Github user ijokarumawak commented on a diff in the pull request:
https://github.com/apache/nifi/pull/3110#discussion_r230287682
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/queue/clustered/server/ClusterLoadBalanceAuthorizer.java
---
@@ -33,14 +42,27 @@
private final ClusterCoordinator clusterCoordinator;
private final EventReporter eventReporter;
+ private final HostnameVerifier hostnameVerifier;
public ClusterLoadBalanceAuthorizer(final ClusterCoordinator
clusterCoordinator, final EventReporter eventReporter) {
this.clusterCoordinator = clusterCoordinator;
this.eventReporter = eventReporter;
+ this.hostnameVerifier = new DefaultHostnameVerifier();
}
@Override
- public String authorize(final Collection<String> clientIdentities)
throws NotAuthorizedException {
+ public String authorize(SSLSocket sslSocket) throws
NotAuthorizedException, IOException {
+ final SSLSession sslSession = sslSocket.getSession();
+
+ final Set<String> clientIdentities;
+ try {
+ clientIdentities = getCertificateIdentities(sslSession);
+ } catch (final CertificateException e) {
+ throw new IOException("Failed to extract Client Certificate",
e);
+ }
+
+ logger.debug("Will perform authorization against Client Identities
'{}'", clientIdentities);
+
if (clientIdentities == null) {
--- End diff --
Now we only call this `authorize()` method if socket is a SSLSocket. We can
remove this block.
---
