[jira] [Updated] (FLINK-35371) Allow the keystore and truststore type to configured for SSL

2024-05-15 Thread Ammar Master (Jira) 


 [ 
https://issues.apache.org/jira/browse/FLINK-35371?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ammar Master updated FLINK-35371:
-
Description: 
Flink always creates a keystore and trustore using the [default 
type|https://github.com/apache/flink/blob/b87ead743dca161cdae8a1fef761954d206b81fb/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java#L236]
 defined in the JDK, which in most cases is JKS. 

{{KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());}}


We should add other configuration options to set the type explicitly to support 
other custom formats, and match the options provided by other applications by 
[Spark|https://spark.apache.org/docs/latest/security.html#:~:text=the%20key%20store.-,%24%7Bns%7D.keyStoreType,-JKS]
 and 
[Kafka|https://kafka.apache.org/documentation/#:~:text=per%2Dbroker-,ssl.keystore.type,-The%20file%20format]
 already. The default would continue to be specified by the JDK.

 

The SSLContext for the REST API can read the configuration option directly, and 
we need to add extra logic to the 
[CustomSSLEngineProvider|https://github.com/apache/flink/blob/master/flink-rpc/flink-rpc-akka/src/main/java/org/apache/flink/runtime/rpc/pekko/CustomSSLEngineProvider.java]
 for Pekko.

  was:
Flink always creates a keystore and trustore using the [default 
type|https://github.com/apache/flink/blob/b87ead743dca161cdae8a1fef761954d206b81fb/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java#L236]
 defined in the JDK, which in most cases is JKS. We should add other 
configuration options to set the type explicitly to support other custom 
formats, and match the options provided by other applications by 
[Spark|https://spark.apache.org/docs/latest/security.html#:~:text=the%20key%20store.-,%24%7Bns%7D.keyStoreType,-JKS]
 and 
[Kafka|https://kafka.apache.org/documentation/#:~:text=per%2Dbroker-,ssl.keystore.type,-The%20file%20format]
 already. The default would continue to be specified by the JDK.

 

The SSLContext for the REST API can read the configuration option directly, and 
we need to add extra logic to the 
[CustomSSLEngineProvider|https://github.com/apache/flink/blob/master/flink-rpc/flink-rpc-akka/src/main/java/org/apache/flink/runtime/rpc/pekko/CustomSSLEngineProvider.java]
 for Pekko.


> Allow the keystore and truststore type to configured for SSL
> 
>
> Key: FLINK-35371
> URL: https://issues.apache.org/jira/browse/FLINK-35371
> Project: Flink
>  Issue Type: Improvement
>  Components: Runtime / Network
>Reporter: Ammar Master
>Priority: Minor
>  Labels: SSL
>
> Flink always creates a keystore and trustore using the [default 
> type|https://github.com/apache/flink/blob/b87ead743dca161cdae8a1fef761954d206b81fb/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java#L236]
>  defined in the JDK, which in most cases is JKS. 
> {{KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());}}
> We should add other configuration options to set the type explicitly to 
> support other custom formats, and match the options provided by other 
> applications by 
> [Spark|https://spark.apache.org/docs/latest/security.html#:~:text=the%20key%20store.-,%24%7Bns%7D.keyStoreType,-JKS]
>  and 
> [Kafka|https://kafka.apache.org/documentation/#:~:text=per%2Dbroker-,ssl.keystore.type,-The%20file%20format]
>  already. The default would continue to be specified by the JDK.
>  
> The SSLContext for the REST API can read the configuration option directly, 
> and we need to add extra logic to the 
> [CustomSSLEngineProvider|https://github.com/apache/flink/blob/master/flink-rpc/flink-rpc-akka/src/main/java/org/apache/flink/runtime/rpc/pekko/CustomSSLEngineProvider.java]
>  for Pekko.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (FLINK-35371) Allow the keystore and truststore type to configured for SSL

2024-05-15 Thread Ammar Master (Jira) 


 [ 
https://issues.apache.org/jira/browse/FLINK-35371?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ammar Master updated FLINK-35371:
-
Description: 
Flink always creates a keystore and trustore using the [default 
type|https://github.com/apache/flink/blob/b87ead743dca161cdae8a1fef761954d206b81fb/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java#L236]
 defined in the JDK, which in most cases is JKS.

{code}

KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());

{code}

We should add other configuration options to set the type explicitly to support 
other custom formats, and match the options provided by other applications by 
[Spark|https://spark.apache.org/docs/latest/security.html#:~:text=the%20key%20store.-,%24%7Bns%7D.keyStoreType,-JKS]
 and 
[Kafka|https://kafka.apache.org/documentation/#:~:text=per%2Dbroker-,ssl.keystore.type,-The%20file%20format]
 already. The default would continue to be specified by the JDK.

 

The SSLContext for the REST API can read the configuration option directly, and 
we need to add extra logic to the 
[CustomSSLEngineProvider|https://github.com/apache/flink/blob/master/flink-rpc/flink-rpc-akka/src/main/java/org/apache/flink/runtime/rpc/pekko/CustomSSLEngineProvider.java]
 for Pekko.

  was:
Flink always creates a keystore and trustore using the [default 
type|https://github.com/apache/flink/blob/b87ead743dca161cdae8a1fef761954d206b81fb/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java#L236]
 defined in the JDK, which in most cases is JKS. 

{{KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());}}


We should add other configuration options to set the type explicitly to support 
other custom formats, and match the options provided by other applications by 
[Spark|https://spark.apache.org/docs/latest/security.html#:~:text=the%20key%20store.-,%24%7Bns%7D.keyStoreType,-JKS]
 and 
[Kafka|https://kafka.apache.org/documentation/#:~:text=per%2Dbroker-,ssl.keystore.type,-The%20file%20format]
 already. The default would continue to be specified by the JDK.

 

The SSLContext for the REST API can read the configuration option directly, and 
we need to add extra logic to the 
[CustomSSLEngineProvider|https://github.com/apache/flink/blob/master/flink-rpc/flink-rpc-akka/src/main/java/org/apache/flink/runtime/rpc/pekko/CustomSSLEngineProvider.java]
 for Pekko.


> Allow the keystore and truststore type to configured for SSL
> 
>
> Key: FLINK-35371
> URL: https://issues.apache.org/jira/browse/FLINK-35371
> Project: Flink
>  Issue Type: Improvement
>  Components: Runtime / Network
>Reporter: Ammar Master
>Priority: Minor
>  Labels: SSL
>
> Flink always creates a keystore and trustore using the [default 
> type|https://github.com/apache/flink/blob/b87ead743dca161cdae8a1fef761954d206b81fb/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java#L236]
>  defined in the JDK, which in most cases is JKS.
> {code}
> KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
> {code}
> We should add other configuration options to set the type explicitly to 
> support other custom formats, and match the options provided by other 
> applications by 
> [Spark|https://spark.apache.org/docs/latest/security.html#:~:text=the%20key%20store.-,%24%7Bns%7D.keyStoreType,-JKS]
>  and 
> [Kafka|https://kafka.apache.org/documentation/#:~:text=per%2Dbroker-,ssl.keystore.type,-The%20file%20format]
>  already. The default would continue to be specified by the JDK.
>  
> The SSLContext for the REST API can read the configuration option directly, 
> and we need to add extra logic to the 
> [CustomSSLEngineProvider|https://github.com/apache/flink/blob/master/flink-rpc/flink-rpc-akka/src/main/java/org/apache/flink/runtime/rpc/pekko/CustomSSLEngineProvider.java]
>  for Pekko.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (FLINK-35371) Allow the keystore and truststore type to configured for SSL

2024-05-16 Thread Gabor Somogyi (Jira) 


 [ 
https://issues.apache.org/jira/browse/FLINK-35371?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gabor Somogyi updated FLINK-35371:
--
Affects Version/s: 1.19.0

> Allow the keystore and truststore type to configured for SSL
> 
>
> Key: FLINK-35371
> URL: https://issues.apache.org/jira/browse/FLINK-35371
> Project: Flink
>  Issue Type: Improvement
>  Components: Runtime / Network
>Affects Versions: 1.19.0
>Reporter: Ammar Master
>Assignee: Gabor Somogyi
>Priority: Minor
>  Labels: SSL
>
> Flink always creates a keystore and trustore using the [default 
> type|https://github.com/apache/flink/blob/b87ead743dca161cdae8a1fef761954d206b81fb/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java#L236]
>  defined in the JDK, which in most cases is JKS.
> {code}
> KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
> {code}
> We should add other configuration options to set the type explicitly to 
> support other custom formats, and match the options provided by other 
> applications by 
> [Spark|https://spark.apache.org/docs/latest/security.html#:~:text=the%20key%20store.-,%24%7Bns%7D.keyStoreType,-JKS]
>  and 
> [Kafka|https://kafka.apache.org/documentation/#:~:text=per%2Dbroker-,ssl.keystore.type,-The%20file%20format]
>  already. The default would continue to be specified by the JDK.
>  
> The SSLContext for the REST API can read the configuration option directly, 
> and we need to add extra logic to the 
> [CustomSSLEngineProvider|https://github.com/apache/flink/blob/master/flink-rpc/flink-rpc-akka/src/main/java/org/apache/flink/runtime/rpc/pekko/CustomSSLEngineProvider.java]
>  for Pekko.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (FLINK-35371) Allow the keystore and truststore type to configured for SSL

2024-06-09 Thread ASF GitHub Bot (Jira) 


 [ 
https://issues.apache.org/jira/browse/FLINK-35371?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

ASF GitHub Bot updated FLINK-35371:
---
Labels: SSL pull-request-available  (was: SSL)

> Allow the keystore and truststore type to configured for SSL
> 
>
> Key: FLINK-35371
> URL: https://issues.apache.org/jira/browse/FLINK-35371
> Project: Flink
>  Issue Type: Improvement
>  Components: Runtime / Network
>Affects Versions: 1.19.0
>Reporter: Ammar Master
>Assignee: Ammar Master
>Priority: Minor
>  Labels: SSL, pull-request-available
>
> Flink always creates a keystore and trustore using the [default 
> type|https://github.com/apache/flink/blob/b87ead743dca161cdae8a1fef761954d206b81fb/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java#L236]
>  defined in the JDK, which in most cases is JKS.
> {code}
> KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
> {code}
> We should add other configuration options to set the type explicitly to 
> support other custom formats, and match the options provided by other 
> applications by 
> [Spark|https://spark.apache.org/docs/latest/security.html#:~:text=the%20key%20store.-,%24%7Bns%7D.keyStoreType,-JKS]
>  and 
> [Kafka|https://kafka.apache.org/documentation/#:~:text=per%2Dbroker-,ssl.keystore.type,-The%20file%20format]
>  already. The default would continue to be specified by the JDK.
>  
> The SSLContext for the REST API can read the configuration option directly, 
> and we need to add extra logic to the 
> [CustomSSLEngineProvider|https://github.com/apache/flink/blob/master/flink-rpc/flink-rpc-akka/src/main/java/org/apache/flink/runtime/rpc/pekko/CustomSSLEngineProvider.java]
>  for Pekko.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)