diff --git a/application/src/main/resources/thingsboard.yml b/application/src/main/resources/thingsboard.yml index 38cfdd64a0..050d46a700 100644 --- a/application/src/main/resources/thingsboard.yml +++ b/application/src/main/resources/thingsboard.yml @@ -643,32 +643,14 @@ redis: ssl: # Enable/disable secure connection enabled: "${TB_REDIS_SSL_ENABLED:false}" - # Server SSL credentials + # Server SSL credentials (only PEM format is supported) credentials: - # Server credentials type (pem - pem certificate file; keystore - java keystore) - type: "${TB_REDIS_SSL_CREDENTIALS_TYPE:pem}" - # PEM server credentials - pem: - # Path redis server (CA) certificate - cert_file: "${TB_REDIS_SSL_PEM_CERT:}" - # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client - user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}" - # Path to user private key file. This is optional for the client and only needed if ‘ssl.pem.user_cert_file’ is configured. - user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}" - # Keystore server credentials - keystore: - # Type of the trust store (JKS or PKCS12) - truststore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}" - # The location of the trust store file - truststore_location: "${TB_REDIS_SSL_TRUSTSTORE_LOCATION:}" - # The password of trust store file if specified - truststore_password: "${TB_REDIS_SSL_TRUSTSTORE_PASSWORD:}" - # Type of the key store (JKS or PKCS12) - keystore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}" - # The location of the key store file. This is optional for the client and can be used for two-way authentication for the client - keystore_location: "${TB_REDIS_SSL_KEYSTORE_LOCATION:}" - # The store password for the key store file. This is optional for the client and only needed if ‘ssl.keystore.location’ is configured. Key store password is not supported for PEM format - keystore_password: "${TB_REDIS_SSL_KEYSTORE_PASSWORD:}" + # Path redis server (CA) certificate + cert_file: "${TB_REDIS_SSL_PEM_CERT:}" + # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client + user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}" + # Path to user private key file. This is optional for the client and only needed if ‘user_cert_file’ is configured. + user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}" # pool config pool_config: # Maximum number of connections that can be allocated by the connection pool diff --git a/common/cache/src/main/java/org/thingsboard/server/cache/RedisKeystoreCredentialsConfig.java b/common/cache/src/main/java/org/thingsboard/server/cache/RedisKeystoreCredentialsConfig.java deleted file mode 100644 index 1d2a08e6d4..0000000000 --- a/common/cache/src/main/java/org/thingsboard/server/cache/RedisKeystoreCredentialsConfig.java +++ /dev/null @@ -1,36 +0,0 @@ -/** - * Copyright © 2016-2024 The Thingsboard Authors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.thingsboard.server.cache; - -import lombok.Data; - -@Data -public class RedisKeystoreCredentialsConfig { - - private String type; - - private String truststoreType; - - private String truststoreLocation; - - private String truststorePassword; - - private String keystoreType; - - private String keystoreLocation; - - private String keystorePassword; -} diff --git a/common/cache/src/main/java/org/thingsboard/server/cache/RedisPemCredentialsConfig.java b/common/cache/src/main/java/org/thingsboard/server/cache/RedisPemCredentialsConfig.java deleted file mode 100644 index 50e2c71966..0000000000 --- a/common/cache/src/main/java/org/thingsboard/server/cache/RedisPemCredentialsConfig.java +++ /dev/null @@ -1,28 +0,0 @@ -/** - * Copyright © 2016-2024 The Thingsboard Authors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.thingsboard.server.cache; - -import lombok.Data; - -@Data -public class RedisPemCredentialsConfig { - - private String certFile; - - private String userCertFile; - - private String userKeyFile; -} diff --git a/common/cache/src/main/java/org/thingsboard/server/cache/RedisSslCredentialsConfiguration.java b/common/cache/src/main/java/org/thingsboard/server/cache/RedisSslCredentials.java similarity index 84% rename from common/cache/src/main/java/org/thingsboard/server/cache/RedisSslCredentialsConfiguration.java rename to common/cache/src/main/java/org/thingsboard/server/cache/RedisSslCredentials.java index 6bd46baf1b..aeac975d15 100644 --- a/common/cache/src/main/java/org/thingsboard/server/cache/RedisSslCredentialsConfiguration.java +++ b/common/cache/src/main/java/org/thingsboard/server/cache/RedisSslCredentials.java @@ -22,12 +22,11 @@ import org.springframework.context.annotation.Configuration; @Configuration @ConfigurationProperties(prefix = "redis.ssl.credentials") @Data -public class RedisSslCredentialsConfiguration { +public class RedisSslCredentials { - private String type; + private String certFile; - private RedisKeystoreCredentialsConfig keystore; - - private RedisPemCredentialsConfig pem; + private String userCertFile; + private String userKeyFile; } diff --git a/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisCacheConfiguration.java b/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisCacheConfiguration.java index d8805044f3..c3d3655883 100644 --- a/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisCacheConfiguration.java +++ b/common/cache/src/main/java/org/thingsboard/server/cache/TBRedisCacheConfiguration.java @@ -42,11 +42,14 @@ import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManagerFactory; -import java.io.FileInputStream; +import java.io.IOException; import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.cert.CertPath; import java.security.cert.Certificate; +import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.time.Duration; @@ -100,13 +103,16 @@ public abstract class TBRedisCacheConfiguration { @Value("${redis.pool_config.blockWhenExhausted:true}") private boolean blockWhenExhausted; + @Value("${redis.ssl.enabled:false}") + private boolean sslEnabled; + @Bean public RedisConnectionFactory redisConnectionFactory() { return loadFactory(); } @Autowired - private RedisSslCredentialsConfiguration redisSslCredentials; + private RedisSslCredentials redisSslCredentials; protected abstract JedisConnectionFactory loadFactory(); @@ -176,57 +182,35 @@ public abstract class TBRedisCacheConfiguration { sslContext.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); return sslContext.getSocketFactory(); } catch (Exception e) { - throw new RuntimeException(e); + throw new RuntimeException("Creating TLS factory failed!", e); } } private TrustManagerFactory createAndInitTrustManagerFactory() throws Exception { - String type = redisSslCredentials.getType(); - if ("pem".equals(type)) { - RedisPemCredentialsConfig pemCredentials = redisSslCredentials.getPem(); - List caCerts = SslUtil.readCertFileByPath(pemCredentials.getCertFile()); - + List caCerts = SslUtil.readCertFileByPath(redisSslCredentials.getCertFile()); KeyStore caKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); caKeyStore.load(null, null); for (X509Certificate caCert : caCerts) { caKeyStore.setCertificateEntry("redis-caCert-cert-" + caCert.getSubjectX500Principal().getName(), caCert); } - TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509"); + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(caKeyStore); return trustManagerFactory; - } else if ("keystore".equals(type)) { - RedisKeystoreCredentialsConfig keystore = redisSslCredentials.getKeystore(); - KeyStore trustStore = KeyStore.getInstance(keystore.getKeystoreType()); - trustStore.load(new FileInputStream(keystore.getTruststoreLocation()), keystore.getTruststorePassword().toCharArray()); - - TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509"); - trustManagerFactory.init(trustStore); - return trustManagerFactory; - } else { - throw new RuntimeException(type + ": Invalid SSL credentials configuration. None of the PEM or KEYSTORE configurations can be used!"); - } } private KeyManagerFactory createAndInitKeyManagerFactory() throws Exception { - String type = redisSslCredentials.getType(); - if ("pem".equals(type)) { - RedisPemCredentialsConfig pemCredentials = redisSslCredentials.getPem(); - return getKeyManagerFactory(pemCredentials); - } else if ("keystore".equals(type)) { - RedisKeystoreCredentialsConfig keystore = redisSslCredentials.getKeystore(); - return getKeyManagerFactory(keystore); - } else { - throw new RuntimeException(type + ": Invalid SSL credentials configuration. None of the PEM or KEYSTORE configurations can be used!"); - } + KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + kmf.init(loadKeyStore(), null); + return kmf; } - private KeyManagerFactory getKeyManagerFactory(RedisPemCredentialsConfig pemCredentials) throws Exception { - if (pemCredentials.getUserCertFile().isBlank() || pemCredentials.getUserKeyFile().isBlank()) { + private KeyStore loadKeyStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException { + if (redisSslCredentials.getUserCertFile().isBlank() || redisSslCredentials.getUserKeyFile().isBlank()) { return null; } - List certificates = SslUtil.readCertFileByPath(pemCredentials.getCertFile()); - PrivateKey privateKey = SslUtil.readPrivateKeyByFilePath(pemCredentials.getUserKeyFile(), null); + List certificates = SslUtil.readCertFileByPath(redisSslCredentials.getCertFile()); + PrivateKey privateKey = SslUtil.readPrivateKeyByFilePath(redisSslCredentials.getUserKeyFile(), null); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null); @@ -242,21 +226,6 @@ public abstract class TBRedisCacheConfiguration { Certificate[] x509Certificates = path.toArray(new Certificate[0]); keyStore.setKeyEntry("redis-private-key", privateKey, null, x509Certificates); } - - KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX"); - kmf.init(keyStore, null); - return kmf; - } - - private KeyManagerFactory getKeyManagerFactory(RedisKeystoreCredentialsConfig keystore) throws Exception { - if (keystore.getKeystoreLocation().isBlank() || keystore.getKeystoreLocation().isBlank()) { - return null; - } - KeyStore keyStore = KeyStore.getInstance(keystore.getKeystoreType()); - keyStore.load(new FileInputStream(keystore.getKeystoreLocation()), keystore.getKeystorePassword().toCharArray()); - - KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX"); - kmf.init(keyStore, keystore.getKeystorePassword().toCharArray()); - return kmf; + return keyStore; } } diff --git a/common/util/src/main/java/org/thingsboard/common/util/SslUtil.java b/common/util/src/main/java/org/thingsboard/common/util/SslUtil.java index e520e946ec..a62870ea9b 100644 --- a/common/util/src/main/java/org/thingsboard/common/util/SslUtil.java +++ b/common/util/src/main/java/org/thingsboard/common/util/SslUtil.java @@ -129,4 +129,5 @@ public class SslUtil { } return privateKey; } + } diff --git a/msa/black-box-tests/README.md b/msa/black-box-tests/README.md index 340f0d0eb8..31277e2a55 100644 --- a/msa/black-box-tests/README.md +++ b/msa/black-box-tests/README.md @@ -22,6 +22,10 @@ As result, in REPOSITORY column, next images should be present: mvn clean install -DblackBoxTests.skip=false +- Run the black box tests (without ui tests) in the [msa/black-box-tests](../black-box-tests) directory with Redis standalone with TLS: + + mvn clean install -DblackBoxTests.skip=false -DblackBoxTests.redisSsl=true + - Run the black box tests in the [msa/black-box-tests](../black-box-tests) directory with Redis cluster: mvn clean install -DblackBoxTests.skip=false -DblackBoxTests.redisCluster=true diff --git a/transport/coap/src/main/resources/tb-coap-transport.yml b/transport/coap/src/main/resources/tb-coap-transport.yml index 78ca89851d..3934acfb87 100644 --- a/transport/coap/src/main/resources/tb-coap-transport.yml +++ b/transport/coap/src/main/resources/tb-coap-transport.yml @@ -97,32 +97,14 @@ redis: ssl: # Enable/disable secure connection enabled: "${TB_REDIS_SSL_ENABLED:false}" - # Server SSL credentials + # Server SSL credentials (only PEM format is supported) credentials: - # Server credentials type (pem - pem certificate file; keystore - java keystore) - type: "${TB_REDIS_SSL_CREDENTIALS_TYPE:pem}" - # PEM server credentials - pem: - # Path redis server (CA) certificate - cert_file: "${TB_REDIS_SSL_PEM_CERT:}" - # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client - user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}" - # Path to user private key file. This is optional for the client and only needed if ‘ssl.pem.user_cert_file’ is configured. - user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}" - # Keystore server credentials - keystore: - # Type of the trust store (JKS or PKCS12) - truststore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}" - # The location of the trust store file - truststore_location: "${TB_REDIS_SSL_TRUSTSTORE_LOCATION:}" - # The password of trust store file if specified - truststore_password: "${TB_REDIS_SSL_TRUSTSTORE_PASSWORD:}" - # Type of the key store (JKS or PKCS12) - keystore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}" - # The location of the key store file. This is optional for the client and can be used for two-way authentication for the client - keystore_location: "${TB_REDIS_SSL_KEYSTORE_LOCATION:}" - # The store password for the key store file. This is optional for the client and only needed if ‘ssl.keystore.location’ is configured. Key store password is not supported for PEM format - keystore_password: "${TB_REDIS_SSL_KEYSTORE_PASSWORD:}" + # Path redis server (CA) certificate + cert_file: "${TB_REDIS_SSL_PEM_CERT:}" + # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client + user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}" + # Path to user private key file. This is optional for the client and only needed if ‘user_cert_file’ is configured. + user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}" # pool config pool_config: # Maximum number of connections that can be allocated by the connection pool diff --git a/transport/http/src/main/resources/tb-http-transport.yml b/transport/http/src/main/resources/tb-http-transport.yml index 04a9c9417f..556c004bf8 100644 --- a/transport/http/src/main/resources/tb-http-transport.yml +++ b/transport/http/src/main/resources/tb-http-transport.yml @@ -130,32 +130,14 @@ redis: ssl: # Enable/disable secure connection enabled: "${TB_REDIS_SSL_ENABLED:false}" - # Server SSL credentials + # Server SSL credentials (only PEM format is supported) credentials: - # Server credentials type (pem - pem certificate file; keystore - java keystore) - type: "${TB_REDIS_SSL_CREDENTIALS_TYPE:pem}" - # PEM server credentials - pem: - # Path redis server (CA) certificate - cert_file: "${TB_REDIS_SSL_PEM_CERT:}" - # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client - user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}" - # Path to user private key file. This is optional for the client and only needed if ‘ssl.pem.user_cert_file’ is configured. - user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}" - # Keystore server credentials - keystore: - # Type of the trust store (JKS or PKCS12) - truststore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}" - # The location of the trust store file - truststore_location: "${TB_REDIS_SSL_TRUSTSTORE_LOCATION:}" - # The password of trust store file if specified - truststore_password: "${TB_REDIS_SSL_TRUSTSTORE_PASSWORD:}" - # Type of the key store (JKS or PKCS12) - keystore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}" - # The location of the key store file. This is optional for the client and can be used for two-way authentication for the client - keystore_location: "${TB_REDIS_SSL_KEYSTORE_LOCATION:}" - # The store password for the key store file. This is optional for the client and only needed if ‘ssl.keystore.location’ is configured. Key store password is not supported for PEM format - keystore_password: "${TB_REDIS_SSL_KEYSTORE_PASSWORD:}" + # Path redis server (CA) certificate + cert_file: "${TB_REDIS_SSL_PEM_CERT:}" + # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client + user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}" + # Path to user private key file. This is optional for the client and only needed if ‘user_cert_file’ is configured. + user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}" # pool config pool_config: # Maximum number of connections that can be allocated by the connection pool diff --git a/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml b/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml index c079f690ed..6d7257d7f9 100644 --- a/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml +++ b/transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml @@ -97,32 +97,14 @@ redis: ssl: # Enable/disable secure connection enabled: "${TB_REDIS_SSL_ENABLED:false}" - # Server SSL credentials + # Server SSL credentials (only PEM format is supported) credentials: - # Server credentials type (pem - pem certificate file; keystore - java keystore) - type: "${TB_REDIS_SSL_CREDENTIALS_TYPE:pem}" - # PEM server credentials - pem: - # Path redis server (CA) certificate - cert_file: "${TB_REDIS_SSL_PEM_CERT:}" - # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client - user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}" - # Path to user private key file. This is optional for the client and only needed if ‘ssl.pem.user_cert_file’ is configured. - user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}" - # Keystore server credentials - keystore: - # Type of the trust store (JKS or PKCS12) - truststore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}" - # The location of the trust store file - truststore_location: "${TB_REDIS_SSL_TRUSTSTORE_LOCATION:}" - # The password of trust store file if specified - truststore_password: "${TB_REDIS_SSL_TRUSTSTORE_PASSWORD:}" - # Type of the key store (JKS or PKCS12) - keystore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}" - # The location of the key store file. This is optional for the client and can be used for two-way authentication for the client - keystore_location: "${TB_REDIS_SSL_KEYSTORE_LOCATION:}" - # The store password for the key store file. This is optional for the client and only needed if ‘ssl.keystore.location’ is configured. Key store password is not supported for PEM format - keystore_password: "${TB_REDIS_SSL_KEYSTORE_PASSWORD:}" + # Path redis server (CA) certificate + cert_file: "${TB_REDIS_SSL_PEM_CERT:}" + # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client + user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}" + # Path to user private key file. This is optional for the client and only needed if ‘user_cert_file’ is configured. + user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}" # pool config pool_config: # Maximum number of connections that can be allocated by the connection pool diff --git a/transport/mqtt/src/main/resources/tb-mqtt-transport.yml b/transport/mqtt/src/main/resources/tb-mqtt-transport.yml index 430b5bfed5..41d96ff9d7 100644 --- a/transport/mqtt/src/main/resources/tb-mqtt-transport.yml +++ b/transport/mqtt/src/main/resources/tb-mqtt-transport.yml @@ -98,32 +98,14 @@ redis: ssl: # Enable/disable secure connection enabled: "${TB_REDIS_SSL_ENABLED:false}" - # Server SSL credentials + # Server SSL credentials (only PEM format is supported) credentials: - # Server credentials type (pem - pem certificate file; keystore - java keystore) - type: "${TB_REDIS_SSL_CREDENTIALS_TYPE:pem}" - # PEM server credentials - pem: - # Path redis server (CA) certificate - cert_file: "${TB_REDIS_SSL_PEM_CERT:}" - # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client - user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}" - # Path to user private key file. This is optional for the client and only needed if ‘ssl.pem.user_cert_file’ is configured. - user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}" - # Keystore server credentials - keystore: - # Type of the trust store (JKS or PKCS12) - truststore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}" - # The location of the trust store file - truststore_location: "${TB_REDIS_SSL_TRUSTSTORE_LOCATION:}" - # The password of trust store file if specified - truststore_password: "${TB_REDIS_SSL_TRUSTSTORE_PASSWORD:}" - # Type of the key store (JKS or PKCS12) - keystore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}" - # The location of the key store file. This is optional for the client and can be used for two-way authentication for the client - keystore_location: "${TB_REDIS_SSL_KEYSTORE_LOCATION:}" - # The store password for the key store file. This is optional for the client and only needed if ‘ssl.keystore.location’ is configured. Key store password is not supported for PEM format - keystore_password: "${TB_REDIS_SSL_KEYSTORE_PASSWORD:}" + # Path redis server (CA) certificate + cert_file: "${TB_REDIS_SSL_PEM_CERT:}" + # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client + user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}" + # Path to user private key file. This is optional for the client and only needed if ‘user_cert_file’ is configured. + user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}" # pool config pool_config: # Maximum number of connections that can be allocated by the connection pool diff --git a/transport/snmp/src/main/resources/tb-snmp-transport.yml b/transport/snmp/src/main/resources/tb-snmp-transport.yml index 68b69bb03a..971237efe0 100644 --- a/transport/snmp/src/main/resources/tb-snmp-transport.yml +++ b/transport/snmp/src/main/resources/tb-snmp-transport.yml @@ -97,32 +97,14 @@ redis: ssl: # Enable/disable secure connection enabled: "${TB_REDIS_SSL_ENABLED:false}" - # Server SSL credentials + # Server SSL credentials (only PEM format is supported) credentials: - # Server credentials type (pem - pem certificate file; keystore - java keystore) - type: "${TB_REDIS_SSL_CREDENTIALS_TYPE:pem}" - # PEM server credentials - pem: - # Path redis server (CA) certificate - cert_file: "${TB_REDIS_SSL_PEM_CERT:}" - # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client - user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}" - # Path to user private key file. This is optional for the client and only needed if ‘ssl.pem.user_cert_file’ is configured. - user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}" - # Keystore server credentials - keystore: - # Type of the trust store (JKS or PKCS12) - truststore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}" - # The location of the trust store file - truststore_location: "${TB_REDIS_SSL_TRUSTSTORE_LOCATION:}" - # The password of trust store file if specified - truststore_password: "${TB_REDIS_SSL_TRUSTSTORE_PASSWORD:}" - # Type of the key store (JKS or PKCS12) - keystore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}" - # The location of the key store file. This is optional for the client and can be used for two-way authentication for the client - keystore_location: "${TB_REDIS_SSL_KEYSTORE_LOCATION:}" - # The store password for the key store file. This is optional for the client and only needed if ‘ssl.keystore.location’ is configured. Key store password is not supported for PEM format - keystore_password: "${TB_REDIS_SSL_KEYSTORE_PASSWORD:}" + # Path redis server (CA) certificate + cert_file: "${TB_REDIS_SSL_PEM_CERT:}" + # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client + user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}" + # Path to user private key file. This is optional for the client and only needed if ‘user_cert_file’ is configured. + user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}" # pool config pool_config: # Maximum number of connections that can be allocated by the connection pool