merlimat closed pull request #1246: Separating configuration for client and
server trust store
URL: https://github.com/apache/incubator-pulsar/pull/1246
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/conf/broker.conf b/conf/broker.conf
index dbea41db3..a432299a6 100644
--- a/conf/broker.conf
+++ b/conf/broker.conf
@@ -234,6 +234,7 @@ superUserRoles=
# either in same or other clusters
brokerClientAuthenticationPlugin=
brokerClientAuthenticationParameters=
+brokerClientTrustCertsFilePath=
# Supported Athenz provider domain names(comma separated) for authentication
athenzDomainNames=
diff --git a/conf/proxy.conf b/conf/proxy.conf
index d7c5afc4b..f878b8fa7 100644
--- a/conf/proxy.conf
+++ b/conf/proxy.conf
@@ -55,6 +55,7 @@
authorizationProvider=org.apache.pulsar.broker.authorization.PulsarAuthorization
# Authentication settings of the proxy itself. Used to connect to brokers
brokerClientAuthenticationPlugin=
brokerClientAuthenticationParameters=
+brokerClientTrustCertsFilePath=
# Role names that are treated as "super-user", meaning they will be able to do
all admin
# operations and publish/consume from all topics (comma-separated)
diff --git a/conf/websocket.conf b/conf/websocket.conf
index 404bdeff5..b7293f159 100644
--- a/conf/websocket.conf
+++ b/conf/websocket.conf
@@ -74,6 +74,7 @@ superUserRoles=
# Authentication settings of the proxy itself. Used to connect to brokers
brokerClientAuthenticationPlugin=
brokerClientAuthenticationParameters=
+brokerClientTrustCertsFilePath=
# When this parameter is not empty, unauthenticated users perform as
anonymousUserRole
anonymousUserRole=
diff --git
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/ServiceConfiguration.java
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/ServiceConfiguration.java
index 4be2195d5..8aa2f821f 100644
---
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/ServiceConfiguration.java
+++
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/ServiceConfiguration.java
@@ -234,7 +234,9 @@
// to other brokers, either in same or other clusters. Default uses plugin
which disables authentication
private String brokerClientAuthenticationPlugin =
"org.apache.pulsar.client.impl.auth.AuthenticationDisabled";
private String brokerClientAuthenticationParameters = "";
-
+ // Path for the trusted TLS certificate file for outgoing connection to a
server (broker)
+ private String brokerClientTrustCertsFilePath = "";
+
// When this parameter is not empty, unauthenticated users perform as
anonymousUserRole
private String anonymousUserRole = null;
@@ -894,6 +896,14 @@ public void setBrokerClientAuthenticationParameters(String
brokerClientAuthentic
this.brokerClientAuthenticationParameters =
brokerClientAuthenticationParameters;
}
+ public String getBrokerClientTrustCertsFilePath() {
+ return brokerClientTrustCertsFilePath;
+ }
+
+ public void setBrokerClientTrustCertsFilePath(String
brokerClientTrustCertsFilePath) {
+ this.brokerClientTrustCertsFilePath = brokerClientTrustCertsFilePath;
+ }
+
public String getAnonymousUserRole() {
return anonymousUserRole;
}
diff --git
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/BrokerService.java
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/BrokerService.java
index 1eff83b0e..5cc125910 100644
---
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/BrokerService.java
+++
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/BrokerService.java
@@ -511,7 +511,7 @@ public PulsarClient getReplicationClient(String cluster) {
clusterUrl = isNotBlank(data.getBrokerServiceUrlTls()) ?
data.getBrokerServiceUrlTls()
: data.getServiceUrlTls();
configuration.setUseTls(true);
-
configuration.setTlsTrustCertsFilePath(pulsar.getConfiguration().getTlsTrustCertsFilePath());
+
configuration.setTlsTrustCertsFilePath(pulsar.getConfiguration().getBrokerClientTrustCertsFilePath());
configuration
.setTlsAllowInsecureConnection(pulsar.getConfiguration().isTlsAllowInsecureConnection());
} else {
diff --git
a/pulsar-broker/src/test/java/org/apache/pulsar/websocket/proxy/ProxyPublishConsumeTlsTest.java
b/pulsar-broker/src/test/java/org/apache/pulsar/websocket/proxy/ProxyPublishConsumeTlsTest.java
index fc1586b0a..ac79c8a00 100644
---
a/pulsar-broker/src/test/java/org/apache/pulsar/websocket/proxy/ProxyPublishConsumeTlsTest.java
+++
b/pulsar-broker/src/test/java/org/apache/pulsar/websocket/proxy/ProxyPublishConsumeTlsTest.java
@@ -68,6 +68,7 @@ public void setup() throws Exception {
config.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
config.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
config.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
+ config.setBrokerClientTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
config.setClusterName("use");
config.setGlobalZookeeperServers("dummy-zk-servers");
service = spy(new WebSocketService(config));
diff --git
a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/DirectProxyHandler.java
b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/DirectProxyHandler.java
index 55faf5ce4..92ff1074a 100644
---
a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/DirectProxyHandler.java
+++
b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/DirectProxyHandler.java
@@ -87,11 +87,11 @@ protected void initChannel(SocketChannel ch) throws
Exception {
AuthenticationDataProvider authData =
authentication.getAuthData();
if (authData.hasDataForTls()) {
sslCtx =
SecurityUtility.createNettySslContextForClient(config.isTlsAllowInsecureConnection(),
- config.getTlsTrustCertsFilePath(),
(X509Certificate[]) authData.getTlsCertificates(),
+ config.getBrokerClientTrustCertsFilePath(),
(X509Certificate[]) authData.getTlsCertificates(),
authData.getTlsPrivateKey());
} else {
sslCtx =
SecurityUtility.createNettySslContextForClient(config.isTlsAllowInsecureConnection(),
- config.getTlsTrustCertsFilePath());
+ config.getBrokerClientTrustCertsFilePath());
}
ch.pipeline().addLast(TLS_HANDLER,
sslCtx.newHandler(ch.alloc()));
}
diff --git
a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConfiguration.java
b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConfiguration.java
index 71022ea81..071a35453 100644
---
a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConfiguration.java
+++
b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConfiguration.java
@@ -35,11 +35,11 @@
// ZooKeeper session timeout
private int zookeeperSessionTimeoutMs = 30_000;
-
- // if Service Discovery is Disabled this url should point to the discovery
service provider.
+
+ // if Service Discovery is Disabled this url should point to the discovery
service provider.
private String brokerServiceURL;
private String brokerServiceURLTLS;
-
+
// Port to use to server binary-proto request
private int servicePort = 6650;
// Port to use to server binary-proto-tls request
@@ -69,6 +69,7 @@
// Authentication settings of the proxy itself. Used to connect to brokers
private String brokerClientAuthenticationPlugin;
private String brokerClientAuthenticationParameters;
+ private String brokerClientTrustCertsFilePath;
/***** --- TLS --- ****/
// Enable TLS for the proxy handler
@@ -93,33 +94,33 @@
// Specify the tls cipher the broker will use to negotiate during TLS
Handshake.
// Example:- [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
private Set<String> tlsCiphers = Sets.newTreeSet();
-
+
private Properties properties = new Properties();
public boolean forwardAuthorizationCredentials() {
return forwardAuthorizationCredentials;
}
-
+
public void setForwardAuthorizationCredentials(boolean
forwardAuthorizationCredentials) {
this.forwardAuthorizationCredentials = forwardAuthorizationCredentials;
}
-
+
public String getBrokerServiceURLTLS() {
return brokerServiceURLTLS;
}
-
+
public void setBrokerServiceURLTLS(String discoveryServiceURLTLS) {
this.brokerServiceURLTLS = discoveryServiceURLTLS;
}
-
+
public String getBrokerServiceURL() {
return brokerServiceURL;
}
-
+
public void setBrokerServiceURL(String discoveryServiceURL) {
this.brokerServiceURL = discoveryServiceURL;
}
-
+
public String getZookeeperServers() {
return zookeeperServers;
}
@@ -248,6 +249,14 @@ public void setBrokerClientAuthenticationParameters(String
brokerClientAuthentic
this.brokerClientAuthenticationParameters =
brokerClientAuthenticationParameters;
}
+ public String getBrokerClientTrustCertsFilePath() {
+ return this.brokerClientTrustCertsFilePath;
+ }
+
+ public void setBrokerClientTrustCertsFilePath(String
brokerClientTlsTrustCertsFilePath) {
+ this.brokerClientTrustCertsFilePath =
brokerClientTlsTrustCertsFilePath;
+ }
+
public boolean isAuthenticationEnabled() {
return authenticationEnabled;
}
@@ -295,7 +304,7 @@ public Properties getProperties() {
public void setProperties(Properties properties) {
this.properties = properties;
}
-
+
public Set<String> getTlsProtocols() {
return tlsProtocols;
}
diff --git
a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyService.java
b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyService.java
index 0ddee4252..d95d83cb7 100644
---
a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyService.java
+++
b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyService.java
@@ -102,7 +102,7 @@ public ProxyService(ProxyConfiguration proxyConfig) throws
IOException {
}
if (proxyConfig.isTlsEnabledWithBroker()) {
clientConfiguration.setUseTls(true);
-
clientConfiguration.setTlsTrustCertsFilePath(proxyConfig.getTlsTrustCertsFilePath());
+
clientConfiguration.setTlsTrustCertsFilePath(proxyConfig.getBrokerClientTrustCertsFilePath());
clientConfiguration.setTlsAllowInsecureConnection(proxyConfig.isTlsAllowInsecureConnection());
}
diff --git
a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyAuthenticatedProducerConsumerTest.java
b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyAuthenticatedProducerConsumerTest.java
index c62bbc1f1..626a56349 100644
---
a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyAuthenticatedProducerConsumerTest.java
+++
b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyAuthenticatedProducerConsumerTest.java
@@ -89,7 +89,7 @@ protected void setup() throws Exception {
conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
conf.setBrokerClientAuthenticationParameters(
"tlsCertFile:" + TLS_CLIENT_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_SERVER_KEY_FILE_PATH);
-
+ conf.setBrokerClientTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
Set<String> providers = new HashSet<>();
providers.add(AuthenticationProviderTls.class.getName());
conf.setAuthenticationProviders(providers);
@@ -113,10 +113,11 @@ protected void setup() throws Exception {
proxyConfig.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
proxyConfig.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
proxyConfig.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
-
+
proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
proxyConfig.setBrokerClientAuthenticationParameters(
"tlsCertFile:" + TLS_CLIENT_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_CLIENT_KEY_FILE_PATH);
+
proxyConfig.setBrokerClientTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
proxyConfig.setAuthenticationProviders(providers);
proxyConfig.setZookeeperServers(DUMMY_VALUE);
diff --git
a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationNegTest.java
b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationNegTest.java
similarity index 87%
rename from
pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationNegTest.java
rename to
pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationNegTest.java
index 04717ceac..53303b9c5 100644
---
a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationNegTest.java
+++
b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationNegTest.java
@@ -54,18 +54,18 @@
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
-public class ProxyWithProxyAuthorizationNegTest extends ProducerConsumerBase {
- private static final Logger log =
LoggerFactory.getLogger(ProxyWithProxyAuthorizationNegTest.class);
-
- private final String TLS_PROXY_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem";
- private final String TLS_PROXY_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-cert.pem";
- private final String TLS_PROXY_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-key.pem";
- private final String TLS_SERVER_CERT_TRUST_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem";
- private final String TLS_SERVER_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-cert.pem";
- private final String TLS_SERVER_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-key.pem";
- private final String TLS_CLIENT_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem";
- private final String TLS_CLIENT_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-cert.pem";
- private final String TLS_CLIENT_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-key.pem";
+public class ProxyWithAuthorizationNegTest extends ProducerConsumerBase {
+ private static final Logger log =
LoggerFactory.getLogger(ProxyWithAuthorizationNegTest.class);
+
+ private final String TLS_PROXY_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cacert.pem";
+ private final String TLS_PROXY_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cert.pem";
+ private final String TLS_PROXY_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-key.pem";
+ private final String TLS_BROKER_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cacert.pem";
+ private final String TLS_BROKER_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cert.pem";
+ private final String TLS_BROKER_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-key.pem";
+ private final String TLS_CLIENT_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cacert.pem";
+ private final String TLS_CLIENT_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cert.pem";
+ private final String TLS_CLIENT_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-key.pem";
private final String TLS_SUPERUSER_CLIENT_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/client-key.pem";
private final String TLS_SUPERUSER_CLIENT_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/client-cert.pem";
private final String TLS_SUPERUSER_CLIENT_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/cacert.pem";
@@ -82,9 +82,9 @@ protected void setup() throws Exception {
conf.setAuthorizationEnabled(true);
conf.setTlsEnabled(true);
- conf.setTlsTrustCertsFilePath(TLS_SERVER_CERT_TRUST_FILE_PATH);
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
+ conf.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH);
+ conf.setTlsCertificateFilePath(TLS_BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(TLS_BROKER_KEY_FILE_PATH);
conf.setTlsAllowInsecureConnection(true);
Set<String> superUserRoles = new HashSet<>();
@@ -93,7 +93,7 @@ protected void setup() throws Exception {
conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
conf.setBrokerClientAuthenticationParameters(
- "tlsCertFile:" + TLS_SERVER_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_SERVER_KEY_FILE_PATH);
+ "tlsCertFile:" + TLS_BROKER_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_BROKER_KEY_FILE_PATH);
Set<String> providers = new HashSet<>();
providers.add(AuthenticationProviderTls.class.getName());
@@ -119,11 +119,13 @@ protected void setup() throws Exception {
// enable tls and auth&auth at proxy
proxyConfig.setTlsCertificateFilePath(TLS_PROXY_CERT_FILE_PATH);
proxyConfig.setTlsKeyFilePath(TLS_PROXY_KEY_FILE_PATH);
- proxyConfig.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH);
+ proxyConfig.setTlsTrustCertsFilePath(TLS_CLIENT_TRUST_CERT_FILE_PATH);
proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
proxyConfig.setBrokerClientAuthenticationParameters(
"tlsCertFile:" + TLS_PROXY_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_PROXY_KEY_FILE_PATH);
+
proxyConfig.setBrokerClientTrustCertsFilePath(TLS_BROKER_TRUST_CERT_FILE_PATH);
+
proxyConfig.setAuthenticationProviders(providers);
proxyService = Mockito.spy(new ProxyService(proxyConfig));
@@ -225,7 +227,7 @@ protected final void createAdminClient() throws Exception {
authTls.configure(authParams);
org.apache.pulsar.client.api.ClientConfiguration clientConf = new
org.apache.pulsar.client.api.ClientConfiguration();
clientConf.setStatsInterval(0, TimeUnit.SECONDS);
-
clientConf.setTlsTrustCertsFilePath(TLS_SUPERUSER_CLIENT_TRUST_CERT_FILE_PATH);
+ clientConf.setTlsTrustCertsFilePath(TLS_BROKER_TRUST_CERT_FILE_PATH);
clientConf.setTlsAllowInsecureConnection(true);
clientConf.setAuthentication(authTls);
clientConf.setUseTls(true);
@@ -241,7 +243,7 @@ private PulsarClient createPulsarClient(String
proxyServiceUrl) throws PulsarCli
authTls.configure(authParams);
org.apache.pulsar.client.api.ClientConfiguration clientConf = new
org.apache.pulsar.client.api.ClientConfiguration();
clientConf.setStatsInterval(0, TimeUnit.SECONDS);
- clientConf.setTlsTrustCertsFilePath(TLS_CLIENT_TRUST_CERT_FILE_PATH);
+ clientConf.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH);
clientConf.setTlsAllowInsecureConnection(true);
clientConf.setAuthentication(authTls);
clientConf.setUseTls(true);
diff --git
a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationTest.java
b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationTest.java
similarity index 92%
rename from
pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationTest.java
rename to
pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationTest.java
index becfc2b64..93be90fc9 100644
---
a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationTest.java
+++
b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationTest.java
@@ -56,18 +56,18 @@
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
-public class ProxyWithProxyAuthorizationTest extends ProducerConsumerBase {
- private static final Logger log =
LoggerFactory.getLogger(ProxyWithProxyAuthorizationTest.class);
-
- private final String TLS_PROXY_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem";
- private final String TLS_PROXY_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-cert.pem";
- private final String TLS_PROXY_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-key.pem";
- private final String TLS_SERVER_CERT_TRUST_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem";
- private final String TLS_SERVER_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-cert.pem";
- private final String TLS_SERVER_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-key.pem";
- private final String TLS_CLIENT_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem";
- private final String TLS_CLIENT_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-cert.pem";
- private final String TLS_CLIENT_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-key.pem";
+public class ProxyWithAuthorizationTest extends ProducerConsumerBase {
+ private static final Logger log =
LoggerFactory.getLogger(ProxyWithAuthorizationTest.class);
+
+ private final String TLS_PROXY_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cacert.pem";
+ private final String TLS_PROXY_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cert.pem";
+ private final String TLS_PROXY_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-key.pem";
+ private final String TLS_BROKER_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cacert.pem";
+ private final String TLS_BROKER_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cert.pem";
+ private final String TLS_BROKER_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-key.pem";
+ private final String TLS_CLIENT_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cacert.pem";
+ private final String TLS_CLIENT_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cert.pem";
+ private final String TLS_CLIENT_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-key.pem";
private final String TLS_SUPERUSER_CLIENT_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/client-key.pem";
private final String TLS_SUPERUSER_CLIENT_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/client-cert.pem";
private final String TLS_SUPERUSER_CLIENT_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/cacert.pem";
@@ -144,9 +144,9 @@ protected void setup() throws Exception {
conf.setAuthorizationEnabled(true);
conf.setTlsEnabled(true);
- conf.setTlsTrustCertsFilePath(TLS_SERVER_CERT_TRUST_FILE_PATH);
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
+ conf.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH);
+ conf.setTlsCertificateFilePath(TLS_BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(TLS_BROKER_KEY_FILE_PATH);
conf.setTlsAllowInsecureConnection(true);
Set<String> superUserRoles = new HashSet<>();
@@ -155,8 +155,8 @@ protected void setup() throws Exception {
conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
conf.setBrokerClientAuthenticationParameters(
- "tlsCertFile:" + TLS_SERVER_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_SERVER_KEY_FILE_PATH);
-
+ "tlsCertFile:" + TLS_BROKER_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_BROKER_KEY_FILE_PATH);
+
conf.setBrokerClientTrustCertsFilePath(TLS_BROKER_TRUST_CERT_FILE_PATH);
Set<String> providers = new HashSet<>();
providers.add(AuthenticationProviderTls.class.getName());
conf.setAuthenticationProviders(providers);
@@ -181,8 +181,8 @@ protected void setup() throws Exception {
// enable tls and auth&auth at proxy
proxyConfig.setTlsCertificateFilePath(TLS_PROXY_CERT_FILE_PATH);
proxyConfig.setTlsKeyFilePath(TLS_PROXY_KEY_FILE_PATH);
- proxyConfig.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH);
-
+ proxyConfig.setTlsTrustCertsFilePath(TLS_CLIENT_TRUST_CERT_FILE_PATH);
+
proxyConfig.setBrokerClientTrustCertsFilePath(TLS_BROKER_TRUST_CERT_FILE_PATH);
proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
proxyConfig.setBrokerClientAuthenticationParameters(
"tlsCertFile:" + TLS_PROXY_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_PROXY_KEY_FILE_PATH);
@@ -396,12 +396,12 @@ public void tlsCiphersAndProtocols(Set<String>
tlsCiphers, Set<String> tlsProtoc
// enable tls and auth&auth at proxy
proxyConfig.setTlsCertificateFilePath(TLS_PROXY_CERT_FILE_PATH);
proxyConfig.setTlsKeyFilePath(TLS_PROXY_KEY_FILE_PATH);
- proxyConfig.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH);
+ proxyConfig.setTlsTrustCertsFilePath(TLS_CLIENT_TRUST_CERT_FILE_PATH);
proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
proxyConfig.setBrokerClientAuthenticationParameters(
"tlsCertFile:" + TLS_PROXY_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_PROXY_KEY_FILE_PATH);
-
+
proxyConfig.setBrokerClientTrustCertsFilePath(TLS_BROKER_TRUST_CERT_FILE_PATH);
Set<String> providers = new HashSet<>();
providers.add(AuthenticationProviderTls.class.getName());
conf.setAuthenticationProviders(providers);
@@ -448,7 +448,7 @@ protected final void createAdminClient() throws Exception {
authTls.configure(authParams);
org.apache.pulsar.client.api.ClientConfiguration clientConf = new
org.apache.pulsar.client.api.ClientConfiguration();
clientConf.setStatsInterval(0, TimeUnit.SECONDS);
-
clientConf.setTlsTrustCertsFilePath(TLS_SUPERUSER_CLIENT_TRUST_CERT_FILE_PATH);
+ clientConf.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH);
clientConf.setTlsAllowInsecureConnection(true);
clientConf.setAuthentication(authTls);
clientConf.setUseTls(true);
@@ -463,7 +463,7 @@ private PulsarClient createPulsarClient(String
proxyServiceUrl, ClientConfigurat
Authentication authTls = new AuthenticationTls();
authTls.configure(authParams);
clientConf.setStatsInterval(0, TimeUnit.SECONDS);
- clientConf.setTlsTrustCertsFilePath(TLS_CLIENT_TRUST_CERT_FILE_PATH);
+ clientConf.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH);
clientConf.setTlsAllowInsecureConnection(true);
clientConf.setAuthentication(authTls);
clientConf.setUseTls(true);
diff --git
a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java
b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java
index 6b47d2db9..5a872cef5 100644
---
a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java
+++
b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java
@@ -116,6 +116,8 @@ protected void setup() throws Exception {
proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
proxyConfig.setBrokerClientAuthenticationParameters(
"tlsCertFile:" + TLS_CLIENT_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_CLIENT_KEY_FILE_PATH);
+
proxyConfig.setBrokerClientTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
+
proxyConfig.setAuthenticationProviders(providers);
proxyService = Mockito.spy(new ProxyService(proxyConfig));
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cacert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cacert.pem
new file mode 100644
index 000000000..08cfc67dd
--- /dev/null
+++
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cacert.pem
@@ -0,0 +1,62 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ c1:32:3f:61:ff:0d:77:64
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=CA, O=Apache Pulsar, OU=Broker, CN=Broker
+ Validity
+ Not Before: Feb 18 03:51:25 2018 GMT
+ Not After : Feb 17 03:51:25 2021 GMT
+ Subject: C=US, ST=CA, O=Apache Pulsar, OU=Broker, CN=Broker
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ba:01:81:08:33:0c:38:03:e1:3b:7d:9e:0c:c5:
+ 9f:1e:c6:18:31:21:2d:67:1a:69:52:e0:76:52:c8:
+ 7b:c3:83:83:31:e1:5b:3f:4f:ad:7c:75:59:a1:39:
+ df:a3:7b:a2:e6:e7:10:02:8f:2f:ad:13:9c:8a:f6:
+ 13:b1:43:6e:54:cd:a5:fe:35:57:ef:e1:a8:f3:48:
+ 09:ad:a7:1b:6d:ae:db:73:52:1c:0b:95:eb:da:e2:
+ fa:4e:4b:d8:78:77:a1:61:8d:a3:e0:f9:9a:49:87:
+ 42:45:71:2e:a8:7a:d1:1e:c3:1d:ea:40:3f:3a:7c:
+ a6:e3:34:ec:db:53:e7:d3:a9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 54:D1:B0:95:A0:92:D5:5A:C0:35:8F:6C:EE:D5:6C:4E:90:48:2E:10
+ X509v3 Authority Key Identifier:
+
keyid:54:D1:B0:95:A0:92:D5:5A:C0:35:8F:6C:EE:D5:6C:4E:90:48:2E:10
+ DirName:/C=US/ST=CA/O=Apache Pulsar/OU=Broker/CN=Broker
+ serial:C1:32:3F:61:FF:0D:77:64
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 81:81:2e:55:77:02:81:a6:dc:31:ce:ee:50:1e:c4:79:6f:14:
+ b0:5e:b3:85:99:0e:29:ba:ab:5e:b5:0b:f7:aa:71:bb:20:ae:
+ 7a:08:1e:f3:5a:7a:a1:7d:b9:a6:89:9e:89:d4:a3:c5:68:22:
+ 04:99:99:b0:e7:a8:c1:ac:17:76:1e:3d:e9:07:62:99:da:38:
+ ec:0e:7c:d8:3e:bc:0c:cb:71:31:9f:d1:6a:5c:d3:b1:1b:82:
+ 11:8e:69:b7:f9:1c:a7:19:b8:6d:a4:2d:6a:85:8f:5f:f5:e3:
+ 32:47:8b:85:47:ba:ef:66:c1:ad:f7:1f:b6:f2:9b:9a:65:3f:
+ 2f:42
+-----BEGIN CERTIFICATE-----
+MIIC3jCCAkegAwIBAgIJAMEyP2H/DXdkMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1bHNhcjEPMA0G
+A1UECxMGQnJva2VyMQ8wDQYDVQQDEwZCcm9rZXIwHhcNMTgwMjE4MDM1MTI1WhcN
+MjEwMjE3MDM1MTI1WjBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNV
+BAoTDUFwYWNoZSBQdWxzYXIxDzANBgNVBAsTBkJyb2tlcjEPMA0GA1UEAxMGQnJv
+a2VyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6AYEIMww4A+E7fZ4MxZ8e
+xhgxIS1nGmlS4HZSyHvDg4Mx4Vs/T618dVmhOd+je6Lm5xACjy+tE5yK9hOxQ25U
+zaX+NVfv4ajzSAmtpxttrttzUhwLleva4vpOS9h4d6FhjaPg+ZpJh0JFcS6oetEe
+wx3qQD86fKbjNOzbU+fTqQIDAQABo4G3MIG0MB0GA1UdDgQWBBRU0bCVoJLVWsA1
+j2zu1WxOkEguEDCBhAYDVR0jBH0we4AUVNGwlaCS1VrANY9s7tVsTpBILhChWKRW
+MFQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1
+bHNhcjEPMA0GA1UECxMGQnJva2VyMQ8wDQYDVQQDEwZCcm9rZXKCCQDBMj9h/w13
+ZDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIGBLlV3AoGm3DHO7lAe
+xHlvFLBes4WZDim6q161C/eqcbsgrnoIHvNaeqF9uaaJnonUo8VoIgSZmbDnqMGs
+F3YePekHYpnaOOwOfNg+vAzLcTGf0Wpc07EbghGOabf5HKcZuG2kLWqFj1/14zJH
+i4VHuu9mwa33H7bym5plPy9C
+-----END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cert.pem
new file mode 100644
index 000000000..5ce3ce594
--- /dev/null
+++
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cert.pem
@@ -0,0 +1,72 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ c1:32:3f:61:ff:0d:77:65
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=CA, O=Apache Pulsar, OU=Broker, CN=Broker
+ Validity
+ Not Before: Feb 18 03:53:39 2018 GMT
+ Not After : Nov 16 00:00:00 2030 GMT
+ Subject: C=US, ST=CA, O=Apache Pulsar, OU=Broker, CN=Broker
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:ca:77:dc:2a:13:25:24:cb:29:62:06:12:5f:a8:
+ 92:c9:53:d6:3f:07:ca:aa:0a:5f:72:92:cd:b7:ea:
+ 45:47:71:f0:63:4f:58:1a:3d:fa:ce:a6:73:90:c0:
+ a9:f7:25:f0:76:75:ed:b2:03:17:be:d8:8a:56:f3:
+ 4f:6a:4c:7e:03:65:95:e5:45:eb:8d:47:e8:60:5e:
+ 9e:38:74:50:54:65:a0:ec:d8:5c:65:60:34:1b:96:
+ 83:7d:71:d4:5d:7f:e3:62:59:67:e8:f0:d6:24:7d:
+ c0:6e:37:03:54:4c:3d:0c:33:39:9b:33:e1:52:44:
+ c5:43:da:ea:ee:2c:f3:1c:16:2e:46:4c:7c:9f:5d:
+ 4d:6e:fe:8c:23:9e:f7:7e:9f:39:c1:71:06:52:f4:
+ 26:9a:22:d4:cf:c5:25:39:a9:d2:e4:24:c6:d8:4a:
+ 48:a2:ee:76:25:cb:3c:f0:bf:cd:10:77:ff:81:11:
+ 43:21:cc:3b:cc:10:7a:07:84:fc:cc:02:a2:45:de:
+ 91:2d:6b:d1:ed:17:1a:d0:46:f4:ae:7d:b3:89:f8:
+ 31:77:95:e5:46:b1:a9:31:d6:d8:e3:47:00:b2:81:
+ 81:db:8a:1c:d9:f1:cd:e3:4d:35:f6:38:91:0d:ea:
+ 07:f0:b0:06:4f:2c:4c:75:c2:37:ff:35:0d:b1:42:
+ 06:0b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 71:34:A9:AE:A7:29:C0:93:85:07:94:FE:63:AE:61:91:1D:7B:57:7D
+ X509v3 Authority Key Identifier:
+
keyid:54:D1:B0:95:A0:92:D5:5A:C0:35:8F:6C:EE:D5:6C:4E:90:48:2E:10
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 24:ce:79:65:1d:bd:1a:4b:0f:7b:c2:91:e5:0b:43:4b:c7:28:
+ c0:b7:77:9b:57:ca:c7:05:37:46:2d:f9:cd:1f:f9:f7:95:44:
+ 39:e9:69:64:c1:33:6e:0f:dd:56:dc:e7:f4:18:aa:e6:92:8a:
+ f1:73:ff:90:72:a1:2c:46:e5:14:9a:d7:25:fe:ac:aa:3c:bc:
+ 81:50:d0:09:1a:e8:2e:3b:bc:77:ac:e1:f7:ef:eb:7d:76:44:
+ 5f:29:a9:2f:4a:92:33:2d:60:0f:d5:6d:12:c4:e3:a4:4a:eb:
+ 95:8c:d8:06:06:59:c1:3e:31:12:de:23:ac:af:75:0e:9c:b0:
+ 9a:a5
+-----BEGIN CERTIFICATE-----
+MIIDJTCCAo6gAwIBAgIJAMEyP2H/DXdlMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1bHNhcjEPMA0G
+A1UECxMGQnJva2VyMQ8wDQYDVQQDEwZCcm9rZXIwHhcNMTgwMjE4MDM1MzM5WhcN
+MzAxMTE2MDAwMDAwWjBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNV
+BAoTDUFwYWNoZSBQdWxzYXIxDzANBgNVBAsTBkJyb2tlcjEPMA0GA1UEAxMGQnJv
+a2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynfcKhMlJMspYgYS
+X6iSyVPWPwfKqgpfcpLNt+pFR3HwY09YGj36zqZzkMCp9yXwdnXtsgMXvtiKVvNP
+akx+A2WV5UXrjUfoYF6eOHRQVGWg7NhcZWA0G5aDfXHUXX/jYlln6PDWJH3AbjcD
+VEw9DDM5mzPhUkTFQ9rq7izzHBYuRkx8n11Nbv6MI573fp85wXEGUvQmmiLUz8Ul
+OanS5CTG2EpIou52Jcs88L/NEHf/gRFDIcw7zBB6B4T8zAKiRd6RLWvR7Rca0Eb0
+rn2zifgxd5XlRrGpMdbY40cAsoGB24oc2fHN40019jiRDeoH8LAGTyxMdcI3/zUN
+sUIGCwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUcTSprqcpwJOFB5T+Y65h
+kR17V30wHwYDVR0jBBgwFoAUVNGwlaCS1VrANY9s7tVsTpBILhAwDQYJKoZIhvcN
+AQEFBQADgYEAJM55ZR29GksPe8KR5QtDS8cowLd3m1fKxwU3Ri35zR/595VEOelp
+ZMEzbg/dVtzn9Biq5pKK8XP/kHKhLEblFJrXJf6sqjy8gVDQCRroLju8d6zh9+/r
+fXZEXympL0qSMy1gD9VtEsTjpErrlYzYBgZZwT4xEt4jrK91DpywmqU=
+-----END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-key.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-key.pem
new file mode 100644
index 000000000..63bbb7bfe
--- /dev/null
+++
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDKd9wqEyUkyyli
+BhJfqJLJU9Y/B8qqCl9yks236kVHcfBjT1gaPfrOpnOQwKn3JfB2de2yAxe+2IpW
+809qTH4DZZXlReuNR+hgXp44dFBUZaDs2FxlYDQbloN9cdRdf+NiWWfo8NYkfcBu
+NwNUTD0MMzmbM+FSRMVD2uruLPMcFi5GTHyfXU1u/owjnvd+nznBcQZS9CaaItTP
+xSU5qdLkJMbYSkii7nYlyzzwv80Qd/+BEUMhzDvMEHoHhPzMAqJF3pEta9HtFxrQ
+RvSufbOJ+DF3leVGsakx1tjjRwCygYHbihzZ8c3jTTX2OJEN6gfwsAZPLEx1wjf/
+NQ2xQgYLAgMBAAECggEARpLZD2F1BQo79osfRHDCGaM7fuT8Y6ER/CHnyz/BvlGc
+9UDm+N652eZzSfWeSSPUWbZpkC87y643Km/NMsRO+Ggkg7KHlMuH2G+ivxLsHT7/
+hQ81xbBu+V7Rnpxa5ex6GgIIEk5Alp+uv7w1UODyNpp0bgD7fW2zRR+93B+W7ia+
+aWLcFur1LgGUVpqmlDKZBLD+q3oJ7ddi/uam8WS41IxtUvUVW4L8Pz4sCGjVqEMC
+1SbUuuNT5dWLas21c5RhLn1mfyKzLSfeL63+WLuaEobR3GpLDJeG/P6CUCJfrN+j
+NtTDFq89QxGzgN6Rvy9MuHC4kHWHvgGlfZ7uZdzWgQKBgQDl3CabW+ZNPCZk3JHU
+fGI0Xb3jQElooXOqZOH+FgGKnrbNb7j04Gjs1P4/XibnVsvgwCL8TbR1hgBD6/Qx
+z0Sd2T0nwCmLyO9LzyOrlpcKaKF+4OYFPKiqZGV1jXhCQXH9b7IXufS8U4uXwD+Z
+elw5MOD6DON7ud9V5E/J5ST58QKBgQDhfkKvtgzaLPD17Bx0M30buHzQuQHplpc4
+J0WGWUXR6rui5tCeHoASAl+UNAFReWJ7Ra+iTHMNqwolVsSQVzmX6e8342f9y0bV
+3iv1ge/dA75gEqxifqSXHVm6T/j40DBIr4fwjl5L2qCB/JKCyRvoCK3pDrYZLXWP
+DRWhssujuwKBgQCfQBhrWI9FgV/kT0Clo4tyVmQBtv9lAz6clgpQvDRTMsTZrgbJ
+eVSYiLSheHyhmGvmCZfzj25wYed7J1Vm0P/sEJ8jFCp0k0DfF+LRtaJtbrI8sloK
+1MzSSH5WpC3mUWtFOAZ+E7Kwa31yJJqrna+ZW/jypM1SYiOOYYC6Ewy8MQKBgFdq
+GPQBAQ57KZZMR+OMKk3awRgxAFrLdCfioYMpjHWKJ99I10rUzBUvMlpDptcs1U6w
+fxvNwzRjP/Wlo2HJTpxjpcbms2Ohr/4suKHeE1x8nQqlcopkSe4DBMvDQOND4dPr
+qClLJ6cERADgJvPofpb+9lxIxbMQ+mfQTLh4lZUNAoGAPfAhkt8i6L3VkBIMaV9X
+U+6q4brsT0dNLOO/lgf5FXQuCg0WIgBIb1vrGDD1i9WAUiNN8zzYK9UxqjpAtRAe
+LgPYX5GHXR0ceR0MQNHdbc4RRjJbPmgey+d7pc9EUn8WWt/uXIeo01DHBPPjsgHr
+k/JZjqmRla+2pklmoG2sfI0=
+-----END PRIVATE KEY-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cacert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cacert.pem
new file mode 100644
index 000000000..2940c4c5b
--- /dev/null
+++
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cacert.pem
@@ -0,0 +1,62 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ f8:db:4d:4a:12:e2:bf:0a
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=CA, O=Apache Pulsar, OU=Client, CN=Client
+ Validity
+ Not Before: Feb 18 03:56:51 2018 GMT
+ Not After : Feb 17 03:56:51 2021 GMT
+ Subject: C=US, ST=CA, O=Apache Pulsar, OU=Client, CN=Client
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c9:b4:bc:fe:63:eb:34:97:fb:c2:bd:84:d4:47:
+ ea:5e:21:3f:ce:7e:0b:38:b9:a7:5c:9b:02:93:34:
+ 06:68:1c:2c:7e:5a:d9:a9:c6:db:39:d5:5a:40:52:
+ e8:63:bb:db:76:78:8a:8c:a7:cb:dc:23:9e:b2:56:
+ 6a:c9:4f:5e:8d:f0:50:1c:2f:68:ef:0e:03:d7:e9:
+ 30:0e:6e:45:eb:a6:39:0d:67:9c:b2:f7:10:e7:a5:
+ a4:f3:4a:6e:0d:d3:86:6f:16:66:15:04:fb:4f:95:
+ f1:bd:c2:36:3c:5d:b3:c3:7b:a9:36:c5:f1:1a:64:
+ c6:b5:f7:ff:c2:be:09:c0:35
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 4F:E4:CE:4A:8E:79:B6:43:C0:A4:9F:8B:78:A9:6F:BD:60:81:46:54
+ X509v3 Authority Key Identifier:
+
keyid:4F:E4:CE:4A:8E:79:B6:43:C0:A4:9F:8B:78:A9:6F:BD:60:81:46:54
+ DirName:/C=US/ST=CA/O=Apache Pulsar/OU=Client/CN=Client
+ serial:F8:DB:4D:4A:12:E2:BF:0A
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 85:04:19:99:c8:27:4f:f2:60:71:6b:f4:25:d0:b2:d0:eb:6a:
+ d8:1a:1d:5f:c5:a5:c5:af:1b:41:16:30:a2:42:f2:53:85:5e:
+ 42:03:9d:e8:75:35:14:46:91:18:b3:12:ad:b8:db:7f:12:0f:
+ 32:8b:02:ff:51:0c:ce:d9:15:01:98:11:81:61:e0:f2:52:d3:
+ 36:2b:9f:b5:93:67:80:70:57:b8:cb:a3:5d:94:14:93:cd:f7:
+ a4:b0:d0:43:a6:f7:5e:c1:bc:b1:95:1e:dc:2d:b4:67:65:24:
+ 6b:9d:eb:fc:ef:6f:ea:ea:c6:59:4c:fe:05:3f:48:89:47:a1:
+ f2:b1
+-----BEGIN CERTIFICATE-----
+MIIC3jCCAkegAwIBAgIJAPjbTUoS4r8KMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1bHNhcjEPMA0G
+A1UECxMGQ2xpZW50MQ8wDQYDVQQDEwZDbGllbnQwHhcNMTgwMjE4MDM1NjUxWhcN
+MjEwMjE3MDM1NjUxWjBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNV
+BAoTDUFwYWNoZSBQdWxzYXIxDzANBgNVBAsTBkNsaWVudDEPMA0GA1UEAxMGQ2xp
+ZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJtLz+Y+s0l/vCvYTUR+pe
+IT/Ofgs4uadcmwKTNAZoHCx+Wtmpxts51VpAUuhju9t2eIqMp8vcI56yVmrJT16N
+8FAcL2jvDgPX6TAObkXrpjkNZ5yy9xDnpaTzSm4N04ZvFmYVBPtPlfG9wjY8XbPD
+e6k2xfEaZMa19//CvgnANQIDAQABo4G3MIG0MB0GA1UdDgQWBBRP5M5Kjnm2Q8Ck
+n4t4qW+9YIFGVDCBhAYDVR0jBH0we4AUT+TOSo55tkPApJ+LeKlvvWCBRlShWKRW
+MFQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1
+bHNhcjEPMA0GA1UECxMGQ2xpZW50MQ8wDQYDVQQDEwZDbGllbnSCCQD4201KEuK/
+CjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIUEGZnIJ0/yYHFr9CXQ
+stDratgaHV/FpcWvG0EWMKJC8lOFXkIDneh1NRRGkRizEq24238SDzKLAv9RDM7Z
+FQGYEYFh4PJS0zYrn7WTZ4BwV7jLo12UFJPN96Sw0EOm917BvLGVHtwttGdlJGud
+6/zvb+rqxllM/gU/SIlHofKx
+-----END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cert.pem
new file mode 100644
index 000000000..2412bc024
--- /dev/null
+++
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cert.pem
@@ -0,0 +1,72 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ f8:db:4d:4a:12:e2:bf:0b
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=CA, O=Apache Pulsar, OU=Client, CN=Client
+ Validity
+ Not Before: Feb 18 03:58:13 2018 GMT
+ Not After : Nov 16 00:00:00 2030 GMT
+ Subject: C=US, ST=CA, O=Apache Pulsar, OU=Client, CN=Client
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:de:1e:10:bd:64:13:c1:6c:7a:49:86:01:3b:ab:
+ ab:1d:ec:b2:93:41:6c:6c:21:f2:e6:15:1b:51:ce:
+ ad:67:fd:18:3e:7f:7a:64:a2:62:5f:2e:0b:59:b4:
+ ed:d9:17:0e:b7:bc:50:66:41:b7:e3:c4:71:c9:73:
+ 73:3d:d8:6d:34:80:f2:e3:b9:98:8f:2b:54:14:95:
+ b3:51:1b:d6:91:85:cd:b7:34:a2:50:b6:f1:86:6e:
+ 07:30:fa:ae:55:a0:5d:f9:7c:1c:91:50:62:7d:bb:
+ 14:86:92:0a:ac:29:3e:28:1b:99:ca:30:63:dc:a9:
+ 5f:05:f8:38:3e:30:10:02:9f:cc:94:d7:47:e0:1a:
+ f4:1c:68:96:3d:12:5e:58:21:41:2c:ec:96:ad:9e:
+ 08:56:83:7a:92:5f:4b:e6:bd:01:16:70:28:af:aa:
+ 27:1d:c4:fe:b2:09:bf:a5:b4:47:d9:58:4b:fe:41:
+ 81:0e:a2:46:57:c1:39:7c:8d:e4:b1:a7:25:e6:b4:
+ dd:f3:9e:24:c9:e7:c0:8c:1a:b4:ab:dd:b9:33:bf:
+ 11:cb:be:bb:22:f7:fc:ad:c4:40:41:d7:ef:37:08:
+ 1a:95:45:1f:db:14:5f:0b:f8:48:ff:41:24:cb:5c:
+ 8e:18:48:4c:5f:19:e9:b0:7b:22:d3:bc:42:32:45:
+ 9a:d1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ E1:E9:57:60:A7:47:48:F0:1F:A8:C6:2F:95:BF:3A:42:DB:BC:7A:4D
+ X509v3 Authority Key Identifier:
+
keyid:4F:E4:CE:4A:8E:79:B6:43:C0:A4:9F:8B:78:A9:6F:BD:60:81:46:54
+
+ Signature Algorithm: sha1WithRSAEncryption
+ a5:eb:02:90:4c:a3:33:e4:6c:c3:47:66:94:d8:3c:05:c0:ac:
+ f4:44:56:de:85:a8:41:4a:bb:28:0f:7e:aa:b9:58:40:a4:22:
+ b3:a3:46:94:42:0c:f2:93:0e:b5:c1:17:29:58:48:12:4a:3d:
+ 83:40:e0:6b:07:11:54:ca:7b:58:a8:f3:7a:e4:3d:69:aa:04:
+ 2e:3a:5e:d8:c1:ac:08:2f:41:17:b4:cb:35:89:00:65:f1:2b:
+ 07:80:4c:c2:90:49:cd:2d:ca:43:8c:64:c1:eb:8a:b3:88:d1:
+ 4b:50:95:14:41:4b:b7:76:b2:10:97:52:63:bf:17:c7:36:6f:
+ d8:bb
+-----BEGIN CERTIFICATE-----
+MIIDJTCCAo6gAwIBAgIJAPjbTUoS4r8LMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1bHNhcjEPMA0G
+A1UECxMGQ2xpZW50MQ8wDQYDVQQDEwZDbGllbnQwHhcNMTgwMjE4MDM1ODEzWhcN
+MzAxMTE2MDAwMDAwWjBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNV
+BAoTDUFwYWNoZSBQdWxzYXIxDzANBgNVBAsTBkNsaWVudDEPMA0GA1UEAxMGQ2xp
+ZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3h4QvWQTwWx6SYYB
+O6urHeyyk0FsbCHy5hUbUc6tZ/0YPn96ZKJiXy4LWbTt2RcOt7xQZkG348RxyXNz
+PdhtNIDy47mYjytUFJWzURvWkYXNtzSiULbxhm4HMPquVaBd+XwckVBifbsUhpIK
+rCk+KBuZyjBj3KlfBfg4PjAQAp/MlNdH4Br0HGiWPRJeWCFBLOyWrZ4IVoN6kl9L
+5r0BFnAor6onHcT+sgm/pbRH2VhL/kGBDqJGV8E5fI3ksacl5rTd854kyefAjBq0
+q925M78Ry767Ivf8rcRAQdfvNwgalUUf2xRfC/hI/0Eky1yOGEhMXxnpsHsi07xC
+MkWa0QIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU4elXYKdHSPAfqMYvlb86
+Qtu8ek0wHwYDVR0jBBgwFoAUT+TOSo55tkPApJ+LeKlvvWCBRlQwDQYJKoZIhvcN
+AQEFBQADgYEApesCkEyjM+Rsw0dmlNg8BcCs9ERW3oWoQUq7KA9+qrlYQKQis6NG
+lEIM8pMOtcEXKVhIEko9g0DgawcRVMp7WKjzeuQ9aaoELjpe2MGsCC9BF7TLNYkA
+ZfErB4BMwpBJzS3KQ4xkweuKs4jRS1CVFEFLt3ayEJdSY78XxzZv2Ls=
+-----END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-key.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-key.pem
new file mode 100644
index 000000000..0f8ce4624
--- /dev/null
+++
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDeHhC9ZBPBbHpJ
+hgE7q6sd7LKTQWxsIfLmFRtRzq1n/Rg+f3pkomJfLgtZtO3ZFw63vFBmQbfjxHHJ
+c3M92G00gPLjuZiPK1QUlbNRG9aRhc23NKJQtvGGbgcw+q5VoF35fByRUGJ9uxSG
+kgqsKT4oG5nKMGPcqV8F+Dg+MBACn8yU10fgGvQcaJY9El5YIUEs7JatnghWg3qS
+X0vmvQEWcCivqicdxP6yCb+ltEfZWEv+QYEOokZXwTl8jeSxpyXmtN3zniTJ58CM
+GrSr3bkzvxHLvrsi9/ytxEBB1+83CBqVRR/bFF8L+Ej/QSTLXI4YSExfGemweyLT
+vEIyRZrRAgMBAAECggEBAIOeh0bjLb25fUFiMgrc8Bpcb3lJFGmDOH9U1IqGkUUE
+ukAWpD1L6EUEcN9okmTJAASqh24A1WoXt2Grkwd730J0gvmkuh1kjH9iMg8HEv/K
+rRs6ClEQB1EklAhXE8VTsTwsanVFkAd3O3N+yOo5ykZUDK6+O/6/MrrD2vgm3OXg
+FnqfS3JLZvMy7Q7xPxUZquuwi7sdSSgvmh1krwhrX12ZT5AncAySflnhutB1DpbE
+0M9YJ35XDAxGpgRvWGFxvK9fCWaVSgxTgMPOuEoaCN90Qj1sEdGhvuvNQZ2EVp20
+oAs3p3NnpToppXXQ8cnYwtPD+J4AMwOuEKmwpCSgLa0CgYEA/DDFxGWQ0D1BziUl
+M9yjjZQXQJLXlUW4E6vFb68LG0xWU8ZrXKomHQC5AVZb+FL0RlWvwlFd6ENVK+eI
+kswbDDN4h15Sgvz/6gVHR7u6wh5xwwU76UDaAfnA3e8qr82PQopKuM//5L88sgr8
+Eu3FwzO5URZdgnQu5HlJWcMl3C8CgYEA4Xj/3cqqkIRVnbOD5ETP5Z8L6J7VG7f2
+Yuf0Jd6ECd4cF3em7gWfgiOleObRDJxdoXIqdMsvj4SASd2GEb6qu4a3GIWnmW5d
+wUP0GfWPRZIiN8cwHXnBbJHTc3GgX2cT2zOUiDULQgnRe/GY7drbODX/UC0NAOHq
+HOg758yrOP8CgYBCUkVAQAGUcfejUet1txmf+wkeZz+gtwQQ0ESM+XivRiURxQWp
+CeoaCH2e12o6ZP5unMwrCyDqGwMEF9C34kteqw6QcwK6BfT7Q0YanEkiEcWTJwY5
+cl+i016gPux37VQ2iI3cCn9eVdiNbgwaokM28ZxTsdEHpKxMU4UxwPts6wKBgGzm
+6n6Pss5WfJvM5vlMGzYHGdNjU/8tXX3sFsprrU6uztau3hu874wF95hrs7DpnXer
+EsKSmQgysVv7+RN9Ci3FJY5cj9TVr8b3MWGQb4Dk0k4qkRzLgBcWYBE0Yodx2+9V
+/HnFVQiygVHiIUFRIe0Gd6ib+dnhRBhuOvD8s/61AoGBAKTvA19eVpXmgex9kuWs
+RbVg08bF1lKReViwZQ0PzuOiymscGRjhR7F7FgqI9cls89jY4TLXrwWSja2Pxkvs
+hudBnEs5eOVt/7FC498TjVfmaHF0mXWUgrO4oJXUDlHLZFMMnimUyKmYLAK+Sy9q
+TFyi5AtZ/eoXLFh2FXuhjFAG
+-----END PRIVATE KEY-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cacert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cacert.pem
new file mode 100644
index 000000000..1f71b88bb
--- /dev/null
+++
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cacert.pem
@@ -0,0 +1,62 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ a5:2d:2e:41:e9:fc:8a:91
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=CA, O=Apache Pulsar, OU=Proxy, CN=Proxy
+ Validity
+ Not Before: Feb 18 04:00:32 2018 GMT
+ Not After : Feb 17 04:00:32 2021 GMT
+ Subject: C=US, ST=CA, O=Apache Pulsar, OU=Proxy, CN=Proxy
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:aa:ce:ea:82:4f:ac:a8:97:7b:0c:33:cd:ef:7f:
+ 24:45:e5:81:a2:2c:7a:ab:65:34:27:27:39:ae:f4:
+ b2:f3:0e:cc:08:3b:8e:1d:78:95:aa:95:01:0e:a3:
+ df:db:4b:9a:ad:85:e6:af:96:16:41:35:dc:b2:23:
+ 03:ff:b9:d6:75:25:29:37:f5:3f:26:43:c3:36:a0:
+ 9c:0f:36:a5:91:dd:7d:18:5d:45:24:d3:f6:bf:86:
+ 91:91:10:b5:00:bf:12:6a:01:9f:28:38:01:08:5f:
+ fd:a8:6d:98:33:cc:77:fb:a1:fe:06:59:92:6d:0b:
+ 14:bc:9b:59:fd:98:69:ec:6d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 4F:39:5A:C4:BF:78:EF:3D:FC:F1:68:5A:F6:B9:4B:D2:B7:03:C7:87
+ X509v3 Authority Key Identifier:
+
keyid:4F:39:5A:C4:BF:78:EF:3D:FC:F1:68:5A:F6:B9:4B:D2:B7:03:C7:87
+ DirName:/C=US/ST=CA/O=Apache Pulsar/OU=Proxy/CN=Proxy
+ serial:A5:2D:2E:41:E9:FC:8A:91
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 84:e1:30:a5:a5:7e:39:9b:2a:1f:cb:1e:67:c6:00:75:f3:8f:
+ 6a:d0:ef:d7:46:39:2c:b6:ba:1f:03:7d:eb:cf:22:ef:46:82:
+ bb:89:08:dd:3f:28:b3:6e:79:1a:14:26:ed:38:2f:f0:c9:fe:
+ 7f:72:5c:8a:82:b8:05:fe:f7:45:6c:e9:6e:ff:f9:d3:a4:60:
+ 1a:e9:7b:71:c8:a1:80:3d:0f:33:44:06:30:c7:c9:2f:8f:e4:
+ 5d:68:25:cb:28:49:5a:5d:ac:10:f7:d2:90:cf:0c:1f:ff:7c:
+ 7b:04:95:a7:b9:27:d9:66:ac:73:6e:92:84:de:68:fc:86:27:
+ e8:d3
+-----BEGIN CERTIFICATE-----
+MIIC2DCCAkGgAwIBAgIJAKUtLkHp/IqRMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1bHNhcjEOMAwG
+A1UECxMFUHJveHkxDjAMBgNVBAMTBVByb3h5MB4XDTE4MDIxODA0MDAzMloXDTIx
+MDIxNzA0MDAzMlowUjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQK
+Ew1BcGFjaGUgUHVsc2FyMQ4wDAYDVQQLEwVQcm94eTEOMAwGA1UEAxMFUHJveHkw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKrO6oJPrKiXewwzze9/JEXlgaIs
+eqtlNCcnOa70svMOzAg7jh14laqVAQ6j39tLmq2F5q+WFkE13LIjA/+51nUlKTf1
+PyZDwzagnA82pZHdfRhdRSTT9r+GkZEQtQC/EmoBnyg4AQhf/ahtmDPMd/uh/gZZ
+km0LFLybWf2YaextAgMBAAGjgbUwgbIwHQYDVR0OBBYEFE85WsS/eO89/PFoWva5
+S9K3A8eHMIGCBgNVHSMEezB5gBRPOVrEv3jvPfzxaFr2uUvStwPHh6FWpFQwUjEL
+MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQKEw1BcGFjaGUgUHVsc2Fy
+MQ4wDAYDVQQLEwVQcm94eTEOMAwGA1UEAxMFUHJveHmCCQClLS5B6fyKkTAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIThMKWlfjmbKh/LHmfGAHXzj2rQ
+79dGOSy2uh8DfevPIu9GgruJCN0/KLNueRoUJu04L/DJ/n9yXIqCuAX+90Vs6W7/
++dOkYBrpe3HIoYA9DzNEBjDHyS+P5F1oJcsoSVpdrBD30pDPDB//fHsElae5J9lm
+rHNukoTeaPyGJ+jT
+-----END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cert.pem
new file mode 100644
index 000000000..a3962c32d
--- /dev/null
+++
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cert.pem
@@ -0,0 +1,72 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ a5:2d:2e:41:e9:fc:8a:92
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=CA, O=Apache Pulsar, OU=Proxy, CN=Proxy
+ Validity
+ Not Before: Feb 18 04:02:27 2018 GMT
+ Not After : Nov 16 00:00:00 2030 GMT
+ Subject: C=US, ST=CA, O=Apache Pulsar, OU=Proxy, CN=Proxy
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c3:5c:c5:ad:17:dc:f4:d4:c4:ea:1c:60:5a:24:
+ 46:13:d9:cf:c0:cd:83:2e:2f:82:70:e5:e0:8d:33:
+ bd:95:b5:cf:c6:f0:54:d5:8d:bd:87:0d:62:6c:1d:
+ 3f:52:66:74:ff:06:33:1c:3c:d5:ed:2e:63:d9:96:
+ c6:f1:98:82:c7:94:4a:bc:64:f2:9b:3a:54:ec:81:
+ 99:bc:14:82:43:87:0c:6b:da:03:8c:aa:0b:41:d7:
+ fe:27:c4:f9:88:81:34:b1:ff:2a:e0:6d:d0:47:dd:
+ c1:11:a5:54:a9:53:32:cd:8f:f6:75:58:8e:05:e4:
+ d9:b1:ac:69:fe:b6:54:c3:ad:36:04:a2:77:f5:53:
+ b6:74:83:d5:6a:01:e0:96:b5:a2:af:50:8f:b5:d7:
+ 9d:a7:c2:bd:f8:31:86:09:5f:7c:0a:b2:db:34:e1:
+ 80:25:17:5f:7d:6f:8b:dc:8e:d5:f9:cf:cf:f5:f6:
+ 8f:6a:fe:3e:96:00:c9:56:b0:d0:e3:46:de:b9:a6:
+ 8a:5e:9b:8e:7f:ea:19:cc:a2:5b:75:22:3c:1d:36:
+ 48:e4:f2:1a:01:95:61:c1:f0:7a:27:9d:83:96:74:
+ cc:a9:04:42:08:53:34:98:2e:b7:e3:83:f9:f2:a3:
+ 29:e1:23:c4:ed:a0:1c:f6:2a:ed:dc:c0:df:97:a9:
+ f3:8d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ D5:A5:19:6A:3B:38:5F:19:C7:34:C6:BC:68:BE:16:A5:0B:43:57:2D
+ X509v3 Authority Key Identifier:
+
keyid:4F:39:5A:C4:BF:78:EF:3D:FC:F1:68:5A:F6:B9:4B:D2:B7:03:C7:87
+
+ Signature Algorithm: sha1WithRSAEncryption
+ a0:f1:e6:d4:75:75:10:0e:27:18:28:93:9f:c5:15:2b:f3:52:
+ 3c:f7:c7:6d:96:b3:7f:65:6c:78:be:26:f5:f2:41:36:f0:b2:
+ fb:64:67:73:d2:bf:d7:24:af:30:1e:6f:3a:9c:80:98:34:06:
+ 11:ba:45:06:57:ec:d9:f0:77:1f:d6:e8:0c:13:9d:d1:15:c7:
+ d8:73:fb:aa:dc:0d:3c:4b:3a:bb:87:3c:21:6d:05:9d:fa:74:
+ db:61:4c:47:6a:e7:6b:79:2b:3f:62:a8:fc:e6:11:c8:0f:40:
+ 48:51:71:a2:ad:77:d5:fe:ff:1d:73:82:0c:3c:98:ab:26:9b:
+ 78:d5
+-----BEGIN CERTIFICATE-----
+MIIDITCCAoqgAwIBAgIJAKUtLkHp/IqSMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1bHNhcjEOMAwG
+A1UECxMFUHJveHkxDjAMBgNVBAMTBVByb3h5MB4XDTE4MDIxODA0MDIyN1oXDTMw
+MTExNjAwMDAwMFowUjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQK
+Ew1BcGFjaGUgUHVsc2FyMQ4wDAYDVQQLEwVQcm94eTEOMAwGA1UEAxMFUHJveHkw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDXMWtF9z01MTqHGBaJEYT
+2c/AzYMuL4Jw5eCNM72Vtc/G8FTVjb2HDWJsHT9SZnT/BjMcPNXtLmPZlsbxmILH
+lEq8ZPKbOlTsgZm8FIJDhwxr2gOMqgtB1/4nxPmIgTSx/yrgbdBH3cERpVSpUzLN
+j/Z1WI4F5NmxrGn+tlTDrTYEonf1U7Z0g9VqAeCWtaKvUI+1152nwr34MYYJX3wK
+sts04YAlF199b4vcjtX5z8/19o9q/j6WAMlWsNDjRt65popem45/6hnMolt1Ijwd
+Nkjk8hoBlWHB8HonnYOWdMypBEIIUzSYLrfjg/nyoynhI8TtoBz2Ku3cwN+XqfON
+AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTVpRlqOzhfGcc0xrxovhalC0NX
+LTAfBgNVHSMEGDAWgBRPOVrEv3jvPfzxaFr2uUvStwPHhzANBgkqhkiG9w0BAQUF
+AAOBgQCg8ebUdXUQDicYKJOfxRUr81I898dtlrN/ZWx4vib18kE28LL7ZGdz0r/X
+JK8wHm86nICYNAYRukUGV+zZ8Hcf1ugME53RFcfYc/uq3A08Szq7hzwhbQWd+nTb
+YUxHaudreSs/Yqj85hHID0BIUXGirXfV/v8dc4IMPJirJpt41Q==
+-----END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-key.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-key.pem
new file mode 100644
index 000000000..855603688
--- /dev/null
+++
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDXMWtF9z01MTq
+HGBaJEYT2c/AzYMuL4Jw5eCNM72Vtc/G8FTVjb2HDWJsHT9SZnT/BjMcPNXtLmPZ
+lsbxmILHlEq8ZPKbOlTsgZm8FIJDhwxr2gOMqgtB1/4nxPmIgTSx/yrgbdBH3cER
+pVSpUzLNj/Z1WI4F5NmxrGn+tlTDrTYEonf1U7Z0g9VqAeCWtaKvUI+1152nwr34
+MYYJX3wKsts04YAlF199b4vcjtX5z8/19o9q/j6WAMlWsNDjRt65popem45/6hnM
+olt1IjwdNkjk8hoBlWHB8HonnYOWdMypBEIIUzSYLrfjg/nyoynhI8TtoBz2Ku3c
+wN+XqfONAgMBAAECggEAX3rR6d0F0mrCqqCfvq6HyV/kl5hZipMRr1fKPXiSKb8o
+A1SmQZD6lizGc4x/zCfi+ljvVdetvjOz/T4hkSY2lJA3TogPwinqI4Tbu/5SA+rW
++UceAPuCcPW9c3ZjdoGfXXcWX4WMC/OnTpZ9IBxXcfvwOj3De8HzW1CmpSQ7nT4J
+ukBe5PwYFiGywvRKygKMicVYUYABW6AhFxJCUcRqLGdXDrja+Qe79JI3ywDjvmNR
+jIOSjToxbuXv39OfRC2KUZPWT4AkXa4dI8j5HNFsZ6J4kOzc5aByW9LzgMW7Bspd
+a+7vov4eNop+t72gj5XE4wZVc2vT18dF5Kus4hsCSQKBgQDmsp3nSXFcFcNUjel7
+rsx8da8R/rSJOgswHmpAuMHF0mCsmqWfxUwIlRmCnHPHu4+yztYd2yyYPHULyMiK
+JcMxo8Aziq0F/nV9k6snZgarazlb40JTYU6FQMjkigigOzNoIdUAInIIZBP78CTk
+R/qXnXbNxwxJAhiAIy1y8G3hnwKBgQDYyghUE8+T+nKeAt3Tvlrg2PyCT/OAZPIB
+bcHCw9y1jt4msHxYsb5qbD43LnwYPVSv5YgAgmbM+hKJMHaEqvcdrNAjCq1EeZIx
+I8TDcj4RLKJOHtDdxLpWUvq8YaTXv0dOMdJfNw2uaYVL1HQibdEfHjJvvlxl1faZ
+8J2gXdUTUwKBgQCWVHqVBsS57uyUIs2s7SEPUVi97y4R5iL4Pjma50pN8GNS1otq
+65Q6W35+IBlKZCylpibc2b/bjDnxbetQKn9hz4UlkQ5iw4goRpvXVqKt/XcpK5RC
+5TvXlXnTgydP0oQTLUixh8CrOxvSppBDuavQNKoAOd8FjDoO9d1d8tKHnQKBgBR+
+5VKtnM5suzFdLAO813KykQzw6iCVapvf+JWlVtSDcVVPEjKAe3QsT6V/65OPGNaY
+aMdDjNyMN/xobIwWbc6MbBEkDUWQCNZEf3HK9ztAcQfZuf19f/BxX+s3gBI1r1Qh
+ObZuyghXSZbluyUWJNNAU5xk7u9hzzK2oPBsbpypAoGAVdhBjPZZLq7iJTmcWBIS
+aQE0WXD+0y329hcKGvizjrIlld0o7UoBUuZJRP6sTO8cZ46BKv0RXXbH2cx1g5JR
+12RyeeVjDWKo2LlLz4/5+ZWHur5ITHB/llVtKJAHxX8sjxR+mZ2JYTMkte/GXG0i
+NZZZbx989EXlPwmvrnQmDIQ=
+-----END PRIVATE KEY-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-cert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-cert.pem
deleted file mode 100644
index 63fcf38fe..000000000
---
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-cert.pem
+++ /dev/null
@@ -1,72 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- ac:a4:b3:6b:f5:b4:5f:c9
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=New CA
- Validity
- Not Before: Dec 20 02:22:54 2017 GMT
- Not After : Dec 20 02:22:54 2018 GMT
- Subject: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=Broker
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:ba:ab:bd:1d:68:9e:1f:6d:99:8a:8e:95:8d:dc:
- b7:e5:95:1a:40:ff:9e:5d:be:38:e6:19:1c:39:0d:
- 39:e3:e0:cd:96:42:09:41:9f:ca:f1:7f:63:6f:be:
- a5:46:1b:07:06:01:43:11:ed:e9:f9:a2:41:2a:29:
- ac:10:d3:df:30:4a:f5:9b:5d:b9:97:2b:d4:10:82:
- 92:55:e7:ca:b1:eb:94:6a:63:e6:28:a3:75:0e:f2:
- 5b:ff:1a:df:0b:3e:2d:6b:c8:c1:49:98:2b:c1:5f:
- 9a:c6:1d:94:26:7f:eb:6f:7e:81:c2:27:23:13:90:
- 4f:89:04:dd:2c:8d:de:4c:f8:9f:33:b9:28:ed:7e:
- 3a:14:fa:6f:d0:cc:50:5e:75:40:39:e2:57:46:af:
- b7:67:8f:c9:57:f2:85:b0:54:59:02:76:c8:92:2c:
- af:19:3e:09:d8:5f:a4:d0:9c:a7:35:77:c9:aa:90:
- 50:86:2a:9a:3c:8f:3b:50:a5:01:88:b9:d3:eb:4d:
- 23:24:f2:58:65:1c:03:7a:0a:2c:20:30:b6:46:8d:
- b1:65:1c:16:0c:bf:bd:87:df:1c:e6:46:c8:f7:4f:
- 60:fd:a1:91:c9:e4:ff:21:e7:e8:65:70:ba:9f:d6:
- 44:07:27:45:1d:69:e7:d6:72:d8:d0:3e:df:2e:61:
- 9e:4d
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 1C:C6:F7:DB:06:C1:1D:1C:7C:9E:64:AF:E5:47:47:80:00:6C:C8:26
- X509v3 Authority Key Identifier:
-
keyid:E5:15:C2:1D:E7:EE:28:3C:FA:B6:3E:58:FB:0B:61:52:6E:B0:81:5B
-
- Signature Algorithm: sha1WithRSAEncryption
- 7f:b4:f8:d6:9c:ea:01:1b:74:19:a9:ee:ea:83:66:11:df:90:
- c5:f0:e6:bc:05:bd:b4:8a:64:d6:08:fd:75:da:2e:f5:f9:20:
- e0:62:8b:b8:b7:bd:c3:92:0f:a3:61:c7:78:6a:68:ea:74:20:
- 8e:a8:b7:0f:28:d1:54:8a:55:af:38:8c:a7:64:79:1c:95:f6:
- b8:f3:48:0e:14:2b:78:75:ff:96:70:85:28:30:1f:fa:94:a9:
- 43:cd:98:6e:7b:80:68:bc:08:cc:35:1d:df:34:df:3d:58:52:
- c3:5d:55:65:b6:be:ef:a2:78:a0:3c:41:c8:af:9f:74:e6:d8:
- 0a:d3
------BEGIN CERTIFICATE-----
-MIIDKzCCApSgAwIBAgIJAKyks2v1tF/JMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEChMGQXBhY2hlMRkwFwYDVQQLExBB
-cGFjaGUgSW5jdWJhdG9yMQ8wDQYDVQQDEwZOZXcgQ0EwHhcNMTcxMjIwMDIyMjU0
-WhcNMTgxMjIwMDIyMjU0WjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExDzAN
-BgNVBAoTBkFwYWNoZTEZMBcGA1UECxMQQXBhY2hlIEluY3ViYXRvcjEPMA0GA1UE
-AxMGQnJva2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqu9HWie
-H22Zio6Vjdy35ZUaQP+eXb445hkcOQ054+DNlkIJQZ/K8X9jb76lRhsHBgFDEe3p
-+aJBKimsENPfMEr1m125lyvUEIKSVefKseuUamPmKKN1DvJb/xrfCz4ta8jBSZgr
-wV+axh2UJn/rb36BwicjE5BPiQTdLI3eTPifM7ko7X46FPpv0MxQXnVAOeJXRq+3
-Z4/JV/KFsFRZAnbIkiyvGT4J2F+k0JynNXfJqpBQhiqaPI87UKUBiLnT600jJPJY
-ZRwDegosIDC2Ro2xZRwWDL+9h98c5kbI909g/aGRyeT/IefoZXC6n9ZEBydFHWnn
-1nLY0D7fLmGeTQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P
-cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUHMb32wbBHRx8
-nmSv5UdHgABsyCYwHwYDVR0jBBgwFoAU5RXCHefuKDz6tj5Y+wthUm6wgVswDQYJ
-KoZIhvcNAQEFBQADgYEAf7T41pzqARt0Ganu6oNmEd+QxfDmvAW9tIpk1gj9ddou
-9fkg4GKLuLe9w5IPo2HHeGpo6nQgjqi3DyjRVIpVrziMp2R5HJX2uPNIDhQreHX/
-lnCFKDAf+pSpQ82YbnuAaLwIzDUd3zTfPVhSw11VZba+76J4oDxByK+fdObYCtM=
------END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-key.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-key.pem
deleted file mode 100644
index 8e47938b8..000000000
---
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC6q70daJ4fbZmK
-jpWN3LfllRpA/55dvjjmGRw5DTnj4M2WQglBn8rxf2NvvqVGGwcGAUMR7en5okEq
-KawQ098wSvWbXbmXK9QQgpJV58qx65RqY+Yoo3UO8lv/Gt8LPi1ryMFJmCvBX5rG
-HZQmf+tvfoHCJyMTkE+JBN0sjd5M+J8zuSjtfjoU+m/QzFBedUA54ldGr7dnj8lX
-8oWwVFkCdsiSLK8ZPgnYX6TQnKc1d8mqkFCGKpo8jztQpQGIudPrTSMk8lhlHAN6
-CiwgMLZGjbFlHBYMv72H3xzmRsj3T2D9oZHJ5P8h5+hlcLqf1kQHJ0UdaefWctjQ
-Pt8uYZ5NAgMBAAECggEBAIY3Tx1jCDYOppQiGtPKPAr9XsgXQrWiPOTsbwdyRApd
-q1P7HQ6rJs7mygcha1HxwuYFaETu7AkKKZJ4LfhXbiUZ8GgKRpOz9qD8UN0lcO7m
-NGsecvELPfJGPfE5T9+UkDHsQVV57RP3eqAxykC4Pv6GViPT4fuCCj25WpFbW9e4
-uuKFF3yVY3uJofPQGwLZ2b9WwujqgSyaozyKlTM4nPXwEEz56wPVuAsNfmTEtIb3
-N0d0uQpM69irH3sAO7nVDo6e/eP3Emq4kUDvhS04BafG+T7T9g0C74EGoJX5wrrk
-LzuEAkO84n6ESF6r+FI1XH4yskau3Jab8/x8f9sVj+ECgYEA9II7MZ2PSq2pHTsY
-1ZxZx3MKe/yiTMGkHhtQY6HKzzQXgEozK/uPTvMt7lKnBsseUydEXygMcgPXracF
-rFdiAQpD8Dq2jrmjtFcPk40DtLjdUUD4I2stTKprTfTrhx5X/JIX8iBflMTFWBYp
-ALM9qP0u3KZwVCGxEsGz5yaxtZkCgYEAw3Gj5eKw2pzRyNEdNsye3eQxp4QneM+X
-YozWzNrbGEdmJ1CHuMWXPTxAkxtMhH95QonySEP4R1fNxHJNMKPu7h2TiZiLvC/J
-UtE+SdETiEGF14SEfr/LflreTJnHCmK/pp19t1Q1cAn3FHws2D5qiA8eoBmnko6k
-irYydJn5dtUCgYBVOzRhJjg14vVJgDk29QqCsQJdmAIHWZTY/dJ2+IYW1mS+zp6p
-3UXmUnSXV+5rOtC2UcDOnso/0EEVglxC6C78h9SI4B6U//clvRdr6sL481wKn+gf
-iJPA3sMK6K5VamlnXJHGUCyhUjosa4Udfl2nE6KLPeV4Hkp4bFdG40EdOQKBgQCQ
-Y4dDUbt4dnyh0KO1lWwU3/4zFPYYUb00iHo0c8eDY1Q73Um3nvqBud63D2bzSD2s
-g78j1ls5Ucvpwsv2EFZ3QhB6ieFKET+52G4dGMJGWqnns7Yy8b0Dx1wN2Vnr+VI/
-ZIC5DRRBhossbiSvSUVo6Uql2u4q3wj+lWYnMI3VVQKBgQDs+sHMotTK976HKaRh
-sDepJnZwdnma1QBzsAXkZ0EJPqYCIFmbKGeXn/z2Fr62oGqe9suzuGLBYm4ukwoD
-xI8lDzxOoElFNaAHl6nIcFcj6I98idkU05NvV59aeLJngejJv3WmI2GH7jNK8dNs
-ELazMuTsmf+MdG/Q9C/kiHDvng==
------END PRIVATE KEY-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem
deleted file mode 100644
index c77dd6cd7..000000000
---
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem
+++ /dev/null
@@ -1,62 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- ac:a4:b3:6b:f5:b4:5f:c8
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=New CA
- Validity
- Not Before: Dec 20 02:21:42 2017 GMT
- Not After : Dec 19 02:21:42 2020 GMT
- Subject: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=New CA
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:99:c1:1e:58:35:af:c1:38:38:45:8c:8c:f4:d9:
- 6d:cc:ff:37:31:f9:ba:76:fa:fb:56:41:04:da:d2:
- a1:ea:a8:ca:6d:3b:b2:bf:4c:e7:55:ab:1c:a1:7e:
- d4:ec:54:d8:92:c6:f9:1f:e8:e8:d2:27:fa:4e:bb:
- e6:b2:21:59:bd:19:63:9f:4b:a1:3d:c0:25:d3:70:
- a4:9c:96:33:c6:53:c4:40:c1:de:a5:75:40:f7:db:
- 51:f4:f6:19:9a:8d:a8:fa:0c:4b:fe:1f:11:70:23:
- 31:76:c2:6c:41:6b:aa:c6:71:22:58:7b:4f:d8:2b:
- 46:d6:e0:84:4d:57:e0:9c:09
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- E5:15:C2:1D:E7:EE:28:3C:FA:B6:3E:58:FB:0B:61:52:6E:B0:81:5B
- X509v3 Authority Key Identifier:
-
keyid:E5:15:C2:1D:E7:EE:28:3C:FA:B6:3E:58:FB:0B:61:52:6E:B0:81:5B
- DirName:/C=US/ST=CA/O=Apache/OU=Apache Incubator/CN=New CA
- serial:AC:A4:B3:6B:F5:B4:5F:C8
-
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 7c:15:8d:92:14:c2:cf:b6:72:17:ba:ba:e0:7c:48:a0:fb:02:
- 86:b1:50:90:d0:b2:dd:40:9f:b5:e1:9e:ab:4a:bc:6c:f1:3e:
- c3:7f:b5:b6:18:ab:f7:f0:a2:35:c6:5b:d7:2d:84:e1:d9:3d:
- 8c:88:c2:1c:44:61:a8:14:ab:b1:00:b4:00:a5:2d:66:43:86:
- 53:a2:d6:4a:73:96:b3:4f:63:b5:8d:8d:7f:e4:ff:82:37:81:
- 63:00:0e:d1:ef:59:0c:7c:2b:79:24:97:06:60:cd:a1:b3:37:
- 94:68:3d:6c:27:ee:8e:87:88:c1:21:0a:d5:04:66:11:06:11:
- 69:92
------BEGIN CERTIFICATE-----
-MIIC6DCCAlGgAwIBAgIJAKyks2v1tF/IMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEChMGQXBhY2hlMRkwFwYDVQQLExBB
-cGFjaGUgSW5jdWJhdG9yMQ8wDQYDVQQDEwZOZXcgQ0EwHhcNMTcxMjIwMDIyMTQy
-WhcNMjAxMjE5MDIyMTQyWjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExDzAN
-BgNVBAoTBkFwYWNoZTEZMBcGA1UECxMQQXBhY2hlIEluY3ViYXRvcjEPMA0GA1UE
-AxMGTmV3IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZwR5YNa/BODhF
-jIz02W3M/zcx+bp2+vtWQQTa0qHqqMptO7K/TOdVqxyhftTsVNiSxvkf6OjSJ/pO
-u+ayIVm9GWOfS6E9wCXTcKScljPGU8RAwd6ldUD321H09hmajaj6DEv+HxFwIzF2
-wmxBa6rGcSJYe0/YK0bW4IRNV+CcCQIDAQABo4G7MIG4MB0GA1UdDgQWBBTlFcId
-5+4oPPq2Plj7C2FSbrCBWzCBiAYDVR0jBIGAMH6AFOUVwh3n7ig8+rY+WPsLYVJu
-sIFboVukWTBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExDzANBgNVBAoTBkFw
-YWNoZTEZMBcGA1UECxMQQXBhY2hlIEluY3ViYXRvcjEPMA0GA1UEAxMGTmV3IENB
-ggkArKSza/W0X8gwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQB8FY2S
-FMLPtnIXurrgfEig+wKGsVCQ0LLdQJ+14Z6rSrxs8T7Df7W2GKv38KI1xlvXLYTh
-2T2MiMIcRGGoFKuxALQApS1mQ4ZTotZKc5azT2O1jY1/5P+CN4FjAA7R71kMfCt5
-JJcGYM2hszeUaD1sJ+6Oh4jBIQrVBGYRBhFpkg==
------END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-cert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-cert.pem
deleted file mode 100644
index 741e10afa..000000000
---
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-cert.pem
+++ /dev/null
@@ -1,72 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- ac:a4:b3:6b:f5:b4:5f:ca
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=New CA
- Validity
- Not Before: Dec 20 02:36:47 2017 GMT
- Not After : Dec 20 02:36:47 2018 GMT
- Subject: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=Client
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:fd:b6:bb:bc:a3:54:2b:06:b3:8e:68:31:e1:f3:
- 3a:c6:3d:98:83:db:f8:fc:58:c6:35:47:4c:58:c1:
- 40:81:71:8e:25:2c:6f:14:a0:5f:f2:85:97:fa:e5:
- d1:a6:65:26:3f:4b:52:f1:4a:11:1b:f6:af:22:fb:
- 24:74:d7:d3:bd:c3:11:dc:7f:1e:49:96:19:4a:f5:
- 9c:b3:4c:85:5d:33:57:08:43:04:3d:b0:69:1a:15:
- b3:08:c7:0d:68:09:02:09:37:90:1b:fa:51:e1:c9:
- 6d:58:e3:d0:4e:e9:f9:a5:b5:4c:1a:5d:98:62:a2:
- d6:cd:a2:89:dc:91:52:c7:f5:19:53:97:5f:58:86:
- 6b:5e:48:6c:81:8d:2f:5c:0e:38:96:d2:b7:f7:47:
- 21:2e:54:2a:51:32:92:0d:f3:c3:94:f5:59:98:2c:
- 11:1a:88:ad:ee:16:5c:72:6b:31:e3:bf:ca:9e:38:
- 4b:49:d2:87:e1:44:69:ef:ba:4d:b9:1d:4b:3f:e0:
- c1:af:c5:04:6f:5f:2d:6e:d9:12:ac:bb:f1:f8:7f:
- fc:bd:3a:6a:99:e6:45:f9:91:98:c9:d1:b1:f0:d5:
- 6a:e1:fd:c0:6e:e2:8e:ab:0c:03:87:ad:9c:26:9a:
- 8e:93:4c:82:ec:de:25:49:14:91:ce:80:9f:22:17:
- aa:cf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- B2:8F:75:E3:D7:7A:4C:62:B8:5C:04:66:A0:56:14:16:AF:82:43:5A
- X509v3 Authority Key Identifier:
-
keyid:E5:15:C2:1D:E7:EE:28:3C:FA:B6:3E:58:FB:0B:61:52:6E:B0:81:5B
-
- Signature Algorithm: sha1WithRSAEncryption
- 5f:e0:ec:f3:b4:bb:08:a6:15:85:f2:7d:c4:50:c4:87:e5:af:
- 1a:38:11:98:b1:a1:d6:47:85:f6:c6:80:cc:b3:2b:f6:27:8e:
- 24:1b:66:98:48:e7:d0:dd:cd:37:ea:a2:ad:cf:d8:a7:17:39:
- 59:be:72:a1:2a:24:f5:d6:23:14:b9:42:b4:2f:b1:cd:15:98:
- d9:1a:8a:55:3c:f2:78:be:b4:ba:6b:79:3d:29:e8:54:4b:d8:
- 0f:1b:bd:69:ef:d2:ca:5c:0f:da:b4:b6:b8:cc:7f:b7:51:3c:
- fc:3a:dd:6d:9c:3c:9e:71:ad:59:72:84:ac:01:6e:c5:66:8b:
- b0:70
------BEGIN CERTIFICATE-----
-MIIDKzCCApSgAwIBAgIJAKyks2v1tF/KMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEChMGQXBhY2hlMRkwFwYDVQQLExBB
-cGFjaGUgSW5jdWJhdG9yMQ8wDQYDVQQDEwZOZXcgQ0EwHhcNMTcxMjIwMDIzNjQ3
-WhcNMTgxMjIwMDIzNjQ3WjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExDzAN
-BgNVBAoTBkFwYWNoZTEZMBcGA1UECxMQQXBhY2hlIEluY3ViYXRvcjEPMA0GA1UE
-AxMGQ2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/ba7vKNU
-Kwazjmgx4fM6xj2Yg9v4/FjGNUdMWMFAgXGOJSxvFKBf8oWX+uXRpmUmP0tS8UoR
-G/avIvskdNfTvcMR3H8eSZYZSvWcs0yFXTNXCEMEPbBpGhWzCMcNaAkCCTeQG/pR
-4cltWOPQTun5pbVMGl2YYqLWzaKJ3JFSx/UZU5dfWIZrXkhsgY0vXA44ltK390ch
-LlQqUTKSDfPDlPVZmCwRGoit7hZccmsx47/KnjhLSdKH4URp77pNuR1LP+DBr8UE
-b18tbtkSrLvx+H/8vTpqmeZF+ZGYydGx8NVq4f3AbuKOqwwDh62cJpqOk0yC7N4l
-SRSRzoCfIheqzwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P
-cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUso9149d6TGK4
-XARmoFYUFq+CQ1owHwYDVR0jBBgwFoAU5RXCHefuKDz6tj5Y+wthUm6wgVswDQYJ
-KoZIhvcNAQEFBQADgYEAX+Ds87S7CKYVhfJ9xFDEh+WvGjgRmLGh1keF9saAzLMr
-9ieOJBtmmEjn0N3NN+qirc/Ypxc5Wb5yoSok9dYjFLlCtC+xzRWY2RqKVTzyeL60
-umt5PSnoVEvYDxu9ae/SylwP2rS2uMx/t1E8/DrdbZw8nnGtWXKErAFuxWaLsHA=
------END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-key.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-key.pem
deleted file mode 100644
index 81d00f9ce..000000000
---
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD9tru8o1QrBrOO
-aDHh8zrGPZiD2/j8WMY1R0xYwUCBcY4lLG8UoF/yhZf65dGmZSY/S1LxShEb9q8i
-+yR019O9wxHcfx5JlhlK9ZyzTIVdM1cIQwQ9sGkaFbMIxw1oCQIJN5Ab+lHhyW1Y
-49BO6fmltUwaXZhiotbNoonckVLH9RlTl19YhmteSGyBjS9cDjiW0rf3RyEuVCpR
-MpIN88OU9VmYLBEaiK3uFlxyazHjv8qeOEtJ0ofhRGnvuk25HUs/4MGvxQRvXy1u
-2RKsu/H4f/y9OmqZ5kX5kZjJ0bHw1Wrh/cBu4o6rDAOHrZwmmo6TTILs3iVJFJHO
-gJ8iF6rPAgMBAAECggEAEJmkLvOAzk/h769hlCcV8WKWWApMgDZOwa2okSYT0mRb
-qJL/sZnMrVGQYBopXXnAxuNmyeLOu8WoL+G+wOZeNExPHt4yXR41CXKIjjKzhyWU
-zDWWUXL5bXt9+1UKy4PLXk8EXtBCC0Pio65EMuWcL/tsv0zga5O7+jhoTMY1ZF/D
-rsddf2mIncyEdhwAKLREmFv31lY1k+Jd+5eyXHIJEnK8lMXTcORNsb0YtlS5sRTU
-4llwQlBXjV06zIVRFxsRcPrgRYH0Hfg3hSIm3epNE+pbj0tcN0CfQFfrKJ9G2cDS
-jXimjvGsPKQ1PRMAcg93qZB3VtI+ag9bZt29cru0AQKBgQD/xzXZP5hKoqOy+8qH
-HyPvyM0QCpQ6KwHzgf5ATybPIPlyWQmT2eeR3ez4qskowNvc4Fc/q10Ao+q6jC3E
-721Wz6+iCb7Qus37KnEqVW7mWDLsDT5q7vIyRR22wWhrTpu0uZmxd9XxYRU6KUe1
-FMkI5VijJ27NoYtO+gLn9u6J6QKBgQD97xCNVaUNMNRZ1+HOKoBqcGBj91KrL74K
-/avYL0EprYwzN1lm4ZmNX8GaBeAftwnIDyxaM3Apw8BcqFFz/IslY/5sCyUmVjgI
-ZULkhCBy5ZamFNMxLvaN6njtdpgdBRxR9gzke1V/xxJgN7J39h9FI+pElwMW6314
-6AFHYQ/j9wKBgQCNwfjEOQzMgKs9bXNnxAiEwsN0GojgXCmureMd/UBDF8FocJRw
-Txqaq2bEwtLONWUlW2i/rtfSnQZg8YQEW7Y7oMt0gPYydPXoODOUBNl77HH8hbKM
-TXYKCmhXe4XFw0FkvmDCDOqT5vx+yZYmdCifN40Sj65HZTryQHoP2bmG0QKBgG/U
-ntd/hka+4GYIuvsOoKs/flPIEfIt/mXcvZdhiDMQqRPNJmQ2qmcmap6oQ8Hz3Czs
-8b1vtc/O06J6xhRsfeMjnGJ8rgmqItcfsUvuHFQ9ZBEUTsX0RsTNJCCAABGXtJcr
-4xWkc0zooOEa5lAKZk8OuBco4kVvxDxBAH8s8dCVAoGAeEZICuDGR8cOV64Eyx2X
-Ej1PQJrleMmzCwth7UhREGUgEVglhMeoBxmWCukYxpkVBY0DUy6OWH5lpTfCerFZ
-ho1AHMt9DsfUWo4hApMXEMyCZTOJwg9M4vQ1UTbFtr0mt0jnVWTUm3mVxmJnfrtz
-/DgLrvcJd7QCGAYICMNxrDs=
------END PRIVATE KEY-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-cert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-cert.pem
deleted file mode 100644
index 8b524c82e..000000000
---
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-cert.pem
+++ /dev/null
@@ -1,72 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- ac:a4:b3:6b:f5:b4:5f:cb
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=New CA
- Validity
- Not Before: Dec 20 02:45:24 2017 GMT
- Not After : Dec 20 02:45:24 2018 GMT
- Subject: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=Proxy
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:e1:e1:06:cc:f5:98:38:88:33:e0:f7:0a:5d:8e:
- a8:89:ae:8f:cd:c7:77:62:17:c2:a1:d8:fc:fc:d0:
- d0:86:f1:c8:3c:78:ec:b8:e9:73:1c:d1:72:55:97:
- c6:47:5a:4c:33:18:32:a1:9c:e1:84:2e:de:40:2f:
- a7:16:ed:a0:44:d6:4c:2c:04:ef:21:11:0b:6b:cb:
- 36:8d:eb:5a:3d:a1:b6:9b:b5:23:be:bd:66:23:26:
- c9:82:62:44:51:f8:3a:94:07:6c:52:84:2c:d0:d9:
- 24:8b:0a:f5:1b:c8:31:a2:29:4c:bc:b7:bf:96:e1:
- 56:78:d2:75:08:c9:cb:0d:1a:1d:93:2d:bf:bf:86:
- 10:06:d7:5c:b8:e6:99:05:89:6f:ad:3b:a6:37:45:
- 15:3a:63:8b:d1:d6:0d:e4:d0:c6:06:c6:63:13:21:
- 92:65:c1:1a:ae:1a:72:97:cf:86:ed:6f:a1:77:d8:
- 18:67:f2:27:36:1f:ff:40:6e:57:97:90:5a:28:04:
- a4:a8:54:cf:a8:87:36:af:26:49:a6:4e:2d:d4:be:
- e6:17:e2:1a:da:c4:08:87:fd:3f:fe:7b:d8:1e:f2:
- 66:0f:34:1a:02:5d:39:ec:66:3d:46:bc:37:ce:84:
- a2:51:0b:c8:72:f5:7c:5a:b8:1a:1b:0a:5d:2b:e9:
- 56:4f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 3F:A7:4A:6A:B1:6A:E1:51:8D:56:19:A2:2D:6A:A8:49:07:D6:87:8A
- X509v3 Authority Key Identifier:
-
keyid:E5:15:C2:1D:E7:EE:28:3C:FA:B6:3E:58:FB:0B:61:52:6E:B0:81:5B
-
- Signature Algorithm: sha1WithRSAEncryption
- 98:89:57:fd:96:0e:78:06:ce:9f:83:48:28:c9:34:a4:32:93:
- d2:65:fb:2f:a9:39:51:ff:7a:89:57:26:6a:59:0d:81:09:20:
- 75:ae:c6:aa:f6:8c:d4:d2:7f:f0:78:88:df:74:90:28:11:15:
- 77:d3:60:3d:2d:d2:ef:34:1b:03:59:9f:23:1c:21:64:e5:b8:
- a1:99:c3:08:82:31:3d:58:01:23:52:b8:96:c8:d5:42:b3:3b:
- 50:43:cc:7d:43:08:1d:c4:46:06:7f:c3:7f:3e:6d:01:f2:25:
- 91:4b:70:fd:0f:e3:25:a6:d4:d8:c9:f6:35:65:00:87:c7:03:
- c2:d7
------BEGIN CERTIFICATE-----
-MIIDKjCCApOgAwIBAgIJAKyks2v1tF/LMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEChMGQXBhY2hlMRkwFwYDVQQLExBB
-cGFjaGUgSW5jdWJhdG9yMQ8wDQYDVQQDEwZOZXcgQ0EwHhcNMTcxMjIwMDI0NTI0
-WhcNMTgxMjIwMDI0NTI0WjBWMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExDzAN
-BgNVBAoTBkFwYWNoZTEZMBcGA1UECxMQQXBhY2hlIEluY3ViYXRvcjEOMAwGA1UE
-AxMFUHJveHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDh4QbM9Zg4
-iDPg9wpdjqiJro/Nx3diF8Kh2Pz80NCG8cg8eOy46XMc0XJVl8ZHWkwzGDKhnOGE
-Lt5AL6cW7aBE1kwsBO8hEQtryzaN61o9obabtSO+vWYjJsmCYkRR+DqUB2xShCzQ
-2SSLCvUbyDGiKUy8t7+W4VZ40nUIycsNGh2TLb+/hhAG11y45pkFiW+tO6Y3RRU6
-Y4vR1g3k0MYGxmMTIZJlwRquGnKXz4btb6F32Bhn8ic2H/9AbleXkFooBKSoVM+o
-hzavJkmmTi3UvuYX4hraxAiH/T/+e9ge8mYPNBoCXTnsZj1GvDfOhKJRC8hy9Xxa
-uBobCl0r6VZPAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9w
-ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQ/p0pqsWrhUY1W
-GaItaqhJB9aHijAfBgNVHSMEGDAWgBTlFcId5+4oPPq2Plj7C2FSbrCBWzANBgkq
-hkiG9w0BAQUFAAOBgQCYiVf9lg54Bs6fg0goyTSkMpPSZfsvqTlR/3qJVyZqWQ2B
-CSB1rsaq9ozU0n/weIjfdJAoERV302A9LdLvNBsDWZ8jHCFk5bihmcMIgjE9WAEj
-UriWyNVCsztQQ8x9QwgdxEYGf8N/Pm0B8iWRS3D9D+MlptTYyfY1ZQCHxwPC1w==
------END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-key.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-key.pem
deleted file mode 100644
index 9856807af..000000000
---
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDh4QbM9Zg4iDPg
-9wpdjqiJro/Nx3diF8Kh2Pz80NCG8cg8eOy46XMc0XJVl8ZHWkwzGDKhnOGELt5A
-L6cW7aBE1kwsBO8hEQtryzaN61o9obabtSO+vWYjJsmCYkRR+DqUB2xShCzQ2SSL
-CvUbyDGiKUy8t7+W4VZ40nUIycsNGh2TLb+/hhAG11y45pkFiW+tO6Y3RRU6Y4vR
-1g3k0MYGxmMTIZJlwRquGnKXz4btb6F32Bhn8ic2H/9AbleXkFooBKSoVM+ohzav
-JkmmTi3UvuYX4hraxAiH/T/+e9ge8mYPNBoCXTnsZj1GvDfOhKJRC8hy9XxauBob
-Cl0r6VZPAgMBAAECggEBAIXa6UHKhKNzq3K0UxMwOBYnORbUDp41wGRTB1D2maxu
-WZ/kdTv7M/ku8VdhsuGT1DYvL8nwAwBnGdPlqVoABYrlh4xKfD8XL7J4YWLmxrph
-O6q4RG+DI6TPFnlKrHv64xPX9kxMAZbeJzayjqAhGbCkUtI+/a126dx9s1c65jZj
-VyEDrfogOi3CUVHnTxZ3Yayy0gqldPAYdtt9p5YYyTxJYmuKqHBTh7FToX3RhyT0
-pZ4+IE7YV4HiBev2K8K6c4E2/UOZtkENCLy7DAQuQgokHYk0YeoG+tYfnBcIFkVD
-169Z766il027ILS8F7HMoBPQVYdf24YUgfQC3k8h8HECgYEA/VGEr3vFwxCUHtOK
-SKXCpFWpK0KvcYBQvgzLuKkTNbTWnezUwAugq+Ybao/hqsF5jEd9U8Iv35myHI8j
-EHHF9J8/zb1EcIZgTAPO4Uvc2rYxwt/c0kwy7F/FovVKg5yEscJ35iXQWFO5Yxyu
-rYU8yNVPBqXGCeUS1jJbryg1JZcCgYEA5EUmDfPHp6gWx9MmeuDqxvb2L/WHyxGb
-ojSsV5GFlCLa3QMKc1H/1+6lxLbMiGvtk2S1B9YeGWAvRB+10GSgn7AhiObxv20C
-8oqRtLPxO/eCCGOBnUiGTqKibFNyTVJ/+FgWpywQSUY8tk58fPBZvydE6XV0Wa6T
-1INerLxVnAkCgYAxkXn9PKL+AIh7X7l3bbggoAJyTKI3+3vRNH/IqozvvWshi+41
-hhDykhxbRbxKxYEbSgHkGeN0RYbsv7WEyj6KF39MqvRxcFn3hec9frLAuVYTY+q5
-2987EaKCuKzUBBSTFBKSHmQeZIOqOTqVCbVTNyo3isittv1wnHoEVEHSEQKBgQCM
-oQkjuVb8M/Ls4mmndB9Pul/LBhHFijB+isLOJAnOTHbXiAMNLqxWpGCdwxxYw10W
-3AknLcNXUMltx7dkDkpidskCJX0zuH4DXFkNoXnxvrbuYhc9Bawwj8NOx0340uWh
-4ur5zIywB8RpcAsDkbNIr3Gl/kVS5tmOJ+zQsCpxuQKBgQCKV6CDtKgGLgWvERUE
-Dei9pUx2uXtvThZomqoZqr+hZE3YmvtHZcLMK8sXJWDdkYVQ4bwDkmrSSkk5F9Nh
-PClfyOObFbOXLD0TrJZSJd/zrnmnWk8u4eE5XSwAQ+0XiO4LgQHDOutXpvW9ZVvT
-om8NGk5mEUz39XN0tuWzcN2FIQ==
------END PRIVATE KEY-----
diff --git
a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/WebSocketService.java
b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/WebSocketService.java
index d5a2c84fb..d7a349d7a 100644
---
a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/WebSocketService.java
+++
b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/WebSocketService.java
@@ -180,7 +180,7 @@ private PulsarClient createClientInstance(ClusterData
clusterData) throws IOExce
clientConf.setStatsInterval(0, TimeUnit.SECONDS);
clientConf.setUseTls(config.isTlsEnabled());
clientConf.setTlsAllowInsecureConnection(config.isTlsAllowInsecureConnection());
- clientConf.setTlsTrustCertsFilePath(config.getTlsTrustCertsFilePath());
+
clientConf.setTlsTrustCertsFilePath(config.getBrokerClientTrustCertsFilePath());
clientConf.setIoThreads(config.getWebSocketNumIoThreads());
clientConf.setConnectionsPerBroker(config.getWebSocketConnectionsPerBroker());
diff --git
a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/ProxyServer.java
b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/ProxyServer.java
index ff1bfe5eb..ed597ea89 100644
---
a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/ProxyServer.java
+++
b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/ProxyServer.java
@@ -95,7 +95,6 @@ public ProxyServer(WebSocketProxyConfiguration config)
ServerConnector tlsConnector = new ServerConnector(server, -1, -1,
sslCtxFactory);
tlsConnector.setPort(config.getWebServicePortTls());
connectors.add(tlsConnector);
-
}
// Limit number of concurrent HTTP connections to avoid getting out of
diff --git
a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/WebSocketProxyConfiguration.java
b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/WebSocketProxyConfiguration.java
index 5cea3df73..8bc3804e5 100644
---
a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/WebSocketProxyConfiguration.java
+++
b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/WebSocketProxyConfiguration.java
@@ -39,7 +39,7 @@
// Name of the cluster to which this broker belongs to
@FieldContext(required = true)
private String clusterName;
-
+
// Pulsar cluster url to connect to broker (optional if
globalZookeeperServers present)
private String serviceUrl;
private String serviceUrlTls;
@@ -67,7 +67,6 @@
// Authorization provider fully qualified class-name
private String authorizationProvider =
PulsarAuthorizationProvider.class.getName();
-
// Role names that are treated as "super-user", meaning they will be able
to
// do all admin operations and publish/consume from all topics
private Set<String> superUserRoles = Sets.newTreeSet();
@@ -80,6 +79,8 @@
// Authentication settings of the proxy itself. Used to connect to brokers
private String brokerClientAuthenticationPlugin;
private String brokerClientAuthenticationParameters;
+ // Path for the trusted TLS certificate file for outgoing connection to a
server (broker)
+ private String brokerClientTrustCertsFilePath = "";
// Number of IO threads in Pulsar Client used in WebSocket proxy
private int numIoThreads = Runtime.getRuntime().availableProcessors();
@@ -100,7 +101,7 @@
private String tlsTrustCertsFilePath = "";
// Accept untrusted TLS certificate from client
private boolean tlsAllowInsecureConnection = false;
-
+
private Properties properties = new Properties();
public String getClusterName() {
@@ -110,7 +111,7 @@ public String getClusterName() {
public void setClusterName(String clusterName) {
this.clusterName = clusterName;
}
-
+
public String getServiceUrl() {
return serviceUrl;
}
@@ -214,7 +215,7 @@ public String getAuthorizationProvider() {
public void setAuthorizationProvider(String authorizationProvider) {
this.authorizationProvider = authorizationProvider;
}
-
+
public boolean getAuthorizationAllowWildcardsMatching() {
return authorizationAllowWildcardsMatching;
}
@@ -239,6 +240,14 @@ public void setBrokerClientAuthenticationPlugin(String
brokerClientAuthenticatio
this.brokerClientAuthenticationPlugin =
brokerClientAuthenticationPlugin;
}
+ public String getBrokerClientTrustCertsFilePath() {
+ return brokerClientTrustCertsFilePath;
+ }
+
+ public void setBrokerClientTrustCertsFilePath(String
brokerClientTrustCertsFilePath) {
+ this.brokerClientTrustCertsFilePath = brokerClientTrustCertsFilePath;
+ }
+
public String getBrokerClientAuthenticationParameters() {
return brokerClientAuthenticationParameters;
}
@@ -247,13 +256,21 @@ public void
setBrokerClientAuthenticationParameters(String brokerClientAuthentic
this.brokerClientAuthenticationParameters =
brokerClientAuthenticationParameters;
}
- public int getNumIoThreads() { return numIoThreads; }
+ public int getNumIoThreads() {
+ return numIoThreads;
+ }
- public void setNumIoThreads(int numIoThreads) { this.numIoThreads =
numIoThreads; }
+ public void setNumIoThreads(int numIoThreads) {
+ this.numIoThreads = numIoThreads;
+ }
- public int getConnectionsPerBroker() { return connectionsPerBroker; }
+ public int getConnectionsPerBroker() {
+ return connectionsPerBroker;
+ }
- public void setConnectionsPerBroker(int connectionsPerBroker) {
this.connectionsPerBroker = connectionsPerBroker; }
+ public void setConnectionsPerBroker(int connectionsPerBroker) {
+ this.connectionsPerBroker = connectionsPerBroker;
+ }
public String getAnonymousUserRole() {
return anonymousUserRole;
@@ -302,7 +319,7 @@ public boolean isTlsAllowInsecureConnection() {
public void setTlsAllowInsecureConnection(boolean
tlsAllowInsecureConnection) {
this.tlsAllowInsecureConnection = tlsAllowInsecureConnection;
}
-
+
public Properties getProperties() {
return properties;
}
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
