Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
The SSLContextService Controller Service interface supports TLS communication for a wide range for extension components and includes methods for creating Java SSLContext objects and retrieving configuration properties. The majority of extension components require initialized SSLContext objects or the supporting KeyManager and TrustManager objects. A small number of extension components use individual configuration properties to support other libraries that handle SSLContext construction.
In order to provide better separation between configuration properties and TLS communication objects, a new SSLContextProvider Controller Service interface should be added to the nifi-ssl-context-service-api module. This interface should declare the same createContext and createTrustManager methods that the SSLContextService provides so that it can serve as a parent interface for SSLContextService. This change will support updates to integrating components, allowing them to depend on SSLContextProvider instead of SSLContextService.
The new SSLContextProvider interface will support subsequent introduction of support for configuring PEM Key and Certificate files in a way that ensures compatibility without implying access to the files themselves.
This approach retains compatibility with existing external Processors and Controller Services that depend on SSLContextService.
Attachments
Issue Links
- links to
