[
https://issues.apache.org/jira/browse/NIFI-15836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18073477#comment-18073477
]
David Handermann commented on NIFI-15836:
-----------------------------------------
Thanks for raising this issue for improvement [~awelless].
As one point of scoping, any redesigned implementation should move away from
the current file-based behavior. The SSLContextProvider is a super interface of
SSLContextService, so changing the approach to implement a custom
SslEngineFactory should remove the need for mapping file-based properties.
> Support PEM keys in Kafka3ConnectionService
> -------------------------------------------
>
> Key: NIFI-15836
> URL: https://issues.apache.org/jira/browse/NIFI-15836
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Reporter: Alaksiej Ščarbaty
> Assignee: Alaksiej Ščarbaty
> Priority: Major
>
> Currently `Kafka3ConnectionService` supports only file-based
> `SSLContextService`. `SSLContextProvider`, which is a parent of
> `SSLContextService`, can't be used in the controller service.
> `PEMEncodedSSLContextProvider` is an `SSLContextProvider`, thus can't be used
> with the controller service.
> *Goal*
> `Kafka3ConnectionService` should accept a parent - `SSLContextProvider`
> instead.
> If the provided service is `SSLContextService`, we keep the current
> file-based behavior.
> Otherwise a custom `SslEngineFactory` (introduced in
> [KIP-519|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=128650952])
> is used. Thanks to that it will be possible to support any
> `SSLContextProvider` implementation, not only `PEMEncodedSSLContextProvider`.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
