You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/10/19 19:28:27 UTC

[GitHub] [pulsar] eolivelli commented on a diff in pull request #18121: [feat][client] Add ClientConfiguration options for in memory TLS certs

eolivelli commented on code in PR #18121:
URL: https://github.com/apache/pulsar/pull/18121#discussion_r999857890


##########
pulsar-client/src/main/java/org/apache/pulsar/client/impl/conf/ClientConfigurationData.java:
##########
@@ -162,6 +165,24 @@ public class ClientConfigurationData implements Serializable, Cloneable {
     )
     private String tlsTrustCertsFilePath = null;
 
+    @ApiModelProperty(
+            name = "tlsPrivateKey",
+            value = "The private key for the client certificate. Only used when tlsTrustStoreStream is non-null."
+    )
+    private PrivateKey tlsPrivateKey = null;

Review Comment:
   would it be possible to renew the key?
   
   what about creating a interface like TLSClientMaterialProvider ?
   
   interface TLSClientMaterialProvider {
        PrivateKey getPrivateKey();
        InputStream openTrustStoreStream();
        Certificate[]  getCertificateChain();
   }
   
   we can also provide default implementations that read from a local file (with automatic reload) or from a classpath resource



##########
pulsar-client/src/main/java/org/apache/pulsar/client/impl/conf/ClientConfigurationData.java:
##########
@@ -162,6 +165,24 @@ public class ClientConfigurationData implements Serializable, Cloneable {
     )
     private String tlsTrustCertsFilePath = null;
 
+    @ApiModelProperty(
+            name = "tlsPrivateKey",
+            value = "The private key for the client certificate. Only used when tlsTrustStoreStream is non-null."
+    )
+    private PrivateKey tlsPrivateKey = null;
+
+    @ApiModelProperty(
+            name = "tlsCertificates",
+            value = "Client certificate chain. Only used when tlsTrustStoreStream is non-null."
+    )
+    private Certificate[] tlsCertificates = null;
+
+    @ApiModelProperty(
+            name = "tlsTrustStoreStream",
+            value = "Input-stream of the trust store. When configured, the tlsPrivateKey and tlsCertificates are used."
+    )
+    private InputStream tlsTrustStoreStream = null;

Review Comment:
   please explain the lifecycle of this Stream.
   is the Pulsar client intended to always read it fully and then close it ?
   what happens in case of failure of the creation of the PulsarClient ?
   
   also, who is responsible for closing it ?
   as this Stream is bound to some external resource (a file, a network connection) the lifecycle of the object must be well-know.
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org