Sai Sandeep created KAFKA-8669:
----------------------------------
Summary: Add java security providers in Kafka Security config
Key: KAFKA-8669
URL: https://issues.apache.org/jira/browse/KAFKA-8669
Project: Kafka
Issue Type: Improvement
Reporter: Sai Sandeep
Currently kafka supports ssl.keymanager.algorithm and
ssl.trustmanager.algorithm parameters as part of secure config. These
parameters can be configured to load the key manager and trust managers which
provide keys and certificates for ssl handshakes with the clients/server. The
algorithms configured by parameters need to be registered by Java security
provider classes. These provider classes are configured as JVM properties
through java.security file. An example file given below
```
$ cat /usr/lib/jvm/jdk-8-oracle-x64/jre/lib/security/java.security
...
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=sun.security.ec.SunEC
…
```
Custom keymanager and trustmanager algorithms can be used to supply the kafka
brokers with keys and certificates, these algorithms can be used to replace the
traditional, non-scalable static keystore and truststore jks files.
To take advantage of these custom algorithms, we want to support java security
provider parameter in security config. This param can be used by kafka brokers
or kafka clients(when connecting to the kafka brokers). The security providers
can also be used for configuring security in SASL based communication too.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
