@ -19,7 +19,6 @@ package org.apache.kafka.test;
@@ -19,7 +19,6 @@ package org.apache.kafka.test;
import org.apache.kafka.common.config.SslConfigs ;
import org.apache.kafka.common.network.Mode ;
import org.apache.kafka.clients.CommonClientConfigs ;
import java.io.File ;
import java.io.FileOutputStream ;
@ -116,11 +115,8 @@ public class TestSslUtils {
@@ -116,11 +115,8 @@ public class TestSslUtils {
private static void saveKeyStore ( KeyStore ks , String filename ,
Password password ) throws GeneralSecurityException , IOException {
FileOutputStream out = new FileOutputStream ( filename ) ;
try {
try ( FileOutputStream out = new FileOutputStream ( filename ) ) {
ks . store ( out , password . value ( ) . toCharArray ( ) ) ;
} finally {
out . close ( ) ;
}
}
@ -154,14 +150,6 @@ public class TestSslUtils {
@@ -154,14 +150,6 @@ public class TestSslUtils {
saveKeyStore ( ks , filename , password ) ;
}
public static void createTrustStore ( String filename ,
Password password , String alias ,
Certificate cert ) throws GeneralSecurityException , IOException {
KeyStore ks = createEmptyKeyStore ( ) ;
ks . setCertificateEntry ( alias , cert ) ;
saveKeyStore ( ks , filename , password ) ;
}
public static < T extends Certificate > void createTrustStore (
String filename , Password password , Map < String , T > certs ) throws GeneralSecurityException , IOException {
KeyStore ks = KeyStore . getInstance ( "JKS" ) ;
@ -178,18 +166,9 @@ public class TestSslUtils {
@@ -178,18 +166,9 @@ public class TestSslUtils {
saveKeyStore ( ks , filename , password ) ;
}
public static Map < String , X509Certificate > createX509Certificates ( KeyPair keyPair )
throws GeneralSecurityException {
Map < String , X509Certificate > certs = new HashMap < String , X509Certificate > ( ) ;
X509Certificate cert = generateCertificate ( "CN=localhost, O=localhost" , keyPair , 30 , "SHA1withRSA" ) ;
certs . put ( "localhost" , cert ) ;
return certs ;
}
public static Map < String , Object > createSslConfig ( Mode mode , File keyStoreFile , Password password , Password keyPassword ,
private static Map < String , Object > createSslConfig ( Mode mode , File keyStoreFile , Password password , Password keyPassword ,
File trustStoreFile , Password trustStorePassword ) {
Map < String , Object > sslConfigs = new HashMap < > ( ) ;
sslConfigs . put ( CommonClientConfigs . SECURITY_PROTOCOL_CONFIG , "SSL" ) ; // kafka security protocol
sslConfigs . put ( SslConfigs . SSL_PROTOCOL_CONFIG , "TLSv1.2" ) ; // protocol to create SSLContext
if ( mode = = Mode . SERVER | | ( mode = = Mode . CLIENT & & keyStoreFile ! = null ) ) {
@ -219,27 +198,22 @@ public class TestSslUtils {
@@ -219,27 +198,22 @@ public class TestSslUtils {
public static Map < String , Object > createSslConfig ( boolean useClientCert , boolean trustStore , Mode mode , File trustStoreFile , String certAlias , String host )
throws IOException , GeneralSecurityException {
Map < String , X509Certificate > certs = new HashMap < String , X509Certificate > ( ) ;
Map < String , X509Certificate > certs = new HashMap < > ( ) ;
File keyStoreFile ;
Password password ;
if ( mode = = Mode . SERVER )
password = new Password ( "ServerPassword" ) ;
else
password = new Password ( "ClientPassword" ) ;
Password password = mode = = Mode . SERVER ? new Password ( "ServerPassword" ) : new Password ( "ClientPassword" ) ;
Password trustStorePassword = new Password ( "TrustStorePassword" ) ;
if ( useClientCert ) {
keyStoreFile = File . createTempFile ( "clientKS" , ".jks" ) ;
KeyPair cKP = generateKeyPair ( "RSA" ) ;
X509Certificate cCert = generateCertificate ( "CN=" + host + ", O=client" , cKP , 30 , "SHA1withRSA" ) ;
X509Certificate cCert = generateCertificate ( "CN=" + host + ", O=A client" , cKP , 30 , "SHA1withRSA" ) ;
createKeyStore ( keyStoreFile . getPath ( ) , password , "client" , cKP . getPrivate ( ) , cCert ) ;
certs . put ( certAlias , cCert ) ;
} else {
keyStoreFile = File . createTempFile ( "serverKS" , ".jks" ) ;
KeyPair sKP = generateKeyPair ( "RSA" ) ;
X509Certificate sCert = generateCertificate ( "CN=" + host + ", O=server" , sKP , 30 ,
X509Certificate sCert = generateCertificate ( "CN=" + host + ", O=A server" , sKP , 30 ,
"SHA1withRSA" ) ;
createKeyStore ( keyStoreFile . getPath ( ) , password , password , "server" , sKP . getPrivate ( ) , sCert ) ;
certs . put ( certAlias , sCert ) ;
@ -249,9 +223,7 @@ public class TestSslUtils {
@@ -249,9 +223,7 @@ public class TestSslUtils {
createTrustStore ( trustStoreFile . getPath ( ) , trustStorePassword , certs ) ;
}
Map < String , Object > sslConfig = createSslConfig ( mode , keyStoreFile , password ,
password , trustStoreFile , trustStorePassword ) ;
return sslConfig ;
return createSslConfig ( mode , keyStoreFile , password , password , trustStoreFile , trustStorePassword ) ;
}
}