From 2cdb0fb6a39dae3453dc36e810039a25e32d913e Mon Sep 17 00:00:00 2001
From: exceptionfactory <exceptionfactory@gmail.com>
Date: Mon, 14 Dec 2020 10:51:20 -0500
Subject: [PATCH] NIFI-8088 Removed deprecation warning log for PKCS12 trust
 stores

Signed-off-by: Nathan Gough <thenatog@gmail.com>

This closes #4727.
---
 .../apache/nifi/security/util/KeyStoreUtils.java | 16 +---------------
 .../nifi/security/util/KeyStoreUtilsTest.java    |  6 +++---
 .../nifi/remote/client/SiteToSiteClient.java     |  8 +-------
 .../x509/ocsp/OcspCertificateValidator.java      |  2 +-
 .../apache/nifi/processors/standard/GetHTTP.java |  2 +-
 .../nifi/processors/standard/PostHTTP.java       |  2 +-
 .../tls/service/TlsCertificateAuthorityTest.java |  2 +-
 .../tls/standalone/TlsToolkitStandaloneTest.java |  2 +-
 8 files changed, 10 insertions(+), 30 deletions(-)

diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeyStoreUtils.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeyStoreUtils.java
index 01ee383bb3..704d2efcf3 100644
--- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeyStoreUtils.java
+++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/KeyStoreUtils.java
@@ -88,20 +88,6 @@ public class KeyStoreUtils {
         return KeyStore.getInstance(keyStoreType);
     }
 
-    /**
-     * Returns an empty KeyStore intended for use as a TrustStore backed by the appropriate provider
-     *
-     * @param trustStoreType the trustStoreType
-     * @return an empty KeyStore
-     * @throws KeyStoreException if a KeyStore of the given type cannot be instantiated
-     */
-    public static KeyStore getTrustStore(String trustStoreType) throws KeyStoreException {
-        if (KeystoreType.PKCS12.toString().equalsIgnoreCase(trustStoreType)) {
-            logger.warn(trustStoreType + " truststores are deprecated.  " + KeystoreType.JKS.toString() + " is preferred.");
-        }
-        return getKeyStore(trustStoreType);
-    }
-
     /**
      * Returns a loaded {@link KeyStore} given the provided configuration values.
      *
@@ -194,7 +180,7 @@ public class KeyStoreUtils {
     public static KeyStore loadTrustStore(String truststorePath, char[] truststorePassword, String truststoreType) throws TlsException {
         final KeyStore trustStore;
         try {
-            trustStore = KeyStoreUtils.getTrustStore(truststoreType);
+            trustStore = KeyStoreUtils.getKeyStore(truststoreType);
             try (final InputStream trustStoreStream = new FileInputStream(truststorePath)) {
                 trustStore.load(trustStoreStream, truststorePassword);
             }
diff --git a/nifi-commons/nifi-security-utils/src/test/java/org/apache/nifi/security/util/KeyStoreUtilsTest.java b/nifi-commons/nifi-security-utils/src/test/java/org/apache/nifi/security/util/KeyStoreUtilsTest.java
index 729967e9d9..2a8d1fe767 100644
--- a/nifi-commons/nifi-security-utils/src/test/java/org/apache/nifi/security/util/KeyStoreUtilsTest.java
+++ b/nifi-commons/nifi-security-utils/src/test/java/org/apache/nifi/security/util/KeyStoreUtilsTest.java
@@ -88,17 +88,17 @@ public class KeyStoreUtilsTest {
 
     @Test
     public void testJksTrustStoreRoundTrip() throws GeneralSecurityException, IOException {
-        testTrustStoreRoundTrip(() -> KeyStoreUtils.getTrustStore(KeystoreType.JKS.toString().toLowerCase()));
+        testTrustStoreRoundTrip(() -> KeyStoreUtils.getKeyStore(KeystoreType.JKS.toString().toLowerCase()));
     }
 
     @Test
     public void testPkcs12TrustStoreBcRoundTrip() throws GeneralSecurityException, IOException {
-        testTrustStoreRoundTrip(() -> KeyStoreUtils.getTrustStore(KeystoreType.PKCS12.toString().toLowerCase()));
+        testTrustStoreRoundTrip(() -> KeyStoreUtils.getKeyStore(KeystoreType.PKCS12.toString().toLowerCase()));
     }
 
     @Test
     public void testPkcs12TrustStoreRoundTripBcReload() throws GeneralSecurityException, IOException {
-        testTrustStoreRoundTrip(() -> KeyStore.getInstance(KeystoreType.PKCS12.toString().toLowerCase()), () -> KeyStoreUtils.getTrustStore(KeystoreType.PKCS12.toString().toLowerCase()));
+        testTrustStoreRoundTrip(() -> KeyStore.getInstance(KeystoreType.PKCS12.toString().toLowerCase()), () -> KeyStoreUtils.getKeyStore(KeystoreType.PKCS12.toString().toLowerCase()));
     }
 
     private void testTrustStoreRoundTrip(KeyStoreSupplier keyStoreSupplier) throws GeneralSecurityException, IOException {
diff --git a/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClient.java b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClient.java
index 421d6a6ce3..6a91d1dba1 100644
--- a/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClient.java
+++ b/nifi-commons/nifi-site-to-site-client/src/main/java/org/apache/nifi/remote/client/SiteToSiteClient.java
@@ -902,13 +902,7 @@ public interface SiteToSiteClient extends Closeable {
             final TrustManagerFactory trustManagerFactory;
             if (truststoreFilename != null && truststorePass != null && truststoreType != null) {
                 try {
-                    // prepare the truststore
-                    final KeyStore trustStore = KeyStoreUtils.getTrustStore(getTruststoreType().name());
-                    try (final InputStream trustStoreStream = new FileInputStream(new File(getTruststoreFilename()))) {
-                        trustStore.load(trustStoreStream, truststorePass.toCharArray());
-                    }
-                    trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-                    trustManagerFactory.init(trustStore);
+                    trustManagerFactory = KeyStoreUtils.loadTrustManagerFactory(truststoreFilename, truststorePass, getTruststoreType().name());
                 } catch (final Exception e) {
                     throw new IllegalStateException("Failed to load Truststore", e);
                 }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
index 2f111f36d3..0aea33a98e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
@@ -194,7 +194,7 @@ public class OcspCertificateValidator {
 
         // load the configured truststore
         try (final FileInputStream fis = new FileInputStream(truststorePath)) {
-            final KeyStore truststore = KeyStoreUtils.getTrustStore(KeyStore.getDefaultType());
+            final KeyStore truststore = KeyStoreUtils.getKeyStore(KeyStore.getDefaultType());
             truststore.load(fis, truststorePassword);
 
             TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java
index d1e8a21de4..a130449037 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/GetHTTP.java
@@ -332,7 +332,7 @@ public class GetHTTP extends AbstractSessionFactoryProcessor {
         final SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
 
         if (StringUtils.isNotBlank(service.getTrustStoreFile())) {
-            final KeyStore truststore = KeyStoreUtils.getTrustStore(service.getTrustStoreType());
+            final KeyStore truststore = KeyStoreUtils.getKeyStore(service.getTrustStoreType());
             try (final InputStream in = new FileInputStream(new File(service.getTrustStoreFile()))) {
                 truststore.load(in, service.getTrustStorePassword().toCharArray());
             }
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PostHTTP.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PostHTTP.java
index ac47f0cffb..054e2e1b94 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PostHTTP.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/PostHTTP.java
@@ -514,7 +514,7 @@ public class PostHTTP extends AbstractProcessor {
         SSLContextBuilder builder = SSLContexts.custom();
         final String trustFilename = service.getTrustStoreFile();
         if (trustFilename != null) {
-            final KeyStore truststore = KeyStoreUtils.getTrustStore(service.getTrustStoreType());
+            final KeyStore truststore = KeyStoreUtils.getKeyStore(service.getTrustStoreType());
             try (final InputStream in = new FileInputStream(new File(service.getTrustStoreFile()))) {
                 truststore.load(in, service.getTrustStorePassword().toCharArray());
             }
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/TlsCertificateAuthorityTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/TlsCertificateAuthorityTest.java
index afefee341e..cfedde74cd 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/TlsCertificateAuthorityTest.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/service/TlsCertificateAuthorityTest.java
@@ -251,7 +251,7 @@ public class TlsCertificateAuthorityTest {
         // Does the certificate contain the SAN we defined in the client config?
         assert(isSANPresent(certificateChain[0]));
 
-        KeyStore clientTrustStore = KeyStoreUtils.getTrustStore(KeystoreType.JKS.toString());
+        KeyStore clientTrustStore = KeyStoreUtils.getKeyStore(KeystoreType.JKS.toString());
         clientTrustStore.load(new ByteArrayInputStream(clientTrustStoreOutputStream.toByteArray()), clientConfig.getTrustStorePassword().toCharArray());
         assertEquals(caCertificate, clientTrustStore.getCertificate(TlsToolkitStandalone.NIFI_CERT));
     }
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java
index 62aa838b14..8bdf18ce01 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java
+++ b/nifi-toolkit/nifi-toolkit-tls/src/test/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandaloneTest.java
@@ -464,7 +464,7 @@ public class TlsToolkitStandaloneTest {
 
         String trustStoreType = nifiProperties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE);
         assertEquals(KeystoreType.JKS.toString().toLowerCase(), trustStoreType.toLowerCase());
-        KeyStore trustStore = KeyStoreUtils.getTrustStore(trustStoreType);
+        KeyStore trustStore = KeyStoreUtils.getKeyStore(trustStoreType);
         try (InputStream inputStream = new FileInputStream(new File(hostDir, "truststore." + trustStoreType))) {
             trustStore.load(inputStream, nifiProperties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD).toCharArray());
         }