in libminifi/src/controllers/SSLContextService.cpp [404:502]
void SSLContextService::onEnable() {
std::filesystem::path default_dir;
if (configuration_) {
if (auto default_dir_str = configuration_->get(Configure::nifi_default_directory)) {
default_dir = default_dir_str.value();
}
}
logger_->log_trace("onEnable()");
certificate_.clear();
if (auto certificate = getProperty(ClientCertificate)) {
if (is_valid_and_readable_path(*certificate)) {
certificate_ = *certificate;
} else {
logger_->log_warn("Cannot open certificate file %s", *certificate);
if (is_valid_and_readable_path(default_dir / *certificate)) {
certificate_ = default_dir / *certificate;
} else {
logger_->log_error("Cannot open certificate file %s", (default_dir / *certificate).string());
}
}
} else {
logger_->log_debug("Certificate empty");
}
private_key_.clear();
if (!certificate_.empty() && !isFileTypeP12(certificate_)) {
if (auto private_key = getProperty(PrivateKey)) {
if (is_valid_and_readable_path(*private_key)) {
private_key_ = *private_key;
} else {
logger_->log_warn("Cannot open private key file %s", *private_key);
if (is_valid_and_readable_path(default_dir / *private_key)) {
private_key_ = default_dir / *private_key;
} else {
logger_->log_error("Cannot open private key file %s", (default_dir / *private_key).string());
}
}
logger_->log_info("Using private key file %s", private_key_.string());
} else {
logger_->log_debug("Private key empty");
}
}
passphrase_.clear();
if (!getProperty(Passphrase, passphrase_)) {
logger_->log_debug("No pass phrase for %s", certificate_.string());
} else {
std::ifstream passphrase_file(passphrase_);
if (passphrase_file.good()) {
// we should read it from the file
passphrase_.assign((std::istreambuf_iterator<char>(passphrase_file)), std::istreambuf_iterator<char>());
} else {
auto test_passphrase = default_dir / passphrase_;
std::ifstream passphrase_file_test(test_passphrase);
if (passphrase_file_test.good()) {
passphrase_.assign((std::istreambuf_iterator<char>(passphrase_file_test)), std::istreambuf_iterator<char>());
} else {
// not an invalid file since we support a passphrase of unencrypted text
}
passphrase_file_test.close();
}
passphrase_file.close();
}
ca_certificate_.clear();
if (auto ca_certificate = getProperty(CACertificate)) {
if (is_valid_and_readable_path(*ca_certificate)) {
ca_certificate_ = *ca_certificate;
} else {
logger_->log_warn("Cannot open CA certificate file %s", *ca_certificate);
if (is_valid_and_readable_path(default_dir / *ca_certificate)) {
ca_certificate_ = default_dir / *ca_certificate;
} else {
logger_->log_error("Cannot open CA certificate file %s", (default_dir / *ca_certificate).string());
}
}
logger_->log_info("Using CA certificate file %s", ca_certificate_.string());
} else {
logger_->log_debug("CA Certificate empty");
}
getProperty(UseSystemCertStore, use_system_cert_store_);
#ifdef WIN32
getProperty(CertStoreLocation, cert_store_location_);
getProperty(ServerCertStore, server_cert_store_);
getProperty(ClientCertStore, client_cert_store_);
getProperty(ClientCertCN, client_cert_cn_);
std::string client_cert_key_usage;
getProperty(ClientCertKeyUsage, client_cert_key_usage);
client_cert_key_usage_ = utils::tls::ExtendedKeyUsage{client_cert_key_usage};
#endif // WIN32
verifyCertificateExpiration();
}