'How to Work with JKS files in Golang Kafka-Go
Background
Connect with kafka cluster with tls configuration in Golang using Kafka-Go
Steps to Follow
Convert JKS Files into PEM files using following commands
$ keytool -importkeystore -srckeystore kafka.server.truststore.jks -destkeystore server.p12 -deststoretype PKCS12
$ openssl pkcs12 -in server.p12 -nokeys -out server.cer.pem
$ keytool -importkeystore -srckeystore kafka.server.keystore.jks -destkeystore client.p12 -deststoretype PKCS12
$ openssl pkcs12 -in client.p12 -nokeys -out client.cer.pem
$ openssl pkcs12 -in client.p12 -nodes -nocerts -out client.key.pem
Code
getKafkaReader(topic string) *kafka.Reader {
kafka.NewReader(kafka.ReaderConfig{
Brokers: brokers,
GroupID: id,
Topic: topic,
Dialer: getDialer(),
})
}
return consumer
}
func getDialer() *kafka.Dialer {
dialer := &kafka.Dialer{
Timeout: 5 * time.Second,
DualStack: true,
TLS: tlsConfig(),
}
return dialer
}
func tlsConfig() *tls.Config {
// Keystore
keys, _ := ioutil.ReadFile(kafkaConfig.KeyStoreLocation)
blocks, err := p12.ToPEM(keys, kafkaConfig.KeyStorePassword)
if err != nil {
log.Fatal(err.Error())
}
var pemData []byte
for test, b := range blocks {
_ = test
pemData = append(pemData, pem.EncodeToMemory(b)...)
}
cert, err := tls.X509KeyPair(pemData, pemData)
if err != nil {
log.Fatal(err.Error())
}
//Truststore
caCert, err := ioutil.ReadFile("client.key.pem")
if err != nil {
log.Fatal(err)
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
config := &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: caCertPool,
}
return config
}
Error pkcs12: error reading P12 data: asn1: structure error: tags don't match
Anyone has idea or suggestion how to deal with this error ?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|