mark-bathori commented on PR #10031: URL: https://github.com/apache/nifi/pull/10031#issuecomment-3236361244
Thanks @exceptionfactory for the comment. I based the KeyManagerFactory creation on a similar approach used in the [MQTT](https://github.com/apache/nifi/blob/main/nifi-extension-bundles/nifi-mqtt-bundle/nifi-mqtt-processors/src/main/java/org/apache/nifi/processors/mqtt/adapters/HiveMqV5ClientAdapter.java#L201) bundle. I have since checked the KeyManager approach you suggested, but unfortunately, it requires providing an alias as parameter to get the PrivateKey, which is not suitable for our use case. The TrustStore is currently being created in the same way. Is this approach acceptable for the TrustStore, or should it be handled differently? I think it would be useful to extend the SSLContextProvider to create both KeyManagerFactory and TrustManagerFactory or for now, we could remove keystore-based authentication from the scope of this pull request and revisit it later. Let me know what you think. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
