kloganatha22 opened a new issue, #19488: URL: https://github.com/apache/pulsar/issues/19488
### Search before asking - [X] I searched in the [issues](https://github.com/apache/pulsar/issues) and found nothing similar. ### Version Client(2.11.0)-->proxy(2.11.0)-->broker(2.11.0)-->bookie(2.11.0)-->ZK(2.11.0) OS: 159~16.04.1-Ubuntu ### Minimal reproduce step **Step-1: Apply the TLS configuration using JKS keystore but enable the authentication between proxy and broker** Proxy: Enable TLS using JKS keystore Apply this config to enable TLS: https://pulsar.apache.org/docs/2.11.x/security-tls-transport/#configure-proxies-1 Apply this config in proxy for authentication using keystore: "brokerClientAuthenticationPlugin": "org.apache.pulsar.client.impl.auth.AuthenticationTls" "brokerClientAuthenticationParameters": "{\"keyStoreType\":\"JKS\",\"keyStorePath\":\"/var/private/tls/client.keystore.jks\",\"keyStorePassword\":\"clientpw\"}" Broker: Enable TLS & Authentication using JKS keystore https://pulsar.apache.org/docs/2.11.x/security-tls-authentication/#configure-brokers **Step-2: Start the proxy and observe the below error logs** Even though I configured to enable the AuthenticationTls only using keystore but it expecting the PEM configuration (tlsCertificateFilePath & tlsKeyFilePath) The line where it expects the PEM configs: https://github.com/apache/pulsar/blob/v2.11.0/pulsar-client/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationTls.java#L82 ``` 2023-02-11T01:19:53,880+0000 [main] INFO org.eclipse.jetty.server.session - node0 Scavenging every 600000ms 2023-02-11T01:19:53,900+0000 [main] INFO org.eclipse.jetty.server.handler.ContextHandler - Started o.e.j.s.ServletContextHandler@5f0f9947{/metrics,null,AVAILABLE} 2023-02-11T01:19:54,401+0000 [main] INFO org.eclipse.jetty.server.handler.ContextHandler - Started o.e.j.s.ServletContextHandler@c3edf4c{/,null,AVAILABLE} 2023-02-11T01:19:54,523+0000 [main] INFO org.eclipse.jetty.server.handler.ContextHandler - Started o.e.j.s.ServletContextHandler@1aad0b1{/proxy-stats,null,AVAILABLE} 2023-02-11T01:19:54,525+0000 [main] ERROR org.apache.pulsar.proxy.server.AdminProxyHandler - new jetty http client exception java.lang.IllegalArgumentException: cert/key file path or cert/key stream must be present at org.apache.pulsar.client.impl.auth.AuthenticationTls.getAuthData(AuthenticationTls.java:90) ~[org.apache.pulsar-pulsar-client-original-2.11.0.jar:2.11.0] at org.apache.pulsar.proxy.server.AdminProxyHandler.newHttpClient(AdminProxyHandler.java:269) ~[org.apache.pulsar-pulsar-proxy-2.11.0.jar:2.11.0] at org.apache.pulsar.proxy.server.AdminProxyHandler.createHttpClient(AdminProxyHandler.java:104) ~[org.apache.pulsar-pulsar-proxy-2.11.0.jar:2.11.0] at org.eclipse.jetty.proxy.AbstractProxyServlet.init(AbstractProxyServlet.java:133) ~[org.eclipse.jetty-jetty-proxy-9.4.48.v20220622.jar:9.4.48.v20220622] at javax.servlet.GenericServlet.init(GenericServlet.java:244) ~[javax.servlet-javax.servlet-api-3.1.0.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:632) ~[org.eclipse.jetty-jetty-servlet-9.4.48.v20220622.jar:9.4.48.v20220622] at org.eclipse.jetty.servlet.ServletHolder.initialize(ServletHolder.java:415) ~[org.eclipse.jetty-jetty-servlet-9.4.48.v20220622.jar:9.4.48.v20220622] at org.eclipse.jetty.servlet.ServletHandler.lambda$initialize$0(ServletHandler.java:750) ~[org.eclipse.jetty-jetty-servlet-9.4.48.v20220622.jar:9.4.48.v20220622] at java.util.stream.SortedOps$SizedRefSortingSink.end(SortedOps.java:357) ~[?:?] at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:510) ~[?:?] at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499) ~[?:?] at java.util.stream.StreamSpliterators$WrappingSpliterator.forEachRemaining(StreamSpliterators.java:310) ~[?:?] ``` ### What did you expect to see? I am trying to enable the TLS and with Authentication between proxy and broker uisng keystore. Enabling Authentication in a proxy using Keystore configuration should not expect the PEM cert and keyfile path configuration ### What did you see instead? Since i can use only keystore JKS, I am not able to enable the Authentication due to the above issue and even I disable the authentication it is failing due to another bug "https://github.com/apache/pulsar/issues/19480";. Now i am completely blocked!!! :-( ### Anything else? _No response_ ### Are you willing to submit a PR? - [ ] I'm willing to submit a PR! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
