pgyori commented on a change in pull request #4603:
URL: https://github.com/apache/nifi/pull/4603#discussion_r507819038
##########
File path:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenHTTP.java
##########
@@ -351,6 +372,60 @@ synchronized private void
createHttpServerFromService(final ProcessContext conte
initialized.set(true);
}
+ private ServerConnector createServerConnector(Server server, int port,
SSLContextService sslContextService, boolean sslRequired, boolean
needClientAuth) {
+ final SslContextFactory contextFactory =
createSslContextFactory(sslContextService, sslRequired, needClientAuth);
+ return createServerConnector(server, port, contextFactory,
sslRequired);
+ }
+
+ private ServerConnector createServerConnector(Server server, int port,
SslContextFactory contextFactory, boolean sslRequired) {
+ final ServerConnector connector;
+ final HttpConfiguration httpConfiguration = new HttpConfiguration();
+ if (!sslRequired) {
+ // create the connector
+ connector = new ServerConnector(server, new
HttpConnectionFactory(httpConfiguration));
+ } else {
+ // configure the ssl connector
+ httpConfiguration.setSecureScheme("https");
+ httpConfiguration.setSecurePort(port);
+ httpConfiguration.addCustomizer(new SecureRequestCustomizer());
+
+ // build the connector
+
+ connector = new ServerConnector(server, new
SslConnectionFactory(contextFactory, "http/1.1"), new
HttpConnectionFactory(httpConfiguration));
+ }
+
+ // configure the port
+ connector.setPort(port);
+ return connector;
+ }
+
+ private SslContextFactory createSslContextFactory(SSLContextService
sslContextService, boolean sslRequired, boolean needClientAuth) {
+ final SslContextFactory contextFactory = new
SslContextFactory.Server();
+ contextFactory.setNeedClientAuth(needClientAuth);
+
+ if (needClientAuth) {
+
contextFactory.setTrustStorePath(sslContextService.getTrustStoreFile());
+
contextFactory.setTrustStoreType(sslContextService.getTrustStoreType());
+
contextFactory.setTrustStorePassword(sslContextService.getTrustStorePassword());
+ }
+
+ if (sslRequired) {
+ final String keystorePassword =
sslContextService.getKeyStorePassword();
+ final String keyStoreType = sslContextService.getKeyStoreType();
+ final String keyStorePath = sslContextService.getKeyStoreFile();
+
+ contextFactory.setKeyStorePath(keyStorePath);
+ contextFactory.setKeyManagerPassword(keystorePassword);
Review comment:
I believe that might break existing setups. If it does need to be
modified, it is reasonable to open a separate Jira ticket for this modification
so that it is not "shipped" as a side-effect of an enhancement.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
