This is an automated email from the ASF dual-hosted git repository.
pvillard pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 18cc662b5a NIFI-14490 Deprecated OCSP Certificate Validation for
Removal
18cc662b5a is described below
commit 18cc662b5af718dce7d207ba38dd1dc2206ec0c3
Author: exceptionfactory <[email protected]>
AuthorDate: Tue Apr 22 09:09:24 2025 -0500
NIFI-14490 Deprecated OCSP Certificate Validation for Removal
Signed-off-by: Pierre Villard <[email protected]>
This closes #9890.
---
.../nifi-framework/nifi-web/nifi-web-security/pom.xml | 5 +++++
.../nifi/web/security/x509/ocsp/OcspCertificateValidator.java | 6 ++++++
2 files changed, 11 insertions(+)
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml
index 46a382c384..673710ec10 100644
--- a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml
+++ b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/pom.xml
@@ -77,6 +77,11 @@
</plugins>
</build>
<dependencies>
+ <dependency>
+ <groupId>org.apache.nifi</groupId>
+ <artifactId>nifi-deprecation-log</artifactId>
+ <version>2.4.0-SNAPSHOT</version>
+ </dependency>
<dependency>
<groupId>org.apache.nifi.registry</groupId>
<artifactId>nifi-registry-security-utils</artifactId>
diff --git
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
index 5ede7451b9..7d9979c8d6 100644
---
a/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
+++
b/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
@@ -41,6 +41,8 @@ import jakarta.ws.rs.core.Response;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.benmanes.caffeine.cache.LoadingCache;
import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.deprecation.log.DeprecationLogger;
+import org.apache.nifi.deprecation.log.DeprecationLoggerFactory;
import org.apache.nifi.util.FormatUtils;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.security.x509.ocsp.OcspStatus.ValidationStatus;
@@ -75,6 +77,8 @@ public class OcspCertificateValidator {
private static final Logger logger =
LoggerFactory.getLogger(OcspCertificateValidator.class);
+ private static final DeprecationLogger deprecationLogger =
DeprecationLoggerFactory.getLogger(OcspCertificateValidator.class);
+
private static final String OCSP_REQUEST_CONTENT_TYPE =
"application/ocsp-request";
private static final int CONNECT_TIMEOUT = 10000;
@@ -92,6 +96,8 @@ public class OcspCertificateValidator {
// set properties when appropriate
if (StringUtils.isNotBlank(rawValidationAuthorityUrl)) {
+ deprecationLogger.warn("OCSP Certificate Validation with Responder
URL [{}] is deprecated for removal",
NiFiProperties.SECURITY_OCSP_RESPONDER_URL);
+
try {
// attempt to parse the specified va url
validationAuthorityURI = URI.create(rawValidationAuthorityUrl);
