org.apache.kafka.test.TestSslUtils Java Examples
The following examples show how to use
org.apache.kafka.test.TestSslUtils.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: CCKafkaClientsIntegrationTestHarness.java From cruise-control with BSD 2-Clause "Simplified" License | 6 votes |
|
protected void setSecurityConfigs(Properties clientProps, String certAlias) {
SecurityProtocol protocol = securityProtocol();
if (protocol == SecurityProtocol.SSL) {
File trustStoreFile = trustStoreFile();
if (trustStoreFile == null) {
throw new AssertionError("ssl set but no trust store provided");
}
clientProps.setProperty(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, protocol.name);
clientProps.setProperty(KafkaConfig.SslEndpointIdentificationAlgorithmProp(), "");
try {
clientProps.putAll(TestSslUtils.createSslConfig(true, true, Mode.CLIENT, trustStoreFile, certAlias));
} catch (Exception e) {
throw new IllegalStateException(e);
}
}
}
Example #2
| Source File: ApiHeadersTest.java From rest-utils with Apache License 2.0 | 6 votes |
|
@BeforeClass
public static void setUp() throws Exception {
final File trustStore = File.createTempFile("ApiHeadersTest-truststore", ".jks");
final File clientKeystore = File.createTempFile("ApiHeadersTest-client-keystore", ".jks");
final File serverKeystore = File.createTempFile("ApiHeadersTest-server-keystore", ".jks");
clientKeystoreLocation = clientKeystore.getAbsolutePath();
final Map<String, X509Certificate> certs = new HashMap<>();
createKeystoreWithCert(clientKeystore, "client", certs);
createKeystoreWithCert(serverKeystore, "server", certs);
TestSslUtils.createTrustStore(trustStore.getAbsolutePath(), new Password(SSL_PASSWORD), certs);
final Properties props = new Properties();
props.put(RestConfig.LISTENERS_CONFIG, httpUri + "," + httpsUri);
props.put(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG, serverKeystore.getAbsolutePath());
props.put(RestConfig.SSL_KEYSTORE_PASSWORD_CONFIG, SSL_PASSWORD);
props.put(RestConfig.SSL_KEY_PASSWORD_CONFIG, SSL_PASSWORD);
app = new TestApplication(new TestRestConfig(props));
app.start();
}
Example #3
| Source File: SslTest.java From rest-utils with Apache License 2.0 | 6 votes |
|
@Before
public void setUp() throws Exception {
try {
trustStore = File.createTempFile("SslTest-truststore", ".jks");
clientKeystore = File.createTempFile("SslTest-client-keystore", ".jks");
serverKeystore = File.createTempFile("SslTest-server-keystore", ".jks");
serverKeystoreBak = File.createTempFile("SslTest-server-keystore", ".jks.bak");
serverKeystoreErr = File.createTempFile("SslTest-server-keystore", ".jks.err");
} catch (IOException ioe) {
throw new RuntimeException("Unable to create temporary files for trust stores and keystores.");
}
Map<String, X509Certificate> certs = new HashMap<>();
createKeystoreWithCert(clientKeystore, "client", certs);
createKeystoreWithCert(serverKeystore, "server", certs);
TestSslUtils.createTrustStore(trustStore.getAbsolutePath(), new Password(SSL_PASSWORD), certs);
Files.copy(serverKeystore.toPath(), serverKeystoreBak.toPath(), StandardCopyOption.REPLACE_EXISTING);
certs = new HashMap<>();
createWrongKeystoreWithCert(serverKeystoreErr, "server", certs);
}
Example #4
| Source File: SecureTestUtils.java From kareldb with Apache License 2.0 | 5 votes |
|
public static Properties clientSslConfigsWithKeyStore(
int numberOfCerts,
File trustStoreFile,
Password trustPassword,
List<X509Certificate> clientCerts,
List<KeyPair> keyPairs
) throws GeneralSecurityException, IOException {
Map<String, X509Certificate> certificateMap = new HashMap<>();
File clientKSFile = File.createTempFile("CKeystore", ".jks");
clientKSFile.deleteOnExit();
String keyStorePassword = new Password("Client-KS-Password").value();
for (int i = 0; i < numberOfCerts; i++) {
KeyPair kp = TestSslUtils.generateKeyPair("RSA");
X509Certificate cert = TestSslUtils.generateCertificate(
"CN=localhost, O=Client" + i, kp, 30, "SHA1withRSA");
clientCerts.add(cert);
keyPairs.add(kp);
certificateMap.put("client-" + i, cert);
}
createKeyStore(clientKSFile, keyStorePassword, clientCerts, keyPairs);
TestSslUtils.createTrustStore(trustStoreFile.toString(), trustPassword, certificateMap);
Properties sslConfigs =
getClientSslConfigs(trustStoreFile, trustPassword.value(), clientKSFile, keyStorePassword);
return sslConfigs;
}
Example #5
| Source File: SSLClusterTestHarness.java From kcache with Apache License 2.0 | 5 votes |
|
@Override
protected KafkaConfig getKafkaConfig(int brokerId) {
File trustStoreFile;
try {
trustStoreFile = File.createTempFile("SSLClusterTestHarness-truststore", ".jks");
} catch (IOException ioe) {
throw new RuntimeException("Unable to create temporary file for the truststore.");
}
final Option<File> trustStoreFileOption = Option.apply(trustStoreFile);
final Option<SecurityProtocol> sslInterBrokerSecurityProtocol = Option.apply(SecurityProtocol.SSL);
Properties props = TestUtils.createBrokerConfig(
brokerId, zkConnect, false, false, TestUtils.RandomPort(), sslInterBrokerSecurityProtocol,
trustStoreFileOption, EMPTY_SASL_PROPERTIES, false, false, TestUtils.RandomPort(),
true, TestUtils.RandomPort(), false, TestUtils.RandomPort(), Option.<String>empty(), 1, false,
1, (short) 1);
// setup client SSL. Needs to happen before the broker is initialized, because the client's cert
// needs to be added to the broker's trust store.
Map<String, Object> sslConfigs;
try {
this.clientSslConfigs = TestSslUtils.createSslConfig(true, true, Mode.CLIENT,
trustStoreFile, "client", "localhost");
} catch (Exception e) {
throw new RuntimeException(e);
}
injectProperties(props);
if (requireSSLClientAuth()) {
props.setProperty("ssl.client.auth", "required");
}
return KafkaConfig.fromProps(props);
}
Example #6
| Source File: ApiHeadersTest.java From rest-utils with Apache License 2.0 | 5 votes |
|
private static void createKeystoreWithCert(File file, String alias, Map<String, X509Certificate> certs) throws Exception {
final KeyPair keypair = TestSslUtils.generateKeyPair("RSA");
final X509Certificate cert = new CertificateBuilder(30, "SHA1withRSA")
.sanDnsName("localhost").generate("CN=mymachine.local, O=A client", keypair);
TestSslUtils.createKeyStore(file.getPath(), new Password(SSL_PASSWORD), alias,
keypair.getPrivate(), cert);
certs.put(alias, cert);
}
Example #7
| Source File: SslTest.java From rest-utils with Apache License 2.0 | 5 votes |
|
private void createKeystoreWithCert(File file, String alias, Map<String, X509Certificate> certs) throws Exception {
KeyPair keypair = TestSslUtils.generateKeyPair("RSA");
CertificateBuilder certificateBuilder = new CertificateBuilder(30, "SHA1withRSA");
X509Certificate cCert = certificateBuilder.sanDnsName("localhost")
.generate("CN=mymachine.local, O=A client", keypair);
TestSslUtils.createKeyStore(file.getPath(), new Password(SSL_PASSWORD), alias, keypair.getPrivate(), cCert);
certs.put(alias, cCert);
}
Example #8
| Source File: SslTest.java From rest-utils with Apache License 2.0 | 5 votes |
|
private void createWrongKeystoreWithCert(File file, String alias, Map<String, X509Certificate> certs) throws Exception {
KeyPair keypair = TestSslUtils.generateKeyPair("RSA");
CertificateBuilder certificateBuilder = new CertificateBuilder(30, "SHA1withRSA");
X509Certificate cCert = certificateBuilder.sanDnsName("fail")
.generate("CN=mymachine.local, O=A client", keypair);
TestSslUtils.createKeyStore(file.getPath(), new Password(SSL_PASSWORD), alias, keypair.getPrivate(), cCert);
certs.put(alias, cCert);
}
Example #9
| Source File: CCEmbeddedBrokerBuilder.java From cruise-control with BSD 2-Clause "Simplified" License | 4 votes |
|
/**
* @return Config properties.
*/
public Map<Object, Object> buildConfig() {
applyDefaults();
validate();
Map<Object, Object> props = new HashMap<>();
StringJoiner csvJoiner = new StringJoiner(",");
if (_plaintextPort >= 0) {
csvJoiner.add(SecurityProtocol.PLAINTEXT.name + "://localhost:" + _plaintextPort);
}
if (_sslPort >= 0) {
csvJoiner.add(SecurityProtocol.SSL.name + "://localhost:" + _sslPort);
}
props.put(KafkaConfig.BrokerIdProp(), Integer.toString(_nodeId));
props.put(KafkaConfig.ListenersProp(), csvJoiner.toString());
props.put(KafkaConfig.LogDirProp(), _logDirectory.getAbsolutePath());
props.put(KafkaConfig.ZkConnectProp(), _zkConnect);
props.put(KafkaConfig.ReplicaSocketTimeoutMsProp(), Long.toString(_socketTimeout));
props.put(KafkaConfig.ControllerSocketTimeoutMsProp(), Long.toString(_socketTimeout));
props.put(KafkaConfig.ControlledShutdownEnableProp(), Boolean.toString(_enableControlledShutdown));
props.put(KafkaConfig.DeleteTopicEnableProp(), Boolean.toString(_enableDeleteTopic));
props.put(KafkaConfig.ControlledShutdownRetryBackoffMsProp(), Long.toString(_controlledShutdownRetryBackoff));
props.put(KafkaConfig.LogCleanerDedupeBufferSizeProp(), Long.toString(_logCleanerDedupBufferSize));
props.put(KafkaConfig.LogCleanerEnableProp(), Boolean.toString(_enableLogCleaner));
props.put(KafkaConfig.OffsetsTopicReplicationFactorProp(), "1");
props.put(KafkaConfig.SslEndpointIdentificationAlgorithmProp(), "");
if (_rack != null) {
props.put(KafkaConfig.RackProp(), _rack);
}
if (_trustStore != null || _sslPort > 0) {
try {
props.putAll(TestSslUtils.createSslConfig(false, true, Mode.SERVER, _trustStore, "server" + _nodeId));
// Switch interbroker to ssl
props.put(KafkaConfig.InterBrokerSecurityProtocolProp(), SecurityProtocol.SSL.name);
} catch (Exception e) {
throw new IllegalStateException(e);
}
}
return props;
}
