/** * Loads this keystore * @return the keystore * @throws KafkaException if the file could not be read or if the keystore could not be loaded * using the specified configs (e.g. if the password or keystore type is invalid) */ KeyStore load() { try (InputStream in = Files.newInputStream(Paths.get(path))) { KeyStore ks = KeyStore.getInstance(type); // If a password is not set access to the truststore is still available, but integrity checking is disabled. char[] passwordChars = password != null ? password.value().toCharArray() : null; ks.load(in, passwordChars); fileLastModifiedMs = lastModifiedMs(path); log.debug("Loaded key store with path {} modification time {}", path, fileLastModifiedMs == null ? null : new Date(fileLastModifiedMs)); return ks; } catch (GeneralSecurityException | IOException e) { throw new KafkaException("Failed to load SSL keystore " + path + " of type " + type, e); } }
private static void saveKeyStore(KeyStore ks, String filename, Password password) throws GeneralSecurityException, IOException { try (OutputStream out = Files.newOutputStream(Paths.get(filename))) { ks.store(out, password.value().toCharArray()); } }
/** * Converts a map of config (key, value) pairs to a map of strings where each value * is converted to a string. This method should be used with care since it stores * actual password values to String. Values from this map should never be used in log entries. */ public static Map<String, String> convertToStringMapWithPasswordValues(Map<String, ?> configs) { Map<String, String> result = new HashMap<>(); for (Map.Entry<String, ?> entry : configs.entrySet()) { Object value = entry.getValue(); String strValue; if (value instanceof Password) strValue = ((Password) value).value(); else if (value instanceof List) strValue = convertToString(value, Type.LIST); else if (value instanceof Class) strValue = convertToString(value, Type.CLASS); else strValue = convertToString(value, null); if (strValue != null) result.put(entry.getKey(), strValue); } return result; }
static JaasContext load(JaasContext.Type contextType, String listenerContextName, String globalContextName, Password dynamicJaasConfig) { if (dynamicJaasConfig != null) { JaasConfig jaasConfig = new JaasConfig(globalContextName, dynamicJaasConfig.value()); AppConfigurationEntry[] contextModules = jaasConfig.getAppConfigurationEntry(globalContextName); if (contextModules == null || contextModules.length == 0) throw new IllegalArgumentException("JAAS config property does not contain any login modules"); else if (contextModules.length != 1) throw new IllegalArgumentException("JAAS config property contains " + contextModules.length + " login modules, should be 1 module"); return new JaasContext(globalContextName, contextType, jaasConfig, dynamicJaasConfig); } else return defaultContext(contextType, listenerContextName, globalContextName); }
public static <T extends Certificate> void createTrustStore( String filename, Password password, Map<String, T> certs) throws GeneralSecurityException, IOException { KeyStore ks = KeyStore.getInstance("JKS"); try (InputStream in = Files.newInputStream(Paths.get(filename))) { ks.load(in, password.value().toCharArray()); } catch (EOFException e) { ks = createEmptyKeyStore(); } for (Map.Entry<String, T> cert : certs.entrySet()) { ks.setCertificateEntry(cert.getKey(), cert.getValue()); } saveKeyStore(ks, filename, password); }
KeyStore ks = keystore.load(); Password keyPassword = keystore.keyPassword != null ? keystore.keyPassword : keystore.password; kmf.init(ks, keyPassword.value().toCharArray()); keyManagers = kmf.getKeyManagers();
public static void createKeyStore(String filename, Password password, String alias, Key privateKey, Certificate cert) throws GeneralSecurityException, IOException { KeyStore ks = createEmptyKeyStore(); ks.setKeyEntry(alias, privateKey, password.value().toCharArray(), new Certificate[]{cert}); saveKeyStore(ks, filename, password); }
/** * Creates a keystore with a single key and saves it to a file. * * @param filename String file to save * @param password String store password to set on keystore * @param keyPassword String key password to set on key * @param alias String alias to use for the key * @param privateKey Key to save in keystore * @param cert Certificate to use as certificate chain associated to key * @throws GeneralSecurityException for any error with the security APIs * @throws IOException if there is an I/O error saving the file */ public static void createKeyStore(String filename, Password password, Password keyPassword, String alias, Key privateKey, Certificate cert) throws GeneralSecurityException, IOException { KeyStore ks = createEmptyKeyStore(); ks.setKeyEntry(alias, privateKey, keyPassword.value().toCharArray(), new Certificate[]{cert}); saveKeyStore(ks, filename, password); }
Password saslJaasConfig3 = new Password("test.myLoginModule3 required;"); Properties props = new Properties(); props.put("listener.name.listener1.test-mechanism.sasl.jaas.config", saslJaasConfig1.value()); props.put("test-mechanism.sasl.jaas.config", saslJaasConfig2.value()); props.put("sasl.jaas.config", saslJaasConfig3.value()); props.put("listener.name.listener1.gssapi.sasl.kerberos.kinit.cmd", "/usr/bin/kinit2"); props.put("listener.name.listener1.gssapi.sasl.kerberos.service.name", "testkafka");
private static void saveKeyStore(KeyStore ks, String filename, Password password) throws GeneralSecurityException, IOException { try (FileOutputStream out = new FileOutputStream(filename)) { ks.store(out, password.value().toCharArray()); } }
private String getPasswordValue(String key) { Password password = getPassword(key); if (password != null) { return password.value(); } return null; }
/** * @return The Accumulo password the Sail connections will use. */ public String getPassword() { return super.getPassword(PASSWORD).value(); } }
/** * @return The Mongo DB password the Sail connections will use. */ public String getPassword() { return super.getPassword(PASSWORD).value(); } }
public String getAuthPassword(){ return this.getPassword(AUTH_PASSWORD_CONFIG).value(); } }
public static <T extends Certificate> void createTrustStore( String filename, Password password, Map<String, T> certs) throws GeneralSecurityException, IOException { KeyStore ks = KeyStore.getInstance("JKS"); try { FileInputStream in = new FileInputStream(filename); ks.load(in, password.value().toCharArray()); in.close(); } catch (EOFException e) { ks = createEmptyKeyStore(); } for (Map.Entry<String, T> cert : certs.entrySet()) { ks.setCertificateEntry(cert.getKey(), cert.getValue()); } saveKeyStore(ks, filename, password); }
public static void createKeyStore(String filename, Password password, String alias, Key privateKey, Certificate cert) throws GeneralSecurityException, IOException { KeyStore ks = createEmptyKeyStore(); ks.setKeyEntry(alias, privateKey, password.value().toCharArray(), new Certificate[]{cert}); saveKeyStore(ks, filename, password); }
/** * Configures TrustStore related settings in SslContextFactory */ protected static void configureSslContextFactoryTrustStore(SslContextFactory ssl, Map<String, Object> sslConfigValues) { ssl.setTrustStoreType((String) getOrDefault(sslConfigValues, SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, SslConfigs.DEFAULT_SSL_TRUSTSTORE_TYPE)); String sslTruststoreLocation = (String) sslConfigValues.get(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG); if (sslTruststoreLocation != null) ssl.setTrustStorePath(sslTruststoreLocation); Password sslTruststorePassword = (Password) sslConfigValues.get(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG); if (sslTruststorePassword != null) ssl.setTrustStorePassword(sslTruststorePassword.value()); }
public PooledCDCSourceConnectorConfig(ConfigDef definition, Map<?, ?> originals) { super(definition, originals); this.jdbcUsername = this.getString(JDBC_USERNAME_CONF); this.jdbcPassword = this.getPassword(JDBC_PASSWORD_CONF).value(); this.jdbcPoolMaxTotal = this.getInt(JDBC_POOL_MAX_TOTAL_CONF); this.jdbcPoolMaxIdle = this.getInt(JDBC_POOL_MAX_IDLE_CONF); this.jdbcPoolMinIdle = this.getInt(JDBC_POOL_MIN_IDLE_CONF); this.serverName = this.getString(SERVER_NAME_CONF); this.serverPort = this.getInt(SERVER_PORT_CONF); this.initialDatabase = this.getString(INITIAL_DATABASE_CONF); }
public PooledCDCSourceConnectorConfig(ConfigDef definition, Map<?, ?> originals) { super(definition, originals); this.jdbcUsername = this.getString(JDBC_USERNAME_CONF); this.jdbcPassword = this.getPassword(JDBC_PASSWORD_CONF).value(); this.jdbcPoolMaxTotal = this.getInt(JDBC_POOL_MAX_TOTAL_CONF); this.jdbcPoolMaxIdle = this.getInt(JDBC_POOL_MAX_IDLE_CONF); this.jdbcPoolMinIdle = this.getInt(JDBC_POOL_MIN_IDLE_CONF); this.serverName = this.getString(SERVER_NAME_CONF); this.serverPort = this.getInt(SERVER_PORT_CONF); this.initialDatabase = this.getString(INITIAL_DATABASE_CONF); }