Java Code Examples for org.apache.nifi.security.util.SslContextFactory#createSslContext()

@Test
public void testTLSClientAuthNoneAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException, TlsException {

    runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.NONE.name());
    configureProcessorSslContextService();

    final List<String> messages = new ArrayList<>();
    messages.add("This is message 1\n");
    messages.add("This is message 2\n");
    messages.add("This is message 3\n");
    messages.add("This is message 4\n");
    messages.add("This is message 5\n");

    // Make an SSLContext that only has the trust store, this should not work since the processor has client auth REQUIRED
    final SSLContext clientSslContext = SslContextFactory.createSslContext(trustOnlyTlsConfiguration);

    runTCP(messages, messages.size(), clientSslContext);

    List<MockFlowFile> mockFlowFiles = runner.getFlowFilesForRelationship(ListenTCP.REL_SUCCESS);
    for (int i = 0; i < mockFlowFiles.size(); i++) {
        mockFlowFiles.get(i).assertContentEquals("This is message " + (i + 1));
    }
}
 

@Test
public void testTLSClientAuthRequiredAndClientCertNotProvided() throws InitializationException, TlsException {

    runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
    configureProcessorSslContextService();

    final List<String> messages = new ArrayList<>();
    messages.add("This is message 1\n");
    messages.add("This is message 2\n");
    messages.add("This is message 3\n");
    messages.add("This is message 4\n");
    messages.add("This is message 5\n");

    // Make an SSLContext that only has the trust store, this should not work since the processor has client auth REQUIRED
    final SSLContext clientSslContext = SslContextFactory.createSslContext(trustOnlyTlsConfiguration);

    try {
        runTCP(messages, messages.size(), clientSslContext);
        Assert.fail("Should have thrown exception");
    } catch (Exception e) {

    }
}
 

@Test
public void testTLSClientAuthRequiredAndClientCertProvided() throws InitializationException, IOException, InterruptedException,
        TlsException {

    runner.setProperty(ListenTCP.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
    configureProcessorSslContextService();

    final List<String> messages = new ArrayList<>();
    messages.add("This is message 1\n");
    messages.add("This is message 2\n");
    messages.add("This is message 3\n");
    messages.add("This is message 4\n");
    messages.add("This is message 5\n");

    // Make an SSLContext with a key and trust store to send the test messages
    final SSLContext clientSslContext = SslContextFactory.createSslContext(clientTlsConfiguration, SslContextFactory.ClientAuth.NONE);

    runTCP(messages, messages.size(), clientSslContext);

    List<MockFlowFile> mockFlowFiles = runner.getFlowFilesForRelationship(ListenTCP.REL_SUCCESS);
    for (int i = 0; i < mockFlowFiles.size(); i++) {
        mockFlowFiles.get(i).assertContentEquals("This is message " + (i + 1));
    }
}
 

@Before
public void startServer() throws IOException, TlsException {
    tempConfigFilePath = "./target/TestHttpNotificationService-config.xml";

    Files.deleteIfExists(Paths.get(tempConfigFilePath));

    mockWebServer = new MockWebServer();

    TlsConfiguration tlsConfiguration = new TlsConfiguration("./src/test/resources/keystore.jks", "passwordpassword", null, "JKS",
            "./src/test/resources/truststore.jks", "passwordpassword", "JKS", CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
    final SSLContext sslContext = SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.REQUIRED);
    mockWebServer.useHttps(sslContext.getSocketFactory(), false);

    String configFileOutput = CONFIGURATION_FILE_TEXT.replace("${test.server}", String.valueOf(mockWebServer.url("/")));
    IOUtil.writeText(configFileOutput, new File(tempConfigFilePath));
}
 

@Test
public void testTLSClientAuthNoneAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException, TlsException {

    runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SslContextFactory.ClientAuth.NONE.name());
    configureProcessorSslContextService();

    // Make an SSLContext that only has the trust store, this should work since the processor has client auth NONE
    final SSLContext clientSslContext = SslContextFactory.createSslContext(trustOnlyTlsConfiguration);

    runTCP(DATA, 1, clientSslContext);

    final List<MockFlowFile> mockFlowFiles = runner.getFlowFilesForRelationship(ListenTCPRecord.REL_SUCCESS);
    Assert.assertEquals(1, mockFlowFiles.size());

    final String content = new String(mockFlowFiles.get(0).toByteArray(), StandardCharsets.UTF_8);
    Assert.assertNotNull(content);
    Assert.assertTrue(content.contains("This is a test " + 1));
    Assert.assertTrue(content.contains("This is a test " + 2));
    Assert.assertTrue(content.contains("This is a test " + 3));
}
 

public static SSLContext getConfiguredSslContext(final NonComponentConfigurationContext configurationContext) {
    final String rawKeystore = configurationContext.getProperty("TLS - Keystore");
    final String rawKeystorePassword = configurationContext.getProperty("TLS - Keystore Password");
    // TODO: Should support different key password
    final String rawKeystoreType = configurationContext.getProperty("TLS - Keystore Type");
    final String rawTruststore = configurationContext.getProperty("TLS - Truststore");
    final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password");
    final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type");
    final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth");
    final String rawProtocol = configurationContext.getProperty("TLS - Protocol");

    try {
        TlsConfiguration tlsConfiguration = new TlsConfiguration(rawKeystore, rawKeystorePassword, null, rawKeystoreType, rawTruststore, rawTruststorePassword, rawTruststoreType, rawProtocol);
        ClientAuth clientAuth = ClientAuth.isValidClientAuthType(rawClientAuth) ? ClientAuth.valueOf(rawClientAuth) : ClientAuth.NONE;
        return SslContextFactory.createSslContext(tlsConfiguration, clientAuth);
    } catch (TlsException e) {
        logger.error("Encountered an error configuring TLS for LDAP identity provider: {}", e.getLocalizedMessage());
        throw new ProviderCreationException("Error configuring TLS for LDAP identity provider", e);
    }
}
 

private SSLContext getConfiguredSslContext(final AuthorizerConfigurationContext configurationContext) {
    final String rawKeystore = configurationContext.getProperty("TLS - Keystore").getValue();
    final String rawKeystorePassword = configurationContext.getProperty("TLS - Keystore Password").getValue();
    final String rawKeystoreType = configurationContext.getProperty("TLS - Keystore Type").getValue();
    final String rawTruststore = configurationContext.getProperty("TLS - Truststore").getValue();
    final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password").getValue();
    final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type").getValue();
    final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth").getValue();
    final String rawProtocol = configurationContext.getProperty("TLS - Protocol").getValue();

    try {
        TlsConfiguration tlsConfiguration = new TlsConfiguration(rawKeystore, rawKeystorePassword, null, rawKeystoreType, rawTruststore, rawTruststorePassword, rawTruststoreType, rawProtocol);
        ClientAuth clientAuth = ClientAuth.isValidClientAuthType(rawClientAuth) ? ClientAuth.valueOf(rawClientAuth) : ClientAuth.NONE;
        return SslContextFactory.createSslContext(tlsConfiguration, clientAuth);
    } catch (TlsException e) {
        logger.error("Encountered an error configuring TLS for LDAP user group provider: {}", e.getLocalizedMessage());
        throw new ProviderCreationException("Error configuring TLS for LDAP user group provider", e);
    }
}
 

@Test
public void testTLSClientAuthRequiredAndClientCertProvided() throws InitializationException, IOException, InterruptedException, TlsException {

    runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
    configureProcessorSslContextService();

    // Make an SSLContext with a key and trust store to send the test messages
    final SSLContext clientSslContext = SslContextFactory.createSslContext(clientTlsConfiguration);

    runTCP(DATA, 1, clientSslContext);

    final List<MockFlowFile> mockFlowFiles = runner.getFlowFilesForRelationship(ListenTCPRecord.REL_SUCCESS);
    Assert.assertEquals(1, mockFlowFiles.size());

    final String content = new String(mockFlowFiles.get(0).toByteArray(), StandardCharsets.UTF_8);
    Assert.assertNotNull(content);
    Assert.assertTrue(content.contains("This is a test " + 1));
    Assert.assertTrue(content.contains("This is a test " + 2));
    Assert.assertTrue(content.contains("This is a test " + 3));
}
 

@Override
public SSLContext createSSLContext(final SslContextFactory.ClientAuth clientAuth) throws ProcessException {
    try {
        return SslContextFactory.createSslContext(createTlsConfiguration(), clientAuth);
    } catch (TlsException e) {
        getLogger().error("Encountered an error creating the SSL context from the SSL context service: {}", new String[]{e.getLocalizedMessage()});
        throw new ProcessException("Error creating SSL context", e);
    }
}
 

public static SSLContext getSSLContext(final JsonObject config) {
    if (!config.has(SSL)) {
        return null;
    }

    final JsonObject sslObject = config.get(SSL).getAsJsonObject();
    // TODO: Only evaluates to true when all properties are present; some flows can have truststore properties and no keystore or vice-versa
    if (sslObject.has(KEYSTORE) && sslObject.has(KEYSTORE_PASS) && sslObject.has(KEYSTORE_TYPE)
            && sslObject.has(TRUSTSTORE) && sslObject.has(TRUSTSTORE_PASS) && sslObject.has(TRUSTSTORE_TYPE)) {

        final String keystore = sslObject.get(KEYSTORE).getAsString();
        final String keystorePass = sslObject.get(KEYSTORE_PASS).getAsString();
        final String keyPass = sslObject.has(KEY_PASS) ? sslObject.get(KEY_PASS).getAsString() : keystorePass;
        final String keystoreType = sslObject.get(KEYSTORE_TYPE).getAsString();

        final String truststore = sslObject.get(TRUSTSTORE).getAsString();
        final String truststorePass = sslObject.get(TRUSTSTORE_PASS).getAsString();
        final String truststoreType = sslObject.get(TRUSTSTORE_TYPE).getAsString();

        try {
            TlsConfiguration tlsConfiguration = new TlsConfiguration(keystore, keystorePass, keyPass, keystoreType,
                    truststore, truststorePass, truststoreType, CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
            return SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.REQUIRED);
        } catch (final Exception e) {
            throw new RuntimeException("Failed to create Keystore", e);
        }
    }

    return null;
}
 

private static HttpsURLConnection buildSecureConnection(boolean twoWaySsl, URL url) throws IOException, TlsException {
    final HttpsURLConnection sslCon = (HttpsURLConnection) url.openConnection();
    SSLContext clientSslContext;
    if (twoWaySsl) {
        // Use a client certificate, do not reuse the server's keystore
        clientSslContext = SslContextFactory.createSslContext(clientTlsConfiguration);
    } else {
        // With one-way SSL, the client still needs a truststore
        clientSslContext = SslContextFactory.createSslContext(trustOnlyTlsConfiguration);
    }
    sslCon.setSSLSocketFactory(clientSslContext.getSocketFactory());
    return sslCon;
}
 

@Test
public void testTLSClientAuthRequiredAndClientCertNotProvided() throws InitializationException, IOException, InterruptedException, TlsException {

    runner.setProperty(ListenTCPRecord.CLIENT_AUTH, SslContextFactory.ClientAuth.REQUIRED.name());
    runner.setProperty(ListenTCPRecord.READ_TIMEOUT, "5 seconds");
    configureProcessorSslContextService();

    // Make an SSLContext that only has the trust store, this should not work since the processor has client auth REQUIRED
    final SSLContext clientSslContext = SslContextFactory.createSslContext(trustOnlyTlsConfiguration);

    runTCP(DATA, 0, clientSslContext);
}
 

protected SSLContext loadSslContext(String username, Path directory) throws GeneralSecurityException, IOException {
    char[] keystorePasswd;
    try (InputStream inputStream = Files.newInputStream(directory.resolve("CN=" + username + ".password"))) {
        keystorePasswd = IOUtils.toString(inputStream, StandardCharsets.UTF_8).toCharArray();
    }
    return SslContextFactory.createSslContext(
            directory.resolve("CN=" + username + ".p12").toFile().getAbsolutePath(),
            keystorePasswd,
            "PKCS12",
            certificatesDirectory.resolve("c2").resolve("truststore.jks").toFile().getAbsolutePath(),
            "badTrustPass".toCharArray(), "jks", SslContextFactory.ClientAuth.NONE, "TLS");
}
 

@Test
public void testTLSClienAuthRequiredAndClientCertProvided() throws InitializationException, IOException, InterruptedException,
        UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {

    runner.setProperty(ListenTCP.CLIENT_AUTH, SSLContextService.ClientAuth.REQUIRED.name());
    configureProcessorSslContextService();

    final List<String> messages = new ArrayList<>();
    messages.add("This is message 1\n");
    messages.add("This is message 2\n");
    messages.add("This is message 3\n");
    messages.add("This is message 4\n");
    messages.add("This is message 5\n");

    // Make an SSLContext with a key and trust store to send the test messages
    final SSLContext clientSslContext = SslContextFactory.createSslContext(
            "src/test/resources/localhost-ks.jks",
            "localtest".toCharArray(),
            "jks",
            "src/test/resources/localhost-ts.jks",
            "localtest".toCharArray(),
            "jks",
            org.apache.nifi.security.util.SslContextFactory.ClientAuth.valueOf("NONE"),
            "TLS");

    runTCP(messages, messages.size(), clientSslContext);

    List<MockFlowFile> mockFlowFiles = runner.getFlowFilesForRelationship(ListenTCP.REL_SUCCESS);
    for (int i=0; i < mockFlowFiles.size(); i++) {
        mockFlowFiles.get(i).assertContentEquals("This is message " + (i + 1));
    }
}
 

private void verifySslConfig(final ValidationContext validationContext) throws ProcessException {
    final String protocol = validationContext.getProperty(SSL_ALGORITHM).getValue();
    try {
        final PropertyValue keyPasswdProp = validationContext.getProperty(KEY_PASSWORD);
        final char[] keyPassword = keyPasswdProp.isSet() ? keyPasswdProp.getValue().toCharArray() : null;

        final String keystoreFile = validationContext.getProperty(KEYSTORE).getValue();
        if (keystoreFile == null) {
            SslContextFactory.createTrustSslContext(
                    validationContext.getProperty(TRUSTSTORE).getValue(),
                    validationContext.getProperty(TRUSTSTORE_PASSWORD).getValue().toCharArray(),
                    validationContext.getProperty(TRUSTSTORE_TYPE).getValue(),
                    protocol);
            return;
        }
        final String truststoreFile = validationContext.getProperty(TRUSTSTORE).getValue();
        if (truststoreFile == null) {
            SslContextFactory.createSslContext(
                    validationContext.getProperty(KEYSTORE).getValue(),
                    validationContext.getProperty(KEYSTORE_PASSWORD).getValue().toCharArray(),
                    keyPassword,
                    validationContext.getProperty(KEYSTORE_TYPE).getValue(),
                    protocol);
            return;
        }

        SslContextFactory.createSslContext(
                validationContext.getProperty(KEYSTORE).getValue(),
                validationContext.getProperty(KEYSTORE_PASSWORD).getValue().toCharArray(),
                keyPassword,
                validationContext.getProperty(KEYSTORE_TYPE).getValue(),
                validationContext.getProperty(TRUSTSTORE).getValue(),
                validationContext.getProperty(TRUSTSTORE_PASSWORD).getValue().toCharArray(),
                validationContext.getProperty(TRUSTSTORE_TYPE).getValue(),
                org.apache.nifi.security.util.SslContextFactory.ClientAuth.REQUIRED,
                protocol);
    } catch (final Exception e) {
        throw new ProcessException(e);
    }
}
 

private SSLContext getConfiguredSslContext(final LoginIdentityProviderConfigurationContext configurationContext) {
    final String rawKeystore = configurationContext.getProperty("TLS - Keystore");
    final String rawKeystorePassword = configurationContext.getProperty("TLS - Keystore Password");
    final String rawKeystoreType = configurationContext.getProperty("TLS - Keystore Type");
    final String rawTruststore = configurationContext.getProperty("TLS - Truststore");
    final String rawTruststorePassword = configurationContext.getProperty("TLS - Truststore Password");
    final String rawTruststoreType = configurationContext.getProperty("TLS - Truststore Type");
    final String rawClientAuth = configurationContext.getProperty("TLS - Client Auth");
    final String rawProtocol = configurationContext.getProperty("TLS - Protocol");

    // create the ssl context
    final SSLContext sslContext;
    try {
        if (StringUtils.isBlank(rawKeystore) && StringUtils.isBlank(rawTruststore)) {
            sslContext = null;
        } else {
            // ensure the protocol is specified
            if (StringUtils.isBlank(rawProtocol)) {
                throw new ProviderCreationException("TLS - Protocol must be specified.");
            }

            if (StringUtils.isBlank(rawKeystore)) {
                sslContext = SslContextFactory.createTrustSslContext(rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, rawProtocol);
            } else if (StringUtils.isBlank(rawTruststore)) {
                sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType, rawProtocol);
            } else {
                // determine the client auth if specified
                final ClientAuth clientAuth;
                if (StringUtils.isBlank(rawClientAuth)) {
                    clientAuth = ClientAuth.NONE;
                } else {
                    try {
                        clientAuth = ClientAuth.valueOf(rawClientAuth);
                    } catch (final IllegalArgumentException iae) {
                        throw new ProviderCreationException(String.format("Unrecognized client auth '%s'. Possible values are [%s]",
                                rawClientAuth, StringUtils.join(ClientAuth.values(), ", ")));
                    }
                }

                sslContext = SslContextFactory.createSslContext(rawKeystore, rawKeystorePassword.toCharArray(), rawKeystoreType,
                        rawTruststore, rawTruststorePassword.toCharArray(), rawTruststoreType, clientAuth, rawProtocol);
            }
        }
    } catch (final KeyStoreException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException | KeyManagementException | IOException e) {
        throw new ProviderCreationException(e.getMessage(), e);
    }

    return sslContext;
}
 

public SSLContext createSSLContext() throws TlsException {
    // ClientAuth was hardcoded to REQUIRED in removed SSLContextFactory and overridden in SocketUtils when the socket is created
    return SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.REQUIRED);
}
 

private void secureTest(boolean twoWaySsl) throws Exception {
    CountDownLatch serverReady = new CountDownLatch(1);
    CountDownLatch requestSent = new CountDownLatch(1);

    processor = createProcessor(serverReady, requestSent);
    final TestRunner runner = TestRunners.newTestRunner(processor);
    runner.setProperty(HandleHttpRequest.PORT, "0");

    final MockHttpContextMap contextMap = new MockHttpContextMap();
    runner.addControllerService("http-context-map", contextMap);
    runner.enableControllerService(contextMap);
    runner.setProperty(HandleHttpRequest.HTTP_CONTEXT_MAP, "http-context-map");

    final Map<String, String> sslProperties = getServerKeystoreProperties();
    sslProperties.putAll(getTruststoreProperties());
    sslProperties.put(StandardSSLContextService.SSL_ALGORITHM.getName(), CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
    useSSLContextService(runner, sslProperties, twoWaySsl ? SslContextFactory.ClientAuth.REQUIRED : SslContextFactory.ClientAuth.NONE);

    final Thread httpThread = new Thread(new Runnable() {
        @Override
        public void run() {
            try {
                serverReady.await();

                final int port = ((HandleHttpRequest) runner.getProcessor()).getPort();
                final HttpsURLConnection connection = (HttpsURLConnection) new URL("https://localhost:"
                        + port + "/my/path?query=true&value1=value1&value2=&value3&value4=apple=orange").openConnection();

                SSLContext clientSslContext;
                if (twoWaySsl) {
                    // Use a client certificate, do not reuse the server's keystore
                    clientSslContext = SslContextFactory.createSslContext(clientTlsConfiguration);
                } else {
                    // With one-way SSL, the client still needs a truststore
                    clientSslContext = SslContextFactory.createSslContext(trustOnlyTlsConfiguration);
                }
                connection.setSSLSocketFactory(clientSslContext.getSocketFactory());
                connection.setDoOutput(false);
                connection.setRequestMethod("GET");
                connection.setRequestProperty("header1", "value1");
                connection.setRequestProperty("header2", "");
                connection.setRequestProperty("header3", "apple=orange");
                connection.setConnectTimeout(3000);
                connection.setReadTimeout(3000);

                sendRequest(connection, requestSent);
            } catch (final Throwable t) {
                // Do nothing as HandleHttpRequest doesn't respond normally
            }
        }
    });

    httpThread.start();
    runner.run(1, false, false);

    runner.assertAllFlowFilesTransferred(HandleHttpRequest.REL_SUCCESS, 1);
    assertEquals(1, contextMap.size());

    final MockFlowFile mff = runner.getFlowFilesForRelationship(HandleHttpRequest.REL_SUCCESS).get(0);
    mff.assertAttributeEquals("http.query.param.query", "true");
    mff.assertAttributeEquals("http.query.param.value1", "value1");
    mff.assertAttributeEquals("http.query.param.value2", "");
    mff.assertAttributeEquals("http.query.param.value3", "");
    mff.assertAttributeEquals("http.query.param.value4", "apple=orange");
    mff.assertAttributeEquals("http.headers.header1", "value1");
    mff.assertAttributeEquals("http.headers.header3", "apple=orange");
    mff.assertAttributeEquals("http.protocol", "HTTP/1.1");
}
 

public SSLContext createSSLContext() throws TlsException {
    // This is only used for client sockets, so the client auth setting is ignored
    return SslContextFactory.createSslContext(tlsConfiguration, SslContextFactory.ClientAuth.NONE);
}
 

@Override
public SSLContext createSSLContext(final ClientAuth clientAuth) throws ProcessException {
    final String protocol = configContext.getProperty(SSL_ALGORITHM).getValue();
    try {
        final PropertyValue keyPasswdProp = configContext.getProperty(KEY_PASSWORD);
        final char[] keyPassword = keyPasswdProp.isSet() ? keyPasswdProp.getValue().toCharArray() : null;

        final String keystoreFile = configContext.getProperty(KEYSTORE).getValue();
        if (keystoreFile == null) {
            // If keystore not specified, create SSL Context based only on trust store.
            return SslContextFactory.createTrustSslContext(
                    configContext.getProperty(TRUSTSTORE).getValue(),
                    configContext.getProperty(TRUSTSTORE_PASSWORD).getValue().toCharArray(),
                    configContext.getProperty(TRUSTSTORE_TYPE).getValue(),
                    protocol);
        }

        final String truststoreFile = configContext.getProperty(TRUSTSTORE).getValue();
        if (truststoreFile == null) {
            // If truststore not specified, create SSL Context based only on key store.
            return SslContextFactory.createSslContext(
                    configContext.getProperty(KEYSTORE).getValue(),
                    configContext.getProperty(KEYSTORE_PASSWORD).getValue().toCharArray(),
                    keyPassword,
                    configContext.getProperty(KEYSTORE_TYPE).getValue(),
                    protocol);
        }

        return SslContextFactory.createSslContext(
                configContext.getProperty(KEYSTORE).getValue(),
                configContext.getProperty(KEYSTORE_PASSWORD).getValue().toCharArray(),
                keyPassword,
                configContext.getProperty(KEYSTORE_TYPE).getValue(),
                configContext.getProperty(TRUSTSTORE).getValue(),
                configContext.getProperty(TRUSTSTORE_PASSWORD).getValue().toCharArray(),
                configContext.getProperty(TRUSTSTORE_TYPE).getValue(),
                org.apache.nifi.security.util.SslContextFactory.ClientAuth.valueOf(clientAuth.name()),
                protocol);
    } catch (final Exception e) {
        throw new ProcessException(e);
    }
}