Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Abandoned
-
1.10.0
-
None
Description
HandleHTTPRequest processor as server, supports 2Way SSL( ie client authentication). InvokeHTTP processor as client, unfortunately not. I would like provide my patch for InvokeHTTP processor.See attach.
Here some comments for code.
I added Client.Auth methods
I added hostname validator.
Due to original code base and chosen HTTP client, I changed OkHttpClient reference to OkHttpClient.Builder for host validation handler. I have not way to support EL in properties and pass them to handler from setupto trigger via context.
AtomicReference<OkHttpClient.Builder> okHttpClientBuilderAtomicReferenc
Most hard and long operations done before trigger, while scheduler starts, building client is relatively lightweight.
Some comments about host validator, reasons to do this.
My case is build RESTful services with 2-way SSL authentication by IP. Remote client can be a servers at same time as a clients, like mutual communication, but no domains, only IPs in green field. More over, clients can change dynamically their IP due to selected channel, LAN or Cellular, here is not way to provide SAN to certificate at configuration. Now you can provide dynamically via EL/param IP addresses to check hostname for client authentication.
PS. It's not clear code, why processor build SSLContext in SSL Context Controlller, but not use it anyhow? This is strange and unclear, possibly, here we can reduce the code.
PPS. It not clear, how to build tests for this case.
Sincerely,
Dmitry.
Attachments
Attachments
Issue Links
- duplicates
-
NIFI-1129 InvokeHttp fine grain control over truststore
- Resolved
- is related to
-
NIFI-6019 Remove Trusted Hostname property from InvokeHTTP processor
- Resolved
- relates to
-
NIFI-13962 Overrride trusted hostname verification
- Closed
-
NIFI-7786 Bring back Trusted Hostname property from InvokeHTTP processor
- Resolved