use of org.apache.kafka.common.config.types.Password in project kafka by apache.
the class SSLUtils method configureSslContextFactoryTrustStore.
/**
* Configures TrustStore related settings in SslContextFactory
*/
protected static void configureSslContextFactoryTrustStore(SslContextFactory ssl, Map<String, Object> sslConfigValues) {
ssl.setTrustStoreType((String) getOrDefault(sslConfigValues, SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, SslConfigs.DEFAULT_SSL_TRUSTSTORE_TYPE));
String sslTruststoreLocation = (String) sslConfigValues.get(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG);
if (sslTruststoreLocation != null)
ssl.setTrustStorePath(sslTruststoreLocation);
Password sslTruststorePassword = (Password) sslConfigValues.get(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG);
if (sslTruststorePassword != null)
ssl.setTrustStorePassword(sslTruststorePassword.value());
}
use of org.apache.kafka.common.config.types.Password in project kafka by apache.
the class SSLUtils method configureSslContextFactoryKeyStore.
/**
* Configures KeyStore related settings in SslContextFactory
*/
protected static void configureSslContextFactoryKeyStore(SslContextFactory ssl, Map<String, Object> sslConfigValues) {
ssl.setKeyStoreType((String) getOrDefault(sslConfigValues, SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, SslConfigs.DEFAULT_SSL_KEYSTORE_TYPE));
String sslKeystoreLocation = (String) sslConfigValues.get(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG);
if (sslKeystoreLocation != null)
ssl.setKeyStorePath(sslKeystoreLocation);
Password sslKeystorePassword = (Password) sslConfigValues.get(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG);
if (sslKeystorePassword != null)
ssl.setKeyStorePassword(sslKeystorePassword.value());
Password sslKeyPassword = (Password) sslConfigValues.get(SslConfigs.SSL_KEY_PASSWORD_CONFIG);
if (sslKeyPassword != null)
ssl.setKeyManagerPassword(sslKeyPassword.value());
}
use of org.apache.kafka.common.config.types.Password in project kafka by apache.
the class TestSslUtils method exportCertificates.
public static Password exportCertificates(String storePath, Password storePassword, String storeType) throws Exception {
StringBuilder builder = new StringBuilder();
try (FileInputStream in = new FileInputStream(storePath)) {
KeyStore ks = KeyStore.getInstance(storeType);
ks.load(in, storePassword.value().toCharArray());
Enumeration<String> aliases = ks.aliases();
if (!aliases.hasMoreElements())
throw new IllegalArgumentException("No certificates found in file " + storePath);
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
Certificate[] certs = ks.getCertificateChain(alias);
if (certs != null) {
for (Certificate cert : certs) {
builder.append(pem(cert));
}
} else {
builder.append(pem(ks.getCertificate(alias)));
}
}
}
return new Password(builder.toString());
}
use of org.apache.kafka.common.config.types.Password in project kafka by apache.
the class TestSslUtils method convertToPemWithoutFiles.
public static void convertToPemWithoutFiles(Properties sslProps) throws Exception {
String tsPath = sslProps.getProperty(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG);
if (tsPath != null) {
Password trustCerts = exportCertificates(tsPath, (Password) sslProps.get(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG), sslProps.getProperty(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG));
sslProps.remove(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG);
sslProps.remove(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG);
sslProps.setProperty(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, PEM_TYPE);
sslProps.put(SslConfigs.SSL_TRUSTSTORE_CERTIFICATES_CONFIG, trustCerts);
}
String ksPath = sslProps.getProperty(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG);
if (ksPath != null) {
String ksType = sslProps.getProperty(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG);
Password ksPassword = (Password) sslProps.get(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG);
Password keyPassword = (Password) sslProps.get(SslConfigs.SSL_KEY_PASSWORD_CONFIG);
Password certChain = exportCertificates(ksPath, ksPassword, ksType);
Password key = exportPrivateKey(ksPath, ksPassword, keyPassword, ksType, keyPassword);
sslProps.remove(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG);
sslProps.remove(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG);
sslProps.setProperty(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, PEM_TYPE);
sslProps.put(SslConfigs.SSL_KEYSTORE_CERTIFICATE_CHAIN_CONFIG, certChain);
sslProps.put(SslConfigs.SSL_KEYSTORE_KEY_CONFIG, key);
}
}
use of org.apache.kafka.common.config.types.Password in project kafka by apache.
the class SslFactoryTest method testPemReconfiguration.
@Test
public void testPemReconfiguration() throws Exception {
Properties props = new Properties();
props.putAll(sslConfigsBuilder(Mode.SERVER).createNewTrustStore(null).usePem(true).build());
TestSecurityConfig sslConfig = new TestSecurityConfig(props);
SslFactory sslFactory = new SslFactory(Mode.SERVER);
sslFactory.configure(sslConfig.values());
SslEngineFactory sslEngineFactory = sslFactory.sslEngineFactory();
assertNotNull(sslEngineFactory, "SslEngineFactory not created");
props.put("some.config", "some.value");
sslConfig = new TestSecurityConfig(props);
sslFactory.reconfigure(sslConfig.values());
assertSame(sslEngineFactory, sslFactory.sslEngineFactory(), "SslEngineFactory recreated unnecessarily");
props.put(SslConfigs.SSL_KEYSTORE_KEY_CONFIG, new Password(((Password) props.get(SslConfigs.SSL_KEYSTORE_KEY_CONFIG)).value() + " "));
sslConfig = new TestSecurityConfig(props);
sslFactory.reconfigure(sslConfig.values());
assertNotSame(sslEngineFactory, sslFactory.sslEngineFactory(), "SslEngineFactory not recreated");
sslEngineFactory = sslFactory.sslEngineFactory();
props.put(SslConfigs.SSL_KEYSTORE_CERTIFICATE_CHAIN_CONFIG, new Password(((Password) props.get(SslConfigs.SSL_KEYSTORE_CERTIFICATE_CHAIN_CONFIG)).value() + " "));
sslConfig = new TestSecurityConfig(props);
sslFactory.reconfigure(sslConfig.values());
assertNotSame(sslEngineFactory, sslFactory.sslEngineFactory(), "SslEngineFactory not recreated");
sslEngineFactory = sslFactory.sslEngineFactory();
props.put(SslConfigs.SSL_TRUSTSTORE_CERTIFICATES_CONFIG, new Password(((Password) props.get(SslConfigs.SSL_TRUSTSTORE_CERTIFICATES_CONFIG)).value() + " "));
sslConfig = new TestSecurityConfig(props);
sslFactory.reconfigure(sslConfig.values());
assertNotSame(sslEngineFactory, sslFactory.sslEngineFactory(), "SslEngineFactory not recreated");
sslEngineFactory = sslFactory.sslEngineFactory();
}
Aggregations