diff --git a/nifi-api/src/main/java/org/apache/nifi/action/Action.java b/nifi-api/src/main/java/org/apache/nifi/action/Action.java
index ed6505fcd9d0..44c28a66aa67 100644
--- a/nifi-api/src/main/java/org/apache/nifi/action/Action.java
+++ b/nifi-api/src/main/java/org/apache/nifi/action/Action.java
@@ -16,11 +16,10 @@
*/
package org.apache.nifi.action;
-import org.apache.nifi.action.component.details.ComponentDetails;
-import org.apache.nifi.action.details.ActionDetails;
-
import java.io.Serializable;
import java.util.Date;
+import org.apache.nifi.action.component.details.ComponentDetails;
+import org.apache.nifi.action.details.ActionDetails;
/**
* An action taken on the flow by a user.
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/DynamicProperty.java b/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/DynamicProperty.java
index aa522268fb9e..f73ce4515660 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/DynamicProperty.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/DynamicProperty.java
@@ -22,7 +22,6 @@
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
-
import org.apache.nifi.components.ConfigurableComponent;
import org.apache.nifi.expression.ExpressionLanguageScope;
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/DynamicRelationship.java b/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/DynamicRelationship.java
index 68d40c7fb022..006f6adba8af 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/DynamicRelationship.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/DynamicRelationship.java
@@ -22,7 +22,6 @@
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
-
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.processor.Processor;
import org.apache.nifi.processor.Relationship;
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/Restriction.java b/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/Restriction.java
index 2a07108eecfe..1490880acb0b 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/Restriction.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/Restriction.java
@@ -16,14 +16,13 @@
*/
package org.apache.nifi.annotation.behavior;
-import org.apache.nifi.components.RequiredPermission;
-
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
+import org.apache.nifi.components.RequiredPermission;
/**
* Specific restriction for a component. Indicates what the required permission is and why the restriction exists.
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/Stateful.java b/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/Stateful.java
index de32bd7d74c6..0e224747ff5a 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/Stateful.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/behavior/Stateful.java
@@ -23,7 +23,6 @@
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
-
import org.apache.nifi.components.state.Scope;
import org.apache.nifi.components.state.StateManager;
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/configuration/DefaultSchedule.java b/nifi-api/src/main/java/org/apache/nifi/annotation/configuration/DefaultSchedule.java
index 8635a74513c8..7d08d77ae14b 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/configuration/DefaultSchedule.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/configuration/DefaultSchedule.java
@@ -17,14 +17,13 @@
package org.apache.nifi.annotation.configuration;
-import org.apache.nifi.scheduling.SchedulingStrategy;
-
import java.lang.annotation.Documented;
-import java.lang.annotation.Target;
-import java.lang.annotation.Retention;
import java.lang.annotation.ElementType;
-import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.apache.nifi.scheduling.SchedulingStrategy;
/**
*
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/configuration/DefaultSettings.java b/nifi-api/src/main/java/org/apache/nifi/annotation/configuration/DefaultSettings.java
index d01972c8c724..09402c7bad83 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/configuration/DefaultSettings.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/configuration/DefaultSettings.java
@@ -18,11 +18,11 @@
package org.apache.nifi.annotation.configuration;
import java.lang.annotation.Documented;
-import java.lang.annotation.Target;
-import java.lang.annotation.Retention;
import java.lang.annotation.ElementType;
-import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
import org.apache.nifi.logging.LogLevel;
/**
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/documentation/DeprecationNotice.java b/nifi-api/src/main/java/org/apache/nifi/annotation/documentation/DeprecationNotice.java
index f9d47dda5e01..e3858438abe2 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/documentation/DeprecationNotice.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/documentation/DeprecationNotice.java
@@ -16,14 +16,13 @@
*/
package org.apache.nifi.annotation.documentation;
-import org.apache.nifi.components.ConfigurableComponent;
-
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
+import org.apache.nifi.components.ConfigurableComponent;
/**
* Annotation that can be applied to a {@link org.apache.nifi.processor.Processor Processor},
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/documentation/SeeAlso.java b/nifi-api/src/main/java/org/apache/nifi/annotation/documentation/SeeAlso.java
index f89e25b11009..43937759ad08 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/documentation/SeeAlso.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/documentation/SeeAlso.java
@@ -22,7 +22,6 @@
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
-
import org.apache.nifi.components.ConfigurableComponent;
/**
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnDisabled.java b/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnDisabled.java
index f8ca0381e2dc..d4044a1f9010 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnDisabled.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnDisabled.java
@@ -22,7 +22,6 @@
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
-
import org.apache.nifi.controller.ConfigurationContext;
/**
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnRemoved.java b/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnRemoved.java
index 54817e4f4b2f..1dfac3df0b48 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnRemoved.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnRemoved.java
@@ -22,7 +22,6 @@
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
-
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.processor.ProcessContext;
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnShutdown.java b/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnShutdown.java
index 44098ff2bc53..905618aadb6d 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnShutdown.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnShutdown.java
@@ -22,7 +22,6 @@
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
-
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.processor.ProcessContext;
diff --git a/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnStopped.java b/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnStopped.java
index cdec8d0e727d..647c2ec7baea 100644
--- a/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnStopped.java
+++ b/nifi-api/src/main/java/org/apache/nifi/annotation/lifecycle/OnStopped.java
@@ -22,7 +22,6 @@
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
-
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.processor.ProcessContext;
diff --git a/nifi-api/src/main/java/org/apache/nifi/components/ConfigurableComponent.java b/nifi-api/src/main/java/org/apache/nifi/components/ConfigurableComponent.java
index 2f693dac3783..4c5537eb6c14 100644
--- a/nifi-api/src/main/java/org/apache/nifi/components/ConfigurableComponent.java
+++ b/nifi-api/src/main/java/org/apache/nifi/components/ConfigurableComponent.java
@@ -18,7 +18,6 @@
import java.util.Collection;
import java.util.List;
-
import org.apache.nifi.annotation.lifecycle.OnConfigurationRestored;
public interface ConfigurableComponent {
diff --git a/nifi-api/src/main/java/org/apache/nifi/components/PropertyDescriptor.java b/nifi-api/src/main/java/org/apache/nifi/components/PropertyDescriptor.java
index e39b75d9495e..0e23510cd8fe 100644
--- a/nifi-api/src/main/java/org/apache/nifi/components/PropertyDescriptor.java
+++ b/nifi-api/src/main/java/org/apache/nifi/components/PropertyDescriptor.java
@@ -22,7 +22,6 @@
import java.util.Collections;
import java.util.List;
import java.util.Set;
-
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.expression.ExpressionLanguageScope;
diff --git a/nifi-api/src/main/java/org/apache/nifi/components/PropertyValue.java b/nifi-api/src/main/java/org/apache/nifi/components/PropertyValue.java
index 05f262fcf601..edafaeee6549 100644
--- a/nifi-api/src/main/java/org/apache/nifi/components/PropertyValue.java
+++ b/nifi-api/src/main/java/org/apache/nifi/components/PropertyValue.java
@@ -18,7 +18,6 @@
import java.util.Map;
import java.util.concurrent.TimeUnit;
-
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.expression.AttributeValueDecorator;
import org.apache.nifi.flowfile.FlowFile;
@@ -277,7 +276,7 @@ public interface PropertyValue {
* @throws ProcessException if the Expression cannot be compiled or evaluating
* the Expression against the given attributes causes an Exception to be thrown
*/
- public PropertyValue evaluateAttributeExpressions(FlowFile flowFile, Map additionalAttributes, AttributeValueDecorator decorator, Map stateValues)
+ PropertyValue evaluateAttributeExpressions(FlowFile flowFile, Map additionalAttributes, AttributeValueDecorator decorator, Map stateValues)
throws ProcessException;
/**
diff --git a/nifi-api/src/main/java/org/apache/nifi/components/ValidationContext.java b/nifi-api/src/main/java/org/apache/nifi/components/ValidationContext.java
index acaffd7c034d..56f566e9d7c0 100644
--- a/nifi-api/src/main/java/org/apache/nifi/components/ValidationContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/components/ValidationContext.java
@@ -16,14 +16,13 @@
*/
package org.apache.nifi.components;
+import java.util.Collection;
+import java.util.Map;
import org.apache.nifi.context.PropertyContext;
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.controller.ControllerServiceLookup;
import org.apache.nifi.expression.ExpressionLanguageCompiler;
-import java.util.Collection;
-import java.util.Map;
-
public interface ValidationContext extends PropertyContext {
/**
diff --git a/nifi-api/src/main/java/org/apache/nifi/components/state/StateManager.java b/nifi-api/src/main/java/org/apache/nifi/components/state/StateManager.java
index 768f77317bcf..1669ea1bbd94 100644
--- a/nifi-api/src/main/java/org/apache/nifi/components/state/StateManager.java
+++ b/nifi-api/src/main/java/org/apache/nifi/components/state/StateManager.java
@@ -19,7 +19,6 @@
import java.io.IOException;
import java.util.Map;
-
import org.apache.nifi.annotation.behavior.Stateful;
import org.apache.nifi.components.state.exception.StateTooLargeException;
diff --git a/nifi-api/src/main/java/org/apache/nifi/components/state/exception/StateTooLargeException.java b/nifi-api/src/main/java/org/apache/nifi/components/state/exception/StateTooLargeException.java
index 5461b40b306f..41c8b248ec4a 100644
--- a/nifi-api/src/main/java/org/apache/nifi/components/state/exception/StateTooLargeException.java
+++ b/nifi-api/src/main/java/org/apache/nifi/components/state/exception/StateTooLargeException.java
@@ -17,9 +17,8 @@
package org.apache.nifi.components.state.exception;
-import org.apache.nifi.components.state.StateManager;
-
import java.io.IOException;
+import org.apache.nifi.components.state.StateManager;
/**
* Thrown when attempting to store state via the {@link StateManager} but the state being
diff --git a/nifi-api/src/main/java/org/apache/nifi/context/PropertyContext.java b/nifi-api/src/main/java/org/apache/nifi/context/PropertyContext.java
index 2771927b480e..5b22a192e92e 100644
--- a/nifi-api/src/main/java/org/apache/nifi/context/PropertyContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/context/PropertyContext.java
@@ -16,11 +16,10 @@
*/
package org.apache.nifi.context;
+import java.util.Map;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
-import java.util.Map;
-
/**
* A context for retrieving a PropertyValue from a PropertyDescriptor.
*/
diff --git a/nifi-api/src/main/java/org/apache/nifi/controller/ConfigurationContext.java b/nifi-api/src/main/java/org/apache/nifi/controller/ConfigurationContext.java
index c1316b5536c5..f4a602a9a8f8 100644
--- a/nifi-api/src/main/java/org/apache/nifi/controller/ConfigurationContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/controller/ConfigurationContext.java
@@ -16,11 +16,10 @@
*/
package org.apache.nifi.controller;
-import org.apache.nifi.components.PropertyDescriptor;
-import org.apache.nifi.context.PropertyContext;
-
import java.util.Map;
import java.util.concurrent.TimeUnit;
+import org.apache.nifi.components.PropertyDescriptor;
+import org.apache.nifi.context.PropertyContext;
/**
* This context is passed to ControllerServices and Reporting Tasks in order
diff --git a/nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessGroupStatus.java b/nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessGroupStatus.java
index f9433d77e7d1..758a059802fe 100644
--- a/nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessGroupStatus.java
+++ b/nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessGroupStatus.java
@@ -16,12 +16,11 @@
*/
package org.apache.nifi.controller.status;
-import org.apache.nifi.registry.flow.VersionedFlowState;
-
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
+import org.apache.nifi.registry.flow.VersionedFlowState;
/**
*/
diff --git a/nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessorStatus.java b/nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessorStatus.java
index 93a6d87f0942..ba90534239c6 100644
--- a/nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessorStatus.java
+++ b/nifi-api/src/main/java/org/apache/nifi/controller/status/ProcessorStatus.java
@@ -16,11 +16,10 @@
*/
package org.apache.nifi.controller.status;
-import org.apache.nifi.scheduling.ExecutionNode;
-
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
+import org.apache.nifi.scheduling.ExecutionNode;
/**
*/
diff --git a/nifi-api/src/main/java/org/apache/nifi/documentation/AbstractDocumentationWriter.java b/nifi-api/src/main/java/org/apache/nifi/documentation/AbstractDocumentationWriter.java
index d3c64d4b556a..2c24f5c0587d 100644
--- a/nifi-api/src/main/java/org/apache/nifi/documentation/AbstractDocumentationWriter.java
+++ b/nifi-api/src/main/java/org/apache/nifi/documentation/AbstractDocumentationWriter.java
@@ -16,6 +16,14 @@
*/
package org.apache.nifi.documentation;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
import org.apache.nifi.annotation.behavior.DynamicProperties;
import org.apache.nifi.annotation.behavior.DynamicProperty;
import org.apache.nifi.annotation.behavior.DynamicRelationship;
@@ -42,15 +50,6 @@
import org.apache.nifi.reporting.InitializationException;
import org.apache.nifi.reporting.ReportingTask;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
/**
* Base class for DocumentationWriter that simplifies iterating over all information for a component, creating a separate method
* for each, to ensure that implementations properly override all methods and therefore properly account for all information about
diff --git a/nifi-api/src/main/java/org/apache/nifi/documentation/ExtensionDocumentationWriter.java b/nifi-api/src/main/java/org/apache/nifi/documentation/ExtensionDocumentationWriter.java
index f4b249201dde..7681c0984b4c 100644
--- a/nifi-api/src/main/java/org/apache/nifi/documentation/ExtensionDocumentationWriter.java
+++ b/nifi-api/src/main/java/org/apache/nifi/documentation/ExtensionDocumentationWriter.java
@@ -16,11 +16,10 @@
*/
package org.apache.nifi.documentation;
-import org.apache.nifi.components.ConfigurableComponent;
-
import java.io.IOException;
import java.util.Collection;
import java.util.Map;
+import org.apache.nifi.components.ConfigurableComponent;
/**
* Generates documentation for an instance of a ConfigurableComponent.
diff --git a/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationControllerServiceInitializationContext.java b/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationControllerServiceInitializationContext.java
index 68637aaa1a23..cb8a0f234561 100644
--- a/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationControllerServiceInitializationContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationControllerServiceInitializationContext.java
@@ -16,15 +16,14 @@
*/
package org.apache.nifi.documentation.init;
+import java.io.File;
+import java.util.UUID;
import org.apache.nifi.components.state.StateManager;
import org.apache.nifi.controller.ControllerServiceInitializationContext;
import org.apache.nifi.controller.ControllerServiceLookup;
import org.apache.nifi.controller.NodeTypeProvider;
import org.apache.nifi.logging.ComponentLog;
-import java.io.File;
-import java.util.UUID;
-
public class DocumentationControllerServiceInitializationContext implements ControllerServiceInitializationContext {
private final String id = UUID.randomUUID().toString();
private final ControllerServiceLookup serviceLookup = new EmptyControllerServiceLookup();
diff --git a/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationProcessorInitializationContext.java b/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationProcessorInitializationContext.java
index c7a5e406643e..a48dcb63825b 100644
--- a/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationProcessorInitializationContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationProcessorInitializationContext.java
@@ -16,14 +16,13 @@
*/
package org.apache.nifi.documentation.init;
+import java.io.File;
+import java.util.UUID;
import org.apache.nifi.controller.ControllerServiceLookup;
import org.apache.nifi.controller.NodeTypeProvider;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.processor.ProcessorInitializationContext;
-import java.io.File;
-import java.util.UUID;
-
public class DocumentationProcessorInitializationContext implements ProcessorInitializationContext {
private final String uuid = UUID.randomUUID().toString();
private final NodeTypeProvider nodeTypeProvider = new StandaloneNodeTypeProvider();
diff --git a/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationReportingInitializationContext.java b/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationReportingInitializationContext.java
index 4697ee8d4c68..bcf216eb65b9 100644
--- a/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationReportingInitializationContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/documentation/init/DocumentationReportingInitializationContext.java
@@ -16,16 +16,15 @@
*/
package org.apache.nifi.documentation.init;
+import java.io.File;
+import java.util.UUID;
+import java.util.concurrent.TimeUnit;
import org.apache.nifi.controller.ControllerServiceLookup;
import org.apache.nifi.controller.NodeTypeProvider;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.reporting.ReportingInitializationContext;
import org.apache.nifi.scheduling.SchedulingStrategy;
-import java.io.File;
-import java.util.UUID;
-import java.util.concurrent.TimeUnit;
-
public class DocumentationReportingInitializationContext implements ReportingInitializationContext {
private final String id = UUID.randomUUID().toString();
private final ComponentLog componentLog = new NopComponentLog();
diff --git a/nifi-api/src/main/java/org/apache/nifi/documentation/init/EmptyControllerServiceLookup.java b/nifi-api/src/main/java/org/apache/nifi/documentation/init/EmptyControllerServiceLookup.java
index 4831198d078e..5cda2af77614 100644
--- a/nifi-api/src/main/java/org/apache/nifi/documentation/init/EmptyControllerServiceLookup.java
+++ b/nifi-api/src/main/java/org/apache/nifi/documentation/init/EmptyControllerServiceLookup.java
@@ -16,11 +16,10 @@
*/
package org.apache.nifi.documentation.init;
+import java.util.Set;
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.controller.ControllerServiceLookup;
-import java.util.Set;
-
public class EmptyControllerServiceLookup implements ControllerServiceLookup {
@Override
public ControllerService getControllerService(final String serviceIdentifier) {
diff --git a/nifi-api/src/main/java/org/apache/nifi/documentation/init/NopStateManager.java b/nifi-api/src/main/java/org/apache/nifi/documentation/init/NopStateManager.java
index 5e2c9557c8fd..4b4e21e8da5c 100644
--- a/nifi-api/src/main/java/org/apache/nifi/documentation/init/NopStateManager.java
+++ b/nifi-api/src/main/java/org/apache/nifi/documentation/init/NopStateManager.java
@@ -16,12 +16,11 @@
*/
package org.apache.nifi.documentation.init;
+import java.util.Map;
import org.apache.nifi.components.state.Scope;
import org.apache.nifi.components.state.StateManager;
import org.apache.nifi.components.state.StateMap;
-import java.util.Map;
-
public class NopStateManager implements StateManager {
@Override
public void setState(final Map state, final Scope scope) {
diff --git a/nifi-api/src/main/java/org/apache/nifi/documentation/xml/XmlDocumentationWriter.java b/nifi-api/src/main/java/org/apache/nifi/documentation/xml/XmlDocumentationWriter.java
index 59813a2a7b10..01c0bdc8dc01 100644
--- a/nifi-api/src/main/java/org/apache/nifi/documentation/xml/XmlDocumentationWriter.java
+++ b/nifi-api/src/main/java/org/apache/nifi/documentation/xml/XmlDocumentationWriter.java
@@ -16,6 +16,19 @@
*/
package org.apache.nifi.documentation.xml;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.function.Function;
+import javax.xml.stream.XMLOutputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
import org.apache.nifi.annotation.behavior.DynamicProperty;
import org.apache.nifi.annotation.behavior.DynamicRelationship;
import org.apache.nifi.annotation.behavior.InputRequirement;
@@ -36,20 +49,6 @@
import org.apache.nifi.documentation.ServiceAPI;
import org.apache.nifi.processor.Relationship;
-import javax.xml.stream.XMLOutputFactory;
-import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.XMLStreamWriter;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.function.Function;
-
/**
* XML-based implementation of DocumentationWriter
*
@@ -423,7 +422,7 @@ private void writeStartElement(final String elementName) throws IOException {
private void writeEndElement() throws IOException {
try {
- writer.writeEndElement();;
+ writer.writeEndElement();
} catch (final XMLStreamException e) {
throw new IOException(e);
}
diff --git a/nifi-api/src/main/java/org/apache/nifi/processor/AbstractSessionFactoryProcessor.java b/nifi-api/src/main/java/org/apache/nifi/processor/AbstractSessionFactoryProcessor.java
index 029f459bbb00..2394805b735f 100644
--- a/nifi-api/src/main/java/org/apache/nifi/processor/AbstractSessionFactoryProcessor.java
+++ b/nifi-api/src/main/java/org/apache/nifi/processor/AbstractSessionFactoryProcessor.java
@@ -18,7 +18,6 @@
import java.util.Collections;
import java.util.Set;
-
import org.apache.nifi.annotation.lifecycle.OnConfigurationRestored;
import org.apache.nifi.annotation.lifecycle.OnScheduled;
import org.apache.nifi.annotation.lifecycle.OnUnscheduled;
diff --git a/nifi-api/src/main/java/org/apache/nifi/processor/ProcessContext.java b/nifi-api/src/main/java/org/apache/nifi/processor/ProcessContext.java
index ea925ec5f157..4ce6367d0f62 100644
--- a/nifi-api/src/main/java/org/apache/nifi/processor/ProcessContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/processor/ProcessContext.java
@@ -18,7 +18,6 @@
import java.util.Map;
import java.util.Set;
-
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.components.state.StateManager;
diff --git a/nifi-api/src/main/java/org/apache/nifi/processor/ProcessSession.java b/nifi-api/src/main/java/org/apache/nifi/processor/ProcessSession.java
index 58f579f1741d..2e2d4ee7c3ad 100644
--- a/nifi-api/src/main/java/org/apache/nifi/processor/ProcessSession.java
+++ b/nifi-api/src/main/java/org/apache/nifi/processor/ProcessSession.java
@@ -24,7 +24,6 @@
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
-
import org.apache.nifi.controller.queue.QueueSize;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.processor.exception.FlowFileAccessException;
diff --git a/nifi-api/src/main/java/org/apache/nifi/processor/Processor.java b/nifi-api/src/main/java/org/apache/nifi/processor/Processor.java
index 98efc68ec979..34e47423aee1 100644
--- a/nifi-api/src/main/java/org/apache/nifi/processor/Processor.java
+++ b/nifi-api/src/main/java/org/apache/nifi/processor/Processor.java
@@ -17,7 +17,6 @@
package org.apache.nifi.processor;
import java.util.Set;
-
import org.apache.nifi.components.ConfigurableComponent;
import org.apache.nifi.processor.exception.ProcessException;
diff --git a/nifi-api/src/main/java/org/apache/nifi/processor/exception/TerminatedTaskException.java b/nifi-api/src/main/java/org/apache/nifi/processor/exception/TerminatedTaskException.java
index 602ad1d224ab..a55ed629304c 100644
--- a/nifi-api/src/main/java/org/apache/nifi/processor/exception/TerminatedTaskException.java
+++ b/nifi-api/src/main/java/org/apache/nifi/processor/exception/TerminatedTaskException.java
@@ -19,7 +19,6 @@
import java.io.InputStream;
import java.io.OutputStream;
-
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.ProcessSessionFactory;
diff --git a/nifi-api/src/main/java/org/apache/nifi/provenance/ProvenanceEventBuilder.java b/nifi-api/src/main/java/org/apache/nifi/provenance/ProvenanceEventBuilder.java
index 38e39a2a49e2..be4fd5e37246 100644
--- a/nifi-api/src/main/java/org/apache/nifi/provenance/ProvenanceEventBuilder.java
+++ b/nifi-api/src/main/java/org/apache/nifi/provenance/ProvenanceEventBuilder.java
@@ -18,7 +18,6 @@
import java.util.List;
import java.util.Map;
-
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.processor.Processor;
import org.apache.nifi.processor.Relationship;
diff --git a/nifi-api/src/main/java/org/apache/nifi/provenance/ProvenanceReporter.java b/nifi-api/src/main/java/org/apache/nifi/provenance/ProvenanceReporter.java
index a8f12a16431b..442f1309c140 100644
--- a/nifi-api/src/main/java/org/apache/nifi/provenance/ProvenanceReporter.java
+++ b/nifi-api/src/main/java/org/apache/nifi/provenance/ProvenanceReporter.java
@@ -16,12 +16,11 @@
*/
package org.apache.nifi.provenance;
+import java.util.Collection;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.Relationship;
-import java.util.Collection;
-
/**
* ProvenanceReporter generates and records Provenance-related events. A
* ProvenanceReporter is always tied to a {@link ProcessSession}. Any events
diff --git a/nifi-api/src/main/java/org/apache/nifi/reporting/AbstractReportingTask.java b/nifi-api/src/main/java/org/apache/nifi/reporting/AbstractReportingTask.java
index 339231ae3211..a2fd1195b359 100644
--- a/nifi-api/src/main/java/org/apache/nifi/reporting/AbstractReportingTask.java
+++ b/nifi-api/src/main/java/org/apache/nifi/reporting/AbstractReportingTask.java
@@ -17,7 +17,6 @@
package org.apache.nifi.reporting;
import java.util.concurrent.TimeUnit;
-
import org.apache.nifi.annotation.lifecycle.OnScheduled;
import org.apache.nifi.components.AbstractConfigurableComponent;
import org.apache.nifi.controller.ConfigurationContext;
diff --git a/nifi-api/src/main/java/org/apache/nifi/reporting/EventAccess.java b/nifi-api/src/main/java/org/apache/nifi/reporting/EventAccess.java
index c219032a0ac7..e4b556e4be7e 100644
--- a/nifi-api/src/main/java/org/apache/nifi/reporting/EventAccess.java
+++ b/nifi-api/src/main/java/org/apache/nifi/reporting/EventAccess.java
@@ -16,14 +16,13 @@
*/
package org.apache.nifi.reporting;
+import java.io.IOException;
+import java.util.List;
import org.apache.nifi.action.Action;
import org.apache.nifi.controller.status.ProcessGroupStatus;
import org.apache.nifi.provenance.ProvenanceEventRecord;
import org.apache.nifi.provenance.ProvenanceEventRepository;
-import java.io.IOException;
-import java.util.List;
-
public interface EventAccess {
/**
diff --git a/nifi-api/src/main/java/org/apache/nifi/reporting/ReportingContext.java b/nifi-api/src/main/java/org/apache/nifi/reporting/ReportingContext.java
index 253089d89fcd..85cf84464469 100644
--- a/nifi-api/src/main/java/org/apache/nifi/reporting/ReportingContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/reporting/ReportingContext.java
@@ -16,13 +16,12 @@
*/
package org.apache.nifi.reporting;
+import java.util.Map;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.state.StateManager;
import org.apache.nifi.context.PropertyContext;
import org.apache.nifi.controller.ControllerServiceLookup;
-import java.util.Map;
-
/**
* This interface provides a bridge between the NiFi Framework and a
* {@link ReportingTask}. This context allows a ReportingTask to access
diff --git a/nifi-api/src/main/java/org/apache/nifi/reporting/ReportingInitializationContext.java b/nifi-api/src/main/java/org/apache/nifi/reporting/ReportingInitializationContext.java
index 0bf49d3976ba..978b42105195 100644
--- a/nifi-api/src/main/java/org/apache/nifi/reporting/ReportingInitializationContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/reporting/ReportingInitializationContext.java
@@ -17,7 +17,6 @@
package org.apache.nifi.reporting;
import java.util.concurrent.TimeUnit;
-
import org.apache.nifi.controller.ControllerServiceLookup;
import org.apache.nifi.controller.NodeTypeProvider;
import org.apache.nifi.kerberos.KerberosContext;
diff --git a/nifi-api/src/test/java/org/apache/nifi/processor/TestDataUnit.java b/nifi-api/src/test/java/org/apache/nifi/processor/TestDataUnit.java
index 3e6a2353c401..a06afdf53b5f 100644
--- a/nifi-api/src/test/java/org/apache/nifi/processor/TestDataUnit.java
+++ b/nifi-api/src/test/java/org/apache/nifi/processor/TestDataUnit.java
@@ -16,10 +16,10 @@
*/
package org.apache.nifi.processor;
-import org.junit.Test;
-
import static org.junit.Assert.assertEquals;
+import org.junit.Test;
+
/**
*
*/
diff --git a/nifi-api/src/test/java/org/apache/nifi/registry/TestVariableRegistry.java b/nifi-api/src/test/java/org/apache/nifi/registry/TestVariableRegistry.java
index e326fab1b18f..6c66323fbf45 100644
--- a/nifi-api/src/test/java/org/apache/nifi/registry/TestVariableRegistry.java
+++ b/nifi-api/src/test/java/org/apache/nifi/registry/TestVariableRegistry.java
@@ -16,10 +16,11 @@
*/
package org.apache.nifi.registry;
-import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
+import org.junit.Test;
+
public class TestVariableRegistry {
@Test
diff --git a/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/notification/http/HttpNotificationService.java b/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/notification/http/HttpNotificationService.java
index fdb4c2d1fff0..5eb9ced2ab35 100644
--- a/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/notification/http/HttpNotificationService.java
+++ b/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/notification/http/HttpNotificationService.java
@@ -39,6 +39,7 @@
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
public class HttpNotificationService extends AbstractNotificationService {
@@ -215,7 +216,7 @@ private static TlsConfiguration createTlsConfigurationFromContext(NotificationIn
String truststorePath = context.getProperty(HttpNotificationService.PROP_TRUSTSTORE).getValue();
String truststorePassword = context.getProperty(HttpNotificationService.PROP_TRUSTSTORE_PASSWORD).getValue();
String truststoreType = context.getProperty(HttpNotificationService.PROP_TRUSTSTORE_TYPE).getValue();
- return new TlsConfiguration(keystorePath, keystorePassword, keyPassword, keystoreType, truststorePath, truststorePassword, truststoreType);
+ return new StandardTlsConfiguration(keystorePath, keystorePassword, keyPassword, keystoreType, truststorePath, truststorePassword, truststoreType);
}
@Override
diff --git a/nifi-bootstrap/src/test/java/org/apache/nifi/bootstrap/http/TestHttpNotificationServiceSSL.java b/nifi-bootstrap/src/test/java/org/apache/nifi/bootstrap/http/TestHttpNotificationServiceSSL.java
index ac280cf319d5..5fbbd7c89cec 100644
--- a/nifi-bootstrap/src/test/java/org/apache/nifi/bootstrap/http/TestHttpNotificationServiceSSL.java
+++ b/nifi-bootstrap/src/test/java/org/apache/nifi/bootstrap/http/TestHttpNotificationServiceSSL.java
@@ -31,8 +31,9 @@
import javax.xml.parsers.ParserConfigurationException;
import okhttp3.mockwebserver.MockWebServer;
import org.apache.nifi.bootstrap.NotificationServiceManager;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.junit.After;
@@ -135,9 +136,9 @@ public void startServer() throws IOException, TlsException {
mockWebServer = new MockWebServer();
- TlsConfiguration tlsConfiguration = new TlsConfiguration("./src/test/resources/keystore.jks", "passwordpassword", null, "JKS",
- "./src/test/resources/truststore.jks", "passwordpassword", "JKS", CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
- final SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.REQUIRED);
+ TlsConfiguration tlsConfiguration = new StandardTlsConfiguration("./src/test/resources/keystore.jks", "passwordpassword", null, "JKS",
+ "./src/test/resources/truststore.jks", "passwordpassword", "JKS", TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
+ final SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, ClientAuth.REQUIRED);
mockWebServer.useHttps(sslContext.getSocketFactory(), false);
String configFileOutput = CONFIGURATION_FILE_TEXT.replace("${test.server}", String.valueOf(mockWebServer.url("/")));
diff --git a/nifi-commons/nifi-security-utils-api/pom.xml b/nifi-commons/nifi-security-utils-api/pom.xml
new file mode 100644
index 000000000000..02dbe5206a9e
--- /dev/null
+++ b/nifi-commons/nifi-security-utils-api/pom.xml
@@ -0,0 +1,32 @@
+
+
+ 4.0.0
+
+ org.apache.nifi
+ nifi-commons
+ 1.13.0-SNAPSHOT
+
+ nifi-security-utils-api
+
+ This nifi-security-utils-api module holds reusable code necessary for security
+ across the project. This module is included in a number of api modules and must
+ have no external dependencies.
+
+
+
+
diff --git a/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/ClientAuth.java b/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/ClientAuth.java
new file mode 100644
index 000000000000..df6d7357ab0e
--- /dev/null
+++ b/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/ClientAuth.java
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.security.util;
+
+import java.util.Arrays;
+import java.util.stream.Collectors;
+
+/**
+ * This enum is used to indicate the three possible options for a server requesting a client certificate during TLS handshake negotiation.
+ */
+public enum ClientAuth {
+ WANT("Want", "Requests the client certificate on handshake and validates if present but does not require it"),
+ REQUIRED("Required", "Requests the client certificate on handshake and rejects the connection if it is not present and valid"),
+ NONE("None", "Does not request the client certificate on handshake");
+
+ private final String type;
+ private final String description;
+
+ ClientAuth(String type, String description) {
+ this.type = type;
+ this.description = description;
+ }
+
+ public String getType() {
+ return this.type;
+ }
+
+ public String getDescription() {
+ return this.description;
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("[SslContextFactory]");
+ sb.append("type=").append(type);
+ sb.append("description=").append(description);
+ return sb.toString();
+ }
+
+ /**
+ * Returns {@code true} if the provided type is a valid {@link ClientAuth} type.
+ *
+ * @param type the raw type string
+ * @return true if the type is valid
+ */
+ public static boolean isValidClientAuthType(String type) {
+ if (type == null || type.replaceAll("\\s", "").isEmpty()) {
+ return false;
+ }
+ return (Arrays.stream(values()).map(ca -> ca.getType().toLowerCase()).collect(Collectors.toList()).contains(type.toLowerCase()));
+ }
+}
diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeystoreType.java b/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/KeystoreType.java
similarity index 95%
rename from nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeystoreType.java
rename to nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/KeystoreType.java
index ea47463897a1..b5347e376288 100644
--- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeystoreType.java
+++ b/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/KeystoreType.java
@@ -18,7 +18,6 @@
import java.util.Arrays;
import java.util.stream.Collectors;
-import org.apache.nifi.util.StringUtils;
/**
* Keystore types.
@@ -49,7 +48,7 @@ public String toString() {
}
public static boolean isValidKeystoreType(String type) {
- if (StringUtils.isBlank(type)) {
+ if (type == null || type.replaceAll("\\s", "").isEmpty()) {
return false;
}
return (Arrays.stream(values()).map(kt -> kt.getType().toLowerCase()).collect(Collectors.toList()).contains(type.toLowerCase()));
diff --git a/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/TlsConfiguration.java b/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/TlsConfiguration.java
new file mode 100644
index 000000000000..b696fa1db9f6
--- /dev/null
+++ b/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/TlsConfiguration.java
@@ -0,0 +1,219 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.security.util;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * This interface serves as an immutable domain object (acting as an internal DTO) for
+ * the various keystore and truststore configuration settings necessary for building
+ * {@link javax.net.ssl.SSLContext}s.
+ */
+public interface TlsConfiguration {
+ String JAVA_8_MAX_SUPPORTED_TLS_PROTOCOL_VERSION = "TLSv1.2";
+ String JAVA_11_MAX_SUPPORTED_TLS_PROTOCOL_VERSION = "TLSv1.3";
+ String[] JAVA_8_SUPPORTED_TLS_PROTOCOL_VERSIONS = new String[]{JAVA_8_MAX_SUPPORTED_TLS_PROTOCOL_VERSION};
+ String[] JAVA_11_SUPPORTED_TLS_PROTOCOL_VERSIONS = new String[]{JAVA_11_MAX_SUPPORTED_TLS_PROTOCOL_VERSION, JAVA_8_MAX_SUPPORTED_TLS_PROTOCOL_VERSION};
+
+
+ /**
+ * Returns {@code true} if the provided TlsConfiguration is {@code null} or empty
+ * (i.e. neither any of the keystore nor truststore properties are populated).
+ *
+ * @param tlsConfiguration the container object to check
+ * @return true if this container is empty or null
+ */
+ static boolean isEmpty(TlsConfiguration tlsConfiguration) {
+ return tlsConfiguration == null || !(tlsConfiguration.isAnyKeystorePopulated() || tlsConfiguration.isAnyTruststorePopulated());
+ }
+
+ // Getters & setters
+
+ String getKeystorePath();
+
+ String getKeystorePassword();
+
+ /**
+ * Returns {@code "********"} if the keystore password is populated, {@code "null"} if not.
+ *
+ * @return a loggable String representation of the keystore password
+ */
+ String getKeystorePasswordForLogging();
+
+ String getKeyPassword();
+
+ /**
+ * Returns {@code "********"} if the key password is populated, {@code "null"} if not.
+ *
+ * @return a loggable String representation of the key password
+ */
+ String getKeyPasswordForLogging();
+
+ /**
+ * Returns the "working" key password -- if the key password is populated, it is returned; otherwise the {@link #getKeystorePassword()} is returned.
+ *
+ * @return the key or keystore password actually populated
+ */
+ String getFunctionalKeyPassword();
+
+ /**
+ * Returns {@code "********"} if the functional key password is populated, {@code "null"} if not.
+ *
+ * @return a loggable String representation of the functional key password
+ */
+ String getFunctionalKeyPasswordForLogging();
+
+ KeystoreType getKeystoreType();
+
+ String getTruststorePath();
+
+ String getTruststorePassword();
+
+ /**
+ * Returns {@code "********"} if the truststore password is populated, {@code "null"} if not.
+ *
+ * @return a loggable String representation of the truststore password
+ */
+ String getTruststorePasswordForLogging();
+
+ KeystoreType getTruststoreType();
+
+ String getProtocol();
+
+ // Boolean validators for keystore & truststore
+
+ /**
+ * Returns {@code true} if the necessary properties are populated to instantiate a keystore. This does not validate the values (see {@link #isKeystoreValid()}).
+ *
+ * @return true if the path, password, and type are present
+ */
+ boolean isKeystorePopulated();
+
+ /**
+ * Returns {@code true} if any of the keystore properties is populated, indicating that the caller expects a valid keystore to be generated.
+ *
+ * @return true if any keystore properties are present
+ */
+ boolean isAnyKeystorePopulated();
+
+ /**
+ * Returns {@code true} if the necessary properties are populated and the keystore can be successfully instantiated (i.e. the path is valid and the password(s) are correct).
+ *
+ * @return true if the keystore properties are valid
+ */
+ boolean isKeystoreValid();
+
+ /**
+ * Returns {@code true} if the necessary properties are populated to instantiate a truststore. This does not validate the values (see {@link #isTruststoreValid()}).
+ *
+ * @return true if the path, password, and type are present
+ */
+ boolean isTruststorePopulated();
+
+ /**
+ * Returns {@code true} if any of the truststore properties is populated, indicating that the caller expects a valid truststore to be generated.
+ *
+ * @return true if any truststore properties are present
+ */
+ boolean isAnyTruststorePopulated();
+
+ /**
+ * Returns {@code true} if the necessary properties are populated and the truststore can be successfully instantiated (i.e. the path is valid and the password is correct).
+ *
+ * @return true if the truststore properties are valid
+ */
+ boolean isTruststoreValid();
+
+ /**
+ * Returns a {@code String[]} containing the keystore properties for logging. The order is
+ * {@link #getKeystorePath()}, {@link #getKeystorePasswordForLogging()},
+ * {@link #getFunctionalKeyPasswordForLogging()}, {@link #getKeystoreType()} (using the type or "null").
+ *
+ * @return a loggable String[]
+ */
+ String[] getKeystorePropertiesForLogging();
+
+ /**
+ * Returns a {@code String[]} containing the truststore properties for logging. The order is
+ * {@link #getTruststorePath()}, {@link #getTruststorePasswordForLogging()},
+ * {@link #getTruststoreType()} (using the type or "null").
+ *
+ * @return a loggable String[]
+ */
+ String[] getTruststorePropertiesForLogging();
+
+ /**
+ * Returns the JVM Java major version based on the System properties (e.g. {@code JVM 1.8.0.231} -> {code 8}).
+ *
+ * @return the Java major version
+ */
+ static int getJavaVersion() {
+ String version = System.getProperty("java.version");
+ return parseJavaVersion(version);
+ }
+
+ /**
+ * Returns the major version parsed from the provided Java version string (e.g. {@code "1.8.0.231"} -> {@code 8}).
+ *
+ * @param version the Java version string
+ * @return the major version as an int
+ */
+ static int parseJavaVersion(String version) {
+ String majorVersion;
+ if (version.startsWith("1.")) {
+ majorVersion = version.substring(2, 3);
+ } else {
+ Pattern majorVersion9PlusPattern = Pattern.compile("(\\d+).*");
+ Matcher m = majorVersion9PlusPattern.matcher(version);
+ if (m.find()) {
+ majorVersion = m.group(1);
+ } else {
+ throw new IllegalArgumentException("Could not detect major version of " + version);
+ }
+ }
+ return Integer.parseInt(majorVersion);
+ }
+
+ /**
+ * Returns a {@code String[]} of supported TLS protocol versions based on the current Java platform version.
+ *
+ * @return the supported TLS protocol version(s)
+ */
+ static String[] getCurrentSupportedTlsProtocolVersions() {
+ int javaMajorVersion = getJavaVersion();
+ if (javaMajorVersion < 11) {
+ return JAVA_8_SUPPORTED_TLS_PROTOCOL_VERSIONS;
+ } else {
+ return JAVA_11_SUPPORTED_TLS_PROTOCOL_VERSIONS;
+ }
+ }
+
+ /**
+ * Returns the highest supported TLS protocol version based on the current Java platform version.
+ *
+ * @return the TLS protocol (e.g. {@code "TLSv1.2"})
+ */
+ static String getHighestCurrentSupportedTlsProtocolVersion() {
+ int javaMajorVersion = getJavaVersion();
+ if (javaMajorVersion < 11) {
+ return JAVA_8_MAX_SUPPORTED_TLS_PROTOCOL_VERSION;
+ } else {
+ return JAVA_11_MAX_SUPPORTED_TLS_PROTOCOL_VERSION;
+ }
+ }
+}
diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/TlsException.java b/nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/TlsException.java
similarity index 100%
rename from nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/TlsException.java
rename to nifi-commons/nifi-security-utils-api/src/main/java/org/apache/nifi/security/util/TlsException.java
diff --git a/nifi-commons/nifi-security-utils-api/src/test/groovy/org/apache/nifi/security/util/TlsConfigurationTest.groovy b/nifi-commons/nifi-security-utils-api/src/test/groovy/org/apache/nifi/security/util/TlsConfigurationTest.groovy
new file mode 100644
index 000000000000..88e95241f95d
--- /dev/null
+++ b/nifi-commons/nifi-security-utils-api/src/test/groovy/org/apache/nifi/security/util/TlsConfigurationTest.groovy
@@ -0,0 +1,102 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.security.util
+
+
+import org.junit.After
+import org.junit.Before
+import org.junit.BeforeClass
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.junit.runners.JUnit4
+import org.slf4j.Logger
+import org.slf4j.LoggerFactory
+
+@RunWith(JUnit4.class)
+class TlsConfigurationTest extends GroovyTestCase {
+ private static final Logger logger = LoggerFactory.getLogger(TlsConfigurationTest.class)
+
+ @BeforeClass
+ static void setUpOnce() {
+ logger.metaClass.methodMissing = { String name, args ->
+ logger.info("[${name?.toUpperCase()}] ${(args as List).join(" ")}")
+ }
+ }
+
+ @Before
+ void setUp() {
+ super.setUp()
+
+ }
+
+ @After
+ void tearDown() {
+
+ }
+
+ @Test
+ void testShouldParseJavaVersion() {
+ // Arrange
+ def possibleVersions = ["1.5.0", "1.6.0", "1.7.0.123", "1.8.0.231", "9.0.1", "10.1.2", "11.2.3", "12.3.456"]
+
+ // Act
+ def majorVersions = possibleVersions.collect { String version ->
+ logger.debug("Attempting to determine major version of ${version}")
+ TlsConfiguration.parseJavaVersion(version)
+ }
+ logger.info("Major versions: ${majorVersions}")
+
+ // Assert
+ assert majorVersions == (5..12)
+ }
+
+ @Test
+ void testShouldGetCurrentSupportedTlsProtocolVersions() {
+ // Arrange
+ int javaMajorVersion = TlsConfiguration.getJavaVersion()
+ logger.debug("Running on Java version: ${javaMajorVersion}")
+
+ // Act
+ def tlsVersions = TlsConfiguration.getCurrentSupportedTlsProtocolVersions()
+ logger.info("Supported protocol versions for ${javaMajorVersion}: ${tlsVersions}")
+
+ // Assert
+ if (javaMajorVersion < 11) {
+ assert tlsVersions == ["TLSv1.2"] as String[]
+ } else {
+ assert tlsVersions == ["TLSv1.3", "TLSv1.2"] as String[]
+ }
+ }
+
+ @Test
+ void testShouldGetMaxCurrentSupportedTlsProtocolVersion() {
+ // Arrange
+ int javaMajorVersion = TlsConfiguration.getJavaVersion()
+ logger.debug("Running on Java version: ${javaMajorVersion}")
+
+ // Act
+ def tlsVersion = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion()
+ logger.info("Highest supported protocol version for ${javaMajorVersion}: ${tlsVersion}")
+
+ // Assert
+ if (javaMajorVersion < 11) {
+ assert tlsVersion == "TLSv1.2"
+ } else {
+ assert tlsVersion == "TLSv1.3"
+ }
+ }
+}
diff --git a/nifi-commons/nifi-security-utils/pom.xml b/nifi-commons/nifi-security-utils/pom.xml
index aa3167a4b875..9716b56488b6 100644
--- a/nifi-commons/nifi-security-utils/pom.xml
+++ b/nifi-commons/nifi-security-utils/pom.xml
@@ -37,6 +37,11 @@
nifi-utils
1.13.0-SNAPSHOT
+
+ org.apache.nifi
+ nifi-security-utils-api
+ 1.13.0-SNAPSHOT
+
ch.qos.logback
logback-classic
@@ -84,6 +89,11 @@
spock-core
test
+
+ org.apache.commons
+ commons-configuration2
+ 2.7
+
diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/CertificateUtils.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/CertificateUtils.java
index a93c51866a65..d3383ec030f1 100644
--- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/CertificateUtils.java
+++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/CertificateUtils.java
@@ -38,8 +38,6 @@
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
@@ -50,8 +48,8 @@
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
@@ -201,7 +199,7 @@ public static String extractPeerDNFromSSLSocket(Socket socket) throws Certificat
boolean clientMode = sslSocket.getUseClientMode();
logger.debug("SSL Socket in {} mode", clientMode ? "client" : "server");
- SslContextFactory.ClientAuth clientAuth = getClientAuthStatus(sslSocket);
+ ClientAuth clientAuth = getClientAuthStatus(sslSocket);
logger.debug("SSL Socket client auth status: {}", clientAuth);
if (clientMode) {
@@ -234,10 +232,10 @@ private static String extractPeerDNFromClientSSLSocket(SSLSocket sslSocket) thro
* This method should throw an exception if none are provided for need, return null if none are provided for want, and return null (without checking) for none.
*/
- SslContextFactory.ClientAuth clientAuth = getClientAuthStatus(sslSocket);
+ ClientAuth clientAuth = getClientAuthStatus(sslSocket);
logger.debug("SSL Socket client auth status: {}", clientAuth);
- if (clientAuth != SslContextFactory.ClientAuth.NONE) {
+ if (clientAuth != ClientAuth.NONE) {
try {
final Certificate[] certChains = sslSocket.getSession().getPeerCertificates();
if (certChains != null && certChains.length > 0) {
@@ -250,9 +248,9 @@ private static String extractPeerDNFromClientSSLSocket(SSLSocket sslSocket) thro
logger.error("The incoming request did not contain client certificates and thus the DN cannot" +
" be extracted. Check that the other endpoint is providing a complete client certificate chain");
}
- if (clientAuth == SslContextFactory.ClientAuth.WANT) {
+ if (clientAuth == ClientAuth.WANT) {
logger.warn("Suppressing missing client certificate exception because client auth is set to 'want'");
- return dn;
+ return null;
}
throw new CertificateException(e);
}
@@ -289,8 +287,8 @@ private static String extractPeerDNFromServerSSLSocket(Socket socket) throws Cer
return dn;
}
- private static SslContextFactory.ClientAuth getClientAuthStatus(SSLSocket sslSocket) {
- return sslSocket.getNeedClientAuth() ? SslContextFactory.ClientAuth.REQUIRED : sslSocket.getWantClientAuth() ? SslContextFactory.ClientAuth.WANT : SslContextFactory.ClientAuth.NONE;
+ private static ClientAuth getClientAuthStatus(SSLSocket sslSocket) {
+ return sslSocket.getNeedClientAuth() ? ClientAuth.REQUIRED : sslSocket.getWantClientAuth() ? ClientAuth.WANT : ClientAuth.NONE;
}
/**
@@ -627,66 +625,6 @@ public static boolean isTlsError(Throwable e) {
}
}
- /**
- * Returns the JVM Java major version based on the System properties (e.g. {@code JVM 1.8.0.231} -> {code 8}).
- *
- * @return the Java major version
- */
- public static int getJavaVersion() {
- String version = System.getProperty("java.version");
- return parseJavaVersion(version);
- }
-
- /**
- * Returns the major version parsed from the provided Java version string (e.g. {@code "1.8.0.231"} -> {@code 8}).
- *
- * @param version the Java version string
- * @return the major version as an int
- */
- public static int parseJavaVersion(String version) {
- String majorVersion;
- if (version.startsWith("1.")) {
- majorVersion = version.substring(2, 3);
- } else {
- Pattern majorVersion9PlusPattern = Pattern.compile("(\\d+).*");
- Matcher m = majorVersion9PlusPattern.matcher(version);
- if (m.find()) {
- majorVersion = m.group(1);
- } else {
- throw new IllegalArgumentException("Could not detect major version of " + version);
- }
- }
- return Integer.parseInt(majorVersion);
- }
-
- /**
- * Returns a {@code String[]} of supported TLS protocol versions based on the current Java platform version.
- *
- * @return the supported TLS protocol version(s)
- */
- public static String[] getCurrentSupportedTlsProtocolVersions() {
- int javaMajorVersion = getJavaVersion();
- if (javaMajorVersion < 11) {
- return JAVA_8_SUPPORTED_TLS_PROTOCOL_VERSIONS;
- } else {
- return JAVA_11_SUPPORTED_TLS_PROTOCOL_VERSIONS;
- }
- }
-
- /**
- * Returns the highest supported TLS protocol version based on the current Java platform version.
- *
- * @return the TLS protocol (e.g. {@code "TLSv1.2"})
- */
- public static String getHighestCurrentSupportedTlsProtocolVersion() {
- int javaMajorVersion = getJavaVersion();
- if (javaMajorVersion < 11) {
- return JAVA_8_MAX_SUPPORTED_TLS_PROTOCOL_VERSION;
- } else {
- return JAVA_11_MAX_SUPPORTED_TLS_PROTOCOL_VERSION;
- }
- }
-
private CertificateUtils() {
}
}
diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/SslContextFactory.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/SslContextFactory.java
index 39dcafa4fbce..6a5e54668200 100644
--- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/SslContextFactory.java
+++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/SslContextFactory.java
@@ -21,7 +21,6 @@
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Optional;
-import java.util.stream.Collectors;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
@@ -29,9 +28,6 @@
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
-import org.apache.commons.lang3.builder.ToStringBuilder;
-import org.apache.commons.lang3.builder.ToStringStyle;
-import org.apache.nifi.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -44,46 +40,7 @@
public final class SslContextFactory {
private static final Logger logger = LoggerFactory.getLogger(SslContextFactory.class);
- /**
- * This enum is used to indicate the three possible options for a server requesting a client certificate during TLS handshake negotiation.
- */
- public enum ClientAuth {
- WANT("Want", "Requests the client certificate on handshake and validates if present but does not require it"),
- REQUIRED("Required", "Requests the client certificate on handshake and rejects the connection if it is not present and valid"),
- NONE("None", "Does not request the client certificate on handshake");
-
- private final String type;
- private final String description;
-
- ClientAuth(String type, String description) {
- this.type = type;
- this.description = description;
- }
-
- public String getType() {
- return this.type;
- }
-
- public String getDescription() {
- return this.description;
- }
-
- @Override
- public String toString() {
- final ToStringBuilder builder = new ToStringBuilder(this);
- ToStringBuilder.setDefaultStyle(ToStringStyle.SHORT_PREFIX_STYLE);
- builder.append("Type", type);
- builder.append("Description", description);
- return builder.toString();
- }
-
- public static boolean isValidClientAuthType(String type) {
- if (StringUtils.isBlank(type)) {
- return false;
- }
- return (Arrays.stream(values()).map(ca -> ca.getType().toLowerCase()).collect(Collectors.toList()).contains(type.toLowerCase()));
- }
- }
+ // TODO: Move to nifi-security-utils-core
/**
* Returns a configured {@link SSLContext} from the provided TLS configuration. Hardcodes the
diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/TlsConfiguration.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/StandardTlsConfiguration.java
similarity index 79%
rename from nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/TlsConfiguration.java
rename to nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/StandardTlsConfiguration.java
index 021986b2165c..dfaab7bae654 100644
--- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/TlsConfiguration.java
+++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/StandardTlsConfiguration.java
@@ -19,19 +19,21 @@
import java.io.File;
import java.net.MalformedURLException;
import java.util.Objects;
-import org.apache.commons.lang3.builder.ToStringBuilder;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+
/**
- * This class serves as an immutable domain object (acting as an internal DTO) for the various keystore and truststore configuration settings necessary for building {@link javax.net.ssl.SSLContext}s.
+ * This class serves as a concrete immutable domain object (acting as an internal DTO)
+ * for the various keystore and truststore configuration settings necessary for
+ * building {@link javax.net.ssl.SSLContext}s.
*/
-public class TlsConfiguration {
- private static final Logger logger = LoggerFactory.getLogger(TlsConfiguration.class);
+public class StandardTlsConfiguration implements TlsConfiguration {
+ private static final Logger logger = LoggerFactory.getLogger(StandardTlsConfiguration.class);
- private static final String TLS_PROTOCOL_VERSION = CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion();
+ private static final String TLS_PROTOCOL_VERSION = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion();
private static final String MASKED_PASSWORD_LOG = "********";
private static final String NULL_LOG = "null";
@@ -49,7 +51,7 @@ public class TlsConfiguration {
/**
* Default constructor present for testing and completeness.
*/
- public TlsConfiguration() {
+ public StandardTlsConfiguration() {
this(null, null, null, "", null, null, "", null);
}
@@ -63,7 +65,7 @@ public TlsConfiguration() {
* @param truststorePassword the truststore password
* @param truststoreType the truststore type
*/
- public TlsConfiguration(String keystorePath, String keystorePassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType) {
+ public StandardTlsConfiguration(String keystorePath, String keystorePassword, KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType) {
this(keystorePath, keystorePassword, keystorePassword, keystoreType, truststorePath, truststorePassword, truststoreType, TLS_PROTOCOL_VERSION);
}
@@ -78,7 +80,7 @@ public TlsConfiguration(String keystorePath, String keystorePassword, KeystoreTy
* @param truststorePassword the truststore password
* @param truststoreType the truststore type
*/
- public TlsConfiguration(String keystorePath, String keystorePassword, String keyPassword,
+ public StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword,
KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType) {
this(keystorePath, keystorePassword, keyPassword, keystoreType, truststorePath, truststorePassword, truststoreType, TLS_PROTOCOL_VERSION);
}
@@ -94,7 +96,7 @@ public TlsConfiguration(String keystorePath, String keystorePassword, String key
* @param truststorePassword the truststore password
* @param truststoreType the truststore type as a String
*/
- public TlsConfiguration(String keystorePath, String keystorePassword, String keyPassword,
+ public StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword,
String keystoreType, String truststorePath, String truststorePassword, String truststoreType) {
this(keystorePath, keystorePassword, keyPassword,
(KeystoreType.isValidKeystoreType(keystoreType) ? KeystoreType.valueOf(keystoreType.toUpperCase()) : null),
@@ -115,7 +117,7 @@ public TlsConfiguration(String keystorePath, String keystorePassword, String key
* @param truststoreType the truststore type as a String
* @param protocol the TLS protocol version string
*/
- public TlsConfiguration(String keystorePath, String keystorePassword, String keyPassword,
+ public StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword,
String keystoreType, String truststorePath, String truststorePassword, String truststoreType, String protocol) {
this(keystorePath, keystorePassword, keyPassword,
(KeystoreType.isValidKeystoreType(keystoreType) ? KeystoreType.valueOf(keystoreType.toUpperCase()) : null),
@@ -136,7 +138,7 @@ public TlsConfiguration(String keystorePath, String keystorePassword, String key
* @param truststoreType the truststore type
* @param protocol the TLS protocol version string
*/
- public TlsConfiguration(String keystorePath, String keystorePassword, String keyPassword,
+ public StandardTlsConfiguration(String keystorePath, String keystorePassword, String keyPassword,
KeystoreType keystoreType, String truststorePath, String truststorePassword, KeystoreType truststoreType, String protocol) {
this.keystorePath = keystorePath;
this.keystorePassword = keystorePassword;
@@ -153,26 +155,26 @@ public TlsConfiguration(String keystorePath, String keystorePassword, String key
*
* @param other the configuration to copy
*/
- public TlsConfiguration(TlsConfiguration other) {
- this.keystorePath = other.keystorePath;
- this.keystorePassword = other.keystorePassword;
- this.keyPassword = other.keyPassword;
- this.keystoreType = other.keystoreType;
- this.truststorePath = other.truststorePath;
- this.truststorePassword = other.truststorePassword;
- this.truststoreType = other.truststoreType;
- this.protocol = other.protocol;
+ public StandardTlsConfiguration(TlsConfiguration other) {
+ this.keystorePath = other.getKeystorePath();
+ this.keystorePassword = other.getKeystorePassword();
+ this.keyPassword = other.getKeyPassword();
+ this.keystoreType = other.getKeystoreType();
+ this.truststorePath = other.getTruststorePath();
+ this.truststorePassword = other.getTruststorePassword();
+ this.truststoreType = other.getTruststoreType();
+ this.protocol = other.getProtocol();
}
// Static factory method from NiFiProperties
/**
- * Returns a {@link TlsConfiguration} instantiated from the relevant {@link NiFiProperties} properties.
+ * Returns a {@link org.apache.nifi.security.util.TlsConfiguration} instantiated from the relevant {@link NiFiProperties} properties.
*
* @param niFiProperties the NiFi properties
* @return a populated TlsConfiguration container object
*/
- public static TlsConfiguration fromNiFiProperties(NiFiProperties niFiProperties) {
+ public static StandardTlsConfiguration fromNiFiProperties(NiFiProperties niFiProperties) {
if (niFiProperties == null) {
throw new IllegalArgumentException("The NiFi properties cannot be null");
}
@@ -186,7 +188,7 @@ public static TlsConfiguration fromNiFiProperties(NiFiProperties niFiProperties)
String truststoreType = niFiProperties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE);
String protocol = TLS_PROTOCOL_VERSION;
- final TlsConfiguration tlsConfiguration = new TlsConfiguration(keystorePath, keystorePassword, keyPassword,
+ final StandardTlsConfiguration tlsConfiguration = new StandardTlsConfiguration(keystorePath, keystorePassword, keyPassword,
keystoreType, truststorePath, truststorePassword,
truststoreType, protocol);
if (logger.isDebugEnabled()) {
@@ -199,12 +201,14 @@ public static TlsConfiguration fromNiFiProperties(NiFiProperties niFiProperties)
}
/**
- * Returns a {@link TlsConfiguration} instantiated from the relevant {@link NiFiProperties} properties for the truststore only. No keystore properties are read or used.
+ * Returns a {@link org.apache.nifi.security.util.TlsConfiguration} instantiated
+ * from the relevant {@link NiFiProperties} properties for the truststore
+ * only. No keystore properties are read or used.
*
* @param niFiProperties the NiFi properties
* @return a populated TlsConfiguration container object
*/
- public static TlsConfiguration fromNiFiPropertiesTruststoreOnly(NiFiProperties niFiProperties) {
+ public static StandardTlsConfiguration fromNiFiPropertiesTruststoreOnly(NiFiProperties niFiProperties) {
if (niFiProperties == null) {
throw new IllegalArgumentException("The NiFi properties cannot be null");
}
@@ -214,7 +218,7 @@ public static TlsConfiguration fromNiFiPropertiesTruststoreOnly(NiFiProperties n
String truststoreType = niFiProperties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE);
String protocol = TLS_PROTOCOL_VERSION;
- final TlsConfiguration tlsConfiguration = new TlsConfiguration(null, null, null, null, truststorePath, truststorePassword,
+ final StandardTlsConfiguration tlsConfiguration = new StandardTlsConfiguration(null, null, null, null, truststorePath, truststorePassword,
truststoreType, protocol);
if (logger.isDebugEnabled()) {
logger.debug("Instantiating TlsConfiguration from NiFi properties: null x4, {}, {}, {}, {}",
@@ -224,23 +228,25 @@ public static TlsConfiguration fromNiFiPropertiesTruststoreOnly(NiFiProperties n
return tlsConfiguration;
}
- /**
- * Returns {@code true} if the provided TlsConfiguration is {@code null} or empty
- * (i.e. neither any of the keystore nor truststore properties are populated).
- *
- * @param tlsConfiguration the container object to check
- * @return true if this container is empty or null
- */
- public static boolean isEmpty(TlsConfiguration tlsConfiguration) {
- return tlsConfiguration == null || !(tlsConfiguration.isAnyKeystorePopulated() || tlsConfiguration.isAnyTruststorePopulated());
- }
+ // /**
+ // * Returns {@code true} if the provided TlsConfiguration is {@code null} or empty
+ // * (i.e. neither any of the keystore nor truststore properties are populated).
+ // *
+ // * @param tlsConfiguration the container object to check
+ // * @return true if this container is empty or null
+ // */
+ // public static boolean isEmpty(org.apache.nifi.security.util.TlsConfiguration tlsConfiguration) {
+ // return tlsConfiguration == null || !(tlsConfiguration.isAnyKeystorePopulated() || tlsConfiguration.isAnyTruststorePopulated());
+ // }
// Getters & setters
+ @Override
public String getKeystorePath() {
return keystorePath;
}
+ @Override
public String getKeystorePassword() {
return keystorePassword;
}
@@ -250,10 +256,12 @@ public String getKeystorePassword() {
*
* @return a loggable String representation of the keystore password
*/
+ @Override
public String getKeystorePasswordForLogging() {
return maskPasswordForLog(keystorePassword);
}
+ @Override
public String getKeyPassword() {
return keyPassword;
}
@@ -263,6 +271,7 @@ public String getKeyPassword() {
*
* @return a loggable String representation of the key password
*/
+ @Override
public String getKeyPasswordForLogging() {
return maskPasswordForLog(keyPassword);
}
@@ -272,6 +281,7 @@ public String getKeyPasswordForLogging() {
*
* @return the key or keystore password actually populated
*/
+ @Override
public String getFunctionalKeyPassword() {
return StringUtils.isNotBlank(keyPassword) ? keyPassword : keystorePassword;
}
@@ -281,18 +291,22 @@ public String getFunctionalKeyPassword() {
*
* @return a loggable String representation of the functional key password
*/
+ @Override
public String getFunctionalKeyPasswordForLogging() {
return maskPasswordForLog(getFunctionalKeyPassword());
}
+ @Override
public KeystoreType getKeystoreType() {
return keystoreType;
}
+ @Override
public String getTruststorePath() {
return truststorePath;
}
+ @Override
public String getTruststorePassword() {
return truststorePassword;
}
@@ -302,14 +316,17 @@ public String getTruststorePassword() {
*
* @return a loggable String representation of the truststore password
*/
+ @Override
public String getTruststorePasswordForLogging() {
return maskPasswordForLog(truststorePassword);
}
+ @Override
public KeystoreType getTruststoreType() {
return truststoreType;
}
+ @Override
public String getProtocol() {
return protocol;
}
@@ -321,6 +338,7 @@ public String getProtocol() {
*
* @return true if the path, password, and type are present
*/
+ @Override
public boolean isKeystorePopulated() {
return isStorePopulated(keystorePath, keystorePassword, keystoreType, "keystore");
}
@@ -330,6 +348,7 @@ public boolean isKeystorePopulated() {
*
* @return true if any keystore properties are present
*/
+ @Override
public boolean isAnyKeystorePopulated() {
return isAnyPopulated(keystorePath, keystorePassword, keystoreType);
}
@@ -339,6 +358,7 @@ public boolean isAnyKeystorePopulated() {
*
* @return true if the keystore properties are valid
*/
+ @Override
public boolean isKeystoreValid() {
boolean simpleCheck = isStoreValid(keystorePath, keystorePassword, keystoreType, "keystore");
if (simpleCheck) {
@@ -363,6 +383,7 @@ public boolean isKeystoreValid() {
*
* @return true if the path, password, and type are present
*/
+ @Override
public boolean isTruststorePopulated() {
return isStorePopulated(truststorePath, truststorePassword, truststoreType, "truststore");
}
@@ -372,6 +393,7 @@ public boolean isTruststorePopulated() {
*
* @return true if any truststore properties are present
*/
+ @Override
public boolean isAnyTruststorePopulated() {
return isAnyPopulated(truststorePath, truststorePassword, truststoreType);
}
@@ -381,6 +403,7 @@ public boolean isAnyTruststorePopulated() {
*
* @return true if the truststore properties are valid
*/
+ @Override
public boolean isTruststoreValid() {
return isStoreValid(truststorePath, truststorePassword, truststoreType, "truststore");
}
@@ -392,6 +415,7 @@ public boolean isTruststoreValid() {
*
* @return a loggable String[]
*/
+ @Override
public String[] getKeystorePropertiesForLogging() {
return new String[]{getKeystorePath(), getKeystorePasswordForLogging(), getFunctionalKeyPasswordForLogging(), getKeystoreType() != null ? getKeystoreType().getType() : NULL_LOG};
}
@@ -403,37 +427,38 @@ public String[] getKeystorePropertiesForLogging() {
*
* @return a loggable String[]
*/
+ @Override
public String[] getTruststorePropertiesForLogging() {
return new String[]{getTruststorePath(), getTruststorePasswordForLogging(), getKeystoreType() != null ? getTruststoreType().getType() : NULL_LOG};
}
@Override
public String toString() {
- return new ToStringBuilder(this)
- .append("keystorePath", keystorePath)
- .append("keystorePassword", getKeystorePasswordForLogging())
- .append("keyPassword", getKeyPasswordForLogging())
- .append("keystoreType", keystoreType)
- .append("truststorePath", truststorePath)
- .append("truststorePassword", getTruststorePasswordForLogging())
- .append("truststoreType", truststoreType)
- .append("protocol", protocol)
- .toString();
+ StringBuilder sb = new StringBuilder("[TlsConfiguration]");
+ sb.append("keystorePath=").append(keystorePath);
+ sb.append(",keystorePassword=").append(getKeystorePasswordForLogging());
+ sb.append(",keyPassword=").append(getKeyPasswordForLogging());
+ sb.append(",keystoreType=").append(keystoreType);
+ sb.append(",truststorePath=").append(truststorePath);
+ sb.append(",truststorePassword=").append(getTruststorePasswordForLogging());
+ sb.append(",truststoreType=").append(truststoreType);
+ sb.append(",protocol=").append(protocol);
+ return sb.toString();
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
- TlsConfiguration that = (TlsConfiguration) o;
- return Objects.equals(keystorePath, that.keystorePath)
- && Objects.equals(keystorePassword, that.keystorePassword)
- && Objects.equals(keyPassword, that.keyPassword)
- && keystoreType == that.keystoreType
- && Objects.equals(truststorePath, that.truststorePath)
- && Objects.equals(truststorePassword, that.truststorePassword)
- && truststoreType == that.truststoreType
- && Objects.equals(protocol, that.protocol);
+ org.apache.nifi.security.util.TlsConfiguration that = (org.apache.nifi.security.util.TlsConfiguration) o;
+ return Objects.equals(keystorePath, that.getKeystorePath())
+ && Objects.equals(keystorePassword, that.getKeystorePassword())
+ && Objects.equals(keyPassword, that.getKeyPassword())
+ && keystoreType == that.getKeystoreType()
+ && Objects.equals(truststorePath, that.getTruststorePath())
+ && Objects.equals(truststorePassword, that.getTruststorePassword())
+ && truststoreType == that.getTruststoreType()
+ && Objects.equals(protocol, that.getProtocol());
}
@Override
diff --git a/nifi-commons/nifi-security-xml-config/src/main/java/org/apache/nifi/security/xml/SafeXMLConfiguration.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/SafeXMLConfiguration.java
similarity index 99%
rename from nifi-commons/nifi-security-xml-config/src/main/java/org/apache/nifi/security/xml/SafeXMLConfiguration.java
rename to nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/SafeXMLConfiguration.java
index 0e0cd7edb342..44f29dcb4095 100644
--- a/nifi-commons/nifi-security-xml-config/src/main/java/org/apache/nifi/security/xml/SafeXMLConfiguration.java
+++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/xml/SafeXMLConfiguration.java
@@ -16,6 +16,12 @@
*/
package org.apache.nifi.security.xml;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Reader;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.apache.commons.configuration2.XMLConfiguration;
import org.apache.commons.configuration2.ex.ConfigurationException;
@@ -25,13 +31,6 @@
import org.xml.sax.SAXParseException;
import org.xml.sax.helpers.DefaultHandler;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.Reader;
-
/**
* For security reasons, this class overrides the Apache commons 'XMLConfiguration' class to disable processing of XML external entity (XXE) declarations.
* This class should be used in all cases where an XML configuration file will be used by NiFi. It is currently used by the XMLFileLookupService.
diff --git a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/CertificateUtilsTest.groovy b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/CertificateUtilsTest.groovy
index a1044ca4132c..f9fa704eaa4b 100644
--- a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/CertificateUtilsTest.groovy
+++ b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/CertificateUtilsTest.groovy
@@ -203,17 +203,17 @@ class CertificateUtilsTest extends GroovyTestCase {
SSLSocket noneSocket = [getNeedClientAuth: { -> false }, getWantClientAuth: { -> false }] as SSLSocket
// Act
- SslContextFactory.ClientAuth needClientAuthStatus = CertificateUtils.getClientAuthStatus(needSocket)
+ ClientAuth needClientAuthStatus = CertificateUtils.getClientAuthStatus(needSocket)
logger.info("Client auth (needSocket): ${needClientAuthStatus}")
- SslContextFactory.ClientAuth wantClientAuthStatus = CertificateUtils.getClientAuthStatus(wantSocket)
+ ClientAuth wantClientAuthStatus = CertificateUtils.getClientAuthStatus(wantSocket)
logger.info("Client auth (wantSocket): ${wantClientAuthStatus}")
- SslContextFactory.ClientAuth noneClientAuthStatus = CertificateUtils.getClientAuthStatus(noneSocket)
+ ClientAuth noneClientAuthStatus = CertificateUtils.getClientAuthStatus(noneSocket)
logger.info("Client auth (noneSocket): ${noneClientAuthStatus}")
// Assert
- assert needClientAuthStatus == SslContextFactory.ClientAuth.REQUIRED
- assert wantClientAuthStatus == SslContextFactory.ClientAuth.WANT
- assert noneClientAuthStatus == SslContextFactory.ClientAuth.NONE
+ assert needClientAuthStatus == ClientAuth.REQUIRED
+ assert wantClientAuthStatus == ClientAuth.WANT
+ assert noneClientAuthStatus == ClientAuth.NONE
}
@Test
@@ -613,58 +613,6 @@ class CertificateUtilsTest extends GroovyTestCase {
assert !unrelatedResults.any()
}
- @Test
- void testShouldParseJavaVersion() {
- // Arrange
- def possibleVersions = ["1.5.0", "1.6.0", "1.7.0.123", "1.8.0.231", "9.0.1", "10.1.2", "11.2.3", "12.3.456"]
-
- // Act
- def majorVersions = possibleVersions.collect { String version ->
- logger.debug("Attempting to determine major version of ${version}")
- CertificateUtils.parseJavaVersion(version)
- }
- logger.info("Major versions: ${majorVersions}")
-
- // Assert
- assert majorVersions == (5..12)
- }
-
- @Test
- void testShouldGetCurrentSupportedTlsProtocolVersions() {
- // Arrange
- int javaMajorVersion = CertificateUtils.getJavaVersion()
- logger.debug("Running on Java version: ${javaMajorVersion}")
-
- // Act
- def tlsVersions = CertificateUtils.getCurrentSupportedTlsProtocolVersions()
- logger.info("Supported protocol versions for ${javaMajorVersion}: ${tlsVersions}")
-
- // Assert
- if (javaMajorVersion < 11) {
- assert tlsVersions == ["TLSv1.2"] as String[]
- } else {
- assert tlsVersions == ["TLSv1.3", "TLSv1.2"] as String[]
- }
- }
-
- @Test
- void testShouldGetMaxCurrentSupportedTlsProtocolVersion() {
- // Arrange
- int javaMajorVersion = CertificateUtils.getJavaVersion()
- logger.debug("Running on Java version: ${javaMajorVersion}")
-
- // Act
- def tlsVersion = CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion()
- logger.info("Highest supported protocol version for ${javaMajorVersion}: ${tlsVersion}")
-
- // Assert
- if (javaMajorVersion < 11) {
- assert tlsVersion == "TLSv1.2"
- } else {
- assert tlsVersion == "TLSv1.3"
- }
- }
-
@Test
void testGetExtensionsFromCSR() {
// Arrange
diff --git a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/SslContextFactoryTest.groovy b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/SslContextFactoryTest.groovy
index cff92ff9df59..68266ae33d6e 100644
--- a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/SslContextFactoryTest.groovy
+++ b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/SslContextFactoryTest.groovy
@@ -44,7 +44,7 @@ class SslContextFactoryTest extends GroovyTestCase {
private static final String TRUSTSTORE_PASSWORD = "truststorepassword"
private static final KeystoreType TRUSTSTORE_TYPE = KeystoreType.JKS
- private static final String PROTOCOL = CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion()
+ private static final String PROTOCOL = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion()
// The default TLS protocol versions for different Java versions
private static final List JAVA_8_TLS_PROTOCOL_VERSIONS = ["TLSv1.2", "TLSv1.1", "TLSv1"]
@@ -75,7 +75,7 @@ class SslContextFactoryTest extends GroovyTestCase {
@Before
void setUp() {
- tlsConfiguration = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
+ tlsConfiguration = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
}
@After
@@ -84,7 +84,7 @@ class SslContextFactoryTest extends GroovyTestCase {
}
static List getCurrentTlsProtocolVersions() {
- if (CertificateUtils.getJavaVersion() < 11) {
+ if (TlsConfiguration.getJavaVersion() < 11) {
return JAVA_8_TLS_PROTOCOL_VERSIONS
} else {
return JAVA_11_TLS_PROTOCOL_VERSIONS
@@ -98,7 +98,7 @@ class SslContextFactoryTest extends GroovyTestCase {
* @param expectedProtocols the specific protocol versions to be present (ordered as desired)
*/
void assertProtocolVersions(def enabledProtocols, def expectedProtocols) {
- if (CertificateUtils.getJavaVersion() > 8) {
+ if (TlsConfiguration.getJavaVersion() > 8) {
assert enabledProtocols == expectedProtocols as String[]
} else {
assert enabledProtocols as Set == expectedProtocols as Set
@@ -111,7 +111,7 @@ class SslContextFactoryTest extends GroovyTestCase {
logger.info("Creating SSL Context from TLS Configuration: ${tlsConfiguration}")
// Act
- SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, ClientAuth.NONE)
logger.info("Created SSL Context: ${KeyStoreUtils.sslContextToString(sslContext)}")
// Assert
@@ -137,11 +137,11 @@ class SslContextFactoryTest extends GroovyTestCase {
(NiFiProperties.SECURITY_KEY_PASSWD): "",
]
NiFiProperties propertiesWithoutKeyPassword = NiFiProperties.createBasicNiFiProperties("", missingKeyPasswordProps)
- TlsConfiguration configWithoutKeyPassword = TlsConfiguration.fromNiFiProperties(propertiesWithoutKeyPassword)
+ TlsConfiguration configWithoutKeyPassword = StandardTlsConfiguration.fromNiFiProperties(propertiesWithoutKeyPassword)
logger.info("Creating SSL Context from TLS Configuration: ${configWithoutKeyPassword}")
// Act
- SSLContext sslContext = SslContextFactory.createSslContext(configWithoutKeyPassword, SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = SslContextFactory.createSslContext(configWithoutKeyPassword, ClientAuth.NONE)
logger.info("Created SSL Context: ${KeyStoreUtils.sslContextToString(sslContext)}")
// Assert
@@ -170,7 +170,7 @@ class SslContextFactoryTest extends GroovyTestCase {
(NiFiProperties.SECURITY_KEYSTORE): "",
]
NiFiProperties propsNoKeystorePath = NiFiProperties.createBasicNiFiProperties("", missingKeystorePathProps)
- TlsConfiguration configNoKeystorePath = TlsConfiguration.fromNiFiProperties(propsNoKeystorePath)
+ TlsConfiguration configNoKeystorePath = StandardTlsConfiguration.fromNiFiProperties(propsNoKeystorePath)
logger.info("Creating SSL Context from TLS Configuration: ${configNoKeystorePath}")
Map missingTruststorePathProps = DEFAULT_PROPS + [
@@ -182,17 +182,17 @@ class SslContextFactoryTest extends GroovyTestCase {
(NiFiProperties.SECURITY_KEYSTORE_TYPE) : "",
]
NiFiProperties propsNoTruststorePath = NiFiProperties.createBasicNiFiProperties("", missingTruststorePathProps)
- TlsConfiguration configNoTruststorePath = TlsConfiguration.fromNiFiProperties(propsNoTruststorePath)
+ TlsConfiguration configNoTruststorePath = StandardTlsConfiguration.fromNiFiProperties(propsNoTruststorePath)
logger.info("Creating SSL Context from TLS Configuration: ${configNoTruststorePath}")
// Act
def noKeystorePathMsg = shouldFail(TlsException) {
- SSLContext sslContext = SslContextFactory.createSslContext(configNoKeystorePath, SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = SslContextFactory.createSslContext(configNoKeystorePath, ClientAuth.NONE)
logger.info("Created SSL Context missing keystore path: ${KeyStoreUtils.sslContextToString(sslContext)}")
}
def noTruststorePathMsg = shouldFail(TlsException) {
- SSLContext sslContext = SslContextFactory.createSslContext(configNoTruststorePath, SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = SslContextFactory.createSslContext(configNoTruststorePath, ClientAuth.NONE)
logger.info("Created SSL Context missing truststore path: ${KeyStoreUtils.sslContextToString(sslContext)}")
}
@@ -214,11 +214,11 @@ class SslContextFactoryTest extends GroovyTestCase {
(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD): "",
]
NiFiProperties propertiesNoTruststorePassword = NiFiProperties.createBasicNiFiProperties("", truststoreNoPasswordProps)
- TlsConfiguration configNoTruststorePassword = TlsConfiguration.fromNiFiProperties(propertiesNoTruststorePassword)
+ TlsConfiguration configNoTruststorePassword = StandardTlsConfiguration.fromNiFiProperties(propertiesNoTruststorePassword)
logger.info("Creating SSL Context from TLS Configuration: ${configNoTruststorePassword}")
// Act
- SSLContext sslContext = SslContextFactory.createSslContext(configNoTruststorePassword, SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = SslContextFactory.createSslContext(configNoTruststorePassword, ClientAuth.NONE)
logger.info("Created SSL Context: ${KeyStoreUtils.sslContextToString(sslContext)}")
// Assert
@@ -246,12 +246,12 @@ class SslContextFactoryTest extends GroovyTestCase {
// Change the keystore to one with the same keystore and key password, but don't provide the key password
Map keystoreOnlyProps = DEFAULT_PROPS.findAll { k, v -> k.contains("keystore") }
NiFiProperties keystoreNiFiProperties = NiFiProperties.createBasicNiFiProperties("", keystoreOnlyProps)
- TlsConfiguration keystoreOnlyConfig = TlsConfiguration.fromNiFiProperties(keystoreNiFiProperties)
+ TlsConfiguration keystoreOnlyConfig = StandardTlsConfiguration.fromNiFiProperties(keystoreNiFiProperties)
logger.info("Creating SSL Context from TLS Configuration: ${keystoreOnlyConfig}")
// Act
def msg = shouldFail(TlsException) {
- SSLContext sslContext = SslContextFactory.createSslContext(keystoreOnlyConfig, SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = SslContextFactory.createSslContext(keystoreOnlyConfig, ClientAuth.NONE)
logger.info("Created SSL Context: ${KeyStoreUtils.sslContextToString(sslContext)}")
}
logger.expected(msg)
@@ -267,11 +267,11 @@ class SslContextFactoryTest extends GroovyTestCase {
@Test
void testCreateSslContextFromTlsConfigurationShouldHandleEmptyConfiguration() {
// Arrange
- TlsConfiguration emptyConfig = new TlsConfiguration()
+ TlsConfiguration emptyConfig = new StandardTlsConfiguration()
logger.info("Creating SSL Context from TLS Configuration: ${emptyConfig}")
// Act
- SSLContext sslContext = SslContextFactory.createSslContext(emptyConfig, SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = SslContextFactory.createSslContext(emptyConfig, ClientAuth.NONE)
// Assert
assert !sslContext
diff --git a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/TlsConfigurationTest.groovy b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/StandardTlsConfigurationTest.groovy
similarity index 74%
rename from nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/TlsConfigurationTest.groovy
rename to nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/StandardTlsConfigurationTest.groovy
index 29ba36dfb3d0..ec117136a8fa 100644
--- a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/TlsConfigurationTest.groovy
+++ b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/StandardTlsConfigurationTest.groovy
@@ -31,8 +31,8 @@ import org.slf4j.LoggerFactory
import java.security.Security
@RunWith(JUnit4.class)
-class TlsConfigurationTest extends GroovyTestCase {
- private static final Logger logger = LoggerFactory.getLogger(TlsConfigurationTest.class)
+class StandardTlsConfigurationTest extends GroovyTestCase {
+ private static final Logger logger = LoggerFactory.getLogger(StandardTlsConfigurationTest.class)
private static final String KEYSTORE_PATH = "src/test/resources/TlsConfigurationKeystore.jks"
private static final String KEYSTORE_PASSWORD = "keystorepassword"
@@ -68,7 +68,7 @@ class TlsConfigurationTest extends GroovyTestCase {
@Before
void setUp() throws Exception {
- tlsConfiguration = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
+ tlsConfiguration = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
}
@After
@@ -80,7 +80,7 @@ class TlsConfigurationTest extends GroovyTestCase {
// Arrange
// Act
- TlsConfiguration fromProperties = TlsConfiguration.fromNiFiProperties(mockNiFiProperties)
+ TlsConfiguration fromProperties = StandardTlsConfiguration.fromNiFiProperties(mockNiFiProperties)
logger.info("Created TlsConfiguration: ${fromProperties}")
// Assert
@@ -96,7 +96,7 @@ class TlsConfigurationTest extends GroovyTestCase {
])
// Act
- TlsConfiguration fromProperties = TlsConfiguration.fromNiFiProperties(noKeystoreTypesProps)
+ TlsConfiguration fromProperties = StandardTlsConfiguration.fromNiFiProperties(noKeystoreTypesProps)
logger.info("Created TlsConfiguration: ${fromProperties}")
// Assert
@@ -110,10 +110,10 @@ class TlsConfigurationTest extends GroovyTestCase {
TlsConfiguration withKeyPassword = tlsConfiguration
// A container where the keystore password is explicitly set as the key password as well
- TlsConfiguration withoutKeyPassword = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
+ TlsConfiguration withoutKeyPassword = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
// A container where null is explicitly set as the key password
- TlsConfiguration withNullPassword = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, null, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
+ TlsConfiguration withNullPassword = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, null, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
// Act
String actualKeyPassword = withKeyPassword.getKeyPassword()
@@ -139,8 +139,8 @@ class TlsConfigurationTest extends GroovyTestCase {
@Test
void testShouldCheckKeystorePopulation() {
// Arrange
- TlsConfiguration empty = new TlsConfiguration()
- TlsConfiguration noKeystorePassword = new TlsConfiguration(KEYSTORE_PATH, "", KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
+ TlsConfiguration empty = new StandardTlsConfiguration()
+ TlsConfiguration noKeystorePassword = new StandardTlsConfiguration(KEYSTORE_PATH, "", KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
// Act
boolean normalIsPopulated = tlsConfiguration.isKeystorePopulated()
@@ -156,8 +156,8 @@ class TlsConfigurationTest extends GroovyTestCase {
@Test
void testShouldCheckTruststorePopulation() {
// Arrange
- TlsConfiguration empty = new TlsConfiguration()
- TlsConfiguration noTruststorePassword = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, "", TRUSTSTORE_TYPE)
+ TlsConfiguration empty = new StandardTlsConfiguration()
+ TlsConfiguration noTruststorePassword = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, "", TRUSTSTORE_TYPE)
// Act
boolean normalIsPopulated = tlsConfiguration.isTruststorePopulated()
@@ -173,9 +173,9 @@ class TlsConfigurationTest extends GroovyTestCase {
@Test
void testShouldValidateKeystoreConfiguration() {
// Arrange
- TlsConfiguration empty = new TlsConfiguration()
- TlsConfiguration wrongPassword = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD.reverse(), KEY_PASSWORD.reverse(), KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD.reverse(), TRUSTSTORE_TYPE)
- TlsConfiguration invalid = new TlsConfiguration(KEYSTORE_PATH.reverse(), KEYSTORE_PASSWORD.reverse(), KEY_PASSWORD.reverse(), KEYSTORE_TYPE, TRUSTSTORE_PATH.reverse(), TRUSTSTORE_PASSWORD.reverse(), TRUSTSTORE_TYPE)
+ TlsConfiguration empty = new StandardTlsConfiguration()
+ TlsConfiguration wrongPassword = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD.reverse(), KEY_PASSWORD.reverse(), KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD.reverse(), TRUSTSTORE_TYPE)
+ TlsConfiguration invalid = new StandardTlsConfiguration(KEYSTORE_PATH.reverse(), KEYSTORE_PASSWORD.reverse(), KEY_PASSWORD.reverse(), KEYSTORE_TYPE, TRUSTSTORE_PATH.reverse(), TRUSTSTORE_PASSWORD.reverse(), TRUSTSTORE_TYPE)
// Act
boolean normalIsValid = tlsConfiguration.isKeystoreValid()
@@ -193,9 +193,9 @@ class TlsConfigurationTest extends GroovyTestCase {
@Test
void testShouldValidateTruststoreConfiguration() {
// Arrange
- TlsConfiguration empty = new TlsConfiguration()
- TlsConfiguration wrongPassword = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD.reverse(), KEY_PASSWORD.reverse(), KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD.reverse(), TRUSTSTORE_TYPE)
- TlsConfiguration invalid = new TlsConfiguration(KEYSTORE_PATH.reverse(), KEYSTORE_PASSWORD.reverse(), KEY_PASSWORD.reverse(), KEYSTORE_TYPE, TRUSTSTORE_PATH.reverse(), TRUSTSTORE_PASSWORD.reverse(), TRUSTSTORE_TYPE)
+ TlsConfiguration empty = new StandardTlsConfiguration()
+ TlsConfiguration wrongPassword = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD.reverse(), KEY_PASSWORD.reverse(), KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD.reverse(), TRUSTSTORE_TYPE)
+ TlsConfiguration invalid = new StandardTlsConfiguration(KEYSTORE_PATH.reverse(), KEYSTORE_PASSWORD.reverse(), KEY_PASSWORD.reverse(), KEYSTORE_TYPE, TRUSTSTORE_PATH.reverse(), TRUSTSTORE_PASSWORD.reverse(), TRUSTSTORE_TYPE)
// Act
boolean normalIsValid = tlsConfiguration.isTruststoreValid()
diff --git a/nifi-commons/nifi-security-xml-config/pom.xml b/nifi-commons/nifi-security-xml-config/pom.xml
deleted file mode 100644
index 55f95dc02f1c..000000000000
--- a/nifi-commons/nifi-security-xml-config/pom.xml
+++ /dev/null
@@ -1,78 +0,0 @@
-
-
- 4.0.0
-
- org.apache.nifi
- nifi-commons
- 1.13.0-SNAPSHOT
-
- nifi-security-xml-config
-
-
- org.apache.commons
- commons-configuration2
- 2.7
-
-
-
-
-
-
- org.apache.rat
- apache-rat-plugin
-
-
- src/test/resources/xxe_template.xml
-
-
-
-
-
-
-
-
-
- jigsaw
-
- (1.8,)
-
-
-
- javax.xml.bind
- jaxb-api
- test
-
-
- com.sun.xml.bind
- jaxb-core
- test
-
-
- com.sun.xml.bind
- jaxb-impl
- test
-
-
- com.sun.activation
- javax.activation
-
-
-
-
-
-
-
diff --git a/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClient.java b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClient.java
index 7af6cceec62f..421d6a6ce31e 100644
--- a/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClient.java
+++ b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClient.java
@@ -44,8 +44,8 @@
import org.apache.nifi.remote.protocol.DataPacket;
import org.apache.nifi.remote.protocol.SiteToSiteTransportProtocol;
import org.apache.nifi.remote.protocol.http.HttpProxy;
-import org.apache.nifi.security.util.CertificateUtils;
import org.apache.nifi.security.util.KeyStoreUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
/**
*
@@ -919,7 +919,7 @@ public SSLContext getSslContext() {
if (keyManagerFactory != null && trustManagerFactory != null) {
try {
// initialize the ssl context
- final SSLContext sslContext = SSLContext.getInstance(CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ final SSLContext sslContext = SSLContext.getInstance(TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
diff --git a/nifi-commons/nifi-site-to-site-client/src/test/java/org/apache/nifi/remote/client/http/TestHttpClient.java b/nifi-commons/nifi-site-to-site-client/src/test/java/org/apache/nifi/remote/client/http/TestHttpClient.java
index ab71c5653217..418bb8130dc2 100644
--- a/nifi-commons/nifi-site-to-site-client/src/test/java/org/apache/nifi/remote/client/http/TestHttpClient.java
+++ b/nifi-commons/nifi-site-to-site-client/src/test/java/org/apache/nifi/remote/client/http/TestHttpClient.java
@@ -65,7 +65,7 @@
import org.apache.nifi.remote.protocol.http.HttpHeaders;
import org.apache.nifi.remote.protocol.http.HttpProxy;
import org.apache.nifi.remote.util.StandardDataPacket;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.stream.io.StreamUtils;
import org.apache.nifi.web.api.dto.ControllerDTO;
import org.apache.nifi.web.api.dto.PortDTO;
@@ -100,7 +100,7 @@
public class TestHttpClient {
- private static Logger logger = LoggerFactory.getLogger(TestHttpClient.class);
+ private static final Logger logger = LoggerFactory.getLogger(TestHttpClient.class);
private static Server server;
private static ServerConnector httpConnector;
@@ -457,7 +457,7 @@ public static void setup() throws Exception {
sslContextFactory.setKeyStorePath("src/test/resources/certs/keystore.jks");
sslContextFactory.setKeyStorePassword("passwordpassword");
sslContextFactory.setKeyStoreType("JKS");
- sslContextFactory.setProtocol(CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ sslContextFactory.setProtocol(TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
sslContextFactory.setExcludeProtocols("TLS", "TLSv1", "TLSv1.1");
httpConnector = new ServerConnector(server);
diff --git a/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/ServerSocketConfiguration.java b/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/ServerSocketConfiguration.java
index d33a48ae6bd6..2727d43fbb20 100644
--- a/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/ServerSocketConfiguration.java
+++ b/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/ServerSocketConfiguration.java
@@ -17,6 +17,7 @@
package org.apache.nifi.io.socket;
import javax.net.ssl.SSLContext;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
@@ -34,7 +35,7 @@ public ServerSocketConfiguration() {
public SSLContext createSSLContext() throws TlsException {
// ClientAuth was hardcoded to REQUIRED in removed SSLContextFactory and overridden in SocketUtils when the socket is created
- return SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.REQUIRED);
+ return SslContextFactory.createSslContext(tlsConfiguration, ClientAuth.REQUIRED);
}
public void setTlsConfiguration(final TlsConfiguration tlsConfiguration) {
diff --git a/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/SocketConfiguration.java b/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/SocketConfiguration.java
index 88709f509cd5..8c76f4514aa6 100644
--- a/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/SocketConfiguration.java
+++ b/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/SocketConfiguration.java
@@ -17,6 +17,7 @@
package org.apache.nifi.io.socket;
import javax.net.ssl.SSLContext;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
@@ -35,7 +36,7 @@ public final class SocketConfiguration {
public SSLContext createSSLContext() throws TlsException {
// This is only used for client sockets, so the client auth setting is ignored
- return SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.NONE);
+ return SslContextFactory.createSslContext(tlsConfiguration, ClientAuth.NONE);
}
public void setTlsConfiguration(final TlsConfiguration tlsConfiguration) {
diff --git a/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/SocketUtils.java b/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/SocketUtils.java
index 453cbb2a1360..43556a7ac308 100644
--- a/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/SocketUtils.java
+++ b/nifi-commons/nifi-socket-utils/src/main/java/org/apache/nifi/io/socket/SocketUtils.java
@@ -24,7 +24,7 @@
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSocket;
import org.apache.nifi.logging.NiFiLog;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -66,7 +66,7 @@ public static Socket createSocket(final InetSocketAddress address, final SocketC
Socket tempSocket = sslContext.getSocketFactory().createSocket(address.getHostName(), address.getPort());
final SSLSocket sslSocket = (SSLSocket) tempSocket;
// Enforce custom protocols on socket
- sslSocket.setEnabledProtocols(CertificateUtils.getCurrentSupportedTlsProtocolVersions());
+ sslSocket.setEnabledProtocols(TlsConfiguration.getCurrentSupportedTlsProtocolVersions());
socket = sslSocket;
}
@@ -129,7 +129,7 @@ public static ServerSocket createServerSocket(final int port, final ServerSocket
final SSLServerSocket sslServerSocket = (SSLServerSocket) serverSocket;
sslServerSocket.setNeedClientAuth(config.getNeedClientAuth());
// Enforce custom protocols on socket
- sslServerSocket.setEnabledProtocols(CertificateUtils.getCurrentSupportedTlsProtocolVersions());
+ sslServerSocket.setEnabledProtocols(TlsConfiguration.getCurrentSupportedTlsProtocolVersions());
}
if (config.getSocketTimeout() != null) {
diff --git a/nifi-commons/nifi-socket-utils/src/test/groovy/org/apache/nifi/io/socket/SocketUtilsTest.groovy b/nifi-commons/nifi-socket-utils/src/test/groovy/org/apache/nifi/io/socket/SocketUtilsTest.groovy
index b0a62c8478d5..9b3510916b5e 100644
--- a/nifi-commons/nifi-socket-utils/src/test/groovy/org/apache/nifi/io/socket/SocketUtilsTest.groovy
+++ b/nifi-commons/nifi-socket-utils/src/test/groovy/org/apache/nifi/io/socket/SocketUtilsTest.groovy
@@ -16,8 +16,9 @@
*/
package org.apache.nifi.io.socket
-import org.apache.nifi.security.util.CertificateUtils
+
import org.apache.nifi.security.util.KeystoreType
+import org.apache.nifi.security.util.StandardTlsConfiguration
import org.apache.nifi.security.util.TlsConfiguration
import org.apache.nifi.util.NiFiProperties
import org.bouncycastle.jce.provider.BouncyCastleProvider
@@ -46,7 +47,7 @@ class SocketUtilsTest extends GroovyTestCase {
private static final String TRUSTSTORE_PASSWORD = "truststorepassword"
private static final KeystoreType TRUSTSTORE_TYPE = KeystoreType.JKS
- private static final String PROTOCOL = CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion()
+ private static final String PROTOCOL = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion()
private static final Map DEFAULT_PROPS = [
(NiFiProperties.SECURITY_KEYSTORE) : KEYSTORE_PATH,
@@ -61,8 +62,8 @@ class SocketUtilsTest extends GroovyTestCase {
private NiFiProperties mockNiFiProperties = NiFiProperties.createBasicNiFiProperties(null, DEFAULT_PROPS)
// A static TlsConfiguration referencing the test resource keystore and truststore
-// private static final TlsConfiguration TLS_CONFIGURATION = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, PROTOCOL)
-// private static final SSLContext sslContext = SslContextFactory.createSslContext(TLS_CONFIGURATION, SslContextFactory.ClientAuth.NONE)
+// private static final TlsConfiguration TLS_CONFIGURATION = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, PROTOCOL)
+// private static final SSLContext sslContext = SslContextFactory.createSslContext(TLS_CONFIGURATION, ClientAuth.NONE)
@BeforeClass
static void setUpOnce() throws Exception {
@@ -87,7 +88,7 @@ class SocketUtilsTest extends GroovyTestCase {
void testCreateSSLServerSocketShouldRestrictTlsProtocols() {
// Arrange
ServerSocketConfiguration mockServerSocketConfiguration = new ServerSocketConfiguration()
- mockServerSocketConfiguration.setTlsConfiguration(TlsConfiguration.fromNiFiProperties(mockNiFiProperties))
+ mockServerSocketConfiguration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(mockNiFiProperties))
// Act
SSLServerSocket sslServerSocket = SocketUtils.createSSLServerSocket(0, mockServerSocketConfiguration)
@@ -96,7 +97,7 @@ class SocketUtilsTest extends GroovyTestCase {
// Assert
String[] enabledProtocols = sslServerSocket.getEnabledProtocols()
logger.info("Enabled protocols: ${enabledProtocols}")
- assert enabledProtocols == CertificateUtils.getCurrentSupportedTlsProtocolVersions()
+ assert enabledProtocols == TlsConfiguration.getCurrentSupportedTlsProtocolVersions()
assert !enabledProtocols.contains("TLSv1")
assert !enabledProtocols.contains("TLSv1.1")
}
@@ -105,7 +106,7 @@ class SocketUtilsTest extends GroovyTestCase {
void testCreateServerSocketShouldRestrictTlsProtocols() {
// Arrange
ServerSocketConfiguration mockServerSocketConfiguration = new ServerSocketConfiguration()
- mockServerSocketConfiguration.setTlsConfiguration(TlsConfiguration.fromNiFiProperties(mockNiFiProperties))
+ mockServerSocketConfiguration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(mockNiFiProperties))
// Act
SSLServerSocket sslServerSocket = SocketUtils.createServerSocket(0, mockServerSocketConfiguration) as SSLServerSocket
@@ -114,7 +115,7 @@ class SocketUtilsTest extends GroovyTestCase {
// Assert
String[] enabledProtocols = sslServerSocket.getEnabledProtocols()
logger.info("Enabled protocols: ${enabledProtocols}")
- assert enabledProtocols == CertificateUtils.getCurrentSupportedTlsProtocolVersions()
+ assert enabledProtocols == TlsConfiguration.getCurrentSupportedTlsProtocolVersions()
assert !enabledProtocols.contains("TLSv1")
assert !enabledProtocols.contains("TLSv1.1")
}
diff --git a/nifi-commons/nifi-utils/src/main/java/org/apache/nifi/util/file/classloader/ClassLoaderUtils.java b/nifi-commons/nifi-utils/src/main/java/org/apache/nifi/util/file/classloader/ClassLoaderUtils.java
index fbf76bc922a9..0867bb9fa8dc 100644
--- a/nifi-commons/nifi-utils/src/main/java/org/apache/nifi/util/file/classloader/ClassLoaderUtils.java
+++ b/nifi-commons/nifi-utils/src/main/java/org/apache/nifi/util/file/classloader/ClassLoaderUtils.java
@@ -16,18 +16,14 @@
*/
package org.apache.nifi.util.file.classloader;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.xml.bind.DatatypeConverter;
import java.io.File;
import java.io.FilenameFilter;
-import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLClassLoader;
+import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
@@ -37,6 +33,9 @@
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
+import javax.xml.bind.DatatypeConverter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
public class ClassLoaderUtils {
@@ -149,11 +148,11 @@ public static String generateAdditionalUrlsFingerprint(Set urls) {
listOfUrls.forEach(url -> {
urlBuffer.append(url).append("-").append(getLastModified(url)).append(";");
});
- byte[] bytesOfAdditionalUrls = urlBuffer.toString().getBytes("UTF-8");
+ byte[] bytesOfAdditionalUrls = urlBuffer.toString().getBytes(StandardCharsets.UTF_8);
byte[] bytesOfDigest = md.digest(bytesOfAdditionalUrls);
return DatatypeConverter.printHexBinary(bytesOfDigest);
- } catch (NoSuchAlgorithmException | UnsupportedEncodingException e) {
+ } catch (NoSuchAlgorithmException e) {
LOGGER.error("Unable to generate fingerprint for the provided additional resources {}", new Object[]{urls, e});
return null;
}
diff --git a/nifi-commons/pom.xml b/nifi-commons/pom.xml
index ba574b877e5c..93d4a7a66399 100644
--- a/nifi-commons/pom.xml
+++ b/nifi-commons/pom.xml
@@ -37,8 +37,8 @@
nifi-record-path
nifi-rocksdb-utils
nifi-schema-utils
+ nifi-security-utils-api
nifi-security-utils
- nifi-security-xml-config
nifi-site-to-site-client
nifi-socket-utils
nifi-utils
diff --git a/nifi-docs/src/main/asciidoc/images/s2s-rproxy-http.svg b/nifi-docs/src/main/asciidoc/images/s2s-rproxy-http.svg
index c845aaea9e2e..60c6ad230d23 100644
--- a/nifi-docs/src/main/asciidoc/images/s2s-rproxy-http.svg
+++ b/nifi-docs/src/main/asciidoc/images/s2s-rproxy-http.svg
@@ -13,5 +13,6 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-
+
diff --git a/nifi-docs/src/main/asciidoc/images/s2s-rproxy-portnumber.svg b/nifi-docs/src/main/asciidoc/images/s2s-rproxy-portnumber.svg
index 47e32847892f..5ebc23a81261 100644
--- a/nifi-docs/src/main/asciidoc/images/s2s-rproxy-portnumber.svg
+++ b/nifi-docs/src/main/asciidoc/images/s2s-rproxy-portnumber.svg
@@ -13,5 +13,6 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-
+
diff --git a/nifi-docs/src/main/asciidoc/images/s2s-rproxy-servername.svg b/nifi-docs/src/main/asciidoc/images/s2s-rproxy-servername.svg
index 2f68e08f8538..7446504c0a90 100644
--- a/nifi-docs/src/main/asciidoc/images/s2s-rproxy-servername.svg
+++ b/nifi-docs/src/main/asciidoc/images/s2s-rproxy-servername.svg
@@ -13,5 +13,6 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-
+
diff --git a/nifi-mock/src/main/java/org/apache/nifi/provenance/MockProvenanceRepository.java b/nifi-mock/src/main/java/org/apache/nifi/provenance/MockProvenanceRepository.java
index 30e6bd17a34f..e1d8321f6bf5 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/provenance/MockProvenanceRepository.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/provenance/MockProvenanceRepository.java
@@ -23,7 +23,6 @@
import java.util.List;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
-
import org.apache.nifi.authorization.Authorizer;
import org.apache.nifi.authorization.user.NiFiUser;
import org.apache.nifi.events.EventReporter;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/state/MockStateManager.java b/nifi-mock/src/main/java/org/apache/nifi/state/MockStateManager.java
index 81ad988ca904..f1243261b0f8 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/state/MockStateManager.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/state/MockStateManager.java
@@ -21,7 +21,6 @@
import java.util.Collections;
import java.util.Map;
import java.util.concurrent.atomic.AtomicInteger;
-
import org.apache.nifi.annotation.behavior.Stateful;
import org.apache.nifi.components.state.Scope;
import org.apache.nifi.components.state.StateManager;
@@ -120,7 +119,7 @@ public synchronized boolean replace(final StateMap oldValue, final Map emptyMap(), scope);
+ setState(Collections.emptyMap(), scope);
}
private void verifyCanSet(final Scope scope) throws IOException {
diff --git a/nifi-mock/src/main/java/org/apache/nifi/state/MockStateMap.java b/nifi-mock/src/main/java/org/apache/nifi/state/MockStateMap.java
index cfce4670a0c6..3956ff5a5b8b 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/state/MockStateMap.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/state/MockStateMap.java
@@ -20,7 +20,6 @@
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
-
import org.apache.nifi.components.state.StateMap;
public class MockStateMap implements StateMap {
@@ -28,7 +27,7 @@ public class MockStateMap implements StateMap {
private final long version;
public MockStateMap(final Map stateValues, final long version) {
- this.stateValues = stateValues == null ? Collections. emptyMap() : new HashMap<>(stateValues);
+ this.stateValues = stateValues == null ? Collections.emptyMap() : new HashMap<>(stateValues);
this.version = version;
}
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/CapturingLogger.java b/nifi-mock/src/main/java/org/apache/nifi/util/CapturingLogger.java
index a289eaae66ee..5b4a58c1ae21 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/CapturingLogger.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/CapturingLogger.java
@@ -3,7 +3,6 @@
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
-
import org.slf4j.Logger;
import org.slf4j.Marker;
import org.slf4j.helpers.MessageFormatter;
@@ -33,11 +32,11 @@ public class CapturingLogger implements Logger {
private final Logger logger;
- private List traceMessages = new ArrayList<>();
- private List debugMessages = new ArrayList<>();
- private List infoMessages = new ArrayList<>();
- private List warnMessages = new ArrayList<>();
- private List errorMessages = new ArrayList<>();
+ private final List traceMessages = new ArrayList<>();
+ private final List debugMessages = new ArrayList<>();
+ private final List infoMessages = new ArrayList<>();
+ private final List warnMessages = new ArrayList<>();
+ private final List errorMessages = new ArrayList<>();
public CapturingLogger(final Logger logger) {
this.logger = logger;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/ControllerServiceConfiguration.java b/nifi-mock/src/main/java/org/apache/nifi/util/ControllerServiceConfiguration.java
index bd623cafc640..e23e99aaa918 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/ControllerServiceConfiguration.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/ControllerServiceConfiguration.java
@@ -20,7 +20,6 @@
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
-
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.controller.ControllerService;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockBulletinRepository.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockBulletinRepository.java
index a52853ac0438..89a0cf9074cc 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockBulletinRepository.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockBulletinRepository.java
@@ -16,12 +16,11 @@
*/
package org.apache.nifi.util;
+import java.util.List;
import org.apache.nifi.reporting.Bulletin;
import org.apache.nifi.reporting.BulletinQuery;
import org.apache.nifi.reporting.BulletinRepository;
-import java.util.List;
-
public class MockBulletinRepository implements BulletinRepository {
@Override
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockComponentLog.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockComponentLog.java
index e58cf50b8542..4bb655ea6885 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockComponentLog.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockComponentLog.java
@@ -17,7 +17,6 @@
package org.apache.nifi.util;
import java.util.List;
-
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.logging.LogLevel;
import org.slf4j.Logger;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockConfigurationContext.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockConfigurationContext.java
index 307f474fd7dd..4e68366c513d 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockConfigurationContext.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockConfigurationContext.java
@@ -20,7 +20,6 @@
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
-
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.controller.ConfigurationContext;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockControllerServiceInitializationContext.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockControllerServiceInitializationContext.java
index 021bdc24596a..79cb9612b034 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockControllerServiceInitializationContext.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockControllerServiceInitializationContext.java
@@ -16,6 +16,7 @@
*/
package org.apache.nifi.util;
+import java.io.File;
import org.apache.nifi.components.state.StateManager;
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.controller.ControllerServiceInitializationContext;
@@ -25,8 +26,6 @@
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.state.MockStateManager;
-import java.io.File;
-
public class MockControllerServiceInitializationContext extends MockControllerServiceLookup implements ControllerServiceInitializationContext, ControllerServiceLookup, NodeTypeProvider {
private final String identifier;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockControllerServiceLookup.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockControllerServiceLookup.java
index ec7b179e422f..5bec0ce0783d 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockControllerServiceLookup.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockControllerServiceLookup.java
@@ -20,7 +20,6 @@
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
-
import org.apache.nifi.annotation.behavior.InputRequirement;
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.controller.ControllerServiceLookup;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockEventAccess.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockEventAccess.java
index 38d1619e14d0..b6cd7ade8b66 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockEventAccess.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockEventAccess.java
@@ -21,7 +21,6 @@
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-
import org.apache.nifi.action.Action;
import org.apache.nifi.controller.status.ProcessGroupStatus;
import org.apache.nifi.provenance.ProvenanceEventRecord;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockFlowFileQueue.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockFlowFileQueue.java
index 0c6ec2a7a9ca..2abcc4f6d0c5 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockFlowFileQueue.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockFlowFileQueue.java
@@ -22,7 +22,6 @@
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
-
import org.apache.nifi.controller.queue.QueueSize;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockKerberosContext.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockKerberosContext.java
index 480eab8699d3..fa77ca3d639d 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockKerberosContext.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockKerberosContext.java
@@ -16,9 +16,8 @@
*/
package org.apache.nifi.util;
-import org.apache.nifi.kerberos.KerberosContext;
-
import java.io.File;
+import org.apache.nifi.kerberos.KerberosContext;
public class MockKerberosContext implements KerberosContext {
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessContext.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessContext.java
index e850bc88819f..ffc2711c3424 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessContext.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessContext.java
@@ -16,6 +16,18 @@
*/
package org.apache.nifi.util;
+import static java.util.Objects.requireNonNull;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
import org.apache.nifi.annotation.behavior.InputRequirement;
import org.apache.nifi.attribute.expression.language.Query;
import org.apache.nifi.attribute.expression.language.Query.Range;
@@ -36,19 +48,6 @@
import org.apache.nifi.state.MockStateManager;
import org.junit.Assert;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Set;
-
-import static java.util.Objects.requireNonNull;
-
public class MockProcessContext extends MockControllerServiceLookup implements ProcessContext, ControllerServiceLookup, NodeTypeProvider {
private final ConfigurableComponent component;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessSession.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessSession.java
index fe9faf9ff8ce..dd56b6ccd6e3 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessSession.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessSession.java
@@ -16,22 +16,6 @@
*/
package org.apache.nifi.util;
-import org.apache.nifi.controller.queue.QueueSize;
-import org.apache.nifi.flowfile.FlowFile;
-import org.apache.nifi.flowfile.attributes.CoreAttributes;
-import org.apache.nifi.processor.FlowFileFilter;
-import org.apache.nifi.processor.ProcessSession;
-import org.apache.nifi.processor.Processor;
-import org.apache.nifi.processor.Relationship;
-import org.apache.nifi.processor.exception.FlowFileAccessException;
-import org.apache.nifi.processor.exception.FlowFileHandlingException;
-import org.apache.nifi.processor.exception.ProcessException;
-import org.apache.nifi.processor.io.InputStreamCallback;
-import org.apache.nifi.processor.io.OutputStreamCallback;
-import org.apache.nifi.processor.io.StreamCallback;
-import org.apache.nifi.provenance.ProvenanceReporter;
-import org.junit.Assert;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.Closeable;
@@ -58,6 +42,21 @@
import java.util.concurrent.atomic.AtomicLong;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
+import org.apache.nifi.controller.queue.QueueSize;
+import org.apache.nifi.flowfile.FlowFile;
+import org.apache.nifi.flowfile.attributes.CoreAttributes;
+import org.apache.nifi.processor.FlowFileFilter;
+import org.apache.nifi.processor.ProcessSession;
+import org.apache.nifi.processor.Processor;
+import org.apache.nifi.processor.Relationship;
+import org.apache.nifi.processor.exception.FlowFileAccessException;
+import org.apache.nifi.processor.exception.FlowFileHandlingException;
+import org.apache.nifi.processor.exception.ProcessException;
+import org.apache.nifi.processor.io.InputStreamCallback;
+import org.apache.nifi.processor.io.OutputStreamCallback;
+import org.apache.nifi.processor.io.StreamCallback;
+import org.apache.nifi.provenance.ProvenanceReporter;
+import org.junit.Assert;
public class MockProcessSession implements ProcessSession {
@@ -1357,10 +1356,6 @@ boolean isFlowFileKnown(final FlowFile flowFile) {
final String curUuid = curFlowFile.getAttribute(CoreAttributes.UUID.key());
final String providedUuid = curFlowFile.getAttribute(CoreAttributes.UUID.key());
- if (!curUuid.equals(providedUuid)) {
- return false;
- }
-
- return true;
+ return curUuid.equals(providedUuid);
}
}
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessorInitializationContext.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessorInitializationContext.java
index d48fc3de23bf..2ac2b731970d 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessorInitializationContext.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockProcessorInitializationContext.java
@@ -19,7 +19,6 @@
import java.io.File;
import java.util.Set;
import java.util.UUID;
-
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.controller.ControllerServiceLookup;
import org.apache.nifi.controller.NodeTypeProvider;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockPropertyContext.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockPropertyContext.java
index 5c4647d20bea..6f110b20923d 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockPropertyContext.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockPropertyContext.java
@@ -16,13 +16,12 @@
*/
package org.apache.nifi.util;
+import java.util.LinkedHashMap;
+import java.util.Map;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.context.PropertyContext;
-import java.util.LinkedHashMap;
-import java.util.Map;
-
public class MockPropertyContext implements PropertyContext {
private final Map properties;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockPropertyValue.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockPropertyValue.java
index 209559b5e637..9b7d72b18950 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockPropertyValue.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockPropertyValue.java
@@ -16,8 +16,11 @@
*/
package org.apache.nifi.util;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
import org.apache.nifi.annotation.behavior.InputRequirement;
-import org.apache.nifi.parameter.ParameterLookup;
import org.apache.nifi.attribute.expression.language.Query;
import org.apache.nifi.attribute.expression.language.Query.Range;
import org.apache.nifi.attribute.expression.language.StandardPropertyValue;
@@ -28,15 +31,11 @@
import org.apache.nifi.expression.AttributeValueDecorator;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.flowfile.FlowFile;
+import org.apache.nifi.parameter.ParameterLookup;
import org.apache.nifi.processor.DataUnit;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.registry.VariableRegistry;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.concurrent.TimeUnit;
-
public class MockPropertyValue implements PropertyValue {
private final String rawValue;
private final Boolean expectExpressions;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockProvenanceReporter.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockProvenanceReporter.java
index 37a6393e8091..55e3a8145788 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockProvenanceReporter.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockProvenanceReporter.java
@@ -20,7 +20,6 @@
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Set;
-
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.exception.FlowFileHandlingException;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockReportingContext.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockReportingContext.java
index b9e23c381efc..5a0fd846b124 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockReportingContext.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockReportingContext.java
@@ -22,7 +22,6 @@
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
-
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.components.state.StateManager;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockReportingInitializationContext.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockReportingInitializationContext.java
index d1b8e5c84b06..4b74acc8118d 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockReportingInitializationContext.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockReportingInitializationContext.java
@@ -20,7 +20,6 @@
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
-
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.controller.ControllerServiceLookup;
import org.apache.nifi.controller.NodeTypeProvider;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockSessionFactory.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockSessionFactory.java
index 010cc97646db..9b6b78f39f13 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockSessionFactory.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockSessionFactory.java
@@ -19,7 +19,6 @@
import java.util.Collections;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
-
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.ProcessSessionFactory;
import org.apache.nifi.processor.Processor;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockValidationContext.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockValidationContext.java
index e913204c5756..d4a198b0a00a 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockValidationContext.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockValidationContext.java
@@ -16,8 +16,13 @@
*/
package org.apache.nifi.util;
-import org.apache.nifi.parameter.ExpressionLanguageAgnosticParameterParser;
-import org.apache.nifi.parameter.ParameterLookup;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
import org.apache.nifi.attribute.expression.language.Query;
import org.apache.nifi.attribute.expression.language.Query.Range;
import org.apache.nifi.attribute.expression.language.StandardExpressionLanguageCompiler;
@@ -28,19 +33,13 @@
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.controller.ControllerServiceLookup;
import org.apache.nifi.expression.ExpressionLanguageCompiler;
+import org.apache.nifi.parameter.ExpressionLanguageAgnosticParameterParser;
+import org.apache.nifi.parameter.ExpressionLanguageAwareParameterParser;
+import org.apache.nifi.parameter.ParameterLookup;
import org.apache.nifi.parameter.ParameterParser;
import org.apache.nifi.parameter.ParameterReference;
-import org.apache.nifi.parameter.ExpressionLanguageAwareParameterParser;
import org.apache.nifi.registry.VariableRegistry;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.stream.Collectors;
-
public class MockValidationContext extends MockControllerServiceLookup implements ValidationContext, ControllerServiceLookup {
private final MockProcessContext context;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/MockVariableRegistry.java b/nifi-mock/src/main/java/org/apache/nifi/util/MockVariableRegistry.java
index c782b4f40a3c..027baa1501cc 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/MockVariableRegistry.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/MockVariableRegistry.java
@@ -20,7 +20,6 @@
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
-
import org.apache.nifi.registry.VariableDescriptor;
import org.apache.nifi.registry.VariableRegistry;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/SharedSessionState.java b/nifi-mock/src/main/java/org/apache/nifi/util/SharedSessionState.java
index 994735b0ff5b..f9ff0c90704c 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/SharedSessionState.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/SharedSessionState.java
@@ -25,7 +25,6 @@
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.atomic.AtomicLong;
-
import org.apache.nifi.processor.Processor;
import org.apache.nifi.provenance.ProvenanceEventRecord;
import org.apache.nifi.provenance.ProvenanceReporter;
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/StandardProcessorTestRunner.java b/nifi-mock/src/main/java/org/apache/nifi/util/StandardProcessorTestRunner.java
index 297791679daf..c2db427d0406 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/StandardProcessorTestRunner.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/StandardProcessorTestRunner.java
@@ -16,6 +16,33 @@
*/
package org.apache.nifi.util;
+import static java.util.Objects.requireNonNull;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.lang.reflect.InvocationTargetException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+import java.util.concurrent.Callable;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.concurrent.atomic.AtomicLong;
+import java.util.function.Predicate;
import org.apache.nifi.annotation.behavior.TriggerSerially;
import org.apache.nifi.annotation.lifecycle.OnAdded;
import org.apache.nifi.annotation.lifecycle.OnConfigurationRestored;
@@ -46,34 +73,6 @@
import org.apache.nifi.state.MockStateManager;
import org.junit.Assert;
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.lang.reflect.InvocationTargetException;
-import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Set;
-import java.util.concurrent.Callable;
-import java.util.concurrent.Executors;
-import java.util.concurrent.Future;
-import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicInteger;
-import java.util.concurrent.atomic.AtomicLong;
-import java.util.function.Predicate;
-
-import static java.util.Objects.requireNonNull;
-
public class StandardProcessorTestRunner implements TestRunner {
private final Processor processor;
@@ -419,7 +418,7 @@ public MockFlowFile enqueue(final byte[] data) {
@Override
public MockFlowFile enqueue(final String data) {
- return enqueue(data.getBytes(StandardCharsets.UTF_8), Collections. emptyMap());
+ return enqueue(data.getBytes(StandardCharsets.UTF_8), Collections.emptyMap());
}
@Override
diff --git a/nifi-mock/src/main/java/org/apache/nifi/util/TestRunner.java b/nifi-mock/src/main/java/org/apache/nifi/util/TestRunner.java
index ce5a837fd887..23e5ebb11155 100644
--- a/nifi-mock/src/main/java/org/apache/nifi/util/TestRunner.java
+++ b/nifi-mock/src/main/java/org/apache/nifi/util/TestRunner.java
@@ -16,6 +16,12 @@
*/
package org.apache.nifi.util;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Path;
+import java.util.List;
+import java.util.Map;
+import java.util.function.Predicate;
import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.ValidationResult;
@@ -31,13 +37,6 @@
import org.apache.nifi.reporting.InitializationException;
import org.apache.nifi.state.MockStateManager;
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.file.Path;
-import java.util.List;
-import java.util.Map;
-import java.util.function.Predicate;
-
public interface TestRunner {
/**
@@ -907,7 +906,7 @@ public interface TestRunner {
* Returns the {@link MockComponentLog} that is used by the Processor under test.
* @return the logger
*/
- public MockComponentLog getLogger();
+ MockComponentLog getLogger();
/**
* Returns the {@link MockComponentLog} that is used by the specified controller service.
@@ -915,7 +914,7 @@ public interface TestRunner {
* @param identifier a controller service identifier
* @return the logger
*/
- public MockComponentLog getControllerServiceLogger(final String identifier);
+ MockComponentLog getControllerServiceLogger(final String identifier);
/**
* @return the State Manager that is used to stored and retrieve state
diff --git a/nifi-mock/src/test/java/org/apache/nifi/util/TestMockProcessContext.java b/nifi-mock/src/test/java/org/apache/nifi/util/TestMockProcessContext.java
index f1137ed9d103..f83db9f9464e 100644
--- a/nifi-mock/src/test/java/org/apache/nifi/util/TestMockProcessContext.java
+++ b/nifi-mock/src/test/java/org/apache/nifi/util/TestMockProcessContext.java
@@ -25,7 +25,6 @@
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.processor.AbstractProcessor;
import org.apache.nifi.processor.ProcessContext;
diff --git a/nifi-mock/src/test/java/org/apache/nifi/util/TestMockProcessSession.java b/nifi-mock/src/test/java/org/apache/nifi/util/TestMockProcessSession.java
index 6ba99c7f553a..bf4c6e642e48 100644
--- a/nifi-mock/src/test/java/org/apache/nifi/util/TestMockProcessSession.java
+++ b/nifi-mock/src/test/java/org/apache/nifi/util/TestMockProcessSession.java
@@ -25,7 +25,6 @@
import java.util.Collections;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
-
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.processor.AbstractProcessor;
import org.apache.nifi.processor.ProcessContext;
diff --git a/nifi-nar-bundles/nifi-amqp-bundle/nifi-amqp-processors/src/main/java/org/apache/nifi/amqp/processors/AbstractAMQPProcessor.java b/nifi-nar-bundles/nifi-amqp-bundle/nifi-amqp-processors/src/main/java/org/apache/nifi/amqp/processors/AbstractAMQPProcessor.java
index c947b7a286e4..642aa1b4007e 100644
--- a/nifi-nar-bundles/nifi-amqp-bundle/nifi-amqp-processors/src/main/java/org/apache/nifi/amqp/processors/AbstractAMQPProcessor.java
+++ b/nifi-nar-bundles/nifi-amqp-bundle/nifi-amqp-processors/src/main/java/org/apache/nifi/amqp/processors/AbstractAMQPProcessor.java
@@ -19,6 +19,7 @@
import com.rabbitmq.client.Connection;
import com.rabbitmq.client.ConnectionFactory;
import com.rabbitmq.client.DefaultSaslConfig;
+import com.rabbitmq.client.impl.DefaultExceptionHandler;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -28,8 +29,6 @@
import java.util.concurrent.Executors;
import java.util.concurrent.LinkedBlockingQueue;
import javax.net.ssl.SSLContext;
-
-import com.rabbitmq.client.impl.DefaultExceptionHandler;
import org.apache.commons.lang3.concurrent.BasicThreadFactory;
import org.apache.nifi.annotation.lifecycle.OnScheduled;
import org.apache.nifi.annotation.lifecycle.OnStopped;
@@ -42,7 +41,7 @@
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
@@ -121,7 +120,7 @@ abstract class AbstractAMQPProcessor extends AbstractProce
.displayName("Client Auth")
.description("The property has no effect and therefore deprecated.")
.required(false)
- .allowableValues(SslContextFactory.ClientAuth.values())
+ .allowableValues(ClientAuth.values())
.defaultValue("NONE")
.build();
@@ -299,7 +298,7 @@ protected Connection createConnection(ProcessContext context, ExecutorService ex
final Boolean useCertAuthentication = context.getProperty(USE_CERT_AUTHENTICATION).asBoolean();
if (sslService != null) {
- final SSLContext sslContext = sslService.createSSLContext(SslContextFactory.ClientAuth.NONE);
+ final SSLContext sslContext = sslService.createSSLContext(ClientAuth.NONE);
cf.useSslProtocol(sslContext);
if (useCertAuthentication) {
diff --git a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java
index d56d9ee394a8..f6bed479c925 100644
--- a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java
+++ b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/AbstractAWSProcessor.java
@@ -58,7 +58,7 @@
import org.apache.nifi.processors.aws.credentials.provider.factory.CredentialPropertyDescriptors;
import org.apache.nifi.proxy.ProxyConfiguration;
import org.apache.nifi.proxy.ProxySpec;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
/**
@@ -227,7 +227,7 @@ protected ClientConfiguration createConfiguration(final ProcessContext context)
if(this.getSupportedPropertyDescriptors().contains(SSL_CONTEXT_SERVICE)) {
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
- final SSLContext sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.NONE);
+ final SSLContext sslContext = sslContextService.createSSLContext(ClientAuth.NONE);
// NIFI-3788: Changed hostnameVerifier from null to DHV (BrowserCompatibleHostnameVerifier is deprecated)
SdkTLSSocketFactory sdkTLSSocketFactory = new SdkTLSSocketFactory(sslContext, new DefaultHostnameVerifier());
config.getApacheHttpClientConfig().setSslSocketFactory(sdkTLSSocketFactory);
diff --git a/nifi-nar-bundles/nifi-beats-bundle/nifi-beats-processors/src/main/java/org/apache/nifi/processors/beats/ListenBeats.java b/nifi-nar-bundles/nifi-beats-bundle/nifi-beats-processors/src/main/java/org/apache/nifi/processors/beats/ListenBeats.java
index 5509318db006..eab3e76e1565 100644
--- a/nifi-nar-bundles/nifi-beats-bundle/nifi-beats-processors/src/main/java/org/apache/nifi/processors/beats/ListenBeats.java
+++ b/nifi-nar-bundles/nifi-beats-bundle/nifi-beats-processors/src/main/java/org/apache/nifi/processors/beats/ListenBeats.java
@@ -57,7 +57,7 @@
import org.apache.nifi.processors.beats.handler.BeatsSocketChannelHandlerFactory;
import org.apache.nifi.processors.beats.response.BeatsChannelResponse;
import org.apache.nifi.processors.beats.response.BeatsResponse;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;
@@ -90,8 +90,8 @@ public class ListenBeats extends AbstractListenEventBatchingProcessor properties;
@@ -126,7 +126,7 @@ private void setupClient(ConfigurationContext context) throws MalformedURLExcept
final SSLContext sslContext;
try {
sslContext = (sslService != null && (sslService.isKeyStoreConfigured() || sslService.isTrustStoreConfigured()))
- ? sslService.createSSLContext(SslContextFactory.ClientAuth.NONE) : null;
+ ? sslService.createSSLContext(ClientAuth.NONE) : null;
} catch (Exception e) {
getLogger().error("Error building up SSL Context from the supplied configuration.", e);
throw new InitializationException(e);
diff --git a/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/ListenSMTP.java b/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/ListenSMTP.java
index b443fd4c360b..4d4c27f98a15 100644
--- a/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/ListenSMTP.java
+++ b/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/main/java/org/apache/nifi/processors/email/ListenSMTP.java
@@ -49,7 +49,7 @@
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.email.smtp.SmtpConsumer;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;
import org.springframework.util.StringUtils;
@@ -133,7 +133,7 @@ public class ListenSMTP extends AbstractSessionFactoryProcessor {
.displayName("Client Auth")
.description("The client authentication policy to use for the SSL Context. Only used if an SSL Context Service is provided.")
.required(false)
- .allowableValues(SslContextFactory.ClientAuth.NONE.name(), SslContextFactory.ClientAuth.REQUIRED.name())
+ .allowableValues(ClientAuth.NONE.name(), ClientAuth.REQUIRED.name())
.build();
protected static final PropertyDescriptor SMTP_HOSTNAME = new PropertyDescriptor.Builder()
@@ -249,12 +249,12 @@ private SMTPServer prepareServer(final ProcessContext context, final ProcessSess
public SSLSocket createSSLSocket(Socket socket) throws IOException {
InetSocketAddress remoteAddress = (InetSocketAddress) socket.getRemoteSocketAddress();
String clientAuth = context.getProperty(CLIENT_AUTH).getValue();
- SSLContext sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.valueOf(clientAuth));
+ SSLContext sslContext = sslContextService.createSSLContext(ClientAuth.valueOf(clientAuth));
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
SSLSocket sslSocket = (SSLSocket) (socketFactory.createSocket(socket, remoteAddress.getHostName(), socket.getPort(), true));
sslSocket.setUseClientMode(false);
- if (SslContextFactory.ClientAuth.REQUIRED.toString().equals(clientAuth)) {
+ if (ClientAuth.REQUIRED.toString().equals(clientAuth)) {
this.setRequireTLS(true);
sslSocket.setNeedClientAuth(true);
}
diff --git a/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestListenSMTP.java b/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestListenSMTP.java
index 2e6c78372420..7138bcf874e5 100644
--- a/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestListenSMTP.java
+++ b/nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestListenSMTP.java
@@ -19,22 +19,19 @@
import static org.junit.Assert.assertTrue;
import java.util.Properties;
-
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.Session;
import javax.mail.Transport;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
-
import org.apache.nifi.remote.io.socket.NetworkUtils;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.ssl.StandardRestrictedSSLContextService;
import org.apache.nifi.ssl.StandardSSLContextService;
import org.apache.nifi.util.TestRunner;
import org.apache.nifi.util.TestRunners;
-
import org.junit.Test;
public class TestListenSMTP {
@@ -98,7 +95,7 @@ public void testListenSMTPwithTLS() throws Exception {
// and add the SSL context to the runner
runner.setProperty(ListenSMTP.SSL_CONTEXT_SERVICE, "ssl-context");
- runner.setProperty(ListenSMTP.CLIENT_AUTH, SslContextFactory.ClientAuth.NONE.name());
+ runner.setProperty(ListenSMTP.CLIENT_AUTH, ClientAuth.NONE.name());
runner.assertValid();
runner.run(1, false);
diff --git a/nifi-nar-bundles/nifi-extension-utils/nifi-processor-utils/src/main/java/org/apache/nifi/processor/util/listen/dispatcher/SocketChannelDispatcher.java b/nifi-nar-bundles/nifi-extension-utils/nifi-processor-utils/src/main/java/org/apache/nifi/processor/util/listen/dispatcher/SocketChannelDispatcher.java
index 9f73b280b7dd..d0be2563f9dd 100644
--- a/nifi-nar-bundles/nifi-extension-utils/nifi-processor-utils/src/main/java/org/apache/nifi/processor/util/listen/dispatcher/SocketChannelDispatcher.java
+++ b/nifi-nar-bundles/nifi-extension-utils/nifi-processor-utils/src/main/java/org/apache/nifi/processor/util/listen/dispatcher/SocketChannelDispatcher.java
@@ -16,16 +16,6 @@
*/
package org.apache.nifi.processor.util.listen.dispatcher;
-import org.apache.commons.io.IOUtils;
-import org.apache.nifi.logging.ComponentLog;
-import org.apache.nifi.processor.util.listen.event.Event;
-import org.apache.nifi.processor.util.listen.event.EventFactory;
-import org.apache.nifi.processor.util.listen.handler.ChannelHandlerFactory;
-import org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel;
-import org.apache.nifi.security.util.SslContextFactory;
-
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
@@ -44,6 +34,15 @@
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import org.apache.commons.io.IOUtils;
+import org.apache.nifi.logging.ComponentLog;
+import org.apache.nifi.processor.util.listen.event.Event;
+import org.apache.nifi.processor.util.listen.event.EventFactory;
+import org.apache.nifi.processor.util.listen.handler.ChannelHandlerFactory;
+import org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel;
+import org.apache.nifi.security.util.ClientAuth;
/**
* Accepts Socket connections on the given port and creates a handler for each connection to
@@ -58,7 +57,7 @@ public class SocketChannelDispatcher> implements
private final ComponentLog logger;
private final int maxConnections;
private final SSLContext sslContext;
- private final SslContextFactory.ClientAuth clientAuth;
+ private final ClientAuth clientAuth;
private final Charset charset;
private ExecutorService executor;
@@ -75,7 +74,7 @@ public SocketChannelDispatcher(final EventFactory eventFactory,
final int maxConnections,
final SSLContext sslContext,
final Charset charset) {
- this(eventFactory, handlerFactory, bufferPool, events, logger, maxConnections, sslContext, SslContextFactory.ClientAuth.REQUIRED, charset);
+ this(eventFactory, handlerFactory, bufferPool, events, logger, maxConnections, sslContext, ClientAuth.REQUIRED, charset);
}
public SocketChannelDispatcher(final EventFactory eventFactory,
@@ -85,7 +84,7 @@ public SocketChannelDispatcher(final EventFactory eventFactory,
final ComponentLog logger,
final int maxConnections,
final SSLContext sslContext,
- final SslContextFactory.ClientAuth clientAuth,
+ final ClientAuth clientAuth,
final Charset charset) {
this.eventFactory = eventFactory;
this.handlerFactory = handlerFactory;
diff --git a/nifi-nar-bundles/nifi-extension-utils/nifi-record-utils/nifi-standard-record-utils/src/main/java/org/apache/nifi/record/listen/SocketChannelRecordReaderDispatcher.java b/nifi-nar-bundles/nifi-extension-utils/nifi-record-utils/nifi-standard-record-utils/src/main/java/org/apache/nifi/record/listen/SocketChannelRecordReaderDispatcher.java
index 2e6ecc2de64f..2c7c93a43326 100644
--- a/nifi-nar-bundles/nifi-extension-utils/nifi-record-utils/nifi-standard-record-utils/src/main/java/org/apache/nifi/record/listen/SocketChannelRecordReaderDispatcher.java
+++ b/nifi-nar-bundles/nifi-extension-utils/nifi-record-utils/nifi-standard-record-utils/src/main/java/org/apache/nifi/record/listen/SocketChannelRecordReaderDispatcher.java
@@ -16,13 +16,6 @@
*/
package org.apache.nifi.record.listen;
-import org.apache.nifi.logging.ComponentLog;
-import org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel;
-import org.apache.nifi.security.util.SslContextFactory;
-import org.apache.nifi.serialization.RecordReaderFactory;
-
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
import java.io.Closeable;
import java.net.SocketAddress;
import java.net.StandardSocketOptions;
@@ -30,6 +23,12 @@
import java.nio.channels.SocketChannel;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.atomic.AtomicInteger;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import org.apache.nifi.logging.ComponentLog;
+import org.apache.nifi.remote.io.socket.ssl.SSLSocketChannel;
+import org.apache.nifi.security.util.ClientAuth;
+import org.apache.nifi.serialization.RecordReaderFactory;
/**
* Accepts connections on the given ServerSocketChannel and dispatches a SocketChannelRecordReader for processing.
@@ -38,7 +37,7 @@ public class SocketChannelRecordReaderDispatcher implements Runnable, Closeable
private final ServerSocketChannel serverSocketChannel;
private final SSLContext sslContext;
- private final SslContextFactory.ClientAuth clientAuth;
+ private final ClientAuth clientAuth;
private final int socketReadTimeout;
private final int receiveBufferSize;
private final int maxConnections;
@@ -52,7 +51,7 @@ public class SocketChannelRecordReaderDispatcher implements Runnable, Closeable
public SocketChannelRecordReaderDispatcher(final ServerSocketChannel serverSocketChannel,
final SSLContext sslContext,
- final SslContextFactory.ClientAuth clientAuth,
+ final ClientAuth clientAuth,
final int socketReadTimeout,
final int receiveBufferSize,
final int maxConnections,
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml
index 78ef21f7de7c..142cf189d7bb 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml
@@ -53,6 +53,12 @@
nifi-stateless
1.13.0-SNAPSHOT
+
+
+ org.apache.nifi
+ nifi-security-utils-api
+ compile
+
@@ -75,6 +81,6 @@
nifi-properties
provided
-
+
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml
index 7cc5fcbd425b..b0c8cfcac80a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml
@@ -84,7 +84,7 @@
**/authorization/file/generated/*.java,**/authorization/file/tenants/generated/*.java,**/user/generated/*.java
-
+
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/ServerSocketConfigurationFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/ServerSocketConfigurationFactoryBean.java
index b7de63542220..c76cb4cc38aa 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/ServerSocketConfigurationFactoryBean.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/ServerSocketConfigurationFactoryBean.java
@@ -18,7 +18,7 @@
import java.util.concurrent.TimeUnit;
import org.apache.nifi.io.socket.ServerSocketConfiguration;
-import org.apache.nifi.security.util.TlsConfiguration;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.util.FormatUtils;
import org.apache.nifi.util.NiFiProperties;
import org.springframework.beans.factory.FactoryBean;
@@ -44,7 +44,7 @@ public ServerSocketConfiguration getObject() throws Exception {
// If the cluster protocol is marked as secure
if (Boolean.parseBoolean(properties.getProperty(NiFiProperties.CLUSTER_PROTOCOL_IS_SECURE))) {
// Parse the TLS configuration from the properties
- configuration.setTlsConfiguration(TlsConfiguration.fromNiFiProperties(properties));
+ configuration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(properties));
}
}
return configuration;
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/SocketConfigurationFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/SocketConfigurationFactoryBean.java
index 5458f1ed836d..1d134d746901 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/SocketConfigurationFactoryBean.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/SocketConfigurationFactoryBean.java
@@ -18,7 +18,7 @@
import java.util.concurrent.TimeUnit;
import org.apache.nifi.io.socket.SocketConfiguration;
-import org.apache.nifi.security.util.TlsConfiguration;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.util.FormatUtils;
import org.apache.nifi.util.NiFiProperties;
import org.springframework.beans.factory.FactoryBean;
@@ -44,7 +44,7 @@ public SocketConfiguration getObject() throws Exception {
// If the cluster protocol is marked as secure
if (Boolean.parseBoolean(properties.getProperty(NiFiProperties.CLUSTER_PROTOCOL_IS_SECURE))) {
// Parse the TLS configuration from the properties
- configuration.setTlsConfiguration(TlsConfiguration.fromNiFiProperties(properties));
+ configuration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(properties));
}
}
return configuration;
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java
index 6f88b37e6988..e8506bdab4bb 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClient.java
@@ -54,6 +54,7 @@
import org.apache.nifi.cluster.coordination.http.replication.PreparedRequest;
import org.apache.nifi.remote.protocol.http.HttpHeaders;
import org.apache.nifi.security.util.OkHttpClientUtils;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.stream.io.GZIPOutputStream;
import org.apache.nifi.util.FormatUtils;
@@ -62,8 +63,6 @@
import org.slf4j.LoggerFactory;
import org.springframework.util.StreamUtils;
-// Using static imports because of the name conflict:
-
public class OkHttpReplicationClient implements HttpReplicationClient {
private static final Logger logger = LoggerFactory.getLogger(OkHttpReplicationClient.class);
private static final Set gzipEncodings = Stream.of("gzip", "x-gzip").collect(Collectors.toSet());
@@ -318,7 +317,7 @@ private OkHttpClient createOkHttpClient(final NiFiProperties properties) {
// Apply the TLS configuration, if present
try {
- TlsConfiguration tlsConfiguration = TlsConfiguration.fromNiFiProperties(properties);
+ TlsConfiguration tlsConfiguration = StandardTlsConfiguration.fromNiFiProperties(properties);
tlsConfigured = OkHttpClientUtils.applyTlsToOkHttpClientBuilder(tlsConfiguration, okHttpClientBuilder);
} catch (Exception e) {
// Legacy expectations around this client are that it does not throw an exception on invalid TLS configuration
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/FlowController.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/FlowController.java
index 3cb9f47d4cec..a8892fb9d6d3 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/FlowController.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/FlowController.java
@@ -16,6 +16,38 @@
*/
package org.apache.nifi.controller;
+import static java.util.Objects.requireNonNull;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.lang.management.GarbageCollectorMXBean;
+import java.lang.management.ManagementFactory;
+import java.net.InetSocketAddress;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.ScheduledFuture;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.concurrent.atomic.AtomicReference;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
+import java.util.stream.Collectors;
+import javax.management.NotificationEmitter;
+import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.admin.service.AuditService;
import org.apache.nifi.annotation.lifecycle.OnConfigurationRestored;
@@ -177,6 +209,7 @@
import org.apache.nifi.reporting.UserAwareEventAccess;
import org.apache.nifi.scheduling.SchedulingStrategy;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.services.FlowService;
@@ -193,39 +226,6 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.management.NotificationEmitter;
-import javax.net.ssl.SSLContext;
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.lang.management.GarbageCollectorMXBean;
-import java.lang.management.ManagementFactory;
-import java.net.InetSocketAddress;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.UUID;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
-import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.ScheduledFuture;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicBoolean;
-import java.util.concurrent.atomic.AtomicInteger;
-import java.util.concurrent.atomic.AtomicReference;
-import java.util.concurrent.locks.ReentrantReadWriteLock;
-import java.util.stream.Collectors;
-
-import static java.util.Objects.requireNonNull;
-
public class FlowController implements ReportingTaskProvider, Authorizable, NodeTypeProvider {
// default repository implementations
@@ -287,7 +287,7 @@ public class FlowController implements ReportingTaskProvider, Authorizable, Node
private final ConcurrentMap allOutputPorts = new ConcurrentHashMap<>();
private final ConcurrentMap allFunnels = new ConcurrentHashMap<>();
- private volatile ZooKeeperStateServer zooKeeperStateServer;
+ private final ZooKeeperStateServer zooKeeperStateServer;
// The Heartbeat Bean is used to provide an Atomic Reference to data that is used in heartbeats that may
// change while the instance is running. We do this because we want to generate heartbeats even if we
@@ -469,7 +469,7 @@ private FlowController(
try {
// Form the container object from the properties
- TlsConfiguration tlsConfiguration = TlsConfiguration.fromNiFiProperties(nifiProperties);
+ TlsConfiguration tlsConfiguration = StandardTlsConfiguration.fromNiFiProperties(nifiProperties);
this.sslContext = SslContextFactory.createSslContext(tlsConfiguration);
} catch (TlsException e) {
LOG.error("Unable to start the flow controller because the TLS configuration was invalid: {}", e.getLocalizedMessage());
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/queue/clustered/server/ConnectionLoadBalanceServer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/queue/clustered/server/ConnectionLoadBalanceServer.java
index b2f91cefde8c..97b08cd51bf1 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/queue/clustered/server/ConnectionLoadBalanceServer.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/queue/clustered/server/ConnectionLoadBalanceServer.java
@@ -37,6 +37,7 @@
import org.apache.nifi.events.EventReporter;
import org.apache.nifi.reporting.Severity;
import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -117,7 +118,7 @@ private ServerSocket createServerSocket() throws IOException {
final SSLServerSocket serverSocket = (SSLServerSocket) sslContext.getServerSocketFactory().createServerSocket(port, 50, inetAddress);
serverSocket.setNeedClientAuth(true);
// Enforce custom protocols on socket
- serverSocket.setEnabledProtocols(CertificateUtils.getCurrentSupportedTlsProtocolVersions());
+ serverSocket.setEnabledProtocols(TlsConfiguration.getCurrentSupportedTlsProtocolVersions());
return serverSocket;
}
}
@@ -132,6 +133,7 @@ protected static class CommunicateAction implements Runnable {
private volatile boolean stopped = false;
+ // This should be final but it is not to allow override during testing; no production code modifies the value
private static int EXCEPTION_THRESHOLD_MILLIS = 10_000;
private volatile long tlsErrorLastSeen = -1;
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/manager/StandardStateManagerProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/manager/StandardStateManagerProvider.java
index a43728d718aa..3214fd728b36 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/manager/StandardStateManagerProvider.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/manager/StandardStateManagerProvider.java
@@ -56,13 +56,13 @@
import org.apache.nifi.processor.StandardValidationContext;
import org.apache.nifi.registry.VariableRegistry;
import org.apache.nifi.security.util.SslContextFactory;
-import org.apache.nifi.security.util.TlsConfiguration;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.util.NiFiProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public class StandardStateManagerProvider implements StateManagerProvider{
+public class StandardStateManagerProvider implements StateManagerProvider {
private static final Logger logger = LoggerFactory.getLogger(StandardStateManagerProvider.class);
private static StateManagerProvider provider;
@@ -219,7 +219,7 @@ private static StateProvider createStateProvider(final File configFile, final Sc
final SSLContext sslContext;
try {
- sslContext = SslContextFactory.createSslContext(TlsConfiguration.fromNiFiProperties(properties));
+ sslContext = SslContextFactory.createSslContext(StandardTlsConfiguration.fromNiFiProperties(properties));
} catch (TlsException e) {
logger.error("Encountered an error configuring TLS for state manager: ", e);
throw new IllegalStateException("Error configuring TLS for state manager", e);
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/StandardFlowRegistryClient.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/StandardFlowRegistryClient.java
index ed4feb9b3c33..5987b1d95081 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/StandardFlowRegistryClient.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/StandardFlowRegistryClient.java
@@ -23,16 +23,15 @@
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.net.ssl.SSLContext;
+import org.apache.http.client.utils.URIBuilder;
import org.apache.nifi.security.util.SslContextFactory;
-import org.apache.nifi.security.util.TlsConfiguration;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.util.NiFiProperties;
-import org.apache.http.client.utils.URIBuilder;
-
public class StandardFlowRegistryClient implements FlowRegistryClient {
private NiFiProperties nifiProperties;
- private ConcurrentMap registryById = new ConcurrentHashMap<>();
+ private final ConcurrentMap registryById = new ConcurrentHashMap<>();
@Override
public FlowRegistry getFlowRegistry(String registryId) {
@@ -79,7 +78,7 @@ public FlowRegistry addFlowRegistry(final String registryId, final String regist
final FlowRegistry registry;
if (uriScheme.equalsIgnoreCase("http") || uriScheme.equalsIgnoreCase("https")) {
try {
- final SSLContext sslContext = SslContextFactory.createSslContext(TlsConfiguration.fromNiFiProperties(nifiProperties));
+ final SSLContext sslContext = SslContextFactory.createSslContext(StandardTlsConfiguration.fromNiFiProperties(nifiProperties));
if (sslContext == null && uriScheme.equalsIgnoreCase("https")) {
throw new IllegalStateException("Failed to create Flow Registry for URI " + registryUrl
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/groovy/org/apache/nifi/controller/queue/clustered/server/ConnectionLoadBalanceServerTest.groovy b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/groovy/org/apache/nifi/controller/queue/clustered/server/ConnectionLoadBalanceServerTest.groovy
index 90fb5ec7ba77..8bf702b169c6 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/groovy/org/apache/nifi/controller/queue/clustered/server/ConnectionLoadBalanceServerTest.groovy
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/groovy/org/apache/nifi/controller/queue/clustered/server/ConnectionLoadBalanceServerTest.groovy
@@ -18,10 +18,11 @@ package org.apache.nifi.controller.queue.clustered.server
import org.apache.nifi.events.EventReporter
import org.apache.nifi.reporting.Severity
-import org.apache.nifi.security.util.CertificateUtils
+import org.apache.nifi.security.util.ClientAuth
import org.apache.nifi.security.util.KeyStoreUtils
import org.apache.nifi.security.util.KeystoreType
import org.apache.nifi.security.util.SslContextFactory
+import org.apache.nifi.security.util.StandardTlsConfiguration
import org.apache.nifi.security.util.TlsConfiguration
import org.bouncycastle.jce.provider.BouncyCastleProvider
import org.junit.After
@@ -68,7 +69,7 @@ class ConnectionLoadBalanceServerTest extends GroovyTestCase {
logger.info("[${name?.toUpperCase()}] ${(args as List).join(" ")}")
}
- tlsConfiguration = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
+ tlsConfiguration = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
sslContext = SslContextFactory.createSslContext(tlsConfiguration)
}
@@ -90,7 +91,7 @@ class ConnectionLoadBalanceServerTest extends GroovyTestCase {
* @param expectedProtocols the specific protocol versions to be present (ordered as desired)
*/
void assertProtocolVersions(def enabledProtocols, def expectedProtocols) {
- if (CertificateUtils.getJavaVersion() > 8) {
+ if (TlsConfiguration.getJavaVersion() > 8) {
assert enabledProtocols == expectedProtocols as String[]
} else {
assert enabledProtocols as Set == expectedProtocols as Set
@@ -101,7 +102,7 @@ class ConnectionLoadBalanceServerTest extends GroovyTestCase {
void testRequestPeerListShouldUseTLS() {
// Arrange
logger.info("Creating SSL Context from TLS Configuration: ${tlsConfiguration}")
- SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, ClientAuth.NONE)
logger.info("Created SSL Context: ${KeyStoreUtils.sslContextToString(sslContext)}")
def mockLBP = [
@@ -119,13 +120,13 @@ class ConnectionLoadBalanceServerTest extends GroovyTestCase {
// Assert that the default parameters (which can't be modified) still have legacy protocols and no client auth
def defaultSSLParameters = sslContext.defaultSSLParameters
logger.info("Default SSL Parameters: ${KeyStoreUtils.sslParametersToString(defaultSSLParameters)}" as String)
- assertProtocolVersions(defaultSSLParameters.protocols, CertificateUtils.getCurrentSupportedTlsProtocolVersions() + ["TLSv1.1", "TLSv1"])
+ assertProtocolVersions(defaultSSLParameters.protocols, TlsConfiguration.getCurrentSupportedTlsProtocolVersions() + ["TLSv1.1", "TLSv1"])
assert !defaultSSLParameters.needClientAuth
// Assert that the actual socket is set correctly due to the override in the LB server
SSLServerSocket socket = lbServer.serverSocket as SSLServerSocket
logger.info("Created SSL server socket: ${KeyStoreUtils.sslServerSocketToString(socket)}" as String)
- assertProtocolVersions(socket.enabledProtocols, CertificateUtils.getCurrentSupportedTlsProtocolVersions())
+ assertProtocolVersions(socket.enabledProtocols, TlsConfiguration.getCurrentSupportedTlsProtocolVersions())
assert socket.needClientAuth
// Clean up
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/queue/clustered/LoadBalancedQueueIT.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/queue/clustered/LoadBalancedQueueIT.java
index 354135fe2a72..30b7cf20330e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/queue/clustered/LoadBalancedQueueIT.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/queue/clustered/LoadBalancedQueueIT.java
@@ -92,9 +92,10 @@
import org.apache.nifi.controller.repository.claim.StandardResourceClaimManager;
import org.apache.nifi.events.EventReporter;
import org.apache.nifi.provenance.ProvenanceRepository;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.KeystoreType;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.junit.Before;
@@ -192,9 +193,9 @@ public Object answer(final InvocationOnMock invocation) {
final String keyPass = keystorePass;
final String truststore = "src/test/resources/localhost-ts.jks";
final String truststorePass = "wAOR0nQJ2EXvOP0JZ2EaqA/n7W69ILS4sWAHghmIWCc";
- TlsConfiguration tlsConfiguration = new TlsConfiguration(keystore, keystorePass, keyPass, KeystoreType.JKS,
- truststore, truststorePass, KeystoreType.JKS, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
- sslContext = SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.REQUIRED);
+ TlsConfiguration tlsConfiguration = new StandardTlsConfiguration(keystore, keystorePass, keyPass, KeystoreType.JKS,
+ truststore, truststorePass, KeystoreType.JKS, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
+ sslContext = SslContextFactory.createSslContext(tlsConfiguration, ClientAuth.REQUIRED);
}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/SocketRemoteSiteListener.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/SocketRemoteSiteListener.java
index 8a6d993e1d58..a2d1d2370370 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/SocketRemoteSiteListener.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/SocketRemoteSiteListener.java
@@ -47,6 +47,7 @@
import org.apache.nifi.remote.protocol.RequestType;
import org.apache.nifi.remote.protocol.ServerProtocol;
import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.util.NiFiProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -60,7 +61,7 @@ public class SocketRemoteSiteListener implements RemoteSiteListener {
private final NiFiProperties nifiProperties;
private final PeerDescriptionModifier peerDescriptionModifier;
- private static int EXCEPTION_THRESHOLD_MILLIS = 10_000;
+ private static final int EXCEPTION_THRESHOLD_MILLIS = 10_000;
private volatile long tlsErrorLastSeen = -1;
private final AtomicBoolean stopped = new AtomicBoolean(false);
@@ -346,7 +347,7 @@ private ServerSocket createServerSocket() throws IOException {
final SSLServerSocket serverSocket = (SSLServerSocket) sslContext.getServerSocketFactory().createServerSocket(socketPort);
serverSocket.setNeedClientAuth(true);
// Enforce custom protocols on socket
- serverSocket.setEnabledProtocols(CertificateUtils.getCurrentSupportedTlsProtocolVersions());
+ serverSocket.setEnabledProtocols(TlsConfiguration.getCurrentSupportedTlsProtocolVersions());
return serverSocket;
} else {
return new ServerSocket(socketPort);
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/test/groovy/org/apache/nifi/remote/SocketRemoteSiteListenerTest.groovy b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/test/groovy/org/apache/nifi/remote/SocketRemoteSiteListenerTest.groovy
index 3955f4967163..a5c5335fbb15 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/test/groovy/org/apache/nifi/remote/SocketRemoteSiteListenerTest.groovy
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/test/groovy/org/apache/nifi/remote/SocketRemoteSiteListenerTest.groovy
@@ -16,10 +16,12 @@
*/
package org.apache.nifi.remote
-import org.apache.nifi.security.util.CertificateUtils
+
+import org.apache.nifi.security.util.ClientAuth
import org.apache.nifi.security.util.KeyStoreUtils
import org.apache.nifi.security.util.KeystoreType
import org.apache.nifi.security.util.SslContextFactory
+import org.apache.nifi.security.util.StandardTlsConfiguration
import org.apache.nifi.security.util.TlsConfiguration
import org.apache.nifi.util.NiFiProperties
import org.bouncycastle.jce.provider.BouncyCastleProvider
@@ -79,7 +81,7 @@ class SocketRemoteSiteListenerTest extends GroovyTestCase {
logger.info("[${name?.toUpperCase()}] ${(args as List).join(" ")}")
}
- tlsConfiguration = new TlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
+ tlsConfiguration = new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE)
sslContext = SslContextFactory.createSslContext(tlsConfiguration)
}
@@ -101,7 +103,7 @@ class SocketRemoteSiteListenerTest extends GroovyTestCase {
* @param expectedProtocols the specific protocol versions to be present (ordered as desired)
*/
void assertProtocolVersions(def enabledProtocols, def expectedProtocols) {
- if (CertificateUtils.getJavaVersion() > 8) {
+ if (TlsConfiguration.getJavaVersion() > 8) {
assert enabledProtocols == expectedProtocols as String[]
} else {
assert enabledProtocols as Set == expectedProtocols as Set
@@ -112,7 +114,7 @@ class SocketRemoteSiteListenerTest extends GroovyTestCase {
void testShouldCreateSecureServer() {
// Arrange
logger.info("Creating SSL Context from TLS Configuration: ${tlsConfiguration}")
- SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, ClientAuth.NONE)
logger.info("Created SSL Context: ${KeyStoreUtils.sslContextToString(sslContext)}")
srsListener = new SocketRemoteSiteListener(PORT, sslContext, mockNiFiProperties)
@@ -125,13 +127,13 @@ class SocketRemoteSiteListenerTest extends GroovyTestCase {
// serverSocket isn't instance field like CLBS so have to use private method invocation to verify
SSLServerSocket sslServerSocket = srsListener.createServerSocket() as SSLServerSocket
logger.info("Created SSL server socket: ${KeyStoreUtils.sslServerSocketToString(sslServerSocket)}" as String)
- assertProtocolVersions(sslServerSocket.enabledProtocols, CertificateUtils.getCurrentSupportedTlsProtocolVersions())
+ assertProtocolVersions(sslServerSocket.enabledProtocols, TlsConfiguration.getCurrentSupportedTlsProtocolVersions())
assert sslServerSocket.needClientAuth
// Assert that the default parameters (which can't be modified) still have legacy protocols and no client auth
def defaultSSLParameters = sslContext.defaultSSLParameters
logger.info("Default SSL Parameters: ${KeyStoreUtils.sslParametersToString(defaultSSLParameters)}" as String)
- assertProtocolVersions(defaultSSLParameters.getProtocols(), CertificateUtils.getCurrentSupportedTlsProtocolVersions().sort().reverse() + ["TLSv1.1", "TLSv1"])
+ assertProtocolVersions(defaultSSLParameters.getProtocols(), TlsConfiguration.getCurrentSupportedTlsProtocolVersions().sort().reverse() + ["TLSv1.1", "TLSv1"])
assert !defaultSSLParameters.needClientAuth
}
}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-stateless/src/main/java/org/apache/nifi/stateless/core/StatelessFlow.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-stateless/src/main/java/org/apache/nifi/stateless/core/StatelessFlow.java
index 6ca5320fdd33..1a35deef37d4 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-stateless/src/main/java/org/apache/nifi/stateless/core/StatelessFlow.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-stateless/src/main/java/org/apache/nifi/stateless/core/StatelessFlow.java
@@ -54,8 +54,9 @@
import org.apache.nifi.registry.flow.VersionedRemoteGroupPort;
import org.apache.nifi.registry.flow.VersionedRemoteProcessGroup;
import org.apache.nifi.reporting.InitializationException;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.stateless.bootstrap.ExtensionDiscovery;
import org.apache.nifi.stateless.bootstrap.InMemoryFlowFile;
@@ -372,9 +373,9 @@ public static SSLContext getSSLContext(final JsonObject config) {
final String truststoreType = sslObject.get(TRUSTSTORE_TYPE).getAsString();
try {
- TlsConfiguration tlsConfiguration = new TlsConfiguration(keystore, keystorePass, keyPass, keystoreType,
- truststore, truststorePass, truststoreType, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
- return SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.REQUIRED);
+ TlsConfiguration tlsConfiguration = new StandardTlsConfiguration(keystore, keystorePass, keyPass, keystoreType,
+ truststore, truststorePass, truststoreType, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
+ return SslContextFactory.createSslContext(tlsConfiguration, ClientAuth.REQUIRED);
} catch (final Exception e) {
throw new RuntimeException("Failed to create Keystore", e);
}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
index e53c7859229b..6fc9af9a31ab 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
@@ -73,8 +73,8 @@
import org.apache.nifi.nar.StandardExtensionDiscoveringManager;
import org.apache.nifi.nar.StandardNarLoader;
import org.apache.nifi.processor.DataUnit;
-import org.apache.nifi.security.util.CertificateUtils;
import org.apache.nifi.security.util.KeyStoreUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.services.FlowService;
import org.apache.nifi.ui.extension.UiExtension;
import org.apache.nifi.ui.extension.UiExtensionMapping;
@@ -982,7 +982,7 @@ private SslContextFactory createSslContextFactory() {
protected static void configureSslContextFactory(SslContextFactory.Server contextFactory, NiFiProperties props) {
// Explicitly exclude legacy TLS protocol versions
- contextFactory.setIncludeProtocols(CertificateUtils.getCurrentSupportedTlsProtocolVersions());
+ contextFactory.setIncludeProtocols(TlsConfiguration.getCurrentSupportedTlsProtocolVersions());
contextFactory.setExcludeProtocols("TLS", "TLSv1", "TLSv1.1", "SSL", "SSLv2", "SSLv2Hello", "SSLv3");
// require client auth when not supporting login, Kerberos service, or anonymous access
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/groovy/org/apache/nifi/web/server/JettyServerGroovyTest.groovy b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/groovy/org/apache/nifi/web/server/JettyServerGroovyTest.groovy
index 054ad080b8c5..23f615821c8c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/groovy/org/apache/nifi/web/server/JettyServerGroovyTest.groovy
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/groovy/org/apache/nifi/web/server/JettyServerGroovyTest.groovy
@@ -24,7 +24,7 @@ import org.apache.nifi.nar.ExtensionMapping
import org.apache.nifi.nar.SystemBundle
import org.apache.nifi.processor.DataUnit
import org.apache.nifi.properties.StandardNiFiProperties
-import org.apache.nifi.security.util.CertificateUtils
+import org.apache.nifi.security.util.StandardTlsConfiguration
import org.apache.nifi.security.util.TlsConfiguration
import org.apache.nifi.util.NiFiProperties
import org.bouncycastle.jce.provider.BouncyCastleProvider
@@ -84,8 +84,8 @@ class JettyServerGroovyTest extends GroovyTestCase {
private static final List TLS_1_3_CIPHER_SUITES = ["TLS_AES_128_GCM_SHA256"]
// Depending if the test is run on Java 8 or Java 11, these values change (TLSv1.2 vs. TLSv1.3)
- private static final CURRENT_TLS_PROTOCOL_VERSION = CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion()
- private static final List CURRENT_TLS_PROTOCOL_VERSIONS = CertificateUtils.getCurrentSupportedTlsProtocolVersions()
+ private static final CURRENT_TLS_PROTOCOL_VERSION = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion()
+ private static final List CURRENT_TLS_PROTOCOL_VERSIONS = TlsConfiguration.getCurrentSupportedTlsProtocolVersions()
// These protocol versions should not ever be supported
static private final List LEGACY_TLS_PROTOCOLS = ["TLS", "TLSv1", "TLSv1.1", "SSL", "SSLv2", "SSLv2Hello", "SSLv3"]
@@ -344,7 +344,7 @@ class JettyServerGroovyTest extends GroovyTestCase {
@Test
void testShouldSupportTLSv1_3OnJava11() {
// Arrange
- Assume.assumeTrue("This test should only run on Java 11+", CertificateUtils.getJavaVersion() >= 11)
+ Assume.assumeTrue("This test should only run on Java 11+", TlsConfiguration.getJavaVersion() >= 11)
Server internalServer = new Server()
JettyServer jetty = new JettyServer(internalServer, httpsProps)
@@ -354,7 +354,7 @@ class JettyServerGroovyTest extends GroovyTestCase {
internalServer.start()
// Create a (client) socket which only supports TLSv1.3
- TlsConfiguration tls13ClientConf = TlsConfiguration.fromNiFiProperties(httpsProps)
+ TlsConfiguration tls13ClientConf = StandardTlsConfiguration.fromNiFiProperties(httpsProps)
SSLSocketFactory socketFactory = org.apache.nifi.security.util.SslContextFactory.createSSLSocketFactory(tls13ClientConf)
SSLSocket socket = (SSLSocket) socketFactory.createSocket(HTTPS_HOSTNAME, HTTPS_PORT)
@@ -386,7 +386,7 @@ class JettyServerGroovyTest extends GroovyTestCase {
List connectors = Arrays.asList(internalServer.connectors)
internalServer.start()
- TlsConfiguration tlsConfiguration = TlsConfiguration.fromNiFiProperties(httpsProps)
+ TlsConfiguration tlsConfiguration = StandardTlsConfiguration.fromNiFiProperties(httpsProps)
// Create a "default" (client) socket (which supports TLSv1.2)
SSLSocketFactory defaultSocketFactory = org.apache.nifi.security.util.SslContextFactory.createSSLSocketFactory(tlsConfiguration)
@@ -440,7 +440,7 @@ class JettyServerGroovyTest extends GroovyTestCase {
def isZulu = vendor =~ ZULU_RE || vendorVersion =~ ZULU_RE
logger.info("Vendor is Azul/Zulu: ${isZulu}")
- def majorJavaVersion = CertificateUtils.getJavaVersion()
+ def majorJavaVersion = TlsConfiguration.getJavaVersion()
logger.info("Detected major Java version: ${majorJavaVersion}")
// JDK 8 update 262 adds TLS 1.3 support to Java 8, and the Azul vendor throws a different exception than expected
@@ -476,8 +476,8 @@ class JettyServerGroovyTest extends GroovyTestCase {
private static void assertServerConnector(List connectors,
String EXPECTED_TLS_PROTOCOL = "TLS",
- List EXPECTED_INCLUDED_PROTOCOLS = CertificateUtils.getCurrentSupportedTlsProtocolVersions(),
- List EXPECTED_SELECTED_PROTOCOLS = CertificateUtils.getCurrentSupportedTlsProtocolVersions(),
+ List EXPECTED_INCLUDED_PROTOCOLS = TlsConfiguration.getCurrentSupportedTlsProtocolVersions(),
+ List EXPECTED_SELECTED_PROTOCOLS = TlsConfiguration.getCurrentSupportedTlsProtocolVersions(),
String EXPECTED_HOSTNAME = HTTPS_HOSTNAME,
int EXPECTED_PORT = HTTPS_PORT) {
// Assert the server connector is correct
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/OneWaySslAccessControlHelper.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/OneWaySslAccessControlHelper.java
index cf9721fff98f..6faf991d0209 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/OneWaySslAccessControlHelper.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/OneWaySslAccessControlHelper.java
@@ -31,6 +31,7 @@
import org.apache.nifi.nar.StandardExtensionDiscoveringManager;
import org.apache.nifi.nar.SystemBundle;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.util.WebUtils;
@@ -40,13 +41,13 @@
*/
public class OneWaySslAccessControlHelper {
- private NiFiTestUser user;
+ private final NiFiTestUser user;
private static final String CONTEXT_PATH = "/nifi-api";
private NiFiTestServer server;
- private String baseUrl;
- private String flowXmlPath;
+ private final String baseUrl;
+ private final String flowXmlPath;
public OneWaySslAccessControlHelper() throws Exception {
this("src/test/resources/access-control/nifi.properties");
@@ -90,7 +91,7 @@ public OneWaySslAccessControlHelper(final String nifiPropertiesPath) throws Exce
baseUrl = server.getBaseUrl() + CONTEXT_PATH;
// Create a TlsConfiguration for the truststore properties only
- TlsConfiguration trustOnlyTlsConfiguration = TlsConfiguration.fromNiFiPropertiesTruststoreOnly(props);
+ TlsConfiguration trustOnlyTlsConfiguration = StandardTlsConfiguration.fromNiFiPropertiesTruststoreOnly(props);
// create the user
final Client client = WebUtils.createClient(null, SslContextFactory.createSslContext(trustOnlyTlsConfiguration));
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestServer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestServer.java
index e61dbaea216f..1fdab5db2483 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestServer.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestServer.java
@@ -21,7 +21,7 @@
import javax.servlet.ServletContext;
import javax.ws.rs.client.Client;
import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.security.util.TlsConfiguration;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.services.FlowService;
import org.apache.nifi.ui.extension.UiExtensionMapping;
@@ -168,7 +168,7 @@ public String getBaseUrl() {
}
public Client getClient() throws TlsException {
- return WebUtils.createClient(null, org.apache.nifi.security.util.SslContextFactory.createSslContext(TlsConfiguration.fromNiFiProperties(properties)));
+ return WebUtils.createClient(null, org.apache.nifi.security.util.SslContextFactory.createSslContext(StandardTlsConfiguration.fromNiFiProperties(properties)));
}
/**
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
index 42e30e8630c9..2f111f36d3c8 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
@@ -44,6 +44,7 @@
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.security.util.KeyStoreUtils;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.util.FormatUtils;
import org.apache.nifi.util.NiFiProperties;
@@ -107,7 +108,7 @@ public OcspCertificateValidator(final NiFiProperties properties) {
// initialize the client
if (HTTPS.equalsIgnoreCase(validationAuthorityURI.getScheme())) {
- TlsConfiguration tlsConfiguration = TlsConfiguration.fromNiFiProperties(properties);
+ TlsConfiguration tlsConfiguration = StandardTlsConfiguration.fromNiFiProperties(properties);
client = WebUtils.createClient(clientConfig, SslContextFactory.createSslContext(tlsConfiguration));
} else {
client = WebUtils.createClient(clientConfig);
diff --git a/nifi-nar-bundles/nifi-framework-bundle/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/pom.xml
index 64f1e0df8b65..d09bebaf9de6 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/pom.xml
@@ -53,6 +53,11 @@
nifi-security-utils
1.13.0-SNAPSHOT
+
+ org.apache.nifi
+ nifi-security-utils-api
+ 1.13.0-SNAPSHOT
+
org.apache.nifi
nifi-expression-language
diff --git a/nifi-nar-bundles/nifi-grpc-bundle/nifi-grpc-processors/src/main/java/org/apache/nifi/processors/grpc/InvokeGRPC.java b/nifi-nar-bundles/nifi-grpc-bundle/nifi-grpc-processors/src/main/java/org/apache/nifi/processors/grpc/InvokeGRPC.java
index 582ff9e38654..1b9d087aed45 100644
--- a/nifi-nar-bundles/nifi-grpc-bundle/nifi-grpc-processors/src/main/java/org/apache/nifi/processors/grpc/InvokeGRPC.java
+++ b/nifi-nar-bundles/nifi-grpc-bundle/nifi-grpc-processors/src/main/java/org/apache/nifi/processors/grpc/InvokeGRPC.java
@@ -58,7 +58,7 @@
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
@EventDriven
@@ -240,7 +240,7 @@ public void initializeClient(final ProcessContext context) throws Exception {
// configure whether or not we're using secure comms
final boolean useSecure = context.getProperty(PROP_USE_SECURE).asBoolean();
final SSLContextService sslContextService = context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
- final SSLContext sslContext = sslContextService == null ? null : sslContextService.createSSLContext(SslContextFactory.ClientAuth.NONE);
+ final SSLContext sslContext = sslContextService == null ? null : sslContextService.createSSLContext(ClientAuth.NONE);
if (useSecure && sslContext != null) {
SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient();
diff --git a/nifi-nar-bundles/nifi-grpc-bundle/nifi-grpc-processors/src/main/java/org/apache/nifi/processors/grpc/ListenGRPC.java b/nifi-nar-bundles/nifi-grpc-bundle/nifi-grpc-processors/src/main/java/org/apache/nifi/processors/grpc/ListenGRPC.java
index f34d1bc42e69..f9e8616969fa 100644
--- a/nifi-nar-bundles/nifi-grpc-bundle/nifi-grpc-processors/src/main/java/org/apache/nifi/processors/grpc/ListenGRPC.java
+++ b/nifi-nar-bundles/nifi-grpc-bundle/nifi-grpc-processors/src/main/java/org/apache/nifi/processors/grpc/ListenGRPC.java
@@ -23,7 +23,6 @@
import io.grpc.ServerInterceptors;
import io.grpc.netty.GrpcSslContexts;
import io.grpc.netty.NettyServerBuilder;
-import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.FileInputStream;
import java.io.IOException;
@@ -60,7 +59,6 @@
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
-import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;
@@ -171,7 +169,7 @@ public void startServer(final ProcessContext context) throws NoSuchAlgorithmExce
final Integer flowControlWindow = context.getProperty(PROP_FLOW_CONTROL_WINDOW).asDataSize(DataUnit.B).intValue();
final Integer maxMessageSize = context.getProperty(PROP_MAX_MESSAGE_SIZE).asDataSize(DataUnit.B).intValue();
final SSLContextService sslContextService = context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
- final SSLContext sslContext = sslContextService == null ? null : sslContextService.createSSLContext(SslContextFactory.ClientAuth.NONE);
+ final SSLContext sslContext = sslContextService == null ? null : sslContextService.createSSLContext(org.apache.nifi.security.util.ClientAuth.NONE);
final Pattern authorizedDnPattern = Pattern.compile(context.getProperty(PROP_AUTHORIZED_DN_PATTERN).getValue());
final FlowFileIngestServiceInterceptor callInterceptor = new FlowFileIngestServiceInterceptor(getLogger());
callInterceptor.enforceDNPattern(authorizedDnPattern);
@@ -213,9 +211,9 @@ public void startServer(final ProcessContext context) throws NoSuchAlgorithmExce
}
trustManagerFactory.init(trustStore);
sslContextBuilder = sslContextBuilder.trustManager(trustManagerFactory);
- sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.REQUIRE);
+ sslContextBuilder = sslContextBuilder.clientAuth(io.netty.handler.ssl.ClientAuth.REQUIRE);
} else {
- sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.NONE);
+ sslContextBuilder = sslContextBuilder.clientAuth(io.netty.handler.ssl.ClientAuth.NONE);
}
sslContextBuilder = GrpcSslContexts.configure(sslContextBuilder);
serverBuilder = serverBuilder.sslContext(sslContextBuilder.build());
diff --git a/nifi-nar-bundles/nifi-jms-bundle/nifi-jms-processors/src/main/java/org/apache/nifi/jms/cf/JMSConnectionFactoryHandler.java b/nifi-nar-bundles/nifi-jms-bundle/nifi-jms-processors/src/main/java/org/apache/nifi/jms/cf/JMSConnectionFactoryHandler.java
index fe775003a963..288da8d22357 100644
--- a/nifi-nar-bundles/nifi-jms-bundle/nifi-jms-processors/src/main/java/org/apache/nifi/jms/cf/JMSConnectionFactoryHandler.java
+++ b/nifi-nar-bundles/nifi-jms-bundle/nifi-jms-processors/src/main/java/org/apache/nifi/jms/cf/JMSConnectionFactoryHandler.java
@@ -31,7 +31,7 @@
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.processor.ProcessContext;
-import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
/**
diff --git a/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers-nar/pom.xml b/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers-nar/pom.xml
index 87156b972836..58897c6751d3 100644
--- a/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers-nar/pom.xml
+++ b/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers-nar/pom.xml
@@ -31,6 +31,12 @@
org.apache.nifi
nifi-kerberos-iaa-providers
+
+
+ org.apache.nifi
+ nifi-security-utils-api
+ compile
+
nifi-kerberos-iaa-providers-nar
\ No newline at end of file
diff --git a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers-nar/pom.xml b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers-nar/pom.xml
index c20c74ed3d51..e1b9a0cb2986 100644
--- a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers-nar/pom.xml
+++ b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers-nar/pom.xml
@@ -31,6 +31,12 @@
org.apache.nifi
nifi-ldap-iaa-providers
+
+
+ org.apache.nifi
+ nifi-security-utils-api
+ compile
+
nifi-ldap-iaa-providers-nar
\ No newline at end of file
diff --git a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
index 4570fafa536a..2547e73eecb5 100644
--- a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
+++ b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
@@ -16,6 +16,11 @@
*/
package org.apache.nifi.ldap;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+import javax.naming.Context;
+import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.authentication.AuthenticationResponse;
import org.apache.nifi.authentication.LoginCredentials;
@@ -27,8 +32,9 @@
import org.apache.nifi.authentication.exception.ProviderCreationException;
import org.apache.nifi.authentication.exception.ProviderDestructionException;
import org.apache.nifi.configuration.NonComponentConfigurationContext;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
-import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.util.FormatUtils;
@@ -50,12 +56,6 @@
import org.springframework.security.ldap.search.LdapUserSearch;
import org.springframework.security.ldap.userdetails.LdapUserDetails;
-import javax.naming.Context;
-import javax.net.ssl.SSLContext;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.concurrent.TimeUnit;
-
/**
* Abstract LDAP based implementation of a login identity provider.
*/
@@ -257,7 +257,8 @@ public static SSLContext getConfiguredSslContext(final NonComponentConfiguration
final String rawProtocol = configurationContext.getProperty("TLS - Protocol");
try {
- TlsConfiguration tlsConfiguration = new TlsConfiguration(rawKeystore, rawKeystorePassword, null, rawKeystoreType, rawTruststore, rawTruststorePassword, rawTruststoreType, rawProtocol);
+ TlsConfiguration tlsConfiguration = new StandardTlsConfiguration(rawKeystore, rawKeystorePassword, null, rawKeystoreType,
+ rawTruststore, rawTruststorePassword, rawTruststoreType, rawProtocol);
ClientAuth clientAuth = ClientAuth.isValidClientAuthType(rawClientAuth) ? ClientAuth.valueOf(rawClientAuth) : ClientAuth.NONE;
return SslContextFactory.createSslContext(tlsConfiguration, clientAuth);
} catch (TlsException e) {
@@ -313,4 +314,4 @@ public final AuthenticationResponse authenticate(final LoginCredentials credenti
public final void preDestruction() throws ProviderDestructionException {
}
-}
+}
\ No newline at end of file
diff --git a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/tenants/LdapUserGroupProvider.java b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/tenants/LdapUserGroupProvider.java
index 9d4bab0c1483..a542f945d6e3 100644
--- a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/tenants/LdapUserGroupProvider.java
+++ b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/tenants/LdapUserGroupProvider.java
@@ -52,8 +52,9 @@
import org.apache.nifi.ldap.LdapAuthenticationStrategy;
import org.apache.nifi.ldap.LdapsSocketFactory;
import org.apache.nifi.ldap.ReferralStrategy;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
-import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.util.FormatUtils;
@@ -118,7 +119,7 @@ public class LdapUserGroupProvider implements UserGroupProvider {
private NiFiProperties properties;
private ScheduledExecutorService ldapSync;
- private AtomicReference tenants = new AtomicReference<>(null);
+ private final AtomicReference tenants = new AtomicReference<>(null);
private String userSearchBase;
private SearchScope userSearchScope;
@@ -824,7 +825,8 @@ private SSLContext getConfiguredSslContext(final AuthorizerConfigurationContext
final String rawProtocol = configurationContext.getProperty("TLS - Protocol").getValue();
try {
- TlsConfiguration tlsConfiguration = new TlsConfiguration(rawKeystore, rawKeystorePassword, null, rawKeystoreType, rawTruststore, rawTruststorePassword, rawTruststoreType, rawProtocol);
+ TlsConfiguration tlsConfiguration = new StandardTlsConfiguration(rawKeystore, rawKeystorePassword, null, rawKeystoreType,
+ rawTruststore, rawTruststorePassword, rawTruststoreType, rawProtocol);
ClientAuth clientAuth = ClientAuth.isValidClientAuthType(rawClientAuth) ? ClientAuth.valueOf(rawClientAuth) : ClientAuth.NONE;
return SslContextFactory.createSslContext(tlsConfiguration, clientAuth);
} catch (TlsException e) {
diff --git a/nifi-nar-bundles/nifi-lumberjack-bundle/nifi-lumberjack-processors/src/main/java/org/apache/nifi/processors/lumberjack/ListenLumberjack.java b/nifi-nar-bundles/nifi-lumberjack-bundle/nifi-lumberjack-processors/src/main/java/org/apache/nifi/processors/lumberjack/ListenLumberjack.java
index ec9ffded7dce..7ff65ee0a1c2 100644
--- a/nifi-nar-bundles/nifi-lumberjack-bundle/nifi-lumberjack-processors/src/main/java/org/apache/nifi/processors/lumberjack/ListenLumberjack.java
+++ b/nifi-nar-bundles/nifi-lumberjack-bundle/nifi-lumberjack-processors/src/main/java/org/apache/nifi/processors/lumberjack/ListenLumberjack.java
@@ -57,7 +57,7 @@
import org.apache.nifi.processors.lumberjack.handler.LumberjackSocketChannelHandlerFactory;
import org.apache.nifi.processors.lumberjack.response.LumberjackChannelResponse;
import org.apache.nifi.processors.lumberjack.response.LumberjackResponse;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;
@@ -141,7 +141,7 @@ protected ChannelDispatcher createDispatcher(final ProcessContext context, final
SSLContext sslContext = null;
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
- sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
+ sslContext = sslContextService.createSSLContext(ClientAuth.REQUIRED);
}
// if we decide to support SSL then get the context and pass it in here
diff --git a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-client-service-api/pom.xml b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-client-service-api/pom.xml
index 58b8092271f5..691bf0451069 100644
--- a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-client-service-api/pom.xml
+++ b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-client-service-api/pom.xml
@@ -44,7 +44,6 @@
org.apache.nifi
nifi-ssl-context-service-api
- compile
org.apache.nifi
diff --git a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-client-service-api/src/main/java/org/apache/nifi/mongodb/MongoDBClientService.java b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-client-service-api/src/main/java/org/apache/nifi/mongodb/MongoDBClientService.java
index e00bed49d254..76cf543865c4 100644
--- a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-client-service-api/src/main/java/org/apache/nifi/mongodb/MongoDBClientService.java
+++ b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-client-service-api/src/main/java/org/apache/nifi/mongodb/MongoDBClientService.java
@@ -24,7 +24,7 @@
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.processor.util.StandardValidators;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.bson.Document;
@@ -59,7 +59,7 @@ public interface MongoDBClientService extends ControllerService {
+ "Possible values are REQUIRED, WANT, NONE. This property is only used when an SSL Context "
+ "has been defined and enabled.")
.required(false)
- .allowableValues(SslContextFactory.ClientAuth.values())
+ .allowableValues(ClientAuth.values())
.defaultValue("REQUIRED")
.build();
diff --git a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/main/java/org/apache/nifi/processors/mongodb/AbstractMongoProcessor.java b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/main/java/org/apache/nifi/processors/mongodb/AbstractMongoProcessor.java
index 524f6fb33956..79cd1d65efbc 100644
--- a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/main/java/org/apache/nifi/processors/mongodb/AbstractMongoProcessor.java
+++ b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/main/java/org/apache/nifi/processors/mongodb/AbstractMongoProcessor.java
@@ -54,7 +54,7 @@
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.bson.Document;
@@ -135,7 +135,7 @@ public abstract class AbstractMongoProcessor extends AbstractProcessor {
+ "Possible values are REQUIRED, WANT, NONE. This property is only used when an SSL Context "
+ "has been defined and enabled.")
.required(false)
- .allowableValues(SslContextFactory.ClientAuth.values())
+ .allowableValues(ClientAuth.values())
.defaultValue("REQUIRED")
.build();
@@ -245,15 +245,15 @@ public final void createClient(ProcessContext context) throws IOException {
final SSLContext sslContext;
if (sslService != null) {
- final SslContextFactory.ClientAuth clientAuth;
+ final ClientAuth clientAuth;
if (StringUtils.isBlank(rawClientAuth)) {
- clientAuth = SslContextFactory.ClientAuth.REQUIRED;
+ clientAuth = ClientAuth.REQUIRED;
} else {
try {
- clientAuth = SslContextFactory.ClientAuth.valueOf(rawClientAuth);
+ clientAuth = ClientAuth.valueOf(rawClientAuth);
} catch (final IllegalArgumentException iae) {
throw new IllegalStateException(String.format("Unrecognized client auth '%s'. Possible values are [%s]",
- rawClientAuth, StringUtils.join(SslContextFactory.ClientAuth.values(), ", ")));
+ rawClientAuth, StringUtils.join(ClientAuth.values(), ", ")));
}
}
sslContext = sslService.createSSLContext(clientAuth);
diff --git a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/AbstractMongoProcessorTest.java b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/AbstractMongoProcessorTest.java
index 8489af05f1e0..d8b86162d6eb 100644
--- a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/AbstractMongoProcessorTest.java
+++ b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-processors/src/test/java/org/apache/nifi/processors/mongodb/AbstractMongoProcessorTest.java
@@ -27,7 +27,7 @@
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.exception.ProcessException;
-import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.util.TestRunner;
import org.apache.nifi.util.TestRunners;
diff --git a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-services/src/main/java/org/apache/nifi/mongodb/MongoDBControllerService.java b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-services/src/main/java/org/apache/nifi/mongodb/MongoDBControllerService.java
index 252e0d179bb1..bb3a4eee17b1 100644
--- a/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-services/src/main/java/org/apache/nifi/mongodb/MongoDBControllerService.java
+++ b/nifi-nar-bundles/nifi-mongodb-bundle/nifi-mongodb-services/src/main/java/org/apache/nifi/mongodb/MongoDBControllerService.java
@@ -34,7 +34,7 @@
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.controller.ConfigurationContext;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
@Tags({"mongo", "mongodb", "service"})
@@ -61,6 +61,7 @@ public void onEnabled(final ConfigurationContext context) {
protected MongoClient mongoClient;
+ // TODO: Remove duplicate code by refactoring shared method to accept PropertyContext
protected final void createClient(ConfigurationContext context) {
if (mongoClient != null) {
closeClient();
@@ -74,15 +75,15 @@ protected final void createClient(ConfigurationContext context) {
final SSLContext sslContext;
if (sslService != null) {
- final SslContextFactory.ClientAuth clientAuth;
+ final ClientAuth clientAuth;
if (StringUtils.isBlank(rawClientAuth)) {
- clientAuth = SslContextFactory.ClientAuth.REQUIRED;
+ clientAuth = ClientAuth.REQUIRED;
} else {
try {
- clientAuth = SslContextFactory.ClientAuth.valueOf(rawClientAuth);
+ clientAuth = ClientAuth.valueOf(rawClientAuth);
} catch (final IllegalArgumentException iae) {
throw new IllegalStateException(String.format("Unrecognized client auth '%s'. Possible values are [%s]",
- rawClientAuth, StringUtils.join(SslContextFactory.ClientAuth.values(), ", ")));
+ rawClientAuth, StringUtils.join(ClientAuth.values(), ", ")));
}
}
sslContext = sslService.createSSLContext(clientAuth);
diff --git a/nifi-nar-bundles/nifi-site-to-site-reporting-bundle/nifi-site-to-site-reporting-task/src/main/java/org/apache/nifi/reporting/s2s/SiteToSiteUtils.java b/nifi-nar-bundles/nifi-site-to-site-reporting-bundle/nifi-site-to-site-reporting-task/src/main/java/org/apache/nifi/reporting/s2s/SiteToSiteUtils.java
index 8d6f10c64137..3d6f3473a5a1 100644
--- a/nifi-nar-bundles/nifi-site-to-site-reporting-bundle/nifi-site-to-site-reporting-task/src/main/java/org/apache/nifi/reporting/s2s/SiteToSiteUtils.java
+++ b/nifi-nar-bundles/nifi-site-to-site-reporting-bundle/nifi-site-to-site-reporting-task/src/main/java/org/apache/nifi/reporting/s2s/SiteToSiteUtils.java
@@ -33,7 +33,7 @@
import org.apache.nifi.remote.protocol.http.HttpProxy;
import org.apache.nifi.remote.util.SiteToSiteRestApiClient;
import org.apache.nifi.reporting.ReportingContext;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.util.StringUtils;
@@ -147,7 +147,7 @@ public class SiteToSiteUtils {
public static SiteToSiteClient getClient(PropertyContext reportContext, ComponentLog logger, StateManager stateManager) {
final SSLContextService sslContextService = reportContext.getProperty(SiteToSiteUtils.SSL_CONTEXT).asControllerService(SSLContextService.class);
- final SSLContext sslContext = sslContextService == null ? null : sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
+ final SSLContext sslContext = sslContextService == null ? null : sslContextService.createSSLContext(ClientAuth.REQUIRED);
final EventReporter eventReporter = (EventReporter) (severity, category, message) -> {
switch (severity) {
case WARNING:
diff --git a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/main/java/org/apache/nifi/processors/solr/SolrUtils.java b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/main/java/org/apache/nifi/processors/solr/SolrUtils.java
index af1f2a49755f..5f8a51af2a53 100644
--- a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/main/java/org/apache/nifi/processors/solr/SolrUtils.java
+++ b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/main/java/org/apache/nifi/processors/solr/SolrUtils.java
@@ -55,7 +55,7 @@
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.io.OutputStreamCallback;
import org.apache.nifi.processor.util.StandardValidators;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.serialization.RecordSetWriterFactory;
import org.apache.nifi.serialization.record.DataType;
import org.apache.nifi.serialization.record.ListRecordSet;
@@ -251,7 +251,7 @@ public static synchronized SolrClient createSolrClient(final PropertyContext con
}
if (sslContextService != null) {
- final SSLContext sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
+ final SSLContext sslContext = sslContextService.createSSLContext(ClientAuth.REQUIRED);
final SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext);
HttpClientUtil.setSchemaRegistryProvider(new HttpClientUtil.SchemaRegistryProvider() {
@Override
@@ -326,7 +326,7 @@ public static OutputStreamCallback getOutputStreamCallbackToTransformSolrRespons
* Writes each SolrDocument in XML format to the OutputStream.
*/
private static class QueryResponseOutputStreamCallback implements OutputStreamCallback {
- private QueryResponse response;
+ private final QueryResponse response;
public QueryResponseOutputStreamCallback(QueryResponse response) {
this.response = response;
diff --git a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/MockSSLContextService.java b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/MockSSLContextService.java
index f4e1222a499b..fd66a6159b71 100644
--- a/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/MockSSLContextService.java
+++ b/nifi-nar-bundles/nifi-solr-bundle/nifi-solr-processors/src/test/java/org/apache/nifi/processors/solr/MockSSLContextService.java
@@ -19,7 +19,6 @@
import javax.net.ssl.SSLContext;
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.processor.exception.ProcessException;
-import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.ssl.SSLContextService;
@@ -29,13 +28,19 @@
* // TODO: Remove and use regular mocking or Groovy rather than shell implementation
*/
public class MockSSLContextService extends AbstractControllerService implements SSLContextService {
+
@Override
public TlsConfiguration createTlsConfiguration() {
return null;
}
@Override
- public SSLContext createSSLContext(SslContextFactory.ClientAuth clientAuth) throws ProcessException {
+ public SSLContext createSSLContext(org.apache.nifi.security.util.ClientAuth clientAuth) throws ProcessException {
+ return null;
+ }
+
+ @Override
+ public SSLContext createSSLContext(SSLContextService.ClientAuth clientAuth) throws ProcessException {
return null;
}
diff --git a/nifi-nar-bundles/nifi-spark-bundle/nifi-livy-controller-service/src/main/java/org/apache/nifi/controller/livy/LivySessionController.java b/nifi-nar-bundles/nifi-spark-bundle/nifi-livy-controller-service/src/main/java/org/apache/nifi/controller/livy/LivySessionController.java
index 7a9cf572887a..44a1fd5d493c 100644
--- a/nifi-nar-bundles/nifi-spark-bundle/nifi-livy-controller-service/src/main/java/org/apache/nifi/controller/livy/LivySessionController.java
+++ b/nifi-nar-bundles/nifi-spark-bundle/nifi-livy-controller-service/src/main/java/org/apache/nifi/controller/livy/LivySessionController.java
@@ -76,7 +76,7 @@
import org.apache.nifi.kerberos.KerberosCredentialsService;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.processor.util.StandardValidators;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jettison.json.JSONException;
@@ -182,7 +182,7 @@ public class LivySessionController extends AbstractControllerService implements
private volatile String controllerKind;
private volatile String jars;
private volatile String files;
- private volatile Map sessions = new ConcurrentHashMap<>();
+ private final Map sessions = new ConcurrentHashMap<>();
private volatile SSLContextService sslContextService;
private volatile SSLContext sslContext;
private volatile int connectTimeout;
@@ -225,7 +225,7 @@ public void onConfigured(final ConfigurationContext context) {
final String jars = context.getProperty(JARS).evaluateAttributeExpressions().getValue();
final String files = context.getProperty(FILES).evaluateAttributeExpressions().getValue();
sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
- sslContext = sslContextService == null ? null : sslContextService.createSSLContext(SslContextFactory.ClientAuth.NONE);
+ sslContext = sslContextService == null ? null : sslContextService.createSSLContext(ClientAuth.NONE);
connectTimeout = Math.toIntExact(context.getProperty(CONNECT_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS));
credentialsService = context.getProperty(KERBEROS_CREDENTIALS_SERVICE).asControllerService(KerberosCredentialsService.class);
diff --git a/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-processors/src/main/java/org/apache/nifi/processors/splunk/PutSplunk.java b/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-processors/src/main/java/org/apache/nifi/processors/splunk/PutSplunk.java
index 45c47072f0c1..7e15c1470cd6 100644
--- a/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-processors/src/main/java/org/apache/nifi/processors/splunk/PutSplunk.java
+++ b/nifi-nar-bundles/nifi-splunk-bundle/nifi-splunk-processors/src/main/java/org/apache/nifi/processors/splunk/PutSplunk.java
@@ -45,7 +45,7 @@
import org.apache.nifi.processor.io.InputStreamCallback;
import org.apache.nifi.processor.util.put.AbstractPutEventProcessor;
import org.apache.nifi.processor.util.put.sender.ChannelSender;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.stream.io.ByteCountingInputStream;
import org.apache.nifi.stream.io.StreamUtils;
@@ -120,7 +120,7 @@ protected ChannelSender createSender(ProcessContext context) throws IOException
SSLContext sslContext = null;
if (sslContextService != null) {
- sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
+ sslContext = sslContextService.createSSLContext(ClientAuth.REQUIRED);
}
return createSender(protocol, host, port, timeout, maxSendBuffer, sslContext);
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java
index b20736285567..54a9bda6ef60 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java
@@ -98,8 +98,8 @@
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.standard.util.HTTPUtils;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.KeyStoreUtils;
-import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.util.StopWatch;
import org.apache.nifi.util.Tuple;
@@ -241,7 +241,7 @@ public class GetHTTP extends AbstractSessionFactoryProcessor {
private Set relationships;
private List properties;
- private volatile List customHeaders = new ArrayList<>();
+ private final List customHeaders = new ArrayList<>();
private final AtomicBoolean clearState = new AtomicBoolean(false);
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenRELP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenRELP.java
index d1e6cacd638b..09a68eb35bd0 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenRELP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenRELP.java
@@ -57,7 +57,7 @@
import org.apache.nifi.processors.standard.relp.handler.RELPSocketChannelHandlerFactory;
import org.apache.nifi.processors.standard.relp.response.RELPChannelResponse;
import org.apache.nifi.processors.standard.relp.response.RELPResponse;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;
@@ -90,8 +90,8 @@ public class ListenRELP extends AbstractListenEventBatchingProcessor
.displayName("Client Auth")
.description("The client authentication policy to use for the SSL Context. Only used if an SSL Context Service is provided.")
.required(false)
- .allowableValues(SslContextFactory.ClientAuth.values())
- .defaultValue(SslContextFactory.ClientAuth.REQUIRED.name())
+ .allowableValues(ClientAuth.values())
+ .defaultValue(ClientAuth.REQUIRED.name())
.build();
private volatile RELPEncoder relpEncoder;
@@ -139,13 +139,13 @@ protected ChannelDispatcher createDispatcher(final ProcessContext context, final
// if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
SSLContext sslContext = null;
- SslContextFactory.ClientAuth clientAuth = null;
+ ClientAuth clientAuth = null;
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
- sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.valueOf(clientAuthValue));
- clientAuth = SslContextFactory.ClientAuth.valueOf(clientAuthValue);
+ sslContext = sslContextService.createSSLContext(ClientAuth.valueOf(clientAuthValue));
+ clientAuth = ClientAuth.valueOf(clientAuthValue);
}
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenSyslog.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenSyslog.java
index a4d623bd7a70..77a9a2800799 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenSyslog.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenSyslog.java
@@ -70,7 +70,7 @@
import org.apache.nifi.processor.util.listen.handler.ChannelHandlerFactory;
import org.apache.nifi.processor.util.listen.handler.socket.SocketChannelHandlerFactory;
import org.apache.nifi.processor.util.listen.response.ChannelResponder;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.syslog.attributes.SyslogAttributes;
@@ -184,8 +184,8 @@ public class ListenSyslog extends AbstractSyslogProcessor {
.displayName("Client Auth")
.description("The client authentication policy to use for the SSL Context. Only used if an SSL Context Service is provided.")
.required(false)
- .allowableValues(SslContextFactory.ClientAuth.values())
- .defaultValue(SslContextFactory.ClientAuth.REQUIRED.name())
+ .allowableValues(ClientAuth.values())
+ .defaultValue(ClientAuth.REQUIRED.name())
.build();
public static final Relationship REL_SUCCESS = new Relationship.Builder()
@@ -204,7 +204,7 @@ public class ListenSyslog extends AbstractSyslogProcessor {
private volatile SyslogParser parser;
private volatile BlockingQueue bufferPool;
private volatile BlockingQueue syslogEvents;
- private volatile BlockingQueue errorEvents = new LinkedBlockingQueue<>();
+ private final BlockingQueue errorEvents = new LinkedBlockingQueue<>();
private volatile byte[] messageDemarcatorBytes; //it is only the array reference that is volatile - not the contents.
@Override
@@ -345,12 +345,12 @@ protected ChannelDispatcher createChannelReader(final ProcessContext context, fi
} else {
// if an SSLContextService was provided then create an SSLContext to pass down to the dispatcher
SSLContext sslContext = null;
- SslContextFactory.ClientAuth clientAuth = null;
+ ClientAuth clientAuth = null;
if (sslContextService != null) {
final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
- sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.valueOf(clientAuthValue));
- clientAuth = SslContextFactory.ClientAuth.valueOf(clientAuthValue);
+ sslContext = sslContextService.createSSLContext(ClientAuth.valueOf(clientAuthValue));
+ clientAuth = ClientAuth.valueOf(clientAuthValue);
}
final ChannelHandlerFactory, AsyncChannelDispatcher> handlerFactory = new SocketChannelHandlerFactory<>();
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenTCP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenTCP.java
index 61a962471b33..8359221283dd 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenTCP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenTCP.java
@@ -49,7 +49,7 @@
import org.apache.nifi.processor.util.listen.event.StandardEventFactory;
import org.apache.nifi.processor.util.listen.handler.ChannelHandlerFactory;
import org.apache.nifi.processor.util.listen.handler.socket.SocketChannelHandlerFactory;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;
@@ -79,8 +79,8 @@ public class ListenTCP extends AbstractListenEventBatchingProcessor eventFactory = new StandardEventFactory();
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenTCPRecord.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenTCPRecord.java
index 100711696caa..5aad87cdc55c 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenTCPRecord.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenTCPRecord.java
@@ -64,7 +64,7 @@
import org.apache.nifi.processor.util.listen.ListenerProperties;
import org.apache.nifi.record.listen.SocketChannelRecordReader;
import org.apache.nifi.record.listen.SocketChannelRecordReaderDispatcher;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.serialization.RecordReader;
import org.apache.nifi.serialization.RecordReaderFactory;
import org.apache.nifi.serialization.RecordSetWriter;
@@ -190,8 +190,8 @@ public class ListenTCPRecord extends AbstractProcessor {
.displayName("Client Auth")
.description("The client authentication policy to use for the SSL Context. Only used if an SSL Context Service is provided.")
.required(false)
- .allowableValues(SslContextFactory.ClientAuth.values())
- .defaultValue(SslContextFactory.ClientAuth.REQUIRED.name())
+ .allowableValues(ClientAuth.values())
+ .defaultValue(ClientAuth.REQUIRED.name())
.build();
static final Relationship REL_SUCCESS = new Relationship.Builder()
@@ -228,7 +228,7 @@ public class ListenTCPRecord extends AbstractProcessor {
private volatile int port;
private volatile SocketChannelRecordReaderDispatcher dispatcher;
- private volatile BlockingQueue socketReaders = new LinkedBlockingQueue<>();
+ private final BlockingQueue socketReaders = new LinkedBlockingQueue<>();
@Override
public Set getRelationships() {
@@ -276,12 +276,12 @@ public void onScheduled(final ProcessContext context) throws IOException {
}
SSLContext sslContext = null;
- SslContextFactory.ClientAuth clientAuth = null;
+ ClientAuth clientAuth = null;
final SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
final String clientAuthValue = context.getProperty(CLIENT_AUTH).getValue();
- sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.valueOf(clientAuthValue));
- clientAuth = SslContextFactory.ClientAuth.valueOf(clientAuthValue);
+ sslContext = sslContextService.createSSLContext(ClientAuth.valueOf(clientAuthValue));
+ clientAuth = ClientAuth.valueOf(clientAuthValue);
}
// create a ServerSocketChannel in non-blocking mode and bind to the given address and port
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PutSyslog.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PutSyslog.java
index dae38351c1ce..3691770ed3bf 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PutSyslog.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PutSyslog.java
@@ -54,7 +54,7 @@
import org.apache.nifi.processor.util.put.sender.DatagramChannelSender;
import org.apache.nifi.processor.util.put.sender.SSLSocketChannelSender;
import org.apache.nifi.processor.util.put.sender.SocketChannelSender;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.syslog.parsers.SyslogParser;
import org.apache.nifi.util.StopWatch;
@@ -249,7 +249,7 @@ protected ChannelSender createSender(final SSLContextService sslContextService,
} else {
// if an SSLContextService is provided then we make a secure sender
if (sslContextService != null) {
- final SSLContext sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
+ final SSLContext sslContext = sslContextService.createSSLContext(ClientAuth.REQUIRED);
sender = new SSLSocketChannelSender(host, port, maxSendBufferSize, sslContext, getLogger());
} else {
sender = new SocketChannelSender(host, port, maxSendBufferSize, getLogger());
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PutTCP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PutTCP.java
index de28fac99400..798fb5ca5a41 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PutTCP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PutTCP.java
@@ -42,7 +42,7 @@
import org.apache.nifi.processor.util.put.AbstractPutEventProcessor;
import org.apache.nifi.processor.util.put.sender.ChannelSender;
import org.apache.nifi.processor.util.put.sender.SocketChannelSender;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.util.StopWatch;
@@ -115,7 +115,7 @@ protected ChannelSender createSender(final ProcessContext context) throws IOExce
SSLContext sslContext = null;
if (sslContextService != null) {
- sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
+ sslContext = sslContextService.createSSLContext(ClientAuth.REQUIRED);
}
return createSender(protocol, hostname, port, timeout, bufferSize, sslContext);
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/processors/standard/TestGetHTTPGroovy.groovy b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/processors/standard/TestGetHTTPGroovy.groovy
index a01874d823b9..58b6293a27a4 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/processors/standard/TestGetHTTPGroovy.groovy
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/processors/standard/TestGetHTTPGroovy.groovy
@@ -366,7 +366,7 @@ class TestGetHTTPGroovy extends GroovyTestCase {
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_TYPE, KEYSTORE_TYPE)
runner.setProperty(sslContextService, StandardSSLContextService.SSL_ALGORITHM, protocol)
runner.enableControllerService(sslContextService)
- def sslContext = sslContextService.createSSLContext(org.apache.nifi.security.util.SslContextFactory.ClientAuth.NONE)
+ def sslContext = sslContextService.createSSLContext(org.apache.nifi.security.util.ClientAuth.NONE)
logger.info("GetHTTP supported protocols: ${sslContext.protocol}")
logger.info("GetHTTP supported cipher suites: ${sslContext.supportedSSLParameters.cipherSuites}")
}
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/processors/standard/TestPostHTTPGroovy.groovy b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/processors/standard/TestPostHTTPGroovy.groovy
index 8b96bdc18990..73519435a3f8 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/processors/standard/TestPostHTTPGroovy.groovy
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/processors/standard/TestPostHTTPGroovy.groovy
@@ -330,7 +330,7 @@ class TestPostHTTPGroovy extends GroovyTestCase {
runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_TYPE, KEYSTORE_TYPE)
runner.setProperty(sslContextService, StandardSSLContextService.SSL_ALGORITHM, protocol)
runner.enableControllerService(sslContextService)
- def sslContext = sslContextService.createSSLContext(org.apache.nifi.security.util.SslContextFactory.ClientAuth.NONE)
+ def sslContext = sslContextService.createSSLContext(org.apache.nifi.security.util.ClientAuth.NONE)
logger.info("PostHTTP supported protocols: ${sslContext.protocol}")
logger.info("PostHTTP supported cipher suites: ${sslContext.supportedSSLParameters.cipherSuites}")
}
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ITestHandleHttpRequest.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ITestHandleHttpRequest.java
index 93510ee3a9c4..ece1a93b964c 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ITestHandleHttpRequest.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ITestHandleHttpRequest.java
@@ -59,8 +59,9 @@
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processors.standard.util.HTTPUtils;
import org.apache.nifi.reporting.InitializationException;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.ssl.StandardRestrictedSSLContextService;
@@ -105,7 +106,7 @@ private static Map getServerKeystoreProperties() {
return properties;
}
- private static SSLContext useSSLContextService(final TestRunner controller, final Map sslProperties, SslContextFactory.ClientAuth clientAuth) {
+ private static SSLContext useSSLContextService(final TestRunner controller, final Map sslProperties, ClientAuth clientAuth) {
final SSLContextService service = new StandardRestrictedSSLContextService();
try {
controller.addControllerService("ssl-service", service, sslProperties);
@@ -121,10 +122,10 @@ private static SSLContext useSSLContextService(final TestRunner controller, fina
@Before
public void setUp() throws Exception {
- clientTlsConfiguration = new TlsConfiguration(CLIENT_KEYSTORE, KEYSTORE_PASSWORD, null, CLIENT_KEYSTORE_TYPE,
- TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
- trustOnlyTlsConfiguration = new TlsConfiguration(null, null, null, null,
- TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ clientTlsConfiguration = new StandardTlsConfiguration(CLIENT_KEYSTORE, KEYSTORE_PASSWORD, null, CLIENT_KEYSTORE_TYPE,
+ TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
+ trustOnlyTlsConfiguration = new StandardTlsConfiguration(null, null, null, null,
+ TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
}
@After
@@ -580,8 +581,8 @@ private void secureTest(boolean twoWaySsl) throws Exception {
final Map sslProperties = getServerKeystoreProperties();
sslProperties.putAll(getTruststoreProperties());
- sslProperties.put(StandardSSLContextService.SSL_ALGORITHM.getName(), CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
- useSSLContextService(runner, sslProperties, twoWaySsl ? SslContextFactory.ClientAuth.REQUIRED : SslContextFactory.ClientAuth.NONE);
+ sslProperties.put(StandardSSLContextService.SSL_ALGORITHM.getName(), TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
+ useSSLContextService(runner, sslProperties, twoWaySsl ? ClientAuth.REQUIRED : ClientAuth.NONE);
final Thread httpThread = new Thread(new Runnable() {
@Override
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenHTTP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenHTTP.java
index e2e90115556e..4fc8661627d5 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenHTTP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenHTTP.java
@@ -46,8 +46,8 @@
import org.apache.nifi.processor.ProcessSessionFactory;
import org.apache.nifi.remote.io.socket.NetworkUtils;
import org.apache.nifi.reporting.InitializationException;
-import org.apache.nifi.security.util.CertificateUtils;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.ssl.SSLContextService;
@@ -106,10 +106,10 @@ public void setup() throws IOException {
runner.setVariable(PORT_VARIABLE, Integer.toString(availablePort));
runner.setVariable(BASEPATH_VARIABLE, HTTP_BASE_PATH);
- clientTlsConfiguration = new TlsConfiguration(CLIENT_KEYSTORE, KEYSTORE_PASSWORD, null, CLIENT_KEYSTORE_TYPE,
- TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
- trustOnlyTlsConfiguration = new TlsConfiguration(null, null, null, null,
- TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ clientTlsConfiguration = new StandardTlsConfiguration(CLIENT_KEYSTORE, KEYSTORE_PASSWORD, null, CLIENT_KEYSTORE_TYPE,
+ TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
+ trustOnlyTlsConfiguration = new StandardTlsConfiguration(null, null, null, null,
+ TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
}
@After
@@ -157,7 +157,7 @@ public void testPOSTRequestsReturnCodeReceivedWithEL() throws Exception {
@Test
public void testSecurePOSTRequestsReceivedWithoutEL() throws Exception {
SSLContextService sslContextService = configureProcessorSslContextService(false);
- runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
runner.enableControllerService(sslContextService);
runner.setProperty(ListenHTTP.PORT, Integer.toString(availablePort));
@@ -170,7 +170,7 @@ public void testSecurePOSTRequestsReceivedWithoutEL() throws Exception {
@Test
public void testSecurePOSTRequestsReturnCodeReceivedWithoutEL() throws Exception {
SSLContextService sslContextService = configureProcessorSslContextService(false);
- runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
runner.enableControllerService(sslContextService);
runner.setProperty(ListenHTTP.PORT, Integer.toString(availablePort));
@@ -184,7 +184,7 @@ public void testSecurePOSTRequestsReturnCodeReceivedWithoutEL() throws Exception
@Test
public void testSecurePOSTRequestsReceivedWithEL() throws Exception {
SSLContextService sslContextService = configureProcessorSslContextService(false);
- runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
runner.enableControllerService(sslContextService);
runner.setProperty(ListenHTTP.PORT, HTTP_SERVER_PORT_EL);
@@ -197,7 +197,7 @@ public void testSecurePOSTRequestsReceivedWithEL() throws Exception {
@Test
public void testSecurePOSTRequestsReturnCodeReceivedWithEL() throws Exception {
SSLContextService sslContextService = configureProcessorSslContextService(false);
- runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
runner.enableControllerService(sslContextService);
runner.setProperty(ListenHTTP.PORT, Integer.toString(availablePort));
@@ -211,7 +211,7 @@ public void testSecurePOSTRequestsReturnCodeReceivedWithEL() throws Exception {
@Test
public void testSecureTwoWaySslPOSTRequestsReceivedWithoutEL() throws Exception {
SSLContextService sslContextService = configureProcessorSslContextService(true);
- runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
runner.enableControllerService(sslContextService);
runner.setProperty(ListenHTTP.PORT, Integer.toString(availablePort));
@@ -224,7 +224,7 @@ public void testSecureTwoWaySslPOSTRequestsReceivedWithoutEL() throws Exception
@Test
public void testSecureTwoWaySslPOSTRequestsReturnCodeReceivedWithoutEL() throws Exception {
SSLContextService sslContextService = configureProcessorSslContextService(true);
- runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
runner.enableControllerService(sslContextService);
runner.setProperty(ListenHTTP.PORT, Integer.toString(availablePort));
@@ -238,7 +238,7 @@ public void testSecureTwoWaySslPOSTRequestsReturnCodeReceivedWithoutEL() throws
@Test
public void testSecureTwoWaySslPOSTRequestsReceivedWithEL() throws Exception {
SSLContextService sslContextService = configureProcessorSslContextService(true);
- runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
runner.enableControllerService(sslContextService);
runner.setProperty(ListenHTTP.PORT, HTTP_SERVER_PORT_EL);
@@ -251,7 +251,7 @@ public void testSecureTwoWaySslPOSTRequestsReceivedWithEL() throws Exception {
@Test
public void testSecureTwoWaySslPOSTRequestsReturnCodeReceivedWithEL() throws Exception {
SSLContextService sslContextService = configureProcessorSslContextService(true);
- runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ runner.setProperty(sslContextService, StandardRestrictedSSLContextService.RESTRICTED_SSL_ALGORITHM, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
runner.enableControllerService(sslContextService);
runner.setProperty(ListenHTTP.PORT, Integer.toString(availablePort));
@@ -265,7 +265,7 @@ public void testSecureTwoWaySslPOSTRequestsReturnCodeReceivedWithEL() throws Exc
@Test
public void testSecureInvalidSSLConfiguration() throws Exception {
SSLContextService sslContextService = configureInvalidProcessorSslContextService();
- runner.setProperty(sslContextService, StandardSSLContextService.SSL_ALGORITHM, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ runner.setProperty(sslContextService, StandardSSLContextService.SSL_ALGORITHM, TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
runner.enableControllerService(sslContextService);
runner.setProperty(ListenHTTP.PORT, HTTP_SERVER_PORT_EL);
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenRELP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenRELP.java
index f651f363aace..aa6f6baeac64 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenRELP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenRELP.java
@@ -38,7 +38,7 @@
import org.apache.nifi.provenance.ProvenanceEventRecord;
import org.apache.nifi.provenance.ProvenanceEventType;
import org.apache.nifi.reporting.InitializationException;
-import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.ssl.SSLContextService;
import org.apache.nifi.ssl.StandardSSLContextService;
import org.apache.nifi.util.MockFlowFile;
@@ -226,7 +226,7 @@ protected void run(final List frames, final int expectedTransferred,
// create either a regular socket or ssl socket based on context being passed in
if (sslContextService != null) {
- final SSLContext sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.REQUIRED);
+ final SSLContext sslContext = sslContextService.createSSLContext(ClientAuth.REQUIRED);
socket = sslContext.getSocketFactory().createSocket("localhost", realPort);
} else {
socket = new Socket("localhost", realPort);
@@ -283,7 +283,7 @@ private void sendFrames(final List frames, final Socket socket) throw
// Extend ListenRELP so we can use the CapturingSocketChannelResponseDispatcher
private static class ResponseCapturingListenRELP extends ListenRELP {
- private List responses = new ArrayList<>();
+ private final List responses = new ArrayList<>();
@Override
protected void respond(RELPEvent event, RELPResponse relpResponse) {
@@ -295,7 +295,7 @@ protected void respond(RELPEvent event, RELPResponse relpResponse) {
// Extend ListenRELP to mock the ChannelDispatcher and allow us to return staged events
private static class MockListenRELP extends ListenRELP {
- private List mockEvents;
+ private final List mockEvents;
public MockListenRELP(List mockEvents) {
this.mockEvents = mockEvents;
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenTCP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenTCP.java
index 428994b1cfc5..c2bb828b8923 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenTCP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenTCP.java
@@ -26,7 +26,9 @@
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSessionFactory;
import org.apache.nifi.reporting.InitializationException;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.ssl.SSLContextService;
@@ -65,9 +67,9 @@ public void setup() {
runner = TestRunners.newTestRunner(proc);
runner.setProperty(ListenTCP.PORT, "0");
- clientTlsConfiguration = new TlsConfiguration(CLIENT_KEYSTORE, KEYSTORE_PASSWORD, null, CLIENT_KEYSTORE_TYPE,
+ clientTlsConfiguration = new StandardTlsConfiguration(CLIENT_KEYSTORE, KEYSTORE_PASSWORD, null, CLIENT_KEYSTORE_TYPE,
TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, TLS_PROTOCOL_VERSION);
- trustOnlyTlsConfiguration = new TlsConfiguration(null, null, null, null,
+ trustOnlyTlsConfiguration = new StandardTlsConfiguration(null, null, null, null,
TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, TLS_PROTOCOL_VERSION);
}
@@ -80,7 +82,7 @@ public void testCustomValidate() throws InitializationException {
runner.setProperty(ListenTCP.CLIENT_AUTH, "");
runner.assertNotValid();
- runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
+ runner.setProperty(ListenTCP.CLIENT_AUTH, ClientAuth.REQUIRED.name());
runner.assertValid();
}
@@ -127,7 +129,7 @@ public void testListenTCPBatching() throws IOException, InterruptedException {
public void testTLSClientAuthRequiredAndClientCertProvided() throws InitializationException, IOException, InterruptedException,
TlsException {
- runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
+ runner.setProperty(ListenTCP.CLIENT_AUTH, ClientAuth.REQUIRED.name());
configureProcessorSslContextService();
final List messages = new ArrayList<>();
@@ -138,7 +140,7 @@ public void testTLSClientAuthRequiredAndClientCertProvided() throws Initializati
messages.add("This is message 5\n");
// Make an SSLContext with a key and trust store to send the test messages
- final SSLContext clientSslContext = SslContextFactory.createSslContext(clientTlsConfiguration, SslContextFactory.ClientAuth.NONE);
+ final SSLContext clientSslContext = SslContextFactory.createSslContext(clientTlsConfiguration, ClientAuth.NONE);
runTCP(messages, messages.size(), clientSslContext);
@@ -151,7 +153,7 @@ public void testTLSClientAuthRequiredAndClientCertProvided() throws Initializati
@Test
public void testTLSClientAuthRequiredAndClientCertNotProvided() throws InitializationException, TlsException {
- runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
+ runner.setProperty(ListenTCP.CLIENT_AUTH, ClientAuth.REQUIRED.name());
configureProcessorSslContextService();
final List messages = new ArrayList<>();
@@ -175,7 +177,7 @@ public void testTLSClientAuthRequiredAndClientCertNotProvided() throws Initializ
@Test
public void testTLSClientAuthNoneAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException, TlsException {
- runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.NONE.name());
+ runner.setProperty(ListenTCP.CLIENT_AUTH, ClientAuth.NONE.name());
configureProcessorSslContextService();
final List messages = new ArrayList<>();
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenTCPRecord.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenTCPRecord.java
index 91707deaa763..8af404cfd434 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenTCPRecord.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenTCPRecord.java
@@ -30,7 +30,9 @@
import org.apache.nifi.processor.ProcessSessionFactory;
import org.apache.nifi.reporting.InitializationException;
import org.apache.nifi.schema.access.SchemaAccessUtils;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.serialization.RecordReaderFactory;
@@ -113,9 +115,9 @@ public void setup() throws InitializationException {
runner.setProperty(ListenTCPRecord.RECORD_READER, readerId);
runner.setProperty(ListenTCPRecord.RECORD_WRITER, writerId);
- clientTlsConfiguration = new TlsConfiguration(CLIENT_KEYSTORE, KEYSTORE_PASSWORD, null, CLIENT_KEYSTORE_TYPE,
+ clientTlsConfiguration = new StandardTlsConfiguration(CLIENT_KEYSTORE, KEYSTORE_PASSWORD, null, CLIENT_KEYSTORE_TYPE,
TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, TLS_PROTOCOL_VERSION);
- trustOnlyTlsConfiguration = new TlsConfiguration(null, null, null, null,
+ trustOnlyTlsConfiguration = new StandardTlsConfiguration(null, null, null, null,
TRUSTSTORE, TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, TLS_PROTOCOL_VERSION);
}
@@ -128,7 +130,7 @@ public void testCustomValidate() throws InitializationException {
runner.setProperty(ListenTCPRecord.CLIENT_AUTH, "");
runner.assertNotValid();
- runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
+ runner.setProperty(ListenTCPRecord.CLIENT_AUTH, ClientAuth.REQUIRED.name());
runner.assertValid();
}
@@ -171,7 +173,7 @@ public void testMultipleRecordsPerFlowFileLessThanBatchSize() throws IOException
@Test
public void testTLSClientAuthRequiredAndClientCertProvided() throws InitializationException, IOException, InterruptedException, TlsException {
- runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
+ runner.setProperty(ListenTCPRecord.CLIENT_AUTH, ClientAuth.REQUIRED.name());
configureProcessorSslContextService();
// Make an SSLContext with a key and trust store to send the test messages
@@ -192,7 +194,7 @@ public void testTLSClientAuthRequiredAndClientCertProvided() throws Initializati
@Test
public void testTLSClientAuthRequiredAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException, TlsException {
- runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
+ runner.setProperty(ListenTCPRecord.CLIENT_AUTH, ClientAuth.REQUIRED.name());
runner.setProperty(ListenTCPRecord.READ_TIMEOUT, "5 seconds");
configureProcessorSslContextService();
@@ -205,7 +207,7 @@ public void testTLSClientAuthRequiredAndClientCertNotProvided() throws Initializ
@Test
public void testTLSClientAuthNoneAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException, TlsException {
- runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SslContextFactory.ClientAuth.NONE.name());
+ runner.setProperty(ListenTCPRecord.CLIENT_AUTH, ClientAuth.NONE.name());
configureProcessorSslContextService();
// Make an SSLContext that only has the trust store, this should work since the processor has client auth NONE
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/util/TCPTestServer.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/util/TCPTestServer.java
index de33da0e43b6..8be0bcb31470 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/util/TCPTestServer.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/util/TCPTestServer.java
@@ -26,8 +26,9 @@
import java.util.concurrent.ArrayBlockingQueue;
import javax.net.ServerSocketFactory;
import javax.net.ssl.SSLContext;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
public class TCPTestServer implements Runnable {
@@ -54,9 +55,9 @@ public TCPTestServer(final InetAddress ipAddress, final ArrayBlockingQueue
org.apache.nifi
- nifi-security-xml-config
+ nifi-security-utils
1.13.0-SNAPSHOT
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/OAuth2TokenProviderImpl.java b/nifi-nar-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/OAuth2TokenProviderImpl.java
index dd67e040daff..0c234c49943f 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/OAuth2TokenProviderImpl.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-oauth2-provider-bundle/nifi-oauth2-provider-service/src/main/java/org/apache/nifi/oauth2/OAuth2TokenProviderImpl.java
@@ -18,6 +18,10 @@
package org.apache.nifi.oauth2;
import com.fasterxml.jackson.databind.ObjectMapper;
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+import javax.net.ssl.SSLContext;
import okhttp3.FormBody;
import okhttp3.OkHttpClient;
import okhttp3.Request;
@@ -30,17 +34,12 @@
import org.apache.nifi.controller.AbstractControllerService;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.processor.exception.ProcessException;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.security.util.OkHttpClientUtils;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.ssl.SSLContextService;
-import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.util.StringUtils;
-import javax.net.ssl.SSLContext;
-import java.io.IOException;
-import java.util.List;
-import java.util.Map;
-
@Tags({"oauth2", "provider", "authorization" })
@CapabilityDescription("This controller service provides a way of working with access and refresh tokens via the " +
"password and client_credential grant flows in the OAuth2 specification. It is meant to provide a way for components " +
@@ -53,15 +52,15 @@ public List getSupportedPropertyDescriptors() {
private String resourceServerUrl;
private SSLContext sslContext;
- private SSLContextService sslContextService;
+ private SSLContextService sslService;
@OnEnabled
public void onEnabled(ConfigurationContext context) {
resourceServerUrl = context.getProperty(ACCESS_TOKEN_URL).evaluateAttributeExpressions().getValue();
- sslContextService = context.getProperty(SSL_CONTEXT).asControllerService(SSLContextService.class);
+ sslService = context.getProperty(SSL_CONTEXT).asControllerService(SSLContextService.class);
- sslContext = sslContextService == null ? null : sslContextService.createSSLContext(SslContextFactory.ClientAuth.NONE);
+ sslContext = sslService == null ? null : sslService.createSSLContext(ClientAuth.NONE);
}
@@ -90,8 +89,8 @@ public AccessToken getAccessTokenByPassword(String clientId, String clientSecret
private OkHttpClient.Builder getClientBuilder() {
OkHttpClient.Builder clientBuilder = new OkHttpClient.Builder();
- if (sslContextService != null) {
- final TlsConfiguration tlsConfiguration = sslContextService.createTlsConfiguration();
+ if (sslService != null) {
+ final TlsConfiguration tlsConfiguration = sslService.createTlsConfiguration();
OkHttpClientUtils.applyTlsToOkHttpClientBuilder(tlsConfiguration, clientBuilder);
}
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardRestrictedSSLContextService.java b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardRestrictedSSLContextService.java
index ed8382ad2f12..14d259f46613 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardRestrictedSSLContextService.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardRestrictedSSLContextService.java
@@ -17,12 +17,17 @@
package org.apache.nifi.ssl;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collections;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
+import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.processor.util.StandardValidators;
+import org.apache.nifi.security.util.TlsConfiguration;
/**
* This class is functionally the same as {@link StandardSSLContextService}, but it restricts the allowable
@@ -42,7 +47,7 @@ public class StandardRestrictedSSLContextService extends StandardSSLContextServi
.displayName("TLS Protocol")
.defaultValue("TLS")
.required(false)
- .allowableValues(RestrictedSSLContextService.buildAlgorithmAllowableValues())
+ .allowableValues(buildAlgorithmAllowableValues())
.description(StandardSSLContextService.COMMON_TLS_PROTOCOL_DESCRIPTION +
"On Java 11, for example, TLSv1.3 will be the default, but if a client does not support it, TLSv1.2 will be offered as a fallback. TLSv1.0 and TLSv1.1 are not supported at all. ")
.addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
@@ -73,4 +78,22 @@ protected List getSupportedPropertyDescriptors() {
public String getSslAlgorithm() {
return configContext.getProperty(RESTRICTED_SSL_ALGORITHM).getValue();
}
+
+ /**
+ * Build a restricted set of allowable TLS protocol algorithms.
+ *
+ * @return the computed set of allowable values
+ */
+ static AllowableValue[] buildAlgorithmAllowableValues() {
+ final Set supportedProtocols = new HashSet<>();
+
+ supportedProtocols.add("TLS");
+
+ /*
+ * Add specifically supported TLS versions
+ */
+ supportedProtocols.addAll(Arrays.asList(TlsConfiguration.getCurrentSupportedTlsProtocolVersions()));
+
+ return SSLContextService.formAllowableValues(supportedProtocols);
+ }
}
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardSSLContextService.java b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardSSLContextService.java
index 6e2878a3f957..1f75fb4d562d 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardSSLContextService.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardSSLContextService.java
@@ -40,6 +40,7 @@
import org.apache.nifi.security.util.KeyStoreUtils;
import org.apache.nifi.security.util.KeystoreType;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.util.StringUtils;
@@ -229,13 +230,21 @@ protected int getValidationCacheExpiration() {
*/
@Override
public TlsConfiguration createTlsConfiguration() {
- return new TlsConfiguration(getKeyStoreFile(), getKeyStorePassword(),
+ return new StandardTlsConfiguration(getKeyStoreFile(), getKeyStorePassword(),
getKeyPassword(), getKeyStoreType(), getTrustStoreFile(),
getTrustStorePassword(), getTrustStoreType(), getSslAlgorithm());
}
+ /**
+ * Returns a configured {@link SSLContext} from the populated configuration values. This method is preferred
+ * over the overloaded method which accepts the deprecated {@link ClientAuth} enum.
+ *
+ * @param clientAuth the desired level of client authentication
+ * @return the configured SSLContext
+ * @throws ProcessException if there is a problem configuring the context
+ */
@Override
- public SSLContext createSSLContext(final SslContextFactory.ClientAuth clientAuth) throws ProcessException {
+ public SSLContext createSSLContext(final org.apache.nifi.security.util.ClientAuth clientAuth) throws ProcessException {
try {
return SslContextFactory.createSslContext(createTlsConfiguration(), clientAuth);
} catch (TlsException e) {
@@ -244,6 +253,21 @@ public SSLContext createSSLContext(final SslContextFactory.ClientAuth clientAuth
}
}
+ /**
+ * Returns a configured {@link SSLContext} from the populated configuration values. This method is deprecated
+ * due to the use of the deprecated {@link ClientAuth} enum and the overloaded method
+ * ({@link #createSSLContext(org.apache.nifi.security.util.ClientAuth)}) is preferred.
+ *
+ * @param clientAuth the desired level of client authentication
+ * @return the configured SSLContext
+ * @throws ProcessException if there is a problem configuring the context
+ */
+ @Override
+ public SSLContext createSSLContext(final ClientAuth clientAuth) throws ProcessException {
+ org.apache.nifi.security.util.ClientAuth resolvedClientAuth = org.apache.nifi.security.util.ClientAuth.valueOf(clientAuth.name());
+ return createSSLContext(resolvedClientAuth);
+ }
+
@Override
public String getTrustStoreFile() {
return configContext.getProperty(TRUSTSTORE).getValue();
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/groovy/org/apache/nifi/ssl/StandardSSLContextServiceTest.groovy b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/groovy/org/apache/nifi/ssl/StandardSSLContextServiceTest.groovy
index 51e293e0e9af..01f86e33f8e7 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/groovy/org/apache/nifi/ssl/StandardSSLContextServiceTest.groovy
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/groovy/org/apache/nifi/ssl/StandardSSLContextServiceTest.groovy
@@ -19,7 +19,7 @@ package org.apache.nifi.ssl
import org.apache.nifi.components.ValidationContext
import org.apache.nifi.components.ValidationResult
import org.apache.nifi.components.Validator
-import org.apache.nifi.security.util.SslContextFactory
+import org.apache.nifi.security.util.ClientAuth
import org.apache.nifi.state.MockStateManager
import org.apache.nifi.util.MockProcessContext
import org.apache.nifi.util.MockValidationContext
@@ -176,7 +176,7 @@ class StandardSSLContextServiceTest {
runner.assertValid(sslContextService)
// Act
- SSLContext sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = sslContextService.createSSLContext(ClientAuth.NONE)
// Assert
assert sslContext
@@ -198,7 +198,7 @@ class StandardSSLContextServiceTest {
runner.assertValid(sslContextService)
// Act
- SSLContext sslContext = sslContextService.createSSLContext(SslContextFactory.ClientAuth.NONE)
+ SSLContext sslContext = sslContextService.createSSLContext(ClientAuth.NONE)
// Assert
assert sslContext
@@ -258,4 +258,32 @@ class StandardSSLContextServiceTest {
// If the EL was evaluated, the path would be valid
assert !vr.isValid()
}
+
+ /**
+ * This test ensures that the deprecated ClientAuth enum is correctly mapped to the canonical enum.
+ */
+ @Test
+ void testShouldTranslateValidDeprecatedClientAuths() {
+ // Arrange
+ TestRunner runner = TestRunners.newTestRunner(TestProcessor.class)
+ String controllerServiceId = "ssl-context"
+ final SSLContextService sslContextService = new StandardSSLContextService()
+ runner.addControllerService(controllerServiceId, sslContextService)
+ runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE, NO_PASSWORD_TRUSTSTORE_PATH)
+ runner.setProperty(sslContextService, StandardSSLContextService.TRUSTSTORE_TYPE, TRUSTSTORE_TYPE)
+ runner.enableControllerService(sslContextService)
+ runner.assertValid(sslContextService)
+
+ // Act
+ Map sslContexts = SSLContextService.ClientAuth.values().collectEntries { ca ->
+ [ca, sslContextService.createSSLContext(ca)]
+ }
+
+ // Assert
+ assert sslContexts.size() == ClientAuth.values().size()
+ sslContexts.every { clientAuth, sslContext ->
+ assert ClientAuth.isValidClientAuthType(clientAuth.name())
+ assert sslContext
+ }
+ }
}
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/java/org/apache/nifi/ssl/RestrictedSSLContextServiceTest.java b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/java/org/apache/nifi/ssl/RestrictedSSLContextServiceTest.java
index aced8d776409..61eaa0e47922 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/java/org/apache/nifi/ssl/RestrictedSSLContextServiceTest.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/java/org/apache/nifi/ssl/RestrictedSSLContextServiceTest.java
@@ -25,7 +25,7 @@
import java.util.HashSet;
import java.util.Set;
import org.apache.nifi.components.AllowableValue;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
import org.junit.Test;
public class RestrictedSSLContextServiceTest {
@@ -34,9 +34,9 @@ public class RestrictedSSLContextServiceTest {
public void testTLSAlgorithms() {
final Set expected = new HashSet<>();
expected.add("TLS");
- expected.addAll(Arrays.asList(CertificateUtils.getCurrentSupportedTlsProtocolVersions()));
+ expected.addAll(Arrays.asList(TlsConfiguration.getCurrentSupportedTlsProtocolVersions()));
- final AllowableValue[] allowableValues = RestrictedSSLContextService.buildAlgorithmAllowableValues();
+ final AllowableValue[] allowableValues = StandardRestrictedSSLContextService.buildAlgorithmAllowableValues();
assertThat(allowableValues, notNullValue());
assertThat(allowableValues.length, equalTo(expected.size()));
for(final AllowableValue value : allowableValues) {
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/java/org/apache/nifi/ssl/SSLContextServiceTest.java b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/java/org/apache/nifi/ssl/SSLContextServiceTest.java
index e654b8a09a10..5f944ba09686 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/java/org/apache/nifi/ssl/SSLContextServiceTest.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/test/java/org/apache/nifi/ssl/SSLContextServiceTest.java
@@ -38,7 +38,7 @@
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.reporting.InitializationException;
-import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
+import org.apache.nifi.security.util.ClientAuth;
import org.apache.nifi.util.MockProcessContext;
import org.apache.nifi.util.MockValidationContext;
import org.apache.nifi.util.TestRunner;
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/pom.xml b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/pom.xml
index d37025a3eae5..4d765259e6cf 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/pom.xml
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/pom.xml
@@ -28,7 +28,7 @@
org.apache.nifi
- nifi-security-utils
+ nifi-security-utils-api
1.13.0-SNAPSHOT
compile
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/RestrictedSSLContextService.java b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/RestrictedSSLContextService.java
index 2544a71a17a3..05fd136097df 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/RestrictedSSLContextService.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/RestrictedSSLContextService.java
@@ -16,50 +16,10 @@
*/
package org.apache.nifi.ssl;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-import org.apache.nifi.components.AllowableValue;
-import org.apache.nifi.security.util.CertificateUtils;
-
/**
* Simple extension of the regular {@link SSLContextService} to allow for restricted implementations
* of that interface.
*/
public interface RestrictedSSLContextService extends SSLContextService {
- /**
- * Build a restricted set of allowable TLS protocol algorithms.
- *
- * @return the computed set of allowable values
- */
- static AllowableValue[] buildAlgorithmAllowableValues() {
- final Set supportedProtocols = new HashSet<>();
-
- /*
- * Prepopulate protocols with generic instance types commonly used
- * see: http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext
- */
- supportedProtocols.add("TLS");
-
- /*
- * Add specifically supported TLS versions
- */
- supportedProtocols.addAll(Arrays.asList(CertificateUtils.getCurrentSupportedTlsProtocolVersions()));
-
- final int numProtocols = supportedProtocols.size();
-
- // Sort for consistent presentation in configuration views
- final List supportedProtocolList = new ArrayList<>(supportedProtocols);
- Collections.sort(supportedProtocolList);
-
- final List protocolAllowableValues = new ArrayList<>();
- for (final String protocol : supportedProtocolList) {
- protocolAllowableValues.add(new AllowableValue(protocol));
- }
- return protocolAllowableValues.toArray(new AllowableValue[numProtocols]);
- }
}
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/SSLContextService.java b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/SSLContextService.java
index 27e7d9389ff1..800625fa70cd 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/SSLContextService.java
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-service-api/src/main/java/org/apache/nifi/ssl/SSLContextService.java
@@ -29,7 +29,6 @@
import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.processor.exception.ProcessException;
-import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.security.util.TlsConfiguration;
/**
@@ -41,10 +40,42 @@
+ "that configuration throughout the application")
public interface SSLContextService extends ControllerService {
- // May need to back out if NAR-specific API can't be modified in minor release
TlsConfiguration createTlsConfiguration();
- SSLContext createSSLContext(final SslContextFactory.ClientAuth clientAuth) throws ProcessException;
+ /**
+ * This enum was removed in 1.12.0 but external custom code has been compiled against it, so it is returned
+ * in 1.12.1. This enum should no longer be used and any dependent code should now reference
+ * ClientAuth moving forward. This enum may be removed in a future release.
+ *
+ */
+ @Deprecated
+ enum ClientAuth {
+ WANT,
+ REQUIRED,
+ NONE
+ }
+
+ /**
+ * Returns a configured {@link SSLContext} from the populated configuration values. This method is preferred
+ * over the overloaded method which accepts the deprecated {@link ClientAuth} enum.
+ *
+ * @param clientAuth the desired level of client authentication
+ * @return the configured SSLContext
+ * @throws ProcessException if there is a problem configuring the context
+ */
+ SSLContext createSSLContext(final org.apache.nifi.security.util.ClientAuth clientAuth) throws ProcessException;
+
+ /**
+ * Returns a configured {@link SSLContext} from the populated configuration values. This method is deprecated
+ * due to the use of the deprecated {@link ClientAuth} enum and the overloaded method
+ * ({@link #createSSLContext(org.apache.nifi.security.util.ClientAuth)}) is preferred.
+ *
+ * @param clientAuth the desired level of client authentication
+ * @return the configured SSLContext
+ * @throws ProcessException if there is a problem configuring the context
+ */
+ @Deprecated
+ SSLContext createSSLContext(final ClientAuth clientAuth) throws ProcessException;
String getTrustStoreFile();
@@ -90,16 +121,27 @@ static AllowableValue[] buildAlgorithmAllowableValues() {
// ignored as default is used
}
- final int numProtocols = supportedProtocols.size();
+ return formAllowableValues(supportedProtocols);
+ }
+
+ /**
+ * Returns an array of {@link AllowableValue} objects formed from the provided
+ * set of Strings. The returned array is sorted for consistency in display order.
+ *
+ * @param rawValues the set of string values
+ * @return an array of AllowableValues
+ */
+ static AllowableValue[] formAllowableValues(Set rawValues) {
+ final int numProtocols = rawValues.size();
// Sort for consistent presentation in configuration views
- final List supportedProtocolList = new ArrayList<>(supportedProtocols);
- Collections.sort(supportedProtocolList);
+ final List valueList = new ArrayList<>(rawValues);
+ Collections.sort(valueList);
- final List protocolAllowableValues = new ArrayList<>();
- for (final String protocol : supportedProtocolList) {
- protocolAllowableValues.add(new AllowableValue(protocol));
+ final List allowableValues = new ArrayList<>();
+ for (final String protocol : valueList) {
+ allowableValues.add(new AllowableValue(protocol));
}
- return protocolAllowableValues.toArray(new AllowableValue[numProtocols]);
+ return allowableValues.toArray(new AllowableValue[numProtocols]);
}
}
diff --git a/nifi-nar-bundles/nifi-standard-services/nifi-standard-services-api-nar/pom.xml b/nifi-nar-bundles/nifi-standard-services/nifi-standard-services-api-nar/pom.xml
index 9ab9d0b5d25f..eba3d4d3a63b 100644
--- a/nifi-nar-bundles/nifi-standard-services/nifi-standard-services-api-nar/pom.xml
+++ b/nifi-nar-bundles/nifi-standard-services/nifi-standard-services-api-nar/pom.xml
@@ -37,6 +37,11 @@
nifi-ssl-context-service-api
compile
+
+ org.apache.nifi
+ nifi-security-utils-api
+ compile
+
org.apache.nifi
nifi-distributed-cache-client-service-api
diff --git a/nifi-nar-bundles/pom.xml b/nifi-nar-bundles/pom.xml
index c93bcb361ea0..0fdb2ab78d1d 100755
--- a/nifi-nar-bundles/pom.xml
+++ b/nifi-nar-bundles/pom.xml
@@ -198,6 +198,12 @@
1.13.0-SNAPSHOT
provided
+
+ org.apache.nifi
+ nifi-security-utils-api
+ 1.13.0-SNAPSHOT
+ provided
+
org.apache.nifi
nifi-load-distribution-service-api
diff --git a/nifi-toolkit/nifi-toolkit-cli/src/main/java/org/apache/nifi/toolkit/cli/impl/client/nifi/NiFiClientConfig.java b/nifi-toolkit/nifi-toolkit-cli/src/main/java/org/apache/nifi/toolkit/cli/impl/client/nifi/NiFiClientConfig.java
index fcf150149dce..ee255067a3d7 100644
--- a/nifi-toolkit/nifi-toolkit-cli/src/main/java/org/apache/nifi/toolkit/cli/impl/client/nifi/NiFiClientConfig.java
+++ b/nifi-toolkit/nifi-toolkit-cli/src/main/java/org/apache/nifi/toolkit/cli/impl/client/nifi/NiFiClientConfig.java
@@ -29,14 +29,14 @@
import javax.net.ssl.TrustManagerFactory;
import org.apache.nifi.registry.security.util.KeyStoreUtils;
import org.apache.nifi.registry.security.util.KeystoreType;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
/**
* Configuration for a NiFiClient.
*/
public class NiFiClientConfig {
- public static final String DEFAULT_PROTOCOL = CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion();
+ public static final String DEFAULT_PROTOCOL = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion();
private final String baseUrl;
private final SSLContext sslContext;
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateSigningRequestPerformer.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateSigningRequestPerformer.java
index 563c054a556b..e58ab2e9d317 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateSigningRequestPerformer.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/client/TlsCertificateSigningRequestPerformer.java
@@ -39,6 +39,7 @@
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.toolkit.tls.configuration.TlsClientConfig;
import org.apache.nifi.toolkit.tls.service.dto.TlsCertificateAuthorityRequest;
import org.apache.nifi.toolkit.tls.service.dto.TlsCertificateAuthorityResponse;
@@ -99,7 +100,7 @@ public X509Certificate[] perform(KeyPair keyPair) throws IOException {
HttpClientBuilder httpClientBuilder = httpClientBuilderSupplier.get();
SSLContextBuilder sslContextBuilder = SSLContextBuilder.create();
- sslContextBuilder.useProtocol(CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ sslContextBuilder.useProtocol(TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
// We will be validating that we are talking to the correct host once we get the response's hmac of the token and public key of the ca
sslContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityService.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityService.java
index d95ae8ec463d..bb44077ddf3f 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityService.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityService.java
@@ -25,7 +25,7 @@
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
-import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
import org.apache.nifi.toolkit.tls.manager.TlsCertificateAuthorityManager;
import org.apache.nifi.toolkit.tls.manager.writer.JsonConfigurationWriter;
@@ -63,7 +63,7 @@ private static Server createServer(Handler handler, int port, KeyStore keyStore,
Server server = new Server();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
- sslContextFactory.setIncludeProtocols(CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
+ sslContextFactory.setIncludeProtocols(TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion());
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyManagerPassword(keyPassword);
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/status/TlsToolkitGetStatusCommandLine.java b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/status/TlsToolkitGetStatusCommandLine.java
index dc5b8fde30c1..4ce1eb230ea5 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/status/TlsToolkitGetStatusCommandLine.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/status/TlsToolkitGetStatusCommandLine.java
@@ -20,8 +20,8 @@
import java.net.URISyntaxException;
import javax.net.ssl.SSLContext;
import org.apache.commons.cli.CommandLine;
-import org.apache.nifi.security.util.CertificateUtils;
import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.toolkit.tls.commandLine.BaseCommandLine;
import org.apache.nifi.toolkit.tls.commandLine.CommandLineParseException;
@@ -45,7 +45,7 @@ public class TlsToolkitGetStatusCommandLine extends BaseCommandLine {
public static final String TRUSTSTORE_PASSWORD_ARG = "trustStorePassword";
public static final String PROTOCOL_ARG = "protocol";
- public static final String DEFAULT_PROTOCOL = CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion();
+ public static final String DEFAULT_PROTOCOL = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion();
public static final String DEFAULT_KEYSTORE_TYPE = "JKS";
public static final String DESCRIPTION = "Checks the status of an HTTPS endpoint by making a GET request using a supplied keystore and truststore.";
@@ -120,7 +120,7 @@ protected void postParse(CommandLine commandLine) throws CommandLineParseExcepti
}
try {
- TlsConfiguration tlsConfiguration = new TlsConfiguration(keystoreFilename, keystorePassword, keyPassword, keystoreTypeStr,
+ TlsConfiguration tlsConfiguration = new StandardTlsConfiguration(keystoreFilename, keystorePassword, keyPassword, keystoreTypeStr,
truststoreFilename, truststorePassword, truststoreTypeStr, protocol);
if (tlsConfiguration.isAnyTruststorePopulated()) {