This is an automated email from the ASF dual-hosted git repository.
xyz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/pulsar-client-cpp.git
The following commit(s) were added to refs/heads/main by this push:
new 39183d3 [fix] Use ClientConfiguration::getTlsTrustCertsFilePath for
the OAuth2 flow (#190)
39183d3 is described below
commit 39183d39787ef894311a29a0c09f65583fc6002a
Author: Yunze Xu <[email protected]>
AuthorDate: Wed Feb 8 10:12:58 2023 +0800
[fix] Use ClientConfiguration::getTlsTrustCertsFilePath for the OAuth2 flow
(#190)
---
lib/ClientConnection.cc | 4 +++-
lib/auth/AuthOauth2.cc | 18 ++++++++++++++++++
lib/auth/AuthOauth2.h | 5 +++++
lib/auth/InitialAuthData.h | 39 +++++++++++++++++++++++++++++++++++++++
4 files changed, 65 insertions(+), 1 deletion(-)
diff --git a/lib/ClientConnection.cc b/lib/ClientConnection.cc
index 16373c6..d908537 100644
--- a/lib/ClientConnection.cc
+++ b/lib/ClientConnection.cc
@@ -31,6 +31,7 @@
#include "ProducerImpl.h"
#include "PulsarApi.pb.h"
#include "Url.h"
+#include "auth/InitialAuthData.h"
#include "checksum/ChecksumProvider.h"
DECLARE_LOG_OBJECT()
@@ -225,7 +226,8 @@ ClientConnection::ClientConnection(const std::string&
logicalAddress, const std:
std::string tlsCertificates =
clientConfiguration.getTlsCertificateFilePath();
std::string tlsPrivateKey =
clientConfiguration.getTlsPrivateKeyFilePath();
- AuthenticationDataPtr authData;
+ auto authData = std::dynamic_pointer_cast<AuthenticationDataProvider>(
+
std::make_shared<InitialAuthData>(clientConfiguration.getTlsTrustCertsFilePath()));
if (authentication_->getAuthData(authData) == ResultOk &&
authData->hasDataForTls()) {
tlsCertificates = authData->getTlsCertificates();
tlsPrivateKey = authData->getTlsPrivateKey();
diff --git a/lib/auth/AuthOauth2.cc b/lib/auth/AuthOauth2.cc
index 66c1b05..1592827 100644
--- a/lib/auth/AuthOauth2.cc
+++ b/lib/auth/AuthOauth2.cc
@@ -25,6 +25,7 @@
#include <sstream>
#include <stdexcept>
+#include "InitialAuthData.h"
#include "lib/LogUtils.h"
DECLARE_LOG_OBJECT()
@@ -191,6 +192,10 @@ void ClientCredentialFlow::initialize() {
char errorBuffer[CURL_ERROR_SIZE];
curl_easy_setopt(handle, CURLOPT_ERRORBUFFER, errorBuffer);
+ if (!tlsTrustCertsFilePath_.empty()) {
+ curl_easy_setopt(handle, CURLOPT_CAINFO,
tlsTrustCertsFilePath_.c_str());
+ }
+
// Make get call to server
res = curl_easy_perform(handle);
@@ -317,6 +322,10 @@ Oauth2TokenResultPtr ClientCredentialFlow::authenticate() {
char errorBuffer[CURL_ERROR_SIZE];
curl_easy_setopt(handle, CURLOPT_ERRORBUFFER, errorBuffer);
+ if (!tlsTrustCertsFilePath_.empty()) {
+ curl_easy_setopt(handle, CURLOPT_CAINFO,
tlsTrustCertsFilePath_.c_str());
+ }
+
// Make get call to server
res = curl_easy_perform(handle);
@@ -401,6 +410,15 @@ AuthenticationPtr AuthOauth2::create(ParamMap& params) {
return AuthenticationPt
const std::string AuthOauth2::getAuthMethodName() const { return "token"; }
Result AuthOauth2::getAuthData(AuthenticationDataPtr& authDataContent) {
+ auto initialAuthData =
std::dynamic_pointer_cast<InitialAuthData>(authDataContent);
+ if (initialAuthData) {
+ auto flowPtr =
std::dynamic_pointer_cast<ClientCredentialFlow>(flowPtr_);
+ if (!flowPtr_) {
+ throw std::invalid_argument("AuthOauth2::flowPtr_ is not a
ClientCredentialFlow");
+ }
+
flowPtr->setTlsTrustCertsFilePath(initialAuthData->tlsTrustCertsFilePath_);
+ }
+
if (cachedTokenPtr_ == nullptr || cachedTokenPtr_->isExpired()) {
try {
cachedTokenPtr_ = CachedTokenPtr(new
Oauth2CachedToken(flowPtr_->authenticate()));
diff --git a/lib/auth/AuthOauth2.h b/lib/auth/AuthOauth2.h
index 565af06..31c6122 100644
--- a/lib/auth/AuthOauth2.h
+++ b/lib/auth/AuthOauth2.h
@@ -60,12 +60,17 @@ class ClientCredentialFlow : public Oauth2Flow {
ParamMap generateParamMap() const;
std::string getTokenEndPoint() const;
+ void setTlsTrustCertsFilePath(const std::string& tlsTrustCertsFilePath) {
+ tlsTrustCertsFilePath_ = tlsTrustCertsFilePath;
+ }
+
private:
std::string tokenEndPoint_;
const std::string issuerUrl_;
const KeyFile keyFile_;
const std::string audience_;
const std::string scope_;
+ std::string tlsTrustCertsFilePath_;
std::once_flag initializeOnce_;
};
diff --git a/lib/auth/InitialAuthData.h b/lib/auth/InitialAuthData.h
new file mode 100644
index 0000000..ce92ba4
--- /dev/null
+++ b/lib/auth/InitialAuthData.h
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+#pragma once
+
+#include <pulsar/Authentication.h>
+
+namespace pulsar {
+
+class ClientConfiguration;
+
+struct InitialAuthData : public AuthenticationDataProvider {
+ const std::string tlsTrustCertsFilePath_;
+
+ InitialAuthData(const std::string& tlsTrustCertsFilePath)
+ : tlsTrustCertsFilePath_(tlsTrustCertsFilePath) {}
+
+ bool hasDataForHttp() override { return false; }
+ std::string getHttpHeaders() override { return ""; }
+ bool hasDataFromCommand() override { return false; }
+ std::string getCommandData() override { return ""; }
+};
+
+} // namespace pulsar
