Search in sources :

Example 36 with Password

use of org.apache.kafka.common.config.types.Password in project kafka by apache.

the class SSLUtils method configureSslContextFactoryTrustStore.

/**
 * Configures TrustStore related settings in SslContextFactory
 */
protected static void configureSslContextFactoryTrustStore(SslContextFactory ssl, Map<String, Object> sslConfigValues) {
    ssl.setTrustStoreType((String) getOrDefault(sslConfigValues, SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, SslConfigs.DEFAULT_SSL_TRUSTSTORE_TYPE));
    String sslTruststoreLocation = (String) sslConfigValues.get(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG);
    if (sslTruststoreLocation != null)
        ssl.setTrustStorePath(sslTruststoreLocation);
    Password sslTruststorePassword = (Password) sslConfigValues.get(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG);
    if (sslTruststorePassword != null)
        ssl.setTrustStorePassword(sslTruststorePassword.value());
}
Also used : Password(org.apache.kafka.common.config.types.Password)

Example 37 with Password

use of org.apache.kafka.common.config.types.Password in project kafka by apache.

the class SSLUtils method configureSslContextFactoryKeyStore.

/**
 * Configures KeyStore related settings in SslContextFactory
 */
protected static void configureSslContextFactoryKeyStore(SslContextFactory ssl, Map<String, Object> sslConfigValues) {
    ssl.setKeyStoreType((String) getOrDefault(sslConfigValues, SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, SslConfigs.DEFAULT_SSL_KEYSTORE_TYPE));
    String sslKeystoreLocation = (String) sslConfigValues.get(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG);
    if (sslKeystoreLocation != null)
        ssl.setKeyStorePath(sslKeystoreLocation);
    Password sslKeystorePassword = (Password) sslConfigValues.get(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG);
    if (sslKeystorePassword != null)
        ssl.setKeyStorePassword(sslKeystorePassword.value());
    Password sslKeyPassword = (Password) sslConfigValues.get(SslConfigs.SSL_KEY_PASSWORD_CONFIG);
    if (sslKeyPassword != null)
        ssl.setKeyManagerPassword(sslKeyPassword.value());
}
Also used : Password(org.apache.kafka.common.config.types.Password)

Example 38 with Password

use of org.apache.kafka.common.config.types.Password in project kafka by apache.

the class TestSslUtils method exportCertificates.

public static Password exportCertificates(String storePath, Password storePassword, String storeType) throws Exception {
    StringBuilder builder = new StringBuilder();
    try (FileInputStream in = new FileInputStream(storePath)) {
        KeyStore ks = KeyStore.getInstance(storeType);
        ks.load(in, storePassword.value().toCharArray());
        Enumeration<String> aliases = ks.aliases();
        if (!aliases.hasMoreElements())
            throw new IllegalArgumentException("No certificates found in file " + storePath);
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            Certificate[] certs = ks.getCertificateChain(alias);
            if (certs != null) {
                for (Certificate cert : certs) {
                    builder.append(pem(cert));
                }
            } else {
                builder.append(pem(ks.getCertificate(alias)));
            }
        }
    }
    return new Password(builder.toString());
}
Also used : DEROctetString(org.bouncycastle.asn1.DEROctetString) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) Password(org.apache.kafka.common.config.types.Password)

Example 39 with Password

use of org.apache.kafka.common.config.types.Password in project kafka by apache.

the class TestSslUtils method convertToPemWithoutFiles.

public static void convertToPemWithoutFiles(Properties sslProps) throws Exception {
    String tsPath = sslProps.getProperty(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG);
    if (tsPath != null) {
        Password trustCerts = exportCertificates(tsPath, (Password) sslProps.get(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG), sslProps.getProperty(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG));
        sslProps.remove(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG);
        sslProps.remove(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG);
        sslProps.setProperty(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, PEM_TYPE);
        sslProps.put(SslConfigs.SSL_TRUSTSTORE_CERTIFICATES_CONFIG, trustCerts);
    }
    String ksPath = sslProps.getProperty(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG);
    if (ksPath != null) {
        String ksType = sslProps.getProperty(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG);
        Password ksPassword = (Password) sslProps.get(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG);
        Password keyPassword = (Password) sslProps.get(SslConfigs.SSL_KEY_PASSWORD_CONFIG);
        Password certChain = exportCertificates(ksPath, ksPassword, ksType);
        Password key = exportPrivateKey(ksPath, ksPassword, keyPassword, ksType, keyPassword);
        sslProps.remove(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG);
        sslProps.remove(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG);
        sslProps.setProperty(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, PEM_TYPE);
        sslProps.put(SslConfigs.SSL_KEYSTORE_CERTIFICATE_CHAIN_CONFIG, certChain);
        sslProps.put(SslConfigs.SSL_KEYSTORE_KEY_CONFIG, key);
    }
}
Also used : DEROctetString(org.bouncycastle.asn1.DEROctetString) Password(org.apache.kafka.common.config.types.Password)

Example 40 with Password

use of org.apache.kafka.common.config.types.Password in project kafka by apache.

the class SslFactoryTest method testPemReconfiguration.

@Test
public void testPemReconfiguration() throws Exception {
    Properties props = new Properties();
    props.putAll(sslConfigsBuilder(Mode.SERVER).createNewTrustStore(null).usePem(true).build());
    TestSecurityConfig sslConfig = new TestSecurityConfig(props);
    SslFactory sslFactory = new SslFactory(Mode.SERVER);
    sslFactory.configure(sslConfig.values());
    SslEngineFactory sslEngineFactory = sslFactory.sslEngineFactory();
    assertNotNull(sslEngineFactory, "SslEngineFactory not created");
    props.put("some.config", "some.value");
    sslConfig = new TestSecurityConfig(props);
    sslFactory.reconfigure(sslConfig.values());
    assertSame(sslEngineFactory, sslFactory.sslEngineFactory(), "SslEngineFactory recreated unnecessarily");
    props.put(SslConfigs.SSL_KEYSTORE_KEY_CONFIG, new Password(((Password) props.get(SslConfigs.SSL_KEYSTORE_KEY_CONFIG)).value() + " "));
    sslConfig = new TestSecurityConfig(props);
    sslFactory.reconfigure(sslConfig.values());
    assertNotSame(sslEngineFactory, sslFactory.sslEngineFactory(), "SslEngineFactory not recreated");
    sslEngineFactory = sslFactory.sslEngineFactory();
    props.put(SslConfigs.SSL_KEYSTORE_CERTIFICATE_CHAIN_CONFIG, new Password(((Password) props.get(SslConfigs.SSL_KEYSTORE_CERTIFICATE_CHAIN_CONFIG)).value() + " "));
    sslConfig = new TestSecurityConfig(props);
    sslFactory.reconfigure(sslConfig.values());
    assertNotSame(sslEngineFactory, sslFactory.sslEngineFactory(), "SslEngineFactory not recreated");
    sslEngineFactory = sslFactory.sslEngineFactory();
    props.put(SslConfigs.SSL_TRUSTSTORE_CERTIFICATES_CONFIG, new Password(((Password) props.get(SslConfigs.SSL_TRUSTSTORE_CERTIFICATES_CONFIG)).value() + " "));
    sslConfig = new TestSecurityConfig(props);
    sslFactory.reconfigure(sslConfig.values());
    assertNotSame(sslEngineFactory, sslFactory.sslEngineFactory(), "SslEngineFactory not recreated");
    sslEngineFactory = sslFactory.sslEngineFactory();
}
Also used : SslEngineFactory(org.apache.kafka.common.security.auth.SslEngineFactory) TestSecurityConfig(org.apache.kafka.common.security.TestSecurityConfig) Properties(java.util.Properties) Password(org.apache.kafka.common.config.types.Password) Test(org.junit.jupiter.api.Test)

Aggregations

Password (org.apache.kafka.common.config.types.Password)41 HashMap (java.util.HashMap)9 Properties (java.util.Properties)7 Test (org.junit.Test)7 TestSecurityConfig (org.apache.kafka.common.security.TestSecurityConfig)6 PlainLoginModule (org.apache.kafka.common.security.plain.PlainLoginModule)6 Test (org.junit.jupiter.api.Test)6 InetSocketAddress (java.net.InetSocketAddress)5 SecurityProtocol (org.apache.kafka.common.security.auth.SecurityProtocol)5 DEROctetString (org.bouncycastle.asn1.DEROctetString)5 KeyStore (java.security.KeyStore)4 AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)4 ValidString (org.apache.kafka.common.config.ConfigDef.ValidString)4 X509Certificate (java.security.cert.X509Certificate)3 LogContext (org.apache.kafka.common.utils.LogContext)3 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)3 ArgumentsSource (org.junit.jupiter.params.provider.ArgumentsSource)3 File (java.io.File)2 FileInputStream (java.io.FileInputStream)2 IOException (java.io.IOException)2