mtien-apache commented on a change in pull request #4767:
URL: https://github.com/apache/nifi/pull/4767#discussion_r561247262
##########
File path:
nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeyStoreUtils.java
##########
@@ -125,6 +146,63 @@ public static KeyStore loadKeyStore(String keystorePath,
char[] keystorePassword
}
}
+ /**
+ * Creates a temporary default Keystore and Truststore and returns it
wrapped in a TLS configuration.
+ *
+ * @return a {@link org.apache.nifi.security.util.TlsConfiguration}
+ */
+ public static TlsConfiguration createTlsConfigAndNewKeystoreTruststore()
throws IOException, GeneralSecurityException {
+ return createTlsConfigAndNewKeystoreTruststore(new
StandardTlsConfiguration());
+ }
+
+ /**
+ * Creates a temporary Keystore and Truststore and returns it wrapped in a
new TLS configuration with the given values.
+ *
+ * @param tlsConfiguration a {@link
org.apache.nifi.security.util.TlsConfiguration}
+ * @return a {@link org.apache.nifi.security.util.TlsConfiguration}
+ */
+ public static TlsConfiguration
createTlsConfigAndNewKeystoreTruststore(final TlsConfiguration
tlsConfiguration) throws IOException, GeneralSecurityException {
+ final Path keyStorePath;
+ final String keystorePassword =
StringUtils.isNotBlank(tlsConfiguration.getKeystorePassword()) ?
tlsConfiguration.getKeystorePassword() : generatePassword();
+ final String keyPassword =
StringUtils.isNotBlank(tlsConfiguration.getKeyPassword())?
tlsConfiguration.getKeyPassword() : keystorePassword;
+ final KeystoreType keystoreType = tlsConfiguration.getKeystoreType()
!= null ? tlsConfiguration.getKeystoreType() : KeystoreType.PKCS12;
+ final Path trustStorePath;
+ final String truststorePassword =
StringUtils.isNotBlank(tlsConfiguration.getTruststorePassword()) ?
tlsConfiguration.getTruststorePassword() : "";
+ final KeystoreType truststoreType =
tlsConfiguration.getTruststoreType() != null ?
tlsConfiguration.getTruststoreType() : KeystoreType.PKCS12;
+
+ // Create temporary Keystore file
+ try {
+ keyStorePath = generateTempKeystorePath(keystoreType);
+ } catch (IOException e) {
+ logger.error(KEYSTORE_ERROR_MSG);
+ throw new UncheckedIOException(KEYSTORE_ERROR_MSG, e);
+ }
+
+ // Create temporary Truststore file
+ try {
+ trustStorePath = generateTempTruststorePath(truststoreType);
+ } catch (IOException e) {
+ logger.error(TRUSTSTORE_ERROR_MSG);
+ throw new UncheckedIOException(TRUSTSTORE_ERROR_MSG, e);
+ }
+
+ // Create X509 Certificate
+ final X509Certificate clientCert =
createKeyStoreAndGetX509Certificate(KEY_ALIAS, keystorePassword, keyPassword,
keyStorePath.toString(), keystoreType);
+
+ // Create Truststore
+ createTrustStore(clientCert, CERT_ALIAS, truststorePassword,
trustStorePath.toString(), getKeystoreType(truststoreType.toString()));
+
+ return new StandardTlsConfiguration(
+ keyStorePath.toString(),
+ keystorePassword,
+ keyPassword,
+ getKeystoreType(keystoreType.toString()),
+ trustStorePath.toString(),
+ truststorePassword,
+ getKeystoreType(truststoreType.toString()),
Review comment:
The call is not necessary.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
