Giter VIP home page Giter VIP logo

Comments (4)

mostafa avatar mostafa commented on September 25, 2024 1

@luminorena

This is the mapping:

  • clientCertsPem => keystore.pem
  • clientKeyPem => keystore.pem
  • serverCaPem => truststore.pem

In your case, the keystore.pem store both the certificate and the private key. So, you must split them before use, see this. Also, PEM is a de facto standard supported by Go and xk6-kafka uses Go standard library to load PEM files.

from xk6-kafka.

luminorena avatar luminorena commented on September 25, 2024 1

Many thanks! Everything works now. I see a message in Kafka Tool :)

from xk6-kafka.

mostafa avatar mostafa commented on September 25, 2024

Hey @luminorena,

xk6-kafka supports two formats: JKS with PKCS#8 and PEM. If you have certificates in any other format, they should be converted to either of these. The LoadJKS function is a convenience function to convert JKS files to PEM before being consumed by TLS config. The function extracts the certificates into the same directory as the JKS file. The address of the files are then returned as an object, which in your case is called: truststore. The tlsConfig only supports a single certificate for each of the keys, so if you specify multiple keys, they will be overridden by JS. Also, it is your job to determine the index of the correct client certificate in the clientCertsPem property in truststore and you don't need to specify all.

from xk6-kafka.

luminorena avatar luminorena commented on September 25, 2024

Hi, @mostafa

I've converted pfx (which is actually the equivalent of PKCS#12) to pem and got two certs as a result - one for keystore and the other for truststore.
You write The tlsConfig only supports a single certificate for each of the keys, so if you specify multiple keys, they will be overridden by JS.

But in your library the certs are divided into several parts depending on the cert inside: clientCersPem, clientKeyPem and serverCaPem.
Is it possible to use only two certs (keystore.pem and truststore.pem) each of which contains all types of necessary certs?

UPD: I remember your library doesn't work with PKCS#12, so I've created PEM. And I don't know if it could work with such a PEM. I can also convert the resulted PEM into pure PKCS8 format, but I'm not sure where to use it to get a working cert.

UPD2: Is there any character escaping in LoadJks function, e.g. should I escape dot somehow or maybe the other characters?

from xk6-kafka.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.