基于SASL_SSL的Kafka Java客户端,忽略信任库的配置并采用默认证书

时间:2019-12-01 01:19:40

标签: java ssl apache-kafka kafka-consumer-api

我正在尝试使用默认证书进行握手的使用者,而忽略了Config中定义的证书,出了什么问题?

尝试使用邮件时,它使用的是默认证书,并引发SSL握手错误。

    public class Consumer {

    final KafkaConsumer<String,String> mConsumer;
    final Logger mLogger = LoggerFactory.getLogger(Consumer.class);

    private Properties consumerProperties(String bootstrapServer,String username, String password,String certPasswd) {
        //String serializer = StringSerializer.class.getName();
        String serializer = StringSerializer.class.getName();
        String deserializer = StringDeserializer.class.getName();
        String jaasTemplate = "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"%s\" password=\"%s\";";
        String jaasCfg = String.format(jaasTemplate, username, password);
        Properties props = new Properties();
        props.setProperty(ProducerConfig.BOOTSTRAP_SERVERS_CONFIG,bootstrapServer);
        props.setProperty(ProducerConfig.KEY_SERIALIZER_CLASS_CONFIG, serializer);
        props.setProperty(ProducerConfig.VALUE_SERIALIZER_CLASS_CONFIG,serializer);
        props.setProperty("security.inter.broker.protocol", "SASL_SSL");
        props.setProperty("bootstrap.servers", bootstrapServer);
        props.setProperty("group.id", username + "-nprod-consumer");
        //props.setProperty("enable.auto.commit", "true");
        props.setProperty("auto.commit.interval.ms", "1000");
        props.setProperty("auto.offset.reset", "earliest");
        props.setProperty("session.timeout.ms", "30000");
        props.setProperty("key.deserializer", deserializer);
        props.setProperty("value.deserializer", deserializer);
        props.setProperty("key.serializer", serializer);
        props.setProperty("value.serializer", serializer);
        props.setProperty("security.protocol", "SASL_SSL");
        props.setProperty("sasl.mechanism", "PLAIN");
        props.setProperty("ssl.keystore.location","client.keystore.jks");
        props.setProperty("ssl.keystore.password",certPasswd);
        props.setProperty("ssl.key.password",certPasswd);
        props.setProperty("ssl.enabled.protocols","TLSv1.2,TLSv1.1,TLSv1");
        props.setProperty("ssl.client.auth","required");
        props.setProperty("ssl.truststore.location","client.truststore.jks");
        props.setProperty("ssl.truststore.password",certPasswd);
        props.setProperty("sasl.jaas.config", jaasCfg);
        return props;
    }

    Consumer(String bootstrapServer,String username, String password,String certPassword) {
        Properties props = consumerProperties(bootstrapServer,username,password,certPassword);
        mConsumer= new KafkaConsumer<>(props);
        mLogger.info("Consumer Initialized");
    }

    void read(String topic) throws ExecutionException, InterruptedException {
        mConsumer.subscribe(Arrays.asList(topic));
        while (true) {
            ConsumerRecords<String, String> records = mConsumer.poll(1000);
            for (ConsumerRecord<String, String> record : records) {
                System.out.printf("%s [%d] offset=%d, key=%s, value=\"%s\"\n",
                                  record.topic(), record.partition(),
                                  record.offset(), record.key(), record.value());
            }
        }
    }
    void close(){
        mLogger.info("Closing Consumer");
        mConsumer.close();
    }
}

请提出建议,我如何才能忽略默认证书并强制执行针对消费者的配置中定义的证书。

0 个答案:

没有答案