dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

deleted java keystore type of creds support

Browse Source
This commit is contained in:
dashevchenko 2024-02-06 15:10:09 +02:00
parent dfe2351079
commit 6a755ab0b7
12 changed files with 70 additions and 269 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
application/src/main/resources/thingsboard.yml
View File

@ -643,32 +643,14 @@ redis:
ssl: ssl:
# Enable/disable secure connection # Enable/disable secure connection
enabled: "${TB_REDIS_SSL_ENABLED:false}" enabled: "${TB_REDIS_SSL_ENABLED:false}"
# Server SSL credentials # Server SSL credentials (only PEM format is supported)
credentials: credentials:
# Server credentials type (pem - pem certificate file; keystore - java keystore) # Path redis server (CA) certificate
type: "${TB_REDIS_SSL_CREDENTIALS_TYPE:pem}" cert_file: "${TB_REDIS_SSL_PEM_CERT:}"
# PEM server credentials # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
pem: user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
# Path redis server (CA) certificate # Path to user private key file. This is optional for the client and only needed if user_cert_file is configured.
cert_file: "${TB_REDIS_SSL_PEM_CERT:}" user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
# Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
# Path to user private key file. This is optional for the client and only needed if ssl.pem.user_cert_file is configured.
user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
# Keystore server credentials
keystore:
# Type of the trust store (JKS or PKCS12)
truststore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
# The location of the trust store file
truststore_location: "${TB_REDIS_SSL_TRUSTSTORE_LOCATION:}"
# The password of trust store file if specified
truststore_password: "${TB_REDIS_SSL_TRUSTSTORE_PASSWORD:}"
# Type of the key store (JKS or PKCS12)
keystore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
# The location of the key store file. This is optional for the client and can be used for two-way authentication for the client
keystore_location: "${TB_REDIS_SSL_KEYSTORE_LOCATION:}"
# The store password for the key store file. This is optional for the client and only needed if ssl.keystore.location is configured. Key store password is not supported for PEM format
keystore_password: "${TB_REDIS_SSL_KEYSTORE_PASSWORD:}"
# pool config # pool config
pool_config: pool_config:
# Maximum number of connections that can be allocated by the connection pool # Maximum number of connections that can be allocated by the connection pool

36
common/cache/src/main/java/org/thingsboard/server/cache/RedisKeystoreCredentialsConfig.java vendored
View File

@ -1,36 +0,0 @@
/**
* Copyright © 2016-2024 The Thingsboard Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.thingsboard.server.cache;
import lombok.Data;
@Data
public class RedisKeystoreCredentialsConfig {
private String type;
private String truststoreType;
private String truststoreLocation;
private String truststorePassword;
private String keystoreType;
private String keystoreLocation;
private String keystorePassword;
}

28
common/cache/src/main/java/org/thingsboard/server/cache/RedisPemCredentialsConfig.java vendored
View File

@ -1,28 +0,0 @@
/**
* Copyright © 2016-2024 The Thingsboard Authors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.thingsboard.server.cache;
import lombok.Data;
@Data
public class RedisPemCredentialsConfig {
private String certFile;
private String userCertFile;
private String userKeyFile;
}

9
common/cache/src/main/java/org/thingsboard/server/cache/RedisSslCredentialsConfiguration.java → common/cache/src/main/java/org/thingsboard/server/cache/RedisSslCredentials.java vendored
View File

@ -22,12 +22,11 @@ import org.springframework.context.annotation.Configuration;
@Configuration @Configuration
@ConfigurationProperties(prefix = "redis.ssl.credentials") @ConfigurationProperties(prefix = "redis.ssl.credentials")
@Data @Data
public class RedisSslCredentialsConfiguration { public class RedisSslCredentials {
private String type; private String certFile;
private RedisKeystoreCredentialsConfig keystore; private String userCertFile;
private RedisPemCredentialsConfig pem;
private String userKeyFile;
} }

69
common/cache/src/main/java/org/thingsboard/server/cache/TBRedisCacheConfiguration.java vendored
View File

@ -42,11 +42,14 @@ import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.TrustManagerFactory;
import java.io.FileInputStream; import java.io.IOException;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.cert.CertPath; import java.security.cert.CertPath;
import java.security.cert.Certificate; import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory; import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.time.Duration; import java.time.Duration;
@ -100,13 +103,16 @@ public abstract class TBRedisCacheConfiguration {
@Value("${redis.pool_config.blockWhenExhausted:true}") @Value("${redis.pool_config.blockWhenExhausted:true}")
private boolean blockWhenExhausted; private boolean blockWhenExhausted;
@Value("${redis.ssl.enabled:false}")
private boolean sslEnabled;
@Bean @Bean
public RedisConnectionFactory redisConnectionFactory() { public RedisConnectionFactory redisConnectionFactory() {
return loadFactory(); return loadFactory();
} }
@Autowired @Autowired
private RedisSslCredentialsConfiguration redisSslCredentials; private RedisSslCredentials redisSslCredentials;
protected abstract JedisConnectionFactory loadFactory(); protected abstract JedisConnectionFactory loadFactory();
@ -176,57 +182,35 @@ public abstract class TBRedisCacheConfiguration {
sslContext.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); sslContext.init(keyManagerFactory == null ? null : keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
return sslContext.getSocketFactory(); return sslContext.getSocketFactory();
} catch (Exception e) { } catch (Exception e) {
throw new RuntimeException(e); throw new RuntimeException("Creating TLS factory failed!", e);
} }
} }
private TrustManagerFactory createAndInitTrustManagerFactory() throws Exception { private TrustManagerFactory createAndInitTrustManagerFactory() throws Exception {
String type = redisSslCredentials.getType(); List<X509Certificate> caCerts = SslUtil.readCertFileByPath(redisSslCredentials.getCertFile());
if ("pem".equals(type)) {
RedisPemCredentialsConfig pemCredentials = redisSslCredentials.getPem();
List<X509Certificate> caCerts = SslUtil.readCertFileByPath(pemCredentials.getCertFile());
KeyStore caKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); KeyStore caKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
caKeyStore.load(null, null); caKeyStore.load(null, null);
for (X509Certificate caCert : caCerts) { for (X509Certificate caCert : caCerts) {
caKeyStore.setCertificateEntry("redis-caCert-cert-" + caCert.getSubjectX500Principal().getName(), caCert); caKeyStore.setCertificateEntry("redis-caCert-cert-" + caCert.getSubjectX500Principal().getName(), caCert);
} }
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509"); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(caKeyStore); trustManagerFactory.init(caKeyStore);
return trustManagerFactory; return trustManagerFactory;
} else if ("keystore".equals(type)) {
RedisKeystoreCredentialsConfig keystore = redisSslCredentials.getKeystore();
KeyStore trustStore = KeyStore.getInstance(keystore.getKeystoreType());
trustStore.load(new FileInputStream(keystore.getTruststoreLocation()), keystore.getTruststorePassword().toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
trustManagerFactory.init(trustStore);
return trustManagerFactory;
} else {
throw new RuntimeException(type + ": Invalid SSL credentials configuration. None of the PEM or KEYSTORE configurations can be used!");
}
} }
private KeyManagerFactory createAndInitKeyManagerFactory() throws Exception { private KeyManagerFactory createAndInitKeyManagerFactory() throws Exception {
String type = redisSslCredentials.getType(); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
if ("pem".equals(type)) { kmf.init(loadKeyStore(), null);
RedisPemCredentialsConfig pemCredentials = redisSslCredentials.getPem(); return kmf;
return getKeyManagerFactory(pemCredentials);
} else if ("keystore".equals(type)) {
RedisKeystoreCredentialsConfig keystore = redisSslCredentials.getKeystore();
return getKeyManagerFactory(keystore);
} else {
throw new RuntimeException(type + ": Invalid SSL credentials configuration. None of the PEM or KEYSTORE configurations can be used!");
}
} }
private KeyManagerFactory getKeyManagerFactory(RedisPemCredentialsConfig pemCredentials) throws Exception { private KeyStore loadKeyStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
if (pemCredentials.getUserCertFile().isBlank() || pemCredentials.getUserKeyFile().isBlank()) { if (redisSslCredentials.getUserCertFile().isBlank() || redisSslCredentials.getUserKeyFile().isBlank()) {
return null; return null;
} }
List<X509Certificate> certificates = SslUtil.readCertFileByPath(pemCredentials.getCertFile()); List<X509Certificate> certificates = SslUtil.readCertFileByPath(redisSslCredentials.getCertFile());
PrivateKey privateKey = SslUtil.readPrivateKeyByFilePath(pemCredentials.getUserKeyFile(), null); PrivateKey privateKey = SslUtil.readPrivateKeyByFilePath(redisSslCredentials.getUserKeyFile(), null);
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null); keyStore.load(null);
@ -242,21 +226,6 @@ public abstract class TBRedisCacheConfiguration {
Certificate[] x509Certificates = path.toArray(new Certificate[0]); Certificate[] x509Certificates = path.toArray(new Certificate[0]);
keyStore.setKeyEntry("redis-private-key", privateKey, null, x509Certificates); keyStore.setKeyEntry("redis-private-key", privateKey, null, x509Certificates);
} }
return keyStore;
KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX");
kmf.init(keyStore, null);
return kmf;
}
private KeyManagerFactory getKeyManagerFactory(RedisKeystoreCredentialsConfig keystore) throws Exception {
if (keystore.getKeystoreLocation().isBlank() || keystore.getKeystoreLocation().isBlank()) {
return null;
}
KeyStore keyStore = KeyStore.getInstance(keystore.getKeystoreType());
keyStore.load(new FileInputStream(keystore.getKeystoreLocation()), keystore.getKeystorePassword().toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX");
kmf.init(keyStore, keystore.getKeystorePassword().toCharArray());
return kmf;
} }
} }

1
common/util/src/main/java/org/thingsboard/common/util/SslUtil.java
View File

@ -129,4 +129,5 @@ public class SslUtil {
} }
return privateKey; return privateKey;
} }
} }

4
msa/black-box-tests/README.md
View File

@ -22,6 +22,10 @@ As result, in REPOSITORY column, next images should be present:
mvn clean install -DblackBoxTests.skip=false mvn clean install -DblackBoxTests.skip=false
- Run the black box tests (without ui tests) in the [msa/black-box-tests](../black-box-tests) directory with Redis standalone with TLS:
mvn clean install -DblackBoxTests.skip=false -DblackBoxTests.redisSsl=true
- Run the black box tests in the [msa/black-box-tests](../black-box-tests) directory with Redis cluster: - Run the black box tests in the [msa/black-box-tests](../black-box-tests) directory with Redis cluster:
mvn clean install -DblackBoxTests.skip=false -DblackBoxTests.redisCluster=true mvn clean install -DblackBoxTests.skip=false -DblackBoxTests.redisCluster=true

32
transport/coap/src/main/resources/tb-coap-transport.yml
View File

@ -97,32 +97,14 @@ redis:
ssl: ssl:
# Enable/disable secure connection # Enable/disable secure connection
enabled: "${TB_REDIS_SSL_ENABLED:false}" enabled: "${TB_REDIS_SSL_ENABLED:false}"
# Server SSL credentials # Server SSL credentials (only PEM format is supported)
credentials: credentials:
# Server credentials type (pem - pem certificate file; keystore - java keystore) # Path redis server (CA) certificate
type: "${TB_REDIS_SSL_CREDENTIALS_TYPE:pem}" cert_file: "${TB_REDIS_SSL_PEM_CERT:}"
# PEM server credentials # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
pem: user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
# Path redis server (CA) certificate # Path to user private key file. This is optional for the client and only needed if user_cert_file is configured.
cert_file: "${TB_REDIS_SSL_PEM_CERT:}" user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
# Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
# Path to user private key file. This is optional for the client and only needed if ssl.pem.user_cert_file is configured.
user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
# Keystore server credentials
keystore:
# Type of the trust store (JKS or PKCS12)
truststore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
# The location of the trust store file
truststore_location: "${TB_REDIS_SSL_TRUSTSTORE_LOCATION:}"
# The password of trust store file if specified
truststore_password: "${TB_REDIS_SSL_TRUSTSTORE_PASSWORD:}"
# Type of the key store (JKS or PKCS12)
keystore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
# The location of the key store file. This is optional for the client and can be used for two-way authentication for the client
keystore_location: "${TB_REDIS_SSL_KEYSTORE_LOCATION:}"
# The store password for the key store file. This is optional for the client and only needed if ssl.keystore.location is configured. Key store password is not supported for PEM format
keystore_password: "${TB_REDIS_SSL_KEYSTORE_PASSWORD:}"
# pool config # pool config
pool_config: pool_config:
# Maximum number of connections that can be allocated by the connection pool # Maximum number of connections that can be allocated by the connection pool

32
transport/http/src/main/resources/tb-http-transport.yml
View File

@ -130,32 +130,14 @@ redis:
ssl: ssl:
# Enable/disable secure connection # Enable/disable secure connection
enabled: "${TB_REDIS_SSL_ENABLED:false}" enabled: "${TB_REDIS_SSL_ENABLED:false}"
# Server SSL credentials # Server SSL credentials (only PEM format is supported)
credentials: credentials:
# Server credentials type (pem - pem certificate file; keystore - java keystore) # Path redis server (CA) certificate
type: "${TB_REDIS_SSL_CREDENTIALS_TYPE:pem}" cert_file: "${TB_REDIS_SSL_PEM_CERT:}"
# PEM server credentials # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
pem: user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
# Path redis server (CA) certificate # Path to user private key file. This is optional for the client and only needed if user_cert_file is configured.
cert_file: "${TB_REDIS_SSL_PEM_CERT:}" user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
# Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
# Path to user private key file. This is optional for the client and only needed if ssl.pem.user_cert_file is configured.
user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
# Keystore server credentials
keystore:
# Type of the trust store (JKS or PKCS12)
truststore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
# The location of the trust store file
truststore_location: "${TB_REDIS_SSL_TRUSTSTORE_LOCATION:}"
# The password of trust store file if specified
truststore_password: "${TB_REDIS_SSL_TRUSTSTORE_PASSWORD:}"
# Type of the key store (JKS or PKCS12)
keystore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
# The location of the key store file. This is optional for the client and can be used for two-way authentication for the client
keystore_location: "${TB_REDIS_SSL_KEYSTORE_LOCATION:}"
# The store password for the key store file. This is optional for the client and only needed if ssl.keystore.location is configured. Key store password is not supported for PEM format
keystore_password: "${TB_REDIS_SSL_KEYSTORE_PASSWORD:}"
# pool config # pool config
pool_config: pool_config:
# Maximum number of connections that can be allocated by the connection pool # Maximum number of connections that can be allocated by the connection pool

32
transport/lwm2m/src/main/resources/tb-lwm2m-transport.yml
View File

@ -97,32 +97,14 @@ redis:
ssl: ssl:
# Enable/disable secure connection # Enable/disable secure connection
enabled: "${TB_REDIS_SSL_ENABLED:false}" enabled: "${TB_REDIS_SSL_ENABLED:false}"
# Server SSL credentials # Server SSL credentials (only PEM format is supported)
credentials: credentials:
# Server credentials type (pem - pem certificate file; keystore - java keystore) # Path redis server (CA) certificate
type: "${TB_REDIS_SSL_CREDENTIALS_TYPE:pem}" cert_file: "${TB_REDIS_SSL_PEM_CERT:}"
# PEM server credentials # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
pem: user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
# Path redis server (CA) certificate # Path to user private key file. This is optional for the client and only needed if user_cert_file is configured.
cert_file: "${TB_REDIS_SSL_PEM_CERT:}" user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
# Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
# Path to user private key file. This is optional for the client and only needed if ssl.pem.user_cert_file is configured.
user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
# Keystore server credentials
keystore:
# Type of the trust store (JKS or PKCS12)
truststore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
# The location of the trust store file
truststore_location: "${TB_REDIS_SSL_TRUSTSTORE_LOCATION:}"
# The password of trust store file if specified
truststore_password: "${TB_REDIS_SSL_TRUSTSTORE_PASSWORD:}"
# Type of the key store (JKS or PKCS12)
keystore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
# The location of the key store file. This is optional for the client and can be used for two-way authentication for the client
keystore_location: "${TB_REDIS_SSL_KEYSTORE_LOCATION:}"
# The store password for the key store file. This is optional for the client and only needed if ssl.keystore.location is configured. Key store password is not supported for PEM format
keystore_password: "${TB_REDIS_SSL_KEYSTORE_PASSWORD:}"
# pool config # pool config
pool_config: pool_config:
# Maximum number of connections that can be allocated by the connection pool # Maximum number of connections that can be allocated by the connection pool

32
transport/mqtt/src/main/resources/tb-mqtt-transport.yml
View File

@ -98,32 +98,14 @@ redis:
ssl: ssl:
# Enable/disable secure connection # Enable/disable secure connection
enabled: "${TB_REDIS_SSL_ENABLED:false}" enabled: "${TB_REDIS_SSL_ENABLED:false}"
# Server SSL credentials # Server SSL credentials (only PEM format is supported)
credentials: credentials:
# Server credentials type (pem - pem certificate file; keystore - java keystore) # Path redis server (CA) certificate
type: "${TB_REDIS_SSL_CREDENTIALS_TYPE:pem}" cert_file: "${TB_REDIS_SSL_PEM_CERT:}"
# PEM server credentials # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
pem: user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
# Path redis server (CA) certificate # Path to user private key file. This is optional for the client and only needed if user_cert_file is configured.
cert_file: "${TB_REDIS_SSL_PEM_CERT:}" user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
# Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
# Path to user private key file. This is optional for the client and only needed if ssl.pem.user_cert_file is configured.
user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
# Keystore server credentials
keystore:
# Type of the trust store (JKS or PKCS12)
truststore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
# The location of the trust store file
truststore_location: "${TB_REDIS_SSL_TRUSTSTORE_LOCATION:}"
# The password of trust store file if specified
truststore_password: "${TB_REDIS_SSL_TRUSTSTORE_PASSWORD:}"
# Type of the key store (JKS or PKCS12)
keystore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
# The location of the key store file. This is optional for the client and can be used for two-way authentication for the client
keystore_location: "${TB_REDIS_SSL_KEYSTORE_LOCATION:}"
# The store password for the key store file. This is optional for the client and only needed if ssl.keystore.location is configured. Key store password is not supported for PEM format
keystore_password: "${TB_REDIS_SSL_KEYSTORE_PASSWORD:}"
# pool config # pool config
pool_config: pool_config:
# Maximum number of connections that can be allocated by the connection pool # Maximum number of connections that can be allocated by the connection pool

32
transport/snmp/src/main/resources/tb-snmp-transport.yml
View File

@ -97,32 +97,14 @@ redis:
ssl: ssl:
# Enable/disable secure connection # Enable/disable secure connection
enabled: "${TB_REDIS_SSL_ENABLED:false}" enabled: "${TB_REDIS_SSL_ENABLED:false}"
# Server SSL credentials # Server SSL credentials (only PEM format is supported)
credentials: credentials:
# Server credentials type (pem - pem certificate file; keystore - java keystore) # Path redis server (CA) certificate
type: "${TB_REDIS_SSL_CREDENTIALS_TYPE:pem}" cert_file: "${TB_REDIS_SSL_PEM_CERT:}"
# PEM server credentials # Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
pem: user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
# Path redis server (CA) certificate # Path to user private key file. This is optional for the client and only needed if user_cert_file is configured.
cert_file: "${TB_REDIS_SSL_PEM_CERT:}" user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
# Path to user certificate file. This is optional for the client and can be used for two-way authentication for the client
user_cert_file: "${TB_REDIS_SSL_PEM_KEY:}"
# Path to user private key file. This is optional for the client and only needed if ssl.pem.user_cert_file is configured.
user_key_file: "${TB_REDIS_SSL_PEM_KEY_PASSWORD:}"
# Keystore server credentials
keystore:
# Type of the trust store (JKS or PKCS12)
truststore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
# The location of the trust store file
truststore_location: "${TB_REDIS_SSL_TRUSTSTORE_LOCATION:}"
# The password of trust store file if specified
truststore_password: "${TB_REDIS_SSL_TRUSTSTORE_PASSWORD:}"
# Type of the key store (JKS or PKCS12)
keystore_type: "${TB_REDIS_SSL_KEY_STORE_TYPE:JKS}"
# The location of the key store file. This is optional for the client and can be used for two-way authentication for the client
keystore_location: "${TB_REDIS_SSL_KEYSTORE_LOCATION:}"
# The store password for the key store file. This is optional for the client and only needed if ssl.keystore.location is configured. Key store password is not supported for PEM format
keystore_password: "${TB_REDIS_SSL_KEYSTORE_PASSWORD:}"
# pool config # pool config
pool_config: pool_config:
# Maximum number of connections that can be allocated by the connection pool # Maximum number of connections that can be allocated by the connection pool