thebestornothing / whispeer-kafka-oauth Goto Github PK
View Code? Open in Web Editor NEWThis project forked from strimzi/strimzi-kafka-oauth
OAuth2 support for Apache Kafka® to work with many OAuth2 authorization servers
License: Apache License 2.0
whispeer-kafka-oauth's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
whispeer-kafka-oauth's Issues
Curve not supported: secp256k1
com.nimbusds.jose.JOSEException: Curve not supported: secp256k1 (1.3.132.0.10)
at com.nimbusds.jose.jwk.gen.ECKeyGenerator.generate(ECKeyGenerator.java:87)
at io.strimzi.kafka.oauth.common.WEB3.(WEB3.java:56)
at io.strimzi.kafka.oauth.common.WEB3.publicWEB3(WEB3.java:120)
at io.strimzi.examples.consumer.Bob.main(Bob.java:99)
Caused by: java.security.InvalidAlgorithmParameterException: Curve not supported: secp256k1 (1.3.132.0.10)
at jdk.crypto.ec/sun.security.ec.ECKeyPairGenerator.ensureCurveIsSupported(ECKeyPairGenerator.java:136)
at jdk.crypto.ec/sun.security.ec.ECKeyPairGenerator.initialize(ECKeyPairGenerator.java:114)
at java.base/java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:698)
at java.base/java.security.KeyPairGenerator.initialize(KeyPairGenerator.java:436)
at com.nimbusds.jose.jwk.gen.ECKeyGenerator.generate(ECKeyGenerator.java:85)
... 3 more
There is one issue occur when bob running.
Failed to construct kafka consumer when running bob
Exception in thread "main" org.apache.kafka.common.KafkaException: Failed to construct kafka consumer
at org.apache.kafka.clients.consumer.KafkaConsumer.(KafkaConsumer.java:830)
at org.apache.kafka.clients.consumer.KafkaConsumer.(KafkaConsumer.java:666)
at org.apache.kafka.clients.consumer.KafkaConsumer.(KafkaConsumer.java:647)
at org.apache.kafka.clients.consumer.KafkaConsumer.(KafkaConsumer.java:627)
at io.strimzi.examples.consumer.Bob.main(Bob.java:123)
Caused by: org.apache.kafka.common.KafkaException: org.apache.kafka.common.KafkaException: Failed to load SSL keystore /tmp/ssl/client.keystore.jks of type JKS
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:184)
at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:192)
at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:81)
at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:105)
at org.apache.kafka.clients.consumer.KafkaConsumer.(KafkaConsumer.java:738)
... 4 more
Caused by: org.apache.kafka.common.KafkaException: Failed to load SSL keystore /tmp/ssl/client.keystore.jks of type JKS
at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$FileBasedStore.load(DefaultSslEngineFactory.java:375)
at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$FileBasedStore.(DefaultSslEngineFactory.java:347)
at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory.createKeystore(DefaultSslEngineFactory.java:297)
at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory.configure(DefaultSslEngineFactory.java:161)
at org.apache.kafka.common.security.ssl.SslFactory.instantiateSslEngineFactory(SslFactory.java:140)
at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:97)
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:180)
... 8 more
Caused by: java.io.IOException: keystore password was incorrect
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2159)
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:242)
at java.base/java.security.KeyStore.load(KeyStore.java:1473)
at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$FileBasedStore.load(DefaultSslEngineFactory.java:372)
... 14 more
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
... 18 more
Android app as a client for kafka
java.lang.NoClassDefFoundError: Failed resolution of: Ljava/lang/management/ManagementFactory;
at org.apache.kafka.common.utils.AppInfoParser.unregisterAppInfo(AppInfoParser.java:73)
at org.apache.kafka.clients.producer.KafkaProducer.close(KafkaProducer.java:1342)
at org.apache.kafka.clients.producer.KafkaProducer.(KafkaProducer.java:466)
at org.apache.kafka.clients.producer.KafkaProducer.(KafkaProducer.java:291)
at org.apache.kafka.clients.producer.KafkaProducer.(KafkaProducer.java:318)
at org.apache.kafka.clients.producer.KafkaProducer.(KafkaProducer.java:303)
at com.example.marsphotos.network.ProducerExample.produce(ProducerExample.java:33)
org.bouncycastle.tls.TlsFatalAlertReceived: handshake_failure
Sep 05, 2023 12:21:03 PM org.bouncycastle.jsse.provider.ProvTlsClient notifyAlertReceived
INFO: [client strimzi#44 @2181a2c6] received fatal(2) handshake_failure(40) alert
Sep 05, 2023 12:21:03 PM org.bouncycastle.jsse.provider.ProvTlsClient notifyConnectionClosed
INFO: [client strimzi#44 @2181a2c6] disconnected from eth-goerli.g.alchemy.com:443
Sep 05, 2023 12:21:03 PM org.bouncycastle.jsse.provider.ProvTlsClient notifyHandshakeBeginning
INFO: [client strimzi#45 @4df04033] opening connection to eth-goerli.g.alchemy.com:443
Sep 05, 2023 12:21:03 PM org.bouncycastle.jsse.provider.ProvTlsClient notifyAlertReceived
INFO: [client strimzi#45 @4df04033] received fatal(2) handshake_failure(40) alert
Sep 05, 2023 12:21:03 PM org.bouncycastle.jsse.provider.ProvTlsClient notifyConnectionClosed
INFO: [client strimzi#45 @4df04033] disconnected from eth-goerli.g.alchemy.com:443
org.bouncycastle.tls.TlsFatalAlertReceived: handshake_failure(40)
at org.bouncycastle.tls.TlsProtocol.handleAlertMessage(TlsProtocol.java:245)
at org.bouncycastle.tls.TlsProtocol.processAlertQueue(TlsProtocol.java:740)
at org.bouncycastle.tls.TlsProtocol.processRecord(TlsProtocol.java:563)
at org.bouncycastle.tls.RecordStream.readRecord(RecordStream.java:247)
at org.bouncycastle.tls.TlsProtocol.safeReadRecord(TlsProtocol.java:879)
at org.bouncycastle.tls.TlsProtocol.blockForHandshake(TlsProtocol.java:427)
at org.bouncycastle.tls.TlsClientProtocol.connect(TlsClientProtocol.java:88)
at org.bouncycastle.jsse.provider.ProvSSLSocketWrap.startHandshake(ProvSSLSocketWrap.java:608)
at org.bouncycastle.jsse.provider.ProvSSLSocketWrap.startHandshake(ProvSSLSocketWrap.java:584)
at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:379)
at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
at org.web3j.protocol.http.HttpService.performIO(HttpService.java:159)
at org.web3j.protocol.Service.send(Service.java:48)
at org.web3j.protocol.core.Request.send(Request.java:87)
at io.strimzi.kafka.oauth.validator.AccessValidator.ethValidate(AccessValidator.java:109)
at io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler.handleCallback (JaasServerOauthValidatorCallbackHandler.java:343)
at io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler.delegatedHandle (JaasServerOauthValidatorCallbackHandler.java:322)
at io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler.handle(JaasServerOauthValidatorCallbackHandler.java:301)
at org.apache.kafka.common.security.oauthbearer.internals.OAuthBearerSaslServer.process(OAuthBearerSaslServer.java:156)
at org.apache.kafka.common.security.oauthbearer.internals.OAuthBearerSaslServer.evaluateResponse (OAuthBearerSaslServer.java:101)
at org.apache.kafka.common.security.authenticator.SaslServerAuthenticator.handleSaslToken(SaslServerAuthenticator.java:459)
at org.apache.kafka.common.security.authenticator.SaslServerAuthenticator.authenticate(SaslServerAuthenticator.java:288)
at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:181)
at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543)
at org.apache.kafka.common.network.Selector.poll(Selector.java:481)
at kafka.network.Processor.poll(SocketServer.scala:1056)
at kafka.network.Processor.run(SocketServer.scala:960)
at java.base/java.lang.Thread.run(Thread.java:833)
Suppressed: org.bouncycastle.tls.TlsFatalAlertReceived: handshake_failure(40)
... 43 more
How to set Bouncycastle as the security provider for Kafka broker?
To set security.providers do not work well for kafka broker and bouncycastle(BC) does not take effection. So we should make the bouncycastle(BC) with highest priority in the JVM.
security.providers=org.bouncycastle.jce.provider.BouncyCastleProvider,org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
1. To find the java.security file with the command
cd /usr/lib/jvm/
find . -name java.security
vim ./java-17-openjdk-amd64/conf/security/java.security
2. Edit the java.security File. Here is the default configuration in Java 17
security.provider.1=SUN
security.provider.2=SunRsaSign
security.provider.3=SunEC
security.provider.4=SunJSSE
security.provider.5=SunJCE
security.provider.6=SunJGSS
security.provider.7=SunSASL
security.provider.8=XMLDSig
security.provider.9=SunPCSC
security.provider.10=JdkLDAP
security.provider.11=JdkSASL
security.provider.12=SunPKCS11
3. Add Bouncy Castle Provider: to make the bouncycastle(BC) with highest priority in the JVM
security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
security.provider.3=SUN
security.provider.4=SunRsaSign
security.provider.5=SunEC
security.provider.6=SunJSSE
security.provider.7=SunJCE
security.provider.8=SunJGSS
security.provider.9=SunSASL
security.provider.10=XMLDSig
security.provider.11=SunPCSC
security.provider.12=JdkLDAP
security.provider.13=JdkSASL
security.provider.14=SunPKCS11
4. At last, to reboot the system to make bouncycastle(BC) with highest priority take effection.
5. Restart Kafka Broker
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.