diff --git a/kafka-security-samples/kafka-ssl-demo/.gitignore b/kafka-security-samples/kafka-ssl-demo/.gitignore
new file mode 100644
index 0000000..549e00a
--- /dev/null
+++ b/kafka-security-samples/kafka-ssl-demo/.gitignore
@@ -0,0 +1,33 @@
+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
diff --git a/kafka-security-samples/kafka-ssl-demo/.mvn/wrapper/MavenWrapperDownloader.java b/kafka-security-samples/kafka-ssl-demo/.mvn/wrapper/MavenWrapperDownloader.java
new file mode 100644
index 0000000..e76d1f3
--- /dev/null
+++ b/kafka-security-samples/kafka-ssl-demo/.mvn/wrapper/MavenWrapperDownloader.java
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2007-present the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import java.net.*;
+import java.io.*;
+import java.nio.channels.*;
+import java.util.Properties;
+
+public class MavenWrapperDownloader {
+
+ private static final String WRAPPER_VERSION = "0.5.6";
+ /**
+ * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' is provided.
+ */
+ private static final String DEFAULT_DOWNLOAD_URL = "https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/"
+ + WRAPPER_VERSION + "/maven-wrapper-" + WRAPPER_VERSION + ".jar";
+
+ /**
+ * Path to the maven-wrapper.properties file, which might contain a downloadUrl property to
+ * use instead of the default one.
+ */
+ private static final String MAVEN_WRAPPER_PROPERTIES_PATH =
+ ".mvn/wrapper/maven-wrapper.properties";
+
+ /**
+ * Path where the maven-wrapper.jar will be saved to.
+ */
+ private static final String MAVEN_WRAPPER_JAR_PATH =
+ ".mvn/wrapper/maven-wrapper.jar";
+
+ /**
+ * Name of the property which should be used to override the default download url for the wrapper.
+ */
+ private static final String PROPERTY_NAME_WRAPPER_URL = "wrapperUrl";
+
+ public static void main(String args[]) {
+ System.out.println("- Downloader started");
+ File baseDirectory = new File(args[0]);
+ System.out.println("- Using base directory: " + baseDirectory.getAbsolutePath());
+
+ // If the maven-wrapper.properties exists, read it and check if it contains a custom
+ // wrapperUrl parameter.
+ File mavenWrapperPropertyFile = new File(baseDirectory, MAVEN_WRAPPER_PROPERTIES_PATH);
+ String url = DEFAULT_DOWNLOAD_URL;
+ if(mavenWrapperPropertyFile.exists()) {
+ FileInputStream mavenWrapperPropertyFileInputStream = null;
+ try {
+ mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile);
+ Properties mavenWrapperProperties = new Properties();
+ mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream);
+ url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url);
+ } catch (IOException e) {
+ System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'");
+ } finally {
+ try {
+ if(mavenWrapperPropertyFileInputStream != null) {
+ mavenWrapperPropertyFileInputStream.close();
+ }
+ } catch (IOException e) {
+ // Ignore ...
+ }
+ }
+ }
+ System.out.println("- Downloading from: " + url);
+
+ File outputFile = new File(baseDirectory.getAbsolutePath(), MAVEN_WRAPPER_JAR_PATH);
+ if(!outputFile.getParentFile().exists()) {
+ if(!outputFile.getParentFile().mkdirs()) {
+ System.out.println(
+ "- ERROR creating output directory '" + outputFile.getParentFile().getAbsolutePath() + "'");
+ }
+ }
+ System.out.println("- Downloading to: " + outputFile.getAbsolutePath());
+ try {
+ downloadFileFromURL(url, outputFile);
+ System.out.println("Done");
+ System.exit(0);
+ } catch (Throwable e) {
+ System.out.println("- Error downloading");
+ e.printStackTrace();
+ System.exit(1);
+ }
+ }
+
+ private static void downloadFileFromURL(String urlString, File destination) throws Exception {
+ if (System.getenv("MVNW_USERNAME") != null && System.getenv("MVNW_PASSWORD") != null) {
+ String username = System.getenv("MVNW_USERNAME");
+ char[] password = System.getenv("MVNW_PASSWORD").toCharArray();
+ Authenticator.setDefault(new Authenticator() {
+ @Override
+ protected PasswordAuthentication getPasswordAuthentication() {
+ return new PasswordAuthentication(username, password);
+ }
+ });
+ }
+ URL website = new URL(urlString);
+ ReadableByteChannel rbc;
+ rbc = Channels.newChannel(website.openStream());
+ FileOutputStream fos = new FileOutputStream(destination);
+ fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE);
+ fos.close();
+ rbc.close();
+ }
+
+}
diff --git a/kafka-security-samples/kafka-ssl-demo/.mvn/wrapper/maven-wrapper.jar b/kafka-security-samples/kafka-ssl-demo/.mvn/wrapper/maven-wrapper.jar
new file mode 100644
index 0000000..2cc7d4a
Binary files /dev/null and b/kafka-security-samples/kafka-ssl-demo/.mvn/wrapper/maven-wrapper.jar differ
diff --git a/kafka-security-samples/kafka-ssl-demo/.mvn/wrapper/maven-wrapper.properties b/kafka-security-samples/kafka-ssl-demo/.mvn/wrapper/maven-wrapper.properties
new file mode 100644
index 0000000..642d572
--- /dev/null
+++ b/kafka-security-samples/kafka-ssl-demo/.mvn/wrapper/maven-wrapper.properties
@@ -0,0 +1,2 @@
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.3/apache-maven-3.6.3-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar
diff --git a/kafka-security-samples/kafka-ssl-demo/README.adoc b/kafka-security-samples/kafka-ssl-demo/README.adoc
new file mode 100644
index 0000000..bd6be48
--- /dev/null
+++ b/kafka-security-samples/kafka-ssl-demo/README.adoc
@@ -0,0 +1,333 @@
+# Kafka SSL Demo with Spring Cloud stream
+
+This sample application will guide you through how to secure a Kafka broker using SSL and and then connect to that broker from a client application.
+
+### Useful reference for setting up Kafka with SSL
+
+If you want comprehensive details on how to setup a Kafka cluster with SSL/TLS enabled, see these links.
+
+https://docs.confluent.io/current/security/security_tutorial.html
+
+https://kafka.apache.org/documentation/#security
+
+https://jaceklaskowski.gitbooks.io/apache-kafka/content/kafka-security-tls-ssl.html
+
+https://jaceklaskowski.gitbooks.io/apache-kafka/content/kafka-demo-secure-inter-broker-communication.html
+
+https://jaceklaskowski.gitbooks.io/apache-kafka/content/kafka-demo-ssl-authentication.html
+
+## Instructions for securing Kafka with SSL
+
+Create a directory for creating all the SSL related files.
+
+For e.g. `mkdir -p /tmp/kafka-ssl-demo && cd /tmp/kafka-ssl-demo`
+
+### Generate a private key and a self-signed certificate for the CA
+
+```
+$ openssl req \
+ -new \
+ -x509 \
+ -days 365 \
+ -keyout ca.key \
+ -out ca.crt \
+ -subj "/C=US/L=NY/CN=Certificate Authority" \
+ -passout pass:1234
+```
+
+Make sure that you see the following files in the directory.
+
+* ca.key - the private key of the certificate authority
+* ca.crt - public key of the certificate authority
+
+### Generate SSL Keys and Certificate for Kafka Broker
+
+```
+$ keytool \
+ -genkey \
+ -keystore server.keystore \
+ -alias localhost \
+ -dname CN=localhost \
+ -keyalg RSA \
+ -validity 365 \
+ -ext san=dns:localhost \
+ -storepass 123456
+```
+
+Make sure that the `server.keystore` file is generated in the directory.
+
+You can verify its contents.
+
+```
+keytool -list -v -keystore server.keystore -storepass 123456
+```
+
+### Sign broker certificate using Certificate authority
+
+Export the server certificate from `server.keystore`.
+
+```
+$ keytool \
+ -certreq \
+ -keystore server.keystore \
+ -alias localhost \
+ -file server.unsigned.crt \
+ -storepass 123456
+```
+
+Sign the certificate signing request (server.unsigned.crt) with the root certificate authority (CA)
+
+```
+$ openssl x509 \
+ -req \
+ -CA ca.crt \
+ -CAkey ca.key \
+ -in server.unsigned.crt \
+ -out server.crt \
+ -days 365 \
+ -CAcreateserial \
+ -passin pass:1234
+```
+
+You should see the following files now.
+
+* server.unsigned.crt
+* ca.srl
+* server.crt - This is the signed certifacte for the Kafka broker.
+
+### Import Certificate to Kafka broker keystore
+
+Create a SSL keystore for the Kafka broker and import the certificate of the CA into the broker keystore.
+
+```
+$ keytool \
+ -import \
+ -file ca.crt \
+ -keystore server.keystore \
+ -alias ca \
+ -storepass 123456 \
+ -noprompt
+```
+
+Import the signed certificate into the broker keystore.
+
+```
+$ keytool \
+ -import \
+ -file server.crt \
+ -keystore server.keystore \
+ -alias localhost \
+ -storepass 123456 \
+ -noprompt
+```
+
+### Adding trust stores
+
+Now, let us configure the Kafka broker to trust a CA, so that other brokers on the cluster can communicate to it using SSL.
+Note: We will do this demo with a single node, however.
+
+```
+$ keytool \
+ -import \
+ -file ca.crt \
+ -keystore server.truststore \
+ -alias ca \
+ -storepass 123456 \
+ -noprompt
+```
+
+### Setting up the Kafka broker configuration for connecting over SSL
+
+Go to your local Kafka installation and go to the `config` directory.
+`cp server.properties server-ssl.properties`
+
+Edit the file `server-ssl.properties`.
+
+Add the following lines at the end of the file.
+
+```
+listeners=SSL://:9093
+ssl.keystore.location=/tmp/kafka-ssl-demo/server.keystore
+ssl.keystore.password=123456
+ssl.key.password=123456
+```
+
+For inter broker communication over SSL, add the trust store information. However, we are only going to demo a single node cluster for this demo.
+We are adding this only as a reference.
+
+```
+security.inter.broker.protocol=SSL
+ssl.truststore.location=/tmp/kafka-ssl-demo/server.truststore
+ssl.truststore.password=123456
+```
+
+We add the following line to the configuration for disabling hostname verification by setting this to an empty string.
+This should only be disabled for demo and testing purposes.
+
+```
+ssl.endpoint.identification.algorithm=
+```
+
+Finally, require SSL authentication for all client connections.
+
+```
+ssl.client.auth=required
+```
+
+Save the file. At this point, we are ready to start the Kafka broker.
+
+```
+bin/zookeeper-server-start.sh config/zookeeper.properties
+
+bin/kafka-server-start.sh config/server-ssl.properties
+```
+
+Once Kafka is started, let us now verify that we can authenticate from clients using SSL.
+
+### Generating client authentication certificate
+
+Go back to our working directory (`/tmp/kafka-ssl-demo`).
+
+```
+$ keytool \
+ -genkey \
+ -keystore ssldemo.keystore \
+ -alias ssldemo \
+ -dname CN=ssldemo \
+ -keyalg RSA \
+ -validity 365 \
+ -storepass 123456
+```
+
+This should create a new file called `ssldemo.keystore` in the directory.
+
+You can verify its contents by doing the following.
+
+```
+keytool -list -v -keystore ssldemo.keystore -storepass 123456
+```
+
+## Signing client certificate using CA
+
+First, we need to export the client certificate created above.
+
+```
+$ keytool \
+ -certreq \
+ -keystore ssldemo.keystore \
+ -alias ssldemo \
+ -file ssldemo.unsigned.crt \
+ -storepass 123456
+```
+
+Then, we will sign this request.
+
+```
+$ openssl x509 \
+ -req \
+ -CA ca.crt \
+ -CAkey ca.key \
+ -in ssldemo.unsigned.crt \
+ -out ssldemo.crt \
+ -days 365 \
+ -CAcreateserial \
+ -passin pass:1234
+```
+
+You should now see the signed certificate (`ssldemo.crt`) for the client.
+
+### Importing the signed client certificate a Client Keystore
+
+Firt, import the CA certificate to client keystore
+
+```
+$ keytool \
+ -import \
+ -file ca.crt \
+ -keystore ssldemo.keystore \
+ -alias ca \
+ -storepass 123456 \
+ -noprompt
+```
+
+Now, import the signed certificate to the client key store.
+
+```
+$ keytool \
+ -import \
+ -file ssldemo.crt \
+ -keystore ssldemo.keystore \
+ -alias ssldemo \
+ -storepass 123456 \
+ -noprompt
+```
+
+Verify you see both CA and client certificate entries in the key store.
+```
+keytool -list -v -keystore jacek.keystore -storepass 123456
+```
+
+### Import CA Certificate to Client Truststore
+
+```
+$ keytool \
+ -import \
+ -file ca.crt \
+ -keystore client.truststore \
+ -alias ca \
+ -storepass 123456 \
+ -noprompt
+```
+
+Now, we are ready to verify that clients can connect to our secure Kafka using SSL.
+
+### Verify client communication to the brokers
+
+Create a file called `ssldemo-client.properties` and add the following contents.
+
+```
+security.protocol=SSL
+ssl.truststore.location=/Users/sobychacko/kafka-ssl/client.truststore
+ssl.truststore.password=123456
+ssl.keystore.location=/Users/sobychacko/kafka-ssl/jacek.keystore
+ssl.keystore.password=123456
+ssl.key.password=123456
+ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1
+ssl.truststore.type=JKS
+ssl.keystore.type=JKS
+ssl.endpoint.identification.algorithm=
+```
+
+Before we run our Spring Cloud Stream application, lets verify that clients can connect to the broker using the console scripts provided as part of Kafka.
+
+```
+bin/kafka-console-producer.sh --broker-list :9093 --topic ssl-demo --producer.config config/ssldemo-client.properties
+```
+
+For the Consumer
+
+```
+bin/kafka-console-consumer.sh --bootstrap-server localhost:9093 --topic ssl-demo --consumer.config config/ssldemo-client.properties
+```
+
+You should be able to connect to Kafka broker for both producer and consumer successfully.
+
+### Running Spring Cloud Stream Application against this secured Kafka using SSLExamplePart3ConfigureKafka
+
+Build this application.
+
+```
+./mvnw clean package
+```
+
+Then run the resultant jar.
+
+```
+java -jar target/kafka-ssl-demo-0.0.1-SNAPSHOT.jar
+```
+
+Or Run it from an IDE.
+
+Using the console producer script we ran above, produce data to the topic `ssl-demo`.
+The application also is configured to receive from the same topic.
+When producing data, you should see the message getting printed on the application's console.
diff --git a/kafka-security-samples/kafka-ssl-demo/mvnw b/kafka-security-samples/kafka-ssl-demo/mvnw
new file mode 100755
index 0000000..a16b543
--- /dev/null
+++ b/kafka-security-samples/kafka-ssl-demo/mvnw
@@ -0,0 +1,310 @@
+#!/bin/sh
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------------
+# Maven Start Up Batch script
+#
+# Required ENV vars:
+# ------------------
+# JAVA_HOME - location of a JDK home dir
+#
+# Optional ENV vars
+# -----------------
+# M2_HOME - location of maven2's installed home dir
+# MAVEN_OPTS - parameters passed to the Java VM when running Maven
+# e.g. to debug Maven itself, use
+# set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+# MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+# ----------------------------------------------------------------------------
+
+if [ -z "$MAVEN_SKIP_RC" ] ; then
+
+ if [ -f /etc/mavenrc ] ; then
+ . /etc/mavenrc
+ fi
+
+ if [ -f "$HOME/.mavenrc" ] ; then
+ . "$HOME/.mavenrc"
+ fi
+
+fi
+
+# OS specific support. $var _must_ be set to either true or false.
+cygwin=false;
+darwin=false;
+mingw=false
+case "`uname`" in
+ CYGWIN*) cygwin=true ;;
+ MINGW*) mingw=true;;
+ Darwin*) darwin=true
+ # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
+ # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
+ if [ -z "$JAVA_HOME" ]; then
+ if [ -x "/usr/libexec/java_home" ]; then
+ export JAVA_HOME="`/usr/libexec/java_home`"
+ else
+ export JAVA_HOME="/Library/Java/Home"
+ fi
+ fi
+ ;;
+esac
+
+if [ -z "$JAVA_HOME" ] ; then
+ if [ -r /etc/gentoo-release ] ; then
+ JAVA_HOME=`java-config --jre-home`
+ fi
+fi
+
+if [ -z "$M2_HOME" ] ; then
+ ## resolve links - $0 may be a link to maven's home
+ PRG="$0"
+
+ # need this for relative symlinks
+ while [ -h "$PRG" ] ; do
+ ls=`ls -ld "$PRG"`
+ link=`expr "$ls" : '.*-> \(.*\)$'`
+ if expr "$link" : '/.*' > /dev/null; then
+ PRG="$link"
+ else
+ PRG="`dirname "$PRG"`/$link"
+ fi
+ done
+
+ saveddir=`pwd`
+
+ M2_HOME=`dirname "$PRG"`/..
+
+ # make it fully qualified
+ M2_HOME=`cd "$M2_HOME" && pwd`
+
+ cd "$saveddir"
+ # echo Using m2 at $M2_HOME
+fi
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin ; then
+ [ -n "$M2_HOME" ] &&
+ M2_HOME=`cygpath --unix "$M2_HOME"`
+ [ -n "$JAVA_HOME" ] &&
+ JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+ [ -n "$CLASSPATH" ] &&
+ CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
+fi
+
+# For Mingw, ensure paths are in UNIX format before anything is touched
+if $mingw ; then
+ [ -n "$M2_HOME" ] &&
+ M2_HOME="`(cd "$M2_HOME"; pwd)`"
+ [ -n "$JAVA_HOME" ] &&
+ JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
+fi
+
+if [ -z "$JAVA_HOME" ]; then
+ javaExecutable="`which javac`"
+ if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
+ # readlink(1) is not available as standard on Solaris 10.
+ readLink=`which readlink`
+ if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
+ if $darwin ; then
+ javaHome="`dirname \"$javaExecutable\"`"
+ javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
+ else
+ javaExecutable="`readlink -f \"$javaExecutable\"`"
+ fi
+ javaHome="`dirname \"$javaExecutable\"`"
+ javaHome=`expr "$javaHome" : '\(.*\)/bin'`
+ JAVA_HOME="$javaHome"
+ export JAVA_HOME
+ fi
+ fi
+fi
+
+if [ -z "$JAVACMD" ] ; then
+ if [ -n "$JAVA_HOME" ] ; then
+ if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+ # IBM's JDK on AIX uses strange locations for the executables
+ JAVACMD="$JAVA_HOME/jre/sh/java"
+ else
+ JAVACMD="$JAVA_HOME/bin/java"
+ fi
+ else
+ JAVACMD="`which java`"
+ fi
+fi
+
+if [ ! -x "$JAVACMD" ] ; then
+ echo "Error: JAVA_HOME is not defined correctly." >&2
+ echo " We cannot execute $JAVACMD" >&2
+ exit 1
+fi
+
+if [ -z "$JAVA_HOME" ] ; then
+ echo "Warning: JAVA_HOME environment variable is not set."
+fi
+
+CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
+
+# traverses directory structure from process work directory to filesystem root
+# first directory with .mvn subdirectory is considered project base directory
+find_maven_basedir() {
+
+ if [ -z "$1" ]
+ then
+ echo "Path not specified to find_maven_basedir"
+ return 1
+ fi
+
+ basedir="$1"
+ wdir="$1"
+ while [ "$wdir" != '/' ] ; do
+ if [ -d "$wdir"/.mvn ] ; then
+ basedir=$wdir
+ break
+ fi
+ # workaround for JBEAP-8937 (on Solaris 10/Sparc)
+ if [ -d "${wdir}" ]; then
+ wdir=`cd "$wdir/.."; pwd`
+ fi
+ # end of workaround
+ done
+ echo "${basedir}"
+}
+
+# concatenates all lines of a file
+concat_lines() {
+ if [ -f "$1" ]; then
+ echo "$(tr -s '\n' ' ' < "$1")"
+ fi
+}
+
+BASE_DIR=`find_maven_basedir "$(pwd)"`
+if [ -z "$BASE_DIR" ]; then
+ exit 1;
+fi
+
+##########################################################################################
+# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+# This allows using the maven wrapper in projects that prohibit checking in binary data.
+##########################################################################################
+if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then
+ if [ "$MVNW_VERBOSE" = true ]; then
+ echo "Found .mvn/wrapper/maven-wrapper.jar"
+ fi
+else
+ if [ "$MVNW_VERBOSE" = true ]; then
+ echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..."
+ fi
+ if [ -n "$MVNW_REPOURL" ]; then
+ jarUrl="$MVNW_REPOURL/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
+ else
+ jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
+ fi
+ while IFS="=" read key value; do
+ case "$key" in (wrapperUrl) jarUrl="$value"; break ;;
+ esac
+ done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties"
+ if [ "$MVNW_VERBOSE" = true ]; then
+ echo "Downloading from: $jarUrl"
+ fi
+ wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar"
+ if $cygwin; then
+ wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"`
+ fi
+
+ if command -v wget > /dev/null; then
+ if [ "$MVNW_VERBOSE" = true ]; then
+ echo "Found wget ... using wget"
+ fi
+ if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
+ wget "$jarUrl" -O "$wrapperJarPath"
+ else
+ wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath"
+ fi
+ elif command -v curl > /dev/null; then
+ if [ "$MVNW_VERBOSE" = true ]; then
+ echo "Found curl ... using curl"
+ fi
+ if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
+ curl -o "$wrapperJarPath" "$jarUrl" -f
+ else
+ curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f
+ fi
+
+ else
+ if [ "$MVNW_VERBOSE" = true ]; then
+ echo "Falling back to using Java to download"
+ fi
+ javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java"
+ # For Cygwin, switch paths to Windows format before running javac
+ if $cygwin; then
+ javaClass=`cygpath --path --windows "$javaClass"`
+ fi
+ if [ -e "$javaClass" ]; then
+ if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
+ if [ "$MVNW_VERBOSE" = true ]; then
+ echo " - Compiling MavenWrapperDownloader.java ..."
+ fi
+ # Compiling the Java class
+ ("$JAVA_HOME/bin/javac" "$javaClass")
+ fi
+ if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
+ # Running the downloader
+ if [ "$MVNW_VERBOSE" = true ]; then
+ echo " - Running MavenWrapperDownloader.java ..."
+ fi
+ ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR")
+ fi
+ fi
+ fi
+fi
+##########################################################################################
+# End of extension
+##########################################################################################
+
+export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
+if [ "$MVNW_VERBOSE" = true ]; then
+ echo $MAVEN_PROJECTBASEDIR
+fi
+MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+ [ -n "$M2_HOME" ] &&
+ M2_HOME=`cygpath --path --windows "$M2_HOME"`
+ [ -n "$JAVA_HOME" ] &&
+ JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
+ [ -n "$CLASSPATH" ] &&
+ CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
+ [ -n "$MAVEN_PROJECTBASEDIR" ] &&
+ MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
+fi
+
+# Provide a "standardized" way to retrieve the CLI args that will
+# work with both Windows and non-Windows executions.
+MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@"
+export MAVEN_CMD_LINE_ARGS
+
+WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+exec "$JAVACMD" \
+ $MAVEN_OPTS \
+ -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
+ "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
+ ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
diff --git a/kafka-security-samples/kafka-ssl-demo/mvnw.cmd b/kafka-security-samples/kafka-ssl-demo/mvnw.cmd
new file mode 100644
index 0000000..c8d4337
--- /dev/null
+++ b/kafka-security-samples/kafka-ssl-demo/mvnw.cmd
@@ -0,0 +1,182 @@
+@REM ----------------------------------------------------------------------------
+@REM Licensed to the Apache Software Foundation (ASF) under one
+@REM or more contributor license agreements. See the NOTICE file
+@REM distributed with this work for additional information
+@REM regarding copyright ownership. The ASF licenses this file
+@REM to you under the Apache License, Version 2.0 (the
+@REM "License"); you may not use this file except in compliance
+@REM with the License. You may obtain a copy of the License at
+@REM
+@REM https://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing,
+@REM software distributed under the License is distributed on an
+@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@REM KIND, either express or implied. See the License for the
+@REM specific language governing permissions and limitations
+@REM under the License.
+@REM ----------------------------------------------------------------------------
+
+@REM ----------------------------------------------------------------------------
+@REM Maven Start Up Batch script
+@REM
+@REM Required ENV vars:
+@REM JAVA_HOME - location of a JDK home dir
+@REM
+@REM Optional ENV vars
+@REM M2_HOME - location of maven2's installed home dir
+@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
+@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
+@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
+@REM e.g. to debug Maven itself, use
+@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+@REM ----------------------------------------------------------------------------
+
+@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
+@echo off
+@REM set title of command window
+title %0
+@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
+@if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO%
+
+@REM set %HOME% to equivalent of $HOME
+if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
+
+@REM Execute a user defined script before this one
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
+@REM check for pre script, once with legacy .bat ending and once with .cmd ending
+if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
+if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
+:skipRcPre
+
+@setlocal
+
+set ERROR_CODE=0
+
+@REM To isolate internal variables from possible post scripts, we use another setlocal
+@setlocal
+
+@REM ==== START VALIDATION ====
+if not "%JAVA_HOME%" == "" goto OkJHome
+
+echo.
+echo Error: JAVA_HOME not found in your environment. >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+:OkJHome
+if exist "%JAVA_HOME%\bin\java.exe" goto init
+
+echo.
+echo Error: JAVA_HOME is set to an invalid directory. >&2
+echo JAVA_HOME = "%JAVA_HOME%" >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+@REM ==== END VALIDATION ====
+
+:init
+
+@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
+@REM Fallback to current working directory if not found.
+
+set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
+IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
+
+set EXEC_DIR=%CD%
+set WDIR=%EXEC_DIR%
+:findBaseDir
+IF EXIST "%WDIR%"\.mvn goto baseDirFound
+cd ..
+IF "%WDIR%"=="%CD%" goto baseDirNotFound
+set WDIR=%CD%
+goto findBaseDir
+
+:baseDirFound
+set MAVEN_PROJECTBASEDIR=%WDIR%
+cd "%EXEC_DIR%"
+goto endDetectBaseDir
+
+:baseDirNotFound
+set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
+cd "%EXEC_DIR%"
+
+:endDetectBaseDir
+
+IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
+
+@setlocal EnableExtensions EnableDelayedExpansion
+for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
+@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
+
+:endReadAdditionalConfig
+
+SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
+set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
+set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
+
+FOR /F "tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
+ IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
+)
+
+@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+@REM This allows using the maven wrapper in projects that prohibit checking in binary data.
+if exist %WRAPPER_JAR% (
+ if "%MVNW_VERBOSE%" == "true" (
+ echo Found %WRAPPER_JAR%
+ )
+) else (
+ if not "%MVNW_REPOURL%" == "" (
+ SET DOWNLOAD_URL="%MVNW_REPOURL%/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
+ )
+ if "%MVNW_VERBOSE%" == "true" (
+ echo Couldn't find %WRAPPER_JAR%, downloading it ...
+ echo Downloading from: %DOWNLOAD_URL%
+ )
+
+ powershell -Command "&{"^
+ "$webclient = new-object System.Net.WebClient;"^
+ "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
+ "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
+ "}"^
+ "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^
+ "}"
+ if "%MVNW_VERBOSE%" == "true" (
+ echo Finished downloading %WRAPPER_JAR%
+ )
+)
+@REM End of extension
+
+@REM Provide a "standardized" way to retrieve the CLI args that will
+@REM work with both Windows and non-Windows executions.
+set MAVEN_CMD_LINE_ARGS=%*
+
+%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
+if ERRORLEVEL 1 goto error
+goto end
+
+:error
+set ERROR_CODE=1
+
+:end
+@endlocal & set ERROR_CODE=%ERROR_CODE%
+
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
+@REM check for post script, once with legacy .bat ending and once with .cmd ending
+if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
+if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
+:skipRcPost
+
+@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
+if "%MAVEN_BATCH_PAUSE%" == "on" pause
+
+if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
+
+exit /B %ERROR_CODE%
diff --git a/kafka-security-samples/kafka-ssl-demo/pom.xml b/kafka-security-samples/kafka-ssl-demo/pom.xml
new file mode 100644
index 0000000..9c08a64
--- /dev/null
+++ b/kafka-security-samples/kafka-ssl-demo/pom.xml
@@ -0,0 +1,80 @@
+
+
+ 4.0.0
+
+ org.springframework.boot
+ spring-boot-starter-parent
+ 2.3.3.RELEASE
+
+
+ kafka.ssl.demo
+ kafka-ssl-demo
+ 0.0.1-SNAPSHOT
+ kafka-ssl-demo
+ Demo project for Spring Boot
+
+
+ 11
+ Hoxton.SR8
+
+
+
+
+ org.springframework.cloud
+ spring-cloud-stream
+
+
+ org.springframework.cloud
+ spring-cloud-stream-binder-kafka
+
+
+ org.springframework.kafka
+ spring-kafka
+
+
+
+ org.springframework.boot
+ spring-boot-starter-test
+ test
+
+
+ org.junit.vintage
+ junit-vintage-engine
+
+
+
+
+ org.springframework.cloud
+ spring-cloud-stream-test-support
+ test
+
+
+ org.springframework.kafka
+ spring-kafka-test
+ test
+
+
+
+
+
+
+ org.springframework.cloud
+ spring-cloud-dependencies
+ ${spring-cloud.version}
+ pom
+ import
+
+
+
+
+
+
+
+ org.springframework.boot
+ spring-boot-maven-plugin
+
+
+
+
+
diff --git a/kafka-security-samples/kafka-ssl-demo/src/main/java/kafka/ssl/demo/KafkaSslDemoApplication.java b/kafka-security-samples/kafka-ssl-demo/src/main/java/kafka/ssl/demo/KafkaSslDemoApplication.java
new file mode 100644
index 0000000..bd3cf41
--- /dev/null
+++ b/kafka-security-samples/kafka-ssl-demo/src/main/java/kafka/ssl/demo/KafkaSslDemoApplication.java
@@ -0,0 +1,20 @@
+package kafka.ssl.demo;
+
+import java.util.function.Consumer;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Bean;
+
+@SpringBootApplication
+public class KafkaSslDemoApplication {
+
+ public static void main(String[] args) {
+ SpringApplication.run(KafkaSslDemoApplication.class, args);
+ }
+
+ @Bean
+ public Consumer consumer() {
+ return s -> System.out.println("Message Received: " + s);
+ }
+}
diff --git a/kafka-security-samples/kafka-ssl-demo/src/main/resources/application.yml b/kafka-security-samples/kafka-ssl-demo/src/main/resources/application.yml
new file mode 100644
index 0000000..e16b969
--- /dev/null
+++ b/kafka-security-samples/kafka-ssl-demo/src/main/resources/application.yml
@@ -0,0 +1,17 @@
+spring.cloud.stream:
+ bindings:
+ consumer-in-0:
+ destination: ssl-demo
+ kafka.binder:
+ brokers: localhost:9093
+ configuration:
+ security.protocol: SSL
+ ssl.truststore.location: /tmp/kafka-ssl-demo/client.truststore
+ ssl.truststore.password: 123456
+ ssl.keystore.location: /tmp/kafka-ssl-demo/ssldemo.keystore
+ ssl.keystore.password: 123456
+ ssl.key.password: 123456
+ ssl.enabled.protocols: TLSv1.2,TLSv1.1,TLSv1
+ ssl.truststore.type: JKS
+ ssl.keystore.type: JKS
+ ssl.endpoint.identification.algorithm:
\ No newline at end of file
diff --git a/kafka-security-samples/kafka-ssl-demo/src/test/java/kafka/ssl/demo/KafkaSslDemoApplicationTests.java b/kafka-security-samples/kafka-ssl-demo/src/test/java/kafka/ssl/demo/KafkaSslDemoApplicationTests.java
new file mode 100644
index 0000000..c9ef90a
--- /dev/null
+++ b/kafka-security-samples/kafka-ssl-demo/src/test/java/kafka/ssl/demo/KafkaSslDemoApplicationTests.java
@@ -0,0 +1,13 @@
+package kafka.ssl.demo;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class KafkaSslDemoApplicationTests {
+
+ @Test
+ void contextLoads() {
+ }
+
+}
diff --git a/kafka-security-samples/pom.xml b/kafka-security-samples/pom.xml
new file mode 100644
index 0000000..a006179
--- /dev/null
+++ b/kafka-security-samples/pom.xml
@@ -0,0 +1,20 @@
+
+
+ 4.0.0
+ io.spring.cloud.stream.sample
+ kafka-security-samples
+ 0.0.1-SNAPSHOT
+ kafka-security-samples
+ Kafka Security Samples
+ pom
+
+
+ 8
+
+
+
+ kafka-ssl-demo
+
+
+
diff --git a/pom.xml b/pom.xml
index 650daf0..589c140 100644
--- a/pom.xml
+++ b/pom.xml
@@ -33,6 +33,7 @@
kafka-e2e-kotlin-sample
kafka-native-serialization
function-based-stream-app-samples
+ kafka-security-samples