NIFI-6228 Fixed order of operations bug that prevented SSLContext from being handled correctly.

NIFI-6228 Added unit test for SSL configuration. Signed-off-by: Matthew Burgess <mattyb149@apache.org> This closes #3535
2025-02-09 11:35:05 +00:00 · 2019-06-13 18:05:30 -04:00 · 2019-06-13 18:05:30 -04:00 · c352c2cc3e
commit c352c2cc3e
parent 82a6c430a4
6 changed files with 34 additions and 1 deletions
--- a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service-api/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientService.java
+++ b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service-api/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientService.java
@ -19,6 +19,7 @@ package org.apache.nifi.elasticsearch;
 import org.apache.nifi.annotation.documentation.CapabilityDescription;
 import org.apache.nifi.annotation.documentation.Tags;
 import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.components.Validator;
 import org.apache.nifi.controller.ControllerService;
 import org.apache.nifi.expression.ExpressionLanguageScope;
 import org.apache.nifi.processor.util.StandardValidators;
@ -46,6 +47,7 @@ public interface ElasticSearchClientService extends ControllerService {
                    + "connections. This service only applies if the Elasticsearch endpoint(s) have been secured with TLS/SSL.")
            .required(false)
            .identifiesControllerService(SSLContextService.class)
+            .addValidator(Validator.VALID)
            .build();
    PropertyDescriptor USERNAME = new PropertyDescriptor.Builder()
            .name("el-cs-username")
--- a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/pom.xml
+++ b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/pom.xml
@ -155,6 +155,11 @@
            <version>1.10.0-SNAPSHOT</version>
            <scope>compile</scope>
        </dependency>
+        <dependency>
+            <groupId>org.apache.nifi</groupId>
+            <artifactId>nifi-ssl-context-service</artifactId>
+            <scope>test</scope>
+        </dependency>
    </dependencies>

    <profiles>
--- a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java
+++ b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/main/java/org/apache/nifi/elasticsearch/ElasticSearchClientServiceImpl.java
@ -128,7 +128,7 @@ public class ElasticSearchClientServiceImpl extends AbstractControllerService im

        final SSLContext sslContext;
        try {
-            sslContext = (sslService != null && sslService.isKeyStoreConfigured() || sslService.isTrustStoreConfigured())
+            sslContext = (sslService != null && (sslService.isKeyStoreConfigured() || sslService.isTrustStoreConfigured()))
                ? sslService.createSSLContext(SSLContextService.ClientAuth.NONE) : null;
        } catch (Exception e) {
            getLogger().error("Error building up SSL Context from the supplied configuration.", e);
--- a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/groovy/org/apache/nifi/elasticsearch/integration/ElasticSearch5ClientService_IT.groovy
+++ b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/groovy/org/apache/nifi/elasticsearch/integration/ElasticSearch5ClientService_IT.groovy
@ -21,6 +21,7 @@ import org.apache.nifi.elasticsearch.DeleteOperationResponse
 import org.apache.nifi.elasticsearch.ElasticSearchClientService
 import org.apache.nifi.elasticsearch.ElasticSearchClientServiceImpl
 import org.apache.nifi.elasticsearch.SearchResponse
+import org.apache.nifi.ssl.StandardSSLContextService
 import org.apache.nifi.util.TestRunner
 import org.apache.nifi.util.TestRunners
 import org.junit.After
@ -145,4 +146,29 @@ class ElasticSearch5ClientService_IT {
            old = doc
        }
    }
+
+    @Test
+    void testSSL() {
+        def sslContext = new StandardSSLContextService()
+        runner.setProperty(TestControllerServiceProcessor.CLIENT_SERVICE, "Client Service")
+        runner.disableControllerService(service)
+        runner.addControllerService("sslContext", sslContext)
+        runner.setProperty(sslContext, StandardSSLContextService.TRUSTSTORE, "src/test/resources/truststore.jks")
+        runner.setProperty(sslContext, StandardSSLContextService.TRUSTSTORE_PASSWORD, "2DZ5i7yvbG2GA3Ld4yiAsH62QDqAjWt4ToCU0yHajwM")
+        runner.setProperty(sslContext, StandardSSLContextService.TRUSTSTORE_TYPE, StandardSSLContextService.STORE_TYPE_JKS)
+        runner.setProperty(service, ElasticSearchClientService.PROP_SSL_CONTEXT_SERVICE, "sslContext")
+        runner.enableControllerService(sslContext)
+        runner.enableControllerService(service)
+        runner.assertValid()
+
+        runner.disableControllerService(service)
+        runner.disableControllerService(sslContext)
+        runner.setProperty(sslContext, StandardSSLContextService.KEYSTORE, "src/test/resources/keystore.jks")
+        runner.setProperty(sslContext, StandardSSLContextService.KEYSTORE_PASSWORD, "pben4DTOUhLDI8mZiCHNX1dGEAWrpGnSYX38FTvmaeU")
+        runner.setProperty(sslContext, StandardSSLContextService.KEYSTORE_TYPE, StandardSSLContextService.STORE_TYPE_JKS)
+        runner.enableControllerService(sslContext)
+        runner.enableControllerService(service)
+
+        runner.assertValid()
+    }
 }
--- a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/resources/keystore.jks
+++ b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/resources/keystore.jks
--- a/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/resources/truststore.jks
+++ b/nifi-nar-bundles/nifi-elasticsearch-bundle/nifi-elasticsearch-client-service/src/test/resources/truststore.jks