SSL Configurations

SslConfig

Package: io.axual.client.config

Use this class to build an SSL configuration, used by the client to get a secure connection to Kafka.

Usage

Note that you can use them interchangeably, trust and key material can be loaded in different formats.

SslConfig objects are validated upon construction, misconfiguration will raise ConfigurationException.

JKS Key and Trust Material

JKS is the default key and truststore type, an instance of SslConfig can be instantiated as follows:

SslConfig.newBuilder()
	.setKeystoreLocation(KEYSTORE_LOCATION)
	.setKeystorePassword(KEYSTORE_PASSWORD)
	.setKeyPassword(KEY_PASSWORD)
	.setTruststoreLocation(TRUSTSTORE_LOCATION)
	.setTruststorePassword(TRUSTSTORE_PASSWORD)
	.build()

PKCS12 Key and Trust Material

Type of KeystoreType and TruststoreType need to be explicitly set:

SslConfig.newBuilder()
	.setKeystoreType(SslConfig.KeystoreType.PKCS12)
	.setKeystoreLocation(KEYSTORE_LOCATION)
	.setKeystorePassword(KEYSTORE_PASSWORD)
	.setKeyPassword(KEY_PASSWORD)
	.setTruststoreType(SslConfig.TruststoreType.PKCS12)
	.setTruststoreLocation(TRUSTSTORE_LOCATION)
	.setTruststorePassword(TRUSTSTORE_PASSWORD)
	.build()

PEM Key and Trust Material

The configuration can be used by directly configuring the pem contents as string as follows:

SslConfig.newBuilder()
	.setKeystoreType(SslConfig.KeystoreType.PEM)
	.setKeystoreCertificateChain(KEYSTORE_CERTIFICATE_CHAIN)
	.setKeystoreKey(KEY)
	.setTruststoreType(SslConfig.TruststoreType.PEM)
	.setTruststoreCertificates(TRUSTSTORE_CERTIFICATES)
	.build()

If instead the PEM contents are on a file, the configuration can be done by pointing to the file:

SslConfig.newBuilder()
	.setKeystoreType(SslConfig.KeystoreType.PEM)
	.setKeystoreLocation(KEYSTORE_LOCATION)  (1)
	.setKeyPassword(KEY_PASSWORD)
	.setTruststoreType(SslConfig.TruststoreType.PEM)
	.setTruststoreCertificates(TRUSTSTORE_CERTIFICATES)
	.build())
1 Use exported Key Pair