This is an automated email from the ASF dual-hosted git repository.
zixuan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 1b097982f9c [improve][cli] Add a separate TLS transport encryption
configuration (#16930)
1b097982f9c is described below
commit 1b097982f9c2bb1546823f8502305fcb220b584b
Author: Zixuan Liu <[email protected]>
AuthorDate: Fri Aug 5 11:57:06 2022 +0800
[improve][cli] Add a separate TLS transport encryption configuration
(#16930)
Signed-off-by: Zixuan Liu <[email protected]>
---
conf/client.conf | 15 +++++++++++++++
.../apache/pulsar/admin/cli/PulsarAdminTool.java | 13 ++++++++++++-
.../apache/pulsar/client/cli/PulsarClientTool.java | 21 +++++++++++++++++++--
3 files changed, 46 insertions(+), 3 deletions(-)
diff --git a/conf/client.conf b/conf/client.conf
index b2b071adb81..50d9bf374c1 100644
--- a/conf/client.conf
+++ b/conf/client.conf
@@ -56,6 +56,12 @@ tlsEnableHostnameVerification=false
# fails, then the cert is untrusted and the connection is dropped.
tlsTrustCertsFilePath=
+# Path for the TLS certificate file
+tlsCertificateFilePath=
+
+# Path for the TLS private key file
+tlsKeyFilePath=
+
# Enable TLS with KeyStore type configuration in broker.
useKeyStoreTls=false
@@ -68,6 +74,15 @@ tlsTrustStorePath=
# TLS TrustStore password
tlsTrustStorePassword=
+# TLS KeyStore type configuration: JKS, PKCS12
+tlsKeyStoreType=JKS
+
+# TLS TrustStore path
+tlsKeyStorePath=
+
+# TLS TrustStore password
+tlsKeyStorePassword=
+
# Set up TLS provider for web service
# When TLS authentication with CACert is used, the valid value is either
OPENSSL or JDK.
# When TLS authentication with KeyStore is used, available options can be
SunJSSE, Conscrypt and so on.
diff --git
a/pulsar-client-tools/src/main/java/org/apache/pulsar/admin/cli/PulsarAdminTool.java
b/pulsar-client-tools/src/main/java/org/apache/pulsar/admin/cli/PulsarAdminTool.java
index 5c65ef052e6..b4a0e04439f 100644
---
a/pulsar-client-tools/src/main/java/org/apache/pulsar/admin/cli/PulsarAdminTool.java
+++
b/pulsar-client-tools/src/main/java/org/apache/pulsar/admin/cli/PulsarAdminTool.java
@@ -108,6 +108,12 @@ public class PulsarAdminTool {
String tlsTrustStoreType = properties.getProperty("tlsTrustStoreType",
"JKS");
String tlsTrustStorePath = properties.getProperty("tlsTrustStorePath");
String tlsTrustStorePassword =
properties.getProperty("tlsTrustStorePassword");
+ String tlsKeyStoreType = properties.getProperty("tlsKeyStoreType",
"JKS");
+ String tlsKeyStorePath = properties.getProperty("tlsKeyStorePath");
+ String tlsKeyStorePassword =
properties.getProperty("tlsKeyStorePassword");
+ String tlsKeyFilePath = properties.getProperty("tlsKeyFilePath");
+ String tlsCertificateFilePath =
properties.getProperty("tlsCertificateFilePath");
+
boolean tlsAllowInsecureConnection =
this.rootParams.tlsAllowInsecureConnection != null
? this.rootParams.tlsAllowInsecureConnection
:
Boolean.parseBoolean(properties.getProperty("tlsAllowInsecureConnection",
"false"));
@@ -125,7 +131,12 @@ public class PulsarAdminTool {
.useKeyStoreTls(useKeyStoreTls)
.tlsTrustStoreType(tlsTrustStoreType)
.tlsTrustStorePath(tlsTrustStorePath)
- .tlsTrustStorePassword(tlsTrustStorePassword);
+ .tlsTrustStorePassword(tlsTrustStorePassword)
+ .tlsKeyStoreType(tlsKeyStoreType)
+ .tlsKeyStorePath(tlsKeyStorePath)
+ .tlsKeyStorePassword(tlsKeyStorePassword)
+ .tlsKeyFilePath(tlsKeyFilePath)
+ .tlsCertificateFilePath(tlsCertificateFilePath);
}
protected void initRootParamsFromProperties(Properties properties) {
diff --git
a/pulsar-client-tools/src/main/java/org/apache/pulsar/client/cli/PulsarClientTool.java
b/pulsar-client-tools/src/main/java/org/apache/pulsar/client/cli/PulsarClientTool.java
index dd4f4b69f9a..32770f3bd07 100644
---
a/pulsar-client-tools/src/main/java/org/apache/pulsar/client/cli/PulsarClientTool.java
+++
b/pulsar-client-tools/src/main/java/org/apache/pulsar/client/cli/PulsarClientTool.java
@@ -78,12 +78,17 @@ public class PulsarClientTool {
boolean tlsAllowInsecureConnection;
boolean tlsEnableHostnameVerification;
String tlsTrustCertsFilePath;
+ String tlsKeyFilePath;
+ String tlsCertificateFilePath;
// for tls with keystore type config
boolean useKeyStoreTls;
String tlsTrustStoreType;
String tlsTrustStorePath;
String tlsTrustStorePassword;
+ String tlsKeyStoreType;
+ String tlsKeyStorePath;
+ String tlsKeyStorePassword;
protected JCommander jcommander;
IUsageFormatter usageFormatter;
@@ -106,6 +111,12 @@ public class PulsarClientTool {
this.tlsTrustStorePath = properties.getProperty("tlsTrustStorePath");
this.tlsTrustStorePassword =
properties.getProperty("tlsTrustStorePassword");
+ this.tlsKeyStoreType = properties.getProperty("tlsKeyStoreType",
"JKS");
+ this.tlsKeyStorePath = properties.getProperty("tlsKeyStorePath");
+ this.tlsKeyStorePassword =
properties.getProperty("tlsKeyStorePassword");
+ this.tlsKeyFilePath = properties.getProperty("tlsKeyFilePath");
+ this.tlsCertificateFilePath =
properties.getProperty("tlsCertificateFilePath");
+
initJCommander();
}
@@ -146,14 +157,20 @@ public class PulsarClientTool {
clientBuilder.listenerName(this.rootParams.listenerName);
}
clientBuilder.allowTlsInsecureConnection(this.tlsAllowInsecureConnection);
- clientBuilder.tlsTrustCertsFilePath(this.tlsTrustCertsFilePath);
clientBuilder.enableTlsHostnameVerification(this.tlsEnableHostnameVerification);
clientBuilder.serviceUrl(rootParams.serviceURL);
+ clientBuilder.tlsTrustCertsFilePath(this.tlsTrustCertsFilePath)
+ .tlsKeyFilePath(tlsKeyFilePath)
+ .tlsCertificateFilePath(tlsCertificateFilePath);
+
clientBuilder.useKeyStoreTls(useKeyStoreTls)
.tlsTrustStoreType(tlsTrustStoreType)
.tlsTrustStorePath(tlsTrustStorePath)
- .tlsTrustStorePassword(tlsTrustStorePassword);
+ .tlsTrustStorePassword(tlsTrustStorePassword)
+ .tlsKeyStoreType(tlsKeyStoreType)
+ .tlsKeyStorePath(tlsKeyStorePath)
+ .tlsKeyStorePassword(tlsKeyStorePassword);
if (isNotBlank(rootParams.proxyServiceURL)) {
if (rootParams.proxyProtocol == null) {
