[jira] [Updated] (NIFI-14027) Add SSLContextProvider Controller Service Interface

Mon, 18 Nov 2024 18:12:04 -0800 


     [ 
https://issues.apache.org/jira/browse/NIFI-14027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

David Handermann updated NIFI-14027:
------------------------------------
    Status: Patch Available  (was: In Progress)

> Add SSLContextProvider Controller Service Interface
> ---------------------------------------------------
>
>                 Key: NIFI-14027
>                 URL: https://issues.apache.org/jira/browse/NIFI-14027
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The {{SSLContextService}} Controller Service interface supports TLS 
> communication for a wide range for extension components and includes methods 
> for creating Java {{SSLContext}} objects and retrieving configuration 
> properties. The majority of extension components require initialized 
> {{SSLContext}} objects or the supporting {{KeyManager}} and {{TrustManager}} 
> objects. A small number of extension components use individual configuration 
> properties to support other libraries that handle {{SSLContext}} construction.
> In order to provide better separation between configuration properties and 
> TLS communication objects, a new {{SSLContextProvider}} Controller Service 
> interface should be added to the {{nifi-ssl-context-service-api}} module. 
> This interface should declare the same {{createContext}} and 
> {{createTrustManager}} methods that the {{SSLContextService}} provides so 
> that it can serve as a parent interface for {{SSLContextService}}. This 
> change will support updates to integrating components, allowing them to 
> depend on {{SSLContextProvider}} instead of {{SSLContextService}}. 
> The new {{SSLContextProvider}} interface will support subsequent introduction 
> of support for configuring PEM Key and Certificate files in a way that 
> ensures compatibility without implying access to the files themselves.
> This approach retains compatibility with existing external Processors and 
> Controller Services that depend on {{SSLContextService}}.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to