From db40945232acc4b02cdb2bd8e3cbbf730bb3c553 Mon Sep 17 00:00:00 2001 From: Jia Zhai Date: Sun, 5 Jul 2020 10:24:34 +0800 Subject: [PATCH 01/13] remove dep of bc-shaded from other module --- bouncy-castle/bcfips-include-test/pom.xml | 4 ++-- bouncy-castle/bcfips-nar-test/pom.xml | 4 ++-- .../api/SimpleProducerConsumerTest.java | 21 +++++++++++++------ pulsar-client-messagecrypto-bc/pom.xml | 2 +- pulsar-client/pom.xml | 2 +- pulsar-discovery-service/pom.xml | 2 +- pulsar-functions/worker/pom.xml | 2 +- 7 files changed, 23 insertions(+), 14 deletions(-) diff --git a/bouncy-castle/bcfips-include-test/pom.xml b/bouncy-castle/bcfips-include-test/pom.xml index 125fb3bd5ff30..775b0a6420986 100644 --- a/bouncy-castle/bcfips-include-test/pom.xml +++ b/bouncy-castle/bcfips-include-test/pom.xml @@ -47,7 +47,7 @@ ${project.groupId} - bouncy-castle-bc-shaded + bouncy-castle-bc test-jar @@ -61,7 +61,7 @@ ${project.groupId} - bouncy-castle-bc-shaded + bouncy-castle-bc test diff --git a/bouncy-castle/bcfips-nar-test/pom.xml b/bouncy-castle/bcfips-nar-test/pom.xml index f34841d893bf3..b391a825caacf 100644 --- a/bouncy-castle/bcfips-nar-test/pom.xml +++ b/bouncy-castle/bcfips-nar-test/pom.xml @@ -47,7 +47,7 @@ ${project.groupId} - bouncy-castle-bc-shaded + bouncy-castle-bc test-jar @@ -61,7 +61,7 @@ ${project.groupId} - bouncy-castle-bc-shaded + bouncy-castle-bc test diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/SimpleProducerConsumerTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/SimpleProducerConsumerTest.java index dd95e30d1dfd5..c3b36f2cf6293 100644 --- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/SimpleProducerConsumerTest.java +++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/SimpleProducerConsumerTest.java @@ -2483,30 +2483,39 @@ public EncryptionKeyInfo getPrivateKey(String keyName, Map keyMe Set messageSet = Sets.newHashSet(); - Consumer consumer = pulsarClient.newConsumer() + Consumer cryptoConsumer = pulsarClient.newConsumer() .topic("persistent://my-property/my-ns/myecdsa-topic1").subscriptionName("my-subscriber-name") .cryptoKeyReader(new EncKeyReader()).subscribe(); - Producer producer = pulsarClient.newProducer() + Consumer normalConsumer = pulsarClient.newConsumer() + .topic("persistent://my-property/my-ns/myecdsa-topic1").subscriptionName("my-subscriber-name-normal") + .subscribe(); + + Producer cryptoProducer = pulsarClient.newProducer() .topic("persistent://my-property/my-ns/myecdsa-topic1").addEncryptionKey("client-ecdsa.pem") .cryptoKeyReader(new EncKeyReader()).create(); for (int i = 0; i < totalMsg; i++) { String message = "my-message-" + i; - producer.send(message.getBytes()); + cryptoProducer.send(message.getBytes()); } Message msg = null; + msg = normalConsumer.receive(5, TimeUnit.SECONDS); + // should not able to read message using normal message. + assertNull(msg); + for (int i = 0; i < totalMsg; i++) { - msg = consumer.receive(5, TimeUnit.SECONDS); + msg = cryptoConsumer.receive(5, TimeUnit.SECONDS); String receivedMessage = new String(msg.getData()); log.debug("Received message: [{}]", receivedMessage); String expectedMessage = "my-message-" + i; testMessageOrderAndDuplicates(messageSet, receivedMessage, expectedMessage); } + // Acknowledge the consumption of all messages at once - consumer.acknowledgeCumulative(msg); - consumer.close(); + cryptoConsumer.acknowledgeCumulative(msg); + cryptoConsumer.close(); log.info("-- Exiting {} test --", methodName); } diff --git a/pulsar-client-messagecrypto-bc/pom.xml b/pulsar-client-messagecrypto-bc/pom.xml index 54a6a9560943f..3b5653e6d36f4 100644 --- a/pulsar-client-messagecrypto-bc/pom.xml +++ b/pulsar-client-messagecrypto-bc/pom.xml @@ -43,7 +43,7 @@ ${project.groupId} - bouncy-castle-bc-shaded + bouncy-castle-bc ${project.parent.version} diff --git a/pulsar-client/pom.xml b/pulsar-client/pom.xml index a52465c21129e..1befcc8cd1674 100644 --- a/pulsar-client/pom.xml +++ b/pulsar-client/pom.xml @@ -53,7 +53,7 @@ ${project.groupId} - bouncy-castle-bc-shaded + bouncy-castle-bc ${project.parent.version} diff --git a/pulsar-discovery-service/pom.xml b/pulsar-discovery-service/pom.xml index 587c06a4347e8..0a52b7eb0fab5 100644 --- a/pulsar-discovery-service/pom.xml +++ b/pulsar-discovery-service/pom.xml @@ -64,7 +64,7 @@ ${project.groupId} - bouncy-castle-bc-shaded + bouncy-castle-bc ${project.version} diff --git a/pulsar-functions/worker/pom.xml b/pulsar-functions/worker/pom.xml index 78b33e244a55f..d6e90bbcdff6f 100644 --- a/pulsar-functions/worker/pom.xml +++ b/pulsar-functions/worker/pom.xml @@ -45,7 +45,7 @@ pulsar-functions-runtime ${project.version} - + org.bouncycastle bcpkix-jdk15on From a7da277be0dad6bff9efcc4c1c7153503bd6d029 Mon Sep 17 00:00:00 2001 From: Jia Zhai Date: Sun, 5 Jul 2020 10:58:19 +0800 Subject: [PATCH 02/13] remove bc-shaded module --- bouncy-castle/pom.xml | 3 --- distribution/server/pom.xml | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/bouncy-castle/pom.xml b/bouncy-castle/pom.xml index 7791cd51afafd..ff333c451d630 100644 --- a/bouncy-castle/pom.xml +++ b/bouncy-castle/pom.xml @@ -38,9 +38,6 @@ bc bcfips - - bc-shaded - bcfips-include-test bcfips-nar-test diff --git a/distribution/server/pom.xml b/distribution/server/pom.xml index 381ac6a59add2..151d5058de212 100644 --- a/distribution/server/pom.xml +++ b/distribution/server/pom.xml @@ -146,7 +146,7 @@ io.grpc * - + org.bouncycastle * From 880e68e6039453b11869ff8ed1fa2c00f4baf705 Mon Sep 17 00:00:00 2001 From: Jia Zhai Date: Sun, 5 Jul 2020 11:10:50 +0800 Subject: [PATCH 03/13] enhance testECDSAEncryption and testRSAEncryption to cover error case --- .../client/api/SimpleProducerConsumerTest.java | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/SimpleProducerConsumerTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/SimpleProducerConsumerTest.java index c3b36f2cf6293..b8664a0f6c28f 100644 --- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/SimpleProducerConsumerTest.java +++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/SimpleProducerConsumerTest.java @@ -2441,6 +2441,7 @@ public void testFailReceiveAsyncOnConsumerClose() throws Exception { @Test(groups = "encryption") public void testECDSAEncryption() throws Exception { log.info("-- Starting {} test --", methodName); + String topicName = "persistent://my-property/my-ns/myecdsa-topic1-" + System.currentTimeMillis(); class EncKeyReader implements CryptoKeyReader { @@ -2484,15 +2485,15 @@ public EncryptionKeyInfo getPrivateKey(String keyName, Map keyMe Set messageSet = Sets.newHashSet(); Consumer cryptoConsumer = pulsarClient.newConsumer() - .topic("persistent://my-property/my-ns/myecdsa-topic1").subscriptionName("my-subscriber-name") + .topic(topicName).subscriptionName("my-subscriber-name") .cryptoKeyReader(new EncKeyReader()).subscribe(); Consumer normalConsumer = pulsarClient.newConsumer() - .topic("persistent://my-property/my-ns/myecdsa-topic1").subscriptionName("my-subscriber-name-normal") + .topic(topicName).subscriptionName("my-subscriber-name-normal") .subscribe(); Producer cryptoProducer = pulsarClient.newProducer() - .topic("persistent://my-property/my-ns/myecdsa-topic1").addEncryptionKey("client-ecdsa.pem") + .topic(topicName).addEncryptionKey("client-ecdsa.pem") .cryptoKeyReader(new EncKeyReader()).create(); for (int i = 0; i < totalMsg; i++) { String message = "my-message-" + i; @@ -2501,7 +2502,7 @@ public EncryptionKeyInfo getPrivateKey(String keyName, Map keyMe Message msg = null; - msg = normalConsumer.receive(5, TimeUnit.SECONDS); + msg = normalConsumer.receive(500, TimeUnit.MILLISECONDS); // should not able to read message using normal message. assertNull(msg); @@ -2522,6 +2523,7 @@ public EncryptionKeyInfo getPrivateKey(String keyName, Map keyMe @Test(groups = "encryption") public void testRSAEncryption() throws Exception { log.info("-- Starting {} test --", methodName); + String topicName = "persistent://my-property/my-ns/myrsa-topic1-"+ System.currentTimeMillis(); class EncKeyReader implements CryptoKeyReader { @@ -2565,6 +2567,9 @@ public EncryptionKeyInfo getPrivateKey(String keyName, Map keyMe Set messageSet = Sets.newHashSet(); Consumer consumer = pulsarClient.newConsumer().topic("persistent://my-property/my-ns/myrsa-topic1") .subscriptionName("my-subscriber-name").cryptoKeyReader(new EncKeyReader()).subscribe(); + Consumer normalConsumer = pulsarClient.newConsumer() + .topic(topicName).subscriptionName("my-subscriber-name-normal") + .subscribe(); Producer producer = pulsarClient.newProducer().topic("persistent://my-property/my-ns/myrsa-topic1") .addEncryptionKey("client-rsa.pem").cryptoKeyReader(new EncKeyReader()).create(); @@ -2582,6 +2587,10 @@ public EncryptionKeyInfo getPrivateKey(String keyName, Map keyMe MessageImpl msg = null; + msg = (MessageImpl) normalConsumer.receive(500, TimeUnit.MILLISECONDS); + // should not able to read message using normal message. + assertNull(msg); + for (int i = 0; i < totalMsg * 2; i++) { msg = (MessageImpl) consumer.receive(5, TimeUnit.SECONDS); // verify that encrypted message contains encryption-context From 270db6a5f8ce408a0cf2e19c7ee15177069f0a1c Mon Sep 17 00:00:00 2001 From: Jia Zhai Date: Sun, 5 Jul 2020 23:08:25 +0800 Subject: [PATCH 04/13] fix license check --- distribution/server/src/assemble/LICENSE.bin.txt | 6 ++++++ pulsar-sql/presto-distribution/LICENSE | 5 ++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index 899b8e438a1e7..b2f920dc0fae0 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -583,6 +583,12 @@ Creative Commons Attribution License * Jcip -- licenses/LICENSE-jcip.txt - net.jcip-jcip-annotations-1.0.jar +Bouncy Castle License + * Bouncy Castle -- licenses/LICENSE-bouncycastle.txt + - org.bouncycastle-bcpkix-jdk15on-1.60.jar + - org.bouncycastle-bcprov-ext-jdk15on-1.60.jar + - org.bouncycastle-bcprov-jdk15on-1.60.jar + ------------------------ Additionaly, Netty includes code with the following licenses: diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE index 071e21daec0c8..29fffa43edf9f 100644 --- a/pulsar-sql/presto-distribution/LICENSE +++ b/pulsar-sql/presto-distribution/LICENSE @@ -561,4 +561,7 @@ Creative Commons Attribution License Bouncy Castle License * Bouncy Castle -- licenses/LICENSE-bouncycastle.txt - - bouncy-castle-bc-shaded-2.7.0-SNAPSHOT.jar + - bcpkix-jdk15on-1.60.jar + - bcprov-ext-jdk15on-1.60.jar + - bcprov-jdk15on-1.60.jar + - bouncy-castle-bc-2.7.0-SNAPSHOT.jar From 8d4e85c8397113d687c2a96e74f92976f51307ab Mon Sep 17 00:00:00 2001 From: Jia Zhai Date: Thu, 30 Jul 2020 19:29:23 +0800 Subject: [PATCH 05/13] remove bc-shaded module --- bouncy-castle/bc-shaded/pom.xml | 84 --------------------------------- 1 file changed, 84 deletions(-) delete mode 100644 bouncy-castle/bc-shaded/pom.xml diff --git a/bouncy-castle/bc-shaded/pom.xml b/bouncy-castle/bc-shaded/pom.xml deleted file mode 100644 index af5561094c31b..0000000000000 --- a/bouncy-castle/bc-shaded/pom.xml +++ /dev/null @@ -1,84 +0,0 @@ - - - - bouncy-castle-parent - org.apache.pulsar - 2.7.0-SNAPSHOT - - - 4.0.0 - bouncy-castle-bc-shaded - jar - Apache Pulsar :: Bouncy Castle :: BC Shaded - - - - ${project.groupId} - bouncy-castle-bc - ${project.version} - true - - - - - - - - maven-shade-plugin - - - package - - shade - - - true - true - false - - - - org.bouncycastle:* - - - - - - - *:* - - META-INF/*.SF - META-INF/*.DSA - META-INF/*.RSA - - - - - - - - - - - - From 1e27a889af750d89e41fbafd6e9ef3174d6e336b Mon Sep 17 00:00:00 2001 From: Jia Zhai Date: Fri, 31 Jul 2020 21:27:33 +0800 Subject: [PATCH 06/13] build a jar in jar to avoid break bc signature --- bouncy-castle/bc/pom.xml | 18 ++++++++++++++++++ bouncy-castle/bcfips/pom.xml | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/bouncy-castle/bc/pom.xml b/bouncy-castle/bc/pom.xml index c6849844e6022..a332fcfdfec41 100644 --- a/bouncy-castle/bc/pom.xml +++ b/bouncy-castle/bc/pom.xml @@ -59,6 +59,24 @@ org.apache.nifi nifi-nar-maven-plugin + + + + de.ntcomputer + executable-packer-maven-plugin + 1.0.1 + + ${project.artifactId}-${project.version} + org.apache.pulsar.bcloader.BouncyCastleLoader + + + + + pack-executable-jar + + + + diff --git a/bouncy-castle/bcfips/pom.xml b/bouncy-castle/bcfips/pom.xml index 4403264b79592..89bf335906f9a 100644 --- a/bouncy-castle/bcfips/pom.xml +++ b/bouncy-castle/bcfips/pom.xml @@ -59,6 +59,24 @@ org.apache.nifi nifi-nar-maven-plugin + + + + de.ntcomputer + executable-packer-maven-plugin + 1.0.1 + + ${project.artifactId}-${project.version} + org.apache.pulsar.bcloader.BouncyCastleFipsLoader + + + + + pack-executable-jar + + + + From 319d224a2f81ed2b0740e78c1810cbaef68081e3 Mon Sep 17 00:00:00 2001 From: Jia Zhai Date: Mon, 3 Aug 2020 16:55:15 +0800 Subject: [PATCH 07/13] use new bc dependency by classifier in maven --- pulsar-client-messagecrypto-bc/pom.xml | 1 + pulsar-client-tools-test/pom.xml | 1 + pulsar-client/pom.xml | 1 + pulsar-discovery-service/pom.xml | 1 + site2/docs/security-bouncy-castle.md | 1 + .../versioned_docs/version-2.5.1/security-bouncy-castle.md | 1 + .../versioned_docs/version-2.5.2/security-bouncy-castle.md | 1 + .../versioned_docs/version-2.6.0/security-bouncy-castle.md | 1 + .../versioned_docs/version-2.6.1/security-bouncy-castle.md | 1 + 9 files changed, 9 insertions(+) diff --git a/pulsar-client-messagecrypto-bc/pom.xml b/pulsar-client-messagecrypto-bc/pom.xml index 3b5653e6d36f4..00e2b6d5ddf5f 100644 --- a/pulsar-client-messagecrypto-bc/pom.xml +++ b/pulsar-client-messagecrypto-bc/pom.xml @@ -45,6 +45,7 @@ ${project.groupId} bouncy-castle-bc ${project.parent.version} + pkg diff --git a/pulsar-client-tools-test/pom.xml b/pulsar-client-tools-test/pom.xml index cefecceac6857..e81fbec9047c3 100644 --- a/pulsar-client-tools-test/pom.xml +++ b/pulsar-client-tools-test/pom.xml @@ -61,6 +61,7 @@ ${project.groupId} bouncy-castle-bc ${project.version} + pkg test diff --git a/pulsar-client/pom.xml b/pulsar-client/pom.xml index 1befcc8cd1674..728fcf44b0de6 100644 --- a/pulsar-client/pom.xml +++ b/pulsar-client/pom.xml @@ -55,6 +55,7 @@ ${project.groupId} bouncy-castle-bc ${project.parent.version} + pkg diff --git a/pulsar-discovery-service/pom.xml b/pulsar-discovery-service/pom.xml index 0a52b7eb0fab5..1e4effcdae679 100644 --- a/pulsar-discovery-service/pom.xml +++ b/pulsar-discovery-service/pom.xml @@ -66,6 +66,7 @@ ${project.groupId} bouncy-castle-bc ${project.version} + pkg diff --git a/site2/docs/security-bouncy-castle.md b/site2/docs/security-bouncy-castle.md index 2d9ef6b6171f8..9805fdc4bea26 100644 --- a/site2/docs/security-bouncy-castle.md +++ b/site2/docs/security-bouncy-castle.md @@ -48,6 +48,7 @@ Pulsar Client(`pulsar-client-original`) module include BouncyCastle non-FIPS jar org.apache.pulsar bouncy-castle-bc ${project.parent.version} + pkg ``` diff --git a/site2/website/versioned_docs/version-2.5.1/security-bouncy-castle.md b/site2/website/versioned_docs/version-2.5.1/security-bouncy-castle.md index b8b8d5600d8ac..9908e13e8f13b 100644 --- a/site2/website/versioned_docs/version-2.5.1/security-bouncy-castle.md +++ b/site2/website/versioned_docs/version-2.5.1/security-bouncy-castle.md @@ -49,6 +49,7 @@ Pulsar Client(`pulsar-client-original`) module include BouncyCastle non-FIPS jar org.apache.pulsar bouncy-castle-bc ${project.parent.version} + pkg ``` diff --git a/site2/website/versioned_docs/version-2.5.2/security-bouncy-castle.md b/site2/website/versioned_docs/version-2.5.2/security-bouncy-castle.md index aea6d0196753a..16a94352c23c5 100644 --- a/site2/website/versioned_docs/version-2.5.2/security-bouncy-castle.md +++ b/site2/website/versioned_docs/version-2.5.2/security-bouncy-castle.md @@ -49,6 +49,7 @@ Pulsar Client(`pulsar-client-original`) module include BouncyCastle non-FIPS jar org.apache.pulsar bouncy-castle-bc ${project.parent.version} + pkg ``` diff --git a/site2/website/versioned_docs/version-2.6.0/security-bouncy-castle.md b/site2/website/versioned_docs/version-2.6.0/security-bouncy-castle.md index 400c4f7b8450d..f881b5ebf2b71 100644 --- a/site2/website/versioned_docs/version-2.6.0/security-bouncy-castle.md +++ b/site2/website/versioned_docs/version-2.6.0/security-bouncy-castle.md @@ -49,6 +49,7 @@ Pulsar Client(`pulsar-client-original`) module include BouncyCastle non-FIPS jar org.apache.pulsar bouncy-castle-bc ${project.parent.version} + pkg ``` diff --git a/site2/website/versioned_docs/version-2.6.1/security-bouncy-castle.md b/site2/website/versioned_docs/version-2.6.1/security-bouncy-castle.md index 15cdb6b675b1f..0d28a233485eb 100644 --- a/site2/website/versioned_docs/version-2.6.1/security-bouncy-castle.md +++ b/site2/website/versioned_docs/version-2.6.1/security-bouncy-castle.md @@ -50,6 +50,7 @@ Pulsar Client(`pulsar-client-original`) module include BouncyCastle non-FIPS jar org.apache.pulsar bouncy-castle-bc-shaded ${project.parent.version} + pkg ``` From 6d92a3adc1aa02a938d4d245e45c3145f1108c67 Mon Sep 17 00:00:00 2001 From: Jia Zhai Date: Mon, 3 Aug 2020 22:48:53 +0800 Subject: [PATCH 08/13] build pulsar-all docker image instead of pull from dockerhub in integration tests --- .../ci-integration-backwards-compatibility.yaml | 10 +++++++++- .github/workflows/ci-integration-cli.yaml | 10 +++++++++- .github/workflows/ci-integration-function-state.yaml | 10 +++++++++- .github/workflows/ci-integration-messaging.yaml | 10 +++++++++- .github/workflows/ci-integration-process.yaml | 2 +- .github/workflows/ci-integration-standalone.yaml | 10 +++++++++- .github/workflows/ci-integration-thread.yaml | 2 +- .../workflows/ci-integration-tiered-filesystem.yaml | 2 +- .github/workflows/ci-integration-tiered-jcloud.yaml | 2 +- pulsar-sql/presto-distribution/LICENSE | 2 +- 10 files changed, 50 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci-integration-backwards-compatibility.yaml b/.github/workflows/ci-integration-backwards-compatibility.yaml index 84e00fde4f208..8cb0f7a9e061c 100644 --- a/.github/workflows/ci-integration-backwards-compatibility.yaml +++ b/.github/workflows/ci-integration-backwards-compatibility.yaml @@ -73,9 +73,17 @@ jobs: if: steps.docs.outputs.changed_only == 'no' run: mvn -q -B -ntp clean install -DskipTests + - name: build pulsar image + if: steps.docs.outputs.changed_only == 'no' + run: mvn -B -f docker/pulsar/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + + - name: build pulsar-all image + if: steps.docs.outputs.changed_only == 'no' + run: mvn -B -f docker/pulsar-all/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + - name: build artifacts and docker image if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests + run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - name: run integration tests if: steps.docs.outputs.changed_only == 'no' diff --git a/.github/workflows/ci-integration-cli.yaml b/.github/workflows/ci-integration-cli.yaml index 91839199995a1..fd06e92af8df6 100644 --- a/.github/workflows/ci-integration-cli.yaml +++ b/.github/workflows/ci-integration-cli.yaml @@ -73,9 +73,17 @@ jobs: if: steps.docs.outputs.changed_only == 'no' run: mvn -q -B -ntp clean install -DskipTests + - name: build pulsar image + if: steps.docs.outputs.changed_only == 'no' + run: mvn -B -f docker/pulsar/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + + - name: build pulsar-all image + if: steps.docs.outputs.changed_only == 'no' + run: mvn -B -f docker/pulsar-all/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + - name: build artifacts and docker image if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests + run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - name: run integration tests if: steps.docs.outputs.changed_only == 'no' diff --git a/.github/workflows/ci-integration-function-state.yaml b/.github/workflows/ci-integration-function-state.yaml index e842ed94e995f..90ef229057caa 100644 --- a/.github/workflows/ci-integration-function-state.yaml +++ b/.github/workflows/ci-integration-function-state.yaml @@ -73,9 +73,17 @@ jobs: if: steps.docs.outputs.changed_only == 'no' run: mvn -q -B -ntp clean install -DskipTests + - name: build pulsar image + if: steps.docs.outputs.changed_only == 'no' + run: mvn -B -f docker/pulsar/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + + - name: build pulsar-all image + if: steps.docs.outputs.changed_only == 'no' + run: mvn -B -f docker/pulsar-all/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + - name: build artifacts and docker image if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests + run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - name: run integration tests if: steps.docs.outputs.changed_only == 'no' diff --git a/.github/workflows/ci-integration-messaging.yaml b/.github/workflows/ci-integration-messaging.yaml index fb17d38153bd1..0dc9cf51fc6e7 100644 --- a/.github/workflows/ci-integration-messaging.yaml +++ b/.github/workflows/ci-integration-messaging.yaml @@ -73,9 +73,17 @@ jobs: if: steps.docs.outputs.changed_only == 'no' run: mvn -q -B -ntp clean install -DskipTests + - name: build pulsar image + if: steps.docs.outputs.changed_only == 'no' + run: mvn -B -f docker/pulsar/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + + - name: build pulsar-all image + if: steps.docs.outputs.changed_only == 'no' + run: mvn -B -f docker/pulsar-all/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + - name: build artifacts and docker image if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests + run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - name: run integration tests if: steps.docs.outputs.changed_only == 'no' diff --git a/.github/workflows/ci-integration-process.yaml b/.github/workflows/ci-integration-process.yaml index 17e03edad0ff9..cd50704c4010a 100644 --- a/.github/workflows/ci-integration-process.yaml +++ b/.github/workflows/ci-integration-process.yaml @@ -83,7 +83,7 @@ jobs: - name: build artifacts and docker image if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests + run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - name: run integration function if: steps.docs.outputs.changed_only == 'no' diff --git a/.github/workflows/ci-integration-standalone.yaml b/.github/workflows/ci-integration-standalone.yaml index 39aff11bb87bd..6593156533786 100644 --- a/.github/workflows/ci-integration-standalone.yaml +++ b/.github/workflows/ci-integration-standalone.yaml @@ -73,9 +73,17 @@ jobs: if: steps.docs.outputs.changed_only == 'no' run: mvn -q -B -ntp clean install -DskipTests + - name: build pulsar image + if: steps.docs.outputs.changed_only == 'no' + run: mvn -B -f docker/pulsar/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + + - name: build pulsar-all image + if: steps.docs.outputs.changed_only == 'no' + run: mvn -B -f docker/pulsar-all/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + - name: build artifacts and docker image if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests + run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - name: run integration tests if: steps.docs.outputs.changed_only == 'no' diff --git a/.github/workflows/ci-integration-thread.yaml b/.github/workflows/ci-integration-thread.yaml index 337880ce467ea..77b5015537243 100644 --- a/.github/workflows/ci-integration-thread.yaml +++ b/.github/workflows/ci-integration-thread.yaml @@ -83,7 +83,7 @@ jobs: - name: build artifacts and docker image if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests + run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - name: run integration function if: steps.docs.outputs.changed_only == 'no' diff --git a/.github/workflows/ci-integration-tiered-filesystem.yaml b/.github/workflows/ci-integration-tiered-filesystem.yaml index db0aab3ae1e2e..8e795a7710f77 100644 --- a/.github/workflows/ci-integration-tiered-filesystem.yaml +++ b/.github/workflows/ci-integration-tiered-filesystem.yaml @@ -83,7 +83,7 @@ jobs: - name: build artifacts and docker image if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests + run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - name: run integration tests if: steps.docs.outputs.changed_only == 'no' diff --git a/.github/workflows/ci-integration-tiered-jcloud.yaml b/.github/workflows/ci-integration-tiered-jcloud.yaml index 60f272e54ee91..b80d06cbc0870 100644 --- a/.github/workflows/ci-integration-tiered-jcloud.yaml +++ b/.github/workflows/ci-integration-tiered-jcloud.yaml @@ -83,7 +83,7 @@ jobs: - name: build artifacts and docker image if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests + run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - name: run integration tests if: steps.docs.outputs.changed_only == 'no' diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE index 29fffa43edf9f..155567c6eb56c 100644 --- a/pulsar-sql/presto-distribution/LICENSE +++ b/pulsar-sql/presto-distribution/LICENSE @@ -564,4 +564,4 @@ Bouncy Castle License - bcpkix-jdk15on-1.60.jar - bcprov-ext-jdk15on-1.60.jar - bcprov-jdk15on-1.60.jar - - bouncy-castle-bc-2.7.0-SNAPSHOT.jar + - bouncy-castle-bc-2.7.0-SNAPSHOT-pkg.jar From 9ced0150699f833122ac912ab4e9884cab3dfd87 Mon Sep 17 00:00:00 2001 From: Jia Zhai Date: Wed, 21 Oct 2020 11:02:09 +0800 Subject: [PATCH 09/13] remove nar --- bouncy-castle/bc/pom.xml | 4 - .../client/TlsProducerConsumerTest.java | 4 + bouncy-castle/bcfips-nar-test/pom.xml | 102 -------------- .../client/TlsProducerConsumerBase.java | 130 ------------------ .../client/TlsProducerConsumerTest.java | 130 ------------------ .../authentication/tls/broker-cert.pem | 73 ---------- .../authentication/tls/broker-key.pem | 28 ---- .../resources/authentication/tls/cacert.pem | 62 --------- .../authentication/tls/client-cert.pem | 73 ---------- .../authentication/tls/client-key.pem | 28 ---- bouncy-castle/bcfips/pom.xml | 5 - bouncy-castle/pom.xml | 1 - .../pulsar/common/util/SearchBcNarUtils.java | 118 ---------------- .../pulsar/common/util/SecurityUtility.java | 9 +- 14 files changed, 5 insertions(+), 762 deletions(-) delete mode 100644 bouncy-castle/bcfips-nar-test/pom.xml delete mode 100644 bouncy-castle/bcfips-nar-test/src/test/java/org/apache/pulsar/client/TlsProducerConsumerBase.java delete mode 100644 bouncy-castle/bcfips-nar-test/src/test/java/org/apache/pulsar/client/TlsProducerConsumerTest.java delete mode 100644 bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/broker-cert.pem delete mode 100644 bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/broker-key.pem delete mode 100644 bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/cacert.pem delete mode 100644 bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/client-cert.pem delete mode 100644 bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/client-key.pem delete mode 100644 pulsar-common/src/main/java/org/apache/pulsar/common/util/SearchBcNarUtils.java diff --git a/bouncy-castle/bc/pom.xml b/bouncy-castle/bc/pom.xml index a332fcfdfec41..4268af607b8a5 100644 --- a/bouncy-castle/bc/pom.xml +++ b/bouncy-castle/bc/pom.xml @@ -55,10 +55,6 @@ - - org.apache.nifi - nifi-nar-maven-plugin - diff --git a/bouncy-castle/bcfips-include-test/src/test/java/org/apache/pulsar/client/TlsProducerConsumerTest.java b/bouncy-castle/bcfips-include-test/src/test/java/org/apache/pulsar/client/TlsProducerConsumerTest.java index 85ee130e34a83..f7549f8f0e501 100644 --- a/bouncy-castle/bcfips-include-test/src/test/java/org/apache/pulsar/client/TlsProducerConsumerTest.java +++ b/bouncy-castle/bcfips-include-test/src/test/java/org/apache/pulsar/client/TlsProducerConsumerTest.java @@ -88,6 +88,7 @@ public void testTlsClientAuthOverBinaryProtocol() throws Exception { Assert.fail("Server should have failed the TLS handshake since client didn't ."); } catch (Exception ex) { // OK + log.info("first test success: without certs set, meet exception {}", ex); } // Test 2 - Using TLS on binary protocol - sending certs @@ -95,6 +96,7 @@ public void testTlsClientAuthOverBinaryProtocol() throws Exception { try { pulsarClient.newConsumer().topic("persistent://my-property/use/my-ns/my-topic1") .subscriptionName("my-subscriber-name").subscriptionType(SubscriptionType.Exclusive).subscribe(); + log.info("second test success: with certs set, consumer sub success"); } catch (Exception ex) { Assert.fail("Should not fail since certs are sent."); } @@ -116,6 +118,7 @@ public void testTlsClientAuthOverHTTPProtocol() throws Exception { Assert.fail("Server should have failed the TLS handshake since client didn't ."); } catch (Exception ex) { // OK + log.info("first test success: without certs set, meet exception {}", ex); } // Test 2 - Using TLS on https - sending certs @@ -123,6 +126,7 @@ public void testTlsClientAuthOverHTTPProtocol() throws Exception { try { pulsarClient.newConsumer().topic("persistent://my-property/use/my-ns/my-topic1") .subscriptionName("my-subscriber-name").subscriptionType(SubscriptionType.Exclusive).subscribe(); + log.info("second test success: with certs set, consumer sub success"); } catch (Exception ex) { Assert.fail("Should not fail since certs are sent."); } diff --git a/bouncy-castle/bcfips-nar-test/pom.xml b/bouncy-castle/bcfips-nar-test/pom.xml deleted file mode 100644 index b391a825caacf..0000000000000 --- a/bouncy-castle/bcfips-nar-test/pom.xml +++ /dev/null @@ -1,102 +0,0 @@ - - - 4.0.0 - - org.apache.pulsar - bouncy-castle-parent - 2.7.0-SNAPSHOT - .. - - - bcfips-nar-test - Pulsar Bouncy Castle FIPS Nar Test - Broker and client runs auth with nar load BC FIPS version - - - - ${project.groupId} - testmocks - ${project.version} - test - - - - ${project.groupId} - pulsar-broker - ${project.version} - - - ${project.groupId} - bouncy-castle-bc - - - test-jar - test - - - - ${project.groupId} - pulsar-broker - ${project.version} - - - ${project.groupId} - bouncy-castle-bc - - - test - - - - - - org.apache.maven.plugins - maven-deploy-plugin - - true - - - - - org.apache.maven.plugins - maven-antrun-plugin - - - compile - - run - - - - copy test examples package - - - - - - - - - - - diff --git a/bouncy-castle/bcfips-nar-test/src/test/java/org/apache/pulsar/client/TlsProducerConsumerBase.java b/bouncy-castle/bcfips-nar-test/src/test/java/org/apache/pulsar/client/TlsProducerConsumerBase.java deleted file mode 100644 index 0a3f4e30edf7c..0000000000000 --- a/bouncy-castle/bcfips-nar-test/src/test/java/org/apache/pulsar/client/TlsProducerConsumerBase.java +++ /dev/null @@ -1,130 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.pulsar.client; - -import static org.mockito.Mockito.spy; - -import com.google.common.collect.Sets; -import java.net.URL; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.util.HashMap; -import java.util.Map; -import java.util.Optional; -import java.util.Set; -import java.util.concurrent.TimeUnit; -import lombok.extern.slf4j.Slf4j; -import org.apache.pulsar.client.admin.PulsarAdmin; -import org.apache.pulsar.client.api.ClientBuilder; -import org.apache.pulsar.client.api.ProducerConsumerBase; -import org.apache.pulsar.client.api.PulsarClient; -import org.apache.pulsar.client.impl.auth.AuthenticationTls; -import org.apache.pulsar.common.policies.data.ClusterData; -import org.apache.pulsar.common.policies.data.TenantInfo; -import org.testng.annotations.AfterMethod; -import org.testng.annotations.BeforeMethod; - -@Slf4j -public class TlsProducerConsumerBase extends ProducerConsumerBase { - protected final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem"; - protected final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem"; - protected final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem"; - protected final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem"; - protected final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem"; - private final String clusterName = "use"; - - @BeforeMethod - @Override - protected void setup() throws Exception { - // TLS configuration for Broker - internalSetUpForBroker(); - - // Start Broker - super.init(); - } - - @AfterMethod - @Override - protected void cleanup() throws Exception { - super.internalCleanup(); - } - - protected void internalSetUpForBroker() throws Exception { - conf.setBrokerServicePortTls(Optional.of(0)); - conf.setWebServicePortTls(Optional.of(0)); - conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH); - conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH); - conf.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH); - conf.setClusterName(clusterName); - conf.setTlsRequireTrustedClientCertOnConnect(true); - Set tlsProtocols = Sets.newConcurrentHashSet(); - tlsProtocols.add("TLSv1.2"); - conf.setTlsProtocols(tlsProtocols); - conf.setNumExecutorThreadPoolSize(5); - - // load bcfips in - URL bouncyCastleUrl = this.getClass().getClassLoader().getResource("bouncy-castle-bcfips.nar"); - - Path narPath; - try { - narPath = Paths.get(bouncyCastleUrl.toURI()); - } catch (Exception e) { - log.error("failed to get Bouncy Castle FIPS Path, url: {}. Exception: ", bouncyCastleUrl, e); - return; - } - String bcNarDir = narPath.toFile().getParent(); - System.setProperty("BcPath", bcNarDir); - } - - protected void internalSetUpForClient(boolean addCertificates, String lookupUrl) throws Exception { - if (pulsarClient != null) { - pulsarClient.close(); - } - - ClientBuilder clientBuilder = PulsarClient.builder().serviceUrl(lookupUrl) - .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).enableTls(true).allowTlsInsecureConnection(false) - .operationTimeout(1000, TimeUnit.MILLISECONDS); - if (addCertificates) { - Map authParams = new HashMap<>(); - authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH); - authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH); - clientBuilder.authentication(AuthenticationTls.class.getName(), authParams); - } - pulsarClient = clientBuilder.build(); - } - - protected void internalSetUpForNamespace() throws Exception { - Map authParams = new HashMap<>(); - authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH); - authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH); - - if (admin != null) { - admin.close(); - } - - admin = spy(PulsarAdmin.builder().serviceHttpUrl(brokerUrlTls.toString()) - .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).allowTlsInsecureConnection(false) - .authentication(AuthenticationTls.class.getName(), authParams).build()); - admin.clusters().createCluster(clusterName, new ClusterData(brokerUrl.toString(), brokerUrlTls.toString(), - pulsar.getBrokerServiceUrl(), pulsar.getBrokerServiceUrlTls())); - admin.tenants().createTenant("my-property", - new TenantInfo(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet("use"))); - admin.namespaces().createNamespace("my-property/my-ns"); - } -} diff --git a/bouncy-castle/bcfips-nar-test/src/test/java/org/apache/pulsar/client/TlsProducerConsumerTest.java b/bouncy-castle/bcfips-nar-test/src/test/java/org/apache/pulsar/client/TlsProducerConsumerTest.java deleted file mode 100644 index 85ee130e34a83..0000000000000 --- a/bouncy-castle/bcfips-nar-test/src/test/java/org/apache/pulsar/client/TlsProducerConsumerTest.java +++ /dev/null @@ -1,130 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.pulsar.client; - -import java.util.Arrays; -import java.util.concurrent.TimeUnit; -import org.apache.pulsar.client.api.Consumer; -import org.apache.pulsar.client.api.Message; -import org.apache.pulsar.client.api.Producer; -import org.apache.pulsar.client.api.SubscriptionType; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.testng.Assert; -import org.testng.annotations.Test; - -public class TlsProducerConsumerTest extends TlsProducerConsumerBase { - private static final Logger log = LoggerFactory.getLogger(TlsProducerConsumerTest.class); - - /** - * verifies that messages whose size is larger than 2^14 bytes (max size of single TLS chunk) can be - * produced/consumed - * - * @throws Exception - */ - @Test(timeOut = 30000) - public void testTlsLargeSizeMessage() throws Exception { - log.info("-- Starting {} test --", methodName); - - final int MESSAGE_SIZE = 16 * 1024 + 1; - log.info("-- message size --", MESSAGE_SIZE); - - internalSetUpForClient(true, pulsar.getBrokerServiceUrlTls()); - internalSetUpForNamespace(); - - Consumer consumer = pulsarClient.newConsumer().topic("persistent://my-property/use/my-ns/my-topic1") - .subscriptionName("my-subscriber-name").subscribe(); - - Producer producer = pulsarClient.newProducer().topic("persistent://my-property/use/my-ns/my-topic1") - .create(); - for (int i = 0; i < 10; i++) { - byte[] message = new byte[MESSAGE_SIZE]; - Arrays.fill(message, (byte) i); - producer.send(message); - } - - Message msg = null; - for (int i = 0; i < 10; i++) { - msg = consumer.receive(5, TimeUnit.SECONDS); - byte[] expected = new byte[MESSAGE_SIZE]; - Arrays.fill(expected, (byte) i); - Assert.assertEquals(expected, msg.getData()); - } - // Acknowledge the consumption of all messages at once - consumer.acknowledgeCumulative(msg); - consumer.close(); - log.info("-- Exiting {} test --", methodName); - } - - @Test(timeOut = 30000) - public void testTlsClientAuthOverBinaryProtocol() throws Exception { - log.info("-- Starting {} test --", methodName); - - final int MESSAGE_SIZE = 16 * 1024 + 1; - log.info("-- message size --", MESSAGE_SIZE); - internalSetUpForNamespace(); - - // Test 1 - Using TLS on binary protocol without sending certs - expect failure - internalSetUpForClient(false, pulsar.getBrokerServiceUrlTls()); - try { - pulsarClient.newConsumer().topic("persistent://my-property/use/my-ns/my-topic1") - .subscriptionName("my-subscriber-name").subscriptionType(SubscriptionType.Exclusive).subscribe(); - Assert.fail("Server should have failed the TLS handshake since client didn't ."); - } catch (Exception ex) { - // OK - } - - // Test 2 - Using TLS on binary protocol - sending certs - internalSetUpForClient(true, pulsar.getBrokerServiceUrlTls()); - try { - pulsarClient.newConsumer().topic("persistent://my-property/use/my-ns/my-topic1") - .subscriptionName("my-subscriber-name").subscriptionType(SubscriptionType.Exclusive).subscribe(); - } catch (Exception ex) { - Assert.fail("Should not fail since certs are sent."); - } - } - - @Test(timeOut = 30000) - public void testTlsClientAuthOverHTTPProtocol() throws Exception { - log.info("-- Starting {} test --", methodName); - - final int MESSAGE_SIZE = 16 * 1024 + 1; - log.info("-- message size --", MESSAGE_SIZE); - internalSetUpForNamespace(); - - // Test 1 - Using TLS on https without sending certs - expect failure - internalSetUpForClient(false, pulsar.getWebServiceAddressTls()); - try { - pulsarClient.newConsumer().topic("persistent://my-property/use/my-ns/my-topic1") - .subscriptionName("my-subscriber-name").subscriptionType(SubscriptionType.Exclusive).subscribe(); - Assert.fail("Server should have failed the TLS handshake since client didn't ."); - } catch (Exception ex) { - // OK - } - - // Test 2 - Using TLS on https - sending certs - internalSetUpForClient(true, pulsar.getWebServiceAddressTls()); - try { - pulsarClient.newConsumer().topic("persistent://my-property/use/my-ns/my-topic1") - .subscriptionName("my-subscriber-name").subscriptionType(SubscriptionType.Exclusive).subscribe(); - } catch (Exception ex) { - Assert.fail("Should not fail since certs are sent."); - } - } -} diff --git a/bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/broker-cert.pem b/bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/broker-cert.pem deleted file mode 100644 index 69ad71cd0cb46..0000000000000 --- a/bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/broker-cert.pem +++ /dev/null @@ -1,73 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 88:08:98:b3:13:d8:00:97 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=CA, O=Apache, OU=Pulsar Incubator, CN=localhost - Validity - Not Before: Feb 17 02:06:21 2018 GMT - Not After : Nov 16 00:00:00 2030 GMT - Subject: C=US, ST=CA, O=Apache, OU=Apache Pulsar, CN=localhost - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:af:bf:b7:2d:98:ad:9d:f6:da:a3:13:d4:62:0f: - 98:be:1c:a2:89:22:ba:6f:d5:fd:1f:67:e3:91:03: - 98:80:81:0e:ed:d8:f6:70:7f:2c:36:68:3d:53:ea: - 58:3a:a6:d5:89:66:4b:bd:1e:57:71:13:6d:4b:11: - e5:40:a5:76:84:24:92:40:58:80:96:c9:1f:2c:c4: - 55:eb:a3:79:73:70:5c:37:9a:89:ed:2f:ba:6b:e3: - 82:7c:69:4a:02:54:8b:81:5e:3c:bf:4c:8a:cb:ea: - 2c:5e:83:e7:b7:10:08:5f:82:58:a3:89:d1:da:92: - ba:2a:28:ee:30:28:3f:5b:ae:10:71:96:c7:e1:12: - c5:b0:1a:ad:44:6f:44:3a:11:4a:9a:3c:0f:8d:06: - 80:7b:34:ef:3f:6c:f4:5e:c5:44:54:1e:c8:dd:c7: - 80:85:80:d9:68:e6:c6:53:03:77:e1:fe:18:61:07: - 77:05:4c:ed:59:bc:5d:41:38:6a:ef:5d:a1:b2:60: - 98:d4:48:28:95:02:8a:0e:fd:cf:7b:1b:d2:11:cc: - 10:0c:50:73:d7:cc:38:6c:83:dd:79:26:aa:90:c8: - 9b:84:86:bc:59:e9:62:69:f4:98:1b:c4:80:78:7e: - a0:1a:81:9d:d2:e1:66:dd:c4:cc:fc:63:04:ac:ec: - a7:35 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - D3:F3:19:AE:74:B1:AF:E7:AF:08:7B:16:72:78:29:87:79:ED:30:8C - X509v3 Authority Key Identifier: - keyid:D4:7A:CD:0F:44:1B:16:29:25:14:ED:A2:EF:13:0F:A7:46:09:78:F6 - - Signature Algorithm: sha1WithRSAEncryption - 0f:04:f3:91:f2:87:19:fe:9d:f8:34:5a:24:4a:00:d1:58:bf: - 1e:b2:77:67:07:bc:78:b5:4b:9a:4b:fd:a1:e5:dc:0e:09:84: - 9e:59:c4:dd:cf:f7:2e:bf:da:f3:31:36:6b:81:6e:a2:88:76: - e4:2e:0b:36:44:82:36:8f:80:93:f4:9e:fc:ed:85:d0:97:da: - 0f:fb:c9:b9:8b:da:ae:07:3d:4f:82:b7:0c:25:22:63:12:6b: - 0a:e9:c4:12:a4:5c:ed:11:12:cc:fe:b0:2e:d4:c1:ec:79:01: - 60:ea:cc:cc:e5:66:cc:57:f6:55:a9:09:4c:63:01:e9:b4:2e: - 73:a5 ------BEGIN CERTIFICATE----- -MIIDLjCCApegAwIBAgIJAIgImLMT2ACXMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV -BAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEChMGQXBhY2hlMRkwFwYDVQQLExBQ -dWxzYXIgSW5jdWJhdG9yMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTgwMjE3MDIw -NjIxWhcNMzAxMTE2MDAwMDAwWjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex -DzANBgNVBAoTBkFwYWNoZTEWMBQGA1UECxMNQXBhY2hlIFB1bHNhcjESMBAGA1UE -AxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7+3 -LZitnfbaoxPUYg+YvhyiiSK6b9X9H2fjkQOYgIEO7dj2cH8sNmg9U+pYOqbViWZL -vR5XcRNtSxHlQKV2hCSSQFiAlskfLMRV66N5c3BcN5qJ7S+6a+OCfGlKAlSLgV48 -v0yKy+osXoPntxAIX4JYo4nR2pK6KijuMCg/W64QcZbH4RLFsBqtRG9EOhFKmjwP -jQaAezTvP2z0XsVEVB7I3ceAhYDZaObGUwN34f4YYQd3BUztWbxdQThq712hsmCY -1EgolQKKDv3PexvSEcwQDFBz18w4bIPdeSaqkMibhIa8WeliafSYG8SAeH6gGoGd -0uFm3cTM/GMErOynNQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf -Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU0/MZrnSx -r+evCHsWcngph3ntMIwwHwYDVR0jBBgwFoAU1HrND0QbFiklFO2i7xMPp0YJePYw -DQYJKoZIhvcNAQEFBQADgYEADwTzkfKHGf6d+DRaJEoA0Vi/HrJ3Zwe8eLVLmkv9 -oeXcDgmEnlnE3c/3Lr/a8zE2a4Fuooh25C4LNkSCNo+Ak/Se/O2F0JfaD/vJuYva -rgc9T4K3DCUiYxJrCunEEqRc7RESzP6wLtTB7HkBYOrMzOVmzFf2VakJTGMB6bQu -c6U= ------END CERTIFICATE----- diff --git a/bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/broker-key.pem b/bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/broker-key.pem deleted file mode 100644 index 004bf8e21a7a9..0000000000000 --- a/bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/broker-key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCvv7ctmK2d9tqj -E9RiD5i+HKKJIrpv1f0fZ+ORA5iAgQ7t2PZwfyw2aD1T6lg6ptWJZku9HldxE21L -EeVApXaEJJJAWICWyR8sxFXro3lzcFw3montL7pr44J8aUoCVIuBXjy/TIrL6ixe -g+e3EAhfglijidHakroqKO4wKD9brhBxlsfhEsWwGq1Eb0Q6EUqaPA+NBoB7NO8/ -bPRexURUHsjdx4CFgNlo5sZTA3fh/hhhB3cFTO1ZvF1BOGrvXaGyYJjUSCiVAooO -/c97G9IRzBAMUHPXzDhsg915JqqQyJuEhrxZ6WJp9JgbxIB4fqAagZ3S4WbdxMz8 -YwSs7Kc1AgMBAAECggEAAaWEK9MwXTiA1+JJrRmETtOp2isPIBkbI/4vLZ6hASM0 -ZpoPxQIMAf58BJs/dF03xu/EaeMs4oxSC9ABG9fxAk/tZtjta3w65Ip6W5jOfHxj -AMpb3HMEBhq9kDjUTq1IGVAutYQcEMkC3WfS9e4ahfqMpguWgbu6LsbvZFgcL9mv -pGnKv9YVe6Xk6isvqtq6G1af0rd7c//xF0i0e/qEo83Buok3gLEZOELZbcRxjUYc -jnyglnXnwkGjuL4E3wgS3l73ZKsb6+AYoqhMPVz8t4/PN3tTrsBJKOSYo8KzIm0U -ek9T8XmPbP0cuheRxp9Dp8TXJJQZK0N9jz+EL0ogQQKBgQDnavm8GpR4pap9cDOc -+YI5s823b507pNdSU8elO9gLsP0JlFzv+sqghVko29r85D7Vn3MkgYTy0S4ANLCs -0NFDY8N2QH6U1dTkk1QXZydVZDuKJ5SSpC4v+Vafl8yDxhB4Nlxhbm9vJEMfLcXh -2kL6UlAuFDtYD0AdczwnHu5DjQKBgQDCauocm55FpcyDMMBO2CjurxcjBYS3S1xT -Bz+sPtxJLjlKbAt8kSHUQcCcX9zhrQBfsT38LATCmKaOFqUW5/PPh2LcrxiMqlL1 -OJBUJ3Te2LTjlUn8r+DHv/69UIh5tchwRr3YgB0DuIs7jfmr4VfiOWTBtPVhoGFR -1Wt60j30SQKBgHzreS26J2VNAFBALgxRf6OIVMbtgDG/FOCDCyU9vazp+F2gcd61 -QYYPFYcBzx9uUiDctroBFHRCyJMh3jEbc6ruAogl3m6XUxmkEeOkMk5dEerM3N2f -tLL+5Gy385U6aI+LwKhzhcG4EGeXPNdjC362ykNldnddnB2Jo/H2N2XNAoGAdnft -xpbxP+GDGKIZXTIM5zzcLWQMdiC+1n1BSHVZiGJZWMczzKknYw7aDq+/iekApE79 -xW8RS373ZvfXi3i2Mcx+6pjrrbOQL4tTL2SHq8+DknaDCi4mG7IbyUKMlxW1WO1S -e929UGogtZ6S+DCte9WbVwosyFuRUetpvgLk67kCgYBWetihZjgBWrqVYT24TTRH -KxzSzH1JgzzF9qgTdlhXDv9hC+Kc0uTKsgViesDqVuCOjkwzY5OQr9c6duO0fwwP -qNk/qltdgjMC5iiv7duyukfbEuqKEdGGer9HFb7en96dZdVQJpYHaaslAGurtD80 -ejCQZgzR2XaHSuIQb0IUVQ== ------END PRIVATE KEY----- diff --git a/bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/cacert.pem b/bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/cacert.pem deleted file mode 100644 index 55e9067458aa6..0000000000000 --- a/bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/cacert.pem +++ /dev/null @@ -1,62 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 88:08:98:b3:13:d8:00:94 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=CA, O=Apache, OU=Pulsar Incubator, CN=localhost - Validity - Not Before: Feb 17 01:37:33 2018 GMT - Not After : Feb 16 01:37:33 2021 GMT - Subject: C=US, ST=CA, O=Apache, OU=Pulsar Incubator, CN=localhost - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (1024 bit) - Modulus (1024 bit): - 00:ea:16:8d:a5:b1:19:61:34:54:07:02:60:4e:6d: - 54:92:08:fd:fb:23:79:9c:05:bf:14:f7:bc:aa:db: - 2b:42:a4:35:74:86:e3:00:ad:8b:18:79:73:7d:f2: - d1:74:dd:74:bc:b8:a2:4c:80:c9:f3:80:ce:bf:f8: - 6d:97:f5:05:4f:f4:b2:99:50:e8:d8:b0:c4:57:a0: - e7:dc:82:57:75:2a:a2:02:21:76:f7:37:c2:dc:7c: - 4c:36:a6:73:6f:dc:75:48:72:ad:fa:98:02:70:b2: - 5e:a2:83:cc:c3:8d:20:a7:1e:bc:d7:1e:c1:d1:7e: - 39:35:4b:f5:be:6b:c1:0f:f9 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - D4:7A:CD:0F:44:1B:16:29:25:14:ED:A2:EF:13:0F:A7:46:09:78:F6 - X509v3 Authority Key Identifier: - keyid:D4:7A:CD:0F:44:1B:16:29:25:14:ED:A2:EF:13:0F:A7:46:09:78:F6 - DirName:/C=US/ST=CA/O=Apache/OU=Pulsar Incubator/CN=localhost - serial:88:08:98:B3:13:D8:00:94 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - 5e:30:c5:7b:30:3e:1e:16:cd:ba:66:f1:2a:19:13:8a:1a:00: - 08:f4:1e:8c:e4:3d:57:13:65:96:bf:07:58:55:52:37:3e:aa: - 2c:19:de:ee:c3:92:6e:79:f3:06:0e:9a:7b:e0:02:50:c3:ef: - 3b:84:ea:8f:e0:f0:16:a6:a6:67:8b:be:73:0e:5d:f7:88:39: - d3:d4:df:85:ad:7c:c1:4f:fa:55:55:6f:c2:48:4e:8e:82:fa: - 72:3b:8e:9d:dc:f7:2e:9d:47:8e:e5:c9:a2:ee:b1:76:94:15: - 7c:7a:62:bc:06:45:fa:61:2e:33:8c:18:3e:e9:d5:90:a5:a6: - 80:5a ------BEGIN CERTIFICATE----- -MIIC8jCCAlugAwIBAgIJAIgImLMT2ACUMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV -BAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEChMGQXBhY2hlMRkwFwYDVQQLExBQ -dWxzYXIgSW5jdWJhdG9yMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTgwMjE3MDEz -NzMzWhcNMjEwMjE2MDEzNzMzWjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex -DzANBgNVBAoTBkFwYWNoZTEZMBcGA1UECxMQUHVsc2FyIEluY3ViYXRvcjESMBAG -A1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqFo2l -sRlhNFQHAmBObVSSCP37I3mcBb8U97yq2ytCpDV0huMArYsYeXN98tF03XS8uKJM -gMnzgM6/+G2X9QVP9LKZUOjYsMRXoOfcgld1KqICIXb3N8LcfEw2pnNv3HVIcq36 -mAJwsl6ig8zDjSCnHrzXHsHRfjk1S/W+a8EP+QIDAQABo4G/MIG8MB0GA1UdDgQW -BBTUes0PRBsWKSUU7aLvEw+nRgl49jCBjAYDVR0jBIGEMIGBgBTUes0PRBsWKSUU -7aLvEw+nRgl49qFepFwwWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQ8wDQYD -VQQKEwZBcGFjaGUxGTAXBgNVBAsTEFB1bHNhciBJbmN1YmF0b3IxEjAQBgNVBAMT -CWxvY2FsaG9zdIIJAIgImLMT2ACUMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF -BQADgYEAXjDFezA+HhbNumbxKhkTihoACPQejOQ9VxNllr8HWFVSNz6qLBne7sOS -bnnzBg6ae+ACUMPvO4Tqj+DwFqamZ4u+cw5d94g509Tfha18wU/6VVVvwkhOjoL6 -cjuOndz3Lp1HjuXJou6xdpQVfHpivAZF+mEuM4wYPunVkKWmgFo= ------END CERTIFICATE----- diff --git a/bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/client-cert.pem b/bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/client-cert.pem deleted file mode 100644 index 61847f2e6128a..0000000000000 --- a/bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/client-cert.pem +++ /dev/null @@ -1,73 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 88:08:98:b3:13:d8:00:99 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=CA, O=Apache, OU=Pulsar Incubator, CN=localhost - Validity - Not Before: Feb 17 02:50:05 2018 GMT - Not After : Nov 16 00:00:00 2030 GMT - Subject: C=US, ST=CA, O=Apache, OU=Apache Pulsar, CN=superUser - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:cd:43:7d:98:40:f9:b0:5b:bc:ae:db:c0:0b:ad: - 26:90:96:e0:62:38:ed:68:b1:70:46:3b:de:44:f9: - 14:51:86:10:eb:ca:90:e7:88:e8:f9:91:85:e0:dd: - b5:b4:14:b9:78:e3:86:d5:54:6d:68:ec:14:92:b4: - f8:22:5b:05:3d:ed:31:25:65:08:05:84:ca:e6:0c: - 21:12:58:32:c7:1a:60:a3:4f:d2:4a:9e:28:19:7c: - 45:84:00:8c:89:dc:de:8a:e5:4f:88:91:cc:a4:f1: - 81:45:4c:7d:c2:ff:e2:c1:89:c6:12:73:95:e2:36: - bd:db:ae:8b:5a:68:6a:90:51:de:2b:88:5f:aa:67: - f4:a8:e3:63:dc:be:19:82:cc:9d:7f:e6:8d:fb:82: - be:22:01:3d:56:13:3b:5b:04:b4:e8:c5:18:e6:2e: - 0d:fa:ba:4a:8d:e8:c6:5a:a1:51:9a:4a:62:d7:af: - dd:b4:fc:e2:d5:cd:ae:99:6c:5c:61:56:0b:d7:0c: - 1a:77:5c:f5:3a:6a:54:b5:9e:33:ac:a9:75:28:9a: - 76:af:d0:7a:57:00:1b:91:13:31:fd:42:88:21:47: - 05:10:01:2f:59:bb:c7:3a:d9:e1:58:4c:1b:6c:71: - b6:98:ef:dd:03:82:58:a3:32:dc:90:a1:b6:a6:1e: - e1:0b - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - 53:7C:D5:D1:52:97:9A:D6:D5:EA:EC:B6:0C:9B:43:39:19:73:F6:2C - X509v3 Authority Key Identifier: - keyid:D4:7A:CD:0F:44:1B:16:29:25:14:ED:A2:EF:13:0F:A7:46:09:78:F6 - - Signature Algorithm: sha1WithRSAEncryption - e4:03:82:ff:be:df:7c:73:2a:c5:8f:7d:87:ab:95:b1:2b:e5: - f7:41:22:4f:28:54:84:7a:cc:fe:70:89:0f:48:e5:8a:17:e1: - 44:ad:12:e9:a1:3a:c7:84:55:f0:7c:29:52:0a:a1:ab:cc:5b: - 31:e5:b2:37:73:3a:8d:f2:f1:fb:e8:f6:a2:b9:ef:11:10:f8: - 31:43:8f:af:ce:09:f4:cb:96:0e:d4:58:42:6e:86:ab:b9:03: - 19:8b:4a:6e:ef:50:c0:7e:c9:0b:1d:2b:42:bf:eb:d0:06:05: - 84:ea:5a:8a:22:5c:56:fa:da:2a:9f:8a:b2:90:66:8c:5e:01: - 87:45 ------BEGIN CERTIFICATE----- -MIIDLjCCApegAwIBAgIJAIgImLMT2ACZMA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV -BAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEChMGQXBhY2hlMRkwFwYDVQQLExBQ -dWxzYXIgSW5jdWJhdG9yMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTgwMjE3MDI1 -MDA1WhcNMzAxMTE2MDAwMDAwWjBXMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex -DzANBgNVBAoTBkFwYWNoZTEWMBQGA1UECxMNQXBhY2hlIFB1bHNhcjESMBAGA1UE -AxMJc3VwZXJVc2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUN9 -mED5sFu8rtvAC60mkJbgYjjtaLFwRjveRPkUUYYQ68qQ54jo+ZGF4N21tBS5eOOG -1VRtaOwUkrT4IlsFPe0xJWUIBYTK5gwhElgyxxpgo0/SSp4oGXxFhACMidzeiuVP -iJHMpPGBRUx9wv/iwYnGEnOV4ja9266LWmhqkFHeK4hfqmf0qONj3L4Zgsydf+aN -+4K+IgE9VhM7WwS06MUY5i4N+rpKjejGWqFRmkpi16/dtPzi1c2umWxcYVYL1wwa -d1z1OmpUtZ4zrKl1KJp2r9B6VwAbkRMx/UKIIUcFEAEvWbvHOtnhWEwbbHG2mO/d -A4JYozLckKG2ph7hCwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf -Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUU3zV0VKX -mtbV6uy2DJtDORlz9iwwHwYDVR0jBBgwFoAU1HrND0QbFiklFO2i7xMPp0YJePYw -DQYJKoZIhvcNAQEFBQADgYEA5AOC/77ffHMqxY99h6uVsSvl90EiTyhUhHrM/nCJ -D0jlihfhRK0S6aE6x4RV8HwpUgqhq8xbMeWyN3M6jfLx++j2ornvERD4MUOPr84J -9MuWDtRYQm6Gq7kDGYtKbu9QwH7JCx0rQr/r0AYFhOpaiiJcVvraKp+KspBmjF4B -h0U= ------END CERTIFICATE----- diff --git a/bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/client-key.pem b/bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/client-key.pem deleted file mode 100644 index 3835b3eacccc0..0000000000000 --- a/bouncy-castle/bcfips-nar-test/src/test/resources/authentication/tls/client-key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDNQ32YQPmwW7yu -28ALrSaQluBiOO1osXBGO95E+RRRhhDrypDniOj5kYXg3bW0FLl444bVVG1o7BSS -tPgiWwU97TElZQgFhMrmDCESWDLHGmCjT9JKnigZfEWEAIyJ3N6K5U+Ikcyk8YFF -TH3C/+LBicYSc5XiNr3brotaaGqQUd4riF+qZ/So42PcvhmCzJ1/5o37gr4iAT1W -EztbBLToxRjmLg36ukqN6MZaoVGaSmLXr920/OLVza6ZbFxhVgvXDBp3XPU6alS1 -njOsqXUomnav0HpXABuREzH9QoghRwUQAS9Zu8c62eFYTBtscbaY790DglijMtyQ -obamHuELAgMBAAECggEBALGnokJuqiz7mTj2NSdl+6TVEOuyPbiJKpV/J4cm1XEh -ye9qaTQcCRhH3UmcWrG75jM9KevloLRY8A1x1/lUMhtA+XJWGTU9k6a8BLut3nT4 -3X87jNTMQgSczEXNe9WudmZcxhN7rVVtOOdTpt1pP0cnCWna5HTf0D8cuLvM975j -r1YGTjKsCF1W+tp6ZAIIMfJkUI2qBRKvSxVCSs1vZBraox3yUVnq9oRLHxZZoqOd -d51G5phRtn6ReVPBdT8fGUBEGg3jKxTu2/vLQMUyHy0hyCAM20gzOP4FIc2g+QZU -y42byAuc89m0OrdRWsmzHCOxcq9DwY9npaz1RscR/2ECgYEA9bHJQ0Y1afpS5gn2 -KnXenRIw9oal1utQZnohCEJ4um+K/BCEHtDnI825LPNf34IKM2rSmssvHrYN51o0 -92j9lHHXsf6MVluwsTsIu8MtNaJ1BLt96dub4ScGT6vvzObKTwsajUfIHk+FNsKq -zps8yh1q0qyyfAcvR82+Xr6JIsMCgYEA1d+RHGewi/Ub/GCG99A1KFKsgbiIJnWB -IFmrcyPWignhzDUcw2SV9XqAzeK8EOIHNq3e5U/tkA7aCWxtLb5UsQ8xvmwQY2cy -X2XvSdIhO4K2PgRLgjlzZ8RHSULglqyjB2i6TjwjFl8TsRzYr6JlV6+2cMujw4Bl -g3a8gz071BkCgYBLP7BMkmw5kRliqxph1sffg3rLhmG0eU2elTkYtoMTVqZSnRxZ -89FW/eMBCWkLo2BMbyMhlalQ1qFbgh1GyTkhBdzx/uwsZtiu7021dAmcq6z7ThE6 -VrBfPPyJ2jcPon/DxbrUGnAIGILMSsLVlGYB4RCehZYEto6chz8O9Xw60QKBgCnd -us1BqviqwZC04JbQJie/j09RbS2CIQXRJ9PBNzUMXCwaVYgWP5ivI1mqQcBYTqsw -fAqNi+aAUcQ4emLS+Ec0vzsUclzTDbRJAv+DZ8f7fWtEcfeLAYFVldLMiaRVJRDF -OnsoIII3mGY6TFyNQKNanS8VXfheQQDsFFjoera5AoGBALXYEXkESXpw4LT6qJFz -ktQuTZDfS6LtR14/+NkYL9c5wBC4Otkg4bNbT8xGlUjethRfpkm8xRTB6zfC1/p/ -Cg6YU1cwqlkRurAhE3PEv1dCc1IDbzou8xnwqHrd6sGPDQmQ3aEtU5eJhDZKIZfx -nQqPGK92+Jtne7+W1mFZooxs ------END PRIVATE KEY----- diff --git a/bouncy-castle/bcfips/pom.xml b/bouncy-castle/bcfips/pom.xml index 89bf335906f9a..871563f5a1986 100644 --- a/bouncy-castle/bcfips/pom.xml +++ b/bouncy-castle/bcfips/pom.xml @@ -55,11 +55,6 @@ - - org.apache.nifi - nifi-nar-maven-plugin - - de.ntcomputer diff --git a/bouncy-castle/pom.xml b/bouncy-castle/pom.xml index ff333c451d630..0489f91f891a6 100644 --- a/bouncy-castle/pom.xml +++ b/bouncy-castle/pom.xml @@ -40,6 +40,5 @@ bcfips-include-test - bcfips-nar-test diff --git a/pulsar-common/src/main/java/org/apache/pulsar/common/util/SearchBcNarUtils.java b/pulsar-common/src/main/java/org/apache/pulsar/common/util/SearchBcNarUtils.java deleted file mode 100644 index 59bd652d9804f..0000000000000 --- a/pulsar-common/src/main/java/org/apache/pulsar/common/util/SearchBcNarUtils.java +++ /dev/null @@ -1,118 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.pulsar.common.util; - -import java.io.File; -import java.io.IOException; -import java.nio.file.DirectoryStream; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.security.Provider; -import java.util.Collections; -import java.util.Iterator; -import java.util.concurrent.CompletableFuture; -import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang3.StringUtils; -import org.apache.pulsar.common.nar.NarClassLoader; - -/** - * Utils to load one Bouncy Castle Provider. - * Prefered: `org.bouncycastle.jce.provider.BouncyCastleProvider` - * or: `org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider`. - */ -@Slf4j -public class SearchBcNarUtils { - private static final String BC_DEF_NAME = "bouncy-castle.yaml"; - - /** - * Extract the Bouncy Castle Provider class from a archive path. - * Search the path, and should only have 1 nar in the path. - * - * @param loaderDirectory nar package path - * @return the Bouncy Castle Provider class name - * @throws IOException when fail to retrieve the pulsar offloader class - */ - static Provider getBcProvider(String loaderDirectory) throws IOException { - Path path = Paths.get(loaderDirectory).toAbsolutePath(); - log.info("Searching for Bouncy Castle Loader in {}", path); - if (!path.toFile().exists()) { - log.warn("Bouncy Castle Loader archive directory not found"); - return null; - } - - try (DirectoryStream stream = Files.newDirectoryStream(path, "*.nar")) { - try { - Iterator iterator = stream.iterator(); - String narPath = iterator.next().toString(); - - NarClassLoader ncl = NarClassLoader.getFromArchive( - new File(narPath), - Collections.emptySet(), - BCLoader.class.getClassLoader(), NarClassLoader.DEFAULT_NAR_EXTRACTION_DIR); - String configStr = ncl.getServiceDefinition(BC_DEF_NAME); - - BcNarDefinition nar = ObjectMapperFactory.getThreadLocalYaml() - .readValue(configStr, BcNarDefinition.class); - - if (StringUtils.isEmpty(nar.getBcLoaderClass())) { - throw new IOException( - String.format("The '%s' not provided a Bouncy Castle Loader in nar yaml file", - nar.getName())); - } - - Class loaderClass = ncl.loadClass(nar.getBcLoaderClass()); - CompletableFuture loadFuture = new CompletableFuture<>(); - Thread loadingThread = new Thread(() -> { - Thread.currentThread().setContextClassLoader(ncl); - try { - Object loader = loaderClass.newInstance(); - if (!(loader instanceof BCLoader)) { - throw new IOException("Class " + nar.getBcLoaderClass() + " not a impl of " - + BCLoader.class.getName()); - } - - Provider provider = ((BCLoader) loader).getProvider(); - if (log.isDebugEnabled()) { - log.debug("Found Bouncy Castle loader {} from {}, provider: {}", - loader.getClass().getCanonicalName(), path, provider.getName()); - } - loadFuture.complete(provider); - } catch (Throwable t) { - log.error("Failed to load Bouncy Castle Provider ", t); - loadFuture.completeExceptionally(t); - } - }, "load-factory-" + loaderClass); - try { - loadingThread.start(); - Provider ret = loadFuture.get(); - if (iterator.hasNext()) { - throw new RuntimeException("Should only have 1 Bouncy Castle Provider nar provided"); - } - return ret; - } finally { - loadingThread.join(); - } - } catch (Throwable t) { - log.error("Failed to load Bouncy Castle Provider with error", t); - throw new RuntimeException(t); - } - } - } -} diff --git a/pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java b/pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java index 2e3633db6d9b0..aba2f929f1c27 100644 --- a/pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java +++ b/pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java @@ -102,14 +102,7 @@ public static Provider getProvider() { return getBCProviderFromClassPath(); } catch (Exception e) { log.warn("Not able to get Bouncy Castle provider for both FIPS and Non-FIPS from class path:", e); - } - - // failed to get from class path. try to get from Nar file. - try { - // User need set the bc nar path in java env. - return SearchBcNarUtils.getBcProvider(System.getProperty("BcPath")); - } catch (IOException ioe) { - throw new RuntimeException(ioe); + throw new RuntimeException(e); } } From 264ac78778b588437547c2a4f9a23c28bff3bbe4 Mon Sep 17 00:00:00 2001 From: Jia Zhai Date: Wed, 21 Oct 2020 22:20:02 +0800 Subject: [PATCH 10/13] fix licence, fix error brings in #7640 --- distribution/server/pom.xml | 8 ++++++++ distribution/server/src/assemble/LICENSE.bin.txt | 6 +++--- pulsar-broker/pom.xml | 15 ++++++++------- pulsar-client-all/pom.xml | 7 +++++++ pulsar-client-messagecrypto-bc/pom.xml | 1 + pulsar-client-shaded/pom.xml | 7 +++++++ pulsar-client/pom.xml | 1 + pulsar-discovery-service/pom.xml | 8 +------- pulsar-sql/presto-distribution/LICENSE | 6 +++--- pulsar-testclient/pom.xml | 9 +++++++++ 10 files changed, 48 insertions(+), 20 deletions(-) diff --git a/distribution/server/pom.xml b/distribution/server/pom.xml index 151d5058de212..66af231eae5ab 100644 --- a/distribution/server/pom.xml +++ b/distribution/server/pom.xml @@ -40,6 +40,14 @@ ${project.version} + + ${project.groupId} + bouncy-castle-bc + ${project.version} + pkg + true + + ${project.groupId} pulsar-discovery-service diff --git a/distribution/server/src/assemble/LICENSE.bin.txt b/distribution/server/src/assemble/LICENSE.bin.txt index b2f920dc0fae0..0f0ace0b4fbb0 100644 --- a/distribution/server/src/assemble/LICENSE.bin.txt +++ b/distribution/server/src/assemble/LICENSE.bin.txt @@ -585,9 +585,9 @@ Creative Commons Attribution License Bouncy Castle License * Bouncy Castle -- licenses/LICENSE-bouncycastle.txt - - org.bouncycastle-bcpkix-jdk15on-1.60.jar - - org.bouncycastle-bcprov-ext-jdk15on-1.60.jar - - org.bouncycastle-bcprov-jdk15on-1.60.jar + - org.bouncycastle-bcpkix-jdk15on-1.66.jar + - org.bouncycastle-bcprov-ext-jdk15on-1.66.jar + - org.bouncycastle-bcprov-jdk15on-1.66.jar ------------------------ diff --git a/pulsar-broker/pom.xml b/pulsar-broker/pom.xml index 0557a8eb46fb1..97290a428f21f 100644 --- a/pulsar-broker/pom.xml +++ b/pulsar-broker/pom.xml @@ -77,6 +77,14 @@ ${project.version} + + ${project.groupId} + bouncy-castle-bc + ${project.version} + pkg + true + + ${project.groupId} pulsar-discovery-service @@ -333,13 +341,6 @@ - - org.bouncycastle - bc-fips - ${bouncycastlefips.version} - test - - diff --git a/pulsar-client-all/pom.xml b/pulsar-client-all/pom.xml index 1ebfc709dffff..83a259791b349 100644 --- a/pulsar-client-all/pom.xml +++ b/pulsar-client-all/pom.xml @@ -49,6 +49,13 @@ ${project.parent.version} true + + ${project.groupId} + bouncy-castle-bc + ${project.parent.version} + pkg + true + diff --git a/pulsar-client-messagecrypto-bc/pom.xml b/pulsar-client-messagecrypto-bc/pom.xml index 00e2b6d5ddf5f..389c3ce1eaeb2 100644 --- a/pulsar-client-messagecrypto-bc/pom.xml +++ b/pulsar-client-messagecrypto-bc/pom.xml @@ -46,6 +46,7 @@ bouncy-castle-bc ${project.parent.version} pkg + true diff --git a/pulsar-client-shaded/pom.xml b/pulsar-client-shaded/pom.xml index 22bebe1b26f5d..1095d60e0408c 100644 --- a/pulsar-client-shaded/pom.xml +++ b/pulsar-client-shaded/pom.xml @@ -44,6 +44,13 @@ ${project.version} true + + ${project.groupId} + bouncy-castle-bc + ${project.version} + pkg + true + diff --git a/pulsar-client/pom.xml b/pulsar-client/pom.xml index 728fcf44b0de6..f93fffa36a406 100644 --- a/pulsar-client/pom.xml +++ b/pulsar-client/pom.xml @@ -56,6 +56,7 @@ bouncy-castle-bc ${project.parent.version} pkg + true diff --git a/pulsar-discovery-service/pom.xml b/pulsar-discovery-service/pom.xml index 1e4effcdae679..7196c2341b86c 100644 --- a/pulsar-discovery-service/pom.xml +++ b/pulsar-discovery-service/pom.xml @@ -67,6 +67,7 @@ bouncy-castle-bc ${project.version} pkg + true @@ -134,13 +135,6 @@ javax.activation - - org.bouncycastle - bc-fips - ${bouncycastlefips.version} - test - - ${project.groupId} testmocks diff --git a/pulsar-sql/presto-distribution/LICENSE b/pulsar-sql/presto-distribution/LICENSE index 155567c6eb56c..54f00914dc106 100644 --- a/pulsar-sql/presto-distribution/LICENSE +++ b/pulsar-sql/presto-distribution/LICENSE @@ -561,7 +561,7 @@ Creative Commons Attribution License Bouncy Castle License * Bouncy Castle -- licenses/LICENSE-bouncycastle.txt - - bcpkix-jdk15on-1.60.jar - - bcprov-ext-jdk15on-1.60.jar - - bcprov-jdk15on-1.60.jar + - bcpkix-jdk15on-1.66.jar + - bcprov-ext-jdk15on-1.66.jar + - bcprov-jdk15on-1.66.jar - bouncy-castle-bc-2.7.0-SNAPSHOT-pkg.jar diff --git a/pulsar-testclient/pom.xml b/pulsar-testclient/pom.xml index 21c293b53ac3c..97c55b1a7b3e7 100644 --- a/pulsar-testclient/pom.xml +++ b/pulsar-testclient/pom.xml @@ -63,6 +63,15 @@ ${project.groupId} pulsar-client-messagecrypto-bc ${project.version} + true + + + + ${project.groupId} + bouncy-castle-bc + ${project.version} + pkg + true From a3b57ec3a6cc86f2b8c679496f717479c216b814 Mon Sep 17 00:00:00 2001 From: Jia Zhai Date: Thu, 22 Oct 2020 00:02:48 +0800 Subject: [PATCH 11/13] add bc when broker/client is referenced in pom --- pulsar-broker-shaded/pom.xml | 7 ++++++ .../pulsar-client-kafka-tests/pom.xml | 8 +++++++ .../pulsar-client-kafka-tests_0_8/pom.xml | 8 +++++++ .../pulsar-client-kafka-tests_0_9/pom.xml | 8 +++++++ .../pulsar-client-kafka_0_8/pom.xml | 7 ++++++ pulsar-functions/worker/pom.xml | 22 ++++++------------- pulsar-io/debezium/core/pom.xml | 7 ++++++ pulsar-io/kafka-connect-adaptor/pom.xml | 7 ++++++ tests/pulsar-storm-test/pom.xml | 10 ++++++++- 9 files changed, 68 insertions(+), 16 deletions(-) diff --git a/pulsar-broker-shaded/pom.xml b/pulsar-broker-shaded/pom.xml index 66c44b17eb4e6..de0a216244f74 100644 --- a/pulsar-broker-shaded/pom.xml +++ b/pulsar-broker-shaded/pom.xml @@ -40,6 +40,13 @@ pulsar-broker ${project.parent.version} + + ${project.groupId} + bouncy-castle-bc + ${project.parent.version} + pkg + true + diff --git a/pulsar-client-kafka-compat/pulsar-client-kafka-tests/pom.xml b/pulsar-client-kafka-compat/pulsar-client-kafka-tests/pom.xml index 779891828e83f..3705ce4c1b515 100644 --- a/pulsar-client-kafka-compat/pulsar-client-kafka-tests/pom.xml +++ b/pulsar-client-kafka-compat/pulsar-client-kafka-tests/pom.xml @@ -50,6 +50,14 @@ test + + ${project.groupId} + bouncy-castle-bc + ${project.version} + pkg + test + + ${project.groupId} pulsar-broker diff --git a/pulsar-client-kafka-compat/pulsar-client-kafka-tests_0_8/pom.xml b/pulsar-client-kafka-compat/pulsar-client-kafka-tests_0_8/pom.xml index 9ae65bfc6dbea..d485872b8d1a6 100644 --- a/pulsar-client-kafka-compat/pulsar-client-kafka-tests_0_8/pom.xml +++ b/pulsar-client-kafka-compat/pulsar-client-kafka-tests_0_8/pom.xml @@ -50,6 +50,14 @@ test + + ${project.groupId} + bouncy-castle-bc + ${project.version} + pkg + test + + ${project.groupId} pulsar-broker diff --git a/pulsar-client-kafka-compat/pulsar-client-kafka-tests_0_9/pom.xml b/pulsar-client-kafka-compat/pulsar-client-kafka-tests_0_9/pom.xml index ef90448f40fcc..9c0df850977f5 100644 --- a/pulsar-client-kafka-compat/pulsar-client-kafka-tests_0_9/pom.xml +++ b/pulsar-client-kafka-compat/pulsar-client-kafka-tests_0_9/pom.xml @@ -50,6 +50,14 @@ test + + ${project.groupId} + bouncy-castle-bc + ${project.version} + pkg + test + + ${project.groupId} pulsar-broker diff --git a/pulsar-client-kafka-compat/pulsar-client-kafka_0_8/pom.xml b/pulsar-client-kafka-compat/pulsar-client-kafka_0_8/pom.xml index bb5fbbf158dd7..4dee850964e7b 100644 --- a/pulsar-client-kafka-compat/pulsar-client-kafka_0_8/pom.xml +++ b/pulsar-client-kafka-compat/pulsar-client-kafka_0_8/pom.xml @@ -84,6 +84,13 @@ ${project.version} + + ${project.groupId} + bouncy-castle-bc + ${project.version} + pkg + + org.apache.commons commons-lang3 diff --git a/pulsar-functions/worker/pom.xml b/pulsar-functions/worker/pom.xml index d6e90bbcdff6f..2c4f1485b421d 100644 --- a/pulsar-functions/worker/pom.xml +++ b/pulsar-functions/worker/pom.xml @@ -44,21 +44,6 @@ ${project.groupId} pulsar-functions-runtime ${project.version} - - - - org.bouncycastle - bcpkix-jdk15on - - - org.bouncycastle - bcprov-jdk15on - - - org.bouncycastle - bcprov-ext-jdk15on - - @@ -67,6 +52,13 @@ ${project.version} + + ${project.groupId} + bouncy-castle-bc + ${project.version} + pkg + + ${project.groupId} pulsar-client-admin-original diff --git a/pulsar-io/debezium/core/pom.xml b/pulsar-io/debezium/core/pom.xml index 3747756871740..fb4dcc8e7722f 100644 --- a/pulsar-io/debezium/core/pom.xml +++ b/pulsar-io/debezium/core/pom.xml @@ -68,6 +68,13 @@ ${project.version} + + ${project.groupId} + bouncy-castle-bc + ${project.version} + pkg + + ${project.groupId} pulsar-broker diff --git a/pulsar-io/kafka-connect-adaptor/pom.xml b/pulsar-io/kafka-connect-adaptor/pom.xml index 1f8b0c7f7c2ae..974ef1f57ba8f 100644 --- a/pulsar-io/kafka-connect-adaptor/pom.xml +++ b/pulsar-io/kafka-connect-adaptor/pom.xml @@ -68,6 +68,13 @@ ${project.version} + + ${project.groupId} + bouncy-castle-bc + ${project.version} + pkg + + ${project.groupId} kafka-connect-avro-converter-shaded diff --git a/tests/pulsar-storm-test/pom.xml b/tests/pulsar-storm-test/pom.xml index a0fef6e521502..0a0d524c860b4 100644 --- a/tests/pulsar-storm-test/pom.xml +++ b/tests/pulsar-storm-test/pom.xml @@ -47,7 +47,7 @@ - + org.apache.storm storm-server @@ -65,6 +65,14 @@ + + org.apache.pulsar + bouncy-castle-bc + ${project.version} + pkg + test + + org.apache.pulsar pulsar-broker From 4de8c900fd10077b37c39cdb6db5d054731cb1eb Mon Sep 17 00:00:00 2001 From: Jia Zhai Date: Thu, 22 Oct 2020 15:01:32 +0800 Subject: [PATCH 12/13] add missing bc reference in pom --- pulsar-client/pom.xml | 1 + .../pulsar/common/util/BcNarDefinition.java | 47 ------------------- pulsar-sql/presto-pulsar-plugin/pom.xml | 9 +++- pulsar-sql/presto-pulsar/pom.xml | 8 ++++ pulsar-websocket/pom.xml | 8 ++++ tests/integration/pom.xml | 7 +++ tests/pulsar-kafka-compat-client-test/pom.xml | 7 +++ 7 files changed, 39 insertions(+), 48 deletions(-) delete mode 100644 pulsar-common/src/main/java/org/apache/pulsar/common/util/BcNarDefinition.java diff --git a/pulsar-client/pom.xml b/pulsar-client/pom.xml index f93fffa36a406..29cf431214fcb 100644 --- a/pulsar-client/pom.xml +++ b/pulsar-client/pom.xml @@ -56,6 +56,7 @@ bouncy-castle-bc ${project.parent.version} pkg + true diff --git a/pulsar-common/src/main/java/org/apache/pulsar/common/util/BcNarDefinition.java b/pulsar-common/src/main/java/org/apache/pulsar/common/util/BcNarDefinition.java deleted file mode 100644 index 650c894651a67..0000000000000 --- a/pulsar-common/src/main/java/org/apache/pulsar/common/util/BcNarDefinition.java +++ /dev/null @@ -1,47 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.pulsar.common.util; - -import lombok.Data; -import lombok.NoArgsConstructor; - -/** - * Definition of a Bouncy Castle provider loader NAR package. - */ -@Data -@NoArgsConstructor -public class BcNarDefinition { - - /** - * The name of the Bouncy Castle provider type. - * BC/BCFIPS - */ - private String name; - - /** - * Description to be used for user help. - */ - private String description; - - /** - * The class name for the Bouncy Castle provider loader impl. - */ - private String bcLoaderClass; - -} diff --git a/pulsar-sql/presto-pulsar-plugin/pom.xml b/pulsar-sql/presto-pulsar-plugin/pom.xml index 74c63914b1d8a..417e8221a1ebf 100644 --- a/pulsar-sql/presto-pulsar-plugin/pom.xml +++ b/pulsar-sql/presto-pulsar-plugin/pom.xml @@ -39,6 +39,13 @@ ${project.version} + + ${project.groupId} + bouncy-castle-bc + ${project.version} + pkg + true + @@ -70,4 +77,4 @@ - \ No newline at end of file + diff --git a/pulsar-sql/presto-pulsar/pom.xml b/pulsar-sql/presto-pulsar/pom.xml index c96c5cc665cf7..c2caef58fc715 100644 --- a/pulsar-sql/presto-pulsar/pom.xml +++ b/pulsar-sql/presto-pulsar/pom.xml @@ -63,6 +63,14 @@ ${project.version} + + ${project.groupId} + bouncy-castle-bc + ${project.version} + pkg + true + + ${project.groupId} managed-ledger diff --git a/pulsar-websocket/pom.xml b/pulsar-websocket/pom.xml index 163a79a5415d6..e39c4e225c8e7 100644 --- a/pulsar-websocket/pom.xml +++ b/pulsar-websocket/pom.xml @@ -45,6 +45,14 @@ ${project.version} + + ${project.groupId} + bouncy-castle-bc + ${project.version} + pkg + true + + ${project.groupId} managed-ledger diff --git a/tests/integration/pom.xml b/tests/integration/pom.xml index 295339cdd0568..3219d3a334e4f 100644 --- a/tests/integration/pom.xml +++ b/tests/integration/pom.xml @@ -54,6 +54,13 @@ ${project.version} test + + org.apache.pulsar + bouncy-castle-bc + ${project.version} + pkg + test + org.apache.pulsar pulsar-client-admin diff --git a/tests/pulsar-kafka-compat-client-test/pom.xml b/tests/pulsar-kafka-compat-client-test/pom.xml index e77cb8df93fd5..d0adddc2a8626 100644 --- a/tests/pulsar-kafka-compat-client-test/pom.xml +++ b/tests/pulsar-kafka-compat-client-test/pom.xml @@ -62,6 +62,13 @@ pulsar-common ${project.version} + + org.apache.pulsar + bouncy-castle-bc + ${project.version} + pkg + test + org.apache.pulsar pulsar-client-kafka From a2273edb039073e539ae34e8e2b31fb0d6b47522 Mon Sep 17 00:00:00 2001 From: Jia Zhai Date: Thu, 22 Oct 2020 23:24:21 +0800 Subject: [PATCH 13/13] change ci back to not build docker image --- .../ci-integration-backwards-compatibility.yaml | 10 +--------- .github/workflows/ci-integration-cli.yaml | 10 +--------- .github/workflows/ci-integration-function-state.yaml | 10 +--------- .github/workflows/ci-integration-messaging.yaml | 10 +--------- .github/workflows/ci-integration-process.yaml | 2 +- .github/workflows/ci-integration-standalone.yaml | 10 +--------- .github/workflows/ci-integration-thread.yaml | 2 +- .../workflows/ci-integration-tiered-filesystem.yaml | 2 +- .github/workflows/ci-integration-tiered-jcloud.yaml | 2 +- 9 files changed, 9 insertions(+), 49 deletions(-) diff --git a/.github/workflows/ci-integration-backwards-compatibility.yaml b/.github/workflows/ci-integration-backwards-compatibility.yaml index 8cb0f7a9e061c..84e00fde4f208 100644 --- a/.github/workflows/ci-integration-backwards-compatibility.yaml +++ b/.github/workflows/ci-integration-backwards-compatibility.yaml @@ -73,17 +73,9 @@ jobs: if: steps.docs.outputs.changed_only == 'no' run: mvn -q -B -ntp clean install -DskipTests - - name: build pulsar image - if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f docker/pulsar/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - - - name: build pulsar-all image - if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f docker/pulsar-all/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - - name: build artifacts and docker image if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests - name: run integration tests if: steps.docs.outputs.changed_only == 'no' diff --git a/.github/workflows/ci-integration-cli.yaml b/.github/workflows/ci-integration-cli.yaml index fd06e92af8df6..91839199995a1 100644 --- a/.github/workflows/ci-integration-cli.yaml +++ b/.github/workflows/ci-integration-cli.yaml @@ -73,17 +73,9 @@ jobs: if: steps.docs.outputs.changed_only == 'no' run: mvn -q -B -ntp clean install -DskipTests - - name: build pulsar image - if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f docker/pulsar/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - - - name: build pulsar-all image - if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f docker/pulsar-all/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - - name: build artifacts and docker image if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests - name: run integration tests if: steps.docs.outputs.changed_only == 'no' diff --git a/.github/workflows/ci-integration-function-state.yaml b/.github/workflows/ci-integration-function-state.yaml index 90ef229057caa..e842ed94e995f 100644 --- a/.github/workflows/ci-integration-function-state.yaml +++ b/.github/workflows/ci-integration-function-state.yaml @@ -73,17 +73,9 @@ jobs: if: steps.docs.outputs.changed_only == 'no' run: mvn -q -B -ntp clean install -DskipTests - - name: build pulsar image - if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f docker/pulsar/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - - - name: build pulsar-all image - if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f docker/pulsar-all/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - - name: build artifacts and docker image if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests - name: run integration tests if: steps.docs.outputs.changed_only == 'no' diff --git a/.github/workflows/ci-integration-messaging.yaml b/.github/workflows/ci-integration-messaging.yaml index 0dc9cf51fc6e7..fb17d38153bd1 100644 --- a/.github/workflows/ci-integration-messaging.yaml +++ b/.github/workflows/ci-integration-messaging.yaml @@ -73,17 +73,9 @@ jobs: if: steps.docs.outputs.changed_only == 'no' run: mvn -q -B -ntp clean install -DskipTests - - name: build pulsar image - if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f docker/pulsar/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - - - name: build pulsar-all image - if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f docker/pulsar-all/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - - name: build artifacts and docker image if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests - name: run integration tests if: steps.docs.outputs.changed_only == 'no' diff --git a/.github/workflows/ci-integration-process.yaml b/.github/workflows/ci-integration-process.yaml index cd50704c4010a..17e03edad0ff9 100644 --- a/.github/workflows/ci-integration-process.yaml +++ b/.github/workflows/ci-integration-process.yaml @@ -83,7 +83,7 @@ jobs: - name: build artifacts and docker image if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests - name: run integration function if: steps.docs.outputs.changed_only == 'no' diff --git a/.github/workflows/ci-integration-standalone.yaml b/.github/workflows/ci-integration-standalone.yaml index 6593156533786..39aff11bb87bd 100644 --- a/.github/workflows/ci-integration-standalone.yaml +++ b/.github/workflows/ci-integration-standalone.yaml @@ -73,17 +73,9 @@ jobs: if: steps.docs.outputs.changed_only == 'no' run: mvn -q -B -ntp clean install -DskipTests - - name: build pulsar image - if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f docker/pulsar/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - - - name: build pulsar-all image - if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f docker/pulsar-all/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true - - name: build artifacts and docker image if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests - name: run integration tests if: steps.docs.outputs.changed_only == 'no' diff --git a/.github/workflows/ci-integration-thread.yaml b/.github/workflows/ci-integration-thread.yaml index 77b5015537243..337880ce467ea 100644 --- a/.github/workflows/ci-integration-thread.yaml +++ b/.github/workflows/ci-integration-thread.yaml @@ -83,7 +83,7 @@ jobs: - name: build artifacts and docker image if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests - name: run integration function if: steps.docs.outputs.changed_only == 'no' diff --git a/.github/workflows/ci-integration-tiered-filesystem.yaml b/.github/workflows/ci-integration-tiered-filesystem.yaml index 8e795a7710f77..db0aab3ae1e2e 100644 --- a/.github/workflows/ci-integration-tiered-filesystem.yaml +++ b/.github/workflows/ci-integration-tiered-filesystem.yaml @@ -83,7 +83,7 @@ jobs: - name: build artifacts and docker image if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests - name: run integration tests if: steps.docs.outputs.changed_only == 'no' diff --git a/.github/workflows/ci-integration-tiered-jcloud.yaml b/.github/workflows/ci-integration-tiered-jcloud.yaml index b80d06cbc0870..60f272e54ee91 100644 --- a/.github/workflows/ci-integration-tiered-jcloud.yaml +++ b/.github/workflows/ci-integration-tiered-jcloud.yaml @@ -83,7 +83,7 @@ jobs: - name: build artifacts and docker image if: steps.docs.outputs.changed_only == 'no' - run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests -Ddocker.nocache=true + run: mvn -B -f tests/docker-images/pom.xml install -am -Pdocker -DskipTests - name: run integration tests if: steps.docs.outputs.changed_only == 'no'