Package org.apache.nifi.ssl

Class StandardSSLContextService

java.lang.Object
org.apache.nifi.components.AbstractConfigurableComponent
org.apache.nifi.controller.AbstractControllerService
org.apache.nifi.ssl.StandardSSLContextService
All Implemented Interfaces:
org.apache.nifi.components.ConfigurableComponent, org.apache.nifi.controller.ControllerService, SSLContextProvider, SSLContextService
Direct Known Subclasses:
StandardRestrictedSSLContextService
@Tags({"ssl","secure","certificate","keystore","truststore","jks","p12","pkcs12","pkcs","tls"}) @CapabilityDescription("Standard implementation of the SSLContextService. Provides the ability to configure keystore and/or truststore properties once and reuse that configuration throughout the application. This service can be used to communicate with both legacy and modern systems. If you only need to communicate with non-legacy systems, then the StandardRestrictedSSLContextService is recommended as it only allows a specific set of SSL protocols to be chosen.") public class StandardSSLContextService extends org.apache.nifi.controller.AbstractControllerService implements SSLContextService

  • Field Details

    • TLS_PROTOCOL

      public static final String TLS_PROTOCOL
      See Also:

    • SSL_PROTOCOL

      public static final String SSL_PROTOCOL
      See Also:

    • TRUSTSTORE

      public static final org.apache.nifi.components.PropertyDescriptor TRUSTSTORE

    • TRUSTSTORE_TYPE

      public static final org.apache.nifi.components.PropertyDescriptor TRUSTSTORE_TYPE

    • TRUSTSTORE_PASSWORD

      public static final org.apache.nifi.components.PropertyDescriptor TRUSTSTORE_PASSWORD

    • KEYSTORE

      public static final org.apache.nifi.components.PropertyDescriptor KEYSTORE

    • KEYSTORE_TYPE

      public static final org.apache.nifi.components.PropertyDescriptor KEYSTORE_TYPE

    • KEYSTORE_PASSWORD

      public static final org.apache.nifi.components.PropertyDescriptor KEYSTORE_PASSWORD

    • KEY_PASSWORD

      static final org.apache.nifi.components.PropertyDescriptor KEY_PASSWORD

    • SSL_ALGORITHM

      public static final org.apache.nifi.components.PropertyDescriptor SSL_ALGORITHM

    • PROPERTY_DESCRIPTORS

      private static final List<org.apache.nifi.components.PropertyDescriptor> PROPERTY_DESCRIPTORS

    • configContext

      protected org.apache.nifi.controller.ConfigurationContext configContext

    • isValidated

      private boolean isValidated

    • VALIDATION_CACHE_EXPIRATION

      private static final int VALIDATION_CACHE_EXPIRATION
      See Also:

    • validationCacheCount

      private int validationCacheCount

  • Constructor Details

    • StandardSSLContextService

      public StandardSSLContextService()

  • Method Details

    • onConfigured

      @OnEnabled public void onConfigured(org.apache.nifi.controller.ConfigurationContext context) throws InitializationException
      Throws:
      InitializationException

    • onPropertyModified

      public void onPropertyModified(org.apache.nifi.components.PropertyDescriptor descriptor, String oldValue, String newValue)
      Specified by:
      onPropertyModified in interface org.apache.nifi.components.ConfigurableComponent
      Overrides:
      onPropertyModified in class org.apache.nifi.components.AbstractConfigurableComponent

    • getSupportedPropertyDescriptors

      protected List<org.apache.nifi.components.PropertyDescriptor> getSupportedPropertyDescriptors()
      Overrides:
      getSupportedPropertyDescriptors in class org.apache.nifi.components.AbstractConfigurableComponent

    • customValidate

      protected Collection<org.apache.nifi.components.ValidationResult> customValidate(org.apache.nifi.components.ValidationContext validationContext)
      Overrides:
      customValidate in class org.apache.nifi.components.AbstractConfigurableComponent

    • evaluateProperties

      private Map<org.apache.nifi.components.PropertyDescriptor,String> evaluateProperties(org.apache.nifi.context.PropertyContext context)

    • resetValidationCache

      private void resetValidationCache()

    • getValidationCacheExpiration

      protected int getValidationCacheExpiration()

    • createTlsConfiguration

      public TlsConfiguration createTlsConfiguration()
      Returns a TlsConfiguration configured with the current properties of the controller service. This is useful for transferring the TLS configuration values between services.
      Specified by:
      createTlsConfiguration in interface SSLContextService
      Returns:
      the populated TlsConfiguration

    • createContext

      public SSLContext createContext()
      Create and initialize SSLContext using configured properties. This method is preferred over deprecated methods due to not requiring a client authentication policy. Invokes createTlsConfiguration() to prepare properties for processing.
      Specified by:
      createContext in interface SSLContextProvider
      Returns:
      SSLContext initialized using configured properties

    • createKeyManager

      public Optional<X509ExtendedKeyManager> createKeyManager()
      Create and initialize an X.509 Key Manager when configured with key and certificate properties
      Specified by:
      createKeyManager in interface SSLContextProvider
      Returns:
      X.509 Extended Key Manager or empty when not configured

    • createTrustManager

      public X509TrustManager createTrustManager()
      Create X.509 Trust Manager using configured properties
      Specified by:
      createTrustManager in interface SSLContextProvider
      Returns:
      X509TrustManager initialized using configured properties

    • getTrustStoreFile

      public String getTrustStoreFile()
      Specified by:
      getTrustStoreFile in interface SSLContextService

    • getTrustStoreType

      public String getTrustStoreType()
      Specified by:
      getTrustStoreType in interface SSLContextService

    • getTrustStorePassword

      public String getTrustStorePassword()
      Specified by:
      getTrustStorePassword in interface SSLContextService

    • isTrustStoreConfigured

      public boolean isTrustStoreConfigured()
      Specified by:
      isTrustStoreConfigured in interface SSLContextService

    • getKeyStoreFile

      public String getKeyStoreFile()
      Specified by:
      getKeyStoreFile in interface SSLContextService

    • getKeyStoreType

      public String getKeyStoreType()
      Specified by:
      getKeyStoreType in interface SSLContextService

    • getKeyStorePassword

      public String getKeyStorePassword()
      Specified by:
      getKeyStorePassword in interface SSLContextService

    • getKeyPassword

      public String getKeyPassword()
      Specified by:
      getKeyPassword in interface SSLContextService

    • isKeyStoreConfigured

      public boolean isKeyStoreConfigured()
      Specified by:
      isKeyStoreConfigured in interface SSLContextService

    • getSslAlgorithm

      public String getSslAlgorithm()
      Specified by:
      getSslAlgorithm in interface SSLContextService

    • validateStore

      private static Collection<org.apache.nifi.components.ValidationResult> validateStore(Map<org.apache.nifi.components.PropertyDescriptor,String> properties, StandardSSLContextService.KeystoreValidationGroup keyStoreOrTrustStore)
      Returns a list of ValidationResults for the provided keystore/truststore properties. Called during customValidate(ValidationContext).
      Parameters:
      properties - the map of component properties
      keyStoreOrTrustStore - an enum StandardSSLContextService.KeystoreValidationGroup indicating keystore or truststore because logic is different
      Returns:
      the list of validation results (empty means valid)

    • keystorePropertiesEmpty

      private static boolean keystorePropertiesEmpty(Map<org.apache.nifi.components.PropertyDescriptor,String> properties)

    • truststorePropertiesEmpty

      private static boolean truststorePropertiesEmpty(Map<org.apache.nifi.components.PropertyDescriptor,String> properties)

    • countNulls

      private static int countNulls(Object... objects)
      Returns the count of null objects in the parameters. Used for keystore/truststore validation.
      Parameters:
      objects - a variable array of objects, some of which can be null
      Returns:
      the count of provided objects which were null

    • validateKeystore

      private static List<org.apache.nifi.components.ValidationResult> validateKeystore(Map<org.apache.nifi.components.PropertyDescriptor,String> properties)
      Returns a list of ValidationResults for keystore validity checking. Ensures none or all of the properties are populated; if populated, validates the keystore file on disk and password as well.
      Parameters:
      properties - the component properties
      Returns:
      the list of validation results (empty is valid)

    • validateTruststore

      private static List<org.apache.nifi.components.ValidationResult> validateTruststore(Map<org.apache.nifi.components.PropertyDescriptor,String> properties)
      Returns a list of ValidationResults for truststore validity checking. Ensures none of the properties are populated or at least filename and type are populated; if populated, validates the truststore file on disk and password as well.
      Parameters:
      properties - the component properties
      Returns:
      the list of validation results (empty is valid)

    • validateTruststoreFile

      private static List<org.apache.nifi.components.ValidationResult> validateTruststoreFile(String filename, String password, String type)
      Returns a list of ValidationResults when validating an actual truststore file on disk. Verifies the file permissions and existence, and attempts to open the file given the provided password.
      Parameters:
      filename - the path of the file on disk
      password - the file password
      type - the truststore type
      Returns:
      the list of validation results (empty is valid)

    • validateKeystoreFile

      private static List<org.apache.nifi.components.ValidationResult> validateKeystoreFile(String filename, String password, String keyPassword, String type)
      Returns a list of ValidationResults when validating an actual keystore file on disk. Verifies the file permissions and existence, and attempts to open the file given the provided (keystore or key) password.
      Parameters:
      filename - the path of the file on disk
      password - the file password
      keyPassword - the (optional) key-specific password
      type - the keystore type
      Returns:
      the list of validation results (empty is valid)

    • toString

      public String toString()
      Overrides:
      toString in class org.apache.nifi.components.AbstractConfigurableComponent

    • getProtocolAllowableValues

      private static org.apache.nifi.components.AllowableValue[] getProtocolAllowableValues()

    • loadKeyStore

      private static KeyStore loadKeyStore(File storeFile, KeystoreType storeType, char[] storePassword) throws GeneralSecurityException, IOException
      Throws:
      GeneralSecurityException
      IOException

    • isKeyPasswordValid

      private static boolean isKeyPasswordValid(KeyStore keyStore, char[] keyPassword)