mtien-apache commented on a change in pull request #4767: URL: https://github.com/apache/nifi/pull/4767#discussion_r564864846
########## File path: nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeyStoreUtils.java ########## @@ -366,4 +461,133 @@ public static String sslServerSocketToString(SSLServerSocket sslServerSocket) { .append("useClientMode", sslServerSocket.getUseClientMode()) .toString(); } + + /** + * Loads the Keystore and returns a X509 Certificate with the given values. + * + * @param alias the certificate alias + * @param keyStorePassword the keystore password + * @param keyPassword the key password + * @param keyStorePath the keystore path + * @param keyStoreType the keystore type + * @return a {@link X509Certificate} + */ + private static X509Certificate createKeyStoreAndGetX509Certificate( + final String alias, final String keyStorePassword, final String keyPassword, final String keyStorePath, + final KeystoreType keyStoreType) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException { + + try (final FileOutputStream outputStream = new FileOutputStream(keyStorePath)) { + final KeyPair keyPair = KeyPairGenerator.getInstance(KEY_ALGORITHM).generateKeyPair(); + + final X509Certificate selfSignedCert = CertificateUtils.generateSelfSignedX509Certificate( + keyPair, CERT_DN, SIGNING_ALGORITHM, CERT_DURATION_DAYS + ); + + final KeyStore keyStore = loadEmptyKeyStore(keyStoreType); + keyStore.setKeyEntry(alias, keyPair.getPrivate(), keyPassword.toCharArray(), new Certificate[]{selfSignedCert}); + keyStore.store(outputStream, keyStorePassword.toCharArray()); + + return selfSignedCert; + } + } + + /** + * Loads the Truststore with the given values. + * + * @param cert the certificate + * @param alias the certificate alias + * @param password the truststore password + * @param path the truststore path + * @param truststoreType the truststore type + */ + private static void createTrustStore(final X509Certificate cert, + final String alias, final String password, final String path, final KeystoreType truststoreType) + throws KeyStoreException, NoSuchAlgorithmException, CertificateException { + + try (final FileOutputStream outputStream = new FileOutputStream(path)) { + final KeyStore trustStore = loadEmptyKeyStore(truststoreType); + trustStore.setCertificateEntry(alias, cert); + trustStore.store(outputStream, password.toCharArray()); + } catch (IOException e) { + throw new UncheckedIOException(TRUSTSTORE_ERROR_MSG, e); + } + } + + /** + * Generates a temporary keystore file and returns the path. + * + * @param keystoreType the Keystore type + * @return a Path + */ + private static Path generateTempKeystorePath(KeystoreType keystoreType) throws IOException { + return Files.createTempFile(TEST_KEYSTORE_PREFIX, getKeystoreExtension(keystoreType)); + } + + /** + * Generates a temporary truststore file and returns the path. + * + * @param truststoreType the Truststore type + * @return a Path + */ + private static Path generateTempTruststorePath(KeystoreType truststoreType) throws IOException { + return Files.createTempFile(TEST_TRUSTSTORE_PREFIX, getKeystoreExtension(truststoreType)); + } + + /** + * Loads and returns an empty Keystore backed by the appropriate provider. + * + * @param keyStoreType the keystore type + * @return an empty keystore + * @throws KeyStoreException if a keystore of the given type cannot be instantiated + */ + private static KeyStore loadEmptyKeyStore(KeystoreType keyStoreType) throws KeyStoreException, CertificateException, NoSuchAlgorithmException { + final KeyStore keyStore; + try { + keyStore = KeyStore.getInstance( + Objects.requireNonNull(getKeystoreType(keyStoreType.toString())) Review comment: @exceptionfactory good catch. I replaced it and altogether removed the `getKeystoreType()` method since that was the last place it was being used. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org