diff --git a/documentation/modules/proc-configuring-http-bridge.adoc b/documentation/modules/proc-configuring-http-bridge.adoc index ce1fc2842..4156cda5a 100644 --- a/documentation/modules/proc-configuring-http-bridge.adoc +++ b/documentation/modules/proc-configuring-http-bridge.adoc @@ -67,13 +67,13 @@ bridge.id=my-bridge http.host=0.0.0.0 http.port=8443 <5> http.ssl.enable=true <6> -http.ssl.keystore.certificate.location=/etc/ssl/certs/bridge.crt <7> -http.ssl.keystore.key.location=/etc/ssl/private/bridge.key <8> +http.ssl.certificate.path=/etc/ssl/certs/bridge.crt <7> +http.ssl.key.path=/etc/ssl/private/bridge.key <8> ---- <5> Configure HTTP Bridge to listen on port 8443 for TLS encrypted connections. <6> Set `true` to enable TLS encryption between HTTP clients and the HTTP Bridge. -<7> Location of the keystore file in PEM format. -<8> Location of the private key in PEM format. +<7> Path to the certificate file in PEM format. +<8> Path to the private key file in PEM format. . Save the configuration file. @@ -92,22 +92,22 @@ http.ssl.keystore.key.location=/etc/ssl/private/bridge.key <8> |http.ssl.enable |Enable TLS encryption between HTTP clients and HTTP bridge. It is `false` by default. -If set to `true`, `http.ssl.keystore.location` and `http.ssl.keystore.key.location` configurations or - `http.ssl.keystore.certificate.chain` and `http.ssl.keystore.key` configurations are required. +If set to `true`, `http.ssl.certificate.path` and `http.ssl.key.path` configurations or + `http.ssl.certificate` and `http.ssl.key` configurations are required. -|http.ssl.keystore.location -|The location of the HTTP Bridge server keystore file in PEM format. -PEM is the only format supported for keystore. +|http.ssl.certificate.path +|The path to the HTTP Bridge server certificate file in PEM format. +PEM is the only format supported for certificate. -|http.ssl.keystore.key.location -|The location of the HTTP Bridge server private key file in PEM format. +|http.ssl.key.path +|The path to the HTTP Bridge server private key file in PEM format. PEM is the only format supported for private key. -|http.ssl.keystore.certificate.chain -|The HTTP Bridge server keystore certificate in PEM format. -PEM is the only format supported for keystore. +|http.ssl.certificate +|The HTTP Bridge server certificate in PEM format. +PEM is the only format supported for certificate. -|http.ssl.keystore.key +|http.ssl.key |The HTTP Bridge server private key in PEM format. PEM is the only format supported for private key. diff --git a/src/main/java/io/strimzi/kafka/bridge/http/HttpBridge.java b/src/main/java/io/strimzi/kafka/bridge/http/HttpBridge.java index cb247043f..e406689b9 100644 --- a/src/main/java/io/strimzi/kafka/bridge/http/HttpBridge.java +++ b/src/main/java/io/strimzi/kafka/bridge/http/HttpBridge.java @@ -355,17 +355,17 @@ private HttpServerOptions httpServerOptions() { if (this.bridgeConfig.getHttpConfig().isSslEnabled()) { httpServerOptions.setSsl(true); - if (bridgeConfig.getHttpConfig().getHttpServerSslKeystoreLocation() != null && this.bridgeConfig.getHttpConfig().getHttpServerSslKeystoreKeyLocation() != null) { + if (bridgeConfig.getHttpConfig().getHttpServerSslCertificatePath() != null && this.bridgeConfig.getHttpConfig().getHttpServerSslKeyPath() != null) { httpServerOptions.setKeyCertOptions(new PemKeyCertOptions() - .setKeyPath(this.bridgeConfig.getHttpConfig().getHttpServerSslKeystoreKeyLocation()) - .setCertPath(this.bridgeConfig.getHttpConfig().getHttpServerSslKeystoreLocation())); - } else if (bridgeConfig.getHttpConfig().getHttpServerSslKeystoreCertificateChain() != null && this.bridgeConfig.getHttpConfig().getHttpServerSslKeystoreKey() != null) { + .setKeyPath(this.bridgeConfig.getHttpConfig().getHttpServerSslKeyPath()) + .setCertPath(this.bridgeConfig.getHttpConfig().getHttpServerSslCertificatePath())); + } else if (bridgeConfig.getHttpConfig().getHttpServerSslCertificate() != null && this.bridgeConfig.getHttpConfig().getHttpServerSslKey() != null) { httpServerOptions.setKeyCertOptions(new PemKeyCertOptions() - .addKeyValue(Buffer.buffer(this.bridgeConfig.getHttpConfig().getHttpServerSslKeystoreKey())) - .addCertValue(Buffer.buffer(this.bridgeConfig.getHttpConfig().getHttpServerSslKeystoreCertificateChain()))); + .addKeyValue(Buffer.buffer(this.bridgeConfig.getHttpConfig().getHttpServerSslKey())) + .addCertValue(Buffer.buffer(this.bridgeConfig.getHttpConfig().getHttpServerSslCertificate()))); } else { - LOGGER.error("Required SSL configurations are missing! Either both of http.ssl.keystore.location and http.ssl.keystore.key.location " + - "or both of http.ssl.keystore.certificate.chain and http.ssl.keystore.key should be configured"); + LOGGER.error("Required SSL configurations are missing! Either both of http.ssl.certificate.path and http.ssl.key.path " + + "or both of http.ssl.certificate and http.ssl.key should be configured"); } Set sslEnabledProtocols = this.bridgeConfig.getHttpConfig().getHttpServerSslEnabledProtocols(); diff --git a/src/main/java/io/strimzi/kafka/bridge/http/HttpConfig.java b/src/main/java/io/strimzi/kafka/bridge/http/HttpConfig.java index 88a4d6835..7afa7bc7e 100644 --- a/src/main/java/io/strimzi/kafka/bridge/http/HttpConfig.java +++ b/src/main/java/io/strimzi/kafka/bridge/http/HttpConfig.java @@ -47,15 +47,15 @@ public class HttpConfig extends AbstractConfig { /** Comma separated list of cipher suites for HTTP Bridge server */ public static final String HTTP_SERVER_SSL_ENABLED_CIPHER_SUITES = HTTP_CONFIG_PREFIX + "ssl.enabled.cipher.suites"; - /** HTTP Server SSL keystore path */ - public static final String HTTP_SERVER_SSL_KEYSTORE_LOCATION = HTTP_CONFIG_PREFIX + "ssl.keystore.location"; + /** HTTP Bridge server certificate path */ + public static final String HTTP_SERVER_SSL_CERTIFICATE_PATH = HTTP_CONFIG_PREFIX + "ssl.certificate.path"; /** HTTP Bridge server private key path */ - public static final String HTTP_SERVER_SSL_KEYSTORE_KEY_LOCATION = HTTP_CONFIG_PREFIX + "ssl.keystore.key.location"; + public static final String HTTP_SERVER_SSL_KEY_PATH = HTTP_CONFIG_PREFIX + "ssl.key.path"; - /** HTTP Bridge server keystore certificate */ - public static final String HTTP_SERVER_SSL_KEYSTORE_CERTIFICATE_CHAIN = HTTP_CONFIG_PREFIX + "ssl.keystore.certificate.chain"; + /** HTTP Bridge server certificate */ + public static final String HTTP_SERVER_SSL_CERTIFICATE = HTTP_CONFIG_PREFIX + "ssl.certificate"; /** HTTP Bridge server private key */ - public static final String HTTP_SERVER_SSL_KEYSTORE_KEY = HTTP_CONFIG_PREFIX + "ssl.keystore.key"; + public static final String HTTP_SERVER_SSL_KEY = HTTP_CONFIG_PREFIX + "ssl.key"; /** HTTP consumer timeouts */ public static final String HTTP_CONSUMER_TIMEOUT = HTTP_CONFIG_PREFIX + "timeoutSeconds"; @@ -212,39 +212,39 @@ public Set getHttpServerSslCipherSuites() { } /** - * Get the path to the SSL keystore. + * Get the path to the SSL certificate. * - * @return path to the SSL keystore + * @return path to the SSL certificate */ - public String getHttpServerSslKeystoreLocation() { - return (String) this.config.getOrDefault(HTTP_SERVER_SSL_KEYSTORE_LOCATION, null); + public String getHttpServerSslCertificatePath() { + return (String) this.config.getOrDefault(HTTP_SERVER_SSL_CERTIFICATE_PATH, null); } /** - * Get the path to the SSL keystore key. + * Get the path to the SSL private key. * - * @return path to the SSL keystore key + * @return path to the SSL private key */ - public String getHttpServerSslKeystoreKeyLocation() { - return (String) this.config.getOrDefault(HTTP_SERVER_SSL_KEYSTORE_KEY_LOCATION, null); + public String getHttpServerSslKeyPath() { + return (String) this.config.getOrDefault(HTTP_SERVER_SSL_KEY_PATH, null); } /** - * Get the path to the SSL keystore certificate chain. + * Get the SSL certificate. * - * @return path to the SSL keystore + * @return SSL certificate */ - public String getHttpServerSslKeystoreCertificateChain() { - return (String) this.config.getOrDefault(HTTP_SERVER_SSL_KEYSTORE_CERTIFICATE_CHAIN, null); + public String getHttpServerSslCertificate() { + return (String) this.config.getOrDefault(HTTP_SERVER_SSL_CERTIFICATE, null); } /** - * Get the path to the SSL keystore key. + * Get the SSL private key. * - * @return path to the SSL keystore key + * @return SSL private key */ - public String getHttpServerSslKeystoreKey() { - return (String) this.config.getOrDefault(HTTP_SERVER_SSL_KEYSTORE_KEY, null); + public String getHttpServerSslKey() { + return (String) this.config.getOrDefault(HTTP_SERVER_SSL_KEY, null); } diff --git a/src/test/java/io/strimzi/kafka/bridge/config/ConfigTest.java b/src/test/java/io/strimzi/kafka/bridge/config/ConfigTest.java index 780614a01..f9b66f9aa 100644 --- a/src/test/java/io/strimzi/kafka/bridge/config/ConfigTest.java +++ b/src/test/java/io/strimzi/kafka/bridge/config/ConfigTest.java @@ -93,15 +93,15 @@ public void testHttpDefaults() { public void testHttpSslConfig() { Map map = new HashMap<>(Map.of( "http.ssl.enable", "true", - "http.ssl.keystore.key.location", "key.key", - "http.ssl.keystore.location", "cert.crt", + "http.ssl.key.path", "key.key", + "http.ssl.certificate.path", "cert.crt", "http.ssl.enabled.protocols", "TLSv1.3", "http.ssl.enabled.cipher.suites", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" )); BridgeConfig bridgeConfig = BridgeConfig.fromMap(map); - assertThat(bridgeConfig.getHttpConfig().getHttpServerSslKeystoreKeyLocation(), is("key.key")); - assertThat(bridgeConfig.getHttpConfig().getHttpServerSslKeystoreLocation(), is("cert.crt")); + assertThat(bridgeConfig.getHttpConfig().getHttpServerSslKeyPath(), is("key.key")); + assertThat(bridgeConfig.getHttpConfig().getHttpServerSslCertificatePath(), is("cert.crt")); assertThat(bridgeConfig.getHttpConfig().getHttpServerSslEnabledProtocols(), is(Set.of("TLSv1.3"))); assertThat(bridgeConfig.getHttpConfig().getHttpServerSslCipherSuites(), is(Set.of("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"))); @@ -111,14 +111,14 @@ public void testHttpSslConfig() { public void testHttpSslDefaults() { Map map = new HashMap<>(Map.of( "http.ssl.enable", "true", - "http.ssl.keystore.key", "key.key", - "http.ssl.keystore.certificate.chain", "cert.crt" + "http.ssl.key", "key.key", + "http.ssl.certificate", "cert.crt" )); BridgeConfig bridgeConfig = BridgeConfig.fromMap(map); assertThat(bridgeConfig.getHttpConfig().getPort(), is(8443)); - assertThat(bridgeConfig.getHttpConfig().getHttpServerSslKeystoreKey(), is("key.key")); - assertThat(bridgeConfig.getHttpConfig().getHttpServerSslKeystoreCertificateChain(), is("cert.crt")); + assertThat(bridgeConfig.getHttpConfig().getHttpServerSslKey(), is("key.key")); + assertThat(bridgeConfig.getHttpConfig().getHttpServerSslCertificate(), is("cert.crt")); assertThat(bridgeConfig.getHttpConfig().getHttpServerSslEnabledProtocols(), is(Set.of("TLSv1.2", "TLSv1.3"))); assertNull(bridgeConfig.getHttpConfig().getHttpServerSslCipherSuites()); diff --git a/src/test/java/io/strimzi/kafka/bridge/http/TlsIT.java b/src/test/java/io/strimzi/kafka/bridge/http/TlsIT.java index c03e0ce4b..5ea8f53a0 100644 --- a/src/test/java/io/strimzi/kafka/bridge/http/TlsIT.java +++ b/src/test/java/io/strimzi/kafka/bridge/http/TlsIT.java @@ -126,8 +126,8 @@ public void testManagementEndpointWhenSslEnabled(VertxTestContext context) { protected Map overrideConfig() { Map configs = new HashMap<>(); configs.put(HttpConfig.HTTP_SERVER_SSL_ENABLE, true); - configs.put(HttpConfig.HTTP_SERVER_SSL_KEYSTORE_CERTIFICATE_CHAIN, sslCert); - configs.put(HttpConfig.HTTP_SERVER_SSL_KEYSTORE_KEY, sslKey); + configs.put(HttpConfig.HTTP_SERVER_SSL_CERTIFICATE, sslCert); + configs.put(HttpConfig.HTTP_SERVER_SSL_KEY, sslKey); return configs; } }