Package org.apache.nifi.security.util

Class SslContextFactory

java.lang.Object

org.apache.nifi.security.util.SslContextFactory

public final class SslContextFactory
extends Object

A factory for creating SSL contexts using the application's security properties. By requiring callers to bundle the properties in a TlsConfiguration container object, much better validation and property matching can occur. The public methods are designed for easy use, while the protected methods provide more granular (but less common) access to intermediate objects if required.

Field Summary

Fields

Modifier and Type	Field	Description
private static final org.slf4j.Logger	logger

Constructor Summary

Constructors

Constructor	Description
SslContextFactory()

Method Summary

Modifier and Type	Method	Description
static SSLContext	createSslContext(TlsConfiguration tlsConfiguration)	Create and initialize a SSLContext from the provided TLS configuration.
static SSLContext	createSslContext(TlsConfiguration tlsConfiguration, TrustManager[] trustManagers)	Create and initialize a SSLContext from the provided TLS configuration and Trust Managers.
static SSLSocketFactory	createSSLSocketFactory(TlsConfiguration tlsConfiguration)	Convenience method to return the SSLSocketFactory from the created SSLContext
protected static KeyManager[]	getKeyManagers(TlsConfiguration tlsConfiguration)	Returns an array of KeyManagers for the provided configuration.
static TrustManager[]	getTrustManagers(TlsConfiguration tlsConfiguration)	Returns an array of TrustManager implementations based on the provided truststore configurations.
static X509TrustManager	getX509TrustManager(TlsConfiguration tlsConfiguration)	Returns a configured X509TrustManager for the provided configuration.
private static SSLContext	initializeSSLContext(TlsConfiguration tlsConfiguration, KeyManager[] keyManagers, TrustManager[] trustManagers)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

logger

private static final org.slf4j.Logger logger

Constructor Details

SslContextFactory

public SslContextFactory()

Method Details

createSslContext

public static SSLContext createSslContext(TlsConfiguration tlsConfiguration)
                                   throws TlsException

Create and initialize a SSLContext from the provided TLS configuration.

Parameters:

tlsConfiguration - the TLS configuration container object

Returns:

SSLContext initialized from TLS Configuration or null when TLS Configuration is empty

Throws:

TlsException - if there is a problem configuring the SSLContext

createSslContext

public static SSLContext createSslContext(TlsConfiguration tlsConfiguration,
 TrustManager[] trustManagers)
                                   throws TlsException

Create and initialize a SSLContext from the provided TLS configuration and Trust Managers.

Parameters:

tlsConfiguration - the TLS configuration container object

trustManagers - Trust Managers can be null to use platform default Trust Managers

Returns:

SSLContext initialized from TLS Configuration or null when TLS Configuration is empty

Throws:

TlsException - if there is a problem configuring the SSLContext

getX509TrustManager

public static X509TrustManager getX509TrustManager(TlsConfiguration tlsConfiguration)
                                            throws TlsException

Returns a configured X509TrustManager for the provided configuration. Useful for constructing HTTP clients which require their own trust management rather than an SSLContext. Filters and removes any trust managers that are not X509TrustManager implementations, and returns the first X.509 trust manager.

Parameters:

tlsConfiguration - the TLS configuration container object

Returns:

an X.509 TrustManager (can be null)

Throws:

TlsException - if there is a problem reading the truststore to create the trust managers

createSSLSocketFactory

public static SSLSocketFactory createSSLSocketFactory(TlsConfiguration tlsConfiguration)
                                               throws TlsException

Convenience method to return the SSLSocketFactory from the created SSLContext

Parameters:

tlsConfiguration - the TLS configuration container object

Returns:

the configured SSLSocketFactory (can be null)

Throws:

TlsException - if there is a problem creating the SSLContext or SSLSocketFactory

getKeyManagers

protected static KeyManager[] getKeyManagers(TlsConfiguration tlsConfiguration)
                                      throws TlsException

Returns an array of KeyManagers for the provided configuration. Useful for constructing HTTP clients which require their own key management rather than an SSLContext. The result can be null or empty. If an empty configuration is provided, null is returned. However, if a partially-populated but invalid configuration is provided, a TlsException is thrown.

Parameters:

tlsConfiguration - the TLS configuration container object with keystore properties

Returns:

an array of KeyManagers (can be null)

Throws:

TlsException - if there is a problem reading the keystore to create the key managers

getTrustManagers

public static TrustManager[] getTrustManagers(TlsConfiguration tlsConfiguration)
                                       throws TlsException

Returns an array of TrustManager implementations based on the provided truststore configurations. The result can be null or empty. If an empty configuration is provided, null is returned. However, if a partially-populated but invalid configuration is provided, a TlsException is thrown.

Parameters:

tlsConfiguration - the TLS configuration container object with truststore properties

Returns:

the loaded trust managers

Throws:

TlsException - if there is a problem reading from the truststore

initializeSSLContext

private static SSLContext initializeSSLContext(TlsConfiguration tlsConfiguration,
 KeyManager[] keyManagers,
 TrustManager[] trustManagers)
                                        throws TlsException

Throws:

TlsException