merlimat closed pull request #1246: Separating configuration for client and server trust store URL: https://github.com/apache/incubator-pulsar/pull/1246
This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/conf/broker.conf b/conf/broker.conf index dbea41db3..a432299a6 100644 --- a/conf/broker.conf +++ b/conf/broker.conf @@ -234,6 +234,7 @@ superUserRoles= # either in same or other clusters brokerClientAuthenticationPlugin= brokerClientAuthenticationParameters= +brokerClientTrustCertsFilePath= # Supported Athenz provider domain names(comma separated) for authentication athenzDomainNames= diff --git a/conf/proxy.conf b/conf/proxy.conf index d7c5afc4b..f878b8fa7 100644 --- a/conf/proxy.conf +++ b/conf/proxy.conf @@ -55,6 +55,7 @@ authorizationProvider=org.apache.pulsar.broker.authorization.PulsarAuthorization # Authentication settings of the proxy itself. Used to connect to brokers brokerClientAuthenticationPlugin= brokerClientAuthenticationParameters= +brokerClientTrustCertsFilePath= # Role names that are treated as "super-user", meaning they will be able to do all admin # operations and publish/consume from all topics (comma-separated) diff --git a/conf/websocket.conf b/conf/websocket.conf index 404bdeff5..b7293f159 100644 --- a/conf/websocket.conf +++ b/conf/websocket.conf @@ -74,6 +74,7 @@ superUserRoles= # Authentication settings of the proxy itself. Used to connect to brokers brokerClientAuthenticationPlugin= brokerClientAuthenticationParameters= +brokerClientTrustCertsFilePath= # When this parameter is not empty, unauthenticated users perform as anonymousUserRole anonymousUserRole= diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/ServiceConfiguration.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/ServiceConfiguration.java index 4be2195d5..8aa2f821f 100644 --- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/ServiceConfiguration.java +++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/ServiceConfiguration.java @@ -234,7 +234,9 @@ // to other brokers, either in same or other clusters. Default uses plugin which disables authentication private String brokerClientAuthenticationPlugin = "org.apache.pulsar.client.impl.auth.AuthenticationDisabled"; private String brokerClientAuthenticationParameters = ""; - + // Path for the trusted TLS certificate file for outgoing connection to a server (broker) + private String brokerClientTrustCertsFilePath = ""; + // When this parameter is not empty, unauthenticated users perform as anonymousUserRole private String anonymousUserRole = null; @@ -894,6 +896,14 @@ public void setBrokerClientAuthenticationParameters(String brokerClientAuthentic this.brokerClientAuthenticationParameters = brokerClientAuthenticationParameters; } + public String getBrokerClientTrustCertsFilePath() { + return brokerClientTrustCertsFilePath; + } + + public void setBrokerClientTrustCertsFilePath(String brokerClientTrustCertsFilePath) { + this.brokerClientTrustCertsFilePath = brokerClientTrustCertsFilePath; + } + public String getAnonymousUserRole() { return anonymousUserRole; } diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/BrokerService.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/BrokerService.java index 1eff83b0e..5cc125910 100644 --- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/BrokerService.java +++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/BrokerService.java @@ -511,7 +511,7 @@ public PulsarClient getReplicationClient(String cluster) { clusterUrl = isNotBlank(data.getBrokerServiceUrlTls()) ? data.getBrokerServiceUrlTls() : data.getServiceUrlTls(); configuration.setUseTls(true); - configuration.setTlsTrustCertsFilePath(pulsar.getConfiguration().getTlsTrustCertsFilePath()); + configuration.setTlsTrustCertsFilePath(pulsar.getConfiguration().getBrokerClientTrustCertsFilePath()); configuration .setTlsAllowInsecureConnection(pulsar.getConfiguration().isTlsAllowInsecureConnection()); } else { diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/websocket/proxy/ProxyPublishConsumeTlsTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/websocket/proxy/ProxyPublishConsumeTlsTest.java index fc1586b0a..ac79c8a00 100644 --- a/pulsar-broker/src/test/java/org/apache/pulsar/websocket/proxy/ProxyPublishConsumeTlsTest.java +++ b/pulsar-broker/src/test/java/org/apache/pulsar/websocket/proxy/ProxyPublishConsumeTlsTest.java @@ -68,6 +68,7 @@ public void setup() throws Exception { config.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH); config.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH); config.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH); + config.setBrokerClientTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH); config.setClusterName("use"); config.setGlobalZookeeperServers("dummy-zk-servers"); service = spy(new WebSocketService(config)); diff --git a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/DirectProxyHandler.java b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/DirectProxyHandler.java index 55faf5ce4..92ff1074a 100644 --- a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/DirectProxyHandler.java +++ b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/DirectProxyHandler.java @@ -87,11 +87,11 @@ protected void initChannel(SocketChannel ch) throws Exception { AuthenticationDataProvider authData = authentication.getAuthData(); if (authData.hasDataForTls()) { sslCtx = SecurityUtility.createNettySslContextForClient(config.isTlsAllowInsecureConnection(), - config.getTlsTrustCertsFilePath(), (X509Certificate[]) authData.getTlsCertificates(), + config.getBrokerClientTrustCertsFilePath(), (X509Certificate[]) authData.getTlsCertificates(), authData.getTlsPrivateKey()); } else { sslCtx = SecurityUtility.createNettySslContextForClient(config.isTlsAllowInsecureConnection(), - config.getTlsTrustCertsFilePath()); + config.getBrokerClientTrustCertsFilePath()); } ch.pipeline().addLast(TLS_HANDLER, sslCtx.newHandler(ch.alloc())); } diff --git a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConfiguration.java b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConfiguration.java index 71022ea81..071a35453 100644 --- a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConfiguration.java +++ b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConfiguration.java @@ -35,11 +35,11 @@ // ZooKeeper session timeout private int zookeeperSessionTimeoutMs = 30_000; - - // if Service Discovery is Disabled this url should point to the discovery service provider. + + // if Service Discovery is Disabled this url should point to the discovery service provider. private String brokerServiceURL; private String brokerServiceURLTLS; - + // Port to use to server binary-proto request private int servicePort = 6650; // Port to use to server binary-proto-tls request @@ -69,6 +69,7 @@ // Authentication settings of the proxy itself. Used to connect to brokers private String brokerClientAuthenticationPlugin; private String brokerClientAuthenticationParameters; + private String brokerClientTrustCertsFilePath; /***** --- TLS --- ****/ // Enable TLS for the proxy handler @@ -93,33 +94,33 @@ // Specify the tls cipher the broker will use to negotiate during TLS Handshake. // Example:- [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] private Set<String> tlsCiphers = Sets.newTreeSet(); - + private Properties properties = new Properties(); public boolean forwardAuthorizationCredentials() { return forwardAuthorizationCredentials; } - + public void setForwardAuthorizationCredentials(boolean forwardAuthorizationCredentials) { this.forwardAuthorizationCredentials = forwardAuthorizationCredentials; } - + public String getBrokerServiceURLTLS() { return brokerServiceURLTLS; } - + public void setBrokerServiceURLTLS(String discoveryServiceURLTLS) { this.brokerServiceURLTLS = discoveryServiceURLTLS; } - + public String getBrokerServiceURL() { return brokerServiceURL; } - + public void setBrokerServiceURL(String discoveryServiceURL) { this.brokerServiceURL = discoveryServiceURL; } - + public String getZookeeperServers() { return zookeeperServers; } @@ -248,6 +249,14 @@ public void setBrokerClientAuthenticationParameters(String brokerClientAuthentic this.brokerClientAuthenticationParameters = brokerClientAuthenticationParameters; } + public String getBrokerClientTrustCertsFilePath() { + return this.brokerClientTrustCertsFilePath; + } + + public void setBrokerClientTrustCertsFilePath(String brokerClientTlsTrustCertsFilePath) { + this.brokerClientTrustCertsFilePath = brokerClientTlsTrustCertsFilePath; + } + public boolean isAuthenticationEnabled() { return authenticationEnabled; } @@ -295,7 +304,7 @@ public Properties getProperties() { public void setProperties(Properties properties) { this.properties = properties; } - + public Set<String> getTlsProtocols() { return tlsProtocols; } diff --git a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyService.java b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyService.java index 0ddee4252..d95d83cb7 100644 --- a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyService.java +++ b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyService.java @@ -102,7 +102,7 @@ public ProxyService(ProxyConfiguration proxyConfig) throws IOException { } if (proxyConfig.isTlsEnabledWithBroker()) { clientConfiguration.setUseTls(true); - clientConfiguration.setTlsTrustCertsFilePath(proxyConfig.getTlsTrustCertsFilePath()); + clientConfiguration.setTlsTrustCertsFilePath(proxyConfig.getBrokerClientTrustCertsFilePath()); clientConfiguration.setTlsAllowInsecureConnection(proxyConfig.isTlsAllowInsecureConnection()); } diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyAuthenticatedProducerConsumerTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyAuthenticatedProducerConsumerTest.java index c62bbc1f1..626a56349 100644 --- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyAuthenticatedProducerConsumerTest.java +++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyAuthenticatedProducerConsumerTest.java @@ -89,7 +89,7 @@ protected void setup() throws Exception { conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName()); conf.setBrokerClientAuthenticationParameters( "tlsCertFile:" + TLS_CLIENT_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_SERVER_KEY_FILE_PATH); - + conf.setBrokerClientTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH); Set<String> providers = new HashSet<>(); providers.add(AuthenticationProviderTls.class.getName()); conf.setAuthenticationProviders(providers); @@ -113,10 +113,11 @@ protected void setup() throws Exception { proxyConfig.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH); proxyConfig.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH); proxyConfig.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH); - + proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName()); proxyConfig.setBrokerClientAuthenticationParameters( "tlsCertFile:" + TLS_CLIENT_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_CLIENT_KEY_FILE_PATH); + proxyConfig.setBrokerClientTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH); proxyConfig.setAuthenticationProviders(providers); proxyConfig.setZookeeperServers(DUMMY_VALUE); diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationNegTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationNegTest.java similarity index 87% rename from pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationNegTest.java rename to pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationNegTest.java index 04717ceac..53303b9c5 100644 --- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationNegTest.java +++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationNegTest.java @@ -54,18 +54,18 @@ import com.google.common.collect.Lists; import com.google.common.collect.Sets; -public class ProxyWithProxyAuthorizationNegTest extends ProducerConsumerBase { - private static final Logger log = LoggerFactory.getLogger(ProxyWithProxyAuthorizationNegTest.class); - - private final String TLS_PROXY_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem"; - private final String TLS_PROXY_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-cert.pem"; - private final String TLS_PROXY_KEY_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-key.pem"; - private final String TLS_SERVER_CERT_TRUST_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem"; - private final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-cert.pem"; - private final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-key.pem"; - private final String TLS_CLIENT_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem"; - private final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-cert.pem"; - private final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-key.pem"; +public class ProxyWithAuthorizationNegTest extends ProducerConsumerBase { + private static final Logger log = LoggerFactory.getLogger(ProxyWithAuthorizationNegTest.class); + + private final String TLS_PROXY_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cacert.pem"; + private final String TLS_PROXY_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cert.pem"; + private final String TLS_PROXY_KEY_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-key.pem"; + private final String TLS_BROKER_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cacert.pem"; + private final String TLS_BROKER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cert.pem"; + private final String TLS_BROKER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-key.pem"; + private final String TLS_CLIENT_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cacert.pem"; + private final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cert.pem"; + private final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-key.pem"; private final String TLS_SUPERUSER_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem"; private final String TLS_SUPERUSER_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem"; private final String TLS_SUPERUSER_CLIENT_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem"; @@ -82,9 +82,9 @@ protected void setup() throws Exception { conf.setAuthorizationEnabled(true); conf.setTlsEnabled(true); - conf.setTlsTrustCertsFilePath(TLS_SERVER_CERT_TRUST_FILE_PATH); - conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH); - conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH); + conf.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH); + conf.setTlsCertificateFilePath(TLS_BROKER_CERT_FILE_PATH); + conf.setTlsKeyFilePath(TLS_BROKER_KEY_FILE_PATH); conf.setTlsAllowInsecureConnection(true); Set<String> superUserRoles = new HashSet<>(); @@ -93,7 +93,7 @@ protected void setup() throws Exception { conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName()); conf.setBrokerClientAuthenticationParameters( - "tlsCertFile:" + TLS_SERVER_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_SERVER_KEY_FILE_PATH); + "tlsCertFile:" + TLS_BROKER_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_BROKER_KEY_FILE_PATH); Set<String> providers = new HashSet<>(); providers.add(AuthenticationProviderTls.class.getName()); @@ -119,11 +119,13 @@ protected void setup() throws Exception { // enable tls and auth&auth at proxy proxyConfig.setTlsCertificateFilePath(TLS_PROXY_CERT_FILE_PATH); proxyConfig.setTlsKeyFilePath(TLS_PROXY_KEY_FILE_PATH); - proxyConfig.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH); + proxyConfig.setTlsTrustCertsFilePath(TLS_CLIENT_TRUST_CERT_FILE_PATH); proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName()); proxyConfig.setBrokerClientAuthenticationParameters( "tlsCertFile:" + TLS_PROXY_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_PROXY_KEY_FILE_PATH); + proxyConfig.setBrokerClientTrustCertsFilePath(TLS_BROKER_TRUST_CERT_FILE_PATH); + proxyConfig.setAuthenticationProviders(providers); proxyService = Mockito.spy(new ProxyService(proxyConfig)); @@ -225,7 +227,7 @@ protected final void createAdminClient() throws Exception { authTls.configure(authParams); org.apache.pulsar.client.api.ClientConfiguration clientConf = new org.apache.pulsar.client.api.ClientConfiguration(); clientConf.setStatsInterval(0, TimeUnit.SECONDS); - clientConf.setTlsTrustCertsFilePath(TLS_SUPERUSER_CLIENT_TRUST_CERT_FILE_PATH); + clientConf.setTlsTrustCertsFilePath(TLS_BROKER_TRUST_CERT_FILE_PATH); clientConf.setTlsAllowInsecureConnection(true); clientConf.setAuthentication(authTls); clientConf.setUseTls(true); @@ -241,7 +243,7 @@ private PulsarClient createPulsarClient(String proxyServiceUrl) throws PulsarCli authTls.configure(authParams); org.apache.pulsar.client.api.ClientConfiguration clientConf = new org.apache.pulsar.client.api.ClientConfiguration(); clientConf.setStatsInterval(0, TimeUnit.SECONDS); - clientConf.setTlsTrustCertsFilePath(TLS_CLIENT_TRUST_CERT_FILE_PATH); + clientConf.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH); clientConf.setTlsAllowInsecureConnection(true); clientConf.setAuthentication(authTls); clientConf.setUseTls(true); diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationTest.java similarity index 92% rename from pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationTest.java rename to pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationTest.java index becfc2b64..93be90fc9 100644 --- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationTest.java +++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationTest.java @@ -56,18 +56,18 @@ import com.google.common.collect.Lists; import com.google.common.collect.Sets; -public class ProxyWithProxyAuthorizationTest extends ProducerConsumerBase { - private static final Logger log = LoggerFactory.getLogger(ProxyWithProxyAuthorizationTest.class); - - private final String TLS_PROXY_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem"; - private final String TLS_PROXY_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-cert.pem"; - private final String TLS_PROXY_KEY_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-key.pem"; - private final String TLS_SERVER_CERT_TRUST_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem"; - private final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-cert.pem"; - private final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-key.pem"; - private final String TLS_CLIENT_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem"; - private final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-cert.pem"; - private final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-key.pem"; +public class ProxyWithAuthorizationTest extends ProducerConsumerBase { + private static final Logger log = LoggerFactory.getLogger(ProxyWithAuthorizationTest.class); + + private final String TLS_PROXY_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cacert.pem"; + private final String TLS_PROXY_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cert.pem"; + private final String TLS_PROXY_KEY_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-key.pem"; + private final String TLS_BROKER_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cacert.pem"; + private final String TLS_BROKER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cert.pem"; + private final String TLS_BROKER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-key.pem"; + private final String TLS_CLIENT_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cacert.pem"; + private final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cert.pem"; + private final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-key.pem"; private final String TLS_SUPERUSER_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem"; private final String TLS_SUPERUSER_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem"; private final String TLS_SUPERUSER_CLIENT_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem"; @@ -144,9 +144,9 @@ protected void setup() throws Exception { conf.setAuthorizationEnabled(true); conf.setTlsEnabled(true); - conf.setTlsTrustCertsFilePath(TLS_SERVER_CERT_TRUST_FILE_PATH); - conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH); - conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH); + conf.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH); + conf.setTlsCertificateFilePath(TLS_BROKER_CERT_FILE_PATH); + conf.setTlsKeyFilePath(TLS_BROKER_KEY_FILE_PATH); conf.setTlsAllowInsecureConnection(true); Set<String> superUserRoles = new HashSet<>(); @@ -155,8 +155,8 @@ protected void setup() throws Exception { conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName()); conf.setBrokerClientAuthenticationParameters( - "tlsCertFile:" + TLS_SERVER_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_SERVER_KEY_FILE_PATH); - + "tlsCertFile:" + TLS_BROKER_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_BROKER_KEY_FILE_PATH); + conf.setBrokerClientTrustCertsFilePath(TLS_BROKER_TRUST_CERT_FILE_PATH); Set<String> providers = new HashSet<>(); providers.add(AuthenticationProviderTls.class.getName()); conf.setAuthenticationProviders(providers); @@ -181,8 +181,8 @@ protected void setup() throws Exception { // enable tls and auth&auth at proxy proxyConfig.setTlsCertificateFilePath(TLS_PROXY_CERT_FILE_PATH); proxyConfig.setTlsKeyFilePath(TLS_PROXY_KEY_FILE_PATH); - proxyConfig.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH); - + proxyConfig.setTlsTrustCertsFilePath(TLS_CLIENT_TRUST_CERT_FILE_PATH); + proxyConfig.setBrokerClientTrustCertsFilePath(TLS_BROKER_TRUST_CERT_FILE_PATH); proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName()); proxyConfig.setBrokerClientAuthenticationParameters( "tlsCertFile:" + TLS_PROXY_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_PROXY_KEY_FILE_PATH); @@ -396,12 +396,12 @@ public void tlsCiphersAndProtocols(Set<String> tlsCiphers, Set<String> tlsProtoc // enable tls and auth&auth at proxy proxyConfig.setTlsCertificateFilePath(TLS_PROXY_CERT_FILE_PATH); proxyConfig.setTlsKeyFilePath(TLS_PROXY_KEY_FILE_PATH); - proxyConfig.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH); + proxyConfig.setTlsTrustCertsFilePath(TLS_CLIENT_TRUST_CERT_FILE_PATH); proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName()); proxyConfig.setBrokerClientAuthenticationParameters( "tlsCertFile:" + TLS_PROXY_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_PROXY_KEY_FILE_PATH); - + proxyConfig.setBrokerClientTrustCertsFilePath(TLS_BROKER_TRUST_CERT_FILE_PATH); Set<String> providers = new HashSet<>(); providers.add(AuthenticationProviderTls.class.getName()); conf.setAuthenticationProviders(providers); @@ -448,7 +448,7 @@ protected final void createAdminClient() throws Exception { authTls.configure(authParams); org.apache.pulsar.client.api.ClientConfiguration clientConf = new org.apache.pulsar.client.api.ClientConfiguration(); clientConf.setStatsInterval(0, TimeUnit.SECONDS); - clientConf.setTlsTrustCertsFilePath(TLS_SUPERUSER_CLIENT_TRUST_CERT_FILE_PATH); + clientConf.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH); clientConf.setTlsAllowInsecureConnection(true); clientConf.setAuthentication(authTls); clientConf.setUseTls(true); @@ -463,7 +463,7 @@ private PulsarClient createPulsarClient(String proxyServiceUrl, ClientConfigurat Authentication authTls = new AuthenticationTls(); authTls.configure(authParams); clientConf.setStatsInterval(0, TimeUnit.SECONDS); - clientConf.setTlsTrustCertsFilePath(TLS_CLIENT_TRUST_CERT_FILE_PATH); + clientConf.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH); clientConf.setTlsAllowInsecureConnection(true); clientConf.setAuthentication(authTls); clientConf.setUseTls(true); diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java index 6b47d2db9..5a872cef5 100644 --- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java +++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java @@ -116,6 +116,8 @@ protected void setup() throws Exception { proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName()); proxyConfig.setBrokerClientAuthenticationParameters( "tlsCertFile:" + TLS_CLIENT_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_CLIENT_KEY_FILE_PATH); + proxyConfig.setBrokerClientTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH); + proxyConfig.setAuthenticationProviders(providers); proxyService = Mockito.spy(new ProxyService(proxyConfig)); diff --git a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cacert.pem b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cacert.pem new file mode 100644 index 000000000..08cfc67dd --- /dev/null +++ b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cacert.pem @@ -0,0 +1,62 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c1:32:3f:61:ff:0d:77:64 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=CA, O=Apache Pulsar, OU=Broker, CN=Broker + Validity + Not Before: Feb 18 03:51:25 2018 GMT + Not After : Feb 17 03:51:25 2021 GMT + Subject: C=US, ST=CA, O=Apache Pulsar, OU=Broker, CN=Broker + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ba:01:81:08:33:0c:38:03:e1:3b:7d:9e:0c:c5: + 9f:1e:c6:18:31:21:2d:67:1a:69:52:e0:76:52:c8: + 7b:c3:83:83:31:e1:5b:3f:4f:ad:7c:75:59:a1:39: + df:a3:7b:a2:e6:e7:10:02:8f:2f:ad:13:9c:8a:f6: + 13:b1:43:6e:54:cd:a5:fe:35:57:ef:e1:a8:f3:48: + 09:ad:a7:1b:6d:ae:db:73:52:1c:0b:95:eb:da:e2: + fa:4e:4b:d8:78:77:a1:61:8d:a3:e0:f9:9a:49:87: + 42:45:71:2e:a8:7a:d1:1e:c3:1d:ea:40:3f:3a:7c: + a6:e3:34:ec:db:53:e7:d3:a9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 54:D1:B0:95:A0:92:D5:5A:C0:35:8F:6C:EE:D5:6C:4E:90:48:2E:10 + X509v3 Authority Key Identifier: + keyid:54:D1:B0:95:A0:92:D5:5A:C0:35:8F:6C:EE:D5:6C:4E:90:48:2E:10 + DirName:/C=US/ST=CA/O=Apache Pulsar/OU=Broker/CN=Broker + serial:C1:32:3F:61:FF:0D:77:64 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 81:81:2e:55:77:02:81:a6:dc:31:ce:ee:50:1e:c4:79:6f:14: + b0:5e:b3:85:99:0e:29:ba:ab:5e:b5:0b:f7:aa:71:bb:20:ae: + 7a:08:1e:f3:5a:7a:a1:7d:b9:a6:89:9e:89:d4:a3:c5:68:22: + 04:99:99:b0:e7:a8:c1:ac:17:76:1e:3d:e9:07:62:99:da:38: + ec:0e:7c:d8:3e:bc:0c:cb:71:31:9f:d1:6a:5c:d3:b1:1b:82: + 11:8e:69:b7:f9:1c:a7:19:b8:6d:a4:2d:6a:85:8f:5f:f5:e3: + 32:47:8b:85:47:ba:ef:66:c1:ad:f7:1f:b6:f2:9b:9a:65:3f: + 2f:42 +-----BEGIN CERTIFICATE----- +MIIC3jCCAkegAwIBAgIJAMEyP2H/DXdkMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNV +BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1bHNhcjEPMA0G +A1UECxMGQnJva2VyMQ8wDQYDVQQDEwZCcm9rZXIwHhcNMTgwMjE4MDM1MTI1WhcN +MjEwMjE3MDM1MTI1WjBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNV +BAoTDUFwYWNoZSBQdWxzYXIxDzANBgNVBAsTBkJyb2tlcjEPMA0GA1UEAxMGQnJv +a2VyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6AYEIMww4A+E7fZ4MxZ8e +xhgxIS1nGmlS4HZSyHvDg4Mx4Vs/T618dVmhOd+je6Lm5xACjy+tE5yK9hOxQ25U +zaX+NVfv4ajzSAmtpxttrttzUhwLleva4vpOS9h4d6FhjaPg+ZpJh0JFcS6oetEe +wx3qQD86fKbjNOzbU+fTqQIDAQABo4G3MIG0MB0GA1UdDgQWBBRU0bCVoJLVWsA1 +j2zu1WxOkEguEDCBhAYDVR0jBH0we4AUVNGwlaCS1VrANY9s7tVsTpBILhChWKRW +MFQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1 +bHNhcjEPMA0GA1UECxMGQnJva2VyMQ8wDQYDVQQDEwZCcm9rZXKCCQDBMj9h/w13 +ZDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIGBLlV3AoGm3DHO7lAe +xHlvFLBes4WZDim6q161C/eqcbsgrnoIHvNaeqF9uaaJnonUo8VoIgSZmbDnqMGs +F3YePekHYpnaOOwOfNg+vAzLcTGf0Wpc07EbghGOabf5HKcZuG2kLWqFj1/14zJH +i4VHuu9mwa33H7bym5plPy9C +-----END CERTIFICATE----- diff --git a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cert.pem b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cert.pem new file mode 100644 index 000000000..5ce3ce594 --- /dev/null +++ b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cert.pem @@ -0,0 +1,72 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c1:32:3f:61:ff:0d:77:65 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=CA, O=Apache Pulsar, OU=Broker, CN=Broker + Validity + Not Before: Feb 18 03:53:39 2018 GMT + Not After : Nov 16 00:00:00 2030 GMT + Subject: C=US, ST=CA, O=Apache Pulsar, OU=Broker, CN=Broker + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:ca:77:dc:2a:13:25:24:cb:29:62:06:12:5f:a8: + 92:c9:53:d6:3f:07:ca:aa:0a:5f:72:92:cd:b7:ea: + 45:47:71:f0:63:4f:58:1a:3d:fa:ce:a6:73:90:c0: + a9:f7:25:f0:76:75:ed:b2:03:17:be:d8:8a:56:f3: + 4f:6a:4c:7e:03:65:95:e5:45:eb:8d:47:e8:60:5e: + 9e:38:74:50:54:65:a0:ec:d8:5c:65:60:34:1b:96: + 83:7d:71:d4:5d:7f:e3:62:59:67:e8:f0:d6:24:7d: + c0:6e:37:03:54:4c:3d:0c:33:39:9b:33:e1:52:44: + c5:43:da:ea:ee:2c:f3:1c:16:2e:46:4c:7c:9f:5d: + 4d:6e:fe:8c:23:9e:f7:7e:9f:39:c1:71:06:52:f4: + 26:9a:22:d4:cf:c5:25:39:a9:d2:e4:24:c6:d8:4a: + 48:a2:ee:76:25:cb:3c:f0:bf:cd:10:77:ff:81:11: + 43:21:cc:3b:cc:10:7a:07:84:fc:cc:02:a2:45:de: + 91:2d:6b:d1:ed:17:1a:d0:46:f4:ae:7d:b3:89:f8: + 31:77:95:e5:46:b1:a9:31:d6:d8:e3:47:00:b2:81: + 81:db:8a:1c:d9:f1:cd:e3:4d:35:f6:38:91:0d:ea: + 07:f0:b0:06:4f:2c:4c:75:c2:37:ff:35:0d:b1:42: + 06:0b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 71:34:A9:AE:A7:29:C0:93:85:07:94:FE:63:AE:61:91:1D:7B:57:7D + X509v3 Authority Key Identifier: + keyid:54:D1:B0:95:A0:92:D5:5A:C0:35:8F:6C:EE:D5:6C:4E:90:48:2E:10 + + Signature Algorithm: sha1WithRSAEncryption + 24:ce:79:65:1d:bd:1a:4b:0f:7b:c2:91:e5:0b:43:4b:c7:28: + c0:b7:77:9b:57:ca:c7:05:37:46:2d:f9:cd:1f:f9:f7:95:44: + 39:e9:69:64:c1:33:6e:0f:dd:56:dc:e7:f4:18:aa:e6:92:8a: + f1:73:ff:90:72:a1:2c:46:e5:14:9a:d7:25:fe:ac:aa:3c:bc: + 81:50:d0:09:1a:e8:2e:3b:bc:77:ac:e1:f7:ef:eb:7d:76:44: + 5f:29:a9:2f:4a:92:33:2d:60:0f:d5:6d:12:c4:e3:a4:4a:eb: + 95:8c:d8:06:06:59:c1:3e:31:12:de:23:ac:af:75:0e:9c:b0: + 9a:a5 +-----BEGIN CERTIFICATE----- +MIIDJTCCAo6gAwIBAgIJAMEyP2H/DXdlMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNV +BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1bHNhcjEPMA0G +A1UECxMGQnJva2VyMQ8wDQYDVQQDEwZCcm9rZXIwHhcNMTgwMjE4MDM1MzM5WhcN +MzAxMTE2MDAwMDAwWjBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNV +BAoTDUFwYWNoZSBQdWxzYXIxDzANBgNVBAsTBkJyb2tlcjEPMA0GA1UEAxMGQnJv +a2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynfcKhMlJMspYgYS +X6iSyVPWPwfKqgpfcpLNt+pFR3HwY09YGj36zqZzkMCp9yXwdnXtsgMXvtiKVvNP +akx+A2WV5UXrjUfoYF6eOHRQVGWg7NhcZWA0G5aDfXHUXX/jYlln6PDWJH3AbjcD +VEw9DDM5mzPhUkTFQ9rq7izzHBYuRkx8n11Nbv6MI573fp85wXEGUvQmmiLUz8Ul +OanS5CTG2EpIou52Jcs88L/NEHf/gRFDIcw7zBB6B4T8zAKiRd6RLWvR7Rca0Eb0 +rn2zifgxd5XlRrGpMdbY40cAsoGB24oc2fHN40019jiRDeoH8LAGTyxMdcI3/zUN +sUIGCwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM +IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUcTSprqcpwJOFB5T+Y65h +kR17V30wHwYDVR0jBBgwFoAUVNGwlaCS1VrANY9s7tVsTpBILhAwDQYJKoZIhvcN +AQEFBQADgYEAJM55ZR29GksPe8KR5QtDS8cowLd3m1fKxwU3Ri35zR/595VEOelp +ZMEzbg/dVtzn9Biq5pKK8XP/kHKhLEblFJrXJf6sqjy8gVDQCRroLju8d6zh9+/r +fXZEXympL0qSMy1gD9VtEsTjpErrlYzYBgZZwT4xEt4jrK91DpywmqU= +-----END CERTIFICATE----- diff --git a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-key.pem b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-key.pem new file mode 100644 index 000000000..63bbb7bfe --- /dev/null +++ b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDKd9wqEyUkyyli +BhJfqJLJU9Y/B8qqCl9yks236kVHcfBjT1gaPfrOpnOQwKn3JfB2de2yAxe+2IpW +809qTH4DZZXlReuNR+hgXp44dFBUZaDs2FxlYDQbloN9cdRdf+NiWWfo8NYkfcBu +NwNUTD0MMzmbM+FSRMVD2uruLPMcFi5GTHyfXU1u/owjnvd+nznBcQZS9CaaItTP +xSU5qdLkJMbYSkii7nYlyzzwv80Qd/+BEUMhzDvMEHoHhPzMAqJF3pEta9HtFxrQ +RvSufbOJ+DF3leVGsakx1tjjRwCygYHbihzZ8c3jTTX2OJEN6gfwsAZPLEx1wjf/ +NQ2xQgYLAgMBAAECggEARpLZD2F1BQo79osfRHDCGaM7fuT8Y6ER/CHnyz/BvlGc +9UDm+N652eZzSfWeSSPUWbZpkC87y643Km/NMsRO+Ggkg7KHlMuH2G+ivxLsHT7/ +hQ81xbBu+V7Rnpxa5ex6GgIIEk5Alp+uv7w1UODyNpp0bgD7fW2zRR+93B+W7ia+ +aWLcFur1LgGUVpqmlDKZBLD+q3oJ7ddi/uam8WS41IxtUvUVW4L8Pz4sCGjVqEMC +1SbUuuNT5dWLas21c5RhLn1mfyKzLSfeL63+WLuaEobR3GpLDJeG/P6CUCJfrN+j +NtTDFq89QxGzgN6Rvy9MuHC4kHWHvgGlfZ7uZdzWgQKBgQDl3CabW+ZNPCZk3JHU +fGI0Xb3jQElooXOqZOH+FgGKnrbNb7j04Gjs1P4/XibnVsvgwCL8TbR1hgBD6/Qx +z0Sd2T0nwCmLyO9LzyOrlpcKaKF+4OYFPKiqZGV1jXhCQXH9b7IXufS8U4uXwD+Z +elw5MOD6DON7ud9V5E/J5ST58QKBgQDhfkKvtgzaLPD17Bx0M30buHzQuQHplpc4 +J0WGWUXR6rui5tCeHoASAl+UNAFReWJ7Ra+iTHMNqwolVsSQVzmX6e8342f9y0bV +3iv1ge/dA75gEqxifqSXHVm6T/j40DBIr4fwjl5L2qCB/JKCyRvoCK3pDrYZLXWP +DRWhssujuwKBgQCfQBhrWI9FgV/kT0Clo4tyVmQBtv9lAz6clgpQvDRTMsTZrgbJ +eVSYiLSheHyhmGvmCZfzj25wYed7J1Vm0P/sEJ8jFCp0k0DfF+LRtaJtbrI8sloK +1MzSSH5WpC3mUWtFOAZ+E7Kwa31yJJqrna+ZW/jypM1SYiOOYYC6Ewy8MQKBgFdq +GPQBAQ57KZZMR+OMKk3awRgxAFrLdCfioYMpjHWKJ99I10rUzBUvMlpDptcs1U6w +fxvNwzRjP/Wlo2HJTpxjpcbms2Ohr/4suKHeE1x8nQqlcopkSe4DBMvDQOND4dPr +qClLJ6cERADgJvPofpb+9lxIxbMQ+mfQTLh4lZUNAoGAPfAhkt8i6L3VkBIMaV9X +U+6q4brsT0dNLOO/lgf5FXQuCg0WIgBIb1vrGDD1i9WAUiNN8zzYK9UxqjpAtRAe +LgPYX5GHXR0ceR0MQNHdbc4RRjJbPmgey+d7pc9EUn8WWt/uXIeo01DHBPPjsgHr +k/JZjqmRla+2pklmoG2sfI0= +-----END PRIVATE KEY----- diff --git a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cacert.pem b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cacert.pem new file mode 100644 index 000000000..2940c4c5b --- /dev/null +++ b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cacert.pem @@ -0,0 +1,62 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + f8:db:4d:4a:12:e2:bf:0a + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=CA, O=Apache Pulsar, OU=Client, CN=Client + Validity + Not Before: Feb 18 03:56:51 2018 GMT + Not After : Feb 17 03:56:51 2021 GMT + Subject: C=US, ST=CA, O=Apache Pulsar, OU=Client, CN=Client + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c9:b4:bc:fe:63:eb:34:97:fb:c2:bd:84:d4:47: + ea:5e:21:3f:ce:7e:0b:38:b9:a7:5c:9b:02:93:34: + 06:68:1c:2c:7e:5a:d9:a9:c6:db:39:d5:5a:40:52: + e8:63:bb:db:76:78:8a:8c:a7:cb:dc:23:9e:b2:56: + 6a:c9:4f:5e:8d:f0:50:1c:2f:68:ef:0e:03:d7:e9: + 30:0e:6e:45:eb:a6:39:0d:67:9c:b2:f7:10:e7:a5: + a4:f3:4a:6e:0d:d3:86:6f:16:66:15:04:fb:4f:95: + f1:bd:c2:36:3c:5d:b3:c3:7b:a9:36:c5:f1:1a:64: + c6:b5:f7:ff:c2:be:09:c0:35 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 4F:E4:CE:4A:8E:79:B6:43:C0:A4:9F:8B:78:A9:6F:BD:60:81:46:54 + X509v3 Authority Key Identifier: + keyid:4F:E4:CE:4A:8E:79:B6:43:C0:A4:9F:8B:78:A9:6F:BD:60:81:46:54 + DirName:/C=US/ST=CA/O=Apache Pulsar/OU=Client/CN=Client + serial:F8:DB:4D:4A:12:E2:BF:0A + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 85:04:19:99:c8:27:4f:f2:60:71:6b:f4:25:d0:b2:d0:eb:6a: + d8:1a:1d:5f:c5:a5:c5:af:1b:41:16:30:a2:42:f2:53:85:5e: + 42:03:9d:e8:75:35:14:46:91:18:b3:12:ad:b8:db:7f:12:0f: + 32:8b:02:ff:51:0c:ce:d9:15:01:98:11:81:61:e0:f2:52:d3: + 36:2b:9f:b5:93:67:80:70:57:b8:cb:a3:5d:94:14:93:cd:f7: + a4:b0:d0:43:a6:f7:5e:c1:bc:b1:95:1e:dc:2d:b4:67:65:24: + 6b:9d:eb:fc:ef:6f:ea:ea:c6:59:4c:fe:05:3f:48:89:47:a1: + f2:b1 +-----BEGIN CERTIFICATE----- +MIIC3jCCAkegAwIBAgIJAPjbTUoS4r8KMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNV +BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1bHNhcjEPMA0G +A1UECxMGQ2xpZW50MQ8wDQYDVQQDEwZDbGllbnQwHhcNMTgwMjE4MDM1NjUxWhcN +MjEwMjE3MDM1NjUxWjBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNV +BAoTDUFwYWNoZSBQdWxzYXIxDzANBgNVBAsTBkNsaWVudDEPMA0GA1UEAxMGQ2xp +ZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJtLz+Y+s0l/vCvYTUR+pe +IT/Ofgs4uadcmwKTNAZoHCx+Wtmpxts51VpAUuhju9t2eIqMp8vcI56yVmrJT16N +8FAcL2jvDgPX6TAObkXrpjkNZ5yy9xDnpaTzSm4N04ZvFmYVBPtPlfG9wjY8XbPD +e6k2xfEaZMa19//CvgnANQIDAQABo4G3MIG0MB0GA1UdDgQWBBRP5M5Kjnm2Q8Ck +n4t4qW+9YIFGVDCBhAYDVR0jBH0we4AUT+TOSo55tkPApJ+LeKlvvWCBRlShWKRW +MFQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1 +bHNhcjEPMA0GA1UECxMGQ2xpZW50MQ8wDQYDVQQDEwZDbGllbnSCCQD4201KEuK/ +CjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIUEGZnIJ0/yYHFr9CXQ +stDratgaHV/FpcWvG0EWMKJC8lOFXkIDneh1NRRGkRizEq24238SDzKLAv9RDM7Z +FQGYEYFh4PJS0zYrn7WTZ4BwV7jLo12UFJPN96Sw0EOm917BvLGVHtwttGdlJGud +6/zvb+rqxllM/gU/SIlHofKx +-----END CERTIFICATE----- diff --git a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cert.pem b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cert.pem new file mode 100644 index 000000000..2412bc024 --- /dev/null +++ b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cert.pem @@ -0,0 +1,72 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + f8:db:4d:4a:12:e2:bf:0b + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=CA, O=Apache Pulsar, OU=Client, CN=Client + Validity + Not Before: Feb 18 03:58:13 2018 GMT + Not After : Nov 16 00:00:00 2030 GMT + Subject: C=US, ST=CA, O=Apache Pulsar, OU=Client, CN=Client + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:de:1e:10:bd:64:13:c1:6c:7a:49:86:01:3b:ab: + ab:1d:ec:b2:93:41:6c:6c:21:f2:e6:15:1b:51:ce: + ad:67:fd:18:3e:7f:7a:64:a2:62:5f:2e:0b:59:b4: + ed:d9:17:0e:b7:bc:50:66:41:b7:e3:c4:71:c9:73: + 73:3d:d8:6d:34:80:f2:e3:b9:98:8f:2b:54:14:95: + b3:51:1b:d6:91:85:cd:b7:34:a2:50:b6:f1:86:6e: + 07:30:fa:ae:55:a0:5d:f9:7c:1c:91:50:62:7d:bb: + 14:86:92:0a:ac:29:3e:28:1b:99:ca:30:63:dc:a9: + 5f:05:f8:38:3e:30:10:02:9f:cc:94:d7:47:e0:1a: + f4:1c:68:96:3d:12:5e:58:21:41:2c:ec:96:ad:9e: + 08:56:83:7a:92:5f:4b:e6:bd:01:16:70:28:af:aa: + 27:1d:c4:fe:b2:09:bf:a5:b4:47:d9:58:4b:fe:41: + 81:0e:a2:46:57:c1:39:7c:8d:e4:b1:a7:25:e6:b4: + dd:f3:9e:24:c9:e7:c0:8c:1a:b4:ab:dd:b9:33:bf: + 11:cb:be:bb:22:f7:fc:ad:c4:40:41:d7:ef:37:08: + 1a:95:45:1f:db:14:5f:0b:f8:48:ff:41:24:cb:5c: + 8e:18:48:4c:5f:19:e9:b0:7b:22:d3:bc:42:32:45: + 9a:d1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + E1:E9:57:60:A7:47:48:F0:1F:A8:C6:2F:95:BF:3A:42:DB:BC:7A:4D + X509v3 Authority Key Identifier: + keyid:4F:E4:CE:4A:8E:79:B6:43:C0:A4:9F:8B:78:A9:6F:BD:60:81:46:54 + + Signature Algorithm: sha1WithRSAEncryption + a5:eb:02:90:4c:a3:33:e4:6c:c3:47:66:94:d8:3c:05:c0:ac: + f4:44:56:de:85:a8:41:4a:bb:28:0f:7e:aa:b9:58:40:a4:22: + b3:a3:46:94:42:0c:f2:93:0e:b5:c1:17:29:58:48:12:4a:3d: + 83:40:e0:6b:07:11:54:ca:7b:58:a8:f3:7a:e4:3d:69:aa:04: + 2e:3a:5e:d8:c1:ac:08:2f:41:17:b4:cb:35:89:00:65:f1:2b: + 07:80:4c:c2:90:49:cd:2d:ca:43:8c:64:c1:eb:8a:b3:88:d1: + 4b:50:95:14:41:4b:b7:76:b2:10:97:52:63:bf:17:c7:36:6f: + d8:bb +-----BEGIN CERTIFICATE----- +MIIDJTCCAo6gAwIBAgIJAPjbTUoS4r8LMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNV +BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1bHNhcjEPMA0G +A1UECxMGQ2xpZW50MQ8wDQYDVQQDEwZDbGllbnQwHhcNMTgwMjE4MDM1ODEzWhcN +MzAxMTE2MDAwMDAwWjBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNV +BAoTDUFwYWNoZSBQdWxzYXIxDzANBgNVBAsTBkNsaWVudDEPMA0GA1UEAxMGQ2xp +ZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3h4QvWQTwWx6SYYB +O6urHeyyk0FsbCHy5hUbUc6tZ/0YPn96ZKJiXy4LWbTt2RcOt7xQZkG348RxyXNz +PdhtNIDy47mYjytUFJWzURvWkYXNtzSiULbxhm4HMPquVaBd+XwckVBifbsUhpIK +rCk+KBuZyjBj3KlfBfg4PjAQAp/MlNdH4Br0HGiWPRJeWCFBLOyWrZ4IVoN6kl9L +5r0BFnAor6onHcT+sgm/pbRH2VhL/kGBDqJGV8E5fI3ksacl5rTd854kyefAjBq0 +q925M78Ry767Ivf8rcRAQdfvNwgalUUf2xRfC/hI/0Eky1yOGEhMXxnpsHsi07xC +MkWa0QIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM +IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU4elXYKdHSPAfqMYvlb86 +Qtu8ek0wHwYDVR0jBBgwFoAUT+TOSo55tkPApJ+LeKlvvWCBRlQwDQYJKoZIhvcN +AQEFBQADgYEApesCkEyjM+Rsw0dmlNg8BcCs9ERW3oWoQUq7KA9+qrlYQKQis6NG +lEIM8pMOtcEXKVhIEko9g0DgawcRVMp7WKjzeuQ9aaoELjpe2MGsCC9BF7TLNYkA +ZfErB4BMwpBJzS3KQ4xkweuKs4jRS1CVFEFLt3ayEJdSY78XxzZv2Ls= +-----END CERTIFICATE----- diff --git a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-key.pem b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-key.pem new file mode 100644 index 000000000..0f8ce4624 --- /dev/null +++ b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDeHhC9ZBPBbHpJ +hgE7q6sd7LKTQWxsIfLmFRtRzq1n/Rg+f3pkomJfLgtZtO3ZFw63vFBmQbfjxHHJ +c3M92G00gPLjuZiPK1QUlbNRG9aRhc23NKJQtvGGbgcw+q5VoF35fByRUGJ9uxSG +kgqsKT4oG5nKMGPcqV8F+Dg+MBACn8yU10fgGvQcaJY9El5YIUEs7JatnghWg3qS +X0vmvQEWcCivqicdxP6yCb+ltEfZWEv+QYEOokZXwTl8jeSxpyXmtN3zniTJ58CM +GrSr3bkzvxHLvrsi9/ytxEBB1+83CBqVRR/bFF8L+Ej/QSTLXI4YSExfGemweyLT +vEIyRZrRAgMBAAECggEBAIOeh0bjLb25fUFiMgrc8Bpcb3lJFGmDOH9U1IqGkUUE +ukAWpD1L6EUEcN9okmTJAASqh24A1WoXt2Grkwd730J0gvmkuh1kjH9iMg8HEv/K +rRs6ClEQB1EklAhXE8VTsTwsanVFkAd3O3N+yOo5ykZUDK6+O/6/MrrD2vgm3OXg +FnqfS3JLZvMy7Q7xPxUZquuwi7sdSSgvmh1krwhrX12ZT5AncAySflnhutB1DpbE +0M9YJ35XDAxGpgRvWGFxvK9fCWaVSgxTgMPOuEoaCN90Qj1sEdGhvuvNQZ2EVp20 +oAs3p3NnpToppXXQ8cnYwtPD+J4AMwOuEKmwpCSgLa0CgYEA/DDFxGWQ0D1BziUl +M9yjjZQXQJLXlUW4E6vFb68LG0xWU8ZrXKomHQC5AVZb+FL0RlWvwlFd6ENVK+eI +kswbDDN4h15Sgvz/6gVHR7u6wh5xwwU76UDaAfnA3e8qr82PQopKuM//5L88sgr8 +Eu3FwzO5URZdgnQu5HlJWcMl3C8CgYEA4Xj/3cqqkIRVnbOD5ETP5Z8L6J7VG7f2 +Yuf0Jd6ECd4cF3em7gWfgiOleObRDJxdoXIqdMsvj4SASd2GEb6qu4a3GIWnmW5d +wUP0GfWPRZIiN8cwHXnBbJHTc3GgX2cT2zOUiDULQgnRe/GY7drbODX/UC0NAOHq +HOg758yrOP8CgYBCUkVAQAGUcfejUet1txmf+wkeZz+gtwQQ0ESM+XivRiURxQWp +CeoaCH2e12o6ZP5unMwrCyDqGwMEF9C34kteqw6QcwK6BfT7Q0YanEkiEcWTJwY5 +cl+i016gPux37VQ2iI3cCn9eVdiNbgwaokM28ZxTsdEHpKxMU4UxwPts6wKBgGzm +6n6Pss5WfJvM5vlMGzYHGdNjU/8tXX3sFsprrU6uztau3hu874wF95hrs7DpnXer +EsKSmQgysVv7+RN9Ci3FJY5cj9TVr8b3MWGQb4Dk0k4qkRzLgBcWYBE0Yodx2+9V +/HnFVQiygVHiIUFRIe0Gd6ib+dnhRBhuOvD8s/61AoGBAKTvA19eVpXmgex9kuWs +RbVg08bF1lKReViwZQ0PzuOiymscGRjhR7F7FgqI9cls89jY4TLXrwWSja2Pxkvs +hudBnEs5eOVt/7FC498TjVfmaHF0mXWUgrO4oJXUDlHLZFMMnimUyKmYLAK+Sy9q +TFyi5AtZ/eoXLFh2FXuhjFAG +-----END PRIVATE KEY----- diff --git a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cacert.pem b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cacert.pem new file mode 100644 index 000000000..1f71b88bb --- /dev/null +++ b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cacert.pem @@ -0,0 +1,62 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + a5:2d:2e:41:e9:fc:8a:91 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=CA, O=Apache Pulsar, OU=Proxy, CN=Proxy + Validity + Not Before: Feb 18 04:00:32 2018 GMT + Not After : Feb 17 04:00:32 2021 GMT + Subject: C=US, ST=CA, O=Apache Pulsar, OU=Proxy, CN=Proxy + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:aa:ce:ea:82:4f:ac:a8:97:7b:0c:33:cd:ef:7f: + 24:45:e5:81:a2:2c:7a:ab:65:34:27:27:39:ae:f4: + b2:f3:0e:cc:08:3b:8e:1d:78:95:aa:95:01:0e:a3: + df:db:4b:9a:ad:85:e6:af:96:16:41:35:dc:b2:23: + 03:ff:b9:d6:75:25:29:37:f5:3f:26:43:c3:36:a0: + 9c:0f:36:a5:91:dd:7d:18:5d:45:24:d3:f6:bf:86: + 91:91:10:b5:00:bf:12:6a:01:9f:28:38:01:08:5f: + fd:a8:6d:98:33:cc:77:fb:a1:fe:06:59:92:6d:0b: + 14:bc:9b:59:fd:98:69:ec:6d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 4F:39:5A:C4:BF:78:EF:3D:FC:F1:68:5A:F6:B9:4B:D2:B7:03:C7:87 + X509v3 Authority Key Identifier: + keyid:4F:39:5A:C4:BF:78:EF:3D:FC:F1:68:5A:F6:B9:4B:D2:B7:03:C7:87 + DirName:/C=US/ST=CA/O=Apache Pulsar/OU=Proxy/CN=Proxy + serial:A5:2D:2E:41:E9:FC:8A:91 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 84:e1:30:a5:a5:7e:39:9b:2a:1f:cb:1e:67:c6:00:75:f3:8f: + 6a:d0:ef:d7:46:39:2c:b6:ba:1f:03:7d:eb:cf:22:ef:46:82: + bb:89:08:dd:3f:28:b3:6e:79:1a:14:26:ed:38:2f:f0:c9:fe: + 7f:72:5c:8a:82:b8:05:fe:f7:45:6c:e9:6e:ff:f9:d3:a4:60: + 1a:e9:7b:71:c8:a1:80:3d:0f:33:44:06:30:c7:c9:2f:8f:e4: + 5d:68:25:cb:28:49:5a:5d:ac:10:f7:d2:90:cf:0c:1f:ff:7c: + 7b:04:95:a7:b9:27:d9:66:ac:73:6e:92:84:de:68:fc:86:27: + e8:d3 +-----BEGIN CERTIFICATE----- +MIIC2DCCAkGgAwIBAgIJAKUtLkHp/IqRMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNV +BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1bHNhcjEOMAwG +A1UECxMFUHJveHkxDjAMBgNVBAMTBVByb3h5MB4XDTE4MDIxODA0MDAzMloXDTIx +MDIxNzA0MDAzMlowUjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQK +Ew1BcGFjaGUgUHVsc2FyMQ4wDAYDVQQLEwVQcm94eTEOMAwGA1UEAxMFUHJveHkw +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKrO6oJPrKiXewwzze9/JEXlgaIs +eqtlNCcnOa70svMOzAg7jh14laqVAQ6j39tLmq2F5q+WFkE13LIjA/+51nUlKTf1 +PyZDwzagnA82pZHdfRhdRSTT9r+GkZEQtQC/EmoBnyg4AQhf/ahtmDPMd/uh/gZZ +km0LFLybWf2YaextAgMBAAGjgbUwgbIwHQYDVR0OBBYEFE85WsS/eO89/PFoWva5 +S9K3A8eHMIGCBgNVHSMEezB5gBRPOVrEv3jvPfzxaFr2uUvStwPHh6FWpFQwUjEL +MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQKEw1BcGFjaGUgUHVsc2Fy +MQ4wDAYDVQQLEwVQcm94eTEOMAwGA1UEAxMFUHJveHmCCQClLS5B6fyKkTAMBgNV +HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIThMKWlfjmbKh/LHmfGAHXzj2rQ +79dGOSy2uh8DfevPIu9GgruJCN0/KLNueRoUJu04L/DJ/n9yXIqCuAX+90Vs6W7/ ++dOkYBrpe3HIoYA9DzNEBjDHyS+P5F1oJcsoSVpdrBD30pDPDB//fHsElae5J9lm +rHNukoTeaPyGJ+jT +-----END CERTIFICATE----- diff --git a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cert.pem b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cert.pem new file mode 100644 index 000000000..a3962c32d --- /dev/null +++ b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cert.pem @@ -0,0 +1,72 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + a5:2d:2e:41:e9:fc:8a:92 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=CA, O=Apache Pulsar, OU=Proxy, CN=Proxy + Validity + Not Before: Feb 18 04:02:27 2018 GMT + Not After : Nov 16 00:00:00 2030 GMT + Subject: C=US, ST=CA, O=Apache Pulsar, OU=Proxy, CN=Proxy + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:c3:5c:c5:ad:17:dc:f4:d4:c4:ea:1c:60:5a:24: + 46:13:d9:cf:c0:cd:83:2e:2f:82:70:e5:e0:8d:33: + bd:95:b5:cf:c6:f0:54:d5:8d:bd:87:0d:62:6c:1d: + 3f:52:66:74:ff:06:33:1c:3c:d5:ed:2e:63:d9:96: + c6:f1:98:82:c7:94:4a:bc:64:f2:9b:3a:54:ec:81: + 99:bc:14:82:43:87:0c:6b:da:03:8c:aa:0b:41:d7: + fe:27:c4:f9:88:81:34:b1:ff:2a:e0:6d:d0:47:dd: + c1:11:a5:54:a9:53:32:cd:8f:f6:75:58:8e:05:e4: + d9:b1:ac:69:fe:b6:54:c3:ad:36:04:a2:77:f5:53: + b6:74:83:d5:6a:01:e0:96:b5:a2:af:50:8f:b5:d7: + 9d:a7:c2:bd:f8:31:86:09:5f:7c:0a:b2:db:34:e1: + 80:25:17:5f:7d:6f:8b:dc:8e:d5:f9:cf:cf:f5:f6: + 8f:6a:fe:3e:96:00:c9:56:b0:d0:e3:46:de:b9:a6: + 8a:5e:9b:8e:7f:ea:19:cc:a2:5b:75:22:3c:1d:36: + 48:e4:f2:1a:01:95:61:c1:f0:7a:27:9d:83:96:74: + cc:a9:04:42:08:53:34:98:2e:b7:e3:83:f9:f2:a3: + 29:e1:23:c4:ed:a0:1c:f6:2a:ed:dc:c0:df:97:a9: + f3:8d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + D5:A5:19:6A:3B:38:5F:19:C7:34:C6:BC:68:BE:16:A5:0B:43:57:2D + X509v3 Authority Key Identifier: + keyid:4F:39:5A:C4:BF:78:EF:3D:FC:F1:68:5A:F6:B9:4B:D2:B7:03:C7:87 + + Signature Algorithm: sha1WithRSAEncryption + a0:f1:e6:d4:75:75:10:0e:27:18:28:93:9f:c5:15:2b:f3:52: + 3c:f7:c7:6d:96:b3:7f:65:6c:78:be:26:f5:f2:41:36:f0:b2: + fb:64:67:73:d2:bf:d7:24:af:30:1e:6f:3a:9c:80:98:34:06: + 11:ba:45:06:57:ec:d9:f0:77:1f:d6:e8:0c:13:9d:d1:15:c7: + d8:73:fb:aa:dc:0d:3c:4b:3a:bb:87:3c:21:6d:05:9d:fa:74: + db:61:4c:47:6a:e7:6b:79:2b:3f:62:a8:fc:e6:11:c8:0f:40: + 48:51:71:a2:ad:77:d5:fe:ff:1d:73:82:0c:3c:98:ab:26:9b: + 78:d5 +-----BEGIN CERTIFICATE----- +MIIDITCCAoqgAwIBAgIJAKUtLkHp/IqSMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNV +BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1bHNhcjEOMAwG +A1UECxMFUHJveHkxDjAMBgNVBAMTBVByb3h5MB4XDTE4MDIxODA0MDIyN1oXDTMw +MTExNjAwMDAwMFowUjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQK +Ew1BcGFjaGUgUHVsc2FyMQ4wDAYDVQQLEwVQcm94eTEOMAwGA1UEAxMFUHJveHkw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDXMWtF9z01MTqHGBaJEYT +2c/AzYMuL4Jw5eCNM72Vtc/G8FTVjb2HDWJsHT9SZnT/BjMcPNXtLmPZlsbxmILH +lEq8ZPKbOlTsgZm8FIJDhwxr2gOMqgtB1/4nxPmIgTSx/yrgbdBH3cERpVSpUzLN +j/Z1WI4F5NmxrGn+tlTDrTYEonf1U7Z0g9VqAeCWtaKvUI+1152nwr34MYYJX3wK +sts04YAlF199b4vcjtX5z8/19o9q/j6WAMlWsNDjRt65popem45/6hnMolt1Ijwd +Nkjk8hoBlWHB8HonnYOWdMypBEIIUzSYLrfjg/nyoynhI8TtoBz2Ku3cwN+XqfON +AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2Vu +ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTVpRlqOzhfGcc0xrxovhalC0NX +LTAfBgNVHSMEGDAWgBRPOVrEv3jvPfzxaFr2uUvStwPHhzANBgkqhkiG9w0BAQUF +AAOBgQCg8ebUdXUQDicYKJOfxRUr81I898dtlrN/ZWx4vib18kE28LL7ZGdz0r/X +JK8wHm86nICYNAYRukUGV+zZ8Hcf1ugME53RFcfYc/uq3A08Szq7hzwhbQWd+nTb +YUxHaudreSs/Yqj85hHID0BIUXGirXfV/v8dc4IMPJirJpt41Q== +-----END CERTIFICATE----- diff --git a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-key.pem b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-key.pem new file mode 100644 index 000000000..855603688 --- /dev/null +++ b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDXMWtF9z01MTq +HGBaJEYT2c/AzYMuL4Jw5eCNM72Vtc/G8FTVjb2HDWJsHT9SZnT/BjMcPNXtLmPZ +lsbxmILHlEq8ZPKbOlTsgZm8FIJDhwxr2gOMqgtB1/4nxPmIgTSx/yrgbdBH3cER +pVSpUzLNj/Z1WI4F5NmxrGn+tlTDrTYEonf1U7Z0g9VqAeCWtaKvUI+1152nwr34 +MYYJX3wKsts04YAlF199b4vcjtX5z8/19o9q/j6WAMlWsNDjRt65popem45/6hnM +olt1IjwdNkjk8hoBlWHB8HonnYOWdMypBEIIUzSYLrfjg/nyoynhI8TtoBz2Ku3c +wN+XqfONAgMBAAECggEAX3rR6d0F0mrCqqCfvq6HyV/kl5hZipMRr1fKPXiSKb8o +A1SmQZD6lizGc4x/zCfi+ljvVdetvjOz/T4hkSY2lJA3TogPwinqI4Tbu/5SA+rW ++UceAPuCcPW9c3ZjdoGfXXcWX4WMC/OnTpZ9IBxXcfvwOj3De8HzW1CmpSQ7nT4J +ukBe5PwYFiGywvRKygKMicVYUYABW6AhFxJCUcRqLGdXDrja+Qe79JI3ywDjvmNR +jIOSjToxbuXv39OfRC2KUZPWT4AkXa4dI8j5HNFsZ6J4kOzc5aByW9LzgMW7Bspd +a+7vov4eNop+t72gj5XE4wZVc2vT18dF5Kus4hsCSQKBgQDmsp3nSXFcFcNUjel7 +rsx8da8R/rSJOgswHmpAuMHF0mCsmqWfxUwIlRmCnHPHu4+yztYd2yyYPHULyMiK +JcMxo8Aziq0F/nV9k6snZgarazlb40JTYU6FQMjkigigOzNoIdUAInIIZBP78CTk +R/qXnXbNxwxJAhiAIy1y8G3hnwKBgQDYyghUE8+T+nKeAt3Tvlrg2PyCT/OAZPIB +bcHCw9y1jt4msHxYsb5qbD43LnwYPVSv5YgAgmbM+hKJMHaEqvcdrNAjCq1EeZIx +I8TDcj4RLKJOHtDdxLpWUvq8YaTXv0dOMdJfNw2uaYVL1HQibdEfHjJvvlxl1faZ +8J2gXdUTUwKBgQCWVHqVBsS57uyUIs2s7SEPUVi97y4R5iL4Pjma50pN8GNS1otq +65Q6W35+IBlKZCylpibc2b/bjDnxbetQKn9hz4UlkQ5iw4goRpvXVqKt/XcpK5RC +5TvXlXnTgydP0oQTLUixh8CrOxvSppBDuavQNKoAOd8FjDoO9d1d8tKHnQKBgBR+ +5VKtnM5suzFdLAO813KykQzw6iCVapvf+JWlVtSDcVVPEjKAe3QsT6V/65OPGNaY +aMdDjNyMN/xobIwWbc6MbBEkDUWQCNZEf3HK9ztAcQfZuf19f/BxX+s3gBI1r1Qh +ObZuyghXSZbluyUWJNNAU5xk7u9hzzK2oPBsbpypAoGAVdhBjPZZLq7iJTmcWBIS +aQE0WXD+0y329hcKGvizjrIlld0o7UoBUuZJRP6sTO8cZ46BKv0RXXbH2cx1g5JR +12RyeeVjDWKo2LlLz4/5+ZWHur5ITHB/llVtKJAHxX8sjxR+mZ2JYTMkte/GXG0i +NZZZbx989EXlPwmvrnQmDIQ= +-----END PRIVATE KEY----- diff --git a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-cert.pem b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-cert.pem deleted file mode 100644 index 63fcf38fe..000000000 --- a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-cert.pem +++ /dev/null @@ -1,72 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - ac:a4:b3:6b:f5:b4:5f:c9 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=New CA - Validity - Not Before: Dec 20 02:22:54 2017 GMT - Not After : Dec 20 02:22:54 2018 GMT - Subject: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=Broker - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:ba:ab:bd:1d:68:9e:1f:6d:99:8a:8e:95:8d:dc: - b7:e5:95:1a:40:ff:9e:5d:be:38:e6:19:1c:39:0d: - 39:e3:e0:cd:96:42:09:41:9f:ca:f1:7f:63:6f:be: - a5:46:1b:07:06:01:43:11:ed:e9:f9:a2:41:2a:29: - ac:10:d3:df:30:4a:f5:9b:5d:b9:97:2b:d4:10:82: - 92:55:e7:ca:b1:eb:94:6a:63:e6:28:a3:75:0e:f2: - 5b:ff:1a:df:0b:3e:2d:6b:c8:c1:49:98:2b:c1:5f: - 9a:c6:1d:94:26:7f:eb:6f:7e:81:c2:27:23:13:90: - 4f:89:04:dd:2c:8d:de:4c:f8:9f:33:b9:28:ed:7e: - 3a:14:fa:6f:d0:cc:50:5e:75:40:39:e2:57:46:af: - b7:67:8f:c9:57:f2:85:b0:54:59:02:76:c8:92:2c: - af:19:3e:09:d8:5f:a4:d0:9c:a7:35:77:c9:aa:90: - 50:86:2a:9a:3c:8f:3b:50:a5:01:88:b9:d3:eb:4d: - 23:24:f2:58:65:1c:03:7a:0a:2c:20:30:b6:46:8d: - b1:65:1c:16:0c:bf:bd:87:df:1c:e6:46:c8:f7:4f: - 60:fd:a1:91:c9:e4:ff:21:e7:e8:65:70:ba:9f:d6: - 44:07:27:45:1d:69:e7:d6:72:d8:d0:3e:df:2e:61: - 9e:4d - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - 1C:C6:F7:DB:06:C1:1D:1C:7C:9E:64:AF:E5:47:47:80:00:6C:C8:26 - X509v3 Authority Key Identifier: - keyid:E5:15:C2:1D:E7:EE:28:3C:FA:B6:3E:58:FB:0B:61:52:6E:B0:81:5B - - Signature Algorithm: sha1WithRSAEncryption - 7f:b4:f8:d6:9c:ea:01:1b:74:19:a9:ee:ea:83:66:11:df:90: - c5:f0:e6:bc:05:bd:b4:8a:64:d6:08:fd:75:da:2e:f5:f9:20: - e0:62:8b:b8:b7:bd:c3:92:0f:a3:61:c7:78:6a:68:ea:74:20: - 8e:a8:b7:0f:28:d1:54:8a:55:af:38:8c:a7:64:79:1c:95:f6: - b8:f3:48:0e:14:2b:78:75:ff:96:70:85:28:30:1f:fa:94:a9: - 43:cd:98:6e:7b:80:68:bc:08:cc:35:1d:df:34:df:3d:58:52: - c3:5d:55:65:b6:be:ef:a2:78:a0:3c:41:c8:af:9f:74:e6:d8: - 0a:d3 ------BEGIN CERTIFICATE----- -MIIDKzCCApSgAwIBAgIJAKyks2v1tF/JMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNV -BAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEChMGQXBhY2hlMRkwFwYDVQQLExBB -cGFjaGUgSW5jdWJhdG9yMQ8wDQYDVQQDEwZOZXcgQ0EwHhcNMTcxMjIwMDIyMjU0 -WhcNMTgxMjIwMDIyMjU0WjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExDzAN -BgNVBAoTBkFwYWNoZTEZMBcGA1UECxMQQXBhY2hlIEluY3ViYXRvcjEPMA0GA1UE -AxMGQnJva2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqu9HWie -H22Zio6Vjdy35ZUaQP+eXb445hkcOQ054+DNlkIJQZ/K8X9jb76lRhsHBgFDEe3p -+aJBKimsENPfMEr1m125lyvUEIKSVefKseuUamPmKKN1DvJb/xrfCz4ta8jBSZgr -wV+axh2UJn/rb36BwicjE5BPiQTdLI3eTPifM7ko7X46FPpv0MxQXnVAOeJXRq+3 -Z4/JV/KFsFRZAnbIkiyvGT4J2F+k0JynNXfJqpBQhiqaPI87UKUBiLnT600jJPJY -ZRwDegosIDC2Ro2xZRwWDL+9h98c5kbI909g/aGRyeT/IefoZXC6n9ZEBydFHWnn -1nLY0D7fLmGeTQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P -cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUHMb32wbBHRx8 -nmSv5UdHgABsyCYwHwYDVR0jBBgwFoAU5RXCHefuKDz6tj5Y+wthUm6wgVswDQYJ -KoZIhvcNAQEFBQADgYEAf7T41pzqARt0Ganu6oNmEd+QxfDmvAW9tIpk1gj9ddou -9fkg4GKLuLe9w5IPo2HHeGpo6nQgjqi3DyjRVIpVrziMp2R5HJX2uPNIDhQreHX/ -lnCFKDAf+pSpQ82YbnuAaLwIzDUd3zTfPVhSw11VZba+76J4oDxByK+fdObYCtM= ------END CERTIFICATE----- diff --git a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-key.pem b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-key.pem deleted file mode 100644 index 8e47938b8..000000000 --- a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC6q70daJ4fbZmK -jpWN3LfllRpA/55dvjjmGRw5DTnj4M2WQglBn8rxf2NvvqVGGwcGAUMR7en5okEq -KawQ098wSvWbXbmXK9QQgpJV58qx65RqY+Yoo3UO8lv/Gt8LPi1ryMFJmCvBX5rG -HZQmf+tvfoHCJyMTkE+JBN0sjd5M+J8zuSjtfjoU+m/QzFBedUA54ldGr7dnj8lX -8oWwVFkCdsiSLK8ZPgnYX6TQnKc1d8mqkFCGKpo8jztQpQGIudPrTSMk8lhlHAN6 -CiwgMLZGjbFlHBYMv72H3xzmRsj3T2D9oZHJ5P8h5+hlcLqf1kQHJ0UdaefWctjQ -Pt8uYZ5NAgMBAAECggEBAIY3Tx1jCDYOppQiGtPKPAr9XsgXQrWiPOTsbwdyRApd -q1P7HQ6rJs7mygcha1HxwuYFaETu7AkKKZJ4LfhXbiUZ8GgKRpOz9qD8UN0lcO7m -NGsecvELPfJGPfE5T9+UkDHsQVV57RP3eqAxykC4Pv6GViPT4fuCCj25WpFbW9e4 -uuKFF3yVY3uJofPQGwLZ2b9WwujqgSyaozyKlTM4nPXwEEz56wPVuAsNfmTEtIb3 -N0d0uQpM69irH3sAO7nVDo6e/eP3Emq4kUDvhS04BafG+T7T9g0C74EGoJX5wrrk -LzuEAkO84n6ESF6r+FI1XH4yskau3Jab8/x8f9sVj+ECgYEA9II7MZ2PSq2pHTsY -1ZxZx3MKe/yiTMGkHhtQY6HKzzQXgEozK/uPTvMt7lKnBsseUydEXygMcgPXracF -rFdiAQpD8Dq2jrmjtFcPk40DtLjdUUD4I2stTKprTfTrhx5X/JIX8iBflMTFWBYp -ALM9qP0u3KZwVCGxEsGz5yaxtZkCgYEAw3Gj5eKw2pzRyNEdNsye3eQxp4QneM+X -YozWzNrbGEdmJ1CHuMWXPTxAkxtMhH95QonySEP4R1fNxHJNMKPu7h2TiZiLvC/J -UtE+SdETiEGF14SEfr/LflreTJnHCmK/pp19t1Q1cAn3FHws2D5qiA8eoBmnko6k -irYydJn5dtUCgYBVOzRhJjg14vVJgDk29QqCsQJdmAIHWZTY/dJ2+IYW1mS+zp6p -3UXmUnSXV+5rOtC2UcDOnso/0EEVglxC6C78h9SI4B6U//clvRdr6sL481wKn+gf -iJPA3sMK6K5VamlnXJHGUCyhUjosa4Udfl2nE6KLPeV4Hkp4bFdG40EdOQKBgQCQ -Y4dDUbt4dnyh0KO1lWwU3/4zFPYYUb00iHo0c8eDY1Q73Um3nvqBud63D2bzSD2s -g78j1ls5Ucvpwsv2EFZ3QhB6ieFKET+52G4dGMJGWqnns7Yy8b0Dx1wN2Vnr+VI/ -ZIC5DRRBhossbiSvSUVo6Uql2u4q3wj+lWYnMI3VVQKBgQDs+sHMotTK976HKaRh -sDepJnZwdnma1QBzsAXkZ0EJPqYCIFmbKGeXn/z2Fr62oGqe9suzuGLBYm4ukwoD -xI8lDzxOoElFNaAHl6nIcFcj6I98idkU05NvV59aeLJngejJv3WmI2GH7jNK8dNs -ELazMuTsmf+MdG/Q9C/kiHDvng== ------END PRIVATE KEY----- diff --git a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem deleted file mode 100644 index c77dd6cd7..000000000 --- a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem +++ /dev/null @@ -1,62 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - ac:a4:b3:6b:f5:b4:5f:c8 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=New CA - Validity - Not Before: Dec 20 02:21:42 2017 GMT - Not After : Dec 19 02:21:42 2020 GMT - Subject: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=New CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:99:c1:1e:58:35:af:c1:38:38:45:8c:8c:f4:d9: - 6d:cc:ff:37:31:f9:ba:76:fa:fb:56:41:04:da:d2: - a1:ea:a8:ca:6d:3b:b2:bf:4c:e7:55:ab:1c:a1:7e: - d4:ec:54:d8:92:c6:f9:1f:e8:e8:d2:27:fa:4e:bb: - e6:b2:21:59:bd:19:63:9f:4b:a1:3d:c0:25:d3:70: - a4:9c:96:33:c6:53:c4:40:c1:de:a5:75:40:f7:db: - 51:f4:f6:19:9a:8d:a8:fa:0c:4b:fe:1f:11:70:23: - 31:76:c2:6c:41:6b:aa:c6:71:22:58:7b:4f:d8:2b: - 46:d6:e0:84:4d:57:e0:9c:09 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - E5:15:C2:1D:E7:EE:28:3C:FA:B6:3E:58:FB:0B:61:52:6E:B0:81:5B - X509v3 Authority Key Identifier: - keyid:E5:15:C2:1D:E7:EE:28:3C:FA:B6:3E:58:FB:0B:61:52:6E:B0:81:5B - DirName:/C=US/ST=CA/O=Apache/OU=Apache Incubator/CN=New CA - serial:AC:A4:B3:6B:F5:B4:5F:C8 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 7c:15:8d:92:14:c2:cf:b6:72:17:ba:ba:e0:7c:48:a0:fb:02: - 86:b1:50:90:d0:b2:dd:40:9f:b5:e1:9e:ab:4a:bc:6c:f1:3e: - c3:7f:b5:b6:18:ab:f7:f0:a2:35:c6:5b:d7:2d:84:e1:d9:3d: - 8c:88:c2:1c:44:61:a8:14:ab:b1:00:b4:00:a5:2d:66:43:86: - 53:a2:d6:4a:73:96:b3:4f:63:b5:8d:8d:7f:e4:ff:82:37:81: - 63:00:0e:d1:ef:59:0c:7c:2b:79:24:97:06:60:cd:a1:b3:37: - 94:68:3d:6c:27:ee:8e:87:88:c1:21:0a:d5:04:66:11:06:11: - 69:92 ------BEGIN CERTIFICATE----- -MIIC6DCCAlGgAwIBAgIJAKyks2v1tF/IMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNV -BAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEChMGQXBhY2hlMRkwFwYDVQQLExBB -cGFjaGUgSW5jdWJhdG9yMQ8wDQYDVQQDEwZOZXcgQ0EwHhcNMTcxMjIwMDIyMTQy -WhcNMjAxMjE5MDIyMTQyWjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExDzAN -BgNVBAoTBkFwYWNoZTEZMBcGA1UECxMQQXBhY2hlIEluY3ViYXRvcjEPMA0GA1UE -AxMGTmV3IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZwR5YNa/BODhF -jIz02W3M/zcx+bp2+vtWQQTa0qHqqMptO7K/TOdVqxyhftTsVNiSxvkf6OjSJ/pO -u+ayIVm9GWOfS6E9wCXTcKScljPGU8RAwd6ldUD321H09hmajaj6DEv+HxFwIzF2 -wmxBa6rGcSJYe0/YK0bW4IRNV+CcCQIDAQABo4G7MIG4MB0GA1UdDgQWBBTlFcId -5+4oPPq2Plj7C2FSbrCBWzCBiAYDVR0jBIGAMH6AFOUVwh3n7ig8+rY+WPsLYVJu -sIFboVukWTBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExDzANBgNVBAoTBkFw -YWNoZTEZMBcGA1UECxMQQXBhY2hlIEluY3ViYXRvcjEPMA0GA1UEAxMGTmV3IENB -ggkArKSza/W0X8gwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQB8FY2S -FMLPtnIXurrgfEig+wKGsVCQ0LLdQJ+14Z6rSrxs8T7Df7W2GKv38KI1xlvXLYTh -2T2MiMIcRGGoFKuxALQApS1mQ4ZTotZKc5azT2O1jY1/5P+CN4FjAA7R71kMfCt5 -JJcGYM2hszeUaD1sJ+6Oh4jBIQrVBGYRBhFpkg== ------END CERTIFICATE----- diff --git a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-cert.pem b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-cert.pem deleted file mode 100644 index 741e10afa..000000000 --- a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-cert.pem +++ /dev/null @@ -1,72 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - ac:a4:b3:6b:f5:b4:5f:ca - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=New CA - Validity - Not Before: Dec 20 02:36:47 2017 GMT - Not After : Dec 20 02:36:47 2018 GMT - Subject: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=Client - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:fd:b6:bb:bc:a3:54:2b:06:b3:8e:68:31:e1:f3: - 3a:c6:3d:98:83:db:f8:fc:58:c6:35:47:4c:58:c1: - 40:81:71:8e:25:2c:6f:14:a0:5f:f2:85:97:fa:e5: - d1:a6:65:26:3f:4b:52:f1:4a:11:1b:f6:af:22:fb: - 24:74:d7:d3:bd:c3:11:dc:7f:1e:49:96:19:4a:f5: - 9c:b3:4c:85:5d:33:57:08:43:04:3d:b0:69:1a:15: - b3:08:c7:0d:68:09:02:09:37:90:1b:fa:51:e1:c9: - 6d:58:e3:d0:4e:e9:f9:a5:b5:4c:1a:5d:98:62:a2: - d6:cd:a2:89:dc:91:52:c7:f5:19:53:97:5f:58:86: - 6b:5e:48:6c:81:8d:2f:5c:0e:38:96:d2:b7:f7:47: - 21:2e:54:2a:51:32:92:0d:f3:c3:94:f5:59:98:2c: - 11:1a:88:ad:ee:16:5c:72:6b:31:e3:bf:ca:9e:38: - 4b:49:d2:87:e1:44:69:ef:ba:4d:b9:1d:4b:3f:e0: - c1:af:c5:04:6f:5f:2d:6e:d9:12:ac:bb:f1:f8:7f: - fc:bd:3a:6a:99:e6:45:f9:91:98:c9:d1:b1:f0:d5: - 6a:e1:fd:c0:6e:e2:8e:ab:0c:03:87:ad:9c:26:9a: - 8e:93:4c:82:ec:de:25:49:14:91:ce:80:9f:22:17: - aa:cf - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - B2:8F:75:E3:D7:7A:4C:62:B8:5C:04:66:A0:56:14:16:AF:82:43:5A - X509v3 Authority Key Identifier: - keyid:E5:15:C2:1D:E7:EE:28:3C:FA:B6:3E:58:FB:0B:61:52:6E:B0:81:5B - - Signature Algorithm: sha1WithRSAEncryption - 5f:e0:ec:f3:b4:bb:08:a6:15:85:f2:7d:c4:50:c4:87:e5:af: - 1a:38:11:98:b1:a1:d6:47:85:f6:c6:80:cc:b3:2b:f6:27:8e: - 24:1b:66:98:48:e7:d0:dd:cd:37:ea:a2:ad:cf:d8:a7:17:39: - 59:be:72:a1:2a:24:f5:d6:23:14:b9:42:b4:2f:b1:cd:15:98: - d9:1a:8a:55:3c:f2:78:be:b4:ba:6b:79:3d:29:e8:54:4b:d8: - 0f:1b:bd:69:ef:d2:ca:5c:0f:da:b4:b6:b8:cc:7f:b7:51:3c: - fc:3a:dd:6d:9c:3c:9e:71:ad:59:72:84:ac:01:6e:c5:66:8b: - b0:70 ------BEGIN CERTIFICATE----- -MIIDKzCCApSgAwIBAgIJAKyks2v1tF/KMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNV -BAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEChMGQXBhY2hlMRkwFwYDVQQLExBB -cGFjaGUgSW5jdWJhdG9yMQ8wDQYDVQQDEwZOZXcgQ0EwHhcNMTcxMjIwMDIzNjQ3 -WhcNMTgxMjIwMDIzNjQ3WjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExDzAN -BgNVBAoTBkFwYWNoZTEZMBcGA1UECxMQQXBhY2hlIEluY3ViYXRvcjEPMA0GA1UE -AxMGQ2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/ba7vKNU -Kwazjmgx4fM6xj2Yg9v4/FjGNUdMWMFAgXGOJSxvFKBf8oWX+uXRpmUmP0tS8UoR -G/avIvskdNfTvcMR3H8eSZYZSvWcs0yFXTNXCEMEPbBpGhWzCMcNaAkCCTeQG/pR -4cltWOPQTun5pbVMGl2YYqLWzaKJ3JFSx/UZU5dfWIZrXkhsgY0vXA44ltK390ch -LlQqUTKSDfPDlPVZmCwRGoit7hZccmsx47/KnjhLSdKH4URp77pNuR1LP+DBr8UE -b18tbtkSrLvx+H/8vTpqmeZF+ZGYydGx8NVq4f3AbuKOqwwDh62cJpqOk0yC7N4l -SRSRzoCfIheqzwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P -cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUso9149d6TGK4 -XARmoFYUFq+CQ1owHwYDVR0jBBgwFoAU5RXCHefuKDz6tj5Y+wthUm6wgVswDQYJ -KoZIhvcNAQEFBQADgYEAX+Ds87S7CKYVhfJ9xFDEh+WvGjgRmLGh1keF9saAzLMr -9ieOJBtmmEjn0N3NN+qirc/Ypxc5Wb5yoSok9dYjFLlCtC+xzRWY2RqKVTzyeL60 -umt5PSnoVEvYDxu9ae/SylwP2rS2uMx/t1E8/DrdbZw8nnGtWXKErAFuxWaLsHA= ------END CERTIFICATE----- diff --git a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-key.pem b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-key.pem deleted file mode 100644 index 81d00f9ce..000000000 --- a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD9tru8o1QrBrOO -aDHh8zrGPZiD2/j8WMY1R0xYwUCBcY4lLG8UoF/yhZf65dGmZSY/S1LxShEb9q8i -+yR019O9wxHcfx5JlhlK9ZyzTIVdM1cIQwQ9sGkaFbMIxw1oCQIJN5Ab+lHhyW1Y -49BO6fmltUwaXZhiotbNoonckVLH9RlTl19YhmteSGyBjS9cDjiW0rf3RyEuVCpR -MpIN88OU9VmYLBEaiK3uFlxyazHjv8qeOEtJ0ofhRGnvuk25HUs/4MGvxQRvXy1u -2RKsu/H4f/y9OmqZ5kX5kZjJ0bHw1Wrh/cBu4o6rDAOHrZwmmo6TTILs3iVJFJHO -gJ8iF6rPAgMBAAECggEAEJmkLvOAzk/h769hlCcV8WKWWApMgDZOwa2okSYT0mRb -qJL/sZnMrVGQYBopXXnAxuNmyeLOu8WoL+G+wOZeNExPHt4yXR41CXKIjjKzhyWU -zDWWUXL5bXt9+1UKy4PLXk8EXtBCC0Pio65EMuWcL/tsv0zga5O7+jhoTMY1ZF/D -rsddf2mIncyEdhwAKLREmFv31lY1k+Jd+5eyXHIJEnK8lMXTcORNsb0YtlS5sRTU -4llwQlBXjV06zIVRFxsRcPrgRYH0Hfg3hSIm3epNE+pbj0tcN0CfQFfrKJ9G2cDS -jXimjvGsPKQ1PRMAcg93qZB3VtI+ag9bZt29cru0AQKBgQD/xzXZP5hKoqOy+8qH -HyPvyM0QCpQ6KwHzgf5ATybPIPlyWQmT2eeR3ez4qskowNvc4Fc/q10Ao+q6jC3E -721Wz6+iCb7Qus37KnEqVW7mWDLsDT5q7vIyRR22wWhrTpu0uZmxd9XxYRU6KUe1 -FMkI5VijJ27NoYtO+gLn9u6J6QKBgQD97xCNVaUNMNRZ1+HOKoBqcGBj91KrL74K -/avYL0EprYwzN1lm4ZmNX8GaBeAftwnIDyxaM3Apw8BcqFFz/IslY/5sCyUmVjgI -ZULkhCBy5ZamFNMxLvaN6njtdpgdBRxR9gzke1V/xxJgN7J39h9FI+pElwMW6314 -6AFHYQ/j9wKBgQCNwfjEOQzMgKs9bXNnxAiEwsN0GojgXCmureMd/UBDF8FocJRw -Txqaq2bEwtLONWUlW2i/rtfSnQZg8YQEW7Y7oMt0gPYydPXoODOUBNl77HH8hbKM -TXYKCmhXe4XFw0FkvmDCDOqT5vx+yZYmdCifN40Sj65HZTryQHoP2bmG0QKBgG/U -ntd/hka+4GYIuvsOoKs/flPIEfIt/mXcvZdhiDMQqRPNJmQ2qmcmap6oQ8Hz3Czs -8b1vtc/O06J6xhRsfeMjnGJ8rgmqItcfsUvuHFQ9ZBEUTsX0RsTNJCCAABGXtJcr -4xWkc0zooOEa5lAKZk8OuBco4kVvxDxBAH8s8dCVAoGAeEZICuDGR8cOV64Eyx2X -Ej1PQJrleMmzCwth7UhREGUgEVglhMeoBxmWCukYxpkVBY0DUy6OWH5lpTfCerFZ -ho1AHMt9DsfUWo4hApMXEMyCZTOJwg9M4vQ1UTbFtr0mt0jnVWTUm3mVxmJnfrtz -/DgLrvcJd7QCGAYICMNxrDs= ------END PRIVATE KEY----- diff --git a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-cert.pem b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-cert.pem deleted file mode 100644 index 8b524c82e..000000000 --- a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-cert.pem +++ /dev/null @@ -1,72 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - ac:a4:b3:6b:f5:b4:5f:cb - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=New CA - Validity - Not Before: Dec 20 02:45:24 2017 GMT - Not After : Dec 20 02:45:24 2018 GMT - Subject: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=Proxy - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:e1:e1:06:cc:f5:98:38:88:33:e0:f7:0a:5d:8e: - a8:89:ae:8f:cd:c7:77:62:17:c2:a1:d8:fc:fc:d0: - d0:86:f1:c8:3c:78:ec:b8:e9:73:1c:d1:72:55:97: - c6:47:5a:4c:33:18:32:a1:9c:e1:84:2e:de:40:2f: - a7:16:ed:a0:44:d6:4c:2c:04:ef:21:11:0b:6b:cb: - 36:8d:eb:5a:3d:a1:b6:9b:b5:23:be:bd:66:23:26: - c9:82:62:44:51:f8:3a:94:07:6c:52:84:2c:d0:d9: - 24:8b:0a:f5:1b:c8:31:a2:29:4c:bc:b7:bf:96:e1: - 56:78:d2:75:08:c9:cb:0d:1a:1d:93:2d:bf:bf:86: - 10:06:d7:5c:b8:e6:99:05:89:6f:ad:3b:a6:37:45: - 15:3a:63:8b:d1:d6:0d:e4:d0:c6:06:c6:63:13:21: - 92:65:c1:1a:ae:1a:72:97:cf:86:ed:6f:a1:77:d8: - 18:67:f2:27:36:1f:ff:40:6e:57:97:90:5a:28:04: - a4:a8:54:cf:a8:87:36:af:26:49:a6:4e:2d:d4:be: - e6:17:e2:1a:da:c4:08:87:fd:3f:fe:7b:d8:1e:f2: - 66:0f:34:1a:02:5d:39:ec:66:3d:46:bc:37:ce:84: - a2:51:0b:c8:72:f5:7c:5a:b8:1a:1b:0a:5d:2b:e9: - 56:4f - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - 3F:A7:4A:6A:B1:6A:E1:51:8D:56:19:A2:2D:6A:A8:49:07:D6:87:8A - X509v3 Authority Key Identifier: - keyid:E5:15:C2:1D:E7:EE:28:3C:FA:B6:3E:58:FB:0B:61:52:6E:B0:81:5B - - Signature Algorithm: sha1WithRSAEncryption - 98:89:57:fd:96:0e:78:06:ce:9f:83:48:28:c9:34:a4:32:93: - d2:65:fb:2f:a9:39:51:ff:7a:89:57:26:6a:59:0d:81:09:20: - 75:ae:c6:aa:f6:8c:d4:d2:7f:f0:78:88:df:74:90:28:11:15: - 77:d3:60:3d:2d:d2:ef:34:1b:03:59:9f:23:1c:21:64:e5:b8: - a1:99:c3:08:82:31:3d:58:01:23:52:b8:96:c8:d5:42:b3:3b: - 50:43:cc:7d:43:08:1d:c4:46:06:7f:c3:7f:3e:6d:01:f2:25: - 91:4b:70:fd:0f:e3:25:a6:d4:d8:c9:f6:35:65:00:87:c7:03: - c2:d7 ------BEGIN CERTIFICATE----- -MIIDKjCCApOgAwIBAgIJAKyks2v1tF/LMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNV -BAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEChMGQXBhY2hlMRkwFwYDVQQLExBB -cGFjaGUgSW5jdWJhdG9yMQ8wDQYDVQQDEwZOZXcgQ0EwHhcNMTcxMjIwMDI0NTI0 -WhcNMTgxMjIwMDI0NTI0WjBWMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExDzAN -BgNVBAoTBkFwYWNoZTEZMBcGA1UECxMQQXBhY2hlIEluY3ViYXRvcjEOMAwGA1UE -AxMFUHJveHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDh4QbM9Zg4 -iDPg9wpdjqiJro/Nx3diF8Kh2Pz80NCG8cg8eOy46XMc0XJVl8ZHWkwzGDKhnOGE -Lt5AL6cW7aBE1kwsBO8hEQtryzaN61o9obabtSO+vWYjJsmCYkRR+DqUB2xShCzQ -2SSLCvUbyDGiKUy8t7+W4VZ40nUIycsNGh2TLb+/hhAG11y45pkFiW+tO6Y3RRU6 -Y4vR1g3k0MYGxmMTIZJlwRquGnKXz4btb6F32Bhn8ic2H/9AbleXkFooBKSoVM+o -hzavJkmmTi3UvuYX4hraxAiH/T/+e9ge8mYPNBoCXTnsZj1GvDfOhKJRC8hy9Xxa -uBobCl0r6VZPAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9w -ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQ/p0pqsWrhUY1W -GaItaqhJB9aHijAfBgNVHSMEGDAWgBTlFcId5+4oPPq2Plj7C2FSbrCBWzANBgkq -hkiG9w0BAQUFAAOBgQCYiVf9lg54Bs6fg0goyTSkMpPSZfsvqTlR/3qJVyZqWQ2B -CSB1rsaq9ozU0n/weIjfdJAoERV302A9LdLvNBsDWZ8jHCFk5bihmcMIgjE9WAEj -UriWyNVCsztQQ8x9QwgdxEYGf8N/Pm0B8iWRS3D9D+MlptTYyfY1ZQCHxwPC1w== ------END CERTIFICATE----- diff --git a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-key.pem b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-key.pem deleted file mode 100644 index 9856807af..000000000 --- a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDh4QbM9Zg4iDPg -9wpdjqiJro/Nx3diF8Kh2Pz80NCG8cg8eOy46XMc0XJVl8ZHWkwzGDKhnOGELt5A -L6cW7aBE1kwsBO8hEQtryzaN61o9obabtSO+vWYjJsmCYkRR+DqUB2xShCzQ2SSL -CvUbyDGiKUy8t7+W4VZ40nUIycsNGh2TLb+/hhAG11y45pkFiW+tO6Y3RRU6Y4vR -1g3k0MYGxmMTIZJlwRquGnKXz4btb6F32Bhn8ic2H/9AbleXkFooBKSoVM+ohzav -JkmmTi3UvuYX4hraxAiH/T/+e9ge8mYPNBoCXTnsZj1GvDfOhKJRC8hy9XxauBob -Cl0r6VZPAgMBAAECggEBAIXa6UHKhKNzq3K0UxMwOBYnORbUDp41wGRTB1D2maxu -WZ/kdTv7M/ku8VdhsuGT1DYvL8nwAwBnGdPlqVoABYrlh4xKfD8XL7J4YWLmxrph -O6q4RG+DI6TPFnlKrHv64xPX9kxMAZbeJzayjqAhGbCkUtI+/a126dx9s1c65jZj -VyEDrfogOi3CUVHnTxZ3Yayy0gqldPAYdtt9p5YYyTxJYmuKqHBTh7FToX3RhyT0 -pZ4+IE7YV4HiBev2K8K6c4E2/UOZtkENCLy7DAQuQgokHYk0YeoG+tYfnBcIFkVD -169Z766il027ILS8F7HMoBPQVYdf24YUgfQC3k8h8HECgYEA/VGEr3vFwxCUHtOK -SKXCpFWpK0KvcYBQvgzLuKkTNbTWnezUwAugq+Ybao/hqsF5jEd9U8Iv35myHI8j -EHHF9J8/zb1EcIZgTAPO4Uvc2rYxwt/c0kwy7F/FovVKg5yEscJ35iXQWFO5Yxyu -rYU8yNVPBqXGCeUS1jJbryg1JZcCgYEA5EUmDfPHp6gWx9MmeuDqxvb2L/WHyxGb -ojSsV5GFlCLa3QMKc1H/1+6lxLbMiGvtk2S1B9YeGWAvRB+10GSgn7AhiObxv20C -8oqRtLPxO/eCCGOBnUiGTqKibFNyTVJ/+FgWpywQSUY8tk58fPBZvydE6XV0Wa6T -1INerLxVnAkCgYAxkXn9PKL+AIh7X7l3bbggoAJyTKI3+3vRNH/IqozvvWshi+41 -hhDykhxbRbxKxYEbSgHkGeN0RYbsv7WEyj6KF39MqvRxcFn3hec9frLAuVYTY+q5 -2987EaKCuKzUBBSTFBKSHmQeZIOqOTqVCbVTNyo3isittv1wnHoEVEHSEQKBgQCM -oQkjuVb8M/Ls4mmndB9Pul/LBhHFijB+isLOJAnOTHbXiAMNLqxWpGCdwxxYw10W -3AknLcNXUMltx7dkDkpidskCJX0zuH4DXFkNoXnxvrbuYhc9Bawwj8NOx0340uWh -4ur5zIywB8RpcAsDkbNIr3Gl/kVS5tmOJ+zQsCpxuQKBgQCKV6CDtKgGLgWvERUE -Dei9pUx2uXtvThZomqoZqr+hZE3YmvtHZcLMK8sXJWDdkYVQ4bwDkmrSSkk5F9Nh -PClfyOObFbOXLD0TrJZSJd/zrnmnWk8u4eE5XSwAQ+0XiO4LgQHDOutXpvW9ZVvT -om8NGk5mEUz39XN0tuWzcN2FIQ== ------END PRIVATE KEY----- diff --git a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/WebSocketService.java b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/WebSocketService.java index d5a2c84fb..d7a349d7a 100644 --- a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/WebSocketService.java +++ b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/WebSocketService.java @@ -180,7 +180,7 @@ private PulsarClient createClientInstance(ClusterData clusterData) throws IOExce clientConf.setStatsInterval(0, TimeUnit.SECONDS); clientConf.setUseTls(config.isTlsEnabled()); clientConf.setTlsAllowInsecureConnection(config.isTlsAllowInsecureConnection()); - clientConf.setTlsTrustCertsFilePath(config.getTlsTrustCertsFilePath()); + clientConf.setTlsTrustCertsFilePath(config.getBrokerClientTrustCertsFilePath()); clientConf.setIoThreads(config.getWebSocketNumIoThreads()); clientConf.setConnectionsPerBroker(config.getWebSocketConnectionsPerBroker()); diff --git a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/ProxyServer.java b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/ProxyServer.java index ff1bfe5eb..ed597ea89 100644 --- a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/ProxyServer.java +++ b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/ProxyServer.java @@ -95,7 +95,6 @@ public ProxyServer(WebSocketProxyConfiguration config) ServerConnector tlsConnector = new ServerConnector(server, -1, -1, sslCtxFactory); tlsConnector.setPort(config.getWebServicePortTls()); connectors.add(tlsConnector); - } // Limit number of concurrent HTTP connections to avoid getting out of diff --git a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/WebSocketProxyConfiguration.java b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/WebSocketProxyConfiguration.java index 5cea3df73..8bc3804e5 100644 --- a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/WebSocketProxyConfiguration.java +++ b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/WebSocketProxyConfiguration.java @@ -39,7 +39,7 @@ // Name of the cluster to which this broker belongs to @FieldContext(required = true) private String clusterName; - + // Pulsar cluster url to connect to broker (optional if globalZookeeperServers present) private String serviceUrl; private String serviceUrlTls; @@ -67,7 +67,6 @@ // Authorization provider fully qualified class-name private String authorizationProvider = PulsarAuthorizationProvider.class.getName(); - // Role names that are treated as "super-user", meaning they will be able to // do all admin operations and publish/consume from all topics private Set<String> superUserRoles = Sets.newTreeSet(); @@ -80,6 +79,8 @@ // Authentication settings of the proxy itself. Used to connect to brokers private String brokerClientAuthenticationPlugin; private String brokerClientAuthenticationParameters; + // Path for the trusted TLS certificate file for outgoing connection to a server (broker) + private String brokerClientTrustCertsFilePath = ""; // Number of IO threads in Pulsar Client used in WebSocket proxy private int numIoThreads = Runtime.getRuntime().availableProcessors(); @@ -100,7 +101,7 @@ private String tlsTrustCertsFilePath = ""; // Accept untrusted TLS certificate from client private boolean tlsAllowInsecureConnection = false; - + private Properties properties = new Properties(); public String getClusterName() { @@ -110,7 +111,7 @@ public String getClusterName() { public void setClusterName(String clusterName) { this.clusterName = clusterName; } - + public String getServiceUrl() { return serviceUrl; } @@ -214,7 +215,7 @@ public String getAuthorizationProvider() { public void setAuthorizationProvider(String authorizationProvider) { this.authorizationProvider = authorizationProvider; } - + public boolean getAuthorizationAllowWildcardsMatching() { return authorizationAllowWildcardsMatching; } @@ -239,6 +240,14 @@ public void setBrokerClientAuthenticationPlugin(String brokerClientAuthenticatio this.brokerClientAuthenticationPlugin = brokerClientAuthenticationPlugin; } + public String getBrokerClientTrustCertsFilePath() { + return brokerClientTrustCertsFilePath; + } + + public void setBrokerClientTrustCertsFilePath(String brokerClientTrustCertsFilePath) { + this.brokerClientTrustCertsFilePath = brokerClientTrustCertsFilePath; + } + public String getBrokerClientAuthenticationParameters() { return brokerClientAuthenticationParameters; } @@ -247,13 +256,21 @@ public void setBrokerClientAuthenticationParameters(String brokerClientAuthentic this.brokerClientAuthenticationParameters = brokerClientAuthenticationParameters; } - public int getNumIoThreads() { return numIoThreads; } + public int getNumIoThreads() { + return numIoThreads; + } - public void setNumIoThreads(int numIoThreads) { this.numIoThreads = numIoThreads; } + public void setNumIoThreads(int numIoThreads) { + this.numIoThreads = numIoThreads; + } - public int getConnectionsPerBroker() { return connectionsPerBroker; } + public int getConnectionsPerBroker() { + return connectionsPerBroker; + } - public void setConnectionsPerBroker(int connectionsPerBroker) { this.connectionsPerBroker = connectionsPerBroker; } + public void setConnectionsPerBroker(int connectionsPerBroker) { + this.connectionsPerBroker = connectionsPerBroker; + } public String getAnonymousUserRole() { return anonymousUserRole; @@ -302,7 +319,7 @@ public boolean isTlsAllowInsecureConnection() { public void setTlsAllowInsecureConnection(boolean tlsAllowInsecureConnection) { this.tlsAllowInsecureConnection = tlsAllowInsecureConnection; } - + public Properties getProperties() { return properties; } ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services