Java:1.8 Kafka runs in AWS as managed service MSK. cluster is enabled with client auth required. Kafka client setup via Spring boot as consumer/producer. Few ref links related: https://kafka.apache.org/documentation/#adminclientconfigs Keys were generated by aws certificate manager.
My client configs:
ssl.keystore.type:PEM
ssl.keystore.certificate.chain:"BEGIN CERTIFICATE....\r\n...END CERTIFICATE"
ssl.keystore.key:"BEING ENCRYPTED PRIVATE KEY...\r\n...END ENCRYPTED PRIVATE KEY"
ssl.key.password: "pass"
Issue: Apache Kafka Java/Springboot Client with PEM certs fails to load private key. It works with JKS created out of these PEM files via
ssl.keystore.location=path, ssl.truststore.location=path,
ssl.keystore.type=JKS, ssl.truststore.type=JKS, ssl.keystore.password,ssl.truststore.password.
Trying to make it connect with PEM cert chain/key/keypass but my code fails to read private key. In need of this change so that PEM can be safely provided as env vars via valut/credhub etc.
Any insights would be really helpful. any inputs needed let me know. thanks a lot!
Log snippet:
2021-11-01T12:03:27.529-04:00 [APP/PROC/WEB/0] [OUT] Caused by: org.apache.kafka.common.errors.InvalidConfigurationException: Invalid PEM keystore configs
2021-11-01T12:03:27.529-04:00 [APP/PROC/WEB/0] [OUT] Caused by: java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)
2021-11-01T12:03:27.529-04:00 [APP/PROC/WEB/0] [OUT] at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:285)
2021-11-01T12:03:27.529-04:00 [APP/PROC/WEB/0] [OUT] at sun.security.util.DerInputStream.getOID(DerInputStream.java:320)
2021-11-01T12:03:27.529-04:00 [APP/PROC/WEB/0] [OUT] at com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267)
2021-11-01T12:03:27.529-04:00 [APP/PROC/WEB/0] [OUT] at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)
2021-11-01T12:03:27.529-04:00 [APP/PROC/WEB/0] [OUT] at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:137)
2021-11-01T12:03:27.529-04:00 [APP/PROC/WEB/0] [OUT] at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:119)
2021-11-01T12:03:27.529-04:00 [APP/PROC/WEB/0] [OUT] at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:393)
2021-11-01T12:03:27.529-04:00 [APP/PROC/WEB/0] [OUT] at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95)
2021-11-01T12:03:27.529-04:00 [APP/PROC/WEB/0] [OUT] at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$PemStore.privateKey(DefaultSslEngineFactory.java:512)
2021-11-01T12:03:27.529-04:00 [APP/PROC/WEB/0] [OUT] at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$PemStore.createKeyStoreFromPem(DefaultSslEngineFactory.java:462)
2021-11-01T12:03:27.529-04:00 [APP/PROC/WEB/0] [OUT] at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$PemStore.<init>(DefaultSslEngineFactory.java:435)
2021-11-01T12:03:27.529-04:00 [APP/PROC/WEB/0] [OUT] at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory.createKeystore(DefaultSslEngineFactory.java:284)
2021-11-01T12:03:27.529-04:00 [APP/PROC/WEB/0] [OUT] at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory.configure(DefaultSslEngineFactory.java:161)
2021-11-01T12:03:27.529-04:00 [APP/PROC/WEB/0] [OUT] at org.apache.kafka.common.security.ssl.SslFactory.instantiateSslEngineFactory(SslFactory.java:136)
2021-11-01T12:03:27.529-04:00 [APP/PROC/WEB/0] [OUT] at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:93)
