Fixed WebSocket TLS connection bug (apache#356)

iEverX · Apr 17, 2017 · e7622f3 · e7622f3
1 parent 9278623
commit e7622f3
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/pulsar-websocket/src/main/java/com/yahoo/pulsar/websocket/WebSocketService.java b/pulsar-websocket/src/main/java/com/yahoo/pulsar/websocket/WebSocketService.java
@@ -160,6 +160,9 @@ public synchronized PulsarClient getPulsarClient() throws IOException {
     private PulsarClient createClientInstance(ClusterData clusterData) throws IOException {
         ClientConfiguration clientConf = new ClientConfiguration();
         clientConf.setStatsInterval(0, TimeUnit.SECONDS);
+        clientConf.setUseTls(config.isTlsEnabled());
+        clientConf.setTlsAllowInsecureConnection(config.isTlsAllowInsecureConnection());
+        clientConf.setTlsTrustCertsFilePath(config.getTlsTrustCertsFilePath());
         if (config.isAuthenticationEnabled()) {
             clientConf.setAuthentication(config.getBrokerClientAuthenticationPlugin(),
                     config.getBrokerClientAuthenticationParameters());
@@ -194,8 +197,10 @@ private static ServiceConfiguration createServiceConfiguration(WebSocketProxyCon
         serviceConfig.setGlobalZookeeperServers(config.getGlobalZookeeperServers());
         serviceConfig.setZooKeeperSessionTimeoutMillis(config.getZooKeeperSessionTimeoutMillis());
         serviceConfig.setTlsEnabled(config.isTlsEnabled());
+        serviceConfig.setTlsTrustCertsFilePath(config.getTlsTrustCertsFilePath());
         serviceConfig.setTlsCertificateFilePath(config.getTlsCertificateFilePath());
         serviceConfig.setTlsKeyFilePath(config.getTlsKeyFilePath());
+        serviceConfig.setTlsAllowInsecureConnection(config.isTlsAllowInsecureConnection());
         return serviceConfig;
     }
 

diff --git a/...bsocket/src/main/java/com/yahoo/pulsar/websocket/service/WebSocketProxyConfiguration.java b/...bsocket/src/main/java/com/yahoo/pulsar/websocket/service/WebSocketProxyConfiguration.java
@@ -65,6 +65,10 @@ public class WebSocketProxyConfiguration implements PulsarConfiguration {
     private String tlsCertificateFilePath;
     // Path for the TLS private key file
     private String tlsKeyFilePath;
+    // Path for the trusted TLS certificate file
+    private String tlsTrustCertsFilePath = "";
+    // Accept untrusted TLS certificate from client
+    private boolean tlsAllowInsecureConnection = false;
 
     private Properties properties = new Properties();
 
@@ -203,6 +207,22 @@ public String getTlsKeyFilePath() {
     public void setTlsKeyFilePath(String tlsKeyFilePath) {
         this.tlsKeyFilePath = tlsKeyFilePath;
     }
+
+    public String getTlsTrustCertsFilePath() {
+        return tlsTrustCertsFilePath;
+    }
+
+    public void setTlsTrustCertsFilePath(String tlsTrustCertsFilePath) {
+        this.tlsTrustCertsFilePath = tlsTrustCertsFilePath;
+    }
+
+    public boolean isTlsAllowInsecureConnection() {
+        return tlsAllowInsecureConnection;
+    }
+
+    public void setTlsAllowInsecureConnection(boolean tlsAllowInsecureConnection) {
+        this.tlsAllowInsecureConnection = tlsAllowInsecureConnection;
+    }
 
     public Properties getProperties() {
         return properties;