in libminifi/src/controllers/SSLContextService.cpp [403:506]
void SSLContextServiceImpl::onEnable() {
std::filesystem::path default_dir;
if (configuration_) {
if (auto default_dir_str = configuration_->get(Configure::nifi_default_directory)) {
default_dir = default_dir_str.value();
}
}
logger_->log_trace("onEnable()");
certificate_.clear();
if (auto certificate = getProperty(ClientCertificate.name)) {
if (is_valid_and_readable_path(*certificate)) {
certificate_ = *certificate;
} else {
logger_->log_warn("Cannot open certificate file {}", *certificate);
if (is_valid_and_readable_path(default_dir / *certificate)) {
certificate_ = default_dir / *certificate;
} else {
logger_->log_error("Cannot open certificate file {}", (default_dir / *certificate));
}
}
} else {
logger_->log_debug("Certificate empty");
}
private_key_.clear();
if (!certificate_.empty() && !isFileTypeP12(certificate_)) {
if (auto private_key = getProperty(PrivateKey.name)) {
if (is_valid_and_readable_path(*private_key)) {
private_key_ = *private_key;
} else {
logger_->log_warn("Cannot open private key file {}", *private_key);
if (is_valid_and_readable_path(default_dir / *private_key)) {
private_key_ = default_dir / *private_key;
} else {
logger_->log_error("Cannot open private key file {}", (default_dir / *private_key));
}
}
logger_->log_info("Using private key file {}", private_key_);
} else {
logger_->log_debug("Private key empty");
}
}
passphrase_.clear();
if (auto passphrase = getProperty(Passphrase.name)) {
passphrase_ = *passphrase;
std::ifstream passphrase_file(passphrase_);
if (passphrase_file.good()) {
// we should read it from the file
passphrase_.assign((std::istreambuf_iterator<char>(passphrase_file)), std::istreambuf_iterator<char>());
} else {
auto test_passphrase = default_dir / passphrase_;
std::ifstream passphrase_file_test(test_passphrase);
if (passphrase_file_test.good()) {
passphrase_.assign((std::istreambuf_iterator<char>(passphrase_file_test)), std::istreambuf_iterator<char>());
} else {
// not an invalid file since we support a passphrase of unencrypted text
}
passphrase_file_test.close();
}
passphrase_file.close();
} else {
logger_->log_debug("No pass phrase for {}", certificate_);
}
ca_certificate_.clear();
if (auto ca_certificate = getProperty(CACertificate.name)) {
if (is_valid_and_readable_path(*ca_certificate)) {
ca_certificate_ = *ca_certificate;
} else {
logger_->log_warn("Cannot open CA certificate file {}", *ca_certificate);
if (is_valid_and_readable_path(default_dir / *ca_certificate)) {
ca_certificate_ = default_dir / *ca_certificate;
} else {
logger_->log_error("Cannot open CA certificate file {}", (default_dir / *ca_certificate));
}
}
logger_->log_info("Using CA certificate file {}", ca_certificate_);
} else {
logger_->log_debug("CA Certificate empty");
}
use_system_cert_store_ = (getProperty(UseSystemCertStore.name) | utils::andThen(parsing::parseBool)).value_or(false);
#ifdef WIN32
cert_store_location_ = getProperty(CertStoreLocation.name).value_or("");
server_cert_store_ = getProperty(ServerCertStore.name).value_or("");
client_cert_store_ = getProperty(ClientCertStore.name).value_or("");
client_cert_cn_ = getProperty(ClientCertCN.name).value_or("");
std::string client_cert_key_usage = getProperty(ClientCertKeyUsage.name).value_or("");
client_cert_key_usage_ = utils::tls::ExtendedKeyUsage{client_cert_key_usage};
#endif // WIN32
logger_->log_debug("Using certificate file \"{}\"", certificate_);
logger_->log_debug("Using private key file \"{}\"", private_key_);
logger_->log_debug("Using CA certificate file \"{}\"", ca_certificate_);
logger_->log_debug("Using the system cert store: {}", use_system_cert_store_ ? "yes" : "no");
verifyCertificateExpiration();
}