Re: [PR] [improve][client] Implement tls_client_auth for AuthenticationOAuth2 [pulsar]

Thu, 23 Apr 2026 21:42:38 -0700 


izumo27 commented on code in PR #25538:
URL: https://github.com/apache/pulsar/pull/25538#discussion_r3135480178


##########
pulsar-client/src/main/java/org/apache/pulsar/client/impl/auth/oauth2/FlowBase.java:
##########
@@ -47,28 +55,38 @@ abstract class FlowBase implements Flow {
     public static final String CONFIG_PARAM_CONNECT_TIMEOUT = "connectTimeout";
     public static final String CONFIG_PARAM_READ_TIMEOUT = "readTimeout";
     public static final String CONFIG_PARAM_TRUST_CERTS_FILE_PATH = 
"trustCertsFilePath";
+    public static final String CONFIG_PARAM_CERT_FILE = "tlsCertFile";
+    public static final String CONFIG_PARAM_KEY_FILE = "tlsKeyFile";
+    public static final String CONFIG_PARAM_AUTO_CERT_REFRESH_DURATION = 
"autoCertRefreshDuration";
     public static final String CONFIG_PARAM_WELL_KNOWN_METADATA_PATH = 
"wellKnownMetadataPath";
 
     protected static final Duration DEFAULT_CONNECT_TIMEOUT = 
Duration.ofSeconds(10);
     protected static final Duration DEFAULT_READ_TIMEOUT = 
Duration.ofSeconds(30);
+    protected static final Duration DEFAULT_AUTO_CERT_REFRESH_DURATION = 
Duration.ofSeconds(300);
 
     private static final long serialVersionUID = 1L;
 
     protected final URL issuerUrl;
     protected final AsyncHttpClient httpClient;
     protected final String wellKnownMetadataPath;
 
+    protected transient PulsarSslFactory sslFactory;
+    protected transient ScheduledExecutorService sslRefreshScheduler;
     protected transient Metadata metadata;
 
     protected FlowBase(URL issuerUrl, Duration connectTimeout, Duration 
readTimeout, String trustCertsFilePath,
+                       String certFile, String keyFile, Duration 
autoCertRefreshDuration,
                        String wellKnownMetadataPath) {
         this.issuerUrl = issuerUrl;
-        this.httpClient = defaultHttpClient(readTimeout, connectTimeout, 
trustCertsFilePath);
+        this.httpClient = defaultHttpClient(readTimeout, connectTimeout, 
trustCertsFilePath, certFile, keyFile);
+        long autoCertRefreshSeconds = 
getParameterDurationToSeconds(CONFIG_PARAM_AUTO_CERT_REFRESH_DURATION,
+                autoCertRefreshDuration, DEFAULT_AUTO_CERT_REFRESH_DURATION);
+        scheduleSslContextRefreshIfEnabled(autoCertRefreshSeconds);

Review Comment:
   Since certificates have an expiration date, it is useful for users that this 
is enabled by default.
   It is also enabled by default in the client configuration.
   
https://github.com/apache/pulsar/blob/v4.2.0/pulsar-client/src/main/java/org/apache/pulsar/client/impl/conf/ClientConfigurationData.java#L273



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to