[NIFI-5462] Refactor TLS Toolkit - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: In Progress
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.7.1
Fix Version/s: None
Component/s: Security, Tools and Build
Labels:
- certificate
- nifi-registry
- pki
- refactor
- registry
- security
- tls-toolkit

Epic Link:
NiFi security configuration requires substantial knowledge and effort to deploy

Description

The TLS Toolkit was originally designed with limited scope and has since grown organically to meet additional requirements. Because of this, its components can be disjoint, there is unnecessary code and communication interfaces, and it can be difficult to extend.

A complete refactor should be performed to remove superfluous code, make it easier to extend, separate concerns (command-line interaction, certificate generation and signing, and component communication [client/server, internal/external]).

Along with this refactor, it should be extended to handle additional components which require certificate generation, signing, and trust allocation, such as the Apache NiFi Registry.

Attachments

Issue Links

is related to

NIFI-6178 Certificates generated for "localhost" need to have IP as a SAN in Java 11

Resolved

NIFI-5363 Enhance NiFi Toolkit to handle NiFi Registry

Open

relates to

NIFI-6273 Improve log output for TLS Toolkit tasks

Open

Activity

People

Assignee:: Andy LoPresto

Reporter:: Andy LoPresto

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 25/Jul/18 23:00

Updated:: 07/May/19 17:06