You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/01/18 04:33:00 UTC

[jira] [Commented] (NIFI-6770) Allow use of truststore with no password from SSLContextService

    [ https://issues.apache.org/jira/browse/NIFI-6770?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17018500#comment-17018500 ] 

ASF subversion and git services commented on NIFI-6770:
-------------------------------------------------------

Commit 4ec9155cbc1796c0fc31893cdd91733b7f9cec45 in nifi's branch refs/heads/master from Nathan Gough
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=4ec9155 ]

NIFI-6770 - Set validator to Validator.VALID to allow empty password for truststores.
Added no-password keystore for tests
System NiFi truststore now allows a passwordless truststore. Added a unit test to prove this.
Forgot no-password-truststore.jks file for the unit test.
Refactored utility method from CertificateUtils to KeyStoreUtils.
Added utility methods to verify keystore and key passwords.
Added unit tests.
Implemented different keystore and truststore validation logic.
Refactored internal custom validation in StandardSSLContextService.
Added unit test resource for keystore with different key and keystore passwords.
Added unit test to generate passwordless truststore for https://nifi.apache.org for live testing.
Resolved NPE in SSLContext generation in StandardSSLContextService
Added unit test to generate passwordless truststore for localhost for InvokeHTTP testing.
Resolved TrustManagerFactoryImpl initialization error.
Fixed unit test without proper cleanup which caused RAT failures.

Co-authored-by: Andy LoPresto <al...@apache.org>

This closes #3823.

Signed-off-by: Andy LoPresto <al...@apache.org>


> Allow use of truststore with no password from SSLContextService
> ---------------------------------------------------------------
>
>                 Key: NIFI-6770
>                 URL: https://issues.apache.org/jira/browse/NIFI-6770
>             Project: Apache NiFi
>          Issue Type: Improvement
>    Affects Versions: 1.9.2
>            Reporter: Bryan Bende
>            Assignee: Nathan Gough
>            Priority: Minor
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Currently the StandardSSLContextService and StandardRestrictedSSLContextService require that a truststore password is provided when a truststore is configured. It is possible that someone creates a truststore without a password and we should allow the use of that.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)