-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NIFI-10667 Add Private Key Service interface and implementation #6553
Conversation
- Defined PrivateKeyService in nifi-key-service-api - Implemented StandardPrivateKeyService using Bouncy Castle library
Will review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@exceptionfactory Thanks for adding this controller service!
I tested it with both encrypted and non-encrypted private keys and it works properly.
I found an invalid configuration case which is not handled correctly.
Also added some other comments as possible improvements.
...y-service/src/main/java/org/apache/nifi/key/service/reader/BouncyCastlePrivateKeyReader.java
Outdated
Show resolved
Hide resolved
...le/nifi-key-service/src/main/java/org/apache/nifi/key/service/StandardPrivateKeyService.java
Outdated
Show resolved
Hide resolved
...le/nifi-key-service/src/main/java/org/apache/nifi/key/service/StandardPrivateKeyService.java
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@exceptionfactory Thanks for the changes!
+1 LGTM
+1 looks good to me |
- Defined PrivateKeyService in nifi-key-service-api - Implemented StandardPrivateKeyService using Bouncy Castle library NIFI-10667 Improved custom validation to avoid repetitive reads NIFI-10667 Added onPropertyModified() to clear Key Reference for validation Signed-off-by: Nathan Gough <thenatog@gmail.com> This closes apache#6553.
Summary
NIFI-10667 Adds a new
PrivateKeyService
Controller Service interface andStandardPrivateKeyService
implementation capable of reading encrypted or unencrypted Private Keys.The service interface is defined in a new
nifi-key-service-api
module undernifi-standard-services
. The standard implementation uses the Bouncy Castle library andPEMParser
class to handle decoding and decrypting Private Keys. The initial implementation supports PEM encoding and PKCS 8, which can be used for several standard key algorithms including RSA and DSA.Tracking
Please complete the following tracking steps prior to pull request creation.
Issue Tracking
Pull Request Tracking
NIFI-00000
NIFI-00000
Pull Request Formatting
main
branchVerification
Please indicate the verification steps performed prior to pull request creation.
Build
mvn clean install -P contrib-check
Licensing
LICENSE
andNOTICE
filesDocumentation