Github user JPercivall commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2004#discussion_r132318693
  
    --- Diff: 
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
 ---
    @@ -500,48 +512,88 @@ public void onPropertyModified(final 
PropertyDescriptor descriptor, final String
         }
     
         @OnScheduled
    -    public void setUpClient(final ProcessContext context) throws 
IOException {
    +    public void setUpClient(final ProcessContext context) throws 
IOException, UnrecoverableKeyException, CertificateException, 
NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
             okHttpClientAtomicReference.set(null);
     
    -        OkHttpClient okHttpClient = new OkHttpClient();
    +        OkHttpClient.Builder okHttpClientBuilder = new 
OkHttpClient().newBuilder();
     
             // Add a proxy if set
             final String proxyHost = 
context.getProperty(PROP_PROXY_HOST).getValue();
             final Integer proxyPort = 
context.getProperty(PROP_PROXY_PORT).asInteger();
             if (proxyHost != null && proxyPort != null) {
                 final Proxy proxy = new Proxy(Type.HTTP, new 
InetSocketAddress(proxyHost, proxyPort));
    -            okHttpClient.setProxy(proxy);
    +            okHttpClientBuilder.proxy(proxy);
             }
     
             // Set timeouts
    -        
okHttpClient.setConnectTimeout((context.getProperty(PROP_CONNECT_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue()),
 TimeUnit.MILLISECONDS);
    -        
okHttpClient.setReadTimeout(context.getProperty(PROP_READ_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue(),
 TimeUnit.MILLISECONDS);
    +        
okHttpClientBuilder.connectTimeout((context.getProperty(PROP_CONNECT_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue()),
 TimeUnit.MILLISECONDS);
    +        
okHttpClientBuilder.readTimeout(context.getProperty(PROP_READ_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue(),
 TimeUnit.MILLISECONDS);
     
             // Set whether to follow redirects
    -        
okHttpClient.setFollowRedirects(context.getProperty(PROP_FOLLOW_REDIRECTS).asBoolean());
    +        
okHttpClientBuilder.followRedirects(context.getProperty(PROP_FOLLOW_REDIRECTS).asBoolean());
     
             final SSLContextService sslService = 
context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
             final SSLContext sslContext = sslService == null ? null : 
sslService.createSSLContext(ClientAuth.NONE);
     
             // check if the ssl context is set and add the factory if so
             if (sslContext != null) {
    -            
okHttpClient.setSslSocketFactory(sslContext.getSocketFactory());
    +            setSslSocketFactory(okHttpClientBuilder, sslService, 
sslContext);
             }
     
             // check the trusted hostname property and override the 
HostnameVerifier
             String trustedHostname = 
trimToEmpty(context.getProperty(PROP_TRUSTED_HOSTNAME).getValue());
             if (!trustedHostname.isEmpty()) {
    -            okHttpClient.setHostnameVerifier(new 
OverrideHostnameVerifier(trustedHostname, okHttpClient.getHostnameVerifier()));
    +            okHttpClientBuilder.hostnameVerifier(new 
OverrideHostnameVerifier(trustedHostname, OkHostnameVerifier.INSTANCE));
             }
     
    -        setAuthenticator(okHttpClient, context);
    +        setAuthenticator(okHttpClientBuilder, context);
     
             useChunked = 
context.getProperty(PROP_USE_CHUNKED_ENCODING).asBoolean();
     
    -        okHttpClientAtomicReference.set(okHttpClient);
    +        okHttpClientAtomicReference.set(okHttpClientBuilder.build());
    +    }
    +
    +    private void setSslSocketFactory(OkHttpClient.Builder 
okHttpClientBuilder, SSLContextService sslService, SSLContext sslContext)
    +            throws IOException, KeyStoreException, CertificateException, 
NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
    +        final String keystoreLocation = sslService.getKeyStoreFile();
    +        final String keystorePass = sslService.getKeyStorePassword();
    +        final String keystoreType = sslService.getKeyStoreType();
    +
    +        // prepare the keystore
    +        final KeyStore keyStore = KeyStore.getInstance(keystoreType);
    +
    +        try (FileInputStream keyStoreStream = new 
FileInputStream(keystoreLocation)) {
    +            keyStore.load(keyStoreStream, keystorePass.toCharArray());
    +        }
    +
    +        final KeyManagerFactory keyManagerFactory = 
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    +        keyManagerFactory.init(keyStore, keystorePass.toCharArray());
    +
    +        // load truststore
    +        final String truststoreLocation = sslService.getTrustStoreFile();
    +        final String truststorePass = sslService.getTrustStorePassword();
    +        final String truststoreType = sslService.getTrustStoreType();
    +
    +        KeyStore truststore = KeyStore.getInstance(truststoreType);
    +        final TrustManagerFactory trustManagerFactory = 
TrustManagerFactory.getInstance("X509");
    +        truststore.load(new FileInputStream(truststoreLocation), 
truststorePass.toCharArray());
    +        trustManagerFactory.init(truststore);
    +
    +        final X509TrustManager x509TrustManager;
    +        TrustManager[] trustManagers = 
trustManagerFactory.getTrustManagers();
    +        if (trustManagers[0] != null) {
    --- End diff --
    
    Yeah, I admittedly did a poor job with that because I just pulled it from 
my work I did a little bit ago on MiNiFi-java which did the exact same thing. I 
can add some comments though.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to