[jira] [Commented] (FLINK-35371) Allow the keystore and truststore type to configured for SSL

2024-06-07 Thread Gabor Somogyi (Jira) 


[ 
https://issues.apache.org/jira/browse/FLINK-35371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17853070#comment-17853070
 ] 

Gabor Somogyi commented on FLINK-35371:
---

Sure, just wanted to know if any help needed or something.

> Allow the keystore and truststore type to configured for SSL
> 
>
> Key: FLINK-35371
> URL: https://issues.apache.org/jira/browse/FLINK-35371
> Project: Flink
>  Issue Type: Improvement
>  Components: Runtime / Network
>Affects Versions: 1.19.0
>Reporter: Ammar Master
>Assignee: Ammar Master
>Priority: Minor
>  Labels: SSL
>
> Flink always creates a keystore and trustore using the [default 
> type|https://github.com/apache/flink/blob/b87ead743dca161cdae8a1fef761954d206b81fb/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java#L236]
>  defined in the JDK, which in most cases is JKS.
> {code}
> KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
> {code}
> We should add other configuration options to set the type explicitly to 
> support other custom formats, and match the options provided by other 
> applications by 
> [Spark|https://spark.apache.org/docs/latest/security.html#:~:text=the%20key%20store.-,%24%7Bns%7D.keyStoreType,-JKS]
>  and 
> [Kafka|https://kafka.apache.org/documentation/#:~:text=per%2Dbroker-,ssl.keystore.type,-The%20file%20format]
>  already. The default would continue to be specified by the JDK.
>  
> The SSLContext for the REST API can read the configuration option directly, 
> and we need to add extra logic to the 
> [CustomSSLEngineProvider|https://github.com/apache/flink/blob/master/flink-rpc/flink-rpc-akka/src/main/java/org/apache/flink/runtime/rpc/pekko/CustomSSLEngineProvider.java]
>  for Pekko.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (FLINK-35371) Allow the keystore and truststore type to configured for SSL

2024-06-07 Thread Ammar Master (Jira) 


[ 
https://issues.apache.org/jira/browse/FLINK-35371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17853052#comment-17853052
 ] 

Ammar Master commented on FLINK-35371:
--

I will have a PR by the weekend, apologies for the delay.

> Allow the keystore and truststore type to configured for SSL
> 
>
> Key: FLINK-35371
> URL: https://issues.apache.org/jira/browse/FLINK-35371
> Project: Flink
>  Issue Type: Improvement
>  Components: Runtime / Network
>Affects Versions: 1.19.0
>Reporter: Ammar Master
>Assignee: Ammar Master
>Priority: Minor
>  Labels: SSL
>
> Flink always creates a keystore and trustore using the [default 
> type|https://github.com/apache/flink/blob/b87ead743dca161cdae8a1fef761954d206b81fb/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java#L236]
>  defined in the JDK, which in most cases is JKS.
> {code}
> KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
> {code}
> We should add other configuration options to set the type explicitly to 
> support other custom formats, and match the options provided by other 
> applications by 
> [Spark|https://spark.apache.org/docs/latest/security.html#:~:text=the%20key%20store.-,%24%7Bns%7D.keyStoreType,-JKS]
>  and 
> [Kafka|https://kafka.apache.org/documentation/#:~:text=per%2Dbroker-,ssl.keystore.type,-The%20file%20format]
>  already. The default would continue to be specified by the JDK.
>  
> The SSLContext for the REST API can read the configuration option directly, 
> and we need to add extra logic to the 
> [CustomSSLEngineProvider|https://github.com/apache/flink/blob/master/flink-rpc/flink-rpc-akka/src/main/java/org/apache/flink/runtime/rpc/pekko/CustomSSLEngineProvider.java]
>  for Pekko.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (FLINK-35371) Allow the keystore and truststore type to configured for SSL

2024-06-06 Thread Gabor Somogyi (Jira) 


[ 
https://issues.apache.org/jira/browse/FLINK-35371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17852689#comment-17852689
 ] 

Gabor Somogyi commented on FLINK-35371:
---

[~ammarm] any news on this?

> Allow the keystore and truststore type to configured for SSL
> 
>
> Key: FLINK-35371
> URL: https://issues.apache.org/jira/browse/FLINK-35371
> Project: Flink
>  Issue Type: Improvement
>  Components: Runtime / Network
>Affects Versions: 1.19.0
>Reporter: Ammar Master
>Assignee: Ammar Master
>Priority: Minor
>  Labels: SSL
>
> Flink always creates a keystore and trustore using the [default 
> type|https://github.com/apache/flink/blob/b87ead743dca161cdae8a1fef761954d206b81fb/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java#L236]
>  defined in the JDK, which in most cases is JKS.
> {code}
> KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
> {code}
> We should add other configuration options to set the type explicitly to 
> support other custom formats, and match the options provided by other 
> applications by 
> [Spark|https://spark.apache.org/docs/latest/security.html#:~:text=the%20key%20store.-,%24%7Bns%7D.keyStoreType,-JKS]
>  and 
> [Kafka|https://kafka.apache.org/documentation/#:~:text=per%2Dbroker-,ssl.keystore.type,-The%20file%20format]
>  already. The default would continue to be specified by the JDK.
>  
> The SSLContext for the REST API can read the configuration option directly, 
> and we need to add extra logic to the 
> [CustomSSLEngineProvider|https://github.com/apache/flink/blob/master/flink-rpc/flink-rpc-akka/src/main/java/org/apache/flink/runtime/rpc/pekko/CustomSSLEngineProvider.java]
>  for Pekko.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (FLINK-35371) Allow the keystore and truststore type to configured for SSL

2024-05-16 Thread Ammar Master (Jira) 


[ 
https://issues.apache.org/jira/browse/FLINK-35371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17846937#comment-17846937
 ] 

Ammar Master commented on FLINK-35371:
--

Thanks, can you assign it to me if it makes sense? I have a patch almost ready.

> Allow the keystore and truststore type to configured for SSL
> 
>
> Key: FLINK-35371
> URL: https://issues.apache.org/jira/browse/FLINK-35371
> Project: Flink
>  Issue Type: Improvement
>  Components: Runtime / Network
>Affects Versions: 1.19.0
>Reporter: Ammar Master
>Assignee: Gabor Somogyi
>Priority: Minor
>  Labels: SSL
>
> Flink always creates a keystore and trustore using the [default 
> type|https://github.com/apache/flink/blob/b87ead743dca161cdae8a1fef761954d206b81fb/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java#L236]
>  defined in the JDK, which in most cases is JKS.
> {code}
> KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
> {code}
> We should add other configuration options to set the type explicitly to 
> support other custom formats, and match the options provided by other 
> applications by 
> [Spark|https://spark.apache.org/docs/latest/security.html#:~:text=the%20key%20store.-,%24%7Bns%7D.keyStoreType,-JKS]
>  and 
> [Kafka|https://kafka.apache.org/documentation/#:~:text=per%2Dbroker-,ssl.keystore.type,-The%20file%20format]
>  already. The default would continue to be specified by the JDK.
>  
> The SSLContext for the REST API can read the configuration option directly, 
> and we need to add extra logic to the 
> [CustomSSLEngineProvider|https://github.com/apache/flink/blob/master/flink-rpc/flink-rpc-akka/src/main/java/org/apache/flink/runtime/rpc/pekko/CustomSSLEngineProvider.java]
>  for Pekko.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (FLINK-35371) Allow the keystore and truststore type to configured for SSL

2024-05-16 Thread Gabor Somogyi (Jira) 


[ 
https://issues.apache.org/jira/browse/FLINK-35371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17846935#comment-17846935
 ] 

Gabor Somogyi commented on FLINK-35371:
---

That makes sense. Started to have a look...

> Allow the keystore and truststore type to configured for SSL
> 
>
> Key: FLINK-35371
> URL: https://issues.apache.org/jira/browse/FLINK-35371
> Project: Flink
>  Issue Type: Improvement
>  Components: Runtime / Network
>Reporter: Ammar Master
>Priority: Minor
>  Labels: SSL
>
> Flink always creates a keystore and trustore using the [default 
> type|https://github.com/apache/flink/blob/b87ead743dca161cdae8a1fef761954d206b81fb/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java#L236]
>  defined in the JDK, which in most cases is JKS.
> {code}
> KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
> {code}
> We should add other configuration options to set the type explicitly to 
> support other custom formats, and match the options provided by other 
> applications by 
> [Spark|https://spark.apache.org/docs/latest/security.html#:~:text=the%20key%20store.-,%24%7Bns%7D.keyStoreType,-JKS]
>  and 
> [Kafka|https://kafka.apache.org/documentation/#:~:text=per%2Dbroker-,ssl.keystore.type,-The%20file%20format]
>  already. The default would continue to be specified by the JDK.
>  
> The SSLContext for the REST API can read the configuration option directly, 
> and we need to add extra logic to the 
> [CustomSSLEngineProvider|https://github.com/apache/flink/blob/master/flink-rpc/flink-rpc-akka/src/main/java/org/apache/flink/runtime/rpc/pekko/CustomSSLEngineProvider.java]
>  for Pekko.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)