Github user trkurc commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2004#discussion_r127367937
--- Diff:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
---
@@ -500,48 +512,88 @@ public void onPropertyModified(final
PropertyDescriptor descriptor, final String
}
@OnScheduled
- public void setUpClient(final ProcessContext context) throws
IOException {
+ public void setUpClient(final ProcessContext context) throws
IOException, UnrecoverableKeyException, CertificateException,
NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
okHttpClientAtomicReference.set(null);
- OkHttpClient okHttpClient = new OkHttpClient();
+ OkHttpClient.Builder okHttpClientBuilder = new
OkHttpClient().newBuilder();
// Add a proxy if set
final String proxyHost =
context.getProperty(PROP_PROXY_HOST).getValue();
final Integer proxyPort =
context.getProperty(PROP_PROXY_PORT).asInteger();
if (proxyHost != null && proxyPort != null) {
final Proxy proxy = new Proxy(Type.HTTP, new
InetSocketAddress(proxyHost, proxyPort));
- okHttpClient.setProxy(proxy);
+ okHttpClientBuilder.proxy(proxy);
}
// Set timeouts
-
okHttpClient.setConnectTimeout((context.getProperty(PROP_CONNECT_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue()),
TimeUnit.MILLISECONDS);
-
okHttpClient.setReadTimeout(context.getProperty(PROP_READ_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue(),
TimeUnit.MILLISECONDS);
+
okHttpClientBuilder.connectTimeout((context.getProperty(PROP_CONNECT_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue()),
TimeUnit.MILLISECONDS);
+
okHttpClientBuilder.readTimeout(context.getProperty(PROP_READ_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue(),
TimeUnit.MILLISECONDS);
// Set whether to follow redirects
-
okHttpClient.setFollowRedirects(context.getProperty(PROP_FOLLOW_REDIRECTS).asBoolean());
+
okHttpClientBuilder.followRedirects(context.getProperty(PROP_FOLLOW_REDIRECTS).asBoolean());
final SSLContextService sslService =
context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
final SSLContext sslContext = sslService == null ? null :
sslService.createSSLContext(ClientAuth.NONE);
// check if the ssl context is set and add the factory if so
if (sslContext != null) {
-
okHttpClient.setSslSocketFactory(sslContext.getSocketFactory());
+ setSslSocketFactory(okHttpClientBuilder, sslService,
sslContext);
}
// check the trusted hostname property and override the
HostnameVerifier
String trustedHostname =
trimToEmpty(context.getProperty(PROP_TRUSTED_HOSTNAME).getValue());
if (!trustedHostname.isEmpty()) {
- okHttpClient.setHostnameVerifier(new
OverrideHostnameVerifier(trustedHostname, okHttpClient.getHostnameVerifier()));
+ okHttpClientBuilder.hostnameVerifier(new
OverrideHostnameVerifier(trustedHostname, OkHostnameVerifier.INSTANCE));
}
- setAuthenticator(okHttpClient, context);
+ setAuthenticator(okHttpClientBuilder, context);
useChunked =
context.getProperty(PROP_USE_CHUNKED_ENCODING).asBoolean();
- okHttpClientAtomicReference.set(okHttpClient);
+ okHttpClientAtomicReference.set(okHttpClientBuilder.build());
+ }
+
+ private void setSslSocketFactory(OkHttpClient.Builder
okHttpClientBuilder, SSLContextService sslService, SSLContext sslContext)
+ throws IOException, KeyStoreException, CertificateException,
NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
+ final String keystoreLocation = sslService.getKeyStoreFile();
+ final String keystorePass = sslService.getKeyStorePassword();
+ final String keystoreType = sslService.getKeyStoreType();
+
+ // prepare the keystore
+ final KeyStore keyStore = KeyStore.getInstance(keystoreType);
+
+ try (FileInputStream keyStoreStream = new
FileInputStream(keystoreLocation)) {
+ keyStore.load(keyStoreStream, keystorePass.toCharArray());
+ }
+
+ final KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ keyManagerFactory.init(keyStore, keystorePass.toCharArray());
+
+ // load truststore
+ final String truststoreLocation = sslService.getTrustStoreFile();
+ final String truststorePass = sslService.getTrustStorePassword();
+ final String truststoreType = sslService.getTrustStoreType();
+
+ KeyStore truststore = KeyStore.getInstance(truststoreType);
+ final TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance("X509");
+ truststore.load(new FileInputStream(truststoreLocation),
truststorePass.toCharArray());
+ trustManagerFactory.init(truststore);
+
+ final X509TrustManager x509TrustManager;
+ TrustManager[] trustManagers =
trustManagerFactory.getTrustManagers();
+ if (trustManagers[0] != null) {
--- End diff --
when reading this code, I thought to myself "what if trustManagers is null?
what if the one you want isn't the 0th item in the list", and had to do some
digging to convince myself that those are very unlikely scenarios - comments
here would _greatly_ help maintainability.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
