public class ConfluentFipsValidator extends Object implements org.apache.kafka.common.security.fips.FipsValidator
This class centralizes FIPS validation for cipher suites, SSL/TLS versions and kafka broker protocols. One of its primary uses is to validate FIPS requirements.
Constructor and Description |
---|
ConfluentFipsValidator() |
Modifier and Type | Method and Description |
---|---|
boolean |
fipsEnabled() |
void |
validateFipsBrokerProtocol(Map<String,org.apache.kafka.common.security.auth.SecurityProtocol> securityProtocolMap) |
void |
validateFipsTls(Map<String,?> configs)
Validate FIPS requirements on cipher suites, TLS protocols versions.
|
void |
validateFipsTlsCipherSuite(Collection<String> cipherSuites) |
void |
validateFipsTlsCipherSuite(Map<String,?> configs) |
void |
validateFipsTlsVersion(Collection<String> tlsVersions) |
void |
validateFipsTlsVersion(Map<String,?> configs) |
public boolean fipsEnabled()
fipsEnabled
in interface org.apache.kafka.common.security.fips.FipsValidator
public void validateFipsTls(Map<String,?> configs)
validateFipsTls
in interface org.apache.kafka.common.security.fips.FipsValidator
configs
- the configuration contains cipher suites, TLS protocols.InvalidFipsCipherSuiteException
- if cipher suites not FIPS compliant.InvalidFipsTlsVersionException
- if TLS protocols not FIPS compliant.public void validateFipsBrokerProtocol(Map<String,org.apache.kafka.common.security.auth.SecurityProtocol> securityProtocolMap)
validateFipsBrokerProtocol
in interface org.apache.kafka.common.security.fips.FipsValidator
public void validateFipsTlsCipherSuite(Collection<String> cipherSuites)
public void validateFipsTlsVersion(Collection<String> tlsVersions)