[
https://issues.apache.org/jira/browse/NIFI-15836?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alaksiej Ščarbaty updated NIFI-15836:
-------------------------------------
Description:
Currently `Kafka3ConnectionService` supports only file-based
`SSLContextService`. `SSLContextProvider`, which is a parent of
`SSLContextService`, can't be used in the controller service.
`PEMEncodedSSLContextProvider` is an `SSLContextProvider`, thus can't be used
with the controller service.
*Goal*
`Kafka3ConnectionService` should accept a parent - `SSLContextProvider` instead.
-If the provided service is `SSLContextService`, we keep the current file-based
behavior.-
A custom `SslEngineFactory` (introduced in
[KIP-519|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=128650952])
will always be used. It will also replace the existing keystore
implementation. Thanks to that it will be possible to support any
`SSLContextProvider` implementation, not only `PEMEncodedSSLContextProvider`.
was:
Currently `Kafka3ConnectionService` supports only file-based
`SSLContextService`. `SSLContextProvider`, which is a parent of
`SSLContextService`, can't be used in the controller service.
`PEMEncodedSSLContextProvider` is an `SSLContextProvider`, thus can't be used
with the controller service.
*Goal*
`Kafka3ConnectionService` should accept a parent - `SSLContextProvider` instead.
If the provided service is `SSLContextService`, we keep the current file-based
behavior.
Otherwise a custom `SslEngineFactory` (introduced in
[KIP-519|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=128650952])
is used. Thanks to that it will be possible to support any
`SSLContextProvider` implementation, not only `PEMEncodedSSLContextProvider`.
> Support PEM keys in Kafka3ConnectionService
> -------------------------------------------
>
> Key: NIFI-15836
> URL: https://issues.apache.org/jira/browse/NIFI-15836
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: 2.9.0
> Reporter: Alaksiej Ščarbaty
> Assignee: Alaksiej Ščarbaty
> Priority: Major
>
> Currently `Kafka3ConnectionService` supports only file-based
> `SSLContextService`. `SSLContextProvider`, which is a parent of
> `SSLContextService`, can't be used in the controller service.
> `PEMEncodedSSLContextProvider` is an `SSLContextProvider`, thus can't be used
> with the controller service.
> *Goal*
> `Kafka3ConnectionService` should accept a parent - `SSLContextProvider`
> instead.
> -If the provided service is `SSLContextService`, we keep the current
> file-based behavior.-
> A custom `SslEngineFactory` (introduced in
> [KIP-519|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=128650952])
> will always be used. It will also replace the existing keystore
> implementation. Thanks to that it will be possible to support any
> `SSLContextProvider` implementation, not only `PEMEncodedSSLContextProvider`.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
