[ https://issues.apache.org/jira/browse/NIFI-2193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15398456#comment-15398456 ]
ASF GitHub Bot commented on NIFI-2193: -------------------------------------- Github user alopresto commented on a diff in the pull request: https://github.com/apache/nifi/pull/695#discussion_r72723879 --- Diff: nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/util/PasswordUtil.java --- @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.nifi.toolkit.tls.util; + +import java.math.BigInteger; +import java.security.SecureRandom; + +public class PasswordUtil { + private final SecureRandom secureRandom; + + public PasswordUtil(SecureRandom secureRandom) { + this.secureRandom = secureRandom; + } + + public String generatePassword() { + // [see http://stackoverflow.com/questions/41107/how-to-generate-a-random-alpha-numeric-string#answer-41156] + return new BigInteger(1024, secureRandom).toString(36); --- End diff -- I appreciate the *strong* entropy here, but 1024 bits in base 36 ≈ 198 characters. Something that provides more than 128 bits is sufficient here; 256 will be more than enough for a number of years. I might have commented off-hand about the base earlier, but base 32 makes sense because it uses a "round" number of bits ( `2^5 = 32` ) to fully express its alphabet, while base 36 (`0-9a-f`) needs 6 ( `2^6 = 64` ) but wastes a number of those bits. > Command Line Keystore and Truststore utility > -------------------------------------------- > > Key: NIFI-2193 > URL: https://issues.apache.org/jira/browse/NIFI-2193 > Project: Apache NiFi > Issue Type: New Feature > Reporter: Bryan Rosander > Assignee: Bryan Rosander > > In order to facilitate secure setup of NiFi, it would be useful to have a > command line utility capable of generating the required keystores, > truststore, and relevant configuration files. > It should be able to generate keystores for each NiFi node, a truststore that > they all use, and relevant passwords and configuration files for using the > keystores and truststore. > Additionally, in order to support distributed deployment, a web based > certificate authority with corresponding client will allow for each NiFi > instance to generate its own keypair and then request signing by the CA. -- This message was sent by Atlassian JIRA (v6.3.4#6332)