[
https://issues.apache.org/jira/browse/NIFI-2193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15396725#comment-15396725
]
ASF GitHub Bot commented on NIFI-2193:
--------------------------------------
Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/695
I don't really understand the structure of the tool here -- it looks like
`TlsToolkitMain` is invoked from the scripts, and it has an internal instance
of `TlsToolkitCommandLine` to parse the command line arguments, and an instance
of `TlsHelper`. I would expect `TlsToolkitMain` to be a standalone class which
encapsulated the logic (and ideally, to be named something like
`CertificateGeneratorTool` as it is focusing solely on the key and certificate
generation), and `TlsToolkitCommandLine` to be a wrapper class which handles
and parses command line input to then invoke the main class logic. This way,
the logic could be invoked programmatically from other classes with direct
parameter provision. It seems to me that the current structure tightly couples
all certificate generation & keystore population the with command line entry
point.
> Command Line Keystore and Truststore utility
> --------------------------------------------
>
> Key: NIFI-2193
> URL: https://issues.apache.org/jira/browse/NIFI-2193
> Project: Apache NiFi
> Issue Type: New Feature
> Reporter: Bryan Rosander
> Assignee: Bryan Rosander
>
> In order to facilitate secure setup of NiFi, it would be useful to have a
> command line utility capable of generating the required keystores,
> truststore, and relevant configuration files.
> It should be able to generate keystores for each NiFi node, a truststore that
> they all use, and relevant passwords and configuration files for using the
> keystores and truststore.
> Additionally, in order to support distributed deployment, a web based
> certificate authority with corresponding client will allow for each NiFi
> instance to generate its own keypair and then request signing by the CA.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)