SslContextFactory (nifi-security-utils 1.13.0 API)

java.lang.Object
- org.apache.nifi.security.util.SslContextFactory

```
public final class SslContextFactory
extends Object
```
A factory for creating SSL contexts using the application's security properties. By requiring callers to bundle the properties in a TlsConfiguration container object, much better validation and property matching can occur. The public methods are designed for easy use, while the protected methods provide more granular (but less common) access to intermediate objects if required.

Field Summary

Fields
Modifier and Type Field and Description

private static org.slf4j.Logger logger

Fields
Modifier and Type	Field and Description
`private static org.slf4j.Logger`	`logger`

Constructor Summary

Constructors
Constructor and Description

SslContextFactory()

Constructors
Constructor and Description
`SslContextFactory()`

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static SSLContext`	`createSslContext(TlsConfiguration tlsConfiguration)` Create and initialize a `SSLContext` from the provided TLS configuration.
`static SSLContext`	`createSslContext(TlsConfiguration tlsConfiguration, TrustManager[] trustManagers)` Create and initialize a `SSLContext` from the provided TLS configuration and Trust Managers.
`static SSLSocketFactory`	`createSSLSocketFactory(TlsConfiguration tlsConfiguration)` Convenience method to return the `SSLSocketFactory` from the created `SSLContext`
`protected static KeyManager[]`	`getKeyManagers(TlsConfiguration tlsConfiguration)` Returns an array of `KeyManager`s for the provided configuration.
`static TrustManager[]`	`getTrustManagers(TlsConfiguration tlsConfiguration)` Returns an array of `TrustManager` implementations based on the provided truststore configurations.
`static X509TrustManager`	`getX509TrustManager(TlsConfiguration tlsConfiguration)` Returns a configured `X509TrustManager` for the provided configuration.
`private static SSLContext`	`initializeSSLContext(TlsConfiguration tlsConfiguration, KeyManager[] keyManagers, TrustManager[] trustManagers)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - logger
```
private static final org.slf4j.Logger logger
```
- Constructor Detail
  - SslContextFactory
```
public SslContextFactory()
```
- Method Detail
  - createSslContext
```
public static SSLContext createSslContext(TlsConfiguration tlsConfiguration)
                                   throws TlsException
```
    Create and initialize a SSLContext from the provided TLS configuration.
    
    Parameters:
    
    tlsConfiguration - the TLS configuration container object
    
    Returns:
    
    SSLContext initialized from TLS Configuration or null when TLS Configuration is empty
    
    Throws:
    
    TlsException - if there is a problem configuring the SSLContext
  - createSslContext
```
public static SSLContext createSslContext(TlsConfiguration tlsConfiguration,
                                          TrustManager[] trustManagers)
                                   throws TlsException
```
    Create and initialize a SSLContext from the provided TLS configuration and Trust Managers.
    
    Parameters:
    
    tlsConfiguration - the TLS configuration container object
    
    trustManagers - Trust Managers can be null to use platform default Trust Managers
    
    Returns:
    
    SSLContext initialized from TLS Configuration or null when TLS Configuration is empty
    
    Throws:
    
    TlsException - if there is a problem configuring the SSLContext
  - getX509TrustManager
```
public static X509TrustManager getX509TrustManager(TlsConfiguration tlsConfiguration)
                                            throws TlsException
```
    Returns a configured X509TrustManager for the provided configuration. Useful for constructing HTTP clients which require their own trust management rather than an SSLContext. Filters and removes any trust managers that are not X509TrustManager implementations, and returns the first X.509 trust manager.
    
    Parameters:
    
    tlsConfiguration - the TLS configuration container object
    
    Returns:
    
    an X.509 TrustManager (can be null)
    
    Throws:
    
    TlsException - if there is a problem reading the truststore to create the trust managers
  - createSSLSocketFactory
```
public static SSLSocketFactory createSSLSocketFactory(TlsConfiguration tlsConfiguration)
                                               throws TlsException
```
    Convenience method to return the SSLSocketFactory from the created SSLContext
    
    Parameters:
    
    tlsConfiguration - the TLS configuration container object
    
    Returns:
    
    the configured SSLSocketFactory (can be null)
    
    Throws:
    
    TlsException - if there is a problem creating the SSLContext or SSLSocketFactory
  - getKeyManagers
```
protected static KeyManager[] getKeyManagers(TlsConfiguration tlsConfiguration)
                                      throws TlsException
```
    Returns an array of KeyManagers for the provided configuration. Useful for constructing HTTP clients which require their own key management rather than an SSLContext. The result can be null or empty. If an empty configuration is provided, null is returned. However, if a partially-populated but invalid configuration is provided, a TlsException is thrown.
    
    Parameters:
    
    tlsConfiguration - the TLS configuration container object with keystore properties
    
    Returns:
    
    an array of KeyManagers (can be null)
    
    Throws:
    
    TlsException - if there is a problem reading the keystore to create the key managers
  - getTrustManagers
```
public static TrustManager[] getTrustManagers(TlsConfiguration tlsConfiguration)
                                       throws TlsException
```
    Returns an array of TrustManager implementations based on the provided truststore configurations. The result can be null or empty. If an empty configuration is provided, null is returned. However, if a partially-populated but invalid configuration is provided, a TlsException is thrown.
    Most callers do not need the full array and can use getX509TrustManager(TlsConfiguration) directly.
    
    Parameters:
    
    tlsConfiguration - the TLS configuration container object with truststore properties
    
    Returns:
    
    the loaded trust managers
    
    Throws:
    
    TlsException - if there is a problem reading from the truststore
  - initializeSSLContext
```
private static SSLContext initializeSSLContext(TlsConfiguration tlsConfiguration,
                                               KeyManager[] keyManagers,
                                               TrustManager[] trustManagers)
                                        throws TlsException
```
    Throws:
    
    TlsException

Class SslContextFactory

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

logger

Constructor Detail

SslContextFactory

Method Detail

createSslContext

createSslContext

getX509TrustManager

createSSLSocketFactory

getKeyManagers

getTrustManagers

initializeSSLContext