xml
index 193a4dfd12..42f4bdf1d1 100644
--- a/checkstyle.xml
+++ b/checkstyle.xml
@@ -37,6 +37,8 @@
+
+
diff --git a/nifi-api/src/main/java/org/apache/nifi/flow/ParameterProviderReference.java b/nifi-api/src/main/java/org/apache/nifi/flow/ParameterProviderReference.java
index fb6d915758..93e7041dd8 100644
--- a/nifi-api/src/main/java/org/apache/nifi/flow/ParameterProviderReference.java
+++ b/nifi-api/src/main/java/org/apache/nifi/flow/ParameterProviderReference.java
@@ -18,7 +18,6 @@ package org.apache.nifi.flow;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
-import org.apache.nifi.flow.Bundle;
@ApiModel
public class ParameterProviderReference {
diff --git a/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/ClientTransactionCompletion.java b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/ClientTransactionCompletion.java
index 9778ab4bff..5ca72e0033 100644
--- a/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/ClientTransactionCompletion.java
+++ b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/ClientTransactionCompletion.java
@@ -18,8 +18,6 @@ package org.apache.nifi.remote;
import java.util.concurrent.TimeUnit;
-import org.apache.nifi.remote.TransactionCompletion;
-
public class ClientTransactionCompletion implements TransactionCompletion {
private final boolean backoff;
diff --git a/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/cluster/NodeInformationAdapter.java b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/cluster/NodeInformationAdapter.java
index c17849ef9c..30356de871 100644
--- a/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/cluster/NodeInformationAdapter.java
+++ b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/cluster/NodeInformationAdapter.java
@@ -18,8 +18,6 @@ package org.apache.nifi.remote.cluster;
import javax.xml.bind.annotation.adapters.XmlAdapter;
-import org.apache.nifi.remote.cluster.NodeInformation;
-
public class NodeInformationAdapter extends XmlAdapter {
@Override
diff --git a/nifi-commons/nifi-web-utils/src/test/groovy/org/apache/nifi/web/util/WebUtilsGroovyTest.groovy b/nifi-commons/nifi-web-utils/src/test/groovy/org/apache/nifi/web/util/WebUtilsGroovyTest.groovy
deleted file mode 100644
index 4bc55a24c5..0000000000
--- a/nifi-commons/nifi-web-utils/src/test/groovy/org/apache/nifi/web/util/WebUtilsGroovyTest.groovy
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.util
-
-import org.apache.http.conn.ssl.DefaultHostnameVerifier
-import org.glassfish.jersey.client.ClientConfig
-import org.junit.jupiter.api.Test
-import org.mockito.Mockito
-import sun.security.tools.keytool.CertAndKeyGen
-import sun.security.x509.X500Name
-
-import javax.net.ssl.HostnameVerifier
-import javax.net.ssl.SSLContext
-import javax.net.ssl.SSLPeerUnverifiedException
-import javax.servlet.http.HttpServletRequest
-import javax.ws.rs.client.Client
-import javax.ws.rs.core.UriBuilderException
-import java.security.cert.X509Certificate
-
-import static org.junit.jupiter.api.Assertions.assertThrows
-import static org.junit.jupiter.api.Assertions.assertTrue
-
-class WebUtilsGroovyTest {
- static final String PCP_HEADER = "X-ProxyContextPath"
- static final String FC_HEADER = "X-Forwarded-Context"
- static final String FP_HEADER = "X-Forwarded-Prefix"
-
- static final String ALLOWED_PATH = "/some/context/path"
-
- HttpServletRequest mockRequest(Map keys) {
- HttpServletRequest mockRequest = [
- getContextPath: { ->
- "default/path"
- },
- getHeader : { String k ->
- switch (k) {
- case PCP_HEADER:
- return keys["proxy"]
- break
- case FC_HEADER:
- return keys["forward"]
- break
- case FP_HEADER:
- return keys["prefix"]
- break
- default:
- return ""
- }
- }] as HttpServletRequest
- mockRequest
- }
-
- @Test
- void testShouldDetermineCorrectContextPathWhenPresent() throws Exception {
- // Arrange
- final String CORRECT_CONTEXT_PATH = ALLOWED_PATH
- final String WRONG_CONTEXT_PATH = "this/is/a/bad/path"
-
- // Variety of requests with different ordering of context paths (the correct one is always "some/context/path"
- HttpServletRequest proxyRequest = mockRequest([proxy: CORRECT_CONTEXT_PATH])
- HttpServletRequest forwardedRequest = mockRequest([forward: CORRECT_CONTEXT_PATH])
- HttpServletRequest prefixRequest = mockRequest([prefix: CORRECT_CONTEXT_PATH])
- HttpServletRequest proxyBeforeForwardedRequest = mockRequest([proxy: CORRECT_CONTEXT_PATH, forward: WRONG_CONTEXT_PATH])
- HttpServletRequest proxyBeforePrefixRequest = mockRequest([proxy: CORRECT_CONTEXT_PATH, prefix: WRONG_CONTEXT_PATH])
- HttpServletRequest forwardBeforePrefixRequest = mockRequest([forward: CORRECT_CONTEXT_PATH, prefix: WRONG_CONTEXT_PATH])
- List requests = [proxyRequest, forwardedRequest, prefixRequest, proxyBeforeForwardedRequest,
- proxyBeforePrefixRequest, forwardBeforePrefixRequest]
-
- // Act
- requests.each { HttpServletRequest request ->
- String determinedContextPath = WebUtils.determineContextPath(request)
-
- // Assert
- assert determinedContextPath == CORRECT_CONTEXT_PATH
- }
- }
-
- @Test
- void testShouldDetermineCorrectContextPathWhenAbsent() throws Exception {
- // Arrange
- final String CORRECT_CONTEXT_PATH = ""
-
- // Variety of requests with different ordering of non-existent context paths (the correct one is always ""
- HttpServletRequest proxyRequest = mockRequest([proxy: ""])
- HttpServletRequest proxySpacesRequest = mockRequest([proxy: " "])
- HttpServletRequest forwardedRequest = mockRequest([forward: ""])
- HttpServletRequest forwardedSpacesRequest = mockRequest([forward: " "])
- HttpServletRequest prefixRequest = mockRequest([prefix: ""])
- HttpServletRequest prefixSpacesRequest = mockRequest([prefix: " "])
- HttpServletRequest proxyBeforeForwardedOrPrefixRequest = mockRequest([proxy: "", forward: "", prefix: ""])
- HttpServletRequest proxyBeforeForwardedOrPrefixSpacesRequest = mockRequest([proxy: " ", forward: " ", prefix: " "])
- List requests = [proxyRequest, proxySpacesRequest, forwardedRequest, forwardedSpacesRequest, prefixRequest, prefixSpacesRequest,
- proxyBeforeForwardedOrPrefixRequest, proxyBeforeForwardedOrPrefixSpacesRequest]
-
- // Act
- requests.each { HttpServletRequest request ->
- String determinedContextPath = WebUtils.determineContextPath(request)
-
- // Assert
- assert determinedContextPath == CORRECT_CONTEXT_PATH
- }
- }
-
- @Test
- void testShouldNormalizeContextPath() throws Exception {
- // Arrange
- final String CORRECT_CONTEXT_PATH = ALLOWED_PATH
- final String TRIMMED_PATH = ALLOWED_PATH[1..-1] // Trims leading /
-
- // Variety of different context paths (the correct one is always "/some/context/path")
- List contextPaths = ["/$TRIMMED_PATH", "/" + TRIMMED_PATH, TRIMMED_PATH, TRIMMED_PATH + "/"]
-
- // Act
- contextPaths.each { String contextPath ->
- String normalizedContextPath = WebUtils.normalizeContextPath(contextPath)
-
- // Assert
- assert normalizedContextPath == CORRECT_CONTEXT_PATH
- }
- }
-
- @Test
- void testVerifyContextPathShouldAllowContextPathHeaderIfInAllowList() throws Exception {
- WebUtils.verifyContextPath(Arrays.asList(ALLOWED_PATH), ALLOWED_PATH)
- }
-
- @Test
- void testVerifyContextPathShouldAllowContextPathHeaderIfInMultipleAllowLists() throws Exception {
- WebUtils.verifyContextPath(Arrays.asList(ALLOWED_PATH, ALLOWED_PATH.reverse()), ALLOWED_PATH)
- }
-
- @Test
- void testVerifyContextPathShouldAllowContextPathHeaderIfBlank() throws Exception {
- def emptyContextPaths = ["", " ", "\t", null]
- emptyContextPaths.each { String contextPath ->
- WebUtils.verifyContextPath(Arrays.asList(ALLOWED_PATH), contextPath)
- }
- }
-
- @Test
- void testVerifyContextPathShouldBlockContextPathHeaderIfNotAllowed() throws Exception {
- def invalidContextPaths = ["/other/path", "localhost", "/../trying/to/escape"]
-
- invalidContextPaths.each { String contextPath ->
- assertThrows(UriBuilderException.class, () -> WebUtils.verifyContextPath(Arrays.asList(ALLOWED_PATH), contextPath))
- }
- }
-
- @Test
- void testHostnameVerifierType() {
- // Arrange
- SSLContext sslContext = Mockito.mock(SSLContext.class)
- final ClientConfig clientConfig = new ClientConfig()
-
- // Act
- Client client = WebUtils.createClient(clientConfig, sslContext)
- HostnameVerifier hostnameVerifier = client.getHostnameVerifier()
-
- // Assert
- assertTrue(hostnameVerifier instanceof DefaultHostnameVerifier)
- }
-
- @Test
- void testHostnameVerifierWildcard() {
- // Arrange
- final String EXPECTED_DN = "CN=*.apache.com,OU=Security,O=Apache,ST=CA,C=US"
- final String hostname = "nifi.apache.com"
- X509Certificate cert = generateCertificate(EXPECTED_DN)
- SSLContext sslContext = Mockito.mock(SSLContext.class)
- final ClientConfig clientConfig = new ClientConfig()
-
- // Act
- Client client = WebUtils.createClient(clientConfig, sslContext)
- DefaultHostnameVerifier hostnameVerifier = (DefaultHostnameVerifier) client.getHostnameVerifier()
-
- // Verify
- hostnameVerifier.verify(hostname, cert)
- }
-
- @Test
- void testHostnameVerifierDNWildcardFourthLevelDomain() {
- // Arrange
- final String EXPECTED_DN = "CN=*.nifi.apache.org,OU=Security,O=Apache,ST=CA,C=US"
- final String clientHostname = "client.nifi.apache.org"
- final String serverHostname = "server.nifi.apache.org"
- X509Certificate cert = generateCertificate(EXPECTED_DN)
- SSLContext sslContext = Mockito.mock(SSLContext.class)
- final ClientConfig clientConfig = new ClientConfig()
-
-
- // Act
- Client client = WebUtils.createClient(clientConfig, sslContext)
- DefaultHostnameVerifier hostnameVerifier = client.getHostnameVerifier()
-
- // Verify
- hostnameVerifier.verify(clientHostname, cert)
- hostnameVerifier.verify(serverHostname, cert)
- }
-
- @Test
- void testHostnameVerifierDomainLevelMismatch() {
- // Arrange
- final String EXPECTED_DN = "CN=*.nifi.apache.org,OU=Security,O=Apache,ST=CA,C=US"
- final String hostname = "nifi.apache.org"
- X509Certificate cert = generateCertificate(EXPECTED_DN)
- SSLContext sslContext = Mockito.mock(SSLContext.class)
- final ClientConfig clientConfig = new ClientConfig()
-
- // Act
- Client client = WebUtils.createClient(clientConfig, sslContext)
- DefaultHostnameVerifier hostnameVerifier = client.getHostnameVerifier()
-
- assertThrows(SSLPeerUnverifiedException.class, () -> hostnameVerifier.verify(hostname, cert))
- }
-
- @Test
- void testHostnameVerifierEmptyHostname() {
- // Arrange
- final String EXPECTED_DN = "CN=nifi.apache.org,OU=Security,O=Apache,ST=CA,C=US"
- final String hostname = ""
- X509Certificate cert = generateCertificate(EXPECTED_DN)
- SSLContext sslContext = Mockito.mock(SSLContext.class)
- final ClientConfig clientConfig = new ClientConfig()
-
- // Act
- Client client = WebUtils.createClient(clientConfig, sslContext)
- DefaultHostnameVerifier hostnameVerifier = client.getHostnameVerifier()
-
- assertThrows(SSLPeerUnverifiedException.class, () -> hostnameVerifier.verify(hostname, cert))
- }
-
- @Test
- void testHostnameVerifierDifferentSubdomain() {
- // Arrange
- final String EXPECTED_DN = "CN=nifi.apache.org,OU=Security,O=Apache,ST=CA,C=US"
- final String hostname = "egg.apache.org"
- X509Certificate cert = generateCertificate(EXPECTED_DN)
- SSLContext sslContext = Mockito.mock(SSLContext.class)
- final ClientConfig clientConfig = new ClientConfig()
-
- // Act
- Client client = WebUtils.createClient(clientConfig, sslContext)
- DefaultHostnameVerifier hostnameVerifier = client.getHostnameVerifier()
-
- assertThrows(SSLPeerUnverifiedException.class, () -> hostnameVerifier.verify(hostname, cert))
- }
-
- @Test
- void testHostnameVerifierDifferentTLD() {
- // Arrange
- final String EXPECTED_DN = "CN=nifi.apache.org,OU=Security,O=Apache,ST=CA,C=US"
- final String hostname = "nifi.apache.com"
- X509Certificate cert = generateCertificate(EXPECTED_DN)
- SSLContext sslContext = Mockito.mock(SSLContext.class)
- final ClientConfig clientConfig = new ClientConfig()
-
- // Act
- Client client = WebUtils.createClient(clientConfig, sslContext)
- DefaultHostnameVerifier hostnameVerifier = client.getHostnameVerifier()
-
- assertThrows(SSLPeerUnverifiedException.class, () -> hostnameVerifier.verify(hostname, cert))
- }
-
- @Test
- void testHostnameVerifierWildcardTLD() {
- // Arrange
- final String EXPECTED_DN = "CN=nifi.apache.*,OU=Security,O=Apache,ST=CA,C=US"
- final String comTLDhostname = "nifi.apache.com"
- final String orgTLDHostname = "nifi.apache.org"
- X509Certificate cert = generateCertificate(EXPECTED_DN)
- SSLContext sslContext = Mockito.mock(SSLContext.class)
- final ClientConfig clientConfig = new ClientConfig()
-
- // Act
- Client client = WebUtils.createClient(clientConfig, sslContext)
- DefaultHostnameVerifier hostnameVerifier = client.getHostnameVerifier()
-
- // Verify
- hostnameVerifier.verify(comTLDhostname, cert)
- hostnameVerifier.verify(orgTLDHostname, cert)
- }
-
- @Test
- void testHostnameVerifierWildcardDomain() {
- // Arrange
- final String EXPECTED_DN = "CN=nifi.*.com,OU=Security,O=Apache,ST=CA,C=US"
- final String hostname = "nifi.apache.com"
- X509Certificate cert = generateCertificate(EXPECTED_DN)
- SSLContext sslContext = Mockito.mock(SSLContext.class)
- final ClientConfig clientConfig = new ClientConfig()
-
- // Act
- Client client = WebUtils.createClient(clientConfig, sslContext)
- DefaultHostnameVerifier hostnameVerifier = client.getHostnameVerifier()
-
- // Verify
- hostnameVerifier.verify(hostname, cert)
- }
-
- X509Certificate generateCertificate(String DN) {
- CertAndKeyGen certGenerator = new CertAndKeyGen("RSA", "SHA256WithRSA", null)
- certGenerator.generate(2048)
-
- long validityPeriod = (long) 365 * 24 * 60 * 60 // 1 YEAR
- X509Certificate cert = certGenerator.getSelfCertificate(new X500Name(DN), validityPeriod)
- return cert
- }
-}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/endpoints/ControllerConfigurationEndpointMerger.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/endpoints/ControllerConfigurationEndpointMerger.java
index 4e7af172e2..1f2647c62a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/endpoints/ControllerConfigurationEndpointMerger.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/endpoints/ControllerConfigurationEndpointMerger.java
@@ -16,7 +16,6 @@
*/
package org.apache.nifi.cluster.coordination.http.endpoints;
-import org.apache.nifi.cluster.coordination.http.endpoints.AbstractSingleEntityEndpoint;
import org.apache.nifi.cluster.manager.NodeResponse;
import org.apache.nifi.cluster.manager.PermissionsDtoMerger;
import org.apache.nifi.cluster.protocol.NodeIdentifier;
diff --git a/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-processors/src/test/java/org/apache/nifi/processors/splunk/TestPutSplunkHTTP.java b/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-processors/src/test/java/org/apache/nifi/processors/splunk/TestPutSplunkHTTP.java
index dd92cdf95a..f943157aa9 100644
--- a/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-processors/src/test/java/org/apache/nifi/processors/splunk/TestPutSplunkHTTP.java
+++ b/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-processors/src/test/java/org/apache/nifi/processors/splunk/TestPutSplunkHTTP.java
@@ -49,10 +49,6 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertNull;
-
@ExtendWith(MockitoExtension.class)
public class TestPutSplunkHTTP {
private static final String ACK_ID = "1234";
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/util/FTPTransfer.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/util/FTPTransfer.java
index f36c1ed612..031ad36686 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/util/FTPTransfer.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/util/FTPTransfer.java
@@ -50,7 +50,6 @@ import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
-import org.apache.nifi.processors.standard.util.FileTransfer;
import org.apache.nifi.processors.standard.ftp.FTPClientProvider;
import org.apache.nifi.processors.standard.ftp.StandardFTPClientProvider;
import org.apache.nifi.proxy.ProxyConfiguration;
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-record-sink-service-bundle/nifi-record-sink-service/src/test/java/org/apache/nifi/record/sink/TestProcessor.java b/nifi-nar-bundles/nifi-standard-services/nifi-record-sink-service-bundle/nifi-record-sink-service/src/test/java/org/apache/nifi/record/sink/TestProcessor.java
index 615e50f174..23a0519c11 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-record-sink-service-bundle/nifi-record-sink-service/src/test/java/org/apache/nifi/record/sink/TestProcessor.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-record-sink-service-bundle/nifi-record-sink-service/src/test/java/org/apache/nifi/record/sink/TestProcessor.java
@@ -21,7 +21,6 @@ import org.apache.nifi.processor.AbstractProcessor;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.exception.ProcessException;
-import org.apache.nifi.record.sink.RecordSinkService;
import java.util.ArrayList;
import java.util.List;