Package org.apache.nifi.security.util

Class SslContextFactory

java.lang.Object
org.apache.nifi.security.util.SslContextFactory
public final class SslContextFactory extends Object
A factory for creating SSL contexts using the application's security properties. By requiring callers to bundle the properties in a TlsConfiguration container object, much better validation and property matching can occur. The public methods are designed for easy use, while the protected methods provide more granular (but less common) access to intermediate objects if required.

  • Field Details

    • logger

      private static final org.slf4j.Logger logger

  • Constructor Details

    • SslContextFactory

      public SslContextFactory()

  • Method Details

    • createSslContext

      public static SSLContext createSslContext(TlsConfiguration tlsConfiguration) throws TlsException
      Create and initialize a SSLContext from the provided TLS configuration.
      Parameters:
      tlsConfiguration - the TLS configuration container object
      Returns:
      SSLContext initialized from TLS Configuration or null when TLS Configuration is empty
      Throws:
      TlsException - if there is a problem configuring the SSLContext

    • createSslContext

      public static SSLContext createSslContext(TlsConfiguration tlsConfiguration, TrustManager[] trustManagers) throws TlsException
      Create and initialize a SSLContext from the provided TLS configuration and Trust Managers.
      Parameters:
      tlsConfiguration - the TLS configuration container object
      trustManagers - Trust Managers can be null to use platform default Trust Managers
      Returns:
      SSLContext initialized from TLS Configuration or null when TLS Configuration is empty
      Throws:
      TlsException - if there is a problem configuring the SSLContext

    • getX509TrustManager

      public static X509TrustManager getX509TrustManager(TlsConfiguration tlsConfiguration) throws TlsException
      Returns a configured X509TrustManager for the provided configuration. Useful for constructing HTTP clients which require their own trust management rather than an SSLContext. Filters and removes any trust managers that are not X509TrustManager implementations, and returns the first X.509 trust manager.
      Parameters:
      tlsConfiguration - the TLS configuration container object
      Returns:
      an X.509 TrustManager (can be null)
      Throws:
      TlsException - if there is a problem reading the truststore to create the trust managers

    • createSSLSocketFactory

      public static SSLSocketFactory createSSLSocketFactory(TlsConfiguration tlsConfiguration) throws TlsException
      Convenience method to return the SSLSocketFactory from the created SSLContext
      Parameters:
      tlsConfiguration - the TLS configuration container object
      Returns:
      the configured SSLSocketFactory (can be null)
      Throws:
      TlsException - if there is a problem creating the SSLContext or SSLSocketFactory

    • getKeyManagers

      protected static KeyManager[] getKeyManagers(TlsConfiguration tlsConfiguration) throws TlsException
      Returns an array of KeyManagers for the provided configuration. Useful for constructing HTTP clients which require their own key management rather than an SSLContext. The result can be null or empty. If an empty configuration is provided, null is returned. However, if a partially-populated but invalid configuration is provided, a TlsException is thrown.
      Parameters:
      tlsConfiguration - the TLS configuration container object with keystore properties
      Returns:
      an array of KeyManagers (can be null)
      Throws:
      TlsException - if there is a problem reading the keystore to create the key managers

    • getTrustManagers

      public static TrustManager[] getTrustManagers(TlsConfiguration tlsConfiguration) throws TlsException
      Returns an array of TrustManager implementations based on the provided truststore configurations. The result can be null or empty. If an empty configuration is provided, null is returned. However, if a partially-populated but invalid configuration is provided, a TlsException is thrown.

      Most callers do not need the full array and can use getX509TrustManager(TlsConfiguration) directly.

      Parameters:
      tlsConfiguration - the TLS configuration container object with truststore properties
      Returns:
      the loaded trust managers
      Throws:
      TlsException - if there is a problem reading from the truststore

    • initializeSSLContext

      private static SSLContext initializeSSLContext(TlsConfiguration tlsConfiguration, KeyManager[] keyManagers, TrustManager[] trustManagers) throws TlsException
      Throws:
      TlsException