This is an automated email from the ASF dual-hosted git repository. lhotari pushed a commit to branch branch-3.0 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 1b9b6aebcc1f7d4db223ff215b227a8f06223c0e Author: ran <[email protected]> AuthorDate: Thu Jul 31 03:41:38 2025 +0800 [improve][client] Support load RSA PKCS#8 private key (#24582) (cherry picked from commit 8cf353f73170de9d4508edc3aca95d82c574d30c) --- .../client/api/SimpleProducerConsumerTest.java | 13 ++++++++-- .../certificate/private-key.client-rsa-pkcs8.pem | 28 ++++++++++++++++++++++ .../certificate/public-key.client-rsa-pkcs8.pem | 9 +++++++ .../pulsar/client/impl/crypto/MessageCryptoBc.java | 3 +++ 4 files changed, 51 insertions(+), 2 deletions(-) diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/SimpleProducerConsumerTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/SimpleProducerConsumerTest.java index db0cd3663d6..910d6a3c425 100644 --- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/SimpleProducerConsumerTest.java +++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/SimpleProducerConsumerTest.java @@ -2821,6 +2821,11 @@ public class SimpleProducerConsumerTest extends ProducerConsumerBase { .addEncryptionKey("client-rsa.pem").cryptoKeyReader(new EncKeyReader()).create(); Producer<byte[]> producer2 = pulsarClient.newProducer().topic("persistent://my-property/my-ns/myrsa-topic1") .addEncryptionKey("client-rsa.pem").cryptoKeyReader(new EncKeyReader()).create(); + Producer<byte[]> producer3 = pulsarClient.newProducer() + .topic("persistent://my-property/my-ns/myrsa-topic1") + .addEncryptionKey("client-rsa-pkcs8.pem") + .cryptoKeyReader(new EncKeyReader()) + .create(); for (int i = 0; i < totalMsg; i++) { String message = "my-message-" + i; @@ -2830,6 +2835,10 @@ public class SimpleProducerConsumerTest extends ProducerConsumerBase { String message = "my-message-" + i; producer2.send(message.getBytes()); } + for (int i = totalMsg * 2; i < totalMsg * 3; i++) { + String message = "my-message-" + i; + producer3.send(message.getBytes()); + } MessageImpl<byte[]> msg; @@ -2837,13 +2846,13 @@ public class SimpleProducerConsumerTest extends ProducerConsumerBase { // should not able to read message using normal message. assertNull(msg); - for (int i = 0; i < totalMsg * 2; i++) { + for (int i = 0; i < totalMsg * 3; i++) { msg = (MessageImpl<byte[]>) consumer.receive(RECEIVE_TIMEOUT_SECONDS, TimeUnit.SECONDS); // verify that encrypted message contains encryption-context msg.getEncryptionCtx() .orElseThrow(() -> new IllegalStateException("encryption-ctx not present for encrypted message")); String receivedMessage = new String(msg.getData()); - log.debug("Received message: [{}]", receivedMessage); + log.info("Received message: [{}]", receivedMessage); String expectedMessage = "my-message-" + i; testMessageOrderAndDuplicates(messageSet, receivedMessage, expectedMessage); } diff --git a/pulsar-broker/src/test/resources/certificate/private-key.client-rsa-pkcs8.pem b/pulsar-broker/src/test/resources/certificate/private-key.client-rsa-pkcs8.pem new file mode 100644 index 00000000000..3da4eba4c29 --- /dev/null +++ b/pulsar-broker/src/test/resources/certificate/private-key.client-rsa-pkcs8.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC3xJ0urDHj3X4n +Ul7j8ovzHMUK74hmRIy+n1VuPbUcfaHYXx6lpebAsrFzgvqvNUywXGWEXZ+zlPpD +DfMupZ0KW2rGAlOQhGWI8384PtBINi06jY0Wa1Apc2EJ43rP9lHR/XkZRHaPDRNR +Fer3uwlb1hhxyliNRH1GZrfryX3FW1/z9chG+ouc9AvP+/NJYO2Un8klPxsswEDO +krTgZbdAXwA0jYafViIv+ea7xses+YgOaZ6cv8JpD1rBF0TwO1U2anQRyZ7jVnlZ +eQMEM4TimCm3i6egHpUnbw0BsSvoUKOrkpXnurCTpfx05sy3yFumFCm8ytditHB5 +3mBEtdd3AgMBAAECggEAPJJEYulkCmDr34ches3r/iaJ9hhM47SNlZlMHemeBDWO +vpRftCbSP8rGfbX67fxJ+kmCNpZreNROhwKWmNYCxLKsJ3cF1zkkhHcKBF6D5YFh ++A5HJlAZ3IfIwOsnhFuCzY3YOBFeaLldGBl62MvgAlK3vO3+sRWVmzppPgEsgPuU +KEGFB4EX2JRY001rQcfQ4Oh2VcR5st13/JAXw6aMfJAtYAHAt5rpiYQZyH/t25+a +aqVTp5Q/oyx/+hNajU0gasvAaRtUGi1HipUkcZ80RTTMFKsMn/gM1kyPJTQMejcC +o74/xhyGdGQ1hLFijXLMn8JclifIOUDBrVySZagJ1QKBgQD8kwvzhlehBZ2dQkjJ +T+S2suuuE6UPJDSJiq+7gjy4F11p+NAZv2QhLzIGRlX0WmR0BU0Nt1X50uWIUnwM +NJuz5JWIWIxcyBoCRD3BFHzq1yGBbP03iHyiYW864+VZy2INJmz0Oww4kC55kzdH +aB9IVQRjCyC5po38zwHdKJAVXQKBgQC6QqrgATeVWDwKbabbIJY5uqsK8VVphCTi +4ezRhA5XldaTA3zODg5fo+oa3Yge0CHx7moM5odCqjm8dBPdE0D9vaZ/dEsIVqcZ +H6oEV+xuLePTXsFDcX80EwtIB/DJs5sqFIcqUYyrPBPHrY9dsfXnohBGlYysd+T5 +yLwgSxoe4wKBgQCmjBQyZeC8piZTf1TdolgPfRXZuMx7moUmORQ+EdgWEBoh+dbH +U6QkGanj51dghIZ+1swDgmQoE0AVz0ZLChmt2sobmUAdIjm8SuFpwyfH90n5vTOP +/ekpbhRZgdNHjcw/HZp0xcb+OVzcAA5QgME4Ag+de8X9hW1VSe9RtSClZQKBgHPO +98eHejPVRJ+HRfOA82a5dZe8LcsJapXWuxQZ84DpnRyTUoobmzxEAk7p5rSh3Dk8 +b5vNydPdW0CdO6x9SC98N4WPnQd2OTcZxPAmas6mobzOcYOpkdmi7aS/qyr+DT/A +u7nIMppVJEdG1pj/CVIYJd59JZYmhav471900qzZAoGBAKP5f1vSQtcN9PNMUidy +c3rNF3jVnGmV6LXIeMk0dwlMMANT2X3CzXTUU9y80AXThHEltJtdHD5xjJjRTODv +rWxAAZRnLDCfv/4meD+3YRWXw8oy6hG81vz4v81ypE5jD37/kwTIfbpSVGxo699J +c3KEpMHolMtHSTl9WWz3SJwM +-----END PRIVATE KEY----- diff --git a/pulsar-broker/src/test/resources/certificate/public-key.client-rsa-pkcs8.pem b/pulsar-broker/src/test/resources/certificate/public-key.client-rsa-pkcs8.pem new file mode 100644 index 00000000000..b916fd08082 --- /dev/null +++ b/pulsar-broker/src/test/resources/certificate/public-key.client-rsa-pkcs8.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8SdLqwx491+J1Je4/KL +8xzFCu+IZkSMvp9Vbj21HH2h2F8epaXmwLKxc4L6rzVMsFxlhF2fs5T6Qw3zLqWd +CltqxgJTkIRliPN/OD7QSDYtOo2NFmtQKXNhCeN6z/ZR0f15GUR2jw0TURXq97sJ +W9YYccpYjUR9Rma368l9xVtf8/XIRvqLnPQLz/vzSWDtlJ/JJT8bLMBAzpK04GW3 +QF8ANI2Gn1YiL/nmu8bHrPmIDmmenL/CaQ9awRdE8DtVNmp0Ecme41Z5WXkDBDOE +4pgpt4unoB6VJ28NAbEr6FCjq5KV57qwk6X8dObMt8hbphQpvMrXYrRwed5gRLXX +dwIDAQAB +-----END PUBLIC KEY----- diff --git a/pulsar-client-messagecrypto-bc/src/main/java/org/apache/pulsar/client/impl/crypto/MessageCryptoBc.java b/pulsar-client-messagecrypto-bc/src/main/java/org/apache/pulsar/client/impl/crypto/MessageCryptoBc.java index a47d19c2833..d54b2e968fc 100644 --- a/pulsar-client-messagecrypto-bc/src/main/java/org/apache/pulsar/client/impl/crypto/MessageCryptoBc.java +++ b/pulsar-client-messagecrypto-bc/src/main/java/org/apache/pulsar/client/impl/crypto/MessageCryptoBc.java @@ -270,6 +270,9 @@ public class MessageCryptoBc implements MessageCrypto<MessageMetadata, MessageMe JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); privateKey = pemConverter.getPrivateKey(pKeyInfo); + } else if (pemObj instanceof PrivateKeyInfo) { + JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); + privateKey = pemConverter.getPrivateKey((PrivateKeyInfo) pemObj); } // if our private key is EC type and we have parameters specified
