[
https://issues.apache.org/jira/browse/NIFI-15836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18073479#comment-18073479
]
Alaksiej Ščarbaty commented on NIFI-15836:
------------------------------------------
[~exceptionfactory],
Do I understand correctly that you suggest we remove the existing
keystore/truststore-based implementation and always use `SslEngineFactory`, no
matter if `SSLContextService` (currently allowed class) or `SSLContextProvider`
(a parent class) is passed?
> Support PEM keys in Kafka3ConnectionService
> -------------------------------------------
>
> Key: NIFI-15836
> URL: https://issues.apache.org/jira/browse/NIFI-15836
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Reporter: Alaksiej Ščarbaty
> Assignee: Alaksiej Ščarbaty
> Priority: Major
>
> Currently `Kafka3ConnectionService` supports only file-based
> `SSLContextService`. `SSLContextProvider`, which is a parent of
> `SSLContextService`, can't be used in the controller service.
> `PEMEncodedSSLContextProvider` is an `SSLContextProvider`, thus can't be used
> with the controller service.
> *Goal*
> `Kafka3ConnectionService` should accept a parent - `SSLContextProvider`
> instead.
> If the provided service is `SSLContextService`, we keep the current
> file-based behavior.
> Otherwise a custom `SslEngineFactory` (introduced in
> [KIP-519|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=128650952])
> is used. Thanks to that it will be possible to support any
> `SSLContextProvider` implementation, not only `PEMEncodedSSLContextProvider`.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
