org.apache.nifi.security.util

Class StandardTlsConfiguration

java.lang.Object

org.apache.nifi.security.util.StandardTlsConfiguration

All Implemented Interfaces:

TlsConfiguration

public class StandardTlsConfiguration
extends Object
implements TlsConfiguration

This class serves as a concrete immutable domain object (acting as an internal DTO) for the various keystore and truststore configuration settings necessary for building SSLContexts.

Field Summary

Fields

Modifier and Type	Field and Description
private String	keyPassword
private String	keystorePassword
private String	keystorePath
private KeystoreType	keystoreType
private static org.slf4j.Logger	logger
private static String	MASKED_PASSWORD_LOG
private static String	NULL_LOG
private String	protocol
private static String	TLS_PROTOCOL_VERSION
private String	truststorePassword
private String	truststorePath
private KeystoreType	truststoreType

Fields inherited from interface org.apache.nifi.security.util.TlsConfiguration

JAVA_11_MAX_SUPPORTED_TLS_PROTOCOL_VERSION, JAVA_11_SUPPORTED_TLS_PROTOCOL_VERSIONS, JAVA_8_MAX_SUPPORTED_TLS_PROTOCOL_VERSION, JAVA_8_SUPPORTED_TLS_PROTOCOL_VERSIONS, LEGACY_TLS_PROTOCOL_VERSIONS, SSL_PROTOCOL, TLS_1_0_PROTOCOL, TLS_1_1_PROTOCOL, TLS_1_2_PROTOCOL, TLS_PROTOCOL

Constructor Summary

Constructors

Constructor and Description
StandardTlsConfiguration() Default constructor present for testing and completeness.
StandardTlsConfiguration(String keystorePath, String keystorePassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType) Instantiates a container object with the given configuration values.
StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType) Instantiates a container object with the given configuration values.
StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType, String protocol) Instantiates a container object with the given configuration values.
StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword, String keystoreType, String truststorePath, String truststorePassword, String truststoreType) Instantiates a container object with the given configuration values.
StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword, String keystoreType, String truststorePath, String truststorePassword, String truststoreType, String protocol) Instantiates a container object with the given configuration values.
StandardTlsConfiguration(TlsConfiguration other) Instantiates a container object with a deep copy of the given configuration values.

Method Summary

Modifier and Type	Method and Description
boolean	equals(Object o)
static StandardTlsConfiguration	fromNiFiProperties(NiFiProperties niFiProperties) Returns a TlsConfiguration instantiated from the relevant NiFiProperties properties.
static StandardTlsConfiguration	fromNiFiPropertiesTruststoreOnly(NiFiProperties niFiProperties) Returns a TlsConfiguration instantiated from the relevant NiFiProperties properties for the truststore only.
String[]	getEnabledProtocols() Get Enabled TLS Protocols translates SSL to legacy protocols and TLS to current protocols or returns configured protocol
String	getFunctionalKeyPassword() Returns the "working" key password -- if the key password is populated, it is returned; otherwise the getKeystorePassword() is returned.
String	getFunctionalKeyPasswordForLogging() Returns "********" if the functional key password is populated, "null" if not.
String	getKeyPassword()
String	getKeyPasswordForLogging() Returns "********" if the key password is populated, "null" if not.
String	getKeystorePassword()
String	getKeystorePasswordForLogging() Returns "********" if the keystore password is populated, "null" if not.
String	getKeystorePath()
String[]	getKeystorePropertiesForLogging() Returns a String[] containing the keystore properties for logging.
KeystoreType	getKeystoreType()
String	getProtocol()
String	getTruststorePassword()
String	getTruststorePasswordForLogging() Returns "********" if the truststore password is populated, "null" if not.
String	getTruststorePath()
String[]	getTruststorePropertiesForLogging() Returns a String[] containing the truststore properties for logging.
KeystoreType	getTruststoreType()
int	hashCode()
boolean	isAnyKeystorePopulated() Returns true if any of the keystore properties is populated, indicating that the caller expects a valid keystore to be generated.
private boolean	isAnyPopulated(String path, String password, KeystoreType type)
boolean	isAnyTruststorePopulated() Returns true if any of the truststore properties is populated, indicating that the caller expects a valid truststore to be generated.
boolean	isKeystorePopulated() Returns true if the necessary properties are populated to instantiate a keystore.
boolean	isKeystoreValid() Returns true if the necessary properties are populated and the keystore can be successfully instantiated (i.e.
private boolean	isStorePopulated(String path, String password, KeystoreType type, String label)
private boolean	isStoreValid(String path, String password, KeystoreType type, String label)
boolean	isTruststorePopulated() Returns true if the necessary properties are populated to instantiate a truststore.
boolean	isTruststoreValid() Returns true if the necessary properties are populated and the truststore can be successfully instantiated (i.e.
private static String	maskPasswordForLog(String password)
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.apache.nifi.security.util.TlsConfiguration

getCurrentSupportedTlsProtocolVersions, getHighestCurrentSupportedTlsProtocolVersion, getJavaVersion, isEmpty, parseJavaVersion

Field Detail

logger

private static final org.slf4j.Logger logger

TLS_PROTOCOL_VERSION

private static final String TLS_PROTOCOL_VERSION

MASKED_PASSWORD_LOG

private static final String MASKED_PASSWORD_LOG

See Also:

Constant Field Values

NULL_LOG

private static final String NULL_LOG

See Also:

Constant Field Values

keystorePath

private final String keystorePath

keystorePassword

private final String keystorePassword

keyPassword

private final String keyPassword

keystoreType

private final KeystoreType keystoreType

truststorePath

private final String truststorePath

truststorePassword

private final String truststorePassword

truststoreType

private final KeystoreType truststoreType

protocol

private final String protocol

Constructor Detail

StandardTlsConfiguration

public StandardTlsConfiguration()

Default constructor present for testing and completeness.

StandardTlsConfiguration

public StandardTlsConfiguration(String keystorePath,
                                String keystorePassword,
                                KeystoreType keystoreType,
                                String truststorePath,
                                String truststorePassword,
                                KeystoreType truststoreType)

Instantiates a container object with the given configuration values.

Parameters:

keystorePath - the keystore path

keystorePassword - the keystore password

keystoreType - the keystore type

truststorePath - the truststore path

truststorePassword - the truststore password

truststoreType - the truststore type

StandardTlsConfiguration

public StandardTlsConfiguration(String keystorePath,
                                String keystorePassword,
                                String keyPassword,
                                KeystoreType keystoreType,
                                String truststorePath,
                                String truststorePassword,
                                KeystoreType truststoreType)

Instantiates a container object with the given configuration values.

Parameters:

keystorePath - the keystore path

keystorePassword - the keystore password

keyPassword - the key password

keystoreType - the keystore type

truststorePath - the truststore path

truststorePassword - the truststore password

truststoreType - the truststore type

StandardTlsConfiguration

public StandardTlsConfiguration(String keystorePath,
                                String keystorePassword,
                                String keyPassword,
                                String keystoreType,
                                String truststorePath,
                                String truststorePassword,
                                String truststoreType)

Instantiates a container object with the given configuration values.

Parameters:

keystorePath - the keystore path

keystorePassword - the keystore password

keyPassword - the key password

keystoreType - the keystore type as a String

truststorePath - the truststore path

truststorePassword - the truststore password

truststoreType - the truststore type as a String

StandardTlsConfiguration

public StandardTlsConfiguration(String keystorePath,
                                String keystorePassword,
                                String keyPassword,
                                String keystoreType,
                                String truststorePath,
                                String truststorePassword,
                                String truststoreType,
                                String protocol)

Instantiates a container object with the given configuration values.

Parameters:

keystorePath - the keystore path

keystorePassword - the keystore password

keyPassword - the (optional) key password -- if null, the keystore password is assumed the same for the individual key

keystoreType - the keystore type as a String

truststorePath - the truststore path

truststorePassword - the truststore password

truststoreType - the truststore type as a String

protocol - the TLS protocol version string

StandardTlsConfiguration

public StandardTlsConfiguration(String keystorePath,
                                String keystorePassword,
                                String keyPassword,
                                KeystoreType keystoreType,
                                String truststorePath,
                                String truststorePassword,
                                KeystoreType truststoreType,
                                String protocol)

Instantiates a container object with the given configuration values.

Parameters:

keystorePath - the keystore path

keystorePassword - the keystore password

keyPassword - the (optional) key password -- if null, the keystore password is assumed the same for the individual key

keystoreType - the keystore type

truststorePath - the truststore path

truststorePassword - the truststore password

truststoreType - the truststore type

protocol - the TLS protocol version string

StandardTlsConfiguration

public StandardTlsConfiguration(TlsConfiguration other)

Instantiates a container object with a deep copy of the given configuration values.

Parameters:

other - the configuration to copy

Method Detail

fromNiFiProperties

public static StandardTlsConfiguration fromNiFiProperties(NiFiProperties niFiProperties)

Returns a TlsConfiguration instantiated from the relevant NiFiProperties properties.

Parameters:

niFiProperties - the NiFi properties

Returns:

a populated TlsConfiguration container object

fromNiFiPropertiesTruststoreOnly

public static StandardTlsConfiguration fromNiFiPropertiesTruststoreOnly(NiFiProperties niFiProperties)

Returns a TlsConfiguration instantiated from the relevant NiFiProperties properties for the truststore only. No keystore properties are read or used.

Parameters:

niFiProperties - the NiFi properties

Returns:

a populated TlsConfiguration container object

getKeystorePath

public String getKeystorePath()

Specified by:

getKeystorePath in interface TlsConfiguration

getKeystorePassword

public String getKeystorePassword()

Specified by:

getKeystorePassword in interface TlsConfiguration

getKeystorePasswordForLogging

public String getKeystorePasswordForLogging()

Returns "********" if the keystore password is populated, "null" if not.

Specified by:

getKeystorePasswordForLogging in interface TlsConfiguration

Returns:

a loggable String representation of the keystore password

getKeyPassword

public String getKeyPassword()

Specified by:

getKeyPassword in interface TlsConfiguration

getKeyPasswordForLogging

public String getKeyPasswordForLogging()

Returns "********" if the key password is populated, "null" if not.

Specified by:

getKeyPasswordForLogging in interface TlsConfiguration

Returns:

a loggable String representation of the key password

getFunctionalKeyPassword

public String getFunctionalKeyPassword()

Returns the "working" key password -- if the key password is populated, it is returned; otherwise the getKeystorePassword() is returned.

Specified by:

getFunctionalKeyPassword in interface TlsConfiguration

Returns:

the key or keystore password actually populated

getFunctionalKeyPasswordForLogging

public String getFunctionalKeyPasswordForLogging()

Returns "********" if the functional key password is populated, "null" if not.

Specified by:

getFunctionalKeyPasswordForLogging in interface TlsConfiguration

Returns:

a loggable String representation of the functional key password

getKeystoreType

public KeystoreType getKeystoreType()

Specified by:

getKeystoreType in interface TlsConfiguration

getTruststorePath

public String getTruststorePath()

Specified by:

getTruststorePath in interface TlsConfiguration

getTruststorePassword

public String getTruststorePassword()

Specified by:

getTruststorePassword in interface TlsConfiguration

getTruststorePasswordForLogging

public String getTruststorePasswordForLogging()

Returns "********" if the truststore password is populated, "null" if not.

Specified by:

getTruststorePasswordForLogging in interface TlsConfiguration

Returns:

a loggable String representation of the truststore password

getTruststoreType

public KeystoreType getTruststoreType()

Specified by:

getTruststoreType in interface TlsConfiguration

getProtocol

public String getProtocol()

Specified by:

getProtocol in interface TlsConfiguration

isKeystorePopulated

public boolean isKeystorePopulated()

Returns true if the necessary properties are populated to instantiate a keystore. This does not validate the values (see isKeystoreValid()).

Specified by:

isKeystorePopulated in interface TlsConfiguration

Returns:

true if the path, password, and type are present

isAnyKeystorePopulated

public boolean isAnyKeystorePopulated()

Returns true if any of the keystore properties is populated, indicating that the caller expects a valid keystore to be generated.

Specified by:

isAnyKeystorePopulated in interface TlsConfiguration

Returns:

true if any keystore properties are present

isKeystoreValid

public boolean isKeystoreValid()

Returns true if the necessary properties are populated and the keystore can be successfully instantiated (i.e. the path is valid and the password(s) are correct).

Specified by:

isKeystoreValid in interface TlsConfiguration

Returns:

true if the keystore properties are valid

isTruststorePopulated

public boolean isTruststorePopulated()

Returns true if the necessary properties are populated to instantiate a truststore. This does not validate the values (see isTruststoreValid()).

Specified by:

isTruststorePopulated in interface TlsConfiguration

Returns:

true if the path, password, and type are present

isAnyTruststorePopulated

public boolean isAnyTruststorePopulated()

Returns true if any of the truststore properties is populated, indicating that the caller expects a valid truststore to be generated.

Specified by:

isAnyTruststorePopulated in interface TlsConfiguration

Returns:

true if any truststore properties are present

isTruststoreValid

public boolean isTruststoreValid()

Returns true if the necessary properties are populated and the truststore can be successfully instantiated (i.e. the path is valid and the password is correct).

Specified by:

isTruststoreValid in interface TlsConfiguration

Returns:

true if the truststore properties are valid

getKeystorePropertiesForLogging

public String[] getKeystorePropertiesForLogging()

Returns a String[] containing the keystore properties for logging. The order is getKeystorePath(), getKeystorePasswordForLogging(), getFunctionalKeyPasswordForLogging(), getKeystoreType() (using the type or "null").

Specified by:

getKeystorePropertiesForLogging in interface TlsConfiguration

Returns:

a loggable String[]

getTruststorePropertiesForLogging

public String[] getTruststorePropertiesForLogging()

Returns a String[] containing the truststore properties for logging. The order is getTruststorePath(), getTruststorePasswordForLogging(), getTruststoreType() (using the type or "null").

Specified by:

getTruststorePropertiesForLogging in interface TlsConfiguration

Returns:

a loggable String[]

getEnabledProtocols

public String[] getEnabledProtocols()

Get Enabled TLS Protocols translates SSL to legacy protocols and TLS to current protocols or returns configured protocol

Specified by:

getEnabledProtocols in interface TlsConfiguration

Returns:

Enabled TLS Protocols

toString

public String toString()

Overrides:

toString in class Object

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

maskPasswordForLog

private static String maskPasswordForLog(String password)

isAnyPopulated

private boolean isAnyPopulated(String path,
                               String password,
                               KeystoreType type)

isStorePopulated

private boolean isStorePopulated(String path,
                                 String password,
                                 KeystoreType type,
                                 String label)

isStoreValid

private boolean isStoreValid(String path,
                             String password,
                             KeystoreType type,
                             String label)