pulsaradmin/pkg/admin/auth/tls.go - pulsar-client-go - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.

 package auth

 import (
 	"crypto/tls"
 	"encoding/json"
 	"net/http"
 	"strings"
 )

 const (
 	TLSPluginName      = "org.apache.pulsar.client.impl.auth.AuthenticationTls"
 	TLSPluginShortName = "tls"
 )

 type TLS struct {
 	TLSCertFile string `json:"tlsCertFile"`
 	TLSKeyFile  string `json:"tlsKeyFile"`
 }

 type TLSAuthProvider struct {
 	certificatePath string
 	privateKeyPath  string
 	T               http.RoundTripper
 }

 // NewAuthenticationTLS initialize the authentication provider
 func NewAuthenticationTLS(certificatePath string, privateKeyPath string,
 	transport http.RoundTripper) (*TLSAuthProvider, error) {
 	provider := &TLSAuthProvider{
 		certificatePath: certificatePath,
 		privateKeyPath:  privateKeyPath,
 		T:               transport,
 	}
 	if err := provider.configTLS(); err != nil {
 		return nil, err
 	}
 	return provider, nil
 }

 func NewAuthenticationTLSFromAuthParams(encodedAuthParams string,
 	transport http.RoundTripper) (*TLSAuthProvider, error) {
 	var certificatePath string
 	var privateKeyPath string

 	var tlsJSON TLS
 	err := json.Unmarshal([]byte(encodedAuthParams), &tlsJSON)
 	if err != nil {
 		parts := strings.Split(encodedAuthParams, ",")
 		for _, part := range parts {
 			kv := strings.Split(part, ":")
 			switch kv[0] {
 			case "tlsCertFile":
 				certificatePath = kv[1]
 			case "tlsKeyFile":
 				privateKeyPath = kv[1]
 			}
 		}
 	} else {
 		certificatePath = tlsJSON.TLSCertFile
 		privateKeyPath = tlsJSON.TLSKeyFile
 	}

 	return NewAuthenticationTLS(certificatePath, privateKeyPath, transport)
 }

 func (p *TLSAuthProvider) GetTLSCertificate() (*tls.Certificate, error) {
 	cert, err := tls.LoadX509KeyPair(p.certificatePath, p.privateKeyPath)
 	return &cert, err
 }

 func (p *TLSAuthProvider) RoundTrip(req *http.Request) (*http.Response, error) {
 	return p.T.RoundTrip(req)
 }

 func (p *TLSAuthProvider) Transport() http.RoundTripper {
 	return p.T
 }

 func (p *TLSAuthProvider) configTLS() error {
 	cert, err := p.GetTLSCertificate()
 	if err != nil {
 		return err
 	}
 	transport := p.T.(*http.Transport)
 	transport.TLSClientConfig.Certificates = []tls.Certificate{*cert}
 	return nil
 }

 func (p *TLSAuthProvider) WithTransport(tripper http.RoundTripper) {
 	p.T = tripper
 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.

	package auth

	import (
	"crypto/tls"
	"encoding/json"
	"net/http"
	"strings"
	)

	const (
	TLSPluginName = "org.apache.pulsar.client.impl.auth.AuthenticationTls"
	TLSPluginShortName = "tls"
	)

	type TLS struct {
	TLSCertFile string `json:"tlsCertFile"`
	TLSKeyFile string `json:"tlsKeyFile"`
	}

	type TLSAuthProvider struct {
	certificatePath string
	privateKeyPath string
	T http.RoundTripper
	}

	// NewAuthenticationTLS initialize the authentication provider
	func NewAuthenticationTLS(certificatePath string, privateKeyPath string,
	transport http.RoundTripper) (*TLSAuthProvider, error) {
	provider := &TLSAuthProvider{
	certificatePath: certificatePath,
	privateKeyPath: privateKeyPath,
	T: transport,
	}
	if err := provider.configTLS(); err != nil {
	return nil, err
	}
	return provider, nil
	}

	func NewAuthenticationTLSFromAuthParams(encodedAuthParams string,
	transport http.RoundTripper) (*TLSAuthProvider, error) {
	var certificatePath string
	var privateKeyPath string

	var tlsJSON TLS
	err := json.Unmarshal([]byte(encodedAuthParams), &tlsJSON)
	if err != nil {
	parts := strings.Split(encodedAuthParams, ",")
	for _, part := range parts {
	kv := strings.Split(part, ":")
	switch kv[0] {
	case "tlsCertFile":
	certificatePath = kv[1]
	case "tlsKeyFile":
	privateKeyPath = kv[1]
	}
	}
	} else {
	certificatePath = tlsJSON.TLSCertFile
	privateKeyPath = tlsJSON.TLSKeyFile
	}

	return NewAuthenticationTLS(certificatePath, privateKeyPath, transport)
	}

	func (p TLSAuthProvider) GetTLSCertificate() (tls.Certificate, error) {
	cert, err := tls.LoadX509KeyPair(p.certificatePath, p.privateKeyPath)
	return &cert, err
	}

	func (p TLSAuthProvider) RoundTrip(req http.Request) (*http.Response, error) {
	return p.T.RoundTrip(req)
	}

	func (p *TLSAuthProvider) Transport() http.RoundTripper {
	return p.T
	}

	func (p *TLSAuthProvider) configTLS() error {
	cert, err := p.GetTLSCertificate()
	if err != nil {
	return err
	}
	transport := p.T.(*http.Transport)
	transport.TLSClientConfig.Certificates = []tls.Certificate{*cert}
	return nil
	}

	func (p *TLSAuthProvider) WithTransport(tripper http.RoundTripper) {
	p.T = tripper
	}