-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature][cpp-client]Expose cpp end to end encryption interface #9074
Conversation
@BewareMyPower Can you review this pull request? |
@sijie OK |
@@ -1323,7 +1324,14 @@ TEST(BasicEndToEndTest, testRSAEncryption) { | |||
std::string subName = "my-sub-name"; | |||
Producer producer; | |||
|
|||
std::shared_ptr<EncKeyReader> keyReader = std::make_shared<EncKeyReader>(); | |||
std::string PUBLIC_CERT_FILE_PATH = |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should EncKeyReader
in testEncryptionFailure
also be replaced with the default crypto key reader? Then the implementation of EncKeyReader
could be removed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is another test method testEncryptionFailure
that needs to use this mock class, testEncryptionFailure mainly tests for some failure cases, it may be more appropriate to use this mock class
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But the implementation difference between EncKeyReader
and DefaultCryptoKeyReader
is just that EncKeyReader
uses hard coding path while DefaultCryptoKeyReader
does not, right? The tests cases of testEncryptionFailure
are mocked by prodConf.addEncryptionKey(path)
but not the EncKeyReader
itself.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, I have removed this class EncKeyReader
, PTAL @BewareMyPower
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why the keys configuration is not configured in the PulsarClient rather in the producer and consumer creation?
End-to-end encryption is for producers and consumers, but not for clients. Clients can connect normally even if the encryption is misconfigured, and the key is only configured when sending messages, but can only be read, not set, on the consumer side. @zymap |
I have updated the code PTAL @BewareMyPower |
/pulsarbot run-failure-checks |
### Motivation Currently some users want to use end-to-end encryption on other clients, such as python or node clients, and this pr is used to expose the end-to-end encryption interface. ### Modifications * Add a default class `DefaultCryptoKeyReader` to implement reading public and private keys * The client calls the `pulsar_consumer_configuration_set_default_crypto_key_reader` function to specify the path of the public and private keys to be passed to the cpp client * Add `DefaultCryptoKeyReader` class to the test ### Verifying this change * Update test The end-to-end tests already exist in the cpp client, so let's go ahead and use this example https://github.com/apache/pulsar/blob/041424cf06f16bedf4ef5787c9b96b7c5daf5fce/pulsar-client-cpp/tests/BasicEndToEndTest.cc#L1320 to test our code (cherry picked from commit 956328d)
Motivation
Currently some users want to use end-to-end encryption on other clients, such as python or node clients, and this pr is used to expose the end-to-end encryption interface.
Modifications
DefaultCryptoKeyReader
to implement reading public and private keyspulsar_consumer_configuration_set_default_crypto_key_reader
function to specify the path of the public and private keys to be passed to the cpp clientDefaultCryptoKeyReader
class to the testVerifying this change
The end-to-end tests already exist in the cpp client, so let's go ahead and use this example
pulsar/pulsar-client-cpp/tests/BasicEndToEndTest.cc
Line 1320 in 041424c
Does this pull request potentially affect one of the following parts:
If
yes
was chosen, please highlight the changesDocumentation