Github user ijokarumawak commented on a diff in the pull request: https://github.com/apache/nifi/pull/3110#discussion_r230287682 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/queue/clustered/server/ClusterLoadBalanceAuthorizer.java --- @@ -33,14 +42,27 @@ private final ClusterCoordinator clusterCoordinator; private final EventReporter eventReporter; + private final HostnameVerifier hostnameVerifier; public ClusterLoadBalanceAuthorizer(final ClusterCoordinator clusterCoordinator, final EventReporter eventReporter) { this.clusterCoordinator = clusterCoordinator; this.eventReporter = eventReporter; + this.hostnameVerifier = new DefaultHostnameVerifier(); } @Override - public String authorize(final Collection<String> clientIdentities) throws NotAuthorizedException { + public String authorize(SSLSocket sslSocket) throws NotAuthorizedException, IOException { + final SSLSession sslSession = sslSocket.getSession(); + + final Set<String> clientIdentities; + try { + clientIdentities = getCertificateIdentities(sslSession); + } catch (final CertificateException e) { + throw new IOException("Failed to extract Client Certificate", e); + } + + logger.debug("Will perform authorization against Client Identities '{}'", clientIdentities); + if (clientIdentities == null) { --- End diff -- Now we only call this `authorize()` method if socket is a SSLSocket. We can remove this block.
---