pulsar-broker/src/test/java/org/apache/pulsar/client/api/TlsProducerConsumerBase.java - pulsar - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.pulsar.client.api;

 import static org.mockito.Mockito.spy;

 import java.util.HashMap;
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
 import java.util.concurrent.TimeUnit;

 import org.apache.pulsar.client.admin.PulsarAdmin;
 import org.apache.pulsar.client.impl.auth.AuthenticationTls;
 import org.apache.pulsar.common.policies.data.ClusterData;
 import org.apache.pulsar.common.policies.data.TenantInfoImpl;

 import com.google.common.collect.Sets;
 import org.testng.annotations.AfterMethod;
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;

 @Test(groups = "broker-api")
 public class TlsProducerConsumerBase extends ProducerConsumerBase {
     protected final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
     protected final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
     protected final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
     protected final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem";
     protected final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem";
     private final String clusterName = "use";

     @BeforeMethod
     @Override
     protected void setup() throws Exception {
         // TLS configuration for Broker
         internalSetUpForBroker();

         // Start Broker
         super.init();
     }

     @AfterMethod(alwaysRun = true)
     @Override
     protected void cleanup() throws Exception {
         super.internalCleanup();
     }

     protected void internalSetUpForBroker() {
         conf.setBrokerServicePortTls(Optional.of(0));
         conf.setWebServicePortTls(Optional.of(0));
         conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
         conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
         conf.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
         conf.setClusterName(clusterName);
         conf.setTlsRequireTrustedClientCertOnConnect(true);
         Set<String> tlsProtocols = Sets.newConcurrentHashSet();
         tlsProtocols.add("TLSv1.3");
         tlsProtocols.add("TLSv1.2");
         conf.setTlsProtocols(tlsProtocols);
         conf.setNumExecutorThreadPoolSize(5);
     }

     protected void internalSetUpForClient(boolean addCertificates, String lookupUrl) throws Exception {
         if (pulsarClient != null) {
             pulsarClient.close();
         }
         ClientBuilder clientBuilder = PulsarClient.builder().serviceUrl(lookupUrl)
                 .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).enableTls(true).allowTlsInsecureConnection(false)
                 .operationTimeout(1000, TimeUnit.MILLISECONDS);
         if (addCertificates) {
             Map<String, String> authParams = new HashMap<>();
             authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
             authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
             clientBuilder.authentication(AuthenticationTls.class.getName(), authParams);
         }
         replacePulsarClient(clientBuilder);
     }

     protected void internalSetUpForNamespace() throws Exception {
         Map<String, String> authParams = new HashMap<>();
         authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
         authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);

         if (admin != null) {
             admin.close();
         }

         admin = spy(PulsarAdmin.builder().serviceHttpUrl(brokerUrlTls.toString())
                 .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).allowTlsInsecureConnection(false)
                 .authentication(AuthenticationTls.class.getName(), authParams).build());
         admin.clusters().createCluster(clusterName,
                 ClusterData.builder()
                         .serviceUrl(brokerUrl.toString())
                         .serviceUrlTls(brokerUrlTls.toString())
                         .brokerServiceUrl(pulsar.getBrokerServiceUrl())
                         .brokerServiceUrlTls(pulsar.getBrokerServiceUrlTls())
                         .build());
         admin.tenants().createTenant("my-property",
                 new TenantInfoImpl(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet("use")));
         admin.namespaces().createNamespace("my-property/my-ns");
     }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.pulsar.client.api;

	import static org.mockito.Mockito.spy;

	import java.util.HashMap;
	import java.util.Map;
	import java.util.Optional;
	import java.util.Set;
	import java.util.concurrent.TimeUnit;

	import org.apache.pulsar.client.admin.PulsarAdmin;
	import org.apache.pulsar.client.impl.auth.AuthenticationTls;
	import org.apache.pulsar.common.policies.data.ClusterData;
	import org.apache.pulsar.common.policies.data.TenantInfoImpl;

	import com.google.common.collect.Sets;
	import org.testng.annotations.AfterMethod;
	import org.testng.annotations.BeforeMethod;
	import org.testng.annotations.Test;

	@Test(groups = "broker-api")
	public class TlsProducerConsumerBase extends ProducerConsumerBase {
	protected final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
	protected final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
	protected final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
	protected final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem";
	protected final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem";
	private final String clusterName = "use";

	@BeforeMethod
	@Override
	protected void setup() throws Exception {
	// TLS configuration for Broker
	internalSetUpForBroker();

	// Start Broker
	super.init();
	}

	@AfterMethod(alwaysRun = true)
	@Override
	protected void cleanup() throws Exception {
	super.internalCleanup();
	}

	protected void internalSetUpForBroker() {
	conf.setBrokerServicePortTls(Optional.of(0));
	conf.setWebServicePortTls(Optional.of(0));
	conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
	conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
	conf.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
	conf.setClusterName(clusterName);
	conf.setTlsRequireTrustedClientCertOnConnect(true);
	Set<String> tlsProtocols = Sets.newConcurrentHashSet();
	tlsProtocols.add("TLSv1.3");
	tlsProtocols.add("TLSv1.2");
	conf.setTlsProtocols(tlsProtocols);
	conf.setNumExecutorThreadPoolSize(5);
	}

	protected void internalSetUpForClient(boolean addCertificates, String lookupUrl) throws Exception {
	if (pulsarClient != null) {
	pulsarClient.close();
	}
	ClientBuilder clientBuilder = PulsarClient.builder().serviceUrl(lookupUrl)
	.tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).enableTls(true).allowTlsInsecureConnection(false)
	.operationTimeout(1000, TimeUnit.MILLISECONDS);
	if (addCertificates) {
	Map<String, String> authParams = new HashMap<>();
	authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
	authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
	clientBuilder.authentication(AuthenticationTls.class.getName(), authParams);
	}
	replacePulsarClient(clientBuilder);
	}

	protected void internalSetUpForNamespace() throws Exception {
	Map<String, String> authParams = new HashMap<>();
	authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
	authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);

	if (admin != null) {
	admin.close();
	}

	admin = spy(PulsarAdmin.builder().serviceHttpUrl(brokerUrlTls.toString())
	.tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).allowTlsInsecureConnection(false)
	.authentication(AuthenticationTls.class.getName(), authParams).build());
	admin.clusters().createCluster(clusterName,
	ClusterData.builder()
	.serviceUrl(brokerUrl.toString())
	.serviceUrlTls(brokerUrlTls.toString())
	.brokerServiceUrl(pulsar.getBrokerServiceUrl())
	.brokerServiceUrlTls(pulsar.getBrokerServiceUrlTls())
	.build());
	admin.tenants().createTenant("my-property",
	new TenantInfoImpl(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet("use")));
	admin.namespaces().createNamespace("my-property/my-ns");
	}
	}