alopresto commented on a change in pull request #3204: NIFI-1364 - Removed
custom OCSP certificate revocation checking code and replaced with just using
Java native implementation.
URL: https://github.com/apache/nifi/pull/3204#discussion_r304193349
##########
File path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-security/src/main/java/org/apache/nifi/framework/security/util/SslContextFactory.java
##########
@@ -102,4 +107,27 @@ private static boolean hasTruststoreProperties(final
NiFiProperties props) {
&&
StringUtils.isNotBlank(props.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE)));
}
+ private static TrustManagerFactory getTrustManagerFactory(KeyStore
trustStore, boolean ocspEnabled, String responderURL) throws KeyStoreException,
InvalidAlgorithmParameterException, NoSuchAlgorithmException {
Review comment:
I understand there are already multiple (similar but not identical)
implementations of `SSLContextFactory` throughout the application (as noted in
[NIFI-1478](https://issues.apache.org/jira/browse/NIFI-1478)) but rather than
introduce duplicate method implementations here, I would prefer to implement
the code once (either in a particular implementation or in a utility class) and
invoke it across class boundaries with the understanding that the multiple
callers may be cleaned up in the referenced ticket. Introducing the code in
multiple places encourages the potential for it to be slightly modified in each
place and silently fall out of alignment.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
