Package org.apache.nifi.ssl
Class StandardSSLContextService
java.lang.Object
org.apache.nifi.components.AbstractConfigurableComponent
org.apache.nifi.controller.AbstractControllerService
org.apache.nifi.ssl.StandardSSLContextService
- All Implemented Interfaces:
ConfigurableComponent,ControllerService,SSLContextService
- Direct Known Subclasses:
StandardRestrictedSSLContextService
@Tags({"ssl","secure","certificate","keystore","truststore","jks","p12","pkcs12","pkcs","tls"})
@CapabilityDescription("Standard implementation of the SSLContextService. Provides the ability to configure keystore and/or truststore properties once and reuse that configuration throughout the application. This service can be used to communicate with both legacy and modern systems. If you only need to communicate with non-legacy systems, then the StandardRestrictedSSLContextService is recommended as it only allows a specific set of SSL protocols to be chosen.")
public class StandardSSLContextService
extends AbstractControllerService
implements SSLContextService
-
Nested Class Summary
Nested Classes -
Field Summary
FieldsModifier and TypeFieldDescriptionprotected ConfigurationContextprivate boolean(package private) static final PropertyDescriptorstatic final PropertyDescriptorstatic final PropertyDescriptorstatic final PropertyDescriptorprivate static final List<PropertyDescriptor> static final PropertyDescriptorstatic final Stringstatic final Stringstatic final PropertyDescriptorstatic final PropertyDescriptorstatic final PropertyDescriptorprivate static final intprivate int -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate static intcountNulls(Object... objects) Returns the count ofnullobjects in the parameters.Create and initializeSSLContextusing configured properties.Returns aTlsConfigurationconfigured with the current properties of the controller service.Create X.509 Trust Manager using configured propertiesprotected Collection<ValidationResult> customValidate(ValidationContext validationContext) private Map<PropertyDescriptor, String> evaluateProperties(PropertyContext context) private static AllowableValue[]protected List<PropertyDescriptor> protected intbooleanbooleanprivate static booleankeystorePropertiesEmpty(Map<PropertyDescriptor, String> properties) voidonConfigured(ConfigurationContext context) voidonPropertyModified(PropertyDescriptor descriptor, String oldValue, String newValue) private voidtoString()private static booleantruststorePropertiesEmpty(Map<PropertyDescriptor, String> properties) private static List<ValidationResult> validateKeystore(Map<PropertyDescriptor, String> properties) Returns a list ofValidationResults for keystore validity checking.private static List<ValidationResult> validateKeystoreFile(String filename, String password, String keyPassword, String type) Returns a list ofValidationResults when validating an actual keystore file on disk.private static Collection<ValidationResult> validateStore(Map<PropertyDescriptor, String> properties, StandardSSLContextService.KeystoreValidationGroup keyStoreOrTrustStore) Returns a list ofValidationResults for the provided keystore/truststore properties.private static List<ValidationResult> validateTruststore(Map<PropertyDescriptor, String> properties) Returns a list ofValidationResults for truststore validity checking.private static List<ValidationResult> validateTruststoreFile(String filename, String password, String type) Returns a list ofValidationResults when validating an actual truststore file on disk.Methods inherited from class org.apache.nifi.controller.AbstractControllerService
abstractClearConfigContext, abstractStoreConfigContext, disabled, enabled, getConfigurationContext, getControllerServiceLookup, getIdentifier, getLogger, getNodeTypeProvider, getProperty, getStateManager, init, initialize, isEnabledMethods inherited from class org.apache.nifi.components.AbstractConfigurableComponent
equals, getPropertyDescriptor, getPropertyDescriptors, getSupportedDynamicPropertyDescriptor, hashCode, validateMethods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, waitMethods inherited from interface org.apache.nifi.components.ConfigurableComponent
getIdentifier, getPropertyDescriptor, getPropertyDescriptors, validateMethods inherited from interface org.apache.nifi.controller.ControllerService
initialize, isStateful, migrateProperties
-
Field Details
-
TLS_PROTOCOL
- See Also:
-
SSL_PROTOCOL
- See Also:
-
TRUSTSTORE
-
TRUSTSTORE_TYPE
-
TRUSTSTORE_PASSWORD
-
KEYSTORE
-
KEYSTORE_TYPE
-
KEYSTORE_PASSWORD
-
KEY_PASSWORD
-
SSL_ALGORITHM
-
properties
-
configContext
-
isValidated
private boolean isValidated -
VALIDATION_CACHE_EXPIRATION
private static final int VALIDATION_CACHE_EXPIRATION- See Also:
-
validationCacheCount
private int validationCacheCount
-
-
Constructor Details
-
StandardSSLContextService
public StandardSSLContextService()
-
-
Method Details
-
onConfigured
- Throws:
InitializationException
-
onPropertyModified
- Specified by:
onPropertyModifiedin interfaceConfigurableComponent- Overrides:
onPropertyModifiedin classAbstractConfigurableComponent
-
getSupportedPropertyDescriptors
- Overrides:
getSupportedPropertyDescriptorsin classAbstractConfigurableComponent
-
customValidate
- Overrides:
customValidatein classAbstractConfigurableComponent
-
evaluateProperties
-
resetValidationCache
private void resetValidationCache() -
getValidationCacheExpiration
protected int getValidationCacheExpiration() -
createTlsConfiguration
Returns aTlsConfigurationconfigured with the current properties of the controller service. This is useful for transferring the TLS configuration values between services.- Specified by:
createTlsConfigurationin interfaceSSLContextService- Returns:
- the populated TlsConfiguration
-
createContext
Create and initializeSSLContextusing configured properties. This method is preferred over deprecated methods due to not requiring a client authentication policy. Invokes createTlsConfiguration() to prepare properties for processing.- Specified by:
createContextin interfaceSSLContextService- Returns:
SSLContextinitialized using configured properties
-
createTrustManager
Create X.509 Trust Manager using configured properties- Specified by:
createTrustManagerin interfaceSSLContextService- Returns:
X509TrustManagerinitialized using configured properties
-
getTrustStoreFile
- Specified by:
getTrustStoreFilein interfaceSSLContextService
-
getTrustStoreType
- Specified by:
getTrustStoreTypein interfaceSSLContextService
-
getTrustStorePassword
- Specified by:
getTrustStorePasswordin interfaceSSLContextService
-
isTrustStoreConfigured
public boolean isTrustStoreConfigured()- Specified by:
isTrustStoreConfiguredin interfaceSSLContextService
-
getKeyStoreFile
- Specified by:
getKeyStoreFilein interfaceSSLContextService
-
getKeyStoreType
- Specified by:
getKeyStoreTypein interfaceSSLContextService
-
getKeyStorePassword
- Specified by:
getKeyStorePasswordin interfaceSSLContextService
-
getKeyPassword
- Specified by:
getKeyPasswordin interfaceSSLContextService
-
isKeyStoreConfigured
public boolean isKeyStoreConfigured()- Specified by:
isKeyStoreConfiguredin interfaceSSLContextService
-
getSslAlgorithm
- Specified by:
getSslAlgorithmin interfaceSSLContextService
-
validateStore
private static Collection<ValidationResult> validateStore(Map<PropertyDescriptor, String> properties, StandardSSLContextService.KeystoreValidationGroup keyStoreOrTrustStore) Returns a list ofValidationResults for the provided keystore/truststore properties. Called duringcustomValidate(ValidationContext).- Parameters:
properties- the map of component propertieskeyStoreOrTrustStore- an enumStandardSSLContextService.KeystoreValidationGroupindicating keystore or truststore because logic is different- Returns:
- the list of validation results (empty means valid)
-
keystorePropertiesEmpty
-
truststorePropertiesEmpty
-
countNulls
Returns the count ofnullobjects in the parameters. Used for keystore/truststore validation.- Parameters:
objects- a variable array of objects, some of which can be null- Returns:
- the count of provided objects which were null
-
validateKeystore
Returns a list ofValidationResults for keystore validity checking. Ensures none or all of the properties are populated; if populated, validates the keystore file on disk and password as well.- Parameters:
properties- the component properties- Returns:
- the list of validation results (empty is valid)
-
validateTruststore
Returns a list ofValidationResults for truststore validity checking. Ensures none of the properties are populated or at least filename and type are populated; if populated, validates the truststore file on disk and password as well.- Parameters:
properties- the component properties- Returns:
- the list of validation results (empty is valid)
-
validateTruststoreFile
private static List<ValidationResult> validateTruststoreFile(String filename, String password, String type) Returns a list ofValidationResults when validating an actual truststore file on disk. Verifies the file permissions and existence, and attempts to open the file given the provided password.- Parameters:
filename- the path of the file on diskpassword- the file passwordtype- the truststore type- Returns:
- the list of validation results (empty is valid)
-
validateKeystoreFile
private static List<ValidationResult> validateKeystoreFile(String filename, String password, String keyPassword, String type) Returns a list ofValidationResults when validating an actual keystore file on disk. Verifies the file permissions and existence, and attempts to open the file given the provided (keystore or key) password.- Parameters:
filename- the path of the file on diskpassword- the file passwordkeyPassword- the (optional) key-specific passwordtype- the keystore type- Returns:
- the list of validation results (empty is valid)
-
toString
- Overrides:
toStringin classAbstractConfigurableComponent
-
getProtocolAllowableValues
-