exceptionfactory commented on a change in pull request #4737:
URL: https://github.com/apache/nifi/pull/4737#discussion_r552897685
##########
File path:
nifi-nar-bundles/nifi-standard-services/nifi-ssl-context-bundle/nifi-ssl-context-service/src/main/java/org/apache/nifi/ssl/StandardSSLContextService.java
##########
@@ -238,41 +238,55 @@ public TlsConfiguration createTlsConfiguration() {
}
/**
- * Returns a configured {@link SSLContext} from the populated
configuration values. This method is preferred
- * over the overloaded method which accepts the deprecated {@link
ClientAuth} enum.
+ * Create and initialize {@link SSLContext} using configured properties.
This method is preferred over deprecated
+ * methods due to not requiring a client authentication policy. Invokes
createTlsConfiguration() to prepare
+ * properties for processing.
+ *
+ * @return {@link SSLContext} initialized using configured properties
+ */
+ @Override
+ public SSLContext createContext() {
+ final TlsConfiguration tlsConfiguration = createTlsConfiguration();
+ if (!tlsConfiguration.isTruststorePopulated()) {
+ getLogger().warn("Trust Store properties not found: using platform
default Certificate Authorities");
+ }
+
+ try {
+ final TrustManager[] trustManagers =
SslContextFactory.getTrustManagers(tlsConfiguration);
+ return SslContextFactory.createSslContext(tlsConfiguration,
trustManagers);
+ } catch (final TlsException e) {
+ getLogger().error("Unable to create SSLContext: {}", new
String[]{e.getLocalizedMessage()});
+ throw new ProcessException("Unable to create SSLContext", e);
+ }
+ }
+
+ /**
+ * Returns a configured {@link SSLContext} from the populated
configuration values. This method is deprecated
+ * due to the Client Authentication policy not being applicable when
initializing the SSLContext
*
* @param clientAuth the desired level of client authentication
* @return the configured SSLContext
* @throws ProcessException if there is a problem configuring the context
*/
+ @Deprecated
@Override
public SSLContext createSSLContext(final
org.apache.nifi.security.util.ClientAuth clientAuth) throws ProcessException {
- try {
- final TlsConfiguration tlsConfiguration = createTlsConfiguration();
- if (!tlsConfiguration.isTruststorePopulated()) {
- getLogger().warn("Trust Store properties not found: using
platform default Certificate Authorities");
- }
- final TrustManager[] trustManagers =
SslContextFactory.getTrustManagers(tlsConfiguration);
- return SslContextFactory.createSslContext(tlsConfiguration,
trustManagers, clientAuth);
- } catch (TlsException e) {
- getLogger().error("Encountered an error creating the SSL context
from the SSL context service: {}", new String[]{e.getLocalizedMessage()});
- throw new ProcessException("Error creating SSL context", e);
- }
+ return createContext();
}
/**
* Returns a configured {@link SSLContext} from the populated
configuration values. This method is deprecated
Review comment:
Added
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
