thenatog commented on a change in pull request #5110:
URL: https://github.com/apache/nifi/pull/5110#discussion_r666496488
##########
File path:
nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeyStoreUtils.java
##########
@@ -143,6 +169,27 @@ public static KeyStore loadKeyStore(String keystorePath,
char[] keystorePassword
}
}
+ /**
+ * Load {@link KeyStore} containing Secret Key entries using configured
Security Provider
+ *
+ * @param keystorePath File path to KeyStore
+ * @param keystorePassword Password for loading KeyStore
+ * @param keystoreTypeName Keystore Type Name
+ * @return KeyStore loaded using specified configuration
+ * @throws TlsException Thrown when unable to load KeyStore or unsupported
Keystore Type
+ */
+ public static KeyStore loadSecretKeyStore(final String keystorePath, final
char[] keystorePassword, final String keystoreTypeName) throws TlsException {
+ try {
+ final KeyStore keyStore = getSecretKeyStore(keystoreTypeName);
+ try (final InputStream keyStoreStream = new
FileInputStream(keystorePath)) {
+ keyStore.load(keyStoreStream, keystorePassword);
+ }
+ return keyStore;
+ } catch (final GeneralSecurityException|IOException e) {
+ throw new TlsException(String.format("Loading Secret Keystore [%s]
Type [%s] Failed", keystorePath, keystoreTypeName), e);
Review comment:
Yeah I would agree this could potentially be refactored in future.
Exceptions related to TLS and key/trust stores are difficult to understand at
the best of times. I think that the name TlsException implies an issue with TLS
negotiation rather than an issue loading a keystore.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
