pulsar-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [pulsar] rdhabalia commented on a change in pull request #6760: [pulsar-client] Add support to load tls certs/key dynamically from inputstream
Date Sun, 19 Apr 2020 23:11:12 GMT

rdhabalia commented on a change in pull request #6760:
URL: https://github.com/apache/pulsar/pull/6760#discussion_r411012712



##########
File path: pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java
##########
@@ -238,24 +240,53 @@ public static SSLContext createSslContext(boolean allowInsecureConnection,
Certi
         }
 
         try (FileInputStream input = new FileInputStream(certFilePath)) {
-            CertificateFactory cf = CertificateFactory.getInstance("X.509");
-            Collection<X509Certificate> collection = (Collection<X509Certificate>)
cf.generateCertificates(input);
-            certificates = collection.toArray(new X509Certificate[collection.size()]);
+            certificates = loadCertificatesFromPemStream(input);
         } catch (GeneralSecurityException | IOException e) {
             throw new KeyManagementException("Certificate loading error", e);
         }
 
         return certificates;
     }
 
+    public static X509Certificate[] loadCertificatesFromPemStream(InputStream inStream) throws
KeyManagementException  {
+        if (inStream == null) {
+            return null;
+        }
+        CertificateFactory cf;
+        try {
+            cf = CertificateFactory.getInstance("X.509");
+            Collection<X509Certificate> collection = (Collection<X509Certificate>)
cf.generateCertificates(inStream);
+            return collection.toArray(new X509Certificate[collection.size()]);
+        } catch (CertificateException e) {
+            throw new KeyManagementException("Certificate loading error", e);
+        }
+    }
+
     public static PrivateKey loadPrivateKeyFromPemFile(String keyFilePath) throws KeyManagementException
{
         PrivateKey privateKey = null;
 
         if (keyFilePath == null || keyFilePath.isEmpty()) {
             return privateKey;
         }
 
-        try (BufferedReader reader = new BufferedReader(new FileReader(keyFilePath))) {
+        try (FileInputStream input = new FileInputStream(keyFilePath)) {
+            privateKey = loadPrivateKeyFromPemStream(input);
+        } catch (IOException e) {
+            throw new KeyManagementException("Private key loading error", e);
+        }
+
+        return privateKey;
+    }
+
+    public static PrivateKey loadPrivateKeyFromPemStream(InputStream inStream) throws KeyManagementException
{
+        PrivateKey privateKey = null;
+
+        if (inStream == null) {
+            return privateKey;
+        }
+
+        //TODO: check if bufferReader should be closed or not

Review comment:
       Yes, fixed it. actually user provided stream can be read multiple times by multiple
connections so, pulsar-client needs a stream that can be marked and reset. So, I changed interface
with `ByteArrayInputStream` to support reading same provided stream multiple times.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message