Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-8669

Add java security providers in Kafka Security config

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.4.0
    • Component/s: None
    • Labels:
      None

      Description

      Currently kafka supports ssl.keymanager.algorithm and ssl.trustmanager.algorithm parameters as part of secure config. These parameters can be configured to load the key manager and trust managers which provide keys and certificates for ssl handshakes with the clients/server. The algorithms configured by parameters need to be registered by Java security provider classes. These provider classes are configured as JVM properties through java.security file. An example file given below

      $ cat /usr/lib/jvm/jdk-8-oracle-x64/jre/lib/security/java.security
      
      ...
      
      security.provider.1=sun.security.provider.Sun
      
      security.provider.2=sun.security.rsa.SunRsaSign
      
      security.provider.3=sun.security.ec.SunEC
      
      …
      

      Custom keymanager and trustmanager algorithms can be used to supply the kafka brokers with keys and certificates, these algorithms can be used to replace the traditional, non-scalable static keystore and truststore jks files.

      To take advantage of these custom algorithms, we want to support java security provider parameter in security config. This param can be used by kafka brokers or kafka clients(when connecting to the kafka brokers). The security providers can also be used for configuring security in SASL based communication too.

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mprsai Sai Sandeep
                Reporter:
                mprsai Sai Sandeep
                Reviewer:
                sriharsha chintalapani
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: