[jira] [Commented] (NIFI-9897) Refactor GRPC SSL Configuration

Thu, 14 Apr 2022 09:48:05 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-9897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17522420#comment-17522420
 ] 

ASF subversion and git services commented on NIFI-9897:
-------------------------------------------------------

Commit 509a445ee5ec5c25dc71dca3d35ee4ff91b24414 in nifi's branch 
refs/heads/support/nifi-1.16 from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=509a445ee5 ]

NIFI-9897 This closes #5949. Refactored GRPC SSL Configuration

- Added SslContextProvider abstracting Netty SslContext configuration
- Removed runtime dependency on nifi-security-utils from nifi-grpc-processors
- Added TestListenGRPC with methods verifying socket connection and protocol 
negotiation

Signed-off-by: Joe Witt <[email protected]>


> Refactor GRPC SSL Configuration
> -------------------------------
>
>                 Key: NIFI-9897
>                 URL: https://issues.apache.org/jira/browse/NIFI-9897
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Minor
>             Fix For: 1.17.0, 1.16.1
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> The {{InvokeGRPC}} and {{ListenGRPC}} Processors leverage Netty for socket 
> protocol communication, and Netty requires its own 
> [SslContext|https://netty.io/4.1/api/io/netty/handler/ssl/SslContext.html] 
> configuration to support TLS communication.
> The current component implementations require {{nifi-security-utils}}, which 
> includes a dependency on the Bouncy Castle library. Refactoring the 
> Processors to use the Netty 
> [JdkSslContext|https://netty.io/4.1/api/io/netty/handler/ssl/JdkSslContext.html]
>  will enable direct usage of the Java 
> [SSLContext|https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLContext.html]
>  available through the NiFi {{SSLContextService.createContext()}} method. 
> This approach would provide better encapsulation of {{SslContext}} 
> configuration and remove the unnecessary dependency on the Bouncy Castle 
> library in {{nifi-grpc-nar}}.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to