String certPath2 = TestUtils.randomAlphaString(100); Buffer certValue2 = Buffer.buffer(TestUtils.randomAlphaString(100)); options.addKeyPath(keyPath2); options.addKeyValue(keyValue2); options.addCertPath(certPath2);
String certPath2 = TestUtils.randomAlphaString(100); Buffer certValue2 = Buffer.buffer(TestUtils.randomAlphaString(100)); options.addKeyPath(keyPath2); options.addKeyValue(keyValue2); options.addCertPath(certPath2);
/** * Create an options instance for the ProtonClient * * @return ProtonClient options instance */ private ProtonClientOptions createClientOptions() { ProtonClientOptions options = new ProtonClientOptions(); options.setConnectTimeout(5000); options.setReconnectAttempts(-1).setReconnectInterval(1000); // reconnect forever, every 1000 millisecs String certDir = this.options.getCertDir(); if (certDir != null) { options.setSsl(true) .addEnabledSaslMechanism("EXTERNAL") .setHostnameVerificationAlgorithm("") .setPemTrustOptions(new PemTrustOptions() .addCertPath(new File(certDir, "ca.crt").getAbsolutePath())) .setPemKeyCertOptions(new PemKeyCertOptions() .addCertPath(new File(certDir, "tls.crt").getAbsolutePath()) .addKeyPath(new File(certDir, "tls.key").getAbsolutePath())); } return options; }
/** * Create an options instance for the ProtonServer * based on AMQP-Kafka bridge internal configuration * * @return ProtonServer options instance */ private ProtonServerOptions createServerOptions(){ ProtonServerOptions options = new ProtonServerOptions(); options.setHost(this.bridgeConfigProperties.getEndpointConfigProperties().getHost()); options.setPort(this.bridgeConfigProperties.getEndpointConfigProperties().getPort()); if (this.bridgeConfigProperties.getEndpointConfigProperties().getCertDir() != null && this.bridgeConfigProperties.getEndpointConfigProperties().getCertDir().length() > 0) { String certDir = this.bridgeConfigProperties.getEndpointConfigProperties().getCertDir(); log.info("Enabling SSL configuration for AMQP with TLS certificates from {}", certDir); options.setSsl(true) .setPemTrustOptions(new PemTrustOptions() .addCertPath(new File(certDir, "ca.crt").getAbsolutePath())) .setPemKeyCertOptions(new PemKeyCertOptions() .addCertPath(new File(certDir, "tls.crt").getAbsolutePath()) .addKeyPath(new File(certDir, "tls.key").getAbsolutePath())); } return options; }
/** * Create an options instance for the ProtonClient * * @return ProtonClient options instance */ private ProtonClientOptions createClientOptions() { ProtonClientOptions options = new ProtonClientOptions(); options.setConnectTimeout(1000); options.setReconnectAttempts(-1).setReconnectInterval(1000); // reconnect forever, every 1000 millisecs if (this.bridgeConfigProperties.getEndpointConfigProperties().getCertDir() != null && this.bridgeConfigProperties.getEndpointConfigProperties().getCertDir().length() > 0) { String certDir = this.bridgeConfigProperties.getEndpointConfigProperties().getCertDir(); log.info("Enabling SSL configuration for AMQP with TLS certificates from {}", certDir); options.setSsl(true) .addEnabledSaslMechanism("EXTERNAL") .setHostnameVerificationAlgorithm("") .setPemTrustOptions(new PemTrustOptions() .addCertPath(new File(certDir, "ca.crt").getAbsolutePath())) .setPemKeyCertOptions(new PemKeyCertOptions() .addCertPath(new File(certDir, "tls.crt").getAbsolutePath()) .addKeyPath(new File(certDir, "tls.key").getAbsolutePath())); } return options; }
public JsonObject getConfiguration() { JsonObject config = new JsonObject(); config.put("host", getHost()); config.put("port", getPort()); config.put("ssl", true); PemKeyCertOptions options = new PemKeyCertOptions() .addCertPath("target/vault/config/ssl/client-cert.pem") .addKeyPath("target/vault/config/ssl/client-privatekey.pem"); config.put("pemKeyCertOptions", options.toJson()); JksOptions jks = new JksOptions() .setPath("target/vault/config/ssl/truststore.jks"); config.put("trustStoreOptions", jks.toJson()); return config; }
public JsonObject getConfiguration() { JsonObject config = new JsonObject(); config.put("host", getHost()); config.put("port", getPort()); config.put("ssl", true); PemKeyCertOptions options = new PemKeyCertOptions() .addCertPath("target/vault/config/ssl/client-cert.pem") .addKeyPath("target/vault/config/ssl/client-privatekey.pem"); config.put("pemKeyCertOptions", options.toJson()); JksOptions jks = new JksOptions() .setPath("target/vault/config/ssl/truststore.jks"); config.put("trustStoreOptions", jks.toJson()); return config; }
@Override protected JsonObject getRetrieverConfiguration() { JsonObject config = new JsonObject(); config.put("host", process.getHost()); config.put("port", process.getPort()); config.put("ssl", true); PemKeyCertOptions options = new PemKeyCertOptions() .addCertPath("target/vault/config/ssl/client-cert.pem") .addKeyPath("target/vault/config/ssl/client-privatekey.pem"); config.put("pemKeyCertOptions", options.toJson()); PemTrustOptions trust = new PemTrustOptions() .addCertPath("target/vault/config/ssl/cert.pem"); config.put("pemTrustStoreOptions", trust.toJson()); JksOptions jks = new JksOptions() .setPath("target/vault/config/ssl/truststore.jks"); config.put("trustStoreOptions", jks.toJson()); config.put("auth-backend", "cert"); return config; }
@Override protected JsonObject getRetrieverConfiguration() { JsonObject config = new JsonObject(); config.put("host", process.getHost()); config.put("port", process.getPort()); config.put("ssl", true); PemKeyCertOptions options = new PemKeyCertOptions() .addCertPath("target/vault/config/ssl/client-cert.pem") .addKeyPath("target/vault/config/ssl/client-privatekey.pem"); config.put("pemKeyCertOptions", options.toJson()); PemTrustOptions trust = new PemTrustOptions() .addCertPath("target/vault/config/ssl/cert.pem"); config.put("pemTrustStoreOptions", trust.toJson()); JksOptions jks = new JksOptions() .setPath("target/vault/config/ssl/truststore.jks"); config.put("trustStoreOptions", jks.toJson()); config.put("auth-backend", "cert"); return config; }
/** * Tests authentication with the cert auth backend using PEM file */ @Test public void testLoginByCert_usingPemConfig(TestContext tc) throws VaultException { JsonObject config = new JsonObject(); config.put("host", process.getHost()); config.put("port", process.getPort()); config.put("ssl", true); PemKeyCertOptions options = new PemKeyCertOptions() .addCertPath("target/vault/config/ssl/client-cert.pem") .addKeyPath("target/vault/config/ssl/client-privatekey.pem"); config.put("pemKeyCertOptions", options.toJson()); PemTrustOptions trust = new PemTrustOptions() .addCertPath("target/vault/config/ssl/cert.pem"); config.put("pemTrustStoreOptions", trust.toJson()); JksOptions jks = new JksOptions() .setPath("target/vault/config/ssl/truststore.jks"); config.put("trustStoreOptions", jks.toJson()); client = new SlimVaultClient(vertx, config); checkWeCanLoginAndAccessRestrictedSecrets(tc); }
/** * Tests authentication with the cert auth backend using PEM file */ @Test public void testLoginByCert_usingPemConfig(TestContext tc) throws VaultException { JsonObject config = new JsonObject(); config.put("host", process.getHost()); config.put("port", process.getPort()); config.put("ssl", true); PemKeyCertOptions options = new PemKeyCertOptions() .addCertPath("target/vault/config/ssl/client-cert.pem") .addKeyPath("target/vault/config/ssl/client-privatekey.pem"); config.put("pemKeyCertOptions", options.toJson()); PemTrustOptions trust = new PemTrustOptions() .addCertPath("target/vault/config/ssl/cert.pem"); config.put("pemTrustStoreOptions", trust.toJson()); JksOptions jks = new JksOptions() .setPath("target/vault/config/ssl/truststore.jks"); config.put("trustStoreOptions", jks.toJson()); client = new SlimVaultClient(vertx, config); checkWeCanLoginAndAccessRestrictedSecrets(tc); }