NIFI-7730: Jetty server does not start up when a keystore with multiple certificates is used

[kotarot]

Thank you for submitting a contribution to Apache NiFi.

Please provide a short description of the PR here:

Description of PR

https://issues.apache.org/jira/browse/NIFI-7730

In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:

For all changes:

• Is there a JIRA ticket associated with this PR? Is it referenced
  in the commit message?

• Does your PR title start with NIFI-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.

• Has your PR been rebased against the latest commit within the target branch (typically main)?

• Is your initial contribution a single, squashed commit? Additional commits in response to PR reviewer feedback should be made on this branch and pushed to allow change tracking. Do not squash or use --force when pushing to allow for clean monitoring of changes.

For code changes:

• Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder?
• Have you written or updated unit tests to verify your changes?
• Have you verified that the full build is successful on JDK 8?
• Have you verified that the full build is successful on JDK 11?
• If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
• If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly?
• If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly?
• If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties?

For documentation related changes:

• Have you ensured that format looks appropriate for the output in which it is rendered?

Note:

Please ensure that once the PR is submitted, you check GitHub Actions CI for build issues and submit an update to your PR as soon as possible.

[bunniseng-zz]

Hey,

Apologies if this is not the right place to ask, is there any visibility to when this PR will be resolved/merged and a new build will be available for download? The SSL/multiple certificates issue blocks a critical update that's needed in an ongoing project I am working on.

Thanks

[sushilkm]

Thanks @kotarot for the work. Tested this PR with nifi-toolkit version 1.11.4, it works!!!

[alopresto]

I am currently reviewing this. While the introduction of SslContextFactory.Server does help, other changes here need to be considered, and additional regression tests need to be introduced. I am working to bring this to a stable state.

[alopresto]

@kotarot thanks for your submission. I have opened a new PR 4498 which includes these changes but also:

• removes unnecessary test exception handling
• adds regression tests for JKS and PKCS12 keystores with multiple certificates
• updates additional references to the deprecated SslContextFactory

The regression tests match empirical testing and verify that a keystore which contains multiple certificates does not prevent the application from starting.

I am closing this PR.

[kotarot]

@alopresto Thank you so much for catching up with it, Andy!