Hello team,

Just wanted to reach out with a small issue observed using SslBundle (in favor of the "old" way)

BEFORE:

Before (the very cool by he way) SslBundle, I would use this with my Kafka configuration:

        final Map<String, Object> properties = new HashMap<>();
        properties.put("security.protocol", "SSL");
        properties.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, "/path/to/keystore.p12");
        properties.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, "abc");
        properties.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, "/path/to/truststore.p12");
        properties.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, "xyz");

And I would see a "correct" kafka output:

sasl.oauthbearer.sub.claim.name = sub
    sasl.oauthbearer.token.endpoint.url = null
    security.protocol = SSL
    security.providers = null
    send.buffer.bytes = 131072
    session.timeout.ms = 45000
    socket.connection.setup.timeout.max.ms = 30000
    socket.connection.setup.timeout.ms = 10000
    ssl.cipher.suites = null
    ssl.enabled.protocols = [TLSv1.2, TLSv1.3]
    ssl.endpoint.identification.algorithm = https
    ssl.engine.factory.class = null
    ssl.key.password = null
    ssl.keymanager.algorithm = SunX509
    ssl.keystore.certificate.chain = null
    ssl.keystore.key = null
    ssl.keystore.location = /path/to/keystore.p12
    ssl.keystore.password = [hidden]
    ssl.keystore.type = JKS
    ssl.protocol = TLSv1.3
    ssl.provider = null
    ssl.secure.random.implementation = null
    ssl.trustmanager.algorithm = PKIX
    ssl.truststore.certificates = null
    ssl.truststore.location = /path/to/truststore.p12
    ssl.truststore.password = [hidden]
    ssl.truststore.type = JKS
    value.deserializer = class org.apache.kafka.common.serialization.StringDeserializer

Note we can clearly see:

    ssl.engine.factory.class = null
ssl.keystore.location = /path/to/keystore.p12
    ssl.keystore.password = [hidden]
    ssl.truststore.location = /path/to/truststore.p12
    ssl.truststore.password = [hidden]

AFTER

Now using the SslBundle:

        final Map<String, Object> properties = new HashMap<>();
        properties.put("security.protocol", "SSL");
        properties.put(SslConfigs.SSL_ENGINE_FACTORY_CLASS_CONFIG, SslBundleSslEngineFactory.class.getName());
        properties.put(SslBundle.class.getName(), sslBundles.getBundle("mycoolclient"));

I omit the application properties configuration for the keystore ans trustore, because it is just the same.

However, the result is:

sasl.oauthbearer.sub.claim.name = sub
    sasl.oauthbearer.token.endpoint.url = null
    security.protocol = SSL
    security.providers = null
    send.buffer.bytes = 131072
    session.timeout.ms = 45000
    socket.connection.setup.timeout.max.ms = 30000
    socket.connection.setup.timeout.ms = 10000
    ssl.cipher.suites = null
    ssl.enabled.protocols = [TLSv1.2, TLSv1.3]
    ssl.endpoint.identification.algorithm = https
    ssl.engine.factory.class = class org.springframework.boot.autoconfigure.kafka.SslBundleSslEngineFactory
    ssl.key.password = null
    ssl.keymanager.algorithm = SunX509
    ssl.keystore.certificate.chain = null
    ssl.keystore.key = null
    ssl.keystore.location = null
    ssl.keystore.password = null
    ssl.keystore.type = JKS
    ssl.protocol = TLSv1.3
    ssl.provider = null
    ssl.secure.random.implementation = null
    ssl.trustmanager.algorithm = PKIX
    ssl.truststore.certificates = null
    ssl.truststore.location = null
    ssl.truststore.password = null
    ssl.truststore.type = JKS
    value.deserializer = class org.apache.kafka.common.serialization.StringDeserializer

Please note:

    ssl.engine.factory.class = class org.springframework.boot.autoconfigure.kafka.SslBundleSslEngineFactory
ssl.keystore.key = null
    ssl.keystore.location = null
    ssl.keystore.password = null
ssl.truststore.certificates = null
    ssl.truststore.location = null
    ssl.truststore.password = null

To avoid misunderstanding, both solutions are working. I tried adding a bad certificate, but I would get the SSL error. Both approaches are working; I am able to consume the messages.

Issue:

It seems with the new SslBundle construct, values are null, while not.

Thank you for your time reading me.

Wishing you a good day!