[GitHub] [pulsar] BewareMyPower commented on a change in pull request #12446: [Doc] Add explanations for CryptoKeyReader

Thu, 21 Oct 2021 00:07:46 -0700 


BewareMyPower commented on a change in pull request #12446:
URL: https://github.com/apache/pulsar/pull/12446#discussion_r733376730



##########
File path: site2/docs/security-encryption.md
##########
@@ -39,118 +39,224 @@ openssl ec -in test_ecdsa_privkey.pem -pubout -outform 
pem -out test_ecdsa_pubke
 
 4. Add encryption key name to producer builder: 
PulsarClient.newProducer().addEncryptionKey("myapp.key").
 
-5. Add CryptoKeyReader implementation to producer or consumer builder: 
PulsarClient.newProducer().cryptoKeyReader(keyReader) / 
PulsarClient.newConsumer().cryptoKeyReader(keyReader).
-
-6. Sample producer application:
-
-```java
-class RawFileKeyReader implements CryptoKeyReader {
-
-    String publicKeyFile = "";
-    String privateKeyFile = "";
-
-    RawFileKeyReader(String pubKeyFile, String privKeyFile) {
-        publicKeyFile = pubKeyFile;
-        privateKeyFile = privKeyFile;
-    }
-
-    @Override
-    public EncryptionKeyInfo getPublicKey(String keyName, Map<String, String> 
keyMeta) {
-        EncryptionKeyInfo keyInfo = new EncryptionKeyInfo();
-        try {
-            keyInfo.setKey(Files.readAllBytes(Paths.get(publicKeyFile)));
-        } catch (IOException e) {
-            System.out.println("ERROR: Failed to read public key from file " + 
publicKeyFile);
-            e.printStackTrace();
-        }
-        return keyInfo;
-    }
-
-    @Override
-    public EncryptionKeyInfo getPrivateKey(String keyName, Map<String, String> 
keyMeta) {
-        EncryptionKeyInfo keyInfo = new EncryptionKeyInfo();
-        try {
-            keyInfo.setKey(Files.readAllBytes(Paths.get(privateKeyFile)));
-        } catch (IOException e) {
-            System.out.println("ERROR: Failed to read private key from file " 
+ privateKeyFile);
-            e.printStackTrace();
-        }
-        return keyInfo;
-    }
-}
-
-PulsarClient pulsarClient = 
PulsarClient.builder().serviceUrl("pulsar://localhost:6650").build();
-
-Producer producer = pulsarClient.newProducer()
-                .topic("persistent://my-tenant/my-ns/my-topic")
-                .addEncryptionKey("myappkey")
-                .cryptoKeyReader(new RawFileKeyReader("test_ecdsa_pubkey.pem", 
"test_ecdsa_privkey.pem"))
-                .create();
-
-for (int i = 0; i < 10; i++) {
-    producer.send("my-message".getBytes());
-}
-
-producer.close();
-pulsarClient.close();
-```
-7. Sample Consumer Application:
-
-```java
-class RawFileKeyReader implements CryptoKeyReader {
-
-    String publicKeyFile = "";
-    String privateKeyFile = "";
-
-    RawFileKeyReader(String pubKeyFile, String privKeyFile) {
-        publicKeyFile = pubKeyFile;
-        privateKeyFile = privKeyFile;
-    }
-
-    @Override
-    public EncryptionKeyInfo getPublicKey(String keyName, Map<String, String> 
keyMeta) {
-        EncryptionKeyInfo keyInfo = new EncryptionKeyInfo();
-        try {
-            keyInfo.setKey(Files.readAllBytes(Paths.get(publicKeyFile)));
-        } catch (IOException e) {
-            System.out.println("ERROR: Failed to read public key from file " + 
publicKeyFile);
-            e.printStackTrace();
-        }
-        return keyInfo;
-    }
-
-    @Override
-    public EncryptionKeyInfo getPrivateKey(String keyName, Map<String, String> 
keyMeta) {
-        EncryptionKeyInfo keyInfo = new EncryptionKeyInfo();
-        try {
-            keyInfo.setKey(Files.readAllBytes(Paths.get(privateKeyFile)));
-        } catch (IOException e) {
-            System.out.println("ERROR: Failed to read private key from file " 
+ privateKeyFile);
-            e.printStackTrace();
-        }
-        return keyInfo;
-    }
-}
-
-PulsarClient pulsarClient = 
PulsarClient.builder().serviceUrl("pulsar://localhost:6650").build();
-Consumer consumer = pulsarClient.newConsumer()
-                .topic("persistent://my-tenant/my-ns/my-topic")
-                .subscriptionName("my-subscriber-name")
-                .cryptoKeyReader(new RawFileKeyReader("test_ecdsa_pubkey.pem", 
"test_ecdsa_privkey.pem"))
-                .subscribe();
-Message msg = null;
-
-for (int i = 0; i < 10; i++) {
-    msg = consumer.receive();
-    // do something
-    System.out.println("Received: " + new String(msg.getData()));
-}
-
-// Acknowledge the consumption of all messages at once
-consumer.acknowledgeCumulative(msg);
-consumer.close();
-pulsarClient.close();
-```
+5. Suppose that you have a `KeyReader`, add `CryptoKeyReader` implementation 
to a producer, consumer, or reader builder. 

Review comment:
       This section should be more like configuring a `CryptoKeyReader` to a 
producer, consumer or reader.  I've said `keyReader` before because the 
configured object's name is `keyReader`, and the type is `CryptoKeyReader`.
   
   ```java
   CryptoKeyReader keyReader = ...
   ```
   
   In addition, the **builder** concept only applies to Java client.
   




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to