Re: [PR] [improve] PIP-337: Implement SSL Factory Plugin to customize SSL Context and SSL Engine generation [pulsar]

Mon, 19 Aug 2024 01:16:07 -0700 


Apurva007 commented on code in PR #23110:
URL: https://github.com/apache/pulsar/pull/23110#discussion_r1721382685


##########
pulsar-client/src/main/java/org/apache/pulsar/client/impl/PulsarChannelInitializer.java:
##########
@@ -75,71 +70,25 @@ public PulsarChannelInitializer(ClientConfigurationData 
conf, Supplier<ClientCnx
         this.socks5ProxyUsername = conf.getSocks5ProxyUsername();
         this.socks5ProxyPassword = conf.getSocks5ProxyPassword();
 
-        this.tlsEnabledWithKeyStore = conf.isUseKeyStoreTls();
-
         if (tlsEnabled) {
-            if (tlsEnabledWithKeyStore) {
-                AuthenticationDataProvider authData1 = 
conf.getAuthentication().getAuthData();
-                if (StringUtils.isBlank(conf.getTlsTrustStorePath())) {
-                    throw new PulsarClientException("Failed to create TLS 
context, the tlsTrustStorePath"
-                            + " need to be configured if useKeyStoreTls 
enabled");
-                }
-                nettySSLContextAutoRefreshBuilder = new 
NettySSLContextAutoRefreshBuilder(
-                            conf.getSslProvider(),
-                            conf.isTlsAllowInsecureConnection(),
-                            conf.getTlsTrustStoreType(),
-                            conf.getTlsTrustStorePath(),
-                            conf.getTlsTrustStorePassword(),
-                            conf.getTlsKeyStoreType(),
-                            conf.getTlsKeyStorePath(),
-                            conf.getTlsKeyStorePassword(),
-                            conf.getTlsCiphers(),
-                            conf.getTlsProtocols(),
-                            TLS_CERTIFICATE_CACHE_MILLIS,
-                            authData1);
+            this.pulsarSslFactory = (PulsarSslFactory) 
Class.forName(conf.getSslFactoryPlugin())
+                    .getConstructor().newInstance();
+            try {
+                PulsarSslConfiguration sslConfiguration = 
buildSslConfiguration(conf);
+                this.pulsarSslFactory.initialize(sslConfiguration);
+                this.pulsarSslFactory.createInternalSslContext();
+            } catch (Exception e) {
+                log.error("Unable to initialize and create the ssl context", 
e);
+            }
+            if (scheduledExecutorService != null) {
+                scheduledExecutorService.scheduleWithFixedDelay(() -> 
this.refreshSslContext(conf),
+                        conf.getAutoCertRefreshSeconds(),
+                        conf.getAutoCertRefreshSeconds(),

Review Comment:
   @lhotari  Makes sense. Let me fix it.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to