Improve SSL Context support in GetPolicies

[lucasmoten]

This same concern may apply to other processors initializing SSL Context in the same way.

There is not adequate support for a Key Password indepdent of the Keystore Password. The NiFi interface allows for specifying both a Keystore Password and a Key Password as shown here

The current implementation in GetPolicies only takes into account the Keystore Password when initializing the key manager
https://github.com/greymatter-io/nifi-sdk/blob/main/gmd-sdk/nifi-data-processors/src/main/scala/com/deciphernow/greymatter/data/nifi/processors/GetPolicies.java#L288-L303

The description for Key Password is as follows: The password for the key. If this is not specified, but the Keystore Filename, Password, and Type are specified, then the Keystore Password will be assumed to be the same as the Key Password.

[dborncamp]

Those lines came directly from the implementation of InvokeHttp:
https://github.com/apache/nifi/blob/rel/nifi-1.11.4/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java#L691-L706

[lucasmoten]

in 1.11.4 it doesnt call setSslSocketFactory at all from setUpClient. thats dead code

The code block looks like this for lines 647-666

        final SSLContextService sslService = context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
        final SSLContext sslContext = sslService == null ? null : sslService.createSSLContext(ClientAuth.NONE);

        // check if the ssl context is set and add the factory if so
        if (sslContext != null) {
            Tuple<SSLContext, TrustManager[]> sslContextTuple =SslContextFactory.createTrustSslContextWithTrustManagers(
                        sslService.getKeyStoreFile(),
                        sslService.getKeyStorePassword() != null ? sslService.getKeyStorePassword().toCharArray() : null,
                        sslService.getKeyPassword() != null ? sslService.getKeyPassword().toCharArray() : null,
                        sslService.getKeyStoreType(),
                        sslService.getTrustStoreFile(),
                        sslService.getTrustStorePassword() != null ? sslService.getTrustStorePassword().toCharArray() : null,
                        sslService.getTrustStoreType(),
                        SslContextFactory.ClientAuth.NONE,
                        sslService.getSslAlgorithm());
            List<X509TrustManager> x509TrustManagers = Arrays.stream(sslContextTuple.getValue())
                    .filter(trustManager -> trustManager instanceof X509TrustManager)
                    .map(trustManager -> (X509TrustManager) trustManager).collect(Collectors.toList());
            okHttpClientBuilder.sslSocketFactory(sslContextTuple.getKey().getSocketFactory(), x509TrustManagers.get(0));
            }

In 1.12.1, the logic changes again in its lines 761-766

        // Apply the TLS configuration if present
        final SSLContextService sslService = context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
        if (sslService != null) {
            final TlsConfiguration tlsConfiguration = sslService.createTlsConfiguration();
            OkHttpClientUtils.applyTlsToOkHttpClientBuilder(tlsConfiguration, okHttpClientBuilder);
        }

[lucasmoten]

Needs reassessed for whether NiFi 1.12.1+ code pattern adequately handles setting a Key Password independently of Keystore Password