Add support for PEM files #1840
Conversation
There was a problem hiding this comment.
I don't understand why PemReader.java is included in this PR when, as far as I can tell, all the code we need is in TlsTestUtils.java
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
The PEM reader is necessary to parse the certificates and keys in the PEM, it strips up the header and footer, decode the base 64 representation, etc. This is not done in the |
|
@hgeraldino Thanks for the contribution. CodeQL flagged the regex from the PEM reader, so I updated them. I ran the PEM reader test suite from Zookeeper with the updated regex to make sure I did not break anything. Feel free to stash my commit. |
The only reason I'm harping on this is that this PR introduces a lot of unnecessary code. UPDATE: https://github.com/lukebakken/rabbitmq-java-client-1840 Well, I learned something - as soon as you have a private key in your file, the existing Java lib can't read it /sad trombone Score one for |
lukebakken
left a comment
lukebakken
left a comment
There was a problem hiding this comment.
Actually, should it be possible for this new code to replace / augment the utility class used in tests?
|
@lukebakken I was referring to private keys, not certificates. I'm not aware of JDK utility that can load a private key from its PEM file without the work that the PEM reader class does. |
|
@acogoluegnes yep, I updated my comment as soon as I discovered that in my testing 😸 @hgeraldino I have taken your code and created a branch in my fork of this repository: https://github.com/lukebakken/rmq-rabbitmq-java-client/tree/rabbitmq-java-client-1840 Here is a comparison of my branch with yours: link Please note that your PR branch is I spent some time having the genie review your pull request, and had it create a summary document of what it found. Some of the suggestions have already been implemented (like the regex suggestion). The other suggestion about silently handling certain exceptions seems worthwhile to address. I also integrated your changes into the existing If you'd like to use my work, feel free to add my fork as an upstream, and merge/cherry-pick whatever commits you'd like into your own work. Otherwise, I'd be happy to take your contribution to conclusion. Either way, thanks a lot. |
Thanks @lukebakken I cherrypicked your commit that adds support for PEM files to TlsTestUtils. I also adopted some of the suggestions from the AI-generated doc (some of the APIs it suggested are only available on newer JDK versions) Please take another look when you have a chance Thanks! |
|
@hgeraldino just FYI I don't see any changes to |
🤦 - they're now |
|
I assume we want to ship this in 5.x? |
|
@michaelklishin Yes, it should not be a problem to backport. |
|
I'd be extremely grateful if this is backported to the current release branch, so we don't have to maintain an internally patched version of the client 🙏 🙏 Thanks a lot for being so receptive :) |
4 participants
Proposed Changes
Adds support for PEM files, as requested in #1837
Types of Changes
What types of changes does your code introduce to this project?
Put an
xin the boxes that applyChecklist
Put an
xin the boxes that apply. You can also fill these out after creatingthe PR. If you're unsure about any of them, don't hesitate to ask on the
mailing list. We're here to help! This is simply a reminder of what we are
going to look for before merging your code.
CONTRIBUTING.mddocumentFurther Comments
Change is rather simple. It copies the PemReader (ASF licensed) from Apache ZooKeeper and extends the
ConnectionFactoryConfiguratorso it supports a new keystore type (PEM)