[
https://issues.apache.org/jira/browse/NIFI-2943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15666050#comment-15666050
]
ASF GitHub Bot commented on NIFI-2943:
--------------------------------------
Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi/pull/1165#discussion_r87947260
--- Diff:
nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeyStoreUtils.java
---
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.security.util;
+
+import org.apache.commons.lang3.StringUtils;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.Security;
+
+public class KeyStoreUtils {
+ private static final Logger logger =
LoggerFactory.getLogger(KeyStoreUtils.class);
+
+ static {
+ Security.addProvider(new BouncyCastleProvider());
+ }
+
+ public static String getKeyStoreProvider(String keyStoreType) {
+ if (KeystoreType.PKCS12.toString().equalsIgnoreCase(keyStoreType))
{
+ return BouncyCastleProvider.PROVIDER_NAME;
+ }
+ return null;
+ }
+
+ public static KeyStore getKeyStore(String keyStoreType) throws
KeyStoreException {
--- End diff --
We should add Javadoc comments on these methods to indicate that they do
not return a specific instance, rather a new empty instance similar to
`KeyStore.getInstance()`.
> tls-toolkit pkcs12 truststore 0 entries
> ---------------------------------------
>
> Key: NIFI-2943
> URL: https://issues.apache.org/jira/browse/NIFI-2943
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Bryan Rosander
> Assignee: Bryan Rosander
> Priority: Minor
>
> When pkcs12 is used by the tls-toolkit, the resulting truststore has no
> entries when inspected by the keytool and the tls-toolkit certificate
> authority certificate is not trusted by NiFi.
> This seems to be due to the Java pkcs12 provider not supporting certificate
> entries:
> http://stackoverflow.com/questions/3614239/pkcs12-java-keystore-from-ca-and-user-certificate-in-java#answer-3614405
> The Bouncy Castle provider does seem to support certificates but we may not
> want to explicitly use that provider from within NiFi.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
