本文整理汇总了Java中org.apache.kafka.common.config.SslConfigs类的典型用法代码示例。如果您正苦于以下问题:Java SslConfigs类的具体用法?Java SslConfigs怎么用?Java SslConfigs使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
SslConfigs类属于org.apache.kafka.common.config包,在下文中一共展示了SslConfigs类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: create
import org.apache.kafka.common.config.SslConfigs; //导入依赖的package包/类
/**
* Create a new AdminClient instance.
* @param clusterConfig What cluster to connect to.
* @param clientId What clientId to associate the connection with.
*/
public AdminClient create(final ClusterConfig clusterConfig, final String clientId) {
// Create a map
final Map<String, Object> config = new HashMap<>();
config.put(AdminClientConfig.BOOTSTRAP_SERVERS_CONFIG, clusterConfig.getConnectString());
config.put(AdminClientConfig.CLIENT_ID_CONFIG, clientId);
config.put(AdminClientConfig.REQUEST_TIMEOUT_MS_CONFIG, requestTimeout);
if (clusterConfig.isUseSsl()) {
config.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SSL");
config.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, keyStoreRootPath + "/" + clusterConfig.getKeyStoreFile());
config.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, clusterConfig.getKeyStorePassword());
config.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, keyStoreRootPath + "/" + clusterConfig.getTrustStoreFile());
config.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, clusterConfig.getTrustStorePassword());
}
return KafkaAdminClient.create(config);
}
示例2: testValidEndpointIdentificationSanIp
import org.apache.kafka.common.config.SslConfigs; //导入依赖的package包/类
/**
* Tests that server certificate with SubjectAltName containing valid IP address
* is accepted by a client that connects using IP address and validates server endpoint.
*/
@Test
public void testValidEndpointIdentificationSanIp() throws Exception {
String node = "0";
serverCertStores = new CertStores(true, "server", InetAddress.getByName("127.0.0.1"));
clientCertStores = new CertStores(false, "client", InetAddress.getByName("127.0.0.1"));
sslServerConfigs = serverCertStores.getTrustingConfig(clientCertStores);
sslClientConfigs = clientCertStores.getTrustingConfig(serverCertStores);
server = createEchoServer(SecurityProtocol.SSL);
sslClientConfigs.put(SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG, "HTTPS");
createSelector(sslClientConfigs);
InetSocketAddress addr = new InetSocketAddress("127.0.0.1", server.port());
selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
NetworkTestUtils.checkClientConnection(selector, node, 100, 10);
}
示例3: testValidEndpointIdentificationCN
import org.apache.kafka.common.config.SslConfigs; //导入依赖的package包/类
/**
* Tests that server certificate with CN containing valid hostname
* is accepted by a client that connects using hostname and validates server endpoint.
*/
@Test
public void testValidEndpointIdentificationCN() throws Exception {
String node = "0";
serverCertStores = new CertStores(true, "localhost");
clientCertStores = new CertStores(false, "localhost");
sslServerConfigs = serverCertStores.getTrustingConfig(clientCertStores);
sslClientConfigs = clientCertStores.getTrustingConfig(serverCertStores);
server = createEchoServer(SecurityProtocol.SSL);
sslClientConfigs.put(SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG, "HTTPS");
createSelector(sslClientConfigs);
InetSocketAddress addr = new InetSocketAddress("localhost", server.port());
selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
NetworkTestUtils.checkClientConnection(selector, node, 100, 10);
}
示例4: testInvalidEndpointIdentification
import org.apache.kafka.common.config.SslConfigs; //导入依赖的package包/类
/**
* Tests that server certificate with invalid host name is not accepted by
* a client that validates server endpoint. Server certificate uses
* wrong hostname as common name to trigger endpoint validation failure.
*/
@Test
public void testInvalidEndpointIdentification() throws Exception {
String node = "0";
serverCertStores = new CertStores(true, "server", "notahost");
clientCertStores = new CertStores(false, "client", "localhost");
sslServerConfigs = serverCertStores.getTrustingConfig(clientCertStores);
sslClientConfigs = clientCertStores.getTrustingConfig(serverCertStores);
sslClientConfigs.put(SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG, "HTTPS");
server = createEchoServer(SecurityProtocol.SSL);
createSelector(sslClientConfigs);
InetSocketAddress addr = new InetSocketAddress("localhost", server.port());
selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
NetworkTestUtils.waitForChannelClose(selector, node, ChannelState.AUTHENTICATE);
}
示例5: testEndpointIdentificationDisabled
import org.apache.kafka.common.config.SslConfigs; //导入依赖的package包/类
/**
* Tests that server certificate with invalid IP address is accepted by
* a client that has disabled endpoint validation
*/
@Test
public void testEndpointIdentificationDisabled() throws Exception {
String node = "0";
String serverHost = InetAddress.getLocalHost().getHostAddress();
SecurityProtocol securityProtocol = SecurityProtocol.SSL;
server = new NioEchoServer(ListenerName.forSecurityProtocol(securityProtocol), securityProtocol,
new TestSecurityConfig(sslServerConfigs), serverHost, null);
server.start();
sslClientConfigs.remove(SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG);
createSelector(sslClientConfigs);
InetSocketAddress addr = new InetSocketAddress(serverHost, server.port());
selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
NetworkTestUtils.checkClientConnection(selector, node, 100, 10);
}
示例6: testClientAuthenticationRequiredNotProvided
import org.apache.kafka.common.config.SslConfigs; //导入依赖的package包/类
/**
* Tests that server does not accept connections from clients which don't
* provide a certificate when client authentication is required.
*/
@Test
public void testClientAuthenticationRequiredNotProvided() throws Exception {
String node = "0";
sslServerConfigs.put(SslConfigs.SSL_CLIENT_AUTH_CONFIG, "required");
server = createEchoServer(SecurityProtocol.SSL);
sslClientConfigs.remove(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG);
sslClientConfigs.remove(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG);
sslClientConfigs.remove(SslConfigs.SSL_KEY_PASSWORD_CONFIG);
createSelector(sslClientConfigs);
InetSocketAddress addr = new InetSocketAddress("localhost", server.port());
selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
NetworkTestUtils.waitForChannelClose(selector, node, ChannelState.AUTHENTICATE);
}
示例7: testClientAuthenticationDisabledNotProvided
import org.apache.kafka.common.config.SslConfigs; //导入依赖的package包/类
/**
* Tests that server accepts connections from a client that does not provide
* a certificate if client authentication is disabled
*/
@Test
public void testClientAuthenticationDisabledNotProvided() throws Exception {
String node = "0";
sslServerConfigs.put(SslConfigs.SSL_CLIENT_AUTH_CONFIG, "none");
server = createEchoServer(SecurityProtocol.SSL);
sslClientConfigs.remove(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG);
sslClientConfigs.remove(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG);
sslClientConfigs.remove(SslConfigs.SSL_KEY_PASSWORD_CONFIG);
createSelector(sslClientConfigs);
InetSocketAddress addr = new InetSocketAddress("localhost", server.port());
selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
NetworkTestUtils.checkClientConnection(selector, node, 100, 10);
}
示例8: testClientAuthenticationRequestedNotProvided
import org.apache.kafka.common.config.SslConfigs; //导入依赖的package包/类
/**
* Tests that server accepts connections from a client that does not provide
* a certificate if client authentication is requested but not required
*/
@Test
public void testClientAuthenticationRequestedNotProvided() throws Exception {
String node = "0";
sslServerConfigs.put(SslConfigs.SSL_CLIENT_AUTH_CONFIG, "requested");
server = createEchoServer(SecurityProtocol.SSL);
sslClientConfigs.remove(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG);
sslClientConfigs.remove(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG);
sslClientConfigs.remove(SslConfigs.SSL_KEY_PASSWORD_CONFIG);
createSelector(sslClientConfigs);
InetSocketAddress addr = new InetSocketAddress("localhost", server.port());
selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
NetworkTestUtils.checkClientConnection(selector, node, 100, 10);
}
示例9: createSslConfig
import org.apache.kafka.common.config.SslConfigs; //导入依赖的package包/类
private static Map<String, Object> createSslConfig(Mode mode, File keyStoreFile, Password password, Password keyPassword,
File trustStoreFile, Password trustStorePassword) {
Map<String, Object> sslConfigs = new HashMap<>();
sslConfigs.put(SslConfigs.SSL_PROTOCOL_CONFIG, "TLSv1.2"); // protocol to create SSLContext
if (mode == Mode.SERVER || (mode == Mode.CLIENT && keyStoreFile != null)) {
sslConfigs.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, keyStoreFile.getPath());
sslConfigs.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, "JKS");
sslConfigs.put(SslConfigs.SSL_KEYMANAGER_ALGORITHM_CONFIG, TrustManagerFactory.getDefaultAlgorithm());
sslConfigs.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, password);
sslConfigs.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, keyPassword);
}
sslConfigs.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, trustStoreFile.getPath());
sslConfigs.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, trustStorePassword);
sslConfigs.put(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, "JKS");
sslConfigs.put(SslConfigs.SSL_TRUSTMANAGER_ALGORITHM_CONFIG, TrustManagerFactory.getDefaultAlgorithm());
List<String> enabledProtocols = new ArrayList<>();
enabledProtocols.add("TLSv1.2");
sslConfigs.put(SslConfigs.SSL_ENABLED_PROTOCOLS_CONFIG, enabledProtocols);
return sslConfigs;
}
示例10: defaultProps
import org.apache.kafka.common.config.SslConfigs; //导入依赖的package包/类
public Properties defaultProps() {
Properties props = new Properties();
props.setProperty(ProducerConfig.BOOTSTRAP_SERVERS_CONFIG, HopsUtil.getBrokerEndpoints());
props.setProperty("key.serializer", "org.apache.kafka.common.serialization.StringSerializer");
props.setProperty("value.serializer", "org.apache.kafka.common.serialization.ByteArraySerializer");
//configure the ssl parameters
props.setProperty(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SSL");
props.setProperty(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, HopsUtil.getTrustStore());
props.setProperty(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, HopsUtil.getTruststorePwd());
props.setProperty(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, HopsUtil.getKeyStore());
props.setProperty(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, HopsUtil.getKeystorePwd());
props.setProperty(SslConfigs.SSL_KEY_PASSWORD_CONFIG, HopsUtil.getKeystorePwd());
return props;
}
示例11: getSparkStructuredStreamingKafkaProps
import org.apache.kafka.common.config.SslConfigs; //导入依赖的package包/类
/**
*
* @param userOptions
* @return
*/
public Map<String, String> getSparkStructuredStreamingKafkaProps(Map<String, String> userOptions) {
//Create options map for kafka
Map<String, String> options = new HashMap<>();
options.put("kafka." + ProducerConfig.BOOTSTRAP_SERVERS_CONFIG, HopsUtil.getBrokerEndpoints());
options.put("subscribe", HopsUtil.getTopicsAsCSV());
options.put("kafka." + CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SSL");
options.put("kafka." + SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, HopsUtil.getTrustStore());
options.put("kafka." + SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, HopsUtil.getTruststorePwd());
options.put("kafka." + SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, HopsUtil.getKeyStore());
options.put("kafka." + SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, HopsUtil.getKeystorePwd());
options.put("kafka." + SslConfigs.SSL_KEY_PASSWORD_CONFIG, HopsUtil.getKeystorePwd());
if (userOptions != null) {
options.putAll(userOptions);
}
return options;
}
示例12: createSslConfig
import org.apache.kafka.common.config.SslConfigs; //导入依赖的package包/类
private static Map<String, Object> createSslConfig(Mode mode, File keyStoreFile, Password password, Password keyPassword,
File trustStoreFile, Password trustStorePassword) {
Map<String, Object> sslConfigs = new HashMap<>();
sslConfigs.put(SslConfigs.SSL_PROTOCOL_CONFIG, "TLSv1.2"); // protocol to create SSLContext
if (mode == Mode.SERVER || (mode == Mode.CLIENT && keyStoreFile != null)) {
sslConfigs.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, keyStoreFile.getPath());
sslConfigs.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, "JKS");
sslConfigs.put(SslConfigs.SSL_KEYMANAGER_ALGORITHM_CONFIG, TrustManagerFactory.getDefaultAlgorithm());
sslConfigs.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, password);
sslConfigs.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, keyPassword);
}
sslConfigs.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, trustStoreFile.getPath());
sslConfigs.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, trustStorePassword);
sslConfigs.put(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, "JKS");
sslConfigs.put(SslConfigs.SSL_TRUSTMANAGER_ALGORITHM_CONFIG, TrustManagerFactory.getDefaultAlgorithm());
List<String> enabledProtocols = new ArrayList<>();
enabledProtocols.add("TLSv1.2");
sslConfigs.put(SslConfigs.SSL_ENABLED_PROTOCOLS_CONFIG, enabledProtocols);
return sslConfigs;
}
示例13: testInvalidEndpointIdentification
import org.apache.kafka.common.config.SslConfigs; //导入依赖的package包/类
/**
* Tests that server certificate with invalid host name is not accepted by
* a client that validates server endpoint. Server certificate uses
* wrong hostname as common name to trigger endpoint validation failure.
*/
@Test
public void testInvalidEndpointIdentification() throws Exception {
String node = "0";
serverCertStores = new CertStores(true, "notahost");
clientCertStores = new CertStores(false, "localhost");
sslServerConfigs = serverCertStores.getTrustingConfig(clientCertStores);
sslClientConfigs = clientCertStores.getTrustingConfig(serverCertStores);
sslClientConfigs.put(SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG, "HTTPS");
server = NetworkTestUtils.createEchoServer(SecurityProtocol.SSL, sslServerConfigs);
createSelector(sslClientConfigs);
InetSocketAddress addr = new InetSocketAddress("localhost", server.port());
selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
NetworkTestUtils.waitForChannelClose(selector, node);
}
示例14: testClientAuthenticationRequiredNotProvided
import org.apache.kafka.common.config.SslConfigs; //导入依赖的package包/类
/**
* Tests that server does not accept connections from clients which don't
* provide a certificate when client authentication is required.
*/
@Test
public void testClientAuthenticationRequiredNotProvided() throws Exception {
String node = "0";
sslServerConfigs.put(SslConfigs.SSL_CLIENT_AUTH_CONFIG, "required");
server = NetworkTestUtils.createEchoServer(SecurityProtocol.SSL, sslServerConfigs);
sslClientConfigs.remove(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG);
sslClientConfigs.remove(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG);
sslClientConfigs.remove(SslConfigs.SSL_KEY_PASSWORD_CONFIG);
createSelector(sslClientConfigs);
InetSocketAddress addr = new InetSocketAddress("localhost", server.port());
selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
NetworkTestUtils.waitForChannelClose(selector, node);
}
示例15: testClientAuthenticationDisabledNotProvided
import org.apache.kafka.common.config.SslConfigs; //导入依赖的package包/类
/**
* Tests that server accepts connections from a client that does not provide
* a certificate if client authentication is disabled
*/
@Test
public void testClientAuthenticationDisabledNotProvided() throws Exception {
String node = "0";
sslServerConfigs.put(SslConfigs.SSL_CLIENT_AUTH_CONFIG, "none");
server = NetworkTestUtils.createEchoServer(SecurityProtocol.SSL, sslServerConfigs);
sslClientConfigs.remove(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG);
sslClientConfigs.remove(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG);
sslClientConfigs.remove(SslConfigs.SSL_KEY_PASSWORD_CONFIG);
createSelector(sslClientConfigs);
InetSocketAddress addr = new InetSocketAddress("localhost", server.port());
selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
NetworkTestUtils.checkClientConnection(selector, node, 100, 10);
}