Search in sources :

Example 1 with ClientAuth

use of org.apache.nifi.registry.security.util.SslContextFactory.ClientAuth in project nifi-registry by apache.

the class LdapIdentityProvider method getConfiguredSslContext.

private SSLContext getConfiguredSslContext(final IdentityProviderConfigurationContext configurationContext) {
    final String rawKeystore = configurationContext.getProperty("TLS - Keystore");
    final String rawKeystorePassword = configurationContext.getProperty("TLS - Keystore Password");
    final String rawKeystoreType = configurationContext.getProperty("TLS - Keystore Type");
    final String rawTruststore = configurationContext.getProperty("TLS - Truststore");
    final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password");
    final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type");
    final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth");
    final String rawProtocol = configurationContext.getProperty("TLS - Protocol");
    // create the ssl context
    final SSLContext sslContext;
    try {
        if (StringUtils.isBlank(rawKeystore) && StringUtils.isBlank(rawTruststore)) {
            sslContext = null;
        } else {
            // ensure the protocol is specified
            if (StringUtils.isBlank(rawProtocol)) {
                throw new SecurityProviderCreationException("TLS - Protocol must be specified.");
            }
            if (StringUtils.isBlank(rawKeystore)) {
                sslContext = SslContextFactory.createTrustSslContext(rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, rawProtocol);
            } else if (StringUtils.isBlank(rawTruststore)) {
                sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, rawProtocol);
            } else {
                // determine the client auth if specified
                final ClientAuth clientAuth;
                if (StringUtils.isBlank(rawClientAuth)) {
                    clientAuth = ClientAuth.NONE;
                } else {
                    try {
                        clientAuth = ClientAuth.valueOf(rawClientAuth);
                    } catch (final IllegalArgumentException iae) {
                        throw new SecurityProviderCreationException(String.format("Unrecognized client auth '%s'. Possible values are [%s]", rawClientAuth, StringUtils.join(ClientAuth.values(), ", ")));
                    }
                }
                sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, clientAuth, rawProtocol);
            }
        }
    } catch (final KeyStoreException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException | KeyManagementException | IOException e) {
        throw new SecurityProviderCreationException(e.getMessage(), e);
    }
    return sslContext;
}
Also used : SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) CertificateException(java.security.cert.CertificateException) SSLContext(javax.net.ssl.SSLContext) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) ClientAuth(org.apache.nifi.registry.security.util.SslContextFactory.ClientAuth) KeyManagementException(java.security.KeyManagementException)

Example 2 with ClientAuth

use of org.apache.nifi.registry.security.util.SslContextFactory.ClientAuth in project nifi-registry by apache.

the class LdapUserGroupProvider method getConfiguredSslContext.

private SSLContext getConfiguredSslContext(final AuthorizerConfigurationContext configurationContext) {
    final String rawKeystore = configurationContext.getProperty("TLS - Keystore").getValue();
    final String rawKeystorePassword = configurationContext.getProperty("TLS - Keystore Password").getValue();
    final String rawKeystoreType = configurationContext.getProperty("TLS - Keystore Type").getValue();
    final String rawTruststore = configurationContext.getProperty("TLS - Truststore").getValue();
    final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password").getValue();
    final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type").getValue();
    final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth").getValue();
    final String rawProtocol = configurationContext.getProperty("TLS - Protocol").getValue();
    // create the ssl context
    final SSLContext sslContext;
    try {
        if (StringUtils.isBlank(rawKeystore) && StringUtils.isBlank(rawTruststore)) {
            sslContext = null;
        } else {
            // ensure the protocol is specified
            if (StringUtils.isBlank(rawProtocol)) {
                throw new SecurityProviderCreationException("TLS - Protocol must be specified.");
            }
            if (StringUtils.isBlank(rawKeystore)) {
                sslContext = SslContextFactory.createTrustSslContext(rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, rawProtocol);
            } else if (StringUtils.isBlank(rawTruststore)) {
                sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, rawProtocol);
            } else {
                // determine the client auth if specified
                final ClientAuth clientAuth;
                if (StringUtils.isBlank(rawClientAuth)) {
                    clientAuth = ClientAuth.NONE;
                } else {
                    try {
                        clientAuth = ClientAuth.valueOf(rawClientAuth);
                    } catch (final IllegalArgumentException iae) {
                        throw new SecurityProviderCreationException(String.format("Unrecognized client auth '%s'. Possible values are [%s]", rawClientAuth, StringUtils.join(ClientAuth.values(), ", ")));
                    }
                }
                sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, clientAuth, rawProtocol);
            }
        }
    } catch (final KeyStoreException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException | KeyManagementException | IOException e) {
        throw new SecurityProviderCreationException(e.getMessage(), e);
    }
    return sslContext;
}
Also used : SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) CertificateException(java.security.cert.CertificateException) SSLContext(javax.net.ssl.SSLContext) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) ClientAuth(org.apache.nifi.registry.security.util.SslContextFactory.ClientAuth) KeyManagementException(java.security.KeyManagementException)

Aggregations

IOException (java.io.IOException)2 KeyManagementException (java.security.KeyManagementException)2 KeyStoreException (java.security.KeyStoreException)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 UnrecoverableKeyException (java.security.UnrecoverableKeyException)2 CertificateException (java.security.cert.CertificateException)2 SSLContext (javax.net.ssl.SSLContext)2 SecurityProviderCreationException (org.apache.nifi.registry.security.exception.SecurityProviderCreationException)2 ClientAuth (org.apache.nifi.registry.security.util.SslContextFactory.ClientAuth)2