This is an automated email from the ASF dual-hosted git repository.
pvillard pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new ae2277478a NIFI-13842 Fixed truststore/keystore setup in AWS v2
components
ae2277478a is described below
commit ae2277478ae9eff44332deb03adb4934df854030
Author: Peter Turcsanyi <[email protected]>
AuthorDate: Fri Oct 4 09:57:34 2024 +0200
NIFI-13842 Fixed truststore/keystore setup in AWS v2 components
Signed-off-by: Pierre Villard <[email protected]>
This closes #9346.
---
.../nifi/processors/aws/v2/AbstractAwsAsyncProcessor.java | 6 +++---
.../nifi/processors/aws/v2/AbstractAwsProcessor.java | 15 +++++++++++----
.../nifi/processors/aws/v2/AbstractAwsSyncProcessor.java | 6 +++---
.../nifi/processors/aws/v2/AwsHttpClientConfigurer.java | 4 ++--
.../nifi/aws/schemaregistry/AmazonGlueSchemaRegistry.java | 14 +++++++++-----
5 files changed, 28 insertions(+), 17 deletions(-)
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsAsyncProcessor.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsAsyncProcessor.java
index 659b2a674b..3ad78cb3cf 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsAsyncProcessor.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsAsyncProcessor.java
@@ -22,11 +22,11 @@ import
software.amazon.awssdk.awscore.client.builder.AwsAsyncClientBuilder;
import software.amazon.awssdk.awscore.client.builder.AwsClientBuilder;
import software.amazon.awssdk.core.SdkClient;
import software.amazon.awssdk.http.TlsKeyManagersProvider;
+import software.amazon.awssdk.http.TlsTrustManagersProvider;
import software.amazon.awssdk.http.async.SdkAsyncHttpClient;
import software.amazon.awssdk.http.nio.netty.NettyNioAsyncHttpClient;
import software.amazon.awssdk.regions.Region;
-import javax.net.ssl.TrustManager;
import java.time.Duration;
/**
@@ -78,8 +78,8 @@ public abstract class AbstractAwsAsyncProcessor<
}
@Override
- public void configureTls(final TrustManager[] trustManagers, final
TlsKeyManagersProvider keyManagersProvider) {
- builder.tlsTrustManagersProvider(() -> trustManagers);
+ public void configureTls(final TlsTrustManagersProvider
trustManagersProvider, final TlsKeyManagersProvider keyManagersProvider) {
+ builder.tlsTrustManagersProvider(trustManagersProvider);
builder.tlsKeyManagersProvider(keyManagersProvider);
}
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsProcessor.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsProcessor.java
index 1288a988fb..e6c9393fae 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsProcessor.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsProcessor.java
@@ -48,6 +48,7 @@ import
software.amazon.awssdk.core.client.config.SdkAdvancedClientOption;
import software.amazon.awssdk.core.retry.RetryPolicy;
import software.amazon.awssdk.http.FileStoreTlsKeyManagersProvider;
import software.amazon.awssdk.http.TlsKeyManagersProvider;
+import software.amazon.awssdk.http.TlsTrustManagersProvider;
import software.amazon.awssdk.regions.Region;
import javax.net.ssl.TrustManager;
@@ -290,10 +291,16 @@ public abstract class AbstractAwsProcessor<T extends
SdkClient> extends Abstract
if
(this.getSupportedPropertyDescriptors().contains(SSL_CONTEXT_SERVICE)) {
final SSLContextService sslContextService =
context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
- final TrustManager[] trustManagers = new TrustManager[]
{sslContextService.createTrustManager()};
- final TlsKeyManagersProvider keyManagersProvider =
FileStoreTlsKeyManagersProvider
- .create(Path.of(sslContextService.getKeyStoreFile()),
sslContextService.getKeyStoreType(), sslContextService.getKeyStorePassword());
- httpClientConfigurer.configureTls(trustManagers,
keyManagersProvider);
+ TlsTrustManagersProvider trustManagersProvider = null;
+ TlsKeyManagersProvider keyManagersProvider = null;
+ if (sslContextService.isTrustStoreConfigured()) {
+ trustManagersProvider = () -> new
TrustManager[]{sslContextService.createTrustManager()};
+ }
+ if (sslContextService.isKeyStoreConfigured()) {
+ keyManagersProvider = FileStoreTlsKeyManagersProvider
+
.create(Path.of(sslContextService.getKeyStoreFile()),
sslContextService.getKeyStoreType(), sslContextService.getKeyStorePassword());
+ }
+ httpClientConfigurer.configureTls(trustManagersProvider,
keyManagersProvider);
}
}
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsSyncProcessor.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsSyncProcessor.java
index 62df38dcaf..0298e671c8 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsSyncProcessor.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsSyncProcessor.java
@@ -23,10 +23,10 @@ import
software.amazon.awssdk.awscore.client.builder.AwsSyncClientBuilder;
import software.amazon.awssdk.core.SdkClient;
import software.amazon.awssdk.http.SdkHttpClient;
import software.amazon.awssdk.http.TlsKeyManagersProvider;
+import software.amazon.awssdk.http.TlsTrustManagersProvider;
import software.amazon.awssdk.http.apache.ApacheHttpClient;
import software.amazon.awssdk.regions.Region;
-import javax.net.ssl.TrustManager;
import java.net.URI;
import java.time.Duration;
@@ -83,8 +83,8 @@ public abstract class AbstractAwsSyncProcessor<
}
@Override
- public void configureTls(final TrustManager[] trustManagers, final
TlsKeyManagersProvider keyManagersProvider) {
- builder.tlsTrustManagersProvider(() -> trustManagers);
+ public void configureTls(final TlsTrustManagersProvider
trustManagersProvider, final TlsKeyManagersProvider keyManagersProvider) {
+ builder.tlsTrustManagersProvider(trustManagersProvider);
builder.tlsKeyManagersProvider(keyManagersProvider);
}
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AwsHttpClientConfigurer.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AwsHttpClientConfigurer.java
index f2bea15a3a..e594b68171 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AwsHttpClientConfigurer.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AwsHttpClientConfigurer.java
@@ -18,15 +18,15 @@ package org.apache.nifi.processors.aws.v2;
import org.apache.nifi.proxy.ProxyConfiguration;
import software.amazon.awssdk.http.TlsKeyManagersProvider;
+import software.amazon.awssdk.http.TlsTrustManagersProvider;
-import javax.net.ssl.TrustManager;
import java.time.Duration;
public interface AwsHttpClientConfigurer {
void configureBasicSettings(Duration communicationsTimeout, int
maxConcurrentTasks);
- void configureTls(TrustManager[] trustManagers, TlsKeyManagersProvider
keyManagersProvider);
+ void configureTls(TlsTrustManagersProvider trustManagersProvider,
TlsKeyManagersProvider keyManagersProvider);
void configureProxy(ProxyConfiguration proxyConfiguration);
}
diff --git
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-schema-registry-service/src/main/java/org/apache/nifi/aws/schemaregistry/AmazonGlueSchemaRegistry.java
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-schema-registry-service/src/main/java/org/apache/nifi/aws/schemaregistry/AmazonGlueSchemaRegistry.java
index 2769c24117..0114abb561 100644
---
a/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-schema-registry-service/src/main/java/org/apache/nifi/aws/schemaregistry/AmazonGlueSchemaRegistry.java
+++
b/nifi-extension-bundles/nifi-aws-bundle/nifi-aws-schema-registry-service/src/main/java/org/apache/nifi/aws/schemaregistry/AmazonGlueSchemaRegistry.java
@@ -221,11 +221,15 @@ public class AmazonGlueSchemaRegistry extends
AbstractControllerService implemen
if
(this.getSupportedPropertyDescriptors().contains(SSL_CONTEXT_SERVICE)) {
final SSLContextService sslContextService =
context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
- final TrustManager[] trustManagers = new
TrustManager[]{sslContextService.createTrustManager()};
- final TlsKeyManagersProvider keyManagersProvider =
FileStoreTlsKeyManagersProvider
-
.create(Paths.get(sslContextService.getKeyStoreFile()),
sslContextService.getKeyStoreType(), sslContextService.getKeyStorePassword());
- builder.tlsTrustManagersProvider(() -> trustManagers);
- builder.tlsKeyManagersProvider(keyManagersProvider);
+ if (sslContextService.isTrustStoreConfigured()) {
+ final TrustManager[] trustManagers = new
TrustManager[]{sslContextService.createTrustManager()};
+ builder.tlsTrustManagersProvider(() -> trustManagers);
+ }
+ if (sslContextService.isKeyStoreConfigured()) {
+ final TlsKeyManagersProvider keyManagersProvider =
FileStoreTlsKeyManagersProvider
+
.create(Paths.get(sslContextService.getKeyStoreFile()),
sslContextService.getKeyStoreType(), sslContextService.getKeyStorePassword());
+ builder.tlsKeyManagersProvider(keyManagersProvider);
+ }
}
}
final ProxyConfiguration proxyConfig =
ProxyConfiguration.getConfiguration(context, () -> {
