--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+
+<!-- ============================================================= -->
+<!-- Configure the Jetty Server instance with an ID "Server" -->
+<!-- by adding a HTTP connector. -->
+<!-- This configuration must be used in conjunction with jetty.xml -->
+<!-- ============================================================= -->
+<Configure id="Server" class="org.eclipse.jetty.server.Server">
+
+ <!-- =========================================================== -->
+ <!-- Add a HTTP Connector. -->
+ <!-- Configure an o.e.j.server.ServerConnector with a single -->
+ <!-- HttpConnectionFactory instance using the common httpConfig -->
+ <!-- instance defined in jetty.xml -->
+ <!-- -->
+ <!-- Consult the javadoc of o.e.j.server.ServerConnector and -->
+ <!-- o.e.j.server.HttpConnectionFactory for all configuration -->
+ <!-- that may be set here. -->
+ <!-- =========================================================== -->
+ <Call name="addConnector">
+ <Arg>
+ <New class="org.eclipse.jetty.server.ServerConnector">
+ <Arg name="server"><Ref refid="Server" /></Arg>
+ <Arg name="factories">
+ <Array type="org.eclipse.jetty.server.ConnectionFactory">
+ <Item>
+ <New class="org.eclipse.jetty.server.HttpConnectionFactory">
+ <Arg name="config"><Ref refid="httpConfig" /></Arg>
+ </New>
+ </Item>
+ </Array>
+ </Arg>
+ <Set name="host"><Property name="jetty.host" /></Set>
+ <Set name="port"><Property name="jetty.port" default="8080" /></Set>
+ <Set name="idleTimeout"><Property name="http.timeout" default="30000"/></Set>
+ </New>
+ </Arg>
+ </Call>
+
+</Configure>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+
+<!-- ============================================================= -->
+<!-- Configure a HTTPS connector. -->
+<!-- This configuration must be used in conjunction with jetty.xml -->
+<!-- and jetty-ssl.xml. -->
+<!-- ============================================================= -->
+<Configure id="Server" class="org.eclipse.jetty.server.Server">
+
+ <!-- =========================================================== -->
+ <!-- Add a HTTPS Connector. -->
+ <!-- Configure an o.e.j.server.ServerConnector with connection -->
+ <!-- factories for TLS (aka SSL) and HTTP to provide HTTPS. -->
+ <!-- All accepted TLS connections are wired to a HTTP connection.-->
+ <!-- -->
+ <!-- Consult the javadoc of o.e.j.server.ServerConnector, -->
+ <!-- o.e.j.server.SslConnectionFactory and -->
+ <!-- o.e.j.server.HttpConnectionFactory for all configuration -->
+ <!-- that may be set here. -->
+ <!-- =========================================================== -->
+ <Call id="httpsConnector" name="addConnector">
+ <Arg>
+ <New class="org.eclipse.jetty.server.ServerConnector">
+ <Arg name="server"><Ref refid="Server" /></Arg>
+ <Arg name="factories">
+ <Array type="org.eclipse.jetty.server.ConnectionFactory">
+ <Item>
+ <New class="org.eclipse.jetty.server.SslConnectionFactory">
+ <Arg name="next">http/1.1</Arg>
+ <Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
+ </New>
+ </Item>
+ <Item>
+ <New class="org.eclipse.jetty.server.HttpConnectionFactory">
+ <Arg name="config"><Ref refid="sslHttpConfig"/></Arg>
+ </New>
+ </Item>
+ </Array>
+ </Arg>
+ <Set name="host"><Property name="jetty.host" /></Set>
+ <Set name="port"><Property name="https.port" default="8443" /></Set>
+ <Set name="idleTimeout"><Property name="https.timeout" default="30000"/></Set>
+ </New>
+ </Arg>
+ </Call>
+</Configure>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+
+<!-- ============================================================= -->
+<!-- Configure a TLS (SSL) Context Factory -->
+<!-- This configuration must be used in conjunction with jetty.xml -->
+<!-- and either jetty-https.xml or jetty-spdy.xml (but not both) -->
+<!-- ============================================================= -->
+<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
+ <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="src/test/resources/jetty.keystore"/></Set>
+ <Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="secret"/></Set>
+ <Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="secret"/></Set>
+ <Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.truststore" default="src/test/resources/jetty.keystore"/></Set>
+ <Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="secret"/></Set>
+ <Set name="EndpointIdentificationAlgorithm"></Set>
+ <Set name="ExcludeCipherSuites">
+ <Array type="String">
+ <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
+ <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
+ <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
+ <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
+ <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
+ <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
+ <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
+ </Array>
+ </Set>
+
+ <!-- =========================================================== -->
+ <!-- Create a TLS specific HttpConfiguration based on the -->
+ <!-- common HttpConfiguration defined in jetty.xml -->
+ <!-- Add a SecureRequestCustomizer to extract certificate and -->
+ <!-- session information -->
+ <!-- =========================================================== -->
+ <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
+ <Arg><Ref refid="httpConfig"/></Arg>
+ <Call name="addCustomizer">
+ <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
+ </Call>
+ </New>
+
+</Configure>
--- /dev/null
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+
+<!-- ============================================================= -->
+<!-- Configure the Http Configuration -->
+<!-- ============================================================= -->
+<Configure id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
+ <Set name="secureScheme">https</Set>
+ <Set name="securePort"><Property name="jetty.secure.port" default="8443" /></Set>
+ <Set name="outputBufferSize">32768</Set>
+ <Set name="requestHeaderSize">8192</Set>
+ <Set name="responseHeaderSize">8192</Set>
+ <Set name="sendServerVersion">true</Set>
+ <Set name="sendDateHeader">false</Set>
+ <Set name="headerCacheSize">512</Set>
+
+ <!-- Uncomment to enable handling of X-Forwarded- style headers
+ <Call name="addCustomizer">
+ <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
+ </Call>
+ -->
+</Configure>
--- /dev/null
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+
+ <meta charset="utf-8">
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+
+ <title>Example how to replace text by a graphic</title>
+
+ <style type="text/css">
+ h1
+ {
+ text-indent: -99em;
+ line-height: 0;
+ }
+ h1:after
+ {
+ display: block;
+ text-indent: 0;
+ content: "blub";
+ }
+ </style>
+</head>
+
+ <body>
+ <h1>Bla</h1>
+ </body>
+
+</html>
--- /dev/null
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+
+ <meta charset="utf-8">
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1">
+
+ <title>Example how to replace text by a graphic</title>
+
+ <style type="text/css">
+ h1
+ {
+ text-indent: -99em;
+ line-height: 0;
+ }
+ h1:after
+ {
+ display: block;
+ text-indent: 0;
+ content: url("data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxMzAuNiIgaGVpZ2h0PSI3MC42IiB2ZXJzaW9uPSIxLjEiPjxzdHlsZT4uczB7ZmlsbDpub25lO308L3N0eWxlPjxnIHRyYW5zZm9ybT0idHJhbnNsYXRlKC05NS4wNDkyMTUsLTM3OS45MDg3OSkiPjx0ZXh0IHhtbDpzcGFjZT0icHJlc2VydmUiIHg9IjMwNC4xIiB5PSI1OTguOCIgc3R5bGU9ImZpbGw6IzAwMDtmb250LWZhbWlseTpTYW5zO2ZvbnQtc2l6ZTo0MDtsZXR0ZXItc3BhY2luZzowO2xpbmUtaGVpZ2h0OjEyNTt3b3JkLXNwYWNpbmc6MCI+PHRzcGFuIHg9IjMwNC4xIiB5PSI1OTguOCIvPjwvdGV4dD48cGF0aCBkPSJtOTUgMzc5LjljMCAyNS41IDAgNDggMCA3MC42IDQ1LjkgMCA5MC4xIDAgMTMwLjYgMCAwLTIxLjggMC00My41IDAtNjUuM2wwLTUuM2MtNDQuOSAwLTg5IDAtMTMwLjYgMHptMTguMiAxMC42IDM0LjMgMC0xNy4yIDE3LjJ6bTUyLjUgMCA0OS40IDAgMCA0OS40LTQ5LjQgMHptMjQuNyA2Yy0xMC4zIDAtMTguNyA4LjQtMTguNyAxOC43IDAgMTAuMyA4LjQgMTguNyAxOC43IDE4LjcgMTAuMyAwIDE4LjctOC40IDE4LjctMTguNyAwLTEwLjMtOC40LTE4LjctMTguNy0xOC43em0tODQuNyAxLjVjOC4yIDguMiAxNi41IDE2LjUgMjQuNyAyNC43IDguMi04LjIgMTYuNS0xNi41IDI0LjctMjQuN2wwIDQxLjktNDkuNCAwem04NC43IDkuMWM0LjUgMCA4LjEgMy42IDguMSA4LjEgMCA0LjUtMy41IDguMS04LjEgOC4xLTQuNSAwLTguMS0zLjUtOC4xLTguMSAwLTQuNSAzLjUtOC4xIDguMS04LjF6IiBzdHlsZT0iLWlua3NjYXBlLWZvbnQtc3BlY2lmaWNhdGlvbjpTYW5zO2Jhc2VsaW5lLXNoaWZ0OmJhc2VsaW5lO2Jsb2NrLXByb2dyZXNzaW9uOnRiO2RpcmVjdGlvbjpsdHI7ZmlsbDojMDAwO2ZvbnQtZmFtaWx5OlNhbnM7Zm9udC1zaXplOm1lZGl1bTtsZXR0ZXItc3BhY2luZzpub3JtYWw7bGluZS1oZWlnaHQ6bm9ybWFsO3RleHQtYWxpZ246c3RhcnQ7dGV4dC1hbmNob3I6c3RhcnQ7dGV4dC1kZWNvcmF0aW9uOm5vbmU7dGV4dC1pbmRlbnQ6MDt0ZXh0LXRyYW5zZm9ybTpub25lO3dvcmQtc3BhY2luZzpub3JtYWw7d3JpdGluZy1tb2RlOmxyLXRiIi8+PHJlY3Qgd2lkdGg9IjEzMC42IiBoZWlnaHQ9IjcwLjYiIHg9Ijk1IiB5PSIzNzkuOSIgZmlsbD0ibm9uZSIvPjxyZWN0IHdpZHRoPSI1LjciIGhlaWdodD0iNzcuNSIgeD0iMTYwIiB5PSIzNjIuNCIgZmlsbD0ibm9uZSIvPjxyZWN0IHdpZHRoPSI2NS43IiBoZWlnaHQ9IjE3LjUiIHg9IjE2MCIgeT0iMzYyLjQiIGZpbGw9Im5vbmUiLz48L2c+PC9zdmc+");
+ }
+ </style>
+</head>
+
+ <body>
+ <h1>mo</h1>
+ </body>
+
+</html>
--- /dev/null
+<!DOCTYPE html>
+<title>Example 01</title>
+<header>
+ <h2>Header</h2>
+ <nav>Navigation</nav>
+</header>
+<main>
+ <h1>Main</h1>
+ <section>
+ <h2>Section I</h2>
+ </section>
+ <section>
+ <h2>Section II</h2>
+ <section>
+ <h3>Subsection a</h3>
+ </section>
+ <section>
+ <h3>Subsection b</h3>
+ </section>
+ </section>
+ <section>
+ <h2>Section III</h2>
+ <section>
+ <h3>Subsection a</h3>
+ </section>
+ </section>
+</main>
+<aside>
+ <h1>Aside</h1>
+</aside>
+<footer>
+ <h2>Footer</h2>
+</footer>
--- /dev/null
+<!DOCTYPE html>
+<title>Example 02</title>
+<header>
+ <h2>Header</h2>
+ <nav>
+ <header><h3>Navigation</h3></header>
+ </nav>
+</header>
+<main>
+ <header><h1>Main</h1></header>
+ <section>
+ <header><h2>Section I</h2></header>
+ </section>
+ <section>
+ <header><h2>Section II</h2></header>
+ <section>
+ <header><h3>Subsection a</h3></header>
+ </section>
+ <section>
+ <header><h3>Subsection b</h3></header>
+ </section>
+ </section>
+ <section>
+ <header><h2>Section III</h2></header>
+ <section>
+ <header><h3>Subsection a</h3></header>
+ </section>
+ </section>
+</main>
+<aside>
+ <header><h1>Aside</h1></header>
+</aside>
+<footer>
+ <header><h2>Footer</h2></header>
+</footer>
--- /dev/null
+<!DOCTYPE html>
+<title>Example 03</title>
+<header>
+ <h2>Header</h2>
+ <nav>
+ <header><h3>Navigation</h333></header>
+ </nav>
+</header>
+<article>
+ <header><h1>Article (Main)</h1></header>
+ <section>
+ <header><h2>Section I</h2></header>
+ </section>
+ <section>
+ <header><h2>Section II</h2></header>
+ <section>
+ <header><h3>Subsection a</h3></header>
+ </section>
+ <section>
+ <header><h3>Subsection b</h3></header>
+ </section>
+ </section>
+ <section>
+ <header><h2>Section III</h2></header>
+ <section>
+ <header><h3>Subsection a</h3></header>
+ </section>
+ </section>
+</article>
+<aside>
+ <header><h1>Aside</h1></header>
+</aside>
+<footer>
+ <header><h2>Footer</h2></header>
+</footer>
--- /dev/null
+<!DOCTYPE html>
+<title>Example 04</title>
+<article>
+ Main
+ <section>
+ Section I
+ </section>
+ <section>
+ Section II
+ <section>
+ Subsection a
+ </section>
+ <section>
+ Subsection b
+ </section>
+ </section>
+ <section>
+ Section III
+ <section>
+ Subsection a
+ </section>
+ </section>
+</main>
--- /dev/null
+<!DOCTYPE html>
+<title>Example 05</title>
+<h1>Page</h1>
+<article>
+ <h1>Article</h1>
+ <section>
+ <h1>Section I</h1>
+ </section>
+ <section>
+ <h1>Section II</h1>
+ <section>
+ <h1>Subsection a</h1>
+ </section>
+ <section>
+ <h1>Subsection b</h1>
+ </section>
+ </section>
+ <section>
+ <h1>Section III</h1>
+ <section>
+ <h1>Subsection a</h1>
+ </section>
+ </section>
+</article>
--- /dev/null
+<!DOCTYPE html>
+<title>Example 06</title>
+<header>Page</header>
+<main>Main</main>
+<footer>Footer</footer>
--- /dev/null
+<!DOCTYPE html>
+<title>Example 07</title>
+<header><h2>Page</h2></header>
+<main><h1>Main</h1></main>
+<footer><h3>Footer</h3></footer>
--- /dev/null
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+ <head><title>Example 08</title></head>
+ <body>
+ <div class="header"><h2>Page</h2></div>
+ <div class="main"><h1>Main</h1></div>
+ <div class="footer"><h3>Footer</h3></div>
+ </body>
+</html>
--- /dev/null
+<!DOCTYPE html>
+<title>Example 09</title>
+<h4>h4</h4>
+<h2>h2</h2>
+<h4>h4</h4>
+<h3>h3</h3>
+<h2>h2</h2>
+<h1>h1</h1>
+<h2>h2</h2>
+<h3>h3</h3>
--- /dev/null
+<!DOCTYPE html>
+<title>Example 10</title>
+<header>
+ <section>
+ <h2>Header</h2>
+ </section>
+</header>
+<main>
+ <article>
+ <h1>Main</h1>
+ <section>
+ <h2>Section I</h2>
+ </section>
+ <section>
+ <h2>Section II</h2>
+ <section>
+ <h3>Subsection a</h3>
+ </section>
+ <section>
+ <h3>Subsection b</h3>
+ </section>
+ </section>
+ <section>
+ <h2>Section III</h2>
+ <section>
+ <h3>Subsection a</h3>
+ </section>
+ </section>
+ </article>
+</main>
+<footer>
+ <section>
+ <h3>Footer</h3>
+ </section>
+</footer>
--- /dev/null
+<!DOCTYPE html>
+<title>Example 11</title>
+<header>
+ <h2>Page</h2>
+ <section>
+ <h3>Header</h3>
+ </section>
+</header>
+<main>
+ <article>
+ <h1>Main</h1>
+ <section>
+ <h2>Section I</h2>
+ </section>
+ <section>
+ <h2>Section II</h2>
+ <section>
+ <h3>Subsection a</h3>
+ </section>
+ <section>
+ <h3>Subsection b</h3>
+ </section>
+ </section>
+ <section>
+ <h2>Section III</h2>
+ <section>
+ <h3>Subsection a</h3>
+ </section>
+ </section>
+ </article>
+</main>
+<footer>
+ <section>
+ <h3>Footer</h3>
+ </section>
+</footer>
--- /dev/null
+<!DOCTYPE html>
+<title>Example 12</title>
+<header>
+ <h1>Page</h1>
+ <nav><h1>Navigation</h1></nav>
+</header>
+<main><h1>Main</h1></main>
+<aside><h1>Aside</h1></aside>
+<footer><h1>Footer</h1></footer>
--- /dev/null
+<!DOCTYPE html>
+<title>Example 13</title>
+<header>
+ Page
+ <nav>Navigation</nav>
+</header>
+<main>Main</main>
+<aside>Aside</aside>
+<footer>Footer</footer>
--- /dev/null
+<!DOCTYPE html>
+<title>Example 14</title>
+<header>
+ <h2>Page</h2>
+ <section>
+ <h3>Header</h3>
+ <nav><h4>Navigation</h4></nav>
+ </section>
+</header>
+<main>
+ <article>
+ <h1>Main</h1>
+ <section>
+ <h2>Section I</h2>
+ </section>
+ <section>
+ <h2>Section II</h2>
+ <section>
+ <h3>Subsection a</h3>
+ </section>
+ <section>
+ <h3>Subsection b</h3>
+ </section>
+ </section>
+ <section>
+ <h2>Section III</h2>
+ <section>
+ <h3>Subsection a</h3>
+ </section>
+ </section>
+ </article>
+</main>
+<aside><h3>Aside</h3></aside>
+<footer>
+ <section>
+ <h3>Footer</h3>
+ </section>
+</footer>
--- /dev/null
+#!/bin/bash
+#
+# Example-script to show, how to set up a self-signed CA
+#
+# Usage:
+# ./create-ca.sh PASSWORD VALIDITY
+
+. settings.conf
+
+if [ -z "$1" ]
+then
+ PASSWORD=$DEFAULT_PASSWORD
+else
+ PASSWORD="$1"
+fi
+
+if [ -z "$2" ]
+then
+ VALIDITY=$DEFAULT_VALIDITY
+else
+ VALIDITY="$2"
+fi
+
+if [ -a ca-cert ]
+then
+ echo "The root-certificate for the CA already exists..."
+else
+ echo "Creating a x509-certificate for the CA..."
+ openssl req -new -x509 -subj "/C=$C/ST=$ST/L=$L/O=$O/OU=$OU/CN=Root-CA" -keyout ca-key -out ca-cert -days $VALIDITY -passout pass:$PASSWORD
+fi
+#
+
+if [ -a truststore.p12 ]
+then
+ echo "The keystore truststore.jks already exists!"
+else
+ echo "Importing the root-certificate of the CA into truststore.jks..."
+ keytool -keystore truststore.p12 -storetype pkcs12 -storepass $PASSWORD -alias CARoot -import -file ca-cert -noprompt
+fi
--- /dev/null
+#!/bin/bash
+#
+# Example-script to show, how to create and sign a selfsigned certificate, that
+# contains multiple DNS-entries (SAN-extension)
+#
+# Usage:
+# ./gencert.sh CN [CA_PASSWORD [KEYSTORE_PASSWORD [VALIDITY]]]
+
+
+. settings.conf
+
+if [ -z "$1" ];
+then
+ echo "CN must not be empty!"
+ echo "$0 CN [CA_PASSWORD [KEYSTORE_PASSWORD [VALIDITY]]]"
+ exit;
+fi
+
+if [ -a $1.p12 ];
+then
+ echo "The keystore $1.jks already exists";
+ exit;
+fi
+
+
+if [ -z "$2" ]
+then
+ CA_PASSWORD=$DEFAULT_PASSWORD
+else
+ CA_PASSWORD="$2"
+fi
+
+if [ -z "$3" ]
+then
+ KEYSTORE_PASSWORD=$DEFAULT_PASSWORD
+else
+ KEYSTORE_PASSWORD="$3"
+fi
+
+if [ -z "$4" ]
+then
+ VALIDITY=365
+else
+ VALIDITY="$4"
+fi
+
+
+echo "Creating keystore $1.jks with a certificate and a key-pair for CN $1"
+keytool -keystore $1.p12 -storetype pkcs12 -alias $1 -validity $VALIDITY -genkey -storepass $KEYSTORE_PASSWORD -dname "CN=$1,OU=$OU,O=$O,L=$L,ST=$ST,C=$C"
+
+echo "Creating a Certificate-Signing-Request for the generated certificate"
+keytool -keystore $1.p12 -storetype pkcs12 -alias $1 -certreq -file cert-file -storepass $KEYSTORE_PASSWORD
+
+echo "Signing the Certificate-Signing-Request and adding an additional DNS-entry for localhost"
+openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out $1.pem -days $VALIDITY -CAcreateserial -passin pass:$CA_PASSWORD -extensions SAN -extfile <(printf "\n[SAN]\nsubjectAltName=DNS:$1,DNS:localhost")
+
+echo "Importing the root-certificate for the CA into the keystore $1.jks"
+keytool -keystore $1.p12 -storetype pkcs12 -alias ca-root -import -file ca-cert -storepass $KEYSTORE_PASSWORD -noprompt
+
+echo "Importing the signed certificate for CN $1 into the keystore $1.jks"
+keytool -keystore $1.p12 -storetype pkcs12 -alias $1 -import -file $1.pem -storepass $KEYSTORE_PASSWORD
+
+echo "Removing obsolet files..."
+rm -v cert-file
--- /dev/null
+Keystore-Typ: jks
+Keystore-Provider: SUN
+
+Keystore enthält 2 Einträge
+
+Aliasname: ca-root
+Erstellungsdatum: 26.06.2019
+Eintragstyp: trustedCertEntry
+
+Eigentümer: CN=Root-CA, OU=security, O=juplo, L=Juist, ST=Niedersachsen, C=DE
+Aussteller: CN=Root-CA, OU=security, O=juplo, L=Juist, ST=Niedersachsen, C=DE
+Seriennummer: 8c62092a6d59c829
+Gültig von: Wed Jun 26 10:26:50 CEST 2019 bis: Thu Jun 25 10:26:50 CEST 2020
+Zertifikatfingerprints:
+ MD5: EE:55:36:1F:19:7A:01:58:3F:54:C3:8B:BF:D9:3C:36
+ SHA1: 3B:D6:01:F1:A1:9D:B1:6E:CA:4D:E7:FA:A6:C1:A1:3A:D8:CA:FD:0C
+ SHA256: 38:5F:6E:2A:E4:25:8A:54:31:57:91:5C:34:FA:E6:9A:E0:1A:2A:27:8C:D7:E5:B0:FB:8B:D7:1A:F6:79:CC:5E
+Signaturalgorithmusname: SHA256withRSA
+Algorithmus des Public Key von Betreff: 2048-Bit-RSA-Schlüssel
+Version: 3
+
+Erweiterungen:
+
+#1: ObjectId: 2.5.29.35 Criticality=false
+AuthorityKeyIdentifier [
+KeyIdentifier [
+0000: 9D 29 BD 63 D1 D7 C1 98 26 E4 47 3E 27 6A DE AC .).c....&.G>'j..
+0010: ED 8A 75 2F ..u/
+]
+]
+
+#2: ObjectId: 2.5.29.19 Criticality=false
+BasicConstraints:[
+ CA:true
+ PathLen:2147483647
+]
+
+#3: ObjectId: 2.5.29.14 Criticality=false
+SubjectKeyIdentifier [
+KeyIdentifier [
+0000: 9D 29 BD 63 D1 D7 C1 98 26 E4 47 3E 27 6A DE AC .).c....&.G>'j..
+0010: ED 8A 75 2F ..u/
+]
+]
+
+
+
+*******************************************
+*******************************************
+
+
+Aliasname: test
+Erstellungsdatum: 26.06.2019
+Eintragstyp: PrivateKeyEntry
+Zertifikatskettenlänge: 2
+Zertifikat[1]:
+Eigentümer: CN=test, OU=security, O=juplo, L=Juist, ST=Niedersachsen, C=DE
+Aussteller: CN=Root-CA, OU=security, O=juplo, L=Juist, ST=Niedersachsen, C=DE
+Seriennummer: b75834de7e0b9b26
+Gültig von: Wed Jun 26 10:27:23 CEST 2019 bis: Thu Jun 25 10:27:23 CEST 2020
+Zertifikatfingerprints:
+ MD5: 3F:3E:46:A4:45:28:18:3C:E4:C3:11:6B:6A:AC:88:94
+ SHA1: 24:27:02:2F:6A:68:32:EA:5F:9D:53:C5:28:65:F7:FC:6D:5D:BC:B7
+ SHA256: 7C:2B:D4:36:06:0C:69:4E:93:75:0F:F9:9C:D8:9D:DD:02:50:14:72:49:95:E3:AC:4C:B4:7A:E6:CE:9D:05:D5
+Signaturalgorithmusname: SHA256withRSA
+Algorithmus des Public Key von Betreff: 2048-Bit-DSA-Schlüssel
+Version: 3
+
+Erweiterungen:
+
+#1: ObjectId: 2.5.29.17 Criticality=false
+SubjectAlternativeName [
+ DNSName: test
+ DNSName: localhost
+ IPAddress: 127.0.0.1
+]
+
+Zertifikat[2]:
+Eigentümer: CN=Root-CA, OU=security, O=juplo, L=Juist, ST=Niedersachsen, C=DE
+Aussteller: CN=Root-CA, OU=security, O=juplo, L=Juist, ST=Niedersachsen, C=DE
+Seriennummer: 8c62092a6d59c829
+Gültig von: Wed Jun 26 10:26:50 CEST 2019 bis: Thu Jun 25 10:26:50 CEST 2020
+Zertifikatfingerprints:
+ MD5: EE:55:36:1F:19:7A:01:58:3F:54:C3:8B:BF:D9:3C:36
+ SHA1: 3B:D6:01:F1:A1:9D:B1:6E:CA:4D:E7:FA:A6:C1:A1:3A:D8:CA:FD:0C
+ SHA256: 38:5F:6E:2A:E4:25:8A:54:31:57:91:5C:34:FA:E6:9A:E0:1A:2A:27:8C:D7:E5:B0:FB:8B:D7:1A:F6:79:CC:5E
+Signaturalgorithmusname: SHA256withRSA
+Algorithmus des Public Key von Betreff: 2048-Bit-RSA-Schlüssel
+Version: 3
+
+Erweiterungen:
+
+#1: ObjectId: 2.5.29.35 Criticality=false
+AuthorityKeyIdentifier [
+KeyIdentifier [
+0000: 9D 29 BD 63 D1 D7 C1 98 26 E4 47 3E 27 6A DE AC .).c....&.G>'j..
+0010: ED 8A 75 2F ..u/
+]
+]
+
+#2: ObjectId: 2.5.29.19 Criticality=false
+BasicConstraints:[
+ CA:true
+ PathLen:2147483647
+]
+
+#3: ObjectId: 2.5.29.14 Criticality=false
+SubjectKeyIdentifier [
+KeyIdentifier [
+0000: 9D 29 BD 63 D1 D7 C1 98 26 E4 47 3E 27 6A DE AC .).c....&.G>'j..
+0010: ED 8A 75 2F ..u/
+]
+]
+
+
+
+*******************************************
+*******************************************
+
+
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 13211367637093423910 (0xb75834de7e0b9b26)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=DE, ST=Niedersachsen, L=Juist, O=juplo, OU=security, CN=Root-CA
+ Validity
+ Not Before: Jun 26 08:27:23 2019 GMT
+ Not After : Jun 25 08:27:23 2020 GMT
+ Subject: C=DE, ST=Niedersachsen, L=Juist, O=juplo, OU=security, CN=test
+ Subject Public Key Info:
+ Public Key Algorithm: dsaEncryption
+ pub:
+ 00:8d:f8:cc:68:da:ab:56:e0:30:b1:cf:68:49:6f:
+ ff:30:ba:fe:b6:63:c7:7f:70:e4:db:f4:c1:b5:7d:
+ 90:34:58:a1:93:2a:90:cc:19:2f:eb:e8:f9:81:1d:
+ 19:a4:ad:18:23:b1:5e:94:27:a3:1d:87:60:6a:d6:
+ 44:b1:40:d2:86:e7:53:3e:95:86:ec:c6:3f:2a:f5:
+ 6a:2a:79:40:08:d9:a9:c9:04:83:3f:65:6b:81:75:
+ 5d:ec:78:3d:df:a5:0f:49:98:9a:ef:98:b3:c9:8e:
+ 61:ee:b2:c1:e5:08:4a:13:20:d6:5b:33:0e:bd:38:
+ e5:cb:f7:dc:7c:43:bb:fc:33:a4:b0:81:8b:3c:24:
+ 10:0f:8f:d6:fe:8c:52:05:1d:07:8f:f7:06:86:e8:
+ 77:20:32:b6:ec:26:cf:19:e1:aa:48:66:ba:d4:be:
+ 8b:7d:e3:a9:3b:45:ca:fc:18:04:19:ec:53:f1:86:
+ 9b:b3:0b:c0:86:8a:ca:47:01:02:8e:ba:91:54:89:
+ 9e:43:d5:0a:73:47:31:36:39:2e:26:07:92:a7:5d:
+ 26:cd:2c:2a:b3:aa:97:d1:65:34:8f:2a:fc:1a:19:
+ 7f:03:b7:ca:88:0f:73:31:bf:0c:d1:8d:9a:3c:d7:
+ a1:56:76:ee:f0:ad:f3:77:2f:0b:2a:d6:c9:8b:70:
+ 27:cd
+ P:
+ 00:8f:79:35:d9:b9:aa:e9:bf:ab:ed:88:7a:cf:49:
+ 51:b6:f3:2e:c5:9e:3b:af:37:18:e8:ea:c4:96:1f:
+ 3e:fd:36:06:e7:43:51:a9:c4:18:33:39:b8:09:e7:
+ c2:ae:1c:53:9b:a7:47:5b:85:d0:11:ad:b8:b4:79:
+ 87:75:49:84:69:5c:ac:0e:8f:14:b3:36:08:28:a2:
+ 2f:fa:27:11:0a:3d:62:a9:93:45:34:09:a0:fe:69:
+ 6c:46:58:f8:4b:dd:20:81:9c:37:09:a0:10:57:b1:
+ 95:ad:cd:00:23:3d:ba:54:84:b6:29:1f:9d:64:8e:
+ f8:83:44:86:77:97:9c:ec:04:b4:34:a6:ac:2e:75:
+ e9:98:5d:e2:3d:b0:29:2f:c1:11:8c:9f:fa:9d:81:
+ 81:e7:33:8d:b7:92:b7:30:d7:b9:e3:49:59:2f:68:
+ 09:98:72:15:39:15:ea:3d:6b:8b:46:53:c6:33:45:
+ 8f:80:3b:32:a4:c2:e0:f2:72:90:25:6e:4e:3f:8a:
+ 3b:08:38:a1:c4:50:e4:e1:8c:1a:29:a3:7d:df:5e:
+ a1:43:de:4b:66:ff:04:90:3e:d5:cf:16:23:e1:58:
+ d4:87:c6:08:e9:7f:21:1c:d8:1d:ca:23:cb:6e:38:
+ 07:65:f8:22:e3:42:be:48:4c:05:76:39:39:60:1c:
+ d6:67
+ Q:
+ 00:ba:f6:96:a6:85:78:f7:df:de:e7:fa:67:c9:77:
+ c7:85:ef:32:b2:33:ba:e5:80:c0:bc:d5:69:5d
+ G:
+ 16:a6:5c:58:20:48:50:70:4e:75:02:a3:97:57:04:
+ 0d:34:da:3a:34:78:c1:54:d4:e4:a5:c0:2d:24:2e:
+ e0:4f:96:e6:1e:4b:d0:90:4a:bd:ac:8f:37:ee:b1:
+ e0:9f:31:82:d2:3c:90:43:cb:64:2f:88:00:41:60:
+ ed:f9:ca:09:b3:20:76:a7:9c:32:a6:27:f2:47:3e:
+ 91:87:9b:a2:c4:e7:44:bd:20:81:54:4c:b5:5b:80:
+ 2c:36:8d:1f:a8:3e:d4:89:e9:4e:0f:a0:68:8e:32:
+ 42:8a:5c:78:c4:78:c6:8d:05:27:b7:1c:9a:3a:bb:
+ 0b:0b:e1:2c:44:68:96:39:e7:d3:ce:74:db:10:1a:
+ 65:aa:2b:87:f6:4c:68:26:db:3e:c7:2f:4b:55:99:
+ 83:4b:b4:ed:b0:2f:7c:90:e9:a4:96:d3:a5:5d:53:
+ 5b:eb:fc:45:d4:f6:19:f6:3f:3d:ed:bb:87:39:25:
+ c2:f2:24:e0:77:31:29:6d:a8:87:ec:1e:47:48:f8:
+ 7e:fb:5f:de:b7:54:84:31:6b:22:32:de:e5:53:dd:
+ af:02:11:2b:0d:1f:02:da:30:97:32:24:fe:27:ae:
+ da:8b:9d:4b:29:22:d9:ba:8b:e3:9e:d9:e1:03:a6:
+ 3c:52:81:0b:c6:88:b7:e2:ed:43:16:e1:ef:17:db:
+ de
+ X509v3 extensions:
+ X509v3 Subject Alternative Name:
+ DNS:test, DNS:localhost, IP Address:127.0.0.1
+ Signature Algorithm: sha256WithRSAEncryption
+ 60:80:c4:5e:7d:c6:cf:88:94:14:69:8d:c2:d7:ce:af:b4:97:
+ 1c:08:9b:ff:65:db:77:24:c5:8a:87:1e:6f:30:70:71:a1:c5:
+ ac:af:67:49:ce:b0:91:b9:5a:55:27:12:49:72:be:7d:f5:45:
+ 12:ff:32:1a:ee:b1:f9:44:cd:62:1f:20:48:ac:0f:5a:f4:c7:
+ b0:1b:05:b0:84:20:fe:da:6d:73:92:da:32:f6:77:3c:df:07:
+ 5b:da:fd:c3:f3:6f:08:e8:4d:3e:ba:35:b2:a8:cc:a5:b3:9c:
+ 5c:61:c0:cb:35:ea:fe:c8:d2:e7:d3:ea:e0:0e:3b:7d:fb:22:
+ 60:e6:96:34:af:a4:bc:cb:70:e0:60:75:f9:93:0d:31:f1:60:
+ aa:50:34:8a:87:50:13:d1:8a:db:ee:d9:59:17:25:d9:b2:ad:
+ 55:14:09:92:9a:80:54:70:01:9f:65:ed:bf:e5:10:65:f5:8b:
+ b8:7c:72:48:65:72:60:56:d8:de:b3:9f:90:9a:58:a4:ed:eb:
+ 27:b2:a1:ae:90:52:0f:a4:d6:52:bd:36:b1:bb:d1:49:54:d1:
+ df:d9:1a:92:55:4a:56:e1:47:e7:f2:7e:52:c6:64:68:db:70:
+ 87:cc:a5:ed:e7:fe:93:5b:bc:21:57:c9:02:06:0c:2b:c5:5d:
+ 29:57:95:76
+-----BEGIN CERTIFICATE-----
+MIIFmTCCBIGgAwIBAgIJALdYNN5+C5smMA0GCSqGSIb3DQEBCwUAMGoxCzAJBgNV
+BAYTAkRFMRYwFAYDVQQIDA1OaWVkZXJzYWNoc2VuMQ4wDAYDVQQHDAVKdWlzdDEO
+MAwGA1UECgwFanVwbG8xETAPBgNVBAsMCHNlY3VyaXR5MRAwDgYDVQQDDAdSb290
+LUNBMB4XDTE5MDYyNjA4MjcyM1oXDTIwMDYyNTA4MjcyM1owZzELMAkGA1UEBhMC
+REUxFjAUBgNVBAgTDU5pZWRlcnNhY2hzZW4xDjAMBgNVBAcTBUp1aXN0MQ4wDAYD
+VQQKEwVqdXBsbzERMA8GA1UECxMIc2VjdXJpdHkxDTALBgNVBAMTBHRlc3QwggND
+MIICNQYHKoZIzjgEATCCAigCggEBAI95Ndm5qum/q+2Ies9JUbbzLsWeO683GOjq
+xJYfPv02BudDUanEGDM5uAnnwq4cU5unR1uF0BGtuLR5h3VJhGlcrA6PFLM2CCii
+L/onEQo9YqmTRTQJoP5pbEZY+EvdIIGcNwmgEFexla3NACM9ulSEtikfnWSO+INE
+hneXnOwEtDSmrC516Zhd4j2wKS/BEYyf+p2BgeczjbeStzDXueNJWS9oCZhyFTkV
+6j1ri0ZTxjNFj4A7MqTC4PJykCVuTj+KOwg4ocRQ5OGMGimjfd9eoUPeS2b/BJA+
+1c8WI+FY1IfGCOl/IRzYHcojy244B2X4IuNCvkhMBXY5OWAc1mcCHQC69pamhXj3
+397n+mfJd8eF7zKyM7rlgMC81WldAoIBABamXFggSFBwTnUCo5dXBA002jo0eMFU
+1OSlwC0kLuBPluYeS9CQSr2sjzfuseCfMYLSPJBDy2QviABBYO35ygmzIHannDKm
+J/JHPpGHm6LE50S9IIFUTLVbgCw2jR+oPtSJ6U4PoGiOMkKKXHjEeMaNBSe3HJo6
+uwsL4SxEaJY559POdNsQGmWqK4f2TGgm2z7HL0tVmYNLtO2wL3yQ6aSW06VdU1vr
+/EXU9hn2Pz3tu4c5JcLyJOB3MSltqIfsHkdI+H77X963VIQxayIy3uVT3a8CESsN
+HwLaMJcyJP4nrtqLnUspItm6i+Oe2eEDpjxSgQvGiLfi7UMW4e8X294DggEGAAKC
+AQEAjfjMaNqrVuAwsc9oSW//MLr+tmPHf3Dk2/TBtX2QNFihkyqQzBkv6+j5gR0Z
+pK0YI7FelCejHYdgatZEsUDShudTPpWG7MY/KvVqKnlACNmpyQSDP2VrgXVd7Hg9
+36UPSZia75izyY5h7rLB5QhKEyDWWzMOvTjly/fcfEO7/DOksIGLPCQQD4/W/oxS
+BR0Hj/cGhuh3IDK27CbPGeGqSGa61L6LfeOpO0XK/BgEGexT8YabswvAhorKRwEC
+jrqRVImeQ9UKc0cxNjkuJgeSp10mzSwqs6qX0WU0jyr8Ghl/A7fKiA9zMb8M0Y2a
+PNehVnbu8K3zdy8LKtbJi3AnzaMkMCIwIAYDVR0RBBkwF4IEdGVzdIIJbG9jYWxo
+b3N0hwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQBggMRefcbPiJQUaY3C186vtJcc
+CJv/Zdt3JMWKhx5vMHBxocWsr2dJzrCRuVpVJxJJcr599UUS/zIa7rH5RM1iHyBI
+rA9a9MewGwWwhCD+2m1zktoy9nc83wdb2v3D828I6E0+ujWyqMyls5xcYcDLNer+
+yNLn0+rgDjt9+yJg5pY0r6S8y3DgYHX5kw0x8WCqUDSKh1AT0Yrb7tlZFyXZsq1V
+FAmSmoBUcAGfZe2/5RBl9Yu4fHJIZXJgVtjes5+Qmlik7esnsqGukFIPpNZSvTax
+u9FJVNHf2RqSVUpW4Ufn8n5SxmRo23CHzKXt5/6TW7whV8kCBgwrxV0pV5V2
+-----END CERTIFICATE-----
--- /dev/null
+DEFAULT_PASSWORD=confidential
+DEFAULT_VALIDITY=365
+
+OU=security
+O=juplo
+L=Juist
+ST=Niedersachsen
+C=DE
--- /dev/null
+#!/bin/bash
+#
+# Example-script to show, how to encrypt the communication between two
+# Kafka-brokers and a standalone ZooKeeper
+#
+# Usage:
+# ./README.sh -- Download Kafka/ZooKeeper, create the needed
+# certificates and start a ZooKeeper and two brokers
+# --------
+# Will not shut down the services, so that one can
+# experiment with single commands from this example.
+# Can be run multiple times: certificates are only
+# recreated and services are only restart, if they were
+# removed / stopped
+# ./README.sh stop -- Stop the standalone ZooKeeper and the two brokers
+# ./README.sh cleanup -- Stop the standalone ZooKeeper and the two brokers,
+# then remove all data, the created certificates and
+# the written logs (does not remove dowloaded data)
+
+
+ZOOKEEPER_DOWNLOAD=http://ftp.fau.de/apache/zookeeper/zookeeper-3.5.5/apache-zookeeper-3.5.5-bin.tar.gz
+ZOOKEEPER_DIR=apache-zookeeper-3.5.5-bin
+KAFKA_DOWNLOAD=http://ftp.fau.de/apache/kafka/2.3.0/kafka_2.12-2.3.0.tgz
+KAFKA_DIR=kafka_2.12-2.3.0
+
+PASSWORD=confidential
+
+
+# Stops all services (Kafka and ZooKeeper)
+#
+function stop
+{
+ if [ -a ZOOKEEPER ]
+ then
+ ZOOPIDFILE=ZOOKEEPER $ZOOKEEPER_DIR/bin/zkServer.sh --config . stop
+ fi
+ if [ -a KAFKA-1 ]
+ then
+ kill $(cat KAFKA-1)
+ rm -f KAFKA-1
+ fi
+ if [ -a KAFKA-2 ]
+ then
+ kill $(cat KAFKA-2)
+ rm -f KAFKA-2
+ fi
+
+ if [ -a CONSUMER ]
+ then
+ kill $(cat CONSUMER)
+ rm -f CONSUMER
+ fi
+ if [ -a PRODUCER ]
+ then
+ kill $(cat PRODUCER)
+ rm -f PRODUCER
+ fi
+}
+
+
+# Stops all services (Kafka/ZooKeeper)
+#
+if [ "$1" = "stop" ]
+then
+ stop
+ exit
+fi
+
+# Removes data, certificates and logs (does not remove the downloads)
+#
+if [ "$1" = "cleanup" ]
+then
+
+ stop
+
+ rm -rvf /tmp/zookeeper
+ rm -rvf /tmp/kafka-1-logs
+ rm -rvf /tmp/kafka-2-logs
+
+ rm -rfv *.log *.out ca-cert* ca-key *.jks
+
+ exit
+
+fi
+
+
+if [ -x "$ZOOKEEPER_DIR" ];
+then
+ echo "Version 3.5.5 of Apache ZooKeeper already downloaded";
+else
+ echo "Downloading version 3.5.5 of Apache ZooKeeper...";
+ curl -sc - $ZOOKEEPER_DOWNLOAD | tar -xzv
+ cp -av $ZOOKEEPER_DIR/conf/log4j.properties ./
+fi
+
+if [ -x "$KAFKA_DIR" ];
+then
+ echo "Version 2.3.0 of Apache Kafka already downloaded";
+else
+ echo "Downloading version 2.3.0 of Apache Kafka...";
+ curl -sc - $KAFKA_DOWNLOAD | tar -xzv
+ echo "Replacing ZooKeeper-libs in Kafka with versions from 3.5.5..."
+ rm -v $KAFKA_DIR/libs/zookeeper-3.4.14.jar
+ cp -av $ZOOKEEPER_DIR/lib/zookeeper-3.5.5.jar $KAFKA_DIR/libs/
+ cp -av $ZOOKEEPER_DIR/lib/zookeeper-jute-3.5.5.jar $KAFKA_DIR/libs/
+ cp -av $ZOOKEEPER_DIR/lib/netty-all-4.1.29.Final.jar $KAFKA_DIR/libs/
+ echo "Only needed for ZooKeeper-CLI-clients (for example zookeeper-shell.sh):"
+ cp -av $ZOOKEEPER_DIR/lib/commons-cli-1.2.jar $KAFKA_DIR/libs/
+fi
+
+
+./create-certs.sh
+
+
+if [ -a ZOOKEEPER ]
+then
+ echo "zookeeper is already running!"
+else
+ echo "Starting zookeeper on port 2128..."
+ (
+ ZOOPIDFILE=ZOOKEEPER $ZOOKEEPER_DIR/bin/zkServer.sh --config . start
+ )
+fi
+
+if [ -a KAFKA-1 ]
+then
+ echo "kafka-1 is already running!"
+else
+ echo "Starting kafka-1 on port 9193/9194..."
+ (
+ export KAFKA_OPTS="
+ -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
+ -Dzookeeper.client.secure=true
+ -Dzookeeper.ssl.keyStore.location=kafka-1.jks
+ -Dzookeeper.ssl.keyStore.password=$PASSWORD
+ -Dzookeeper.ssl.trustStore.location=truststore.jks
+ -Dzookeeper.ssl.trustStore.password=$PASSWORD
+ "
+ $KAFKA_DIR/bin/kafka-server-start.sh kafka-1.properties & echo $! > KAFKA-1
+ ) > kafka-1.log &
+fi
+if [ -a KAFKA-2 ]
+then
+ echo "kafka-2 is already running!"
+else
+ echo "Starting kafka-2 on port 9293/9294..."
+ (
+ export KAFKA_OPTS="
+ -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
+ -Dzookeeper.client.secure=true
+ -Dzookeeper.ssl.keyStore.location=kafka-2.jks
+ -Dzookeeper.ssl.keyStore.password=$PASSWORD
+ -Dzookeeper.ssl.trustStore.location=truststore.jks
+ -Dzookeeper.ssl.trustStore.password=$PASSWORD
+ "
+ $KAFKA_DIR/bin/kafka-server-start.sh kafka-2.properties & echo $! > KAFKA-2
+ ) > kafka-2.log &
+fi
+
+
+while ! nc -w1 kafka-1 9193; do echo "Waiting for kafka-1..."; sleep 1; done
+while ! nc -w1 kafka-1 9293; do echo "Waiting for kafka-2..."; sleep 1; done
+
+# Creates topic "test", if it does not exist already
+# Note the usage of KAFKA_OPTS, to configure the SSL-encryption
+(
+ export KAFKA_OPTS="
+ -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
+ -Dzookeeper.client.secure=true
+ -Dzookeeper.ssl.keyStore.location=client.jks
+ -Dzookeeper.ssl.keyStore.password=$PASSWORD
+ -Dzookeeper.ssl.trustStore.location=truststore.jks
+ -Dzookeeper.ssl.trustStore.password=$PASSWORD
+ "
+ $KAFKA_DIR/bin/kafka-topics.sh --zookeeper zookeeper:2182 --if-not-exists --create --topic test --partitions 1 --replication-factor 2
+)
+# Prints information about topic "test"
+# Note the usage of KAFKA_OPTS, to configure the SSL-encryption
+(
+ export KAFKA_OPTS="
+ -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
+ -Dzookeeper.client.secure=true
+ -Dzookeeper.ssl.keyStore.location=client.jks
+ -Dzookeeper.ssl.keyStore.password=$PASSWORD
+ -Dzookeeper.ssl.trustStore.location=truststore.jks
+ -Dzookeeper.ssl.trustStore.password=$PASSWORD
+ "
+ $KAFKA_DIR/bin/kafka-topics.sh --zookeeper zookeeper:2182 --describe --topic test
+)
+
+# Starts a console-consumer, that reads 3 messages from the topic "test"
+# See consumer.config for the configuration of the SSL-encryption
+{ $KAFKA_DIR/bin/kafka-console-consumer.sh --bootstrap-server kafka-1:9194 --consumer.config consumer.config --topic test --from-beginning --max-messages 3 & echo $! > CONSUMER ; } |& tee consumer.log &
+echo "Started consumer with PID $(cat CONSUMER)"
+
+# Starts a console-consumer, that writes some messages to the topic "test"
+# See producer.config for the configuration of the SSL-encryption
+{ echo -e "Foo\nBar\nFooBar\n" | $KAFKA_DIR/bin/kafka-console-producer.sh --broker-list kafka-1:9194 --producer.config producer.config --topic test & echo $! > PRODUCER ; } |& tee producer.log &
+echo "Started producer with PID $(cat PRODUCER)"
+
+echo "Waiting for consumer/producer..."
+wait
+rm -f PRODUCER CONSUMER
+
+# Connect to ZooKeeper and get some informations about the broker 1
+# Note the usage of KAFKA_OPTS, to configure the SSL-encryption
+(
+ export KAFKA_OPTS="
+ -Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
+ -Dzookeeper.client.secure=true
+ -Dzookeeper.ssl.keyStore.location=client.jks
+ -Dzookeeper.ssl.keyStore.password=$PASSWORD
+ -Dzookeeper.ssl.trustStore.location=truststore.jks
+ -Dzookeeper.ssl.trustStore.password=$PASSWORD
+ "
+ $KAFKA_DIR/bin/zookeeper-shell.sh zookeeper:2182 get /brokers/ids/1
+)
--- /dev/null
+security.protocol=SASL_SSL
+sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="consumer" password="pw4consumer";
+sasl.mechanism=PLAIN
+ssl.truststore.location=truststore.jks
+ssl.truststore.password=confidential
--- /dev/null
+#!/bin/bash
+#
+# Example-script to show, how to set up a self-signed CA
+#
+# Usage:
+# ./create-certs.sh
+
+VALIDITY=365
+PASSWORD=confidential
+if [ -a ca-cert ];
+then
+ echo "The root-certificate for the CA already exists...";
+else
+ echo "Creating a x509-certificate for the CA...";
+ openssl req -new -x509 -subj "/C=DE/ST=NRW/L=MS/O=trion/OU=kafka/CN=Root-CA" -keyout ca-key -out ca-cert -days $VALIDITY -passout pass:$PASSWORD
+fi
+#
+
+if [ -a truststore.jks ];
+then
+ echo "The keystore truststore.jks already exists!";
+else
+ echo "Importing the root-certificate of the CA into truststore.jks..."
+ keytool -keystore truststore.jks -storepass $PASSWORD -alias CARoot -import -file ca-cert -noprompt
+fi
+
+
+# Generating certificates for the standalone ZooKeeper, an example CLI-client
+# and the two Kafka-Brokers
+./gencert.sh zookeeper
+./gencert.sh client
+./gencert.sh kafka-1
+./gencert.sh kafka-2
--- /dev/null
+#!/bin/bash
+#
+# Example-script to show, how to create and sign a selfsigned certificate, that
+# contains multiple DNS-entries (SAN-extension)
+#
+# Usage:
+# ./gencert.sh NAME
+
+VALIDITY=365
+PASSWORD=confidential
+
+if [ -a $1.jks ];
+then
+ echo "The keystore $1.jks already exists";
+ exit;
+fi
+
+echo "Creating keystore $1.jks with a certificate and a key-pair for CN $1"
+keytool -keystore $1.jks -alias $1 -validity $VALIDITY -genkey -storepass $PASSWORD -keypass $PASSWORD -dname "CN=$1,OU=kafka,O=trion,L=MS,ST=NRW,C=DE"
+echo "Creating a Certificate-Signing-Request for the generated certificate"
+keytool -keystore $1.jks -alias $1 -certreq -file cert-file -storepass $PASSWORD
+echo "Signing the Certificate-Signing-Request and adding an additional DNS-entry for localhost"
+openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days $VALIDITY -CAcreateserial -passin pass:$PASSWORD -extensions SAN -extfile <(printf "\n[SAN]\nsubjectAltName=DNS:$1,DNS:localhost")
+echo "Importing the root-certificate for the CA into the keystore $1.jks"
+keytool -keystore $1.jks -alias CARoot -import -file ca-cert -storepass $PASSWORD -noprompt
+echo "Importing the signed certificate for CN $1 into the keystore $1.jks"
+keytool -keystore $1.jks -alias $1 -import -file cert-signed -storepass $PASSWORD
+echo "Removing obsolet files..."
+rm -v cert-file cert-signed
+
+
--- /dev/null
+SERVER_JVMFLAGS="-Xms512m -Xmx512m -Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory"
+ZOO_LOG_DIR=.
--- /dev/null
+broker.id=1
+zookeeper.connect=zookeeper:2182
+listeners=SSL://kafka-1:9193,SASL_SSL://kafka-1:9194
+security.inter.broker.protocol=SSL
+ssl.client.auth=required
+ssl.keystore.location=kafka-1.jks
+ssl.keystore.password=confidential
+ssl.key.password=confidential
+ssl.truststore.location=truststore.jks
+ssl.truststore.password=confidential
+listener.name.sasl_ssl.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required user_consumer="pw4consumer" user_producer="pw4producer";
+sasl.enabled.mechanisms=PLAIN
+
+log.dirs=/tmp/kafka-1-logs
+offsets.topic.replication.factor=2
+transaction.state.log.replication.factor=2
+transaction.state.log.min.isr=2
--- /dev/null
+broker.id=2
+zookeeper.connect=zookeeper:2182
+listeners=SSL://kafka-2:9293,SASL_SSL://kafka-2:9294
+security.inter.broker.protocol=SSL
+ssl.client.auth=required
+ssl.keystore.location=kafka-2.jks
+ssl.keystore.password=confidential
+ssl.key.password=confidential
+ssl.truststore.location=truststore.jks
+ssl.truststore.password=confidential
+listener.name.sasl_ssl.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required user_consumer="pw4consumer" user_producer="pw4producer";
+sasl.enabled.mechanisms=PLAIN
+
+log.dirs=/tmp/kafka-2-logs
+offsets.topic.replication.factor=2
+transaction.state.log.replication.factor=2
+transaction.state.log.min.isr=2
--- /dev/null
+security.protocol=SASL_SSL
+sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="producer" password="pw4producer";
+sasl.mechanism=PLAIN
+ssl.truststore.location=truststore.jks
+ssl.truststore.password=confidential
--- /dev/null
+dataDir=/tmp/zookeeper
+secureClientPort=2182
+maxClientCnxns=0
+authProvider.1=org.apache.zookeeper.server.auth.X509AuthenticationProvider
+ssl.keyStore.location=zookeeper.jks
+ssl.keyStore.password=confidential
+ssl.trustStore.location=truststore.jks
+ssl.trustStore.password=confidential
projects / website / commitdiff
