[NIFI-5462] Refactor TLS Toolkit - ASF JIRA

Attach files

Attach Screenshot

Add vote

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Improvement
Status: In Progress
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.7.1
Fix Version/s: None
Component/s: Security, Tools and Build
Labels:
- certificate
- nifi-registry
- pki
- refactor
- registry
- security
- tls-toolkit

Epic Link:
NiFi security configuration requires substantial knowledge and effort to deploy

Description

The TLS Toolkit was originally designed with limited scope and has since grown organically to meet additional requirements. Because of this, its components can be disjoint, there is unnecessary code and communication interfaces, and it can be difficult to extend.

A complete refactor should be performed to remove superfluous code, make it easier to extend, separate concerns (command-line interaction, certificate generation and signing, and component communication [client/server, internal/external]).

Along with this refactor, it should be extended to handle additional components which require certificate generation, signing, and trust allocation, such as the Apache NiFi Registry.