[jira] [Commented] (NIFI-2193) Command Line Keystore and Truststore utility

Wed, 27 Jul 2016 17:34:43 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-2193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15396725#comment-15396725
 ] 

ASF GitHub Bot commented on NIFI-2193:
--------------------------------------

Github user alopresto commented on the issue:

    https://github.com/apache/nifi/pull/695
  
    I don't really understand the structure of the tool here -- it looks like 
`TlsToolkitMain` is invoked from the scripts, and it has an internal instance 
of `TlsToolkitCommandLine` to parse the command line arguments, and an instance 
of `TlsHelper`. I would expect `TlsToolkitMain` to be a standalone class which 
encapsulated the logic (and ideally, to be named something like 
`CertificateGeneratorTool` as it is focusing solely on the key and certificate 
generation), and `TlsToolkitCommandLine` to be a wrapper class which handles 
and parses command line input to then invoke the main class logic. This way, 
the logic could be invoked programmatically from other classes with direct 
parameter provision. It seems to me that the current structure tightly couples 
all certificate generation & keystore population the with command line entry 
point. 


> Command Line Keystore and Truststore utility
> --------------------------------------------
>
>                 Key: NIFI-2193
>                 URL: https://issues.apache.org/jira/browse/NIFI-2193
>             Project: Apache NiFi
>          Issue Type: New Feature
>            Reporter: Bryan Rosander
>            Assignee: Bryan Rosander
>
> In order to facilitate secure setup of NiFi, it would be useful to have a 
> command line utility capable of generating the required keystores, 
> truststore, and relevant configuration files.
> It should be able to generate keystores for each NiFi node, a truststore that 
> they all use, and relevant passwords and configuration files for using the 
> keystores and truststore.
> Additionally, in order to support distributed deployment, a web based 
> certificate authority with corresponding client will allow for each NiFi 
> instance to generate its own keypair and then request signing by the CA.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to