You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/11/14 18:15:58 UTC
[jira] [Commented] (NIFI-2943) tls-toolkit pkcs12 truststore 0
entries
[ https://issues.apache.org/jira/browse/NIFI-2943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15664587#comment-15664587 ]
ASF GitHub Bot commented on NIFI-2943:
--------------------------------------
Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi/pull/1165#discussion_r87859164
--- Diff: nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeyStoreUtils.java ---
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.security.util;
+
+import org.apache.commons.lang3.StringUtils;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.Security;
+
+public class KeyStoreUtils {
+ private static final Logger logger = LoggerFactory.getLogger(KeyStoreUtils.class);
+
+ static {
+ Security.addProvider(new BouncyCastleProvider());
+ }
+
+ public static String getKeyStoreProvider(String keyStoreType) {
+ if (KeystoreType.PKCS12.toString().equalsIgnoreCase(keyStoreType)) {
+ return BouncyCastleProvider.PROVIDER_NAME;
+ }
+ return null;
+ }
+
+ public static KeyStore getKeyStore(String keyStoreType) throws KeyStoreException {
+ String keyStoreProvider = getKeyStoreProvider(keyStoreType);
+ if (StringUtils.isNoneEmpty(keyStoreProvider)) {
--- End diff --
I think this should be `StringUtils.isNotEmpty` -- the current method works but is designed to iterate over a number of `CharSequences`; hence the jarring name.
> tls-toolkit pkcs12 truststore 0 entries
> ---------------------------------------
>
> Key: NIFI-2943
> URL: https://issues.apache.org/jira/browse/NIFI-2943
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Bryan Rosander
> Assignee: Bryan Rosander
> Priority: Minor
>
> When pkcs12 is used by the tls-toolkit, the resulting truststore has no entries when inspected by the keytool and the tls-toolkit certificate authority certificate is not trusted by NiFi.
> This seems to be due to the Java pkcs12 provider not supporting certificate entries:
> http://stackoverflow.com/questions/3614239/pkcs12-java-keystore-from-ca-and-user-certificate-in-java#answer-3614405
> The Bouncy Castle provider does seem to support certificates but we may not want to explicitly use that provider from within NiFi.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)