ConfluentFipsValidator (ce-kafka-client-plugins 7.5.12-ce API)

java.lang.Object
- io.confluent.kafka.security.fips.ConfluentFipsValidator

All Implemented Interfaces:

org.apache.kafka.common.security.fips.FipsValidator
```
public class ConfluentFipsValidator
extends Object
implements org.apache.kafka.common.security.fips.FipsValidator
```
This class centralizes FIPS validation for cipher suites, SSL/TLS versions and kafka broker protocols. One of its primary uses is to validate FIPS requirements.

Constructor Summary

Constructors
Constructor and Description

ConfluentFipsValidator()

Constructors
Constructor and Description
`ConfluentFipsValidator()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`fipsEnabled()`
`void`	`validateFipsBrokerProtocol(Map<String,org.apache.kafka.common.security.auth.SecurityProtocol> securityProtocolMap)` Validate broker protocol, make sure broker uses either SSL or SASL_SSL protocol.
`void`	`validateFipsTls(Map<String,?> configs)` Validate FIPS requirements on cipher suites, TLS protocols versions.
`void`	`validateFipsTlsCipherSuite(Collection<String> cipherSuites)` Validate cipher suites are FIPS compliant or not.
`void`	`validateFipsTlsCipherSuite(Map<String,?> configs)` Validate cipher suites are FIPS compliant or not.
`void`	`validateFipsTlsVersion(Collection<String> tlsVersions)` Validate TLS versions are FIPS compliant or not.
`void`	`validateFipsTlsVersion(Map<String,?> configs)` Validate TLS versions are FIPS compliant or not.
`void`	`validateRestProtocol(String restProtocol)` Validate rest server protocol, make sure connect uses https protocol.

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - ConfluentFipsValidator
```
public ConfluentFipsValidator()
```
- Method Detail
  - fipsEnabled
```
public boolean fipsEnabled()
```
    Specified by:
    
    fipsEnabled in interface org.apache.kafka.common.security.fips.FipsValidator
  - validateFipsTls
```
public void validateFipsTls(Map<String,?> configs)
```
    Validate FIPS requirements on cipher suites, TLS protocols versions.
    
    Specified by:
    
    validateFipsTls in interface org.apache.kafka.common.security.fips.FipsValidator
    
    Parameters:
    
    configs - the configuration contains cipher suites, TLS protocols.
    
    Throws:
    
    InvalidFipsCipherSuiteException - if cipher suites not FIPS compliant.
    
    InvalidFipsTlsVersionException - if TLS protocols not FIPS compliant.
  - validateFipsBrokerProtocol
```
public void validateFipsBrokerProtocol(Map<String,org.apache.kafka.common.security.auth.SecurityProtocol> securityProtocolMap)
```
    Validate broker protocol, make sure broker uses either SSL or SASL_SSL protocol.
    
    Specified by:
    
    validateFipsBrokerProtocol in interface org.apache.kafka.common.security.fips.FipsValidator
    
    Parameters:
    
    securityProtocolMap - the Map contains map relationship between listener name and security protocol.
    
    Throws:
    
    InvalidFipsBrokerProtocolException - if broker protocols not FIPS compliant.
  - validateRestProtocol
```
public void validateRestProtocol(String restProtocol)
```
    Validate rest server protocol, make sure connect uses https protocol.
    
    Specified by:
    
    validateRestProtocol in interface org.apache.kafka.common.security.fips.FipsValidator
    
    Parameters:
    
    restProtocol - protocol used by rest servers of listeners.
    
    Throws:
    
    InvalidFipsRestProtocolException - if rest server protocol is not FIPS compliant.
  - validateFipsTlsCipherSuite
```
public void validateFipsTlsCipherSuite(Map<String,?> configs)
```
    Validate cipher suites are FIPS compliant or not.
    
    Parameters:
    
    configs - the configuration contains cipher suites.
    
    Throws:
    
    InvalidFipsCipherSuiteException - if cipher suites not FIPS compliant.
  - validateFipsTlsVersion
```
public void validateFipsTlsVersion(Map<String,?> configs)
```
    Validate TLS versions are FIPS compliant or not.
    
    Parameters:
    
    configs - the configuration contains TLS versions.
    
    Throws:
    
    InvalidFipsTlsVersionException - if TLS protocol not FIPS compliant.
  - validateFipsTlsCipherSuite
```
public void validateFipsTlsCipherSuite(Collection<String> cipherSuites)
```
    Validate cipher suites are FIPS compliant or not.
    
    Parameters:
    
    cipherSuites - a collection of cipher suites
    
    Throws:
    
    InvalidFipsCipherSuiteException - if cipher suites not FIPS compliant.
  - validateFipsTlsVersion
```
public void validateFipsTlsVersion(Collection<String> tlsVersions)
```
    Validate TLS versions are FIPS compliant or not.
    
    Parameters:
    
    tlsVersions - a collection of TLS protocol version.
    
    Throws:
    
    InvalidFipsTlsVersionException - if TLS protocol not FIPS compliant.

Class ConfluentFipsValidator

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

ConfluentFipsValidator

Method Detail

fipsEnabled

validateFipsTls

validateFipsBrokerProtocol

validateRestProtocol

validateFipsTlsCipherSuite

validateFipsTlsVersion

validateFipsTlsCipherSuite

validateFipsTlsVersion