Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-1907

SiteToSiteClient not properly using keystore and truststore properties

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.6.1
    • Fix Version/s: 1.0.0, 0.7.0, 1.0.0-Beta
    • Component/s: None
    • Labels:
      None

      Description

      SiteToSiteClient.Builder allows setting an SSLContext or setting all of the individual SSL properties, it then has a method getSSLContext() which says that if the sslContext is null return that, otherwise use the properties to create one:

      https://github.com/apache/nifi/blob/e4b7e47836edf47042973e604005058c28eed23b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClient.java#L575

      The problem is this getSSLContext() is never called. When the builder's build() method is called, it passes the builder to StandardSiteToSiteClientConfig and just assigns all the member variables with direct access:

      https://github.com/apache/nifi/blob/e4b7e47836edf47042973e604005058c28eed23b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClient.java#L722

      Later on in SocketClient it will call SiteToSiteClient.getSSLContext():

      https://github.com/apache/nifi/blob/e4b7e47836edf47042973e604005058c28eed23b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/socket/SocketClient.java#L52

      This will still be null here if only the SSL properties were initially specified on the builder, and therefore won't end up creating an Https connection and thus failing.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                bbende Bryan Bende
                Reporter:
                bbende Bryan Bende
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: