Java Code Examples for org.apache.kafka.test.TestSslUtils

The following examples show how to use org.apache.kafka.test.TestSslUtils. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
protected void setSecurityConfigs(Properties clientProps, String certAlias) {
  SecurityProtocol protocol = securityProtocol();
  if (protocol == SecurityProtocol.SSL) {
    File trustStoreFile = trustStoreFile();
    if (trustStoreFile == null) {
      throw new AssertionError("ssl set but no trust store provided");
    }
    clientProps.setProperty(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, protocol.name);
    clientProps.setProperty(KafkaConfig.SslEndpointIdentificationAlgorithmProp(), "");
    try {
      clientProps.putAll(TestSslUtils.createSslConfig(true, true, Mode.CLIENT, trustStoreFile, certAlias));
    } catch (Exception e) {
      throw new IllegalStateException(e);
    }
  }
}
 
Example 2
Source Project: rest-utils   Source File: ApiHeadersTest.java    License: Apache License 2.0 6 votes vote down vote up
@BeforeClass
public static void setUp() throws Exception {
  final File trustStore = File.createTempFile("ApiHeadersTest-truststore", ".jks");
  final File clientKeystore = File.createTempFile("ApiHeadersTest-client-keystore", ".jks");
  final File serverKeystore = File.createTempFile("ApiHeadersTest-server-keystore", ".jks");

  clientKeystoreLocation = clientKeystore.getAbsolutePath();

  final Map<String, X509Certificate> certs = new HashMap<>();
  createKeystoreWithCert(clientKeystore, "client", certs);
  createKeystoreWithCert(serverKeystore, "server", certs);
  TestSslUtils.createTrustStore(trustStore.getAbsolutePath(), new Password(SSL_PASSWORD), certs);

  final Properties props = new Properties();
  props.put(RestConfig.LISTENERS_CONFIG, httpUri + "," + httpsUri);
  props.put(RestConfig.SSL_KEYSTORE_LOCATION_CONFIG, serverKeystore.getAbsolutePath());
  props.put(RestConfig.SSL_KEYSTORE_PASSWORD_CONFIG, SSL_PASSWORD);
  props.put(RestConfig.SSL_KEY_PASSWORD_CONFIG, SSL_PASSWORD);

  app = new TestApplication(new TestRestConfig(props));
  app.start();
}
 
Example 3
Source Project: rest-utils   Source File: SslTest.java    License: Apache License 2.0 6 votes vote down vote up
@Before
public void setUp() throws Exception {
  try {
    trustStore = File.createTempFile("SslTest-truststore", ".jks");
    clientKeystore = File.createTempFile("SslTest-client-keystore", ".jks");
    serverKeystore = File.createTempFile("SslTest-server-keystore", ".jks");
    serverKeystoreBak = File.createTempFile("SslTest-server-keystore", ".jks.bak");
    serverKeystoreErr = File.createTempFile("SslTest-server-keystore", ".jks.err");
  } catch (IOException ioe) {
    throw new RuntimeException("Unable to create temporary files for trust stores and keystores.");
  }
  Map<String, X509Certificate> certs = new HashMap<>();
  createKeystoreWithCert(clientKeystore, "client", certs);
  createKeystoreWithCert(serverKeystore, "server", certs);
  TestSslUtils.createTrustStore(trustStore.getAbsolutePath(), new Password(SSL_PASSWORD), certs);

  Files.copy(serverKeystore.toPath(), serverKeystoreBak.toPath(), StandardCopyOption.REPLACE_EXISTING);
  certs = new HashMap<>();
  createWrongKeystoreWithCert(serverKeystoreErr, "server", certs);
}
 
Example 4
Source Project: kareldb   Source File: SecureTestUtils.java    License: Apache License 2.0 5 votes vote down vote up
public static Properties clientSslConfigsWithKeyStore(
    int numberOfCerts,
    File trustStoreFile,
    Password trustPassword,
    List<X509Certificate> clientCerts,
    List<KeyPair> keyPairs
) throws GeneralSecurityException, IOException {

    Map<String, X509Certificate> certificateMap = new HashMap<>();

    File clientKSFile = File.createTempFile("CKeystore", ".jks");
    clientKSFile.deleteOnExit();
    String keyStorePassword = new Password("Client-KS-Password").value();

    for (int i = 0; i < numberOfCerts; i++) {
        KeyPair kp = TestSslUtils.generateKeyPair("RSA");
        X509Certificate cert = TestSslUtils.generateCertificate(
            "CN=localhost, O=Client" + i, kp, 30, "SHA1withRSA");

        clientCerts.add(cert);
        keyPairs.add(kp);
        certificateMap.put("client-" + i, cert);
    }

    createKeyStore(clientKSFile, keyStorePassword, clientCerts, keyPairs);

    TestSslUtils.createTrustStore(trustStoreFile.toString(), trustPassword, certificateMap);

    Properties sslConfigs =
        getClientSslConfigs(trustStoreFile, trustPassword.value(), clientKSFile, keyStorePassword);

    return sslConfigs;
}
 
Example 5
Source Project: kcache   Source File: SSLClusterTestHarness.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected KafkaConfig getKafkaConfig(int brokerId) {
    File trustStoreFile;
    try {
        trustStoreFile = File.createTempFile("SSLClusterTestHarness-truststore", ".jks");
    } catch (IOException ioe) {
        throw new RuntimeException("Unable to create temporary file for the truststore.");
    }
    final Option<File> trustStoreFileOption = Option.apply(trustStoreFile);
    final Option<SecurityProtocol> sslInterBrokerSecurityProtocol = Option.apply(SecurityProtocol.SSL);
    Properties props = TestUtils.createBrokerConfig(
        brokerId, zkConnect, false, false, TestUtils.RandomPort(), sslInterBrokerSecurityProtocol,
        trustStoreFileOption, EMPTY_SASL_PROPERTIES, false, false, TestUtils.RandomPort(),
        true, TestUtils.RandomPort(), false, TestUtils.RandomPort(), Option.<String>empty(), 1, false,
        1, (short) 1);

    // setup client SSL. Needs to happen before the broker is initialized, because the client's cert
    // needs to be added to the broker's trust store.
    Map<String, Object> sslConfigs;
    try {
        this.clientSslConfigs = TestSslUtils.createSslConfig(true, true, Mode.CLIENT,
            trustStoreFile, "client", "localhost");
    } catch (Exception e) {
        throw new RuntimeException(e);
    }

    injectProperties(props);
    if (requireSSLClientAuth()) {
        props.setProperty("ssl.client.auth", "required");
    }

    return KafkaConfig.fromProps(props);
}
 
Example 6
Source Project: rest-utils   Source File: ApiHeadersTest.java    License: Apache License 2.0 5 votes vote down vote up
private static void createKeystoreWithCert(File file, String alias, Map<String, X509Certificate> certs) throws Exception {

    final KeyPair keypair = TestSslUtils.generateKeyPair("RSA");

    final X509Certificate cert = new CertificateBuilder(30, "SHA1withRSA")
        .sanDnsName("localhost").generate("CN=mymachine.local, O=A client", keypair);

    TestSslUtils.createKeyStore(file.getPath(), new Password(SSL_PASSWORD), alias,
        keypair.getPrivate(), cert);
    certs.put(alias, cert);
  }
 
Example 7
Source Project: rest-utils   Source File: SslTest.java    License: Apache License 2.0 5 votes vote down vote up
private void createKeystoreWithCert(File file, String alias, Map<String, X509Certificate> certs) throws Exception {
  KeyPair keypair = TestSslUtils.generateKeyPair("RSA");
  CertificateBuilder certificateBuilder = new CertificateBuilder(30, "SHA1withRSA");
  X509Certificate cCert = certificateBuilder.sanDnsName("localhost")
      .generate("CN=mymachine.local, O=A client", keypair);
  TestSslUtils.createKeyStore(file.getPath(), new Password(SSL_PASSWORD), alias, keypair.getPrivate(), cCert);
  certs.put(alias, cCert);
}
 
Example 8
Source Project: rest-utils   Source File: SslTest.java    License: Apache License 2.0 5 votes vote down vote up
private void createWrongKeystoreWithCert(File file, String alias, Map<String, X509Certificate> certs) throws Exception {
  KeyPair keypair = TestSslUtils.generateKeyPair("RSA");
  CertificateBuilder certificateBuilder = new CertificateBuilder(30, "SHA1withRSA");
  X509Certificate cCert = certificateBuilder.sanDnsName("fail")
      .generate("CN=mymachine.local, O=A client", keypair);
  TestSslUtils.createKeyStore(file.getPath(), new Password(SSL_PASSWORD), alias, keypair.getPrivate(), cCert);
  certs.put(alias, cCert);
}
 
Example 9
/**
 * @return Config properties.
 */
public Map<Object, Object> buildConfig() {
  applyDefaults();
  validate();

  Map<Object, Object> props = new HashMap<>();

  StringJoiner csvJoiner = new StringJoiner(",");
  if (_plaintextPort >= 0) {
    csvJoiner.add(SecurityProtocol.PLAINTEXT.name + "://localhost:" + _plaintextPort);
  }
  if (_sslPort >= 0) {
    csvJoiner.add(SecurityProtocol.SSL.name + "://localhost:" + _sslPort);
  }
  props.put(KafkaConfig.BrokerIdProp(), Integer.toString(_nodeId));
  props.put(KafkaConfig.ListenersProp(), csvJoiner.toString());
  props.put(KafkaConfig.LogDirProp(), _logDirectory.getAbsolutePath());
  props.put(KafkaConfig.ZkConnectProp(), _zkConnect);
  props.put(KafkaConfig.ReplicaSocketTimeoutMsProp(), Long.toString(_socketTimeout));
  props.put(KafkaConfig.ControllerSocketTimeoutMsProp(), Long.toString(_socketTimeout));
  props.put(KafkaConfig.ControlledShutdownEnableProp(), Boolean.toString(_enableControlledShutdown));
  props.put(KafkaConfig.DeleteTopicEnableProp(), Boolean.toString(_enableDeleteTopic));
  props.put(KafkaConfig.ControlledShutdownRetryBackoffMsProp(), Long.toString(_controlledShutdownRetryBackoff));
  props.put(KafkaConfig.LogCleanerDedupeBufferSizeProp(), Long.toString(_logCleanerDedupBufferSize));
  props.put(KafkaConfig.LogCleanerEnableProp(), Boolean.toString(_enableLogCleaner));
  props.put(KafkaConfig.OffsetsTopicReplicationFactorProp(), "1");
  props.put(KafkaConfig.SslEndpointIdentificationAlgorithmProp(), "");
  if (_rack != null) {
    props.put(KafkaConfig.RackProp(), _rack);
  }
  if (_trustStore != null || _sslPort > 0) {
    try {
      props.putAll(TestSslUtils.createSslConfig(false, true, Mode.SERVER, _trustStore, "server" + _nodeId));
      // Switch interbroker to ssl
      props.put(KafkaConfig.InterBrokerSecurityProtocolProp(), SecurityProtocol.SSL.name);
    } catch (Exception e) {
      throw new IllegalStateException(e);
    }
  }

  return props;
}