You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/06/29 09:35:20 UTC

[GitHub] [pulsar] BewareMyPower commented on a diff in pull request #15634: [PIP-158][improve][client] Split client TLS transport encryption from authentication

BewareMyPower commented on code in PR #15634:
URL: https://github.com/apache/pulsar/pull/15634#discussion_r909404624


##########
pulsar-common/src/main/java/org/apache/pulsar/common/util/NettyClientSslContextRefresher.java:
##########
@@ -46,6 +46,8 @@ public class NettyClientSslContextRefresher extends SslContextAutoRefreshBuilder
 
     public NettyClientSslContextRefresher(SslProvider sslProvider, boolean allowInsecure,
                                           String trustCertsFilePath,
+                                          String certsFilePath,
+                                          String keyFilePath,

Review Comment:
   These two new parameters always accept `null` in all references, could you explain why did you add them?



##########
pulsar-broker/src/test/java/org/apache/pulsar/client/impl/KeyStoreTlsProducerConsumerTestWithAuthTest.java:
##########
@@ -92,6 +101,12 @@ protected void internalSetUpForBroker() {
         conf.setAuthorizationEnabled(true);
         Set<String> providers = new HashSet<>();
         providers.add(AuthenticationProviderTls.class.getName());
+
+        Properties properties = new Properties();
+        properties.setProperty("tokenSecretKey", JWT_SECRET_PATH);

Review Comment:
   Instead of specifying a path of a manually generated secret key file, you can just generate the key in code.
   
   ```java
           SecretKey secretKey = AuthTokenUtils.createSecretKey(SignatureAlgorithm.HS256);
           Properties properties = new Properties();
           properties.setProperty("tokenSecretKey", AuthTokenUtils.encodeKeyBase64(secretKey));
   ```
   
   And the `CLIENTUSER_TOKEN` can be replaced by a non-final field like:
   
   ```java
           userToken = AuthTokenUtils.createToken(secretKey, "user", Optional.empty())
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org