Package org.apache.nifi.security.util
Class SslContextFactory
java.lang.Object
org.apache.nifi.security.util.SslContextFactory
A factory for creating SSL contexts using the application's security properties. By requiring callers to bundle
the properties in a
TlsConfiguration
container object, much better validation and property matching can
occur. The public
methods are designed for easy use, while the protected
methods provide more
granular (but less common) access to intermediate objects if required.-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic SSLContext
createSslContext
(TlsConfiguration tlsConfiguration) Create and initialize aSSLContext
from the provided TLS configuration.static SSLContext
createSslContext
(TlsConfiguration tlsConfiguration, TrustManager[] trustManagers) Create and initialize aSSLContext
from the provided TLS configuration and Trust Managers.static SSLSocketFactory
createSSLSocketFactory
(TlsConfiguration tlsConfiguration) Convenience method to return theSSLSocketFactory
from the createdSSLContext
protected static KeyManager[]
getKeyManagers
(TlsConfiguration tlsConfiguration) Returns an array ofKeyManager
s for the provided configuration.static TrustManager[]
getTrustManagers
(TlsConfiguration tlsConfiguration) Returns an array ofTrustManager
implementations based on the provided truststore configurations.static X509TrustManager
getX509TrustManager
(TlsConfiguration tlsConfiguration) Returns a configuredX509TrustManager
for the provided configuration.private static SSLContext
initializeSSLContext
(TlsConfiguration tlsConfiguration, KeyManager[] keyManagers, TrustManager[] trustManagers)
-
Field Details
-
logger
private static final org.slf4j.Logger logger
-
-
Constructor Details
-
SslContextFactory
public SslContextFactory()
-
-
Method Details
-
createSslContext
Create and initialize aSSLContext
from the provided TLS configuration.- Parameters:
tlsConfiguration
- the TLS configuration container object- Returns:
SSLContext
initialized from TLS Configuration or null when TLS Configuration is empty- Throws:
TlsException
- if there is a problem configuring the SSLContext
-
createSslContext
public static SSLContext createSslContext(TlsConfiguration tlsConfiguration, TrustManager[] trustManagers) throws TlsException Create and initialize aSSLContext
from the provided TLS configuration and Trust Managers.- Parameters:
tlsConfiguration
- the TLS configuration container objecttrustManagers
- Trust Managers can be null to use platform default Trust Managers- Returns:
SSLContext
initialized from TLS Configuration or null when TLS Configuration is empty- Throws:
TlsException
- if there is a problem configuring the SSLContext
-
getX509TrustManager
public static X509TrustManager getX509TrustManager(TlsConfiguration tlsConfiguration) throws TlsException Returns a configuredX509TrustManager
for the provided configuration. Useful for constructing HTTP clients which require their own trust management rather than anSSLContext
. Filters and removes any trust managers that are notX509TrustManager
implementations, and returns the first X.509 trust manager.- Parameters:
tlsConfiguration
- the TLS configuration container object- Returns:
- an X.509 TrustManager (can be
null
) - Throws:
TlsException
- if there is a problem reading the truststore to create the trust managers
-
createSSLSocketFactory
public static SSLSocketFactory createSSLSocketFactory(TlsConfiguration tlsConfiguration) throws TlsException Convenience method to return theSSLSocketFactory
from the createdSSLContext
- Parameters:
tlsConfiguration
- the TLS configuration container object- Returns:
- the configured SSLSocketFactory (can be
null
) - Throws:
TlsException
- if there is a problem creating the SSLContext or SSLSocketFactory
-
getKeyManagers
Returns an array ofKeyManager
s for the provided configuration. Useful for constructing HTTP clients which require their own key management rather than anSSLContext
. The result can benull
or empty. If an empty configuration is provided,null
is returned. However, if a partially-populated but invalid configuration is provided, aTlsException
is thrown.- Parameters:
tlsConfiguration
- the TLS configuration container object with keystore properties- Returns:
- an array of KeyManagers (can be
null
) - Throws:
TlsException
- if there is a problem reading the keystore to create the key managers
-
getTrustManagers
public static TrustManager[] getTrustManagers(TlsConfiguration tlsConfiguration) throws TlsException Returns an array ofTrustManager
implementations based on the provided truststore configurations. The result can benull
or empty. If an empty configuration is provided,null
is returned. However, if a partially-populated but invalid configuration is provided, aTlsException
is thrown.Most callers do not need the full array and can use
getX509TrustManager(TlsConfiguration)
directly.- Parameters:
tlsConfiguration
- the TLS configuration container object with truststore properties- Returns:
- the loaded trust managers
- Throws:
TlsException
- if there is a problem reading from the truststore
-
initializeSSLContext
private static SSLContext initializeSSLContext(TlsConfiguration tlsConfiguration, KeyManager[] keyManagers, TrustManager[] trustManagers) throws TlsException - Throws:
TlsException
-