SSL Configurations
SslConfig
Package: io.axual.client.config
Use this class to build an SSL configuration, used by the client to get a secure connection to Kafka.
Usage
Note that you can use them interchangeably, trust and key material can be loaded in different formats.
SslConfig
objects are validated upon construction, misconfiguration will raise ConfigurationException.
JKS
Key and Trust Material
JKS
is the default key and truststore type, an instance of SslConfig
can be instantiated as follows:
SslConfig.newBuilder()
.setKeystoreLocation(KEYSTORE_LOCATION)
.setKeystorePassword(KEYSTORE_PASSWORD)
.setKeyPassword(KEY_PASSWORD)
.setTruststoreLocation(TRUSTSTORE_LOCATION)
.setTruststorePassword(TRUSTSTORE_PASSWORD)
.build()
PKCS12
Key and Trust Material
Type of KeystoreType
and TruststoreType
need to be explicitly set:
SslConfig.newBuilder()
.setKeystoreType(SslConfig.KeystoreType.PKCS12)
.setKeystoreLocation(KEYSTORE_LOCATION)
.setKeystorePassword(KEYSTORE_PASSWORD)
.setKeyPassword(KEY_PASSWORD)
.setTruststoreType(SslConfig.TruststoreType.PKCS12)
.setTruststoreLocation(TRUSTSTORE_LOCATION)
.setTruststorePassword(TRUSTSTORE_PASSWORD)
.build()
PEM
Key and Trust Material
The configuration can be used by directly configuring the pem contents as string as follows:
SslConfig.newBuilder()
.setKeystoreType(SslConfig.KeystoreType.PEM)
.setKeystoreCertificateChain(KEYSTORE_CERTIFICATE_CHAIN)
.setKeystoreKey(KEY)
.setTruststoreType(SslConfig.TruststoreType.PEM)
.setTruststoreCertificates(TRUSTSTORE_CERTIFICATES)
.build()
If instead the PEM
contents are on a file, the configuration can be done by pointing to the file:
SslConfig.newBuilder()
.setKeystoreType(SslConfig.KeystoreType.PEM)
.setKeystoreLocation(KEYSTORE_LOCATION) (1)
.setKeyPassword(KEY_PASSWORD)
.setTruststoreType(SslConfig.TruststoreType.PEM)
.setTruststoreCertificates(TRUSTSTORE_CERTIFICATES)
.build())
1 | Use exported Key Pair |