Examples with CertAndKey io.strimzi.certs.CertAndKey used on opensource projects

Example 41 with CertAndKey

use of io.strimzi.certs.CertAndKey in project strimzi-kafka-operator by strimzi.

the class CruiseControl method generateSecret.

/**
 * Generate the Secret containing the Cruise Control certificate signed by the cluster CA certificate used for TLS based
 * internal communication with Kafka and Zookeeper.
 * It also contains the related Cruise Control private key.
 *
 * @param kafka The Kafka custom resource
 * @param clusterCa The cluster CA.
 * @param isMaintenanceTimeWindowsSatisfied Indicates whether we are in the maintenance window or not.
 *                                          This is used for certificate renewals
 * @return The generated Secret.
 */
public Secret generateSecret(Kafka kafka, ClusterCa clusterCa, boolean isMaintenanceTimeWindowsSatisfied) {
    if (!isDeployed()) {
        return null;
    }
    Map<String, CertAndKey> ccCerts = new HashMap<>(4);
    LOGGER.debugCr(reconciliation, "Generating certificates");
    try {
        ccCerts = clusterCa.generateCcCerts(kafka, isMaintenanceTimeWindowsSatisfied);
    } catch (IOException e) {
        LOGGER.warnCr(reconciliation, "Error while generating certificates", e);
    }
    LOGGER.debugCr(reconciliation, "End generating certificates");
    String keyCertName = "cruise-control";
    Map<String, String> data = new HashMap<>(4);
    CertAndKey cert = ccCerts.get(keyCertName);
    data.put(keyCertName + ".key", cert.keyAsBase64String());
    data.put(keyCertName + ".crt", cert.certAsBase64String());
    data.put(keyCertName + ".p12", cert.keyStoreAsBase64String());
    data.put(keyCertName + ".password", cert.storePasswordAsBase64String());
    return createSecret(CruiseControl.secretName(cluster), data, Collections.singletonMap(clusterCa.caCertGenerationAnnotation(), String.valueOf(clusterCa.certGeneration())));
}

Example 42 with CertAndKey

use of io.strimzi.certs.CertAndKey in project strimzi-kafka-operator by strimzi.

the class ZookeeperCluster method generateNodesSecret.

/**
 * Generate the Secret containing the Zookeeper nodes certificates signed by the cluster CA certificate used for TLS based
 * internal communication with Kafka.
 * It also contains the related Zookeeper nodes private keys.
 *
 * @param clusterCa The CA for cluster certificates
 * @return The generated Secret.
 */
public Secret generateNodesSecret(ClusterCa clusterCa) {
    Map<String, String> data = new HashMap<>(replicas * 4);
    for (int i = 0; i < replicas; i++) {
        CertAndKey cert = nodeCerts.get(ZookeeperCluster.zookeeperPodName(cluster, i));
        data.put(ZookeeperCluster.zookeeperPodName(cluster, i) + ".key", cert.keyAsBase64String());
        data.put(ZookeeperCluster.zookeeperPodName(cluster, i) + ".crt", cert.certAsBase64String());
        data.put(ZookeeperCluster.zookeeperPodName(cluster, i) + ".p12", cert.keyStoreAsBase64String());
        data.put(ZookeeperCluster.zookeeperPodName(cluster, i) + ".password", cert.storePasswordAsBase64String());
    }
    return createSecret(ZookeeperCluster.nodesSecretName(cluster), data, Collections.singletonMap(clusterCa.caCertGenerationAnnotation(), String.valueOf(clusterCa.certGeneration())));
}

Example 43 with CertAndKey

use of io.strimzi.certs.CertAndKey in project strimzi-kafka-operator by strimzi.

the class KafkaCluster method generateBrokersSecret.

/**
 * Generate the Secret containing the Kafka brokers certificates signed by the cluster CA certificate used for TLS based
 * internal communication with Zookeeper.
 * It also contains the related Kafka brokers private keys.
 *
 * @param clusterCa The CA for cluster certificates
 * @param clientsCa The CA for clients certificates
 * @return The generated Secret
 */
public Secret generateBrokersSecret(ClusterCa clusterCa, ClientsCa clientsCa) {
    Map<String, String> data = new HashMap<>(replicas * 4);
    for (int i = 0; i < replicas; i++) {
        CertAndKey cert = brokerCerts.get(KafkaCluster.kafkaPodName(cluster, i));
        data.put(KafkaCluster.kafkaPodName(cluster, i) + ".key", cert.keyAsBase64String());
        data.put(KafkaCluster.kafkaPodName(cluster, i) + ".crt", cert.certAsBase64String());
        data.put(KafkaCluster.kafkaPodName(cluster, i) + ".p12", cert.keyStoreAsBase64String());
        data.put(KafkaCluster.kafkaPodName(cluster, i) + ".password", cert.storePasswordAsBase64String());
    }
    Map<String, String> annotations = Map.of(clusterCa.caCertGenerationAnnotation(), String.valueOf(clusterCa.certGeneration()), clientsCa.caCertGenerationAnnotation(), String.valueOf(clientsCa.certGeneration()));
    return createSecret(KafkaCluster.brokersSecretName(cluster), data, annotations);
}

Example 44 with CertAndKey

use of io.strimzi.certs.CertAndKey in project strimzi by strimzi.

the class ZookeeperCluster method generateNodesSecret.

/**
 * Generate the Secret containing the Zookeeper nodes certificates signed by the cluster CA certificate used for TLS based
 * internal communication with Kafka.
 * It also contains the related Zookeeper nodes private keys.
 *
 * @param clusterCa The CA for cluster certificates
 * @return The generated Secret.
 */
public Secret generateNodesSecret(ClusterCa clusterCa) {
    Map<String, String> data = new HashMap<>(replicas * 4);
    for (int i = 0; i < replicas; i++) {
        CertAndKey cert = nodeCerts.get(ZookeeperCluster.zookeeperPodName(cluster, i));
        data.put(ZookeeperCluster.zookeeperPodName(cluster, i) + ".key", cert.keyAsBase64String());
        data.put(ZookeeperCluster.zookeeperPodName(cluster, i) + ".crt", cert.certAsBase64String());
        data.put(ZookeeperCluster.zookeeperPodName(cluster, i) + ".p12", cert.keyStoreAsBase64String());
        data.put(ZookeeperCluster.zookeeperPodName(cluster, i) + ".password", cert.storePasswordAsBase64String());
    }
    return createSecret(ZookeeperCluster.nodesSecretName(cluster), data, Collections.singletonMap(clusterCa.caCertGenerationAnnotation(), String.valueOf(clusterCa.certGeneration())));
}

Example 45 with CertAndKey

use of io.strimzi.certs.CertAndKey in project strimzi by strimzi.

the class CruiseControl method generateSecret.

/**
 * Generate the Secret containing the Cruise Control certificate signed by the cluster CA certificate used for TLS based
 * internal communication with Kafka and Zookeeper.
 * It also contains the related Cruise Control private key.
 *
 * @param kafka The Kafka custom resource
 * @param clusterCa The cluster CA.
 * @param isMaintenanceTimeWindowsSatisfied Indicates whether we are in the maintenance window or not.
 *                                          This is used for certificate renewals
 * @return The generated Secret.
 */
public Secret generateSecret(Kafka kafka, ClusterCa clusterCa, boolean isMaintenanceTimeWindowsSatisfied) {
    if (!isDeployed()) {
        return null;
    }
    Map<String, CertAndKey> ccCerts = new HashMap<>(4);
    LOGGER.debugCr(reconciliation, "Generating certificates");
    try {
        ccCerts = clusterCa.generateCcCerts(kafka, isMaintenanceTimeWindowsSatisfied);
    } catch (IOException e) {
        LOGGER.warnCr(reconciliation, "Error while generating certificates", e);
    }
    LOGGER.debugCr(reconciliation, "End generating certificates");
    String keyCertName = "cruise-control";
    Map<String, String> data = new HashMap<>(4);
    CertAndKey cert = ccCerts.get(keyCertName);
    data.put(keyCertName + ".key", cert.keyAsBase64String());
    data.put(keyCertName + ".crt", cert.certAsBase64String());
    data.put(keyCertName + ".p12", cert.keyStoreAsBase64String());
    data.put(keyCertName + ".password", cert.storePasswordAsBase64String());
    return createSecret(CruiseControl.secretName(cluster), data, Collections.singletonMap(clusterCa.caCertGenerationAnnotation(), String.valueOf(clusterCa.certGeneration())));
}