This is an automated email from the ASF dual-hosted git repository. penghui pushed a commit to branch branch-2.11 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 024a5e594471bf8a71f3cdc15e391f120fb07112 Author: Zixuan Liu <[email protected]> AuthorDate: Fri Aug 5 11:57:06 2022 +0800 [improve][cli] Add a separate TLS transport encryption configuration (#16930) Signed-off-by: Zixuan Liu <[email protected]> (cherry picked from commit 1b097982f9c2bb1546823f8502305fcb220b584b) --- conf/client.conf | 15 +++++++++++++++ .../apache/pulsar/admin/cli/PulsarAdminTool.java | 13 ++++++++++++- .../apache/pulsar/client/cli/PulsarClientTool.java | 21 +++++++++++++++++++-- 3 files changed, 46 insertions(+), 3 deletions(-) diff --git a/conf/client.conf b/conf/client.conf index b2b071adb81..50d9bf374c1 100644 --- a/conf/client.conf +++ b/conf/client.conf @@ -56,6 +56,12 @@ tlsEnableHostnameVerification=false # fails, then the cert is untrusted and the connection is dropped. tlsTrustCertsFilePath= +# Path for the TLS certificate file +tlsCertificateFilePath= + +# Path for the TLS private key file +tlsKeyFilePath= + # Enable TLS with KeyStore type configuration in broker. useKeyStoreTls=false @@ -68,6 +74,15 @@ tlsTrustStorePath= # TLS TrustStore password tlsTrustStorePassword= +# TLS KeyStore type configuration: JKS, PKCS12 +tlsKeyStoreType=JKS + +# TLS TrustStore path +tlsKeyStorePath= + +# TLS TrustStore password +tlsKeyStorePassword= + # Set up TLS provider for web service # When TLS authentication with CACert is used, the valid value is either OPENSSL or JDK. # When TLS authentication with KeyStore is used, available options can be SunJSSE, Conscrypt and so on. diff --git a/pulsar-client-tools/src/main/java/org/apache/pulsar/admin/cli/PulsarAdminTool.java b/pulsar-client-tools/src/main/java/org/apache/pulsar/admin/cli/PulsarAdminTool.java index 5c65ef052e6..b4a0e04439f 100644 --- a/pulsar-client-tools/src/main/java/org/apache/pulsar/admin/cli/PulsarAdminTool.java +++ b/pulsar-client-tools/src/main/java/org/apache/pulsar/admin/cli/PulsarAdminTool.java @@ -108,6 +108,12 @@ public class PulsarAdminTool { String tlsTrustStoreType = properties.getProperty("tlsTrustStoreType", "JKS"); String tlsTrustStorePath = properties.getProperty("tlsTrustStorePath"); String tlsTrustStorePassword = properties.getProperty("tlsTrustStorePassword"); + String tlsKeyStoreType = properties.getProperty("tlsKeyStoreType", "JKS"); + String tlsKeyStorePath = properties.getProperty("tlsKeyStorePath"); + String tlsKeyStorePassword = properties.getProperty("tlsKeyStorePassword"); + String tlsKeyFilePath = properties.getProperty("tlsKeyFilePath"); + String tlsCertificateFilePath = properties.getProperty("tlsCertificateFilePath"); + boolean tlsAllowInsecureConnection = this.rootParams.tlsAllowInsecureConnection != null ? this.rootParams.tlsAllowInsecureConnection : Boolean.parseBoolean(properties.getProperty("tlsAllowInsecureConnection", "false")); @@ -125,7 +131,12 @@ public class PulsarAdminTool { .useKeyStoreTls(useKeyStoreTls) .tlsTrustStoreType(tlsTrustStoreType) .tlsTrustStorePath(tlsTrustStorePath) - .tlsTrustStorePassword(tlsTrustStorePassword); + .tlsTrustStorePassword(tlsTrustStorePassword) + .tlsKeyStoreType(tlsKeyStoreType) + .tlsKeyStorePath(tlsKeyStorePath) + .tlsKeyStorePassword(tlsKeyStorePassword) + .tlsKeyFilePath(tlsKeyFilePath) + .tlsCertificateFilePath(tlsCertificateFilePath); } protected void initRootParamsFromProperties(Properties properties) { diff --git a/pulsar-client-tools/src/main/java/org/apache/pulsar/client/cli/PulsarClientTool.java b/pulsar-client-tools/src/main/java/org/apache/pulsar/client/cli/PulsarClientTool.java index dd4f4b69f9a..32770f3bd07 100644 --- a/pulsar-client-tools/src/main/java/org/apache/pulsar/client/cli/PulsarClientTool.java +++ b/pulsar-client-tools/src/main/java/org/apache/pulsar/client/cli/PulsarClientTool.java @@ -78,12 +78,17 @@ public class PulsarClientTool { boolean tlsAllowInsecureConnection; boolean tlsEnableHostnameVerification; String tlsTrustCertsFilePath; + String tlsKeyFilePath; + String tlsCertificateFilePath; // for tls with keystore type config boolean useKeyStoreTls; String tlsTrustStoreType; String tlsTrustStorePath; String tlsTrustStorePassword; + String tlsKeyStoreType; + String tlsKeyStorePath; + String tlsKeyStorePassword; protected JCommander jcommander; IUsageFormatter usageFormatter; @@ -106,6 +111,12 @@ public class PulsarClientTool { this.tlsTrustStorePath = properties.getProperty("tlsTrustStorePath"); this.tlsTrustStorePassword = properties.getProperty("tlsTrustStorePassword"); + this.tlsKeyStoreType = properties.getProperty("tlsKeyStoreType", "JKS"); + this.tlsKeyStorePath = properties.getProperty("tlsKeyStorePath"); + this.tlsKeyStorePassword = properties.getProperty("tlsKeyStorePassword"); + this.tlsKeyFilePath = properties.getProperty("tlsKeyFilePath"); + this.tlsCertificateFilePath = properties.getProperty("tlsCertificateFilePath"); + initJCommander(); } @@ -146,14 +157,20 @@ public class PulsarClientTool { clientBuilder.listenerName(this.rootParams.listenerName); } clientBuilder.allowTlsInsecureConnection(this.tlsAllowInsecureConnection); - clientBuilder.tlsTrustCertsFilePath(this.tlsTrustCertsFilePath); clientBuilder.enableTlsHostnameVerification(this.tlsEnableHostnameVerification); clientBuilder.serviceUrl(rootParams.serviceURL); + clientBuilder.tlsTrustCertsFilePath(this.tlsTrustCertsFilePath) + .tlsKeyFilePath(tlsKeyFilePath) + .tlsCertificateFilePath(tlsCertificateFilePath); + clientBuilder.useKeyStoreTls(useKeyStoreTls) .tlsTrustStoreType(tlsTrustStoreType) .tlsTrustStorePath(tlsTrustStorePath) - .tlsTrustStorePassword(tlsTrustStorePassword); + .tlsTrustStorePassword(tlsTrustStorePassword) + .tlsKeyStoreType(tlsKeyStoreType) + .tlsKeyStorePath(tlsKeyStorePath) + .tlsKeyStorePassword(tlsKeyStorePassword); if (isNotBlank(rootParams.proxyServiceURL)) { if (rootParams.proxyProtocol == null) {
