You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "bejancsaba (via GitHub)" <gi...@apache.org> on 2023/03/30 15:21:49 UTC

[GitHub] [nifi] bejancsaba commented on a diff in pull request #7098: NIFI-11344 Make MiNiFi FIPS compatible

bejancsaba commented on code in PR #7098:
URL: https://github.com/apache/nifi/pull/7098#discussion_r1153333593


##########
minifi/minifi-bootstrap/src/main/java/org/apache/nifi/minifi/bootstrap/configuration/ingestors/RestChangeIngestor.java:
##########
@@ -172,39 +182,53 @@ private void createConnector(Properties properties) {
         http.setIdleTimeout(30000L);
         jetty.addConnector(http);
 
-        logger.info("Added an http connector on the host '{}' and port '{}'", new Object[]{http.getHost(), http.getPort()});
+        logger.info("Added an http connector on the host '{}' and port '{}'", http.getHost(), http.getPort());
     }
 
     private void createSecureConnector(Properties properties) {
-        SslContextFactory ssl = new SslContextFactory();
-
-        if (properties.getProperty(KEYSTORE_LOCATION_KEY) != null) {
-            ssl.setKeyStorePath(properties.getProperty(KEYSTORE_LOCATION_KEY));
-            ssl.setKeyStorePassword(properties.getProperty(KEYSTORE_PASSWORD_KEY));
-            ssl.setKeyStoreType(properties.getProperty(KEYSTORE_TYPE_KEY));
+        KeyStore keyStore;
+        KeyStore truststore = null;
+
+        try (FileInputStream keyStoreStream = new FileInputStream(properties.getProperty(KEYSTORE_LOCATION_KEY))) {

Review Comment:
   Shouldn't it be checked whether KEYSTORE_LOCATION_KEY is set (similarly to the original code or as it is done for trust store?



##########
minifi/minifi-c2/minifi-c2-api/src/main/java/org/apache/nifi/minifi/c2/api/properties/C2Properties.java:
##########
@@ -59,31 +52,6 @@ public static C2Properties getInstance() {
     }
 
     public boolean isSecure() {
-        return Boolean.valueOf(getProperty(MINIFI_C2_SERVER_SECURE, "false"));
-    }
-
-    public SslContextFactory getSslContextFactory() throws GeneralSecurityException, IOException {

Review Comment:
   Thanks for cleaning this up. It was incorrectly placed here. After the cleanup the "logger" and "C2_SERVER_HOME" became unused could you please remove those as well?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org