Improve naming of the SSL options

documentation/modules/proc-configuring-http-bridge.adoc

@@ -67,13 +67,13 @@ bridge.id=my-bridge
 http.host=0.0.0.0
 http.port=8443 <5>
 http.ssl.enable=true <6>
-http.ssl.keystore.certificate.location=/etc/ssl/certs/bridge.crt <7>
-http.ssl.keystore.key.location=/etc/ssl/private/bridge.key <8>
+http.ssl.certificate.path=/etc/ssl/certs/bridge.crt <7>
+http.ssl.key.path=/etc/ssl/private/bridge.key <8>
 ----
 <5> Configure HTTP Bridge to listen on port 8443 for TLS encrypted connections.
 <6> Set `true` to enable TLS encryption between HTTP clients and the HTTP Bridge.
-<7> Location of the keystore file in PEM format.
-<8> Location of the private key in PEM format.
+<7> Path to the certificate file in PEM format.
+<8> Path to the private key file in PEM format.
 
 . Save the configuration file.
 
@@ -92,22 +92,22 @@ http.ssl.keystore.key.location=/etc/ssl/private/bridge.key <8>
 
 |http.ssl.enable
 |Enable TLS encryption between HTTP clients and HTTP bridge. It is `false` by default.
-If set to `true`, `http.ssl.keystore.location` and `http.ssl.keystore.key.location` configurations or
- `http.ssl.keystore.certificate.chain` and `http.ssl.keystore.key` configurations are required.
+If set to `true`, `http.ssl.certificate.path` and `http.ssl.key.path` configurations or
+ `http.ssl.certificate` and `http.ssl.key` configurations are required.
 
-|http.ssl.keystore.location
-|The location of the HTTP Bridge server keystore file in PEM format.
-PEM is the only format supported for keystore.
+|http.ssl.certificate.path
+|The path to the HTTP Bridge server certificate file in PEM format.
+PEM is the only format supported for certificate.
 
-|http.ssl.keystore.key.location
-|The location of the HTTP Bridge server private key file in PEM format.
+|http.ssl.key.path
+|The path to the HTTP Bridge server private key file in PEM format.
 PEM is the only format supported for private key.
 
-|http.ssl.keystore.certificate.chain
-|The HTTP Bridge server keystore certificate in PEM format.
-PEM is the only format supported for keystore.
+|http.ssl.certificate
+|The HTTP Bridge server certificate in PEM format.
+PEM is the only format supported for certificate.
 
-|http.ssl.keystore.key
+|http.ssl.key
 |The HTTP Bridge server private key in PEM format.
 PEM is the only format supported for private key.
 

src/main/java/io/strimzi/kafka/bridge/http/HttpBridge.java

@@ -355,17 +355,17 @@ private HttpServerOptions httpServerOptions() {
         if (this.bridgeConfig.getHttpConfig().isSslEnabled()) {
             httpServerOptions.setSsl(true);
 
-            if (bridgeConfig.getHttpConfig().getHttpServerSslKeystoreLocation() != null && this.bridgeConfig.getHttpConfig().getHttpServerSslKeystoreKeyLocation() != null) {
+            if (bridgeConfig.getHttpConfig().getHttpServerSslCertificatePath() != null && this.bridgeConfig.getHttpConfig().getHttpServerSslKeyPath() != null) {
                 httpServerOptions.setKeyCertOptions(new PemKeyCertOptions()
-                        .setKeyPath(this.bridgeConfig.getHttpConfig().getHttpServerSslKeystoreKeyLocation())
-                        .setCertPath(this.bridgeConfig.getHttpConfig().getHttpServerSslKeystoreLocation()));
-            } else if (bridgeConfig.getHttpConfig().getHttpServerSslKeystoreCertificateChain() != null && this.bridgeConfig.getHttpConfig().getHttpServerSslKeystoreKey() != null) {
+                        .setKeyPath(this.bridgeConfig.getHttpConfig().getHttpServerSslKeyPath())
+                        .setCertPath(this.bridgeConfig.getHttpConfig().getHttpServerSslCertificatePath()));
+            } else if (bridgeConfig.getHttpConfig().getHttpServerSslCertificate() != null && this.bridgeConfig.getHttpConfig().getHttpServerSslKey() != null) {
                 httpServerOptions.setKeyCertOptions(new PemKeyCertOptions()
-                        .addKeyValue(Buffer.buffer(this.bridgeConfig.getHttpConfig().getHttpServerSslKeystoreKey()))
-                        .addCertValue(Buffer.buffer(this.bridgeConfig.getHttpConfig().getHttpServerSslKeystoreCertificateChain())));
+                        .addKeyValue(Buffer.buffer(this.bridgeConfig.getHttpConfig().getHttpServerSslKey()))
+                        .addCertValue(Buffer.buffer(this.bridgeConfig.getHttpConfig().getHttpServerSslCertificate())));
             } else {
-                LOGGER.error("Required SSL configurations are missing! Either both of http.ssl.keystore.location and http.ssl.keystore.key.location " +
-                        "or both of http.ssl.keystore.certificate.chain and http.ssl.keystore.key should be configured");
+                LOGGER.error("Required SSL configurations are missing! Either both of http.ssl.certificate.path and http.ssl.key.path " +
+                        "or both of http.ssl.certificate and http.ssl.key should be configured");
             }
 
             Set<String> sslEnabledProtocols = this.bridgeConfig.getHttpConfig().getHttpServerSslEnabledProtocols();

src/main/java/io/strimzi/kafka/bridge/http/HttpConfig.java

@@ -47,15 +47,15 @@ public class HttpConfig extends AbstractConfig {
     /** Comma separated list of cipher suites for HTTP Bridge server  */
     public static final String HTTP_SERVER_SSL_ENABLED_CIPHER_SUITES = HTTP_CONFIG_PREFIX + "ssl.enabled.cipher.suites";
 
-    /** HTTP Server SSL keystore path */
-    public static final String HTTP_SERVER_SSL_KEYSTORE_LOCATION = HTTP_CONFIG_PREFIX + "ssl.keystore.location";
+    /** HTTP Bridge server certificate path */
+    public static final String HTTP_SERVER_SSL_CERTIFICATE_PATH = HTTP_CONFIG_PREFIX + "ssl.certificate.path";
     /** HTTP Bridge server private key path */
-    public static final String HTTP_SERVER_SSL_KEYSTORE_KEY_LOCATION = HTTP_CONFIG_PREFIX + "ssl.keystore.key.location";
+    public static final String HTTP_SERVER_SSL_KEY_PATH = HTTP_CONFIG_PREFIX + "ssl.key.path";
 
-    /** HTTP Bridge server keystore certificate */
-    public static final String HTTP_SERVER_SSL_KEYSTORE_CERTIFICATE_CHAIN = HTTP_CONFIG_PREFIX + "ssl.keystore.certificate.chain";
+    /** HTTP Bridge server certificate */
+    public static final String HTTP_SERVER_SSL_CERTIFICATE = HTTP_CONFIG_PREFIX + "ssl.certificate";
     /** HTTP Bridge server private key */
-    public static final String HTTP_SERVER_SSL_KEYSTORE_KEY = HTTP_CONFIG_PREFIX + "ssl.keystore.key";
+    public static final String HTTP_SERVER_SSL_KEY = HTTP_CONFIG_PREFIX + "ssl.key";
 
     /** HTTP consumer timeouts */
     public static final String HTTP_CONSUMER_TIMEOUT = HTTP_CONFIG_PREFIX + "timeoutSeconds";
@@ -212,39 +212,39 @@ public Set<String> getHttpServerSslCipherSuites() {
     }
 
     /**
-     * Get the path to the SSL keystore.
+     * Get the path to the SSL certificate.
      *
-     * @return path to the SSL keystore
+     * @return path to the SSL certificate
      */
-    public String getHttpServerSslKeystoreLocation() {
-        return (String) this.config.getOrDefault(HTTP_SERVER_SSL_KEYSTORE_LOCATION, null);
+    public String getHttpServerSslCertificatePath() {
+        return (String) this.config.getOrDefault(HTTP_SERVER_SSL_CERTIFICATE_PATH, null);
     }
 
     /**
-     * Get the path to the SSL keystore key.
+     * Get the path to the SSL private key.
      *
-     * @return path to the SSL keystore key
+     * @return path to the SSL private key
      */
-    public String getHttpServerSslKeystoreKeyLocation() {
-        return (String) this.config.getOrDefault(HTTP_SERVER_SSL_KEYSTORE_KEY_LOCATION, null);
+    public String getHttpServerSslKeyPath() {
+        return (String) this.config.getOrDefault(HTTP_SERVER_SSL_KEY_PATH, null);
     }
 
     /**
-     * Get the path to the SSL keystore certificate chain.
+     * Get the SSL certificate.
      *
-     * @return path to the SSL keystore
+     * @return SSL certificate
      */
-    public String getHttpServerSslKeystoreCertificateChain() {
-        return (String) this.config.getOrDefault(HTTP_SERVER_SSL_KEYSTORE_CERTIFICATE_CHAIN, null);
+    public String getHttpServerSslCertificate() {
+        return (String) this.config.getOrDefault(HTTP_SERVER_SSL_CERTIFICATE, null);
     }
 
     /**
-     * Get the path to the SSL keystore key.
+     * Get the SSL private key.
      *
-     * @return path to the SSL keystore key
+     * @return SSL private key
      */
-    public String getHttpServerSslKeystoreKey() {
-        return (String) this.config.getOrDefault(HTTP_SERVER_SSL_KEYSTORE_KEY, null);
+    public String getHttpServerSslKey() {
+        return (String) this.config.getOrDefault(HTTP_SERVER_SSL_KEY, null);
     }
 
 

src/test/java/io/strimzi/kafka/bridge/config/ConfigTest.java

@@ -93,15 +93,15 @@ public void testHttpDefaults() {
     public void testHttpSslConfig() {
         Map<String, Object> map = new HashMap<>(Map.of(
                 "http.ssl.enable", "true",
-                "http.ssl.keystore.key.location", "key.key",
-                "http.ssl.keystore.location", "cert.crt",
+                "http.ssl.key.path", "key.key",
+                "http.ssl.certificate.path", "cert.crt",
                 "http.ssl.enabled.protocols", "TLSv1.3",
                 "http.ssl.enabled.cipher.suites", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
         ));
 
         BridgeConfig bridgeConfig = BridgeConfig.fromMap(map);
-        assertThat(bridgeConfig.getHttpConfig().getHttpServerSslKeystoreKeyLocation(), is("key.key"));
-        assertThat(bridgeConfig.getHttpConfig().getHttpServerSslKeystoreLocation(), is("cert.crt"));
+        assertThat(bridgeConfig.getHttpConfig().getHttpServerSslKeyPath(), is("key.key"));
+        assertThat(bridgeConfig.getHttpConfig().getHttpServerSslCertificatePath(), is("cert.crt"));
         assertThat(bridgeConfig.getHttpConfig().getHttpServerSslEnabledProtocols(), is(Set.of("TLSv1.3")));
         assertThat(bridgeConfig.getHttpConfig().getHttpServerSslCipherSuites(), is(Set.of("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")));
 
@@ -111,14 +111,14 @@ public void testHttpSslConfig() {
     public void testHttpSslDefaults() {
         Map<String, Object> map = new HashMap<>(Map.of(
                 "http.ssl.enable", "true",
-                "http.ssl.keystore.key", "key.key",
-                "http.ssl.keystore.certificate.chain", "cert.crt"
+                "http.ssl.key", "key.key",
+                "http.ssl.certificate", "cert.crt"
         ));
 
         BridgeConfig bridgeConfig = BridgeConfig.fromMap(map);
         assertThat(bridgeConfig.getHttpConfig().getPort(), is(8443));
-        assertThat(bridgeConfig.getHttpConfig().getHttpServerSslKeystoreKey(), is("key.key"));
-        assertThat(bridgeConfig.getHttpConfig().getHttpServerSslKeystoreCertificateChain(), is("cert.crt"));
+        assertThat(bridgeConfig.getHttpConfig().getHttpServerSslKey(), is("key.key"));
+        assertThat(bridgeConfig.getHttpConfig().getHttpServerSslCertificate(), is("cert.crt"));
         assertThat(bridgeConfig.getHttpConfig().getHttpServerSslEnabledProtocols(), is(Set.of("TLSv1.2", "TLSv1.3")));
         assertNull(bridgeConfig.getHttpConfig().getHttpServerSslCipherSuites());
 

src/test/java/io/strimzi/kafka/bridge/http/TlsIT.java

@@ -126,8 +126,8 @@ public void testManagementEndpointWhenSslEnabled(VertxTestContext context) {
     protected Map<String, Object> overrideConfig() {
         Map<String, Object> configs = new HashMap<>();
         configs.put(HttpConfig.HTTP_SERVER_SSL_ENABLE, true);
-        configs.put(HttpConfig.HTTP_SERVER_SSL_KEYSTORE_CERTIFICATE_CHAIN, sslCert);
-        configs.put(HttpConfig.HTTP_SERVER_SSL_KEYSTORE_KEY, sslKey);
+        configs.put(HttpConfig.HTTP_SERVER_SSL_CERTIFICATE, sslCert);
+        configs.put(HttpConfig.HTTP_SERVER_SSL_KEY, sslKey);
         return configs;
     }
 }