Github user JPercivall commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2004#discussion_r132318693
--- Diff:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/InvokeHTTP.java
---
@@ -500,48 +512,88 @@ public void onPropertyModified(final
PropertyDescriptor descriptor, final String
}
@OnScheduled
- public void setUpClient(final ProcessContext context) throws
IOException {
+ public void setUpClient(final ProcessContext context) throws
IOException, UnrecoverableKeyException, CertificateException,
NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
okHttpClientAtomicReference.set(null);
- OkHttpClient okHttpClient = new OkHttpClient();
+ OkHttpClient.Builder okHttpClientBuilder = new
OkHttpClient().newBuilder();
// Add a proxy if set
final String proxyHost =
context.getProperty(PROP_PROXY_HOST).getValue();
final Integer proxyPort =
context.getProperty(PROP_PROXY_PORT).asInteger();
if (proxyHost != null && proxyPort != null) {
final Proxy proxy = new Proxy(Type.HTTP, new
InetSocketAddress(proxyHost, proxyPort));
- okHttpClient.setProxy(proxy);
+ okHttpClientBuilder.proxy(proxy);
}
// Set timeouts
-
okHttpClient.setConnectTimeout((context.getProperty(PROP_CONNECT_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue()),
TimeUnit.MILLISECONDS);
-
okHttpClient.setReadTimeout(context.getProperty(PROP_READ_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue(),
TimeUnit.MILLISECONDS);
+
okHttpClientBuilder.connectTimeout((context.getProperty(PROP_CONNECT_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue()),
TimeUnit.MILLISECONDS);
+
okHttpClientBuilder.readTimeout(context.getProperty(PROP_READ_TIMEOUT).asTimePeriod(TimeUnit.MILLISECONDS).intValue(),
TimeUnit.MILLISECONDS);
// Set whether to follow redirects
-
okHttpClient.setFollowRedirects(context.getProperty(PROP_FOLLOW_REDIRECTS).asBoolean());
+
okHttpClientBuilder.followRedirects(context.getProperty(PROP_FOLLOW_REDIRECTS).asBoolean());
final SSLContextService sslService =
context.getProperty(PROP_SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
final SSLContext sslContext = sslService == null ? null :
sslService.createSSLContext(ClientAuth.NONE);
// check if the ssl context is set and add the factory if so
if (sslContext != null) {
-
okHttpClient.setSslSocketFactory(sslContext.getSocketFactory());
+ setSslSocketFactory(okHttpClientBuilder, sslService,
sslContext);
}
// check the trusted hostname property and override the
HostnameVerifier
String trustedHostname =
trimToEmpty(context.getProperty(PROP_TRUSTED_HOSTNAME).getValue());
if (!trustedHostname.isEmpty()) {
- okHttpClient.setHostnameVerifier(new
OverrideHostnameVerifier(trustedHostname, okHttpClient.getHostnameVerifier()));
+ okHttpClientBuilder.hostnameVerifier(new
OverrideHostnameVerifier(trustedHostname, OkHostnameVerifier.INSTANCE));
}
- setAuthenticator(okHttpClient, context);
+ setAuthenticator(okHttpClientBuilder, context);
useChunked =
context.getProperty(PROP_USE_CHUNKED_ENCODING).asBoolean();
- okHttpClientAtomicReference.set(okHttpClient);
+ okHttpClientAtomicReference.set(okHttpClientBuilder.build());
+ }
+
+ private void setSslSocketFactory(OkHttpClient.Builder
okHttpClientBuilder, SSLContextService sslService, SSLContext sslContext)
+ throws IOException, KeyStoreException, CertificateException,
NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
+ final String keystoreLocation = sslService.getKeyStoreFile();
+ final String keystorePass = sslService.getKeyStorePassword();
+ final String keystoreType = sslService.getKeyStoreType();
+
+ // prepare the keystore
+ final KeyStore keyStore = KeyStore.getInstance(keystoreType);
+
+ try (FileInputStream keyStoreStream = new
FileInputStream(keystoreLocation)) {
+ keyStore.load(keyStoreStream, keystorePass.toCharArray());
+ }
+
+ final KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ keyManagerFactory.init(keyStore, keystorePass.toCharArray());
+
+ // load truststore
+ final String truststoreLocation = sslService.getTrustStoreFile();
+ final String truststorePass = sslService.getTrustStorePassword();
+ final String truststoreType = sslService.getTrustStoreType();
+
+ KeyStore truststore = KeyStore.getInstance(truststoreType);
+ final TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance("X509");
+ truststore.load(new FileInputStream(truststoreLocation),
truststorePass.toCharArray());
+ trustManagerFactory.init(truststore);
+
+ final X509TrustManager x509TrustManager;
+ TrustManager[] trustManagers =
trustManagerFactory.getTrustManagers();
+ if (trustManagers[0] != null) {
--- End diff --
Yeah, I admittedly did a poor job with that because I just pulled it from
my work I did a little bit ago on MiNiFi-java which did the exact same thing. I
can add some comments though.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
