You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by gi...@git.apache.org on 2017/08/23 11:15:11 UTC

[GitHub] maskit commented on a change in pull request #672: Support setting private key content in athenz client plugin

maskit commented on a change in pull request #672: Support setting private key content in athenz client plugin
URL: https://github.com/apache/incubator-pulsar/pull/672#discussion_r134453603
 
 

 ##########
 File path: pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
 ##########
 @@ -108,11 +126,33 @@ public void close() throws IOException {
 
     ZTSClient getZtsClient() {
         if (ztsClient == null) {
-            PrivateKey privateKey = Crypto.loadPrivateKey(new File(privateKeyPath));
             ServiceIdentityProvider siaProvider = new SimpleServiceIdentityProvider(tenantDomain, tenantService,
                     privateKey, keyId);
             ztsClient = new ZTSClient(null, tenantDomain, tenantService, siaProvider);
         }
         return ztsClient;
     }
+
+    PrivateKey loadPrivateKey(String privateKeyURL) {
+        PrivateKey privateKey = null;
+        try {
+            URI uri = new URI(privateKeyURL);
+            if (isBlank(uri.getScheme())) {
+                // We treated as file path
+                privateKey = Crypto.loadPrivateKey(new File(privateKeyURL));
+            } else if (uri.getScheme().equals("file")) {
+                privateKey = Crypto.loadPrivateKey(new File(uri.getPath()));
+            } else if(uri.getScheme().equals("data")) {
+                List<String> dataParts = Splitter.on(",").splitToList(uri.getSchemeSpecificPart());
+                if (dataParts.get(0).equals("application/x-pem-file;base64")) {
 
 Review comment:
   > Without ";base64", the data (as a sequence of octets) is represented using ASCII encoding for octets inside the range of safe URL characters and using the standard %xx hex encoding of URLs for octets outside that range.
   
   https://tools.ietf.org/html/rfc2397
   
   Since PEM format is basically ASCII text, probably URL encoding would be more efficient.
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services