基于SASL_SSL的Kafka java客户端,忽略信任库的配置并获取默认证书
我尝试使用默认证书进行握手的消费者,忽略了配置中定义的证书,出了什么问题 当尝试使用消息时,它使用默认证书并引发SSL握手错误基于SASL_SSL的Kafka java客户端,忽略信任库的配置并获取默认证书,java,ssl,apache-kafka,kafka-consumer-api,Java,Ssl,Apache Kafka,Kafka Consumer Api,我尝试使用默认证书进行握手的消费者,忽略了配置中定义的证书,出了什么问题 当尝试使用消息时,它使用默认证书并引发SSL握手错误 public class Consumer { final KafkaConsumer<String,String> mConsumer; final Logger mLogger = LoggerFactory.getLogger(Consumer.class); private Properties consumerP
public class Consumer {
final KafkaConsumer<String,String> mConsumer;
final Logger mLogger = LoggerFactory.getLogger(Consumer.class);
private Properties consumerProperties(String bootstrapServer,String username, String password,String certPasswd) {
//String serializer = StringSerializer.class.getName();
String serializer = StringSerializer.class.getName();
String deserializer = StringDeserializer.class.getName();
String jaasTemplate = "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"%s\" password=\"%s\";";
String jaasCfg = String.format(jaasTemplate, username, password);
Properties props = new Properties();
props.setProperty(ProducerConfig.BOOTSTRAP_SERVERS_CONFIG,bootstrapServer);
props.setProperty(ProducerConfig.KEY_SERIALIZER_CLASS_CONFIG, serializer);
props.setProperty(ProducerConfig.VALUE_SERIALIZER_CLASS_CONFIG,serializer);
props.setProperty("security.inter.broker.protocol", "SASL_SSL");
props.setProperty("bootstrap.servers", bootstrapServer);
props.setProperty("group.id", username + "-nprod-consumer");
//props.setProperty("enable.auto.commit", "true");
props.setProperty("auto.commit.interval.ms", "1000");
props.setProperty("auto.offset.reset", "earliest");
props.setProperty("session.timeout.ms", "30000");
props.setProperty("key.deserializer", deserializer);
props.setProperty("value.deserializer", deserializer);
props.setProperty("key.serializer", serializer);
props.setProperty("value.serializer", serializer);
props.setProperty("security.protocol", "SASL_SSL");
props.setProperty("sasl.mechanism", "PLAIN");
props.setProperty("ssl.keystore.location","client.keystore.jks");
props.setProperty("ssl.keystore.password",certPasswd);
props.setProperty("ssl.key.password",certPasswd);
props.setProperty("ssl.enabled.protocols","TLSv1.2,TLSv1.1,TLSv1");
props.setProperty("ssl.client.auth","required");
props.setProperty("ssl.truststore.location","client.truststore.jks");
props.setProperty("ssl.truststore.password",certPasswd);
props.setProperty("sasl.jaas.config", jaasCfg);
return props;
}
Consumer(String bootstrapServer,String username, String password,String certPassword) {
Properties props = consumerProperties(bootstrapServer,username,password,certPassword);
mConsumer= new KafkaConsumer<>(props);
mLogger.info("Consumer Initialized");
}
void read(String topic) throws ExecutionException, InterruptedException {
mConsumer.subscribe(Arrays.asList(topic));
while (true) {
ConsumerRecords<String, String> records = mConsumer.poll(1000);
for (ConsumerRecord<String, String> record : records) {
System.out.printf("%s [%d] offset=%d, key=%s, value=\"%s\"\n",
record.topic(), record.partition(),
record.offset(), record.key(), record.value());
}
}
}
void close(){
mLogger.info("Closing Consumer");
mConsumer.close();
}
}
公共类消费者{
最终卡夫卡消费者mConsumer;
最终记录器mLogger=LoggerFactory.getLogger(Consumer.class);
私有属性消费者属性(字符串bootstrapServer、字符串用户名、字符串密码、字符串certPasswd){
//String serializer=StringSerializer.class.getName();
String serializer=StringSerializer.class.getName();
字符串反序列化器=StringDeserializer.class.getName();
String jaasTemplate=“org.apache.kafka.common.security.plain.PlainLoginModule所需用户名=\%s\”密码=\%s\;”;
String jaasCfg=String.format(jaasTemplate、用户名、密码);
Properties props=新属性();
setProperty(ProducerConfig.BOOTSTRAP\u SERVERS\u CONFIG,bootstrapServer);
setProperty(ProducerConfig.KEY\u SERIALIZER\u CLASS\u CONFIG,SERIALIZER);
setProperty(ProducerConfig.VALUE\u SERIALIZER\u CLASS\u CONFIG,SERIALIZER);
props.setProperty(“security.inter.broker.protocol”、“SASL_SSL”);
setProperty(“bootstrap.servers”,bootstrapServer);
props.setProperty(“group.id”,username+“-nprod consumer”);
//setProperty(“enable.auto.commit”、“true”);
setProperty(“auto.commit.interval.ms”、“1000”);
props.setProperty(“auto.offset.reset”、“最早”);
props.setProperty(“session.timeout.ms”,“30000”);
setProperty(“key.deserializer”,反序列化器);
setProperty(“value.deserializer”,反序列化器);
setProperty(“key.serializer”,serializer);
setProperty(“value.serializer”,serializer);
props.setProperty(“security.protocol”、“SASL_SSL”);
道具设置属性(“sasl.mechanism”、“PLAIN”);
setProperty(“ssl.keystore.location”、“client.keystore.jks”);
setProperty(“ssl.keystore.password”,certPasswd);
setProperty(“ssl.key.password”,certPasswd);
props.setProperty(“ssl.enabled.protocols”、“TLSv1.2、TLSv1.1、TLSv1”);
props.setProperty(“ssl.client.auth”,“必需”);
props.setProperty(“ssl.truststore.location”、“client.truststore.jks”);
setProperty(“ssl.truststore.password”,certPasswd);
props.setProperty(“sasl.jaas.config”,jaasCfg);
返回道具;
}
使用者(字符串引导服务器、字符串用户名、字符串密码、字符串证书密码){
Properties=consumerProperties(bootstrapServer、用户名、密码、证书密码);
mConsumer=新卡夫卡消费者(道具);
mLogger.info(“消费者初始化”);
}
无效读取(字符串主题)引发ExecutionException、InterruptedException{
subscribe(Arrays.asList(topic));
while(true){
消费者记录记录=mConsumer.poll(1000);
对于(消费者记录:记录){
System.out.printf(“%s[%d]偏移量=%d,键=%s,值=\%s\”\n),
record.topic(),record.partition(),
record.offset()、record.key()、record.value();
}
}
}
无效关闭(){
mLogger.info(“结账消费者”);
mConsumer.close();
}
}
请给出建议,我如何可以忽略默认证书并强制执行configs for consumer中定义的证书。为什么要在consumer客户端上定义代理间协议或序列化程序?而且您使用的是SSL,那么为什么SASL机制如此简单呢?“默认证书”是什么意思?您是如何创建它们的?我收到了kafka服务器的详细信息,如下所示“kafka连接字符串(kafka安全协议是SASL,SASL机制是普通的)”,默认证书意味着,客户端计算机java信任存储中已经有了证书。@cricket_007说它正在使用来自cacerts的证书,但我想连接到客户信任存储。@user3364699您如何知道它正在查看默认证书?我想你也有同样的问题,想知道你是如何解决的