GH-1170: Schema registry certificates

Move classpath: resources provided as schema registry certificates into a local file system location. Adding test and docs. Resolves https://github.com/spring-cloud/spring-cloud-stream-binder-kafka/issues/1170
2021-11-23 15:56:52 -05:00
parent f9dfbe09f7
commit e9a8b4af7e
3 changed files with 55 additions and 14 deletions
--- a/spring-cloud-stream-binder-kafka-core/src/main/java/org/springframework/cloud/stream/binder/kafka/properties/KafkaBinderConfigurationProperties.java
+++ b/spring-cloud-stream-binder-kafka-core/src/main/java/org/springframework/cloud/stream/binder/kafka/properties/KafkaBinderConfigurationProperties.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 the original author or authors.
+ * Copyright 2015-2021 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -163,24 +163,44 @@ public class KafkaBinderConfigurationProperties {

 	private void moveCertsToFileSystemIfNecessary() {
 		try {
-			final String trustStoreLocation = this.configuration.get("ssl.truststore.location");
-			if (trustStoreLocation != null && trustStoreLocation.startsWith("classpath:")) {
-				final String fileSystemLocation = moveCertToFileSystem(trustStoreLocation, this.certificateStoreDirectory);
-				// Overriding the value with absolute filesystem path.
-				this.configuration.put("ssl.truststore.location", fileSystemLocation);
-			}
-			final String keyStoreLocation = this.configuration.get("ssl.keystore.location");
-			if (keyStoreLocation != null && keyStoreLocation.startsWith("classpath:")) {
-				final String fileSystemLocation = moveCertToFileSystem(keyStoreLocation, this.certificateStoreDirectory);
-				// Overriding the value with absolute filesystem path.
-				this.configuration.put("ssl.keystore.location", fileSystemLocation);
-			}
+			moveBrokerCertsIfApplicable();
+			moveSchemaRegistryCertsIfApplicable();
 		}
 		catch (Exception e) {
 			throw new IllegalStateException(e);
 		}
 	}

+	private void moveBrokerCertsIfApplicable() throws IOException {
+		final String trustStoreLocation = this.configuration.get("ssl.truststore.location");
+		if (trustStoreLocation != null && trustStoreLocation.startsWith("classpath:")) {
+			final String fileSystemLocation = moveCertToFileSystem(trustStoreLocation, this.certificateStoreDirectory);
+			// Overriding the value with absolute filesystem path.
+			this.configuration.put("ssl.truststore.location", fileSystemLocation);
+		}
+		final String keyStoreLocation = this.configuration.get("ssl.keystore.location");
+		if (keyStoreLocation != null && keyStoreLocation.startsWith("classpath:")) {
+			final String fileSystemLocation = moveCertToFileSystem(keyStoreLocation, this.certificateStoreDirectory);
+			// Overriding the value with absolute filesystem path.
+			this.configuration.put("ssl.keystore.location", fileSystemLocation);
+		}
+	}
+
+	private void moveSchemaRegistryCertsIfApplicable() throws IOException {
+		String trustStoreLocation = this.configuration.get("schema.registry.ssl.truststore.location");
+		if (trustStoreLocation != null && trustStoreLocation.startsWith("classpath:")) {
+			final String fileSystemLocation = moveCertToFileSystem(trustStoreLocation, this.certificateStoreDirectory);
+			// Overriding the value with absolute filesystem path.
+			this.configuration.put("schema.registry.ssl.truststore.location", fileSystemLocation);
+		}
+		final String keyStoreLocation = this.configuration.get("schema.registry.ssl.keystore.location");
+		if (keyStoreLocation != null && keyStoreLocation.startsWith("classpath:")) {
+			final String fileSystemLocation = moveCertToFileSystem(keyStoreLocation, this.certificateStoreDirectory);
+			// Overriding the value with absolute filesystem path.
+			this.configuration.put("schema.registry.ssl.keystore.location", fileSystemLocation);
+		}
+	}
+
 	private String moveCertToFileSystem(String classpathLocation, String fileSystemLocation) throws IOException {
 		File targetFile;
 		final String tempDir = System.getProperty("java.io.tmpdir");
--- a/spring-cloud-stream-binder-kafka-core/src/test/java/org/springframework/cloud/stream/binder/kafka/properties/KafkaBinderConfigurationPropertiesTest.java
+++ b/spring-cloud-stream-binder-kafka-core/src/test/java/org/springframework/cloud/stream/binder/kafka/properties/KafkaBinderConfigurationPropertiesTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2019 the original author or authors.
+ * Copyright 2018-2021 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -142,4 +142,22 @@ public class KafkaBinderConfigurationPropertiesTest {
 		assertThat(configuration.get("ssl.keystore.location")).isEqualTo(
 				Paths.get(Files.currentFolder().toString(), "target", "testclient.keystore").toString());
 	}
+
+	@Test
+	public void testCertificateFilesAreMovedForSchemaRegistryConfiguration() {
+		KafkaProperties kafkaProperties = new KafkaProperties();
+		KafkaBinderConfigurationProperties kafkaBinderConfigurationProperties =
+				new KafkaBinderConfigurationProperties(kafkaProperties);
+		final Map<String, String> configuration = kafkaBinderConfigurationProperties.getConfiguration();
+		configuration.put("schema.registry.ssl.truststore.location", "classpath:testclient.truststore");
+		configuration.put("schema.registry.ssl.keystore.location", "classpath:testclient.keystore");
+		kafkaBinderConfigurationProperties.setCertificateStoreDirectory("target");
+
+		kafkaBinderConfigurationProperties.getKafkaConnectionString();
+
+		assertThat(configuration.get("schema.registry.ssl.truststore.location")).isEqualTo(
+				Paths.get(Files.currentFolder().toString(), "target", "testclient.truststore").toString());
+		assertThat(configuration.get("schema.registry.ssl.keystore.location")).isEqualTo(
+				Paths.get(Files.currentFolder().toString(), "target", "testclient.keystore").toString());
+	}
 }