You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by mm...@apache.org on 2022/10/01 15:29:08 UTC
[pulsar-client-go] branch master updated: Add TLS transport config (#855)
This is an automated email from the ASF dual-hosted git repository.
mmerli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar-client-go.git
The following commit(s) were added to refs/heads/master by this push:
new fce0cb0 Add TLS transport config (#855)
fce0cb0 is described below
commit fce0cb0695b5c2c22133f912395762b2ff33a9d4
Author: Zixuan Liu <no...@gmail.com>
AuthorDate: Sat Oct 1 23:29:02 2022 +0800
Add TLS transport config (#855)
* Add TLS transport config
Signed-off-by: Zixuan Liu <no...@gmail.com>
* Fix style
Signed-off-by: Zixuan Liu <no...@gmail.com>
Signed-off-by: Zixuan Liu <no...@gmail.com>
---
pulsar/client.go | 6 ++++++
pulsar/client_impl.go | 2 ++
pulsar/client_impl_test.go | 35 +++++++++++++++++++++++++++++++++++
pulsar/internal/connection.go | 10 ++++++++++
pulsar/internal/http_client.go | 8 ++++++++
5 files changed, 61 insertions(+)
diff --git a/pulsar/client.go b/pulsar/client.go
index 22b12ef..29a582f 100644
--- a/pulsar/client.go
+++ b/pulsar/client.go
@@ -105,6 +105,12 @@ type ClientOptions struct {
// Example: `Authentication: NewAuthenticationTLS("my-cert.pem", "my-key.pem")`
Authentication
+ // Set the path to the TLS key file
+ TLSKeyFilePath string
+
+ // Set the path to the TLS certificate file
+ TLSCertificateFile string
+
// Set the path to the trusted TLS certificate file
TLSTrustCertsFilePath string
diff --git a/pulsar/client_impl.go b/pulsar/client_impl.go
index e7fa642..712e197 100644
--- a/pulsar/client_impl.go
+++ b/pulsar/client_impl.go
@@ -71,6 +71,8 @@ func newClient(options ClientOptions) (Client, error) {
case "pulsar+ssl", "https":
tlsConfig = &internal.TLSOptions{
AllowInsecureConnection: options.TLSAllowInsecureConnection,
+ KeyFile: options.TLSKeyFilePath,
+ CertFile: options.TLSCertificateFile,
TrustCertsFilePath: options.TLSTrustCertsFilePath,
ValidateHostname: options.TLSValidateHostname,
}
diff --git a/pulsar/client_impl_test.go b/pulsar/client_impl_test.go
index ba8f6eb..c98a542 100644
--- a/pulsar/client_impl_test.go
+++ b/pulsar/client_impl_test.go
@@ -1066,3 +1066,38 @@ func TestHTTPSBasicAuth(t *testing.T) {
client.Close()
}
+
+func testTLSTransportWithBasicAuth(t *testing.T, url string) {
+ t.Helper()
+
+ basicAuth, err := NewAuthenticationBasic("admin", "123456")
+ require.NoError(t, err)
+ require.NotNil(t, basicAuth)
+
+ client, err := NewClient(ClientOptions{
+ URL: url,
+ TLSCertificateFile: tlsClientCertPath,
+ TLSKeyFilePath: tlsClientKeyPath,
+ TLSTrustCertsFilePath: caCertsPath,
+ Authentication: basicAuth,
+ })
+ require.NoError(t, err)
+ require.NotNil(t, client)
+
+ producer, err := client.CreateProducer(ProducerOptions{
+ Topic: newTopicName(),
+ })
+
+ require.NoError(t, err)
+ require.NotNil(t, producer)
+
+ client.Close()
+}
+
+func TestServiceUrlTLSWithTLSTransportWithBasicAuth(t *testing.T) {
+ testTLSTransportWithBasicAuth(t, serviceURLTLS)
+}
+
+func TestWebServiceUrlTLSWithTLSTransportWithBasicAuth(t *testing.T) {
+ testTLSTransportWithBasicAuth(t, webServiceURLTLS)
+}
diff --git a/pulsar/internal/connection.go b/pulsar/internal/connection.go
index 4196396..6a410a2 100644
--- a/pulsar/internal/connection.go
+++ b/pulsar/internal/connection.go
@@ -47,6 +47,8 @@ const (
)
type TLSOptions struct {
+ KeyFile string
+ CertFile string
TrustCertsFilePath string
AllowInsecureConnection bool
ValidateHostname bool
@@ -982,6 +984,14 @@ func (c *connection) getTLSConfig() (*tls.Config, error) {
tlsConfig.ServerName = c.physicalAddr.Hostname()
}
+ if c.tlsOptions.CertFile != "" || c.tlsOptions.KeyFile != "" {
+ cert, err := tls.LoadX509KeyPair(c.tlsOptions.CertFile, c.tlsOptions.KeyFile)
+ if err != nil {
+ return nil, errors.New(err.Error())
+ }
+ tlsConfig.Certificates = []tls.Certificate{cert}
+ }
+
cert, err := c.auth.GetTLSCertificate()
if err != nil {
return nil, err
diff --git a/pulsar/internal/http_client.go b/pulsar/internal/http_client.go
index 8c494dc..3c68dac 100644
--- a/pulsar/internal/http_client.go
+++ b/pulsar/internal/http_client.go
@@ -345,6 +345,14 @@ func getDefaultTransport(tlsConfig *TLSOptions) (http.RoundTripper, error) {
cfg.RootCAs = x509.NewCertPool()
cfg.RootCAs.AppendCertsFromPEM(rootCA)
}
+
+ if tlsConfig.CertFile != "" || tlsConfig.KeyFile != "" {
+ cert, err := tls.LoadX509KeyPair(tlsConfig.CertFile, tlsConfig.KeyFile)
+ if err != nil {
+ return nil, errors.New(err.Error())
+ }
+ cfg.Certificates = []tls.Certificate{cert}
+ }
transport.TLSClientConfig = cfg
}
transport.MaxIdleConnsPerHost = 10