This is an automated email from the ASF dual-hosted git repository.
exceptionfactory pushed a commit to branch support/nifi-1.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/support/nifi-1.x by this push:
new de7a8218a0 NIFI-13842 Fixed truststore/keystore setup in AWS v2
components (#9352)
de7a8218a0 is described below
commit de7a8218a00b74ad4e6b578f8e0b1e50c1515b0b
Author: Peter Turcsanyi <[email protected]>
AuthorDate: Thu Oct 10 15:11:35 2024 +0200
NIFI-13842 Fixed truststore/keystore setup in AWS v2 components (#9352)
Signed-off-by: David Handermann <[email protected]>
---
.../nifi/processors/aws/v2/AbstractAwsProcessor.java | 14 +++++++++-----
.../nifi/aws/schemaregistry/AmazonGlueSchemaRegistry.java | 14 +++++++++-----
2 files changed, 18 insertions(+), 10 deletions(-)
diff --git
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsProcessor.java
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsProcessor.java
index af11372aad..4e7e6637f3 100644
---
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsProcessor.java
+++
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-abstract-processors/src/main/java/org/apache/nifi/processors/aws/v2/AbstractAwsProcessor.java
@@ -396,11 +396,15 @@ public abstract class AbstractAwsProcessor<T extends
SdkClient, U extends AwsSyn
if
(this.getSupportedPropertyDescriptors().contains(SSL_CONTEXT_SERVICE)) {
final SSLContextService sslContextService =
context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
- final TrustManager[] trustManagers = new TrustManager[] {
sslContextService.createTrustManager() };
- final TlsKeyManagersProvider keyManagersProvider =
FileStoreTlsKeyManagersProvider
-
.create(Paths.get(sslContextService.getKeyStoreFile()),
sslContextService.getKeyStoreType(), sslContextService.getKeyStorePassword());
- builder.tlsTrustManagersProvider(() -> trustManagers);
- builder.tlsKeyManagersProvider(keyManagersProvider);
+ if (sslContextService.isTrustStoreConfigured()) {
+ final TrustManager[] trustManagers = new
TrustManager[]{sslContextService.createTrustManager()};
+ builder.tlsTrustManagersProvider(() -> trustManagers);
+ }
+ if (sslContextService.isKeyStoreConfigured()) {
+ final TlsKeyManagersProvider keyManagersProvider =
FileStoreTlsKeyManagersProvider
+
.create(Paths.get(sslContextService.getKeyStoreFile()),
sslContextService.getKeyStoreType(), sslContextService.getKeyStorePassword());
+ builder.tlsKeyManagersProvider(keyManagersProvider);
+ }
}
}
diff --git
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-schema-registry-service/src/main/java/org/apache/nifi/aws/schemaregistry/AmazonGlueSchemaRegistry.java
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-schema-registry-service/src/main/java/org/apache/nifi/aws/schemaregistry/AmazonGlueSchemaRegistry.java
index 0075b809c6..d54c36c5b8 100644
---
a/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-schema-registry-service/src/main/java/org/apache/nifi/aws/schemaregistry/AmazonGlueSchemaRegistry.java
+++
b/nifi-nar-bundles/nifi-aws-bundle/nifi-aws-schema-registry-service/src/main/java/org/apache/nifi/aws/schemaregistry/AmazonGlueSchemaRegistry.java
@@ -221,11 +221,15 @@ public class AmazonGlueSchemaRegistry extends
AbstractControllerService implemen
if
(this.getSupportedPropertyDescriptors().contains(SSL_CONTEXT_SERVICE)) {
final SSLContextService sslContextService =
context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService != null) {
- final TrustManager[] trustManagers = new
TrustManager[]{sslContextService.createTrustManager()};
- final TlsKeyManagersProvider keyManagersProvider =
FileStoreTlsKeyManagersProvider
-
.create(Paths.get(sslContextService.getKeyStoreFile()),
sslContextService.getKeyStoreType(), sslContextService.getKeyStorePassword());
- builder.tlsTrustManagersProvider(() -> trustManagers);
- builder.tlsKeyManagersProvider(keyManagersProvider);
+ if (sslContextService.isTrustStoreConfigured()) {
+ final TrustManager[] trustManagers = new
TrustManager[]{sslContextService.createTrustManager()};
+ builder.tlsTrustManagersProvider(() -> trustManagers);
+ }
+ if (sslContextService.isKeyStoreConfigured()) {
+ final TlsKeyManagersProvider keyManagersProvider =
FileStoreTlsKeyManagersProvider
+
.create(Paths.get(sslContextService.getKeyStoreFile()),
sslContextService.getKeyStoreType(), sslContextService.getKeyStorePassword());
+ builder.tlsKeyManagersProvider(keyManagersProvider);
+ }
}
}
final ProxyConfiguration proxyConfig =
ProxyConfiguration.getConfiguration(context, () -> {
