scholzj
commented
3 years ago @mstruk Sorry, I reworked this a bit and added also an option to pass the certificate data directly in the options. Can you please have another look?
Closed scholzj closed 3 years ago
scholzj
commented
3 years ago @mstruk Sorry, I reworked this a bit and added also an option to pass the certificate data directly in the options. Can you please have another look?
scholzj
commented
3 years ago @mstruk The comments should be fixed now.
Right now, the client requires that the truststore for the HTTPS communication between the OAuth client (both in broker and in Kafka client) and the OAuth server is passed as JKS or PKCS12 formats. But in many cases, you have the certificate only in the PEM format. So you need to convert it first for example using Java keytool or OpenSSL.
This PR adds support to using PEM files directly, without any need for some pre-processing. That should make it much easier to use in environments such as Kubernetes where no special startup scripts should be needed anymore. It follows the way Apache Kafka supports them - they can be passed both as path / location or directly in one of the configuration options without using any files.
The Hydra tests which already use TLS have now additional tests to test this feature as well. (Some additional changes tot he tests were needed to ensure the isolation between the different tests)