Class ConfluentFipsValidator

java.lang.Object
io.confluent.kafka.security.fips.ConfluentFipsValidator
All Implemented Interfaces:
org.apache.kafka.common.security.fips.FipsValidator
public class ConfluentFipsValidator extends Object implements org.apache.kafka.common.security.fips.FipsValidator

This class centralizes FIPS validation for cipher suites, SSL/TLS versions and kafka broker protocols. One of its primary uses is to validate FIPS requirements.

  • Constructor Details

    • ConfluentFipsValidator

      public ConfluentFipsValidator()

  • Method Details

    • fipsEnabled

      public boolean fipsEnabled()
      Specified by:
      fipsEnabled in interface org.apache.kafka.common.security.fips.FipsValidator

    • validateFipsTls

      public void validateFipsTls(Map<String,?> configs)
      Validate FIPS requirements on cipher suites, TLS protocols versions.
      Specified by:
      validateFipsTls in interface org.apache.kafka.common.security.fips.FipsValidator
      Parameters:
      configs - the configuration contains cipher suites, TLS protocols.
      Throws:
      InvalidFipsTlsCipherSuiteException - if cipher suites not FIPS compliant.
      InvalidFipsTlsVersionException - if TLS protocols not FIPS compliant.

    • validateFipsBrokerProtocol

      public void validateFipsBrokerProtocol(Map<String, org.apache.kafka.common.security.auth.SecurityProtocol> securityProtocolMap)
      Validate broker protocol, make sure broker uses either SSL or SASL_SSL protocol.
      Specified by:
      validateFipsBrokerProtocol in interface org.apache.kafka.common.security.fips.FipsValidator
      Parameters:
      securityProtocolMap - the Map contains map relationship between listener name and security protocol.
      Throws:
      InvalidFipsBrokerProtocolException - if broker protocols not FIPS compliant.

    • validateRestProtocol

      public void validateRestProtocol(String restProtocol)
      Validate rest server protocol, make sure connect uses https protocol.
      Specified by:
      validateRestProtocol in interface org.apache.kafka.common.security.fips.FipsValidator
      Parameters:
      restProtocol - protocol used by rest servers of listeners.
      Throws:
      InvalidFipsRestProtocolException - if rest server protocol is not FIPS compliant.

    • validateFipsTlsCipherSuite

      public void validateFipsTlsCipherSuite(Map<String,?> configs)
      Validate cipher suites are FIPS compliant or not.
      Parameters:
      configs - the configuration contains cipher suites.
      Throws:
      InvalidFipsTlsCipherSuiteException - if cipher suites not FIPS compliant.

    • validateFipsTlsVersion

      public void validateFipsTlsVersion(Map<String,?> configs)
      Validate TLS versions are FIPS compliant or not.
      Parameters:
      configs - the configuration contains TLS versions.
      Throws:
      InvalidFipsTlsVersionException - if TLS protocol not FIPS compliant.

    • validateFipsTlsCipherSuite

      public void validateFipsTlsCipherSuite(Collection<String> cipherSuites)
      Validate cipher suites are FIPS compliant or not.
      Parameters:
      cipherSuites - a collection of cipher suites
      Throws:
      InvalidFipsTlsCipherSuiteException - if cipher suites not FIPS compliant.

    • validateFipsTlsVersion

      public void validateFipsTlsVersion(Collection<String> tlsVersions)
      Validate TLS versions are FIPS compliant or not.
      Parameters:
      tlsVersions - a collection of TLS protocol version.
      Throws:
      InvalidFipsTlsVersionException - if TLS protocol not FIPS compliant.