public SecurityPropertiesSchema(Map map) { keystore = getOptionalKeyAsType(map, KEYSTORE_KEY, String.class, SECURITY_PROPS_KEY, ""); keystoreType = getOptionalKeyAsType(map, KEYSTORE_TYPE_KEY, String.class, SECURITY_PROPS_KEY, ""); if (!StringUtil.isNullOrEmpty(keystoreType)) { if (validateStoreType(keystoreType)) { addValidationIssue(KEYSTORE_TYPE_KEY, SECURITY_PROPS_KEY, "it is not a supported type (must be either PKCS12 or JKS format)"); keystorePassword = getOptionalKeyAsType(map, KEYSTORE_PASSWORD_KEY, String.class, SECURITY_PROPS_KEY, ""); keyPassword = getOptionalKeyAsType(map, KEY_PASSWORD_KEY, String.class, SECURITY_PROPS_KEY, ""); truststore = getOptionalKeyAsType(map, TRUSTSTORE_KEY, String.class, SECURITY_PROPS_KEY, ""); truststoreType = getOptionalKeyAsType(map, TRUSTSTORE_TYPE_KEY, String.class, SECURITY_PROPS_KEY, ""); if (!StringUtil.isNullOrEmpty(truststoreType)) { if (validateStoreType(truststoreType)) { addValidationIssue(TRUSTSTORE_TYPE_KEY, SECURITY_PROPS_KEY, "it is not a supported type (must be either PKCS12 or JKS format)"); truststorePassword = getOptionalKeyAsType(map, TRUSTSTORE_PASSWORD_KEY, String.class, SECURITY_PROPS_KEY, ""); sslProtocol = getOptionalKeyAsType(map, SSL_PROTOCOL_KEY, String.class, SECURITY_PROPS_KEY, ""); if (!StringUtil.isNullOrEmpty(sslProtocol)) { switch (sslProtocol) { break; default: addValidationIssue(SSL_PROTOCOL_KEY, SECURITY_PROPS_KEY, "it is not an allowable value of SSL protocol"); break;
protected static void addSSLControllerService(final Element element, SecurityPropertiesSchema securityProperties) throws ConfigurationChangeException { try { final Element serviceElement = element.getOwnerDocument().createElement("controllerService"); addTextElement(serviceElement, "id", "SSL-Context-Service"); addTextElement(serviceElement, "name", "SSL-Context-Service"); addTextElement(serviceElement, "comment", ""); addTextElement(serviceElement, "class", "org.apache.nifi.ssl.StandardSSLContextService"); addTextElement(serviceElement, "enabled", "true"); Map<String, Object> attributes = new HashMap<>(); attributes.put("Keystore Filename", securityProperties.getKeystore()); attributes.put("Keystore Type", securityProperties.getKeystoreType()); attributes.put("Keystore Password", securityProperties.getKeyPassword()); attributes.put("Truststore Filename", securityProperties.getTruststore()); attributes.put("Truststore Type", securityProperties.getTruststoreType()); attributes.put("Truststore Password", securityProperties.getTruststorePassword()); attributes.put("SSL Protocol", securityProperties.getSslProtocol()); addConfiguration(serviceElement, attributes); element.appendChild(serviceElement); } catch (Exception e) { throw new ConfigurationChangeException("Failed to parse the config YAML while trying to create an SSL Controller Service", e); } }
ComponentStatusRepositorySchema componentStatusRepoProperties = configSchema.getComponentStatusRepositoryProperties(); SecurityPropertiesSchema securityProperties = configSchema.getSecurityProperties(); SensitivePropsSchema sensitiveProperties = securityProperties.getSensitiveProps(); ProvenanceRepositorySchema provenanceRepositorySchema = configSchema.getProvenanceRepositorySchema(); orderedProperties.setProperty("nifi.sensitive.props.provider", sensitiveProperties.getProvider()); orderedProperties.setProperty("nifi.security.keystore", securityProperties.getKeystore(), ""); orderedProperties.setProperty("nifi.security.keystoreType", securityProperties.getKeystoreType()); orderedProperties.setProperty("nifi.security.keystorePasswd", securityProperties.getKeystorePassword()); orderedProperties.setProperty("nifi.security.keyPasswd", securityProperties.getKeyPassword()); orderedProperties.setProperty("nifi.security.truststore", securityProperties.getTruststore()); orderedProperties.setProperty("nifi.security.truststoreType", securityProperties.getTruststoreType()); orderedProperties.setProperty("nifi.security.truststorePasswd", securityProperties.getTruststorePassword()); orderedProperties.setProperty("nifi.security.needClientAuth", ""); orderedProperties.setProperty("nifi.security.user.credential.cache.duration", "24 hours");