use of org.apache.nifi.registry.security.util.SslContextFactory.ClientAuth in project nifi-registry by apache.
the class LdapIdentityProvider method getConfiguredSslContext.
private SSLContext getConfiguredSslContext(final IdentityProviderConfigurationContext configurationContext) {
final String rawKeystore = configurationContext.getProperty("TLS - Keystore");
final String rawKeystorePassword = configurationContext.getProperty("TLS - Keystore Password");
final String rawKeystoreType = configurationContext.getProperty("TLS - Keystore Type");
final String rawTruststore = configurationContext.getProperty("TLS - Truststore");
final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password");
final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type");
final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth");
final String rawProtocol = configurationContext.getProperty("TLS - Protocol");
// create the ssl context
final SSLContext sslContext;
try {
if (StringUtils.isBlank(rawKeystore) && StringUtils.isBlank(rawTruststore)) {
sslContext = null;
} else {
// ensure the protocol is specified
if (StringUtils.isBlank(rawProtocol)) {
throw new SecurityProviderCreationException("TLS - Protocol must be specified.");
}
if (StringUtils.isBlank(rawKeystore)) {
sslContext = SslContextFactory.createTrustSslContext(rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, rawProtocol);
} else if (StringUtils.isBlank(rawTruststore)) {
sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, rawProtocol);
} else {
// determine the client auth if specified
final ClientAuth clientAuth;
if (StringUtils.isBlank(rawClientAuth)) {
clientAuth = ClientAuth.NONE;
} else {
try {
clientAuth = ClientAuth.valueOf(rawClientAuth);
} catch (final IllegalArgumentException iae) {
throw new SecurityProviderCreationException(String.format("Unrecognized client auth '%s'. Possible values are [%s]", rawClientAuth, StringUtils.join(ClientAuth.values(), ", ")));
}
}
sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, clientAuth, rawProtocol);
}
}
} catch (final KeyStoreException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException | KeyManagementException | IOException e) {
throw new SecurityProviderCreationException(e.getMessage(), e);
}
return sslContext;
}
use of org.apache.nifi.registry.security.util.SslContextFactory.ClientAuth in project nifi-registry by apache.
the class LdapUserGroupProvider method getConfiguredSslContext.
private SSLContext getConfiguredSslContext(final AuthorizerConfigurationContext configurationContext) {
final String rawKeystore = configurationContext.getProperty("TLS - Keystore").getValue();
final String rawKeystorePassword = configurationContext.getProperty("TLS - Keystore Password").getValue();
final String rawKeystoreType = configurationContext.getProperty("TLS - Keystore Type").getValue();
final String rawTruststore = configurationContext.getProperty("TLS - Truststore").getValue();
final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password").getValue();
final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type").getValue();
final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth").getValue();
final String rawProtocol = configurationContext.getProperty("TLS - Protocol").getValue();
// create the ssl context
final SSLContext sslContext;
try {
if (StringUtils.isBlank(rawKeystore) && StringUtils.isBlank(rawTruststore)) {
sslContext = null;
} else {
// ensure the protocol is specified
if (StringUtils.isBlank(rawProtocol)) {
throw new SecurityProviderCreationException("TLS - Protocol must be specified.");
}
if (StringUtils.isBlank(rawKeystore)) {
sslContext = SslContextFactory.createTrustSslContext(rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, rawProtocol);
} else if (StringUtils.isBlank(rawTruststore)) {
sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, rawProtocol);
} else {
// determine the client auth if specified
final ClientAuth clientAuth;
if (StringUtils.isBlank(rawClientAuth)) {
clientAuth = ClientAuth.NONE;
} else {
try {
clientAuth = ClientAuth.valueOf(rawClientAuth);
} catch (final IllegalArgumentException iae) {
throw new SecurityProviderCreationException(String.format("Unrecognized client auth '%s'. Possible values are [%s]", rawClientAuth, StringUtils.join(ClientAuth.values(), ", ")));
}
}
sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, clientAuth, rawProtocol);
}
}
} catch (final KeyStoreException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException | KeyManagementException | IOException e) {
throw new SecurityProviderCreationException(e.getMessage(), e);
}
return sslContext;
}
Aggregations