This is an automated email from the ASF dual-hosted git repository.
mmerli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new c351026 Separating configuration for client and server trust store
(#1246)
c351026 is described below
commit c351026076e0320336c9e1fb0c5c888ed47f7874
Author: Jai Asher <j...@ccs.neu.edu>
AuthorDate: Fri Feb 23 11:01:25 2018 -0800
Separating configuration for client and server trust store (#1246)
* Use brokerClientTlsTrustCertsFilePath to configure the trust file path
for outgoing connection to a broker
* Separating configuration for client and server trust store
* Addressed Matteo's PR Comments
---
conf/broker.conf | 1 +
conf/proxy.conf | 1 +
conf/websocket.conf | 1 +
.../apache/pulsar/broker/ServiceConfiguration.java | 12 +++-
.../pulsar/broker/service/BrokerService.java | 2 +-
.../proxy/ProxyPublishConsumeTlsTest.java | 1 +
.../pulsar/proxy/server/DirectProxyHandler.java | 4 +-
.../pulsar/proxy/server/ProxyConfiguration.java | 31 ++++++----
.../apache/pulsar/proxy/server/ProxyService.java | 2 +-
.../ProxyAuthenticatedProducerConsumerTest.java | 5 +-
...est.java => ProxyWithAuthorizationNegTest.java} | 40 ++++++------
...onTest.java => ProxyWithAuthorizationTest.java} | 46 +++++++-------
.../server/ProxyWithoutServiceDiscoveryTest.java | 2 +
.../ProxyWithAuthorizationTest/broker-cacert.pem | 62 +++++++++++++++++++
.../tls/ProxyWithAuthorizationTest/broker-cert.pem | 72 ++++++++++++++++++++++
.../tls/ProxyWithAuthorizationTest/broker-key.pem | 28 +++++++++
.../ProxyWithAuthorizationTest/client-cacert.pem | 62 +++++++++++++++++++
.../tls/ProxyWithAuthorizationTest/client-cert.pem | 72 ++++++++++++++++++++++
.../tls/ProxyWithAuthorizationTest/client-key.pem | 28 +++++++++
.../ProxyWithAuthorizationTest/proxy-cacert.pem | 62 +++++++++++++++++++
.../tls/ProxyWithAuthorizationTest/proxy-cert.pem | 72 ++++++++++++++++++++++
.../tls/ProxyWithAuthorizationTest/proxy-key.pem | 28 +++++++++
.../broker-cert.pem | 72 ----------------------
.../ProxyWithProxyAuthorizationTest/broker-key.pem | 28 ---------
.../tls/ProxyWithProxyAuthorizationTest/cacert.pem | 62 -------------------
.../client-cert.pem | 72 ----------------------
.../ProxyWithProxyAuthorizationTest/client-key.pem | 28 ---------
.../ProxyWithProxyAuthorizationTest/proxy-cert.pem | 72 ----------------------
.../ProxyWithProxyAuthorizationTest/proxy-key.pem | 28 ---------
.../apache/pulsar/websocket/WebSocketService.java | 2 +-
.../pulsar/websocket/service/ProxyServer.java | 1 -
.../service/WebSocketProxyConfiguration.java | 37 ++++++++---
32 files changed, 602 insertions(+), 434 deletions(-)
diff --git a/conf/broker.conf b/conf/broker.conf
index 4756bcc..93489e5 100644
--- a/conf/broker.conf
+++ b/conf/broker.conf
@@ -234,6 +234,7 @@ superUserRoles=
# either in same or other clusters
brokerClientAuthenticationPlugin=
brokerClientAuthenticationParameters=
+brokerClientTrustCertsFilePath=
# Supported Athenz provider domain names(comma separated) for authentication
athenzDomainNames=
diff --git a/conf/proxy.conf b/conf/proxy.conf
index 0939452..384cca0 100644
--- a/conf/proxy.conf
+++ b/conf/proxy.conf
@@ -59,6 +59,7 @@
authorizationProvider=org.apache.pulsar.broker.authorization.PulsarAuthorization
# Authentication settings of the proxy itself. Used to connect to brokers
brokerClientAuthenticationPlugin=
brokerClientAuthenticationParameters=
+brokerClientTrustCertsFilePath=
# Role names that are treated as "super-user", meaning they will be able to do
all admin
# operations and publish/consume from all topics (comma-separated)
diff --git a/conf/websocket.conf b/conf/websocket.conf
index 399efed..0ceda62 100644
--- a/conf/websocket.conf
+++ b/conf/websocket.conf
@@ -78,6 +78,7 @@ superUserRoles=
# Authentication settings of the proxy itself. Used to connect to brokers
brokerClientAuthenticationPlugin=
brokerClientAuthenticationParameters=
+brokerClientTrustCertsFilePath=
# When this parameter is not empty, unauthenticated users perform as
anonymousUserRole
anonymousUserRole=
diff --git
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/ServiceConfiguration.java
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/ServiceConfiguration.java
index 4be2195..8aa2f82 100644
---
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/ServiceConfiguration.java
+++
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/ServiceConfiguration.java
@@ -234,7 +234,9 @@ public class ServiceConfiguration implements
PulsarConfiguration {
// to other brokers, either in same or other clusters. Default uses plugin
which disables authentication
private String brokerClientAuthenticationPlugin =
"org.apache.pulsar.client.impl.auth.AuthenticationDisabled";
private String brokerClientAuthenticationParameters = "";
-
+ // Path for the trusted TLS certificate file for outgoing connection to a
server (broker)
+ private String brokerClientTrustCertsFilePath = "";
+
// When this parameter is not empty, unauthenticated users perform as
anonymousUserRole
private String anonymousUserRole = null;
@@ -894,6 +896,14 @@ public class ServiceConfiguration implements
PulsarConfiguration {
this.brokerClientAuthenticationParameters =
brokerClientAuthenticationParameters;
}
+ public String getBrokerClientTrustCertsFilePath() {
+ return brokerClientTrustCertsFilePath;
+ }
+
+ public void setBrokerClientTrustCertsFilePath(String
brokerClientTrustCertsFilePath) {
+ this.brokerClientTrustCertsFilePath = brokerClientTrustCertsFilePath;
+ }
+
public String getAnonymousUserRole() {
return anonymousUserRole;
}
diff --git
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/BrokerService.java
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/BrokerService.java
index c12527d..0c8fa43 100644
---
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/BrokerService.java
+++
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/BrokerService.java
@@ -512,7 +512,7 @@ public class BrokerService implements Closeable,
ZooKeeperCacheListener<Policies
clusterUrl = isNotBlank(data.getBrokerServiceUrlTls()) ?
data.getBrokerServiceUrlTls()
: data.getServiceUrlTls();
configuration.setUseTls(true);
-
configuration.setTlsTrustCertsFilePath(pulsar.getConfiguration().getTlsTrustCertsFilePath());
+
configuration.setTlsTrustCertsFilePath(pulsar.getConfiguration().getBrokerClientTrustCertsFilePath());
configuration
.setTlsAllowInsecureConnection(pulsar.getConfiguration().isTlsAllowInsecureConnection());
} else {
diff --git
a/pulsar-broker/src/test/java/org/apache/pulsar/websocket/proxy/ProxyPublishConsumeTlsTest.java
b/pulsar-broker/src/test/java/org/apache/pulsar/websocket/proxy/ProxyPublishConsumeTlsTest.java
index fc1586b..ac79c8a 100644
---
a/pulsar-broker/src/test/java/org/apache/pulsar/websocket/proxy/ProxyPublishConsumeTlsTest.java
+++
b/pulsar-broker/src/test/java/org/apache/pulsar/websocket/proxy/ProxyPublishConsumeTlsTest.java
@@ -68,6 +68,7 @@ public class ProxyPublishConsumeTlsTest extends
TlsProducerConsumerBase {
config.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
config.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
config.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
+ config.setBrokerClientTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
config.setClusterName("use");
config.setGlobalZookeeperServers("dummy-zk-servers");
service = spy(new WebSocketService(config));
diff --git
a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/DirectProxyHandler.java
b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/DirectProxyHandler.java
index 55faf5c..92ff107 100644
---
a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/DirectProxyHandler.java
+++
b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/DirectProxyHandler.java
@@ -87,11 +87,11 @@ public class DirectProxyHandler {
AuthenticationDataProvider authData =
authentication.getAuthData();
if (authData.hasDataForTls()) {
sslCtx =
SecurityUtility.createNettySslContextForClient(config.isTlsAllowInsecureConnection(),
- config.getTlsTrustCertsFilePath(),
(X509Certificate[]) authData.getTlsCertificates(),
+ config.getBrokerClientTrustCertsFilePath(),
(X509Certificate[]) authData.getTlsCertificates(),
authData.getTlsPrivateKey());
} else {
sslCtx =
SecurityUtility.createNettySslContextForClient(config.isTlsAllowInsecureConnection(),
- config.getTlsTrustCertsFilePath());
+ config.getBrokerClientTrustCertsFilePath());
}
ch.pipeline().addLast(TLS_HANDLER,
sslCtx.newHandler(ch.alloc()));
}
diff --git
a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConfiguration.java
b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConfiguration.java
index f947305..69329ef 100644
---
a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConfiguration.java
+++
b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyConfiguration.java
@@ -35,11 +35,11 @@ public class ProxyConfiguration implements
PulsarConfiguration {
// ZooKeeper session timeout
private int zookeeperSessionTimeoutMs = 30_000;
-
- // if Service Discovery is Disabled this url should point to the discovery
service provider.
+
+ // if Service Discovery is Disabled this url should point to the discovery
service provider.
private String brokerServiceURL;
private String brokerServiceURLTLS;
-
+
// Port to use to server binary-proto request
private int servicePort = 6650;
// Port to use to server binary-proto-tls request
@@ -73,6 +73,7 @@ public class ProxyConfiguration implements
PulsarConfiguration {
// Authentication settings of the proxy itself. Used to connect to brokers
private String brokerClientAuthenticationPlugin;
private String brokerClientAuthenticationParameters;
+ private String brokerClientTrustCertsFilePath;
/***** --- TLS --- ****/
// Enable TLS for the proxy handler
@@ -97,33 +98,33 @@ public class ProxyConfiguration implements
PulsarConfiguration {
// Specify the tls cipher the broker will use to negotiate during TLS
Handshake.
// Example:- [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
private Set<String> tlsCiphers = Sets.newTreeSet();
-
+
private Properties properties = new Properties();
public boolean forwardAuthorizationCredentials() {
return forwardAuthorizationCredentials;
}
-
+
public void setForwardAuthorizationCredentials(boolean
forwardAuthorizationCredentials) {
this.forwardAuthorizationCredentials = forwardAuthorizationCredentials;
}
-
+
public String getBrokerServiceURLTLS() {
return brokerServiceURLTLS;
}
-
+
public void setBrokerServiceURLTLS(String discoveryServiceURLTLS) {
this.brokerServiceURLTLS = discoveryServiceURLTLS;
}
-
+
public String getBrokerServiceURL() {
return brokerServiceURL;
}
-
+
public void setBrokerServiceURL(String discoveryServiceURL) {
this.brokerServiceURL = discoveryServiceURL;
}
-
+
public String getZookeeperServers() {
return zookeeperServers;
}
@@ -260,6 +261,14 @@ public class ProxyConfiguration implements
PulsarConfiguration {
this.brokerClientAuthenticationParameters =
brokerClientAuthenticationParameters;
}
+ public String getBrokerClientTrustCertsFilePath() {
+ return this.brokerClientTrustCertsFilePath;
+ }
+
+ public void setBrokerClientTrustCertsFilePath(String
brokerClientTlsTrustCertsFilePath) {
+ this.brokerClientTrustCertsFilePath =
brokerClientTlsTrustCertsFilePath;
+ }
+
public boolean isAuthenticationEnabled() {
return authenticationEnabled;
}
@@ -307,7 +316,7 @@ public class ProxyConfiguration implements
PulsarConfiguration {
public void setProperties(Properties properties) {
this.properties = properties;
}
-
+
public Set<String> getTlsProtocols() {
return tlsProtocols;
}
diff --git
a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyService.java
b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyService.java
index 0ddee42..d95d83c 100644
---
a/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyService.java
+++
b/pulsar-proxy/src/main/java/org/apache/pulsar/proxy/server/ProxyService.java
@@ -102,7 +102,7 @@ public class ProxyService implements Closeable {
}
if (proxyConfig.isTlsEnabledWithBroker()) {
clientConfiguration.setUseTls(true);
-
clientConfiguration.setTlsTrustCertsFilePath(proxyConfig.getTlsTrustCertsFilePath());
+
clientConfiguration.setTlsTrustCertsFilePath(proxyConfig.getBrokerClientTrustCertsFilePath());
clientConfiguration.setTlsAllowInsecureConnection(proxyConfig.isTlsAllowInsecureConnection());
}
diff --git
a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyAuthenticatedProducerConsumerTest.java
b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyAuthenticatedProducerConsumerTest.java
index c62bbc1..626a563 100644
---
a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyAuthenticatedProducerConsumerTest.java
+++
b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyAuthenticatedProducerConsumerTest.java
@@ -89,7 +89,7 @@ public class ProxyAuthenticatedProducerConsumerTest extends
ProducerConsumerBase
conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
conf.setBrokerClientAuthenticationParameters(
"tlsCertFile:" + TLS_CLIENT_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_SERVER_KEY_FILE_PATH);
-
+ conf.setBrokerClientTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
Set<String> providers = new HashSet<>();
providers.add(AuthenticationProviderTls.class.getName());
conf.setAuthenticationProviders(providers);
@@ -113,10 +113,11 @@ public class ProxyAuthenticatedProducerConsumerTest
extends ProducerConsumerBase
proxyConfig.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
proxyConfig.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
proxyConfig.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
-
+
proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
proxyConfig.setBrokerClientAuthenticationParameters(
"tlsCertFile:" + TLS_CLIENT_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_CLIENT_KEY_FILE_PATH);
+
proxyConfig.setBrokerClientTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
proxyConfig.setAuthenticationProviders(providers);
proxyConfig.setZookeeperServers(DUMMY_VALUE);
diff --git
a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationNegTest.java
b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationNegTest.java
similarity index 87%
rename from
pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationNegTest.java
rename to
pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationNegTest.java
index 04717ce..53303b9 100644
---
a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationNegTest.java
+++
b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationNegTest.java
@@ -54,18 +54,18 @@ import org.testng.collections.Maps;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
-public class ProxyWithProxyAuthorizationNegTest extends ProducerConsumerBase {
- private static final Logger log =
LoggerFactory.getLogger(ProxyWithProxyAuthorizationNegTest.class);
-
- private final String TLS_PROXY_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem";
- private final String TLS_PROXY_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-cert.pem";
- private final String TLS_PROXY_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-key.pem";
- private final String TLS_SERVER_CERT_TRUST_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem";
- private final String TLS_SERVER_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-cert.pem";
- private final String TLS_SERVER_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-key.pem";
- private final String TLS_CLIENT_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem";
- private final String TLS_CLIENT_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-cert.pem";
- private final String TLS_CLIENT_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-key.pem";
+public class ProxyWithAuthorizationNegTest extends ProducerConsumerBase {
+ private static final Logger log =
LoggerFactory.getLogger(ProxyWithAuthorizationNegTest.class);
+
+ private final String TLS_PROXY_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cacert.pem";
+ private final String TLS_PROXY_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cert.pem";
+ private final String TLS_PROXY_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-key.pem";
+ private final String TLS_BROKER_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cacert.pem";
+ private final String TLS_BROKER_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cert.pem";
+ private final String TLS_BROKER_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-key.pem";
+ private final String TLS_CLIENT_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cacert.pem";
+ private final String TLS_CLIENT_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cert.pem";
+ private final String TLS_CLIENT_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-key.pem";
private final String TLS_SUPERUSER_CLIENT_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/client-key.pem";
private final String TLS_SUPERUSER_CLIENT_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/client-cert.pem";
private final String TLS_SUPERUSER_CLIENT_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/cacert.pem";
@@ -82,9 +82,9 @@ public class ProxyWithProxyAuthorizationNegTest extends
ProducerConsumerBase {
conf.setAuthorizationEnabled(true);
conf.setTlsEnabled(true);
- conf.setTlsTrustCertsFilePath(TLS_SERVER_CERT_TRUST_FILE_PATH);
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
+ conf.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH);
+ conf.setTlsCertificateFilePath(TLS_BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(TLS_BROKER_KEY_FILE_PATH);
conf.setTlsAllowInsecureConnection(true);
Set<String> superUserRoles = new HashSet<>();
@@ -93,7 +93,7 @@ public class ProxyWithProxyAuthorizationNegTest extends
ProducerConsumerBase {
conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
conf.setBrokerClientAuthenticationParameters(
- "tlsCertFile:" + TLS_SERVER_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_SERVER_KEY_FILE_PATH);
+ "tlsCertFile:" + TLS_BROKER_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_BROKER_KEY_FILE_PATH);
Set<String> providers = new HashSet<>();
providers.add(AuthenticationProviderTls.class.getName());
@@ -119,11 +119,13 @@ public class ProxyWithProxyAuthorizationNegTest extends
ProducerConsumerBase {
// enable tls and auth&auth at proxy
proxyConfig.setTlsCertificateFilePath(TLS_PROXY_CERT_FILE_PATH);
proxyConfig.setTlsKeyFilePath(TLS_PROXY_KEY_FILE_PATH);
- proxyConfig.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH);
+ proxyConfig.setTlsTrustCertsFilePath(TLS_CLIENT_TRUST_CERT_FILE_PATH);
proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
proxyConfig.setBrokerClientAuthenticationParameters(
"tlsCertFile:" + TLS_PROXY_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_PROXY_KEY_FILE_PATH);
+
proxyConfig.setBrokerClientTrustCertsFilePath(TLS_BROKER_TRUST_CERT_FILE_PATH);
+
proxyConfig.setAuthenticationProviders(providers);
proxyService = Mockito.spy(new ProxyService(proxyConfig));
@@ -225,7 +227,7 @@ public class ProxyWithProxyAuthorizationNegTest extends
ProducerConsumerBase {
authTls.configure(authParams);
org.apache.pulsar.client.api.ClientConfiguration clientConf = new
org.apache.pulsar.client.api.ClientConfiguration();
clientConf.setStatsInterval(0, TimeUnit.SECONDS);
-
clientConf.setTlsTrustCertsFilePath(TLS_SUPERUSER_CLIENT_TRUST_CERT_FILE_PATH);
+ clientConf.setTlsTrustCertsFilePath(TLS_BROKER_TRUST_CERT_FILE_PATH);
clientConf.setTlsAllowInsecureConnection(true);
clientConf.setAuthentication(authTls);
clientConf.setUseTls(true);
@@ -241,7 +243,7 @@ public class ProxyWithProxyAuthorizationNegTest extends
ProducerConsumerBase {
authTls.configure(authParams);
org.apache.pulsar.client.api.ClientConfiguration clientConf = new
org.apache.pulsar.client.api.ClientConfiguration();
clientConf.setStatsInterval(0, TimeUnit.SECONDS);
- clientConf.setTlsTrustCertsFilePath(TLS_CLIENT_TRUST_CERT_FILE_PATH);
+ clientConf.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH);
clientConf.setTlsAllowInsecureConnection(true);
clientConf.setAuthentication(authTls);
clientConf.setUseTls(true);
diff --git
a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationTest.java
b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationTest.java
similarity index 92%
rename from
pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationTest.java
rename to
pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationTest.java
index becfc2b..93be90f 100644
---
a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationTest.java
+++
b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithAuthorizationTest.java
@@ -56,18 +56,18 @@ import org.testng.collections.Maps;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
-public class ProxyWithProxyAuthorizationTest extends ProducerConsumerBase {
- private static final Logger log =
LoggerFactory.getLogger(ProxyWithProxyAuthorizationTest.class);
-
- private final String TLS_PROXY_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem";
- private final String TLS_PROXY_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-cert.pem";
- private final String TLS_PROXY_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-key.pem";
- private final String TLS_SERVER_CERT_TRUST_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem";
- private final String TLS_SERVER_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-cert.pem";
- private final String TLS_SERVER_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-key.pem";
- private final String TLS_CLIENT_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem";
- private final String TLS_CLIENT_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-cert.pem";
- private final String TLS_CLIENT_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-key.pem";
+public class ProxyWithAuthorizationTest extends ProducerConsumerBase {
+ private static final Logger log =
LoggerFactory.getLogger(ProxyWithAuthorizationTest.class);
+
+ private final String TLS_PROXY_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cacert.pem";
+ private final String TLS_PROXY_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cert.pem";
+ private final String TLS_PROXY_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-key.pem";
+ private final String TLS_BROKER_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cacert.pem";
+ private final String TLS_BROKER_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cert.pem";
+ private final String TLS_BROKER_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-key.pem";
+ private final String TLS_CLIENT_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cacert.pem";
+ private final String TLS_CLIENT_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cert.pem";
+ private final String TLS_CLIENT_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-key.pem";
private final String TLS_SUPERUSER_CLIENT_KEY_FILE_PATH =
"./src/test/resources/authentication/tls/client-key.pem";
private final String TLS_SUPERUSER_CLIENT_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/client-cert.pem";
private final String TLS_SUPERUSER_CLIENT_TRUST_CERT_FILE_PATH =
"./src/test/resources/authentication/tls/cacert.pem";
@@ -144,9 +144,9 @@ public class ProxyWithProxyAuthorizationTest extends
ProducerConsumerBase {
conf.setAuthorizationEnabled(true);
conf.setTlsEnabled(true);
- conf.setTlsTrustCertsFilePath(TLS_SERVER_CERT_TRUST_FILE_PATH);
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
+ conf.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH);
+ conf.setTlsCertificateFilePath(TLS_BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(TLS_BROKER_KEY_FILE_PATH);
conf.setTlsAllowInsecureConnection(true);
Set<String> superUserRoles = new HashSet<>();
@@ -155,8 +155,8 @@ public class ProxyWithProxyAuthorizationTest extends
ProducerConsumerBase {
conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
conf.setBrokerClientAuthenticationParameters(
- "tlsCertFile:" + TLS_SERVER_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_SERVER_KEY_FILE_PATH);
-
+ "tlsCertFile:" + TLS_BROKER_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_BROKER_KEY_FILE_PATH);
+
conf.setBrokerClientTrustCertsFilePath(TLS_BROKER_TRUST_CERT_FILE_PATH);
Set<String> providers = new HashSet<>();
providers.add(AuthenticationProviderTls.class.getName());
conf.setAuthenticationProviders(providers);
@@ -181,8 +181,8 @@ public class ProxyWithProxyAuthorizationTest extends
ProducerConsumerBase {
// enable tls and auth&auth at proxy
proxyConfig.setTlsCertificateFilePath(TLS_PROXY_CERT_FILE_PATH);
proxyConfig.setTlsKeyFilePath(TLS_PROXY_KEY_FILE_PATH);
- proxyConfig.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH);
-
+ proxyConfig.setTlsTrustCertsFilePath(TLS_CLIENT_TRUST_CERT_FILE_PATH);
+
proxyConfig.setBrokerClientTrustCertsFilePath(TLS_BROKER_TRUST_CERT_FILE_PATH);
proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
proxyConfig.setBrokerClientAuthenticationParameters(
"tlsCertFile:" + TLS_PROXY_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_PROXY_KEY_FILE_PATH);
@@ -396,12 +396,12 @@ public class ProxyWithProxyAuthorizationTest extends
ProducerConsumerBase {
// enable tls and auth&auth at proxy
proxyConfig.setTlsCertificateFilePath(TLS_PROXY_CERT_FILE_PATH);
proxyConfig.setTlsKeyFilePath(TLS_PROXY_KEY_FILE_PATH);
- proxyConfig.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH);
+ proxyConfig.setTlsTrustCertsFilePath(TLS_CLIENT_TRUST_CERT_FILE_PATH);
proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
proxyConfig.setBrokerClientAuthenticationParameters(
"tlsCertFile:" + TLS_PROXY_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_PROXY_KEY_FILE_PATH);
-
+
proxyConfig.setBrokerClientTrustCertsFilePath(TLS_BROKER_TRUST_CERT_FILE_PATH);
Set<String> providers = new HashSet<>();
providers.add(AuthenticationProviderTls.class.getName());
conf.setAuthenticationProviders(providers);
@@ -448,7 +448,7 @@ public class ProxyWithProxyAuthorizationTest extends
ProducerConsumerBase {
authTls.configure(authParams);
org.apache.pulsar.client.api.ClientConfiguration clientConf = new
org.apache.pulsar.client.api.ClientConfiguration();
clientConf.setStatsInterval(0, TimeUnit.SECONDS);
-
clientConf.setTlsTrustCertsFilePath(TLS_SUPERUSER_CLIENT_TRUST_CERT_FILE_PATH);
+ clientConf.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH);
clientConf.setTlsAllowInsecureConnection(true);
clientConf.setAuthentication(authTls);
clientConf.setUseTls(true);
@@ -463,7 +463,7 @@ public class ProxyWithProxyAuthorizationTest extends
ProducerConsumerBase {
Authentication authTls = new AuthenticationTls();
authTls.configure(authParams);
clientConf.setStatsInterval(0, TimeUnit.SECONDS);
- clientConf.setTlsTrustCertsFilePath(TLS_CLIENT_TRUST_CERT_FILE_PATH);
+ clientConf.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH);
clientConf.setTlsAllowInsecureConnection(true);
clientConf.setAuthentication(authTls);
clientConf.setUseTls(true);
diff --git
a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java
b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java
index 6b47d2d..5a872ce 100644
---
a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java
+++
b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java
@@ -116,6 +116,8 @@ public class ProxyWithoutServiceDiscoveryTest extends
ProducerConsumerBase {
proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
proxyConfig.setBrokerClientAuthenticationParameters(
"tlsCertFile:" + TLS_CLIENT_CERT_FILE_PATH + "," +
"tlsKeyFile:" + TLS_CLIENT_KEY_FILE_PATH);
+
proxyConfig.setBrokerClientTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
+
proxyConfig.setAuthenticationProviders(providers);
proxyService = Mockito.spy(new ProxyService(proxyConfig));
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cacert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cacert.pem
new file mode 100644
index 0000000..08cfc67
--- /dev/null
+++
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cacert.pem
@@ -0,0 +1,62 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ c1:32:3f:61:ff:0d:77:64
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=CA, O=Apache Pulsar, OU=Broker, CN=Broker
+ Validity
+ Not Before: Feb 18 03:51:25 2018 GMT
+ Not After : Feb 17 03:51:25 2021 GMT
+ Subject: C=US, ST=CA, O=Apache Pulsar, OU=Broker, CN=Broker
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:ba:01:81:08:33:0c:38:03:e1:3b:7d:9e:0c:c5:
+ 9f:1e:c6:18:31:21:2d:67:1a:69:52:e0:76:52:c8:
+ 7b:c3:83:83:31:e1:5b:3f:4f:ad:7c:75:59:a1:39:
+ df:a3:7b:a2:e6:e7:10:02:8f:2f:ad:13:9c:8a:f6:
+ 13:b1:43:6e:54:cd:a5:fe:35:57:ef:e1:a8:f3:48:
+ 09:ad:a7:1b:6d:ae:db:73:52:1c:0b:95:eb:da:e2:
+ fa:4e:4b:d8:78:77:a1:61:8d:a3:e0:f9:9a:49:87:
+ 42:45:71:2e:a8:7a:d1:1e:c3:1d:ea:40:3f:3a:7c:
+ a6:e3:34:ec:db:53:e7:d3:a9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 54:D1:B0:95:A0:92:D5:5A:C0:35:8F:6C:EE:D5:6C:4E:90:48:2E:10
+ X509v3 Authority Key Identifier:
+
keyid:54:D1:B0:95:A0:92:D5:5A:C0:35:8F:6C:EE:D5:6C:4E:90:48:2E:10
+ DirName:/C=US/ST=CA/O=Apache Pulsar/OU=Broker/CN=Broker
+ serial:C1:32:3F:61:FF:0D:77:64
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 81:81:2e:55:77:02:81:a6:dc:31:ce:ee:50:1e:c4:79:6f:14:
+ b0:5e:b3:85:99:0e:29:ba:ab:5e:b5:0b:f7:aa:71:bb:20:ae:
+ 7a:08:1e:f3:5a:7a:a1:7d:b9:a6:89:9e:89:d4:a3:c5:68:22:
+ 04:99:99:b0:e7:a8:c1:ac:17:76:1e:3d:e9:07:62:99:da:38:
+ ec:0e:7c:d8:3e:bc:0c:cb:71:31:9f:d1:6a:5c:d3:b1:1b:82:
+ 11:8e:69:b7:f9:1c:a7:19:b8:6d:a4:2d:6a:85:8f:5f:f5:e3:
+ 32:47:8b:85:47:ba:ef:66:c1:ad:f7:1f:b6:f2:9b:9a:65:3f:
+ 2f:42
+-----BEGIN CERTIFICATE-----
+MIIC3jCCAkegAwIBAgIJAMEyP2H/DXdkMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1bHNhcjEPMA0G
+A1UECxMGQnJva2VyMQ8wDQYDVQQDEwZCcm9rZXIwHhcNMTgwMjE4MDM1MTI1WhcN
+MjEwMjE3MDM1MTI1WjBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNV
+BAoTDUFwYWNoZSBQdWxzYXIxDzANBgNVBAsTBkJyb2tlcjEPMA0GA1UEAxMGQnJv
+a2VyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6AYEIMww4A+E7fZ4MxZ8e
+xhgxIS1nGmlS4HZSyHvDg4Mx4Vs/T618dVmhOd+je6Lm5xACjy+tE5yK9hOxQ25U
+zaX+NVfv4ajzSAmtpxttrttzUhwLleva4vpOS9h4d6FhjaPg+ZpJh0JFcS6oetEe
+wx3qQD86fKbjNOzbU+fTqQIDAQABo4G3MIG0MB0GA1UdDgQWBBRU0bCVoJLVWsA1
+j2zu1WxOkEguEDCBhAYDVR0jBH0we4AUVNGwlaCS1VrANY9s7tVsTpBILhChWKRW
+MFQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1
+bHNhcjEPMA0GA1UECxMGQnJva2VyMQ8wDQYDVQQDEwZCcm9rZXKCCQDBMj9h/w13
+ZDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIGBLlV3AoGm3DHO7lAe
+xHlvFLBes4WZDim6q161C/eqcbsgrnoIHvNaeqF9uaaJnonUo8VoIgSZmbDnqMGs
+F3YePekHYpnaOOwOfNg+vAzLcTGf0Wpc07EbghGOabf5HKcZuG2kLWqFj1/14zJH
+i4VHuu9mwa33H7bym5plPy9C
+-----END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cert.pem
new file mode 100644
index 0000000..5ce3ce5
--- /dev/null
+++
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cert.pem
@@ -0,0 +1,72 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ c1:32:3f:61:ff:0d:77:65
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=CA, O=Apache Pulsar, OU=Broker, CN=Broker
+ Validity
+ Not Before: Feb 18 03:53:39 2018 GMT
+ Not After : Nov 16 00:00:00 2030 GMT
+ Subject: C=US, ST=CA, O=Apache Pulsar, OU=Broker, CN=Broker
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:ca:77:dc:2a:13:25:24:cb:29:62:06:12:5f:a8:
+ 92:c9:53:d6:3f:07:ca:aa:0a:5f:72:92:cd:b7:ea:
+ 45:47:71:f0:63:4f:58:1a:3d:fa:ce:a6:73:90:c0:
+ a9:f7:25:f0:76:75:ed:b2:03:17:be:d8:8a:56:f3:
+ 4f:6a:4c:7e:03:65:95:e5:45:eb:8d:47:e8:60:5e:
+ 9e:38:74:50:54:65:a0:ec:d8:5c:65:60:34:1b:96:
+ 83:7d:71:d4:5d:7f:e3:62:59:67:e8:f0:d6:24:7d:
+ c0:6e:37:03:54:4c:3d:0c:33:39:9b:33:e1:52:44:
+ c5:43:da:ea:ee:2c:f3:1c:16:2e:46:4c:7c:9f:5d:
+ 4d:6e:fe:8c:23:9e:f7:7e:9f:39:c1:71:06:52:f4:
+ 26:9a:22:d4:cf:c5:25:39:a9:d2:e4:24:c6:d8:4a:
+ 48:a2:ee:76:25:cb:3c:f0:bf:cd:10:77:ff:81:11:
+ 43:21:cc:3b:cc:10:7a:07:84:fc:cc:02:a2:45:de:
+ 91:2d:6b:d1:ed:17:1a:d0:46:f4:ae:7d:b3:89:f8:
+ 31:77:95:e5:46:b1:a9:31:d6:d8:e3:47:00:b2:81:
+ 81:db:8a:1c:d9:f1:cd:e3:4d:35:f6:38:91:0d:ea:
+ 07:f0:b0:06:4f:2c:4c:75:c2:37:ff:35:0d:b1:42:
+ 06:0b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 71:34:A9:AE:A7:29:C0:93:85:07:94:FE:63:AE:61:91:1D:7B:57:7D
+ X509v3 Authority Key Identifier:
+
keyid:54:D1:B0:95:A0:92:D5:5A:C0:35:8F:6C:EE:D5:6C:4E:90:48:2E:10
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 24:ce:79:65:1d:bd:1a:4b:0f:7b:c2:91:e5:0b:43:4b:c7:28:
+ c0:b7:77:9b:57:ca:c7:05:37:46:2d:f9:cd:1f:f9:f7:95:44:
+ 39:e9:69:64:c1:33:6e:0f:dd:56:dc:e7:f4:18:aa:e6:92:8a:
+ f1:73:ff:90:72:a1:2c:46:e5:14:9a:d7:25:fe:ac:aa:3c:bc:
+ 81:50:d0:09:1a:e8:2e:3b:bc:77:ac:e1:f7:ef:eb:7d:76:44:
+ 5f:29:a9:2f:4a:92:33:2d:60:0f:d5:6d:12:c4:e3:a4:4a:eb:
+ 95:8c:d8:06:06:59:c1:3e:31:12:de:23:ac:af:75:0e:9c:b0:
+ 9a:a5
+-----BEGIN CERTIFICATE-----
+MIIDJTCCAo6gAwIBAgIJAMEyP2H/DXdlMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1bHNhcjEPMA0G
+A1UECxMGQnJva2VyMQ8wDQYDVQQDEwZCcm9rZXIwHhcNMTgwMjE4MDM1MzM5WhcN
+MzAxMTE2MDAwMDAwWjBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNV
+BAoTDUFwYWNoZSBQdWxzYXIxDzANBgNVBAsTBkJyb2tlcjEPMA0GA1UEAxMGQnJv
+a2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynfcKhMlJMspYgYS
+X6iSyVPWPwfKqgpfcpLNt+pFR3HwY09YGj36zqZzkMCp9yXwdnXtsgMXvtiKVvNP
+akx+A2WV5UXrjUfoYF6eOHRQVGWg7NhcZWA0G5aDfXHUXX/jYlln6PDWJH3AbjcD
+VEw9DDM5mzPhUkTFQ9rq7izzHBYuRkx8n11Nbv6MI573fp85wXEGUvQmmiLUz8Ul
+OanS5CTG2EpIou52Jcs88L/NEHf/gRFDIcw7zBB6B4T8zAKiRd6RLWvR7Rca0Eb0
+rn2zifgxd5XlRrGpMdbY40cAsoGB24oc2fHN40019jiRDeoH8LAGTyxMdcI3/zUN
+sUIGCwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUcTSprqcpwJOFB5T+Y65h
+kR17V30wHwYDVR0jBBgwFoAUVNGwlaCS1VrANY9s7tVsTpBILhAwDQYJKoZIhvcN
+AQEFBQADgYEAJM55ZR29GksPe8KR5QtDS8cowLd3m1fKxwU3Ri35zR/595VEOelp
+ZMEzbg/dVtzn9Biq5pKK8XP/kHKhLEblFJrXJf6sqjy8gVDQCRroLju8d6zh9+/r
+fXZEXympL0qSMy1gD9VtEsTjpErrlYzYBgZZwT4xEt4jrK91DpywmqU=
+-----END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-key.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-key.pem
new file mode 100644
index 0000000..63bbb7b
--- /dev/null
+++
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDKd9wqEyUkyyli
+BhJfqJLJU9Y/B8qqCl9yks236kVHcfBjT1gaPfrOpnOQwKn3JfB2de2yAxe+2IpW
+809qTH4DZZXlReuNR+hgXp44dFBUZaDs2FxlYDQbloN9cdRdf+NiWWfo8NYkfcBu
+NwNUTD0MMzmbM+FSRMVD2uruLPMcFi5GTHyfXU1u/owjnvd+nznBcQZS9CaaItTP
+xSU5qdLkJMbYSkii7nYlyzzwv80Qd/+BEUMhzDvMEHoHhPzMAqJF3pEta9HtFxrQ
+RvSufbOJ+DF3leVGsakx1tjjRwCygYHbihzZ8c3jTTX2OJEN6gfwsAZPLEx1wjf/
+NQ2xQgYLAgMBAAECggEARpLZD2F1BQo79osfRHDCGaM7fuT8Y6ER/CHnyz/BvlGc
+9UDm+N652eZzSfWeSSPUWbZpkC87y643Km/NMsRO+Ggkg7KHlMuH2G+ivxLsHT7/
+hQ81xbBu+V7Rnpxa5ex6GgIIEk5Alp+uv7w1UODyNpp0bgD7fW2zRR+93B+W7ia+
+aWLcFur1LgGUVpqmlDKZBLD+q3oJ7ddi/uam8WS41IxtUvUVW4L8Pz4sCGjVqEMC
+1SbUuuNT5dWLas21c5RhLn1mfyKzLSfeL63+WLuaEobR3GpLDJeG/P6CUCJfrN+j
+NtTDFq89QxGzgN6Rvy9MuHC4kHWHvgGlfZ7uZdzWgQKBgQDl3CabW+ZNPCZk3JHU
+fGI0Xb3jQElooXOqZOH+FgGKnrbNb7j04Gjs1P4/XibnVsvgwCL8TbR1hgBD6/Qx
+z0Sd2T0nwCmLyO9LzyOrlpcKaKF+4OYFPKiqZGV1jXhCQXH9b7IXufS8U4uXwD+Z
+elw5MOD6DON7ud9V5E/J5ST58QKBgQDhfkKvtgzaLPD17Bx0M30buHzQuQHplpc4
+J0WGWUXR6rui5tCeHoASAl+UNAFReWJ7Ra+iTHMNqwolVsSQVzmX6e8342f9y0bV
+3iv1ge/dA75gEqxifqSXHVm6T/j40DBIr4fwjl5L2qCB/JKCyRvoCK3pDrYZLXWP
+DRWhssujuwKBgQCfQBhrWI9FgV/kT0Clo4tyVmQBtv9lAz6clgpQvDRTMsTZrgbJ
+eVSYiLSheHyhmGvmCZfzj25wYed7J1Vm0P/sEJ8jFCp0k0DfF+LRtaJtbrI8sloK
+1MzSSH5WpC3mUWtFOAZ+E7Kwa31yJJqrna+ZW/jypM1SYiOOYYC6Ewy8MQKBgFdq
+GPQBAQ57KZZMR+OMKk3awRgxAFrLdCfioYMpjHWKJ99I10rUzBUvMlpDptcs1U6w
+fxvNwzRjP/Wlo2HJTpxjpcbms2Ohr/4suKHeE1x8nQqlcopkSe4DBMvDQOND4dPr
+qClLJ6cERADgJvPofpb+9lxIxbMQ+mfQTLh4lZUNAoGAPfAhkt8i6L3VkBIMaV9X
+U+6q4brsT0dNLOO/lgf5FXQuCg0WIgBIb1vrGDD1i9WAUiNN8zzYK9UxqjpAtRAe
+LgPYX5GHXR0ceR0MQNHdbc4RRjJbPmgey+d7pc9EUn8WWt/uXIeo01DHBPPjsgHr
+k/JZjqmRla+2pklmoG2sfI0=
+-----END PRIVATE KEY-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cacert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cacert.pem
new file mode 100644
index 0000000..2940c4c
--- /dev/null
+++
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cacert.pem
@@ -0,0 +1,62 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ f8:db:4d:4a:12:e2:bf:0a
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=CA, O=Apache Pulsar, OU=Client, CN=Client
+ Validity
+ Not Before: Feb 18 03:56:51 2018 GMT
+ Not After : Feb 17 03:56:51 2021 GMT
+ Subject: C=US, ST=CA, O=Apache Pulsar, OU=Client, CN=Client
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c9:b4:bc:fe:63:eb:34:97:fb:c2:bd:84:d4:47:
+ ea:5e:21:3f:ce:7e:0b:38:b9:a7:5c:9b:02:93:34:
+ 06:68:1c:2c:7e:5a:d9:a9:c6:db:39:d5:5a:40:52:
+ e8:63:bb:db:76:78:8a:8c:a7:cb:dc:23:9e:b2:56:
+ 6a:c9:4f:5e:8d:f0:50:1c:2f:68:ef:0e:03:d7:e9:
+ 30:0e:6e:45:eb:a6:39:0d:67:9c:b2:f7:10:e7:a5:
+ a4:f3:4a:6e:0d:d3:86:6f:16:66:15:04:fb:4f:95:
+ f1:bd:c2:36:3c:5d:b3:c3:7b:a9:36:c5:f1:1a:64:
+ c6:b5:f7:ff:c2:be:09:c0:35
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 4F:E4:CE:4A:8E:79:B6:43:C0:A4:9F:8B:78:A9:6F:BD:60:81:46:54
+ X509v3 Authority Key Identifier:
+
keyid:4F:E4:CE:4A:8E:79:B6:43:C0:A4:9F:8B:78:A9:6F:BD:60:81:46:54
+ DirName:/C=US/ST=CA/O=Apache Pulsar/OU=Client/CN=Client
+ serial:F8:DB:4D:4A:12:E2:BF:0A
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 85:04:19:99:c8:27:4f:f2:60:71:6b:f4:25:d0:b2:d0:eb:6a:
+ d8:1a:1d:5f:c5:a5:c5:af:1b:41:16:30:a2:42:f2:53:85:5e:
+ 42:03:9d:e8:75:35:14:46:91:18:b3:12:ad:b8:db:7f:12:0f:
+ 32:8b:02:ff:51:0c:ce:d9:15:01:98:11:81:61:e0:f2:52:d3:
+ 36:2b:9f:b5:93:67:80:70:57:b8:cb:a3:5d:94:14:93:cd:f7:
+ a4:b0:d0:43:a6:f7:5e:c1:bc:b1:95:1e:dc:2d:b4:67:65:24:
+ 6b:9d:eb:fc:ef:6f:ea:ea:c6:59:4c:fe:05:3f:48:89:47:a1:
+ f2:b1
+-----BEGIN CERTIFICATE-----
+MIIC3jCCAkegAwIBAgIJAPjbTUoS4r8KMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1bHNhcjEPMA0G
+A1UECxMGQ2xpZW50MQ8wDQYDVQQDEwZDbGllbnQwHhcNMTgwMjE4MDM1NjUxWhcN
+MjEwMjE3MDM1NjUxWjBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNV
+BAoTDUFwYWNoZSBQdWxzYXIxDzANBgNVBAsTBkNsaWVudDEPMA0GA1UEAxMGQ2xp
+ZW50MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJtLz+Y+s0l/vCvYTUR+pe
+IT/Ofgs4uadcmwKTNAZoHCx+Wtmpxts51VpAUuhju9t2eIqMp8vcI56yVmrJT16N
+8FAcL2jvDgPX6TAObkXrpjkNZ5yy9xDnpaTzSm4N04ZvFmYVBPtPlfG9wjY8XbPD
+e6k2xfEaZMa19//CvgnANQIDAQABo4G3MIG0MB0GA1UdDgQWBBRP5M5Kjnm2Q8Ck
+n4t4qW+9YIFGVDCBhAYDVR0jBH0we4AUT+TOSo55tkPApJ+LeKlvvWCBRlShWKRW
+MFQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1
+bHNhcjEPMA0GA1UECxMGQ2xpZW50MQ8wDQYDVQQDEwZDbGllbnSCCQD4201KEuK/
+CjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIUEGZnIJ0/yYHFr9CXQ
+stDratgaHV/FpcWvG0EWMKJC8lOFXkIDneh1NRRGkRizEq24238SDzKLAv9RDM7Z
+FQGYEYFh4PJS0zYrn7WTZ4BwV7jLo12UFJPN96Sw0EOm917BvLGVHtwttGdlJGud
+6/zvb+rqxllM/gU/SIlHofKx
+-----END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cert.pem
new file mode 100644
index 0000000..2412bc0
--- /dev/null
+++
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-cert.pem
@@ -0,0 +1,72 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ f8:db:4d:4a:12:e2:bf:0b
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=CA, O=Apache Pulsar, OU=Client, CN=Client
+ Validity
+ Not Before: Feb 18 03:58:13 2018 GMT
+ Not After : Nov 16 00:00:00 2030 GMT
+ Subject: C=US, ST=CA, O=Apache Pulsar, OU=Client, CN=Client
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:de:1e:10:bd:64:13:c1:6c:7a:49:86:01:3b:ab:
+ ab:1d:ec:b2:93:41:6c:6c:21:f2:e6:15:1b:51:ce:
+ ad:67:fd:18:3e:7f:7a:64:a2:62:5f:2e:0b:59:b4:
+ ed:d9:17:0e:b7:bc:50:66:41:b7:e3:c4:71:c9:73:
+ 73:3d:d8:6d:34:80:f2:e3:b9:98:8f:2b:54:14:95:
+ b3:51:1b:d6:91:85:cd:b7:34:a2:50:b6:f1:86:6e:
+ 07:30:fa:ae:55:a0:5d:f9:7c:1c:91:50:62:7d:bb:
+ 14:86:92:0a:ac:29:3e:28:1b:99:ca:30:63:dc:a9:
+ 5f:05:f8:38:3e:30:10:02:9f:cc:94:d7:47:e0:1a:
+ f4:1c:68:96:3d:12:5e:58:21:41:2c:ec:96:ad:9e:
+ 08:56:83:7a:92:5f:4b:e6:bd:01:16:70:28:af:aa:
+ 27:1d:c4:fe:b2:09:bf:a5:b4:47:d9:58:4b:fe:41:
+ 81:0e:a2:46:57:c1:39:7c:8d:e4:b1:a7:25:e6:b4:
+ dd:f3:9e:24:c9:e7:c0:8c:1a:b4:ab:dd:b9:33:bf:
+ 11:cb:be:bb:22:f7:fc:ad:c4:40:41:d7:ef:37:08:
+ 1a:95:45:1f:db:14:5f:0b:f8:48:ff:41:24:cb:5c:
+ 8e:18:48:4c:5f:19:e9:b0:7b:22:d3:bc:42:32:45:
+ 9a:d1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ E1:E9:57:60:A7:47:48:F0:1F:A8:C6:2F:95:BF:3A:42:DB:BC:7A:4D
+ X509v3 Authority Key Identifier:
+
keyid:4F:E4:CE:4A:8E:79:B6:43:C0:A4:9F:8B:78:A9:6F:BD:60:81:46:54
+
+ Signature Algorithm: sha1WithRSAEncryption
+ a5:eb:02:90:4c:a3:33:e4:6c:c3:47:66:94:d8:3c:05:c0:ac:
+ f4:44:56:de:85:a8:41:4a:bb:28:0f:7e:aa:b9:58:40:a4:22:
+ b3:a3:46:94:42:0c:f2:93:0e:b5:c1:17:29:58:48:12:4a:3d:
+ 83:40:e0:6b:07:11:54:ca:7b:58:a8:f3:7a:e4:3d:69:aa:04:
+ 2e:3a:5e:d8:c1:ac:08:2f:41:17:b4:cb:35:89:00:65:f1:2b:
+ 07:80:4c:c2:90:49:cd:2d:ca:43:8c:64:c1:eb:8a:b3:88:d1:
+ 4b:50:95:14:41:4b:b7:76:b2:10:97:52:63:bf:17:c7:36:6f:
+ d8:bb
+-----BEGIN CERTIFICATE-----
+MIIDJTCCAo6gAwIBAgIJAPjbTUoS4r8LMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1bHNhcjEPMA0G
+A1UECxMGQ2xpZW50MQ8wDQYDVQQDEwZDbGllbnQwHhcNMTgwMjE4MDM1ODEzWhcN
+MzAxMTE2MDAwMDAwWjBUMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNV
+BAoTDUFwYWNoZSBQdWxzYXIxDzANBgNVBAsTBkNsaWVudDEPMA0GA1UEAxMGQ2xp
+ZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3h4QvWQTwWx6SYYB
+O6urHeyyk0FsbCHy5hUbUc6tZ/0YPn96ZKJiXy4LWbTt2RcOt7xQZkG348RxyXNz
+PdhtNIDy47mYjytUFJWzURvWkYXNtzSiULbxhm4HMPquVaBd+XwckVBifbsUhpIK
+rCk+KBuZyjBj3KlfBfg4PjAQAp/MlNdH4Br0HGiWPRJeWCFBLOyWrZ4IVoN6kl9L
+5r0BFnAor6onHcT+sgm/pbRH2VhL/kGBDqJGV8E5fI3ksacl5rTd854kyefAjBq0
+q925M78Ry767Ivf8rcRAQdfvNwgalUUf2xRfC/hI/0Eky1yOGEhMXxnpsHsi07xC
+MkWa0QIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
+IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU4elXYKdHSPAfqMYvlb86
+Qtu8ek0wHwYDVR0jBBgwFoAUT+TOSo55tkPApJ+LeKlvvWCBRlQwDQYJKoZIhvcN
+AQEFBQADgYEApesCkEyjM+Rsw0dmlNg8BcCs9ERW3oWoQUq7KA9+qrlYQKQis6NG
+lEIM8pMOtcEXKVhIEko9g0DgawcRVMp7WKjzeuQ9aaoELjpe2MGsCC9BF7TLNYkA
+ZfErB4BMwpBJzS3KQ4xkweuKs4jRS1CVFEFLt3ayEJdSY78XxzZv2Ls=
+-----END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-key.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-key.pem
new file mode 100644
index 0000000..0f8ce46
--- /dev/null
+++
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/client-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDeHhC9ZBPBbHpJ
+hgE7q6sd7LKTQWxsIfLmFRtRzq1n/Rg+f3pkomJfLgtZtO3ZFw63vFBmQbfjxHHJ
+c3M92G00gPLjuZiPK1QUlbNRG9aRhc23NKJQtvGGbgcw+q5VoF35fByRUGJ9uxSG
+kgqsKT4oG5nKMGPcqV8F+Dg+MBACn8yU10fgGvQcaJY9El5YIUEs7JatnghWg3qS
+X0vmvQEWcCivqicdxP6yCb+ltEfZWEv+QYEOokZXwTl8jeSxpyXmtN3zniTJ58CM
+GrSr3bkzvxHLvrsi9/ytxEBB1+83CBqVRR/bFF8L+Ej/QSTLXI4YSExfGemweyLT
+vEIyRZrRAgMBAAECggEBAIOeh0bjLb25fUFiMgrc8Bpcb3lJFGmDOH9U1IqGkUUE
+ukAWpD1L6EUEcN9okmTJAASqh24A1WoXt2Grkwd730J0gvmkuh1kjH9iMg8HEv/K
+rRs6ClEQB1EklAhXE8VTsTwsanVFkAd3O3N+yOo5ykZUDK6+O/6/MrrD2vgm3OXg
+FnqfS3JLZvMy7Q7xPxUZquuwi7sdSSgvmh1krwhrX12ZT5AncAySflnhutB1DpbE
+0M9YJ35XDAxGpgRvWGFxvK9fCWaVSgxTgMPOuEoaCN90Qj1sEdGhvuvNQZ2EVp20
+oAs3p3NnpToppXXQ8cnYwtPD+J4AMwOuEKmwpCSgLa0CgYEA/DDFxGWQ0D1BziUl
+M9yjjZQXQJLXlUW4E6vFb68LG0xWU8ZrXKomHQC5AVZb+FL0RlWvwlFd6ENVK+eI
+kswbDDN4h15Sgvz/6gVHR7u6wh5xwwU76UDaAfnA3e8qr82PQopKuM//5L88sgr8
+Eu3FwzO5URZdgnQu5HlJWcMl3C8CgYEA4Xj/3cqqkIRVnbOD5ETP5Z8L6J7VG7f2
+Yuf0Jd6ECd4cF3em7gWfgiOleObRDJxdoXIqdMsvj4SASd2GEb6qu4a3GIWnmW5d
+wUP0GfWPRZIiN8cwHXnBbJHTc3GgX2cT2zOUiDULQgnRe/GY7drbODX/UC0NAOHq
+HOg758yrOP8CgYBCUkVAQAGUcfejUet1txmf+wkeZz+gtwQQ0ESM+XivRiURxQWp
+CeoaCH2e12o6ZP5unMwrCyDqGwMEF9C34kteqw6QcwK6BfT7Q0YanEkiEcWTJwY5
+cl+i016gPux37VQ2iI3cCn9eVdiNbgwaokM28ZxTsdEHpKxMU4UxwPts6wKBgGzm
+6n6Pss5WfJvM5vlMGzYHGdNjU/8tXX3sFsprrU6uztau3hu874wF95hrs7DpnXer
+EsKSmQgysVv7+RN9Ci3FJY5cj9TVr8b3MWGQb4Dk0k4qkRzLgBcWYBE0Yodx2+9V
+/HnFVQiygVHiIUFRIe0Gd6ib+dnhRBhuOvD8s/61AoGBAKTvA19eVpXmgex9kuWs
+RbVg08bF1lKReViwZQ0PzuOiymscGRjhR7F7FgqI9cls89jY4TLXrwWSja2Pxkvs
+hudBnEs5eOVt/7FC498TjVfmaHF0mXWUgrO4oJXUDlHLZFMMnimUyKmYLAK+Sy9q
+TFyi5AtZ/eoXLFh2FXuhjFAG
+-----END PRIVATE KEY-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cacert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cacert.pem
new file mode 100644
index 0000000..1f71b88
--- /dev/null
+++
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cacert.pem
@@ -0,0 +1,62 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ a5:2d:2e:41:e9:fc:8a:91
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=CA, O=Apache Pulsar, OU=Proxy, CN=Proxy
+ Validity
+ Not Before: Feb 18 04:00:32 2018 GMT
+ Not After : Feb 17 04:00:32 2021 GMT
+ Subject: C=US, ST=CA, O=Apache Pulsar, OU=Proxy, CN=Proxy
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:aa:ce:ea:82:4f:ac:a8:97:7b:0c:33:cd:ef:7f:
+ 24:45:e5:81:a2:2c:7a:ab:65:34:27:27:39:ae:f4:
+ b2:f3:0e:cc:08:3b:8e:1d:78:95:aa:95:01:0e:a3:
+ df:db:4b:9a:ad:85:e6:af:96:16:41:35:dc:b2:23:
+ 03:ff:b9:d6:75:25:29:37:f5:3f:26:43:c3:36:a0:
+ 9c:0f:36:a5:91:dd:7d:18:5d:45:24:d3:f6:bf:86:
+ 91:91:10:b5:00:bf:12:6a:01:9f:28:38:01:08:5f:
+ fd:a8:6d:98:33:cc:77:fb:a1:fe:06:59:92:6d:0b:
+ 14:bc:9b:59:fd:98:69:ec:6d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 4F:39:5A:C4:BF:78:EF:3D:FC:F1:68:5A:F6:B9:4B:D2:B7:03:C7:87
+ X509v3 Authority Key Identifier:
+
keyid:4F:39:5A:C4:BF:78:EF:3D:FC:F1:68:5A:F6:B9:4B:D2:B7:03:C7:87
+ DirName:/C=US/ST=CA/O=Apache Pulsar/OU=Proxy/CN=Proxy
+ serial:A5:2D:2E:41:E9:FC:8A:91
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ 84:e1:30:a5:a5:7e:39:9b:2a:1f:cb:1e:67:c6:00:75:f3:8f:
+ 6a:d0:ef:d7:46:39:2c:b6:ba:1f:03:7d:eb:cf:22:ef:46:82:
+ bb:89:08:dd:3f:28:b3:6e:79:1a:14:26:ed:38:2f:f0:c9:fe:
+ 7f:72:5c:8a:82:b8:05:fe:f7:45:6c:e9:6e:ff:f9:d3:a4:60:
+ 1a:e9:7b:71:c8:a1:80:3d:0f:33:44:06:30:c7:c9:2f:8f:e4:
+ 5d:68:25:cb:28:49:5a:5d:ac:10:f7:d2:90:cf:0c:1f:ff:7c:
+ 7b:04:95:a7:b9:27:d9:66:ac:73:6e:92:84:de:68:fc:86:27:
+ e8:d3
+-----BEGIN CERTIFICATE-----
+MIIC2DCCAkGgAwIBAgIJAKUtLkHp/IqRMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1bHNhcjEOMAwG
+A1UECxMFUHJveHkxDjAMBgNVBAMTBVByb3h5MB4XDTE4MDIxODA0MDAzMloXDTIx
+MDIxNzA0MDAzMlowUjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQK
+Ew1BcGFjaGUgUHVsc2FyMQ4wDAYDVQQLEwVQcm94eTEOMAwGA1UEAxMFUHJveHkw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKrO6oJPrKiXewwzze9/JEXlgaIs
+eqtlNCcnOa70svMOzAg7jh14laqVAQ6j39tLmq2F5q+WFkE13LIjA/+51nUlKTf1
+PyZDwzagnA82pZHdfRhdRSTT9r+GkZEQtQC/EmoBnyg4AQhf/ahtmDPMd/uh/gZZ
+km0LFLybWf2YaextAgMBAAGjgbUwgbIwHQYDVR0OBBYEFE85WsS/eO89/PFoWva5
+S9K3A8eHMIGCBgNVHSMEezB5gBRPOVrEv3jvPfzxaFr2uUvStwPHh6FWpFQwUjEL
+MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQKEw1BcGFjaGUgUHVsc2Fy
+MQ4wDAYDVQQLEwVQcm94eTEOMAwGA1UEAxMFUHJveHmCCQClLS5B6fyKkTAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAIThMKWlfjmbKh/LHmfGAHXzj2rQ
+79dGOSy2uh8DfevPIu9GgruJCN0/KLNueRoUJu04L/DJ/n9yXIqCuAX+90Vs6W7/
++dOkYBrpe3HIoYA9DzNEBjDHyS+P5F1oJcsoSVpdrBD30pDPDB//fHsElae5J9lm
+rHNukoTeaPyGJ+jT
+-----END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cert.pem
new file mode 100644
index 0000000..a3962c3
--- /dev/null
+++
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-cert.pem
@@ -0,0 +1,72 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ a5:2d:2e:41:e9:fc:8a:92
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=CA, O=Apache Pulsar, OU=Proxy, CN=Proxy
+ Validity
+ Not Before: Feb 18 04:02:27 2018 GMT
+ Not After : Nov 16 00:00:00 2030 GMT
+ Subject: C=US, ST=CA, O=Apache Pulsar, OU=Proxy, CN=Proxy
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c3:5c:c5:ad:17:dc:f4:d4:c4:ea:1c:60:5a:24:
+ 46:13:d9:cf:c0:cd:83:2e:2f:82:70:e5:e0:8d:33:
+ bd:95:b5:cf:c6:f0:54:d5:8d:bd:87:0d:62:6c:1d:
+ 3f:52:66:74:ff:06:33:1c:3c:d5:ed:2e:63:d9:96:
+ c6:f1:98:82:c7:94:4a:bc:64:f2:9b:3a:54:ec:81:
+ 99:bc:14:82:43:87:0c:6b:da:03:8c:aa:0b:41:d7:
+ fe:27:c4:f9:88:81:34:b1:ff:2a:e0:6d:d0:47:dd:
+ c1:11:a5:54:a9:53:32:cd:8f:f6:75:58:8e:05:e4:
+ d9:b1:ac:69:fe:b6:54:c3:ad:36:04:a2:77:f5:53:
+ b6:74:83:d5:6a:01:e0:96:b5:a2:af:50:8f:b5:d7:
+ 9d:a7:c2:bd:f8:31:86:09:5f:7c:0a:b2:db:34:e1:
+ 80:25:17:5f:7d:6f:8b:dc:8e:d5:f9:cf:cf:f5:f6:
+ 8f:6a:fe:3e:96:00:c9:56:b0:d0:e3:46:de:b9:a6:
+ 8a:5e:9b:8e:7f:ea:19:cc:a2:5b:75:22:3c:1d:36:
+ 48:e4:f2:1a:01:95:61:c1:f0:7a:27:9d:83:96:74:
+ cc:a9:04:42:08:53:34:98:2e:b7:e3:83:f9:f2:a3:
+ 29:e1:23:c4:ed:a0:1c:f6:2a:ed:dc:c0:df:97:a9:
+ f3:8d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ D5:A5:19:6A:3B:38:5F:19:C7:34:C6:BC:68:BE:16:A5:0B:43:57:2D
+ X509v3 Authority Key Identifier:
+
keyid:4F:39:5A:C4:BF:78:EF:3D:FC:F1:68:5A:F6:B9:4B:D2:B7:03:C7:87
+
+ Signature Algorithm: sha1WithRSAEncryption
+ a0:f1:e6:d4:75:75:10:0e:27:18:28:93:9f:c5:15:2b:f3:52:
+ 3c:f7:c7:6d:96:b3:7f:65:6c:78:be:26:f5:f2:41:36:f0:b2:
+ fb:64:67:73:d2:bf:d7:24:af:30:1e:6f:3a:9c:80:98:34:06:
+ 11:ba:45:06:57:ec:d9:f0:77:1f:d6:e8:0c:13:9d:d1:15:c7:
+ d8:73:fb:aa:dc:0d:3c:4b:3a:bb:87:3c:21:6d:05:9d:fa:74:
+ db:61:4c:47:6a:e7:6b:79:2b:3f:62:a8:fc:e6:11:c8:0f:40:
+ 48:51:71:a2:ad:77:d5:fe:ff:1d:73:82:0c:3c:98:ab:26:9b:
+ 78:d5
+-----BEGIN CERTIFICATE-----
+MIIDITCCAoqgAwIBAgIJAKUtLkHp/IqSMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEChMNQXBhY2hlIFB1bHNhcjEOMAwG
+A1UECxMFUHJveHkxDjAMBgNVBAMTBVByb3h5MB4XDTE4MDIxODA0MDIyN1oXDTMw
+MTExNjAwMDAwMFowUjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQK
+Ew1BcGFjaGUgUHVsc2FyMQ4wDAYDVQQLEwVQcm94eTEOMAwGA1UEAxMFUHJveHkw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDXMWtF9z01MTqHGBaJEYT
+2c/AzYMuL4Jw5eCNM72Vtc/G8FTVjb2HDWJsHT9SZnT/BjMcPNXtLmPZlsbxmILH
+lEq8ZPKbOlTsgZm8FIJDhwxr2gOMqgtB1/4nxPmIgTSx/yrgbdBH3cERpVSpUzLN
+j/Z1WI4F5NmxrGn+tlTDrTYEonf1U7Z0g9VqAeCWtaKvUI+1152nwr34MYYJX3wK
+sts04YAlF199b4vcjtX5z8/19o9q/j6WAMlWsNDjRt65popem45/6hnMolt1Ijwd
+Nkjk8hoBlWHB8HonnYOWdMypBEIIUzSYLrfjg/nyoynhI8TtoBz2Ku3cwN+XqfON
+AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTVpRlqOzhfGcc0xrxovhalC0NX
+LTAfBgNVHSMEGDAWgBRPOVrEv3jvPfzxaFr2uUvStwPHhzANBgkqhkiG9w0BAQUF
+AAOBgQCg8ebUdXUQDicYKJOfxRUr81I898dtlrN/ZWx4vib18kE28LL7ZGdz0r/X
+JK8wHm86nICYNAYRukUGV+zZ8Hcf1ugME53RFcfYc/uq3A08Szq7hzwhbQWd+nTb
+YUxHaudreSs/Yqj85hHID0BIUXGirXfV/v8dc4IMPJirJpt41Q==
+-----END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-key.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-key.pem
new file mode 100644
index 0000000..8556036
--- /dev/null
+++
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/proxy-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDXMWtF9z01MTq
+HGBaJEYT2c/AzYMuL4Jw5eCNM72Vtc/G8FTVjb2HDWJsHT9SZnT/BjMcPNXtLmPZ
+lsbxmILHlEq8ZPKbOlTsgZm8FIJDhwxr2gOMqgtB1/4nxPmIgTSx/yrgbdBH3cER
+pVSpUzLNj/Z1WI4F5NmxrGn+tlTDrTYEonf1U7Z0g9VqAeCWtaKvUI+1152nwr34
+MYYJX3wKsts04YAlF199b4vcjtX5z8/19o9q/j6WAMlWsNDjRt65popem45/6hnM
+olt1IjwdNkjk8hoBlWHB8HonnYOWdMypBEIIUzSYLrfjg/nyoynhI8TtoBz2Ku3c
+wN+XqfONAgMBAAECggEAX3rR6d0F0mrCqqCfvq6HyV/kl5hZipMRr1fKPXiSKb8o
+A1SmQZD6lizGc4x/zCfi+ljvVdetvjOz/T4hkSY2lJA3TogPwinqI4Tbu/5SA+rW
++UceAPuCcPW9c3ZjdoGfXXcWX4WMC/OnTpZ9IBxXcfvwOj3De8HzW1CmpSQ7nT4J
+ukBe5PwYFiGywvRKygKMicVYUYABW6AhFxJCUcRqLGdXDrja+Qe79JI3ywDjvmNR
+jIOSjToxbuXv39OfRC2KUZPWT4AkXa4dI8j5HNFsZ6J4kOzc5aByW9LzgMW7Bspd
+a+7vov4eNop+t72gj5XE4wZVc2vT18dF5Kus4hsCSQKBgQDmsp3nSXFcFcNUjel7
+rsx8da8R/rSJOgswHmpAuMHF0mCsmqWfxUwIlRmCnHPHu4+yztYd2yyYPHULyMiK
+JcMxo8Aziq0F/nV9k6snZgarazlb40JTYU6FQMjkigigOzNoIdUAInIIZBP78CTk
+R/qXnXbNxwxJAhiAIy1y8G3hnwKBgQDYyghUE8+T+nKeAt3Tvlrg2PyCT/OAZPIB
+bcHCw9y1jt4msHxYsb5qbD43LnwYPVSv5YgAgmbM+hKJMHaEqvcdrNAjCq1EeZIx
+I8TDcj4RLKJOHtDdxLpWUvq8YaTXv0dOMdJfNw2uaYVL1HQibdEfHjJvvlxl1faZ
+8J2gXdUTUwKBgQCWVHqVBsS57uyUIs2s7SEPUVi97y4R5iL4Pjma50pN8GNS1otq
+65Q6W35+IBlKZCylpibc2b/bjDnxbetQKn9hz4UlkQ5iw4goRpvXVqKt/XcpK5RC
+5TvXlXnTgydP0oQTLUixh8CrOxvSppBDuavQNKoAOd8FjDoO9d1d8tKHnQKBgBR+
+5VKtnM5suzFdLAO813KykQzw6iCVapvf+JWlVtSDcVVPEjKAe3QsT6V/65OPGNaY
+aMdDjNyMN/xobIwWbc6MbBEkDUWQCNZEf3HK9ztAcQfZuf19f/BxX+s3gBI1r1Qh
+ObZuyghXSZbluyUWJNNAU5xk7u9hzzK2oPBsbpypAoGAVdhBjPZZLq7iJTmcWBIS
+aQE0WXD+0y329hcKGvizjrIlld0o7UoBUuZJRP6sTO8cZ46BKv0RXXbH2cx1g5JR
+12RyeeVjDWKo2LlLz4/5+ZWHur5ITHB/llVtKJAHxX8sjxR+mZ2JYTMkte/GXG0i
+NZZZbx989EXlPwmvrnQmDIQ=
+-----END PRIVATE KEY-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-cert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-cert.pem
deleted file mode 100644
index 63fcf38..0000000
---
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-cert.pem
+++ /dev/null
@@ -1,72 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- ac:a4:b3:6b:f5:b4:5f:c9
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=New CA
- Validity
- Not Before: Dec 20 02:22:54 2017 GMT
- Not After : Dec 20 02:22:54 2018 GMT
- Subject: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=Broker
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:ba:ab:bd:1d:68:9e:1f:6d:99:8a:8e:95:8d:dc:
- b7:e5:95:1a:40:ff:9e:5d:be:38:e6:19:1c:39:0d:
- 39:e3:e0:cd:96:42:09:41:9f:ca:f1:7f:63:6f:be:
- a5:46:1b:07:06:01:43:11:ed:e9:f9:a2:41:2a:29:
- ac:10:d3:df:30:4a:f5:9b:5d:b9:97:2b:d4:10:82:
- 92:55:e7:ca:b1:eb:94:6a:63:e6:28:a3:75:0e:f2:
- 5b:ff:1a:df:0b:3e:2d:6b:c8:c1:49:98:2b:c1:5f:
- 9a:c6:1d:94:26:7f:eb:6f:7e:81:c2:27:23:13:90:
- 4f:89:04:dd:2c:8d:de:4c:f8:9f:33:b9:28:ed:7e:
- 3a:14:fa:6f:d0:cc:50:5e:75:40:39:e2:57:46:af:
- b7:67:8f:c9:57:f2:85:b0:54:59:02:76:c8:92:2c:
- af:19:3e:09:d8:5f:a4:d0:9c:a7:35:77:c9:aa:90:
- 50:86:2a:9a:3c:8f:3b:50:a5:01:88:b9:d3:eb:4d:
- 23:24:f2:58:65:1c:03:7a:0a:2c:20:30:b6:46:8d:
- b1:65:1c:16:0c:bf:bd:87:df:1c:e6:46:c8:f7:4f:
- 60:fd:a1:91:c9:e4:ff:21:e7:e8:65:70:ba:9f:d6:
- 44:07:27:45:1d:69:e7:d6:72:d8:d0:3e:df:2e:61:
- 9e:4d
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 1C:C6:F7:DB:06:C1:1D:1C:7C:9E:64:AF:E5:47:47:80:00:6C:C8:26
- X509v3 Authority Key Identifier:
-
keyid:E5:15:C2:1D:E7:EE:28:3C:FA:B6:3E:58:FB:0B:61:52:6E:B0:81:5B
-
- Signature Algorithm: sha1WithRSAEncryption
- 7f:b4:f8:d6:9c:ea:01:1b:74:19:a9:ee:ea:83:66:11:df:90:
- c5:f0:e6:bc:05:bd:b4:8a:64:d6:08:fd:75:da:2e:f5:f9:20:
- e0:62:8b:b8:b7:bd:c3:92:0f:a3:61:c7:78:6a:68:ea:74:20:
- 8e:a8:b7:0f:28:d1:54:8a:55:af:38:8c:a7:64:79:1c:95:f6:
- b8:f3:48:0e:14:2b:78:75:ff:96:70:85:28:30:1f:fa:94:a9:
- 43:cd:98:6e:7b:80:68:bc:08:cc:35:1d:df:34:df:3d:58:52:
- c3:5d:55:65:b6:be:ef:a2:78:a0:3c:41:c8:af:9f:74:e6:d8:
- 0a:d3
------BEGIN CERTIFICATE-----
-MIIDKzCCApSgAwIBAgIJAKyks2v1tF/JMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEChMGQXBhY2hlMRkwFwYDVQQLExBB
-cGFjaGUgSW5jdWJhdG9yMQ8wDQYDVQQDEwZOZXcgQ0EwHhcNMTcxMjIwMDIyMjU0
-WhcNMTgxMjIwMDIyMjU0WjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExDzAN
-BgNVBAoTBkFwYWNoZTEZMBcGA1UECxMQQXBhY2hlIEluY3ViYXRvcjEPMA0GA1UE
-AxMGQnJva2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqu9HWie
-H22Zio6Vjdy35ZUaQP+eXb445hkcOQ054+DNlkIJQZ/K8X9jb76lRhsHBgFDEe3p
-+aJBKimsENPfMEr1m125lyvUEIKSVefKseuUamPmKKN1DvJb/xrfCz4ta8jBSZgr
-wV+axh2UJn/rb36BwicjE5BPiQTdLI3eTPifM7ko7X46FPpv0MxQXnVAOeJXRq+3
-Z4/JV/KFsFRZAnbIkiyvGT4J2F+k0JynNXfJqpBQhiqaPI87UKUBiLnT600jJPJY
-ZRwDegosIDC2Ro2xZRwWDL+9h98c5kbI909g/aGRyeT/IefoZXC6n9ZEBydFHWnn
-1nLY0D7fLmGeTQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P
-cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUHMb32wbBHRx8
-nmSv5UdHgABsyCYwHwYDVR0jBBgwFoAU5RXCHefuKDz6tj5Y+wthUm6wgVswDQYJ
-KoZIhvcNAQEFBQADgYEAf7T41pzqARt0Ganu6oNmEd+QxfDmvAW9tIpk1gj9ddou
-9fkg4GKLuLe9w5IPo2HHeGpo6nQgjqi3DyjRVIpVrziMp2R5HJX2uPNIDhQreHX/
-lnCFKDAf+pSpQ82YbnuAaLwIzDUd3zTfPVhSw11VZba+76J4oDxByK+fdObYCtM=
------END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-key.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-key.pem
deleted file mode 100644
index 8e47938..0000000
---
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/broker-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC6q70daJ4fbZmK
-jpWN3LfllRpA/55dvjjmGRw5DTnj4M2WQglBn8rxf2NvvqVGGwcGAUMR7en5okEq
-KawQ098wSvWbXbmXK9QQgpJV58qx65RqY+Yoo3UO8lv/Gt8LPi1ryMFJmCvBX5rG
-HZQmf+tvfoHCJyMTkE+JBN0sjd5M+J8zuSjtfjoU+m/QzFBedUA54ldGr7dnj8lX
-8oWwVFkCdsiSLK8ZPgnYX6TQnKc1d8mqkFCGKpo8jztQpQGIudPrTSMk8lhlHAN6
-CiwgMLZGjbFlHBYMv72H3xzmRsj3T2D9oZHJ5P8h5+hlcLqf1kQHJ0UdaefWctjQ
-Pt8uYZ5NAgMBAAECggEBAIY3Tx1jCDYOppQiGtPKPAr9XsgXQrWiPOTsbwdyRApd
-q1P7HQ6rJs7mygcha1HxwuYFaETu7AkKKZJ4LfhXbiUZ8GgKRpOz9qD8UN0lcO7m
-NGsecvELPfJGPfE5T9+UkDHsQVV57RP3eqAxykC4Pv6GViPT4fuCCj25WpFbW9e4
-uuKFF3yVY3uJofPQGwLZ2b9WwujqgSyaozyKlTM4nPXwEEz56wPVuAsNfmTEtIb3
-N0d0uQpM69irH3sAO7nVDo6e/eP3Emq4kUDvhS04BafG+T7T9g0C74EGoJX5wrrk
-LzuEAkO84n6ESF6r+FI1XH4yskau3Jab8/x8f9sVj+ECgYEA9II7MZ2PSq2pHTsY
-1ZxZx3MKe/yiTMGkHhtQY6HKzzQXgEozK/uPTvMt7lKnBsseUydEXygMcgPXracF
-rFdiAQpD8Dq2jrmjtFcPk40DtLjdUUD4I2stTKprTfTrhx5X/JIX8iBflMTFWBYp
-ALM9qP0u3KZwVCGxEsGz5yaxtZkCgYEAw3Gj5eKw2pzRyNEdNsye3eQxp4QneM+X
-YozWzNrbGEdmJ1CHuMWXPTxAkxtMhH95QonySEP4R1fNxHJNMKPu7h2TiZiLvC/J
-UtE+SdETiEGF14SEfr/LflreTJnHCmK/pp19t1Q1cAn3FHws2D5qiA8eoBmnko6k
-irYydJn5dtUCgYBVOzRhJjg14vVJgDk29QqCsQJdmAIHWZTY/dJ2+IYW1mS+zp6p
-3UXmUnSXV+5rOtC2UcDOnso/0EEVglxC6C78h9SI4B6U//clvRdr6sL481wKn+gf
-iJPA3sMK6K5VamlnXJHGUCyhUjosa4Udfl2nE6KLPeV4Hkp4bFdG40EdOQKBgQCQ
-Y4dDUbt4dnyh0KO1lWwU3/4zFPYYUb00iHo0c8eDY1Q73Um3nvqBud63D2bzSD2s
-g78j1ls5Ucvpwsv2EFZ3QhB6ieFKET+52G4dGMJGWqnns7Yy8b0Dx1wN2Vnr+VI/
-ZIC5DRRBhossbiSvSUVo6Uql2u4q3wj+lWYnMI3VVQKBgQDs+sHMotTK976HKaRh
-sDepJnZwdnma1QBzsAXkZ0EJPqYCIFmbKGeXn/z2Fr62oGqe9suzuGLBYm4ukwoD
-xI8lDzxOoElFNaAHl6nIcFcj6I98idkU05NvV59aeLJngejJv3WmI2GH7jNK8dNs
-ELazMuTsmf+MdG/Q9C/kiHDvng==
------END PRIVATE KEY-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem
deleted file mode 100644
index c77dd6c..0000000
---
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/cacert.pem
+++ /dev/null
@@ -1,62 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- ac:a4:b3:6b:f5:b4:5f:c8
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=New CA
- Validity
- Not Before: Dec 20 02:21:42 2017 GMT
- Not After : Dec 19 02:21:42 2020 GMT
- Subject: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=New CA
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:99:c1:1e:58:35:af:c1:38:38:45:8c:8c:f4:d9:
- 6d:cc:ff:37:31:f9:ba:76:fa:fb:56:41:04:da:d2:
- a1:ea:a8:ca:6d:3b:b2:bf:4c:e7:55:ab:1c:a1:7e:
- d4:ec:54:d8:92:c6:f9:1f:e8:e8:d2:27:fa:4e:bb:
- e6:b2:21:59:bd:19:63:9f:4b:a1:3d:c0:25:d3:70:
- a4:9c:96:33:c6:53:c4:40:c1:de:a5:75:40:f7:db:
- 51:f4:f6:19:9a:8d:a8:fa:0c:4b:fe:1f:11:70:23:
- 31:76:c2:6c:41:6b:aa:c6:71:22:58:7b:4f:d8:2b:
- 46:d6:e0:84:4d:57:e0:9c:09
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- E5:15:C2:1D:E7:EE:28:3C:FA:B6:3E:58:FB:0B:61:52:6E:B0:81:5B
- X509v3 Authority Key Identifier:
-
keyid:E5:15:C2:1D:E7:EE:28:3C:FA:B6:3E:58:FB:0B:61:52:6E:B0:81:5B
- DirName:/C=US/ST=CA/O=Apache/OU=Apache Incubator/CN=New CA
- serial:AC:A4:B3:6B:F5:B4:5F:C8
-
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 7c:15:8d:92:14:c2:cf:b6:72:17:ba:ba:e0:7c:48:a0:fb:02:
- 86:b1:50:90:d0:b2:dd:40:9f:b5:e1:9e:ab:4a:bc:6c:f1:3e:
- c3:7f:b5:b6:18:ab:f7:f0:a2:35:c6:5b:d7:2d:84:e1:d9:3d:
- 8c:88:c2:1c:44:61:a8:14:ab:b1:00:b4:00:a5:2d:66:43:86:
- 53:a2:d6:4a:73:96:b3:4f:63:b5:8d:8d:7f:e4:ff:82:37:81:
- 63:00:0e:d1:ef:59:0c:7c:2b:79:24:97:06:60:cd:a1:b3:37:
- 94:68:3d:6c:27:ee:8e:87:88:c1:21:0a:d5:04:66:11:06:11:
- 69:92
------BEGIN CERTIFICATE-----
-MIIC6DCCAlGgAwIBAgIJAKyks2v1tF/IMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEChMGQXBhY2hlMRkwFwYDVQQLExBB
-cGFjaGUgSW5jdWJhdG9yMQ8wDQYDVQQDEwZOZXcgQ0EwHhcNMTcxMjIwMDIyMTQy
-WhcNMjAxMjE5MDIyMTQyWjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExDzAN
-BgNVBAoTBkFwYWNoZTEZMBcGA1UECxMQQXBhY2hlIEluY3ViYXRvcjEPMA0GA1UE
-AxMGTmV3IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZwR5YNa/BODhF
-jIz02W3M/zcx+bp2+vtWQQTa0qHqqMptO7K/TOdVqxyhftTsVNiSxvkf6OjSJ/pO
-u+ayIVm9GWOfS6E9wCXTcKScljPGU8RAwd6ldUD321H09hmajaj6DEv+HxFwIzF2
-wmxBa6rGcSJYe0/YK0bW4IRNV+CcCQIDAQABo4G7MIG4MB0GA1UdDgQWBBTlFcId
-5+4oPPq2Plj7C2FSbrCBWzCBiAYDVR0jBIGAMH6AFOUVwh3n7ig8+rY+WPsLYVJu
-sIFboVukWTBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExDzANBgNVBAoTBkFw
-YWNoZTEZMBcGA1UECxMQQXBhY2hlIEluY3ViYXRvcjEPMA0GA1UEAxMGTmV3IENB
-ggkArKSza/W0X8gwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQB8FY2S
-FMLPtnIXurrgfEig+wKGsVCQ0LLdQJ+14Z6rSrxs8T7Df7W2GKv38KI1xlvXLYTh
-2T2MiMIcRGGoFKuxALQApS1mQ4ZTotZKc5azT2O1jY1/5P+CN4FjAA7R71kMfCt5
-JJcGYM2hszeUaD1sJ+6Oh4jBIQrVBGYRBhFpkg==
------END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-cert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-cert.pem
deleted file mode 100644
index 741e10a..0000000
---
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-cert.pem
+++ /dev/null
@@ -1,72 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- ac:a4:b3:6b:f5:b4:5f:ca
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=New CA
- Validity
- Not Before: Dec 20 02:36:47 2017 GMT
- Not After : Dec 20 02:36:47 2018 GMT
- Subject: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=Client
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:fd:b6:bb:bc:a3:54:2b:06:b3:8e:68:31:e1:f3:
- 3a:c6:3d:98:83:db:f8:fc:58:c6:35:47:4c:58:c1:
- 40:81:71:8e:25:2c:6f:14:a0:5f:f2:85:97:fa:e5:
- d1:a6:65:26:3f:4b:52:f1:4a:11:1b:f6:af:22:fb:
- 24:74:d7:d3:bd:c3:11:dc:7f:1e:49:96:19:4a:f5:
- 9c:b3:4c:85:5d:33:57:08:43:04:3d:b0:69:1a:15:
- b3:08:c7:0d:68:09:02:09:37:90:1b:fa:51:e1:c9:
- 6d:58:e3:d0:4e:e9:f9:a5:b5:4c:1a:5d:98:62:a2:
- d6:cd:a2:89:dc:91:52:c7:f5:19:53:97:5f:58:86:
- 6b:5e:48:6c:81:8d:2f:5c:0e:38:96:d2:b7:f7:47:
- 21:2e:54:2a:51:32:92:0d:f3:c3:94:f5:59:98:2c:
- 11:1a:88:ad:ee:16:5c:72:6b:31:e3:bf:ca:9e:38:
- 4b:49:d2:87:e1:44:69:ef:ba:4d:b9:1d:4b:3f:e0:
- c1:af:c5:04:6f:5f:2d:6e:d9:12:ac:bb:f1:f8:7f:
- fc:bd:3a:6a:99:e6:45:f9:91:98:c9:d1:b1:f0:d5:
- 6a:e1:fd:c0:6e:e2:8e:ab:0c:03:87:ad:9c:26:9a:
- 8e:93:4c:82:ec:de:25:49:14:91:ce:80:9f:22:17:
- aa:cf
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- B2:8F:75:E3:D7:7A:4C:62:B8:5C:04:66:A0:56:14:16:AF:82:43:5A
- X509v3 Authority Key Identifier:
-
keyid:E5:15:C2:1D:E7:EE:28:3C:FA:B6:3E:58:FB:0B:61:52:6E:B0:81:5B
-
- Signature Algorithm: sha1WithRSAEncryption
- 5f:e0:ec:f3:b4:bb:08:a6:15:85:f2:7d:c4:50:c4:87:e5:af:
- 1a:38:11:98:b1:a1:d6:47:85:f6:c6:80:cc:b3:2b:f6:27:8e:
- 24:1b:66:98:48:e7:d0:dd:cd:37:ea:a2:ad:cf:d8:a7:17:39:
- 59:be:72:a1:2a:24:f5:d6:23:14:b9:42:b4:2f:b1:cd:15:98:
- d9:1a:8a:55:3c:f2:78:be:b4:ba:6b:79:3d:29:e8:54:4b:d8:
- 0f:1b:bd:69:ef:d2:ca:5c:0f:da:b4:b6:b8:cc:7f:b7:51:3c:
- fc:3a:dd:6d:9c:3c:9e:71:ad:59:72:84:ac:01:6e:c5:66:8b:
- b0:70
------BEGIN CERTIFICATE-----
-MIIDKzCCApSgAwIBAgIJAKyks2v1tF/KMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEChMGQXBhY2hlMRkwFwYDVQQLExBB
-cGFjaGUgSW5jdWJhdG9yMQ8wDQYDVQQDEwZOZXcgQ0EwHhcNMTcxMjIwMDIzNjQ3
-WhcNMTgxMjIwMDIzNjQ3WjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExDzAN
-BgNVBAoTBkFwYWNoZTEZMBcGA1UECxMQQXBhY2hlIEluY3ViYXRvcjEPMA0GA1UE
-AxMGQ2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/ba7vKNU
-Kwazjmgx4fM6xj2Yg9v4/FjGNUdMWMFAgXGOJSxvFKBf8oWX+uXRpmUmP0tS8UoR
-G/avIvskdNfTvcMR3H8eSZYZSvWcs0yFXTNXCEMEPbBpGhWzCMcNaAkCCTeQG/pR
-4cltWOPQTun5pbVMGl2YYqLWzaKJ3JFSx/UZU5dfWIZrXkhsgY0vXA44ltK390ch
-LlQqUTKSDfPDlPVZmCwRGoit7hZccmsx47/KnjhLSdKH4URp77pNuR1LP+DBr8UE
-b18tbtkSrLvx+H/8vTpqmeZF+ZGYydGx8NVq4f3AbuKOqwwDh62cJpqOk0yC7N4l
-SRSRzoCfIheqzwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P
-cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUso9149d6TGK4
-XARmoFYUFq+CQ1owHwYDVR0jBBgwFoAU5RXCHefuKDz6tj5Y+wthUm6wgVswDQYJ
-KoZIhvcNAQEFBQADgYEAX+Ds87S7CKYVhfJ9xFDEh+WvGjgRmLGh1keF9saAzLMr
-9ieOJBtmmEjn0N3NN+qirc/Ypxc5Wb5yoSok9dYjFLlCtC+xzRWY2RqKVTzyeL60
-umt5PSnoVEvYDxu9ae/SylwP2rS2uMx/t1E8/DrdbZw8nnGtWXKErAFuxWaLsHA=
------END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-key.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-key.pem
deleted file mode 100644
index 81d00f9..0000000
---
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/client-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD9tru8o1QrBrOO
-aDHh8zrGPZiD2/j8WMY1R0xYwUCBcY4lLG8UoF/yhZf65dGmZSY/S1LxShEb9q8i
-+yR019O9wxHcfx5JlhlK9ZyzTIVdM1cIQwQ9sGkaFbMIxw1oCQIJN5Ab+lHhyW1Y
-49BO6fmltUwaXZhiotbNoonckVLH9RlTl19YhmteSGyBjS9cDjiW0rf3RyEuVCpR
-MpIN88OU9VmYLBEaiK3uFlxyazHjv8qeOEtJ0ofhRGnvuk25HUs/4MGvxQRvXy1u
-2RKsu/H4f/y9OmqZ5kX5kZjJ0bHw1Wrh/cBu4o6rDAOHrZwmmo6TTILs3iVJFJHO
-gJ8iF6rPAgMBAAECggEAEJmkLvOAzk/h769hlCcV8WKWWApMgDZOwa2okSYT0mRb
-qJL/sZnMrVGQYBopXXnAxuNmyeLOu8WoL+G+wOZeNExPHt4yXR41CXKIjjKzhyWU
-zDWWUXL5bXt9+1UKy4PLXk8EXtBCC0Pio65EMuWcL/tsv0zga5O7+jhoTMY1ZF/D
-rsddf2mIncyEdhwAKLREmFv31lY1k+Jd+5eyXHIJEnK8lMXTcORNsb0YtlS5sRTU
-4llwQlBXjV06zIVRFxsRcPrgRYH0Hfg3hSIm3epNE+pbj0tcN0CfQFfrKJ9G2cDS
-jXimjvGsPKQ1PRMAcg93qZB3VtI+ag9bZt29cru0AQKBgQD/xzXZP5hKoqOy+8qH
-HyPvyM0QCpQ6KwHzgf5ATybPIPlyWQmT2eeR3ez4qskowNvc4Fc/q10Ao+q6jC3E
-721Wz6+iCb7Qus37KnEqVW7mWDLsDT5q7vIyRR22wWhrTpu0uZmxd9XxYRU6KUe1
-FMkI5VijJ27NoYtO+gLn9u6J6QKBgQD97xCNVaUNMNRZ1+HOKoBqcGBj91KrL74K
-/avYL0EprYwzN1lm4ZmNX8GaBeAftwnIDyxaM3Apw8BcqFFz/IslY/5sCyUmVjgI
-ZULkhCBy5ZamFNMxLvaN6njtdpgdBRxR9gzke1V/xxJgN7J39h9FI+pElwMW6314
-6AFHYQ/j9wKBgQCNwfjEOQzMgKs9bXNnxAiEwsN0GojgXCmureMd/UBDF8FocJRw
-Txqaq2bEwtLONWUlW2i/rtfSnQZg8YQEW7Y7oMt0gPYydPXoODOUBNl77HH8hbKM
-TXYKCmhXe4XFw0FkvmDCDOqT5vx+yZYmdCifN40Sj65HZTryQHoP2bmG0QKBgG/U
-ntd/hka+4GYIuvsOoKs/flPIEfIt/mXcvZdhiDMQqRPNJmQ2qmcmap6oQ8Hz3Czs
-8b1vtc/O06J6xhRsfeMjnGJ8rgmqItcfsUvuHFQ9ZBEUTsX0RsTNJCCAABGXtJcr
-4xWkc0zooOEa5lAKZk8OuBco4kVvxDxBAH8s8dCVAoGAeEZICuDGR8cOV64Eyx2X
-Ej1PQJrleMmzCwth7UhREGUgEVglhMeoBxmWCukYxpkVBY0DUy6OWH5lpTfCerFZ
-ho1AHMt9DsfUWo4hApMXEMyCZTOJwg9M4vQ1UTbFtr0mt0jnVWTUm3mVxmJnfrtz
-/DgLrvcJd7QCGAYICMNxrDs=
------END PRIVATE KEY-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-cert.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-cert.pem
deleted file mode 100644
index 8b524c8..0000000
---
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-cert.pem
+++ /dev/null
@@ -1,72 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- ac:a4:b3:6b:f5:b4:5f:cb
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=New CA
- Validity
- Not Before: Dec 20 02:45:24 2017 GMT
- Not After : Dec 20 02:45:24 2018 GMT
- Subject: C=US, ST=CA, O=Apache, OU=Apache Incubator, CN=Proxy
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:e1:e1:06:cc:f5:98:38:88:33:e0:f7:0a:5d:8e:
- a8:89:ae:8f:cd:c7:77:62:17:c2:a1:d8:fc:fc:d0:
- d0:86:f1:c8:3c:78:ec:b8:e9:73:1c:d1:72:55:97:
- c6:47:5a:4c:33:18:32:a1:9c:e1:84:2e:de:40:2f:
- a7:16:ed:a0:44:d6:4c:2c:04:ef:21:11:0b:6b:cb:
- 36:8d:eb:5a:3d:a1:b6:9b:b5:23:be:bd:66:23:26:
- c9:82:62:44:51:f8:3a:94:07:6c:52:84:2c:d0:d9:
- 24:8b:0a:f5:1b:c8:31:a2:29:4c:bc:b7:bf:96:e1:
- 56:78:d2:75:08:c9:cb:0d:1a:1d:93:2d:bf:bf:86:
- 10:06:d7:5c:b8:e6:99:05:89:6f:ad:3b:a6:37:45:
- 15:3a:63:8b:d1:d6:0d:e4:d0:c6:06:c6:63:13:21:
- 92:65:c1:1a:ae:1a:72:97:cf:86:ed:6f:a1:77:d8:
- 18:67:f2:27:36:1f:ff:40:6e:57:97:90:5a:28:04:
- a4:a8:54:cf:a8:87:36:af:26:49:a6:4e:2d:d4:be:
- e6:17:e2:1a:da:c4:08:87:fd:3f:fe:7b:d8:1e:f2:
- 66:0f:34:1a:02:5d:39:ec:66:3d:46:bc:37:ce:84:
- a2:51:0b:c8:72:f5:7c:5a:b8:1a:1b:0a:5d:2b:e9:
- 56:4f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 3F:A7:4A:6A:B1:6A:E1:51:8D:56:19:A2:2D:6A:A8:49:07:D6:87:8A
- X509v3 Authority Key Identifier:
-
keyid:E5:15:C2:1D:E7:EE:28:3C:FA:B6:3E:58:FB:0B:61:52:6E:B0:81:5B
-
- Signature Algorithm: sha1WithRSAEncryption
- 98:89:57:fd:96:0e:78:06:ce:9f:83:48:28:c9:34:a4:32:93:
- d2:65:fb:2f:a9:39:51:ff:7a:89:57:26:6a:59:0d:81:09:20:
- 75:ae:c6:aa:f6:8c:d4:d2:7f:f0:78:88:df:74:90:28:11:15:
- 77:d3:60:3d:2d:d2:ef:34:1b:03:59:9f:23:1c:21:64:e5:b8:
- a1:99:c3:08:82:31:3d:58:01:23:52:b8:96:c8:d5:42:b3:3b:
- 50:43:cc:7d:43:08:1d:c4:46:06:7f:c3:7f:3e:6d:01:f2:25:
- 91:4b:70:fd:0f:e3:25:a6:d4:d8:c9:f6:35:65:00:87:c7:03:
- c2:d7
------BEGIN CERTIFICATE-----
-MIIDKjCCApOgAwIBAgIJAKyks2v1tF/LMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEChMGQXBhY2hlMRkwFwYDVQQLExBB
-cGFjaGUgSW5jdWJhdG9yMQ8wDQYDVQQDEwZOZXcgQ0EwHhcNMTcxMjIwMDI0NTI0
-WhcNMTgxMjIwMDI0NTI0WjBWMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExDzAN
-BgNVBAoTBkFwYWNoZTEZMBcGA1UECxMQQXBhY2hlIEluY3ViYXRvcjEOMAwGA1UE
-AxMFUHJveHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDh4QbM9Zg4
-iDPg9wpdjqiJro/Nx3diF8Kh2Pz80NCG8cg8eOy46XMc0XJVl8ZHWkwzGDKhnOGE
-Lt5AL6cW7aBE1kwsBO8hEQtryzaN61o9obabtSO+vWYjJsmCYkRR+DqUB2xShCzQ
-2SSLCvUbyDGiKUy8t7+W4VZ40nUIycsNGh2TLb+/hhAG11y45pkFiW+tO6Y3RRU6
-Y4vR1g3k0MYGxmMTIZJlwRquGnKXz4btb6F32Bhn8ic2H/9AbleXkFooBKSoVM+o
-hzavJkmmTi3UvuYX4hraxAiH/T/+e9ge8mYPNBoCXTnsZj1GvDfOhKJRC8hy9Xxa
-uBobCl0r6VZPAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9w
-ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQ/p0pqsWrhUY1W
-GaItaqhJB9aHijAfBgNVHSMEGDAWgBTlFcId5+4oPPq2Plj7C2FSbrCBWzANBgkq
-hkiG9w0BAQUFAAOBgQCYiVf9lg54Bs6fg0goyTSkMpPSZfsvqTlR/3qJVyZqWQ2B
-CSB1rsaq9ozU0n/weIjfdJAoERV302A9LdLvNBsDWZ8jHCFk5bihmcMIgjE9WAEj
-UriWyNVCsztQQ8x9QwgdxEYGf8N/Pm0B8iWRS3D9D+MlptTYyfY1ZQCHxwPC1w==
------END CERTIFICATE-----
diff --git
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-key.pem
b/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-key.pem
deleted file mode 100644
index 9856807..0000000
---
a/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithProxyAuthorizationTest/proxy-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDh4QbM9Zg4iDPg
-9wpdjqiJro/Nx3diF8Kh2Pz80NCG8cg8eOy46XMc0XJVl8ZHWkwzGDKhnOGELt5A
-L6cW7aBE1kwsBO8hEQtryzaN61o9obabtSO+vWYjJsmCYkRR+DqUB2xShCzQ2SSL
-CvUbyDGiKUy8t7+W4VZ40nUIycsNGh2TLb+/hhAG11y45pkFiW+tO6Y3RRU6Y4vR
-1g3k0MYGxmMTIZJlwRquGnKXz4btb6F32Bhn8ic2H/9AbleXkFooBKSoVM+ohzav
-JkmmTi3UvuYX4hraxAiH/T/+e9ge8mYPNBoCXTnsZj1GvDfOhKJRC8hy9XxauBob
-Cl0r6VZPAgMBAAECggEBAIXa6UHKhKNzq3K0UxMwOBYnORbUDp41wGRTB1D2maxu
-WZ/kdTv7M/ku8VdhsuGT1DYvL8nwAwBnGdPlqVoABYrlh4xKfD8XL7J4YWLmxrph
-O6q4RG+DI6TPFnlKrHv64xPX9kxMAZbeJzayjqAhGbCkUtI+/a126dx9s1c65jZj
-VyEDrfogOi3CUVHnTxZ3Yayy0gqldPAYdtt9p5YYyTxJYmuKqHBTh7FToX3RhyT0
-pZ4+IE7YV4HiBev2K8K6c4E2/UOZtkENCLy7DAQuQgokHYk0YeoG+tYfnBcIFkVD
-169Z766il027ILS8F7HMoBPQVYdf24YUgfQC3k8h8HECgYEA/VGEr3vFwxCUHtOK
-SKXCpFWpK0KvcYBQvgzLuKkTNbTWnezUwAugq+Ybao/hqsF5jEd9U8Iv35myHI8j
-EHHF9J8/zb1EcIZgTAPO4Uvc2rYxwt/c0kwy7F/FovVKg5yEscJ35iXQWFO5Yxyu
-rYU8yNVPBqXGCeUS1jJbryg1JZcCgYEA5EUmDfPHp6gWx9MmeuDqxvb2L/WHyxGb
-ojSsV5GFlCLa3QMKc1H/1+6lxLbMiGvtk2S1B9YeGWAvRB+10GSgn7AhiObxv20C
-8oqRtLPxO/eCCGOBnUiGTqKibFNyTVJ/+FgWpywQSUY8tk58fPBZvydE6XV0Wa6T
-1INerLxVnAkCgYAxkXn9PKL+AIh7X7l3bbggoAJyTKI3+3vRNH/IqozvvWshi+41
-hhDykhxbRbxKxYEbSgHkGeN0RYbsv7WEyj6KF39MqvRxcFn3hec9frLAuVYTY+q5
-2987EaKCuKzUBBSTFBKSHmQeZIOqOTqVCbVTNyo3isittv1wnHoEVEHSEQKBgQCM
-oQkjuVb8M/Ls4mmndB9Pul/LBhHFijB+isLOJAnOTHbXiAMNLqxWpGCdwxxYw10W
-3AknLcNXUMltx7dkDkpidskCJX0zuH4DXFkNoXnxvrbuYhc9Bawwj8NOx0340uWh
-4ur5zIywB8RpcAsDkbNIr3Gl/kVS5tmOJ+zQsCpxuQKBgQCKV6CDtKgGLgWvERUE
-Dei9pUx2uXtvThZomqoZqr+hZE3YmvtHZcLMK8sXJWDdkYVQ4bwDkmrSSkk5F9Nh
-PClfyOObFbOXLD0TrJZSJd/zrnmnWk8u4eE5XSwAQ+0XiO4LgQHDOutXpvW9ZVvT
-om8NGk5mEUz39XN0tuWzcN2FIQ==
------END PRIVATE KEY-----
diff --git
a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/WebSocketService.java
b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/WebSocketService.java
index d5a2c84..d7a349d 100644
---
a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/WebSocketService.java
+++
b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/WebSocketService.java
@@ -180,7 +180,7 @@ public class WebSocketService implements Closeable {
clientConf.setStatsInterval(0, TimeUnit.SECONDS);
clientConf.setUseTls(config.isTlsEnabled());
clientConf.setTlsAllowInsecureConnection(config.isTlsAllowInsecureConnection());
- clientConf.setTlsTrustCertsFilePath(config.getTlsTrustCertsFilePath());
+
clientConf.setTlsTrustCertsFilePath(config.getBrokerClientTrustCertsFilePath());
clientConf.setIoThreads(config.getWebSocketNumIoThreads());
clientConf.setConnectionsPerBroker(config.getWebSocketConnectionsPerBroker());
diff --git
a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/ProxyServer.java
b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/ProxyServer.java
index bf8846e..77b24c1 100644
---
a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/ProxyServer.java
+++
b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/ProxyServer.java
@@ -93,7 +93,6 @@ public class ProxyServer {
ServerConnector tlsConnector = new ServerConnector(server, -1, -1,
sslCtxFactory);
tlsConnector.setPort(config.getWebServicePortTls());
connectors.add(tlsConnector);
-
}
// Limit number of concurrent HTTP connections to avoid getting out of
diff --git
a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/WebSocketProxyConfiguration.java
b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/WebSocketProxyConfiguration.java
index 8e266b8..c3040df 100644
---
a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/WebSocketProxyConfiguration.java
+++
b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/WebSocketProxyConfiguration.java
@@ -39,7 +39,7 @@ public class WebSocketProxyConfiguration implements
PulsarConfiguration {
// Name of the cluster to which this broker belongs to
@FieldContext(required = true)
private String clusterName;
-
+
// Pulsar cluster url to connect to broker (optional if
globalZookeeperServers present)
private String serviceUrl;
private String serviceUrlTls;
@@ -71,7 +71,6 @@ public class WebSocketProxyConfiguration implements
PulsarConfiguration {
// Authorization provider fully qualified class-name
private String authorizationProvider =
PulsarAuthorizationProvider.class.getName();
-
// Role names that are treated as "super-user", meaning they will be able
to
// do all admin operations and publish/consume from all topics
private Set<String> superUserRoles = Sets.newTreeSet();
@@ -84,6 +83,8 @@ public class WebSocketProxyConfiguration implements
PulsarConfiguration {
// Authentication settings of the proxy itself. Used to connect to brokers
private String brokerClientAuthenticationPlugin;
private String brokerClientAuthenticationParameters;
+ // Path for the trusted TLS certificate file for outgoing connection to a
server (broker)
+ private String brokerClientTrustCertsFilePath = "";
// Number of IO threads in Pulsar Client used in WebSocket proxy
private int numIoThreads = Runtime.getRuntime().availableProcessors();
@@ -104,7 +105,7 @@ public class WebSocketProxyConfiguration implements
PulsarConfiguration {
private String tlsTrustCertsFilePath = "";
// Accept untrusted TLS certificate from client
private boolean tlsAllowInsecureConnection = false;
-
+
private Properties properties = new Properties();
public String getClusterName() {
@@ -114,7 +115,7 @@ public class WebSocketProxyConfiguration implements
PulsarConfiguration {
public void setClusterName(String clusterName) {
this.clusterName = clusterName;
}
-
+
public String getServiceUrl() {
return serviceUrl;
}
@@ -226,7 +227,7 @@ public class WebSocketProxyConfiguration implements
PulsarConfiguration {
public void setAuthorizationProvider(String authorizationProvider) {
this.authorizationProvider = authorizationProvider;
}
-
+
public boolean getAuthorizationAllowWildcardsMatching() {
return authorizationAllowWildcardsMatching;
}
@@ -251,6 +252,14 @@ public class WebSocketProxyConfiguration implements
PulsarConfiguration {
this.brokerClientAuthenticationPlugin =
brokerClientAuthenticationPlugin;
}
+ public String getBrokerClientTrustCertsFilePath() {
+ return brokerClientTrustCertsFilePath;
+ }
+
+ public void setBrokerClientTrustCertsFilePath(String
brokerClientTrustCertsFilePath) {
+ this.brokerClientTrustCertsFilePath = brokerClientTrustCertsFilePath;
+ }
+
public String getBrokerClientAuthenticationParameters() {
return brokerClientAuthenticationParameters;
}
@@ -259,13 +268,21 @@ public class WebSocketProxyConfiguration implements
PulsarConfiguration {
this.brokerClientAuthenticationParameters =
brokerClientAuthenticationParameters;
}
- public int getNumIoThreads() { return numIoThreads; }
+ public int getNumIoThreads() {
+ return numIoThreads;
+ }
- public void setNumIoThreads(int numIoThreads) { this.numIoThreads =
numIoThreads; }
+ public void setNumIoThreads(int numIoThreads) {
+ this.numIoThreads = numIoThreads;
+ }
- public int getConnectionsPerBroker() { return connectionsPerBroker; }
+ public int getConnectionsPerBroker() {
+ return connectionsPerBroker;
+ }
- public void setConnectionsPerBroker(int connectionsPerBroker) {
this.connectionsPerBroker = connectionsPerBroker; }
+ public void setConnectionsPerBroker(int connectionsPerBroker) {
+ this.connectionsPerBroker = connectionsPerBroker;
+ }
public String getAnonymousUserRole() {
return anonymousUserRole;
@@ -314,7 +331,7 @@ public class WebSocketProxyConfiguration implements
PulsarConfiguration {
public void setTlsAllowInsecureConnection(boolean
tlsAllowInsecureConnection) {
this.tlsAllowInsecureConnection = tlsAllowInsecureConnection;
}
-
+
public Properties getProperties() {
return properties;
}
--
To stop receiving notification emails like this one, please contact
mme...@apache.org.
