Add TLS authentication end to end tests (#224)

* Make C++ tls auth api same as Java

* Add tls auth test for Java client

* Add tls auth test for C++ client

pulsar-broker/src/test/java/com/yahoo/pulsar/client/api/AuthenticatedProducerConsumerTest.java

+/**
+ * Copyright 2016 Yahoo Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.yahoo.pulsar.client.api;
+
+import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
+import com.yahoo.pulsar.client.admin.PulsarAdmin;
+import com.yahoo.pulsar.common.policies.data.ClusterData;
+import com.yahoo.pulsar.common.policies.data.PropertyAdmin;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.testng.Assert;
+import org.testng.annotations.AfterMethod;
+import org.testng.annotations.BeforeMethod;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+
+import java.net.URI;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.Set;
+import java.util.concurrent.*;
+
+import static org.mockito.Mockito.*;
+
+import com.yahoo.pulsar.broker.authentication.*;
+import com.yahoo.pulsar.client.impl.auth.*;
+
+public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
+    private static final Logger log = LoggerFactory.getLogger(AuthenticatedProducerConsumerTest.class);
+
+    private final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
+    private final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem";
+    private final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem";
+    private final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
+    private final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
+
+    @BeforeMethod
+    @Override
+    protected void setup() throws Exception {
+        conf.setAuthenticationEnabled(true);
+        conf.setAuthorizationEnabled(true);
+
+        conf.setTlsEnabled(true);
+        conf.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
+        conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
+        conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
+        conf.setTlsAllowInsecureConnection(true);
+
+        Set<String> superUserRoles = new HashSet<>();
+        superUserRoles.add("localhost");
+        superUserRoles.add("superUser");
+        conf.setSuperUserRoles(superUserRoles);
+
+        conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
+        conf.setBrokerClientAuthenticationParameters("tlsCertFile:" + TLS_CLIENT_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_SERVER_KEY_FILE_PATH);
+
+        Set<String> providers = new HashSet<>();
+        providers.add(AuthenticationProviderTls.class.getName());
+        conf.setAuthenticationProviders(providers);
+
+        conf.setClusterName("use");
+
+        super.init();
+    }
+
+    protected final void internalSetup(Authentication auth) throws Exception {
+        com.yahoo.pulsar.client.api.ClientConfiguration clientConf = new com.yahoo.pulsar.client.api.ClientConfiguration();
+        clientConf.setStatsInterval(0, TimeUnit.SECONDS);
+        clientConf.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
+        clientConf.setTlsAllowInsecureConnection(true);
+        clientConf.setAuthentication(auth);
+        clientConf.setUseTls(true);
+
+        admin = spy(new PulsarAdmin(brokerUrlTls, clientConf));
+        String lookupUrl = new URI("pulsar+ssl://localhost:" + BROKER_PORT_TLS).toString();
+        pulsarClient = PulsarClient.create(lookupUrl, clientConf);
+    }
+
+    @AfterMethod
+    @Override
+    protected void cleanup() throws Exception {
+        super.internalCleanup();
+    }
+
+    @DataProvider(name = "batch")
+    public Object[][] codecProvider() {
+        return new Object[][] { { 0 }, { 1000 } };
+    }
+
+    @Test(dataProvider = "batch")
+    public void testTlsSyncProducerAndConsumer(int batchMessageDelayMs) throws Exception {
+        log.info("-- Starting {} test --", methodName);
+
+        Map<String, String> authParams = new HashMap<>();
+        authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
+        authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+        Authentication authTls = new AuthenticationTls();
+        authTls.configure(authParams);
+        internalSetup(authTls);
+
+        admin.clusters().createCluster("use", new ClusterData(brokerUrl.toString(),brokerUrlTls.toString(),"pulsar://localhost:" + BROKER_PORT, "pulsar+ssl://localhost:" + BROKER_PORT_TLS));
+        admin.properties().createProperty("my-property",
+                new PropertyAdmin(Lists.newArrayList("appid1", "appid2"), Sets.newHashSet("use")));
+        admin.namespaces().createNamespace("my-property/use/my-ns");
+
+        ConsumerConfiguration conf = new ConsumerConfiguration();
+        conf.setSubscriptionType(SubscriptionType.Exclusive);
+        Consumer consumer = pulsarClient.subscribe("persistent://my-property/use/my-ns/my-topic1", "my-subscriber-name",
+                conf);
+
+
+        ProducerConfiguration producerConf = new ProducerConfiguration();
+
+        if (batchMessageDelayMs != 0) {
+            producerConf.setBatchingEnabled(true);
+            producerConf.setBatchingMaxPublishDelay(batchMessageDelayMs, TimeUnit.MILLISECONDS);
+            producerConf.setBatchingMaxMessages(5);
+        }
+
+        Producer producer = pulsarClient.createProducer("persistent://my-property/use/my-ns/my-topic1", producerConf);
+        for (int i = 0; i < 10; i++) {
+            String message = "my-message-" + i;
+            producer.send(message.getBytes());
+        }
+
+        Message msg = null;
+        Set<String> messageSet = Sets.newHashSet();
+        for (int i = 0; i < 10; i++) {
+            msg = consumer.receive(5, TimeUnit.SECONDS);
+            String receivedMessage = new String(msg.getData());
+            log.debug("Received message: [{}]", receivedMessage);
+            String expectedMessage = "my-message-" + i;
+            testMessageOrderAndDuplicates(messageSet, receivedMessage, expectedMessage);
+        }
+        // Acknowledge the consumption of all messages at once
+        consumer.acknowledgeCumulative(msg);
+        consumer.close();
+        log.info("-- Exiting {} test --", methodName);
+    }
+
+}

pulsar-broker/src/test/resources/authentication/tls/broker-cert.pem

+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            b7:07:a3:fe:2a:7e:03:c9
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=testCA
+        Validity
+            Not Before: Feb 16 23:18:35 2017 GMT
+            Not After : Feb 16 23:18:35 2018 GMT
+        Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=localhost
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:c5:aa:20:d8:d7:37:d7:e5:dd:c2:03:8d:75:fa:
+                    1e:53:7f:c5:3e:9f:12:4b:04:e3:56:97:00:2b:22:
+                    cd:8d:5a:da:23:b4:ef:3a:c9:bf:a1:9c:ac:f4:ab:
+                    ed:53:25:bc:1e:5b:54:ae:e8:f4:be:31:e2:94:64:
+                    61:7e:a1:16:56:26:2a:81:eb:47:b3:89:ea:c4:1d:
+                    20:46:68:75:55:68:c4:63:7d:e8:ee:4f:96:91:71:
+                    2f:9d:4c:39:05:2c:25:b3:b0:d7:ec:18:f6:c4:86:
+                    a3:b0:41:ad:a4:cd:8c:b4:ca:1d:f1:46:e3:84:a5:
+                    f8:09:15:8e:9b:ae:38:44:9d:92:a2:1a:74:6a:11:
+                    e0:37:cb:fb:75:d8:90:6a:d0:c3:fc:e5:92:da:90:
+                    50:01:9f:ce:3b:d2:01:e4:8a:3f:e7:2c:53:51:8f:
+                    e9:32:56:bb:7e:5e:4f:c6:9c:ac:05:9d:41:ac:88:
+                    61:98:df:12:fe:f2:5e:0f:32:5f:10:bc:da:5e:86:
+                    45:1b:11:60:fc:c9:5d:7b:e2:b3:11:27:03:7d:72:
+                    b0:72:75:9e:23:15:f7:af:86:60:7b:dd:7e:3d:cc:
+                    72:55:02:74:9b:de:c5:87:9d:82:be:3f:3b:84:cd:
+                    ba:78:15:c2:d1:d0:d3:a0:af:89:aa:c1:cc:4d:82:
+                    f8:d3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                2A:C2:91:C5:B0:C5:49:15:BC:36:B8:7A:41:5E:67:18:DE:B2:A8:BC
+            X509v3 Authority Key Identifier: 
+                keyid:DB:22:F6:EF:06:5B:88:5F:9F:32:15:9E:A4:86:21:C4:85:12:CC:66
+
+    Signature Algorithm: sha1WithRSAEncryption
+        92:4d:7d:cd:d3:c5:4b:f2:72:22:6e:43:75:17:af:d0:b7:69:
+        a7:fd:73:38:f7:33:83:90:f6:a0:fb:89:4f:cd:86:31:60:8b:
+        76:b7:7d:82:a7:4f:17:e6:89:f0:d8:73:43:e8:5d:9b:f2:10:
+        78:1a:ff:f9:cf:4a:12:41:8a:6d:40:d8:6d:5d:b9:a3:f4:48:
+        ea:9d:ba:cb:a8:46:5a:0b:32:f7:e2:a1:ab:d7:ea:f7:6d:af:
+        d9:43:de:fd:5e:be:d7:49:f2:1c:f6:39:46:ae:fa:b1:bb:a6:
+        98:32:60:9d:70:40:a7:8b:c8:9f:5d:f6:5c:b7:c4:ef:07:ca:
+        61:31
+-----BEGIN CERTIFICATE-----
+MIIDLDCCApWgAwIBAgIJALcHo/4qfgPJMA0GCSqGSIb3DQEBBQUAMFYxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnRlc3RDQTAeFw0xNzAyMTYyMzE4MzVa
+Fw0xODAyMTYyMzE4MzVaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
+YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMT
+CWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMWqINjX
+N9fl3cIDjXX6HlN/xT6fEksE41aXACsizY1a2iO07zrJv6GcrPSr7VMlvB5bVK7o
+9L4x4pRkYX6hFlYmKoHrR7OJ6sQdIEZodVVoxGN96O5PlpFxL51MOQUsJbOw1+wY
+9sSGo7BBraTNjLTKHfFG44Sl+AkVjpuuOESdkqIadGoR4DfL+3XYkGrQw/zlktqQ
+UAGfzjvSAeSKP+csU1GP6TJWu35eT8acrAWdQayIYZjfEv7yXg8yXxC82l6GRRsR
+YPzJXXvisxEnA31ysHJ1niMV96+GYHvdfj3MclUCdJvexYedgr4/O4TNungVwtHQ
+06CviarBzE2C+NMCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd
+T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFCrCkcWwxUkV
+vDa4ekFeZxjesqi8MB8GA1UdIwQYMBaAFNsi9u8GW4hfnzIVnqSGIcSFEsxmMA0G
+CSqGSIb3DQEBBQUAA4GBAJJNfc3TxUvyciJuQ3UXr9C3aaf9czj3M4OQ9qD7iU/N
+hjFgi3a3fYKnTxfmifDYc0PoXZvyEHga//nPShJBim1A2G1duaP0SOqdusuoRloL
+MvfioavX6vdtr9lD3v1evtdJ8hz2OUau+rG7ppgyYJ1wQKeLyJ9d9ly3xO8HymEx
+-----END CERTIFICATE-----

pulsar-broker/src/test/resources/authentication/tls/broker-key.pem

+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDFqiDY1zfX5d3C
+A411+h5Tf8U+nxJLBONWlwArIs2NWtojtO86yb+hnKz0q+1TJbweW1Su6PS+MeKU
+ZGF+oRZWJiqB60ezierEHSBGaHVVaMRjfejuT5aRcS+dTDkFLCWzsNfsGPbEhqOw
+Qa2kzYy0yh3xRuOEpfgJFY6brjhEnZKiGnRqEeA3y/t12JBq0MP85ZLakFABn847
+0gHkij/nLFNRj+kyVrt+Xk/GnKwFnUGsiGGY3xL+8l4PMl8QvNpehkUbEWD8yV17
+4rMRJwN9crBydZ4jFfevhmB73X49zHJVAnSb3sWHnYK+PzuEzbp4FcLR0NOgr4mq
+wcxNgvjTAgMBAAECggEAZbYMXugn4R10RdBEK2//yOGXYojCBf5G6RicSpYHBXS5
+iOQisbJ8vDF9wgzx+vYQ3eILKlHPFktfFxKsJFfJwZy0BNRHuff+6Nk/8Vrw/XkC
+jVuNz4r+pGqEoMFHGgVEhTk7ck7KNAhAFINHUeU/QQw76hqbGne4sRv5nNxCMfOm
+sew2XBR0CfYK2i7L+ylL45p7ZVxXWjEkKAF9g4bWsVBWLrRwcdyrwisrd3Fxfc2+
+C8Z8yvfftpAUSZ9b/+XpRWjrIJ8GpWRULUNf6Zq0UyEZWVS7CUeHVJJB8LtZFMvW
+eYiaqX5RmSlE1sf0dM2/DTRBM2aThDlLJsBLCcs+kQKBgQD2rf+tHBPD86Z418VC
+WRD4mDYzNH2ELR2Z0c+whA2RV+qKHJColeuv2AEYyp1JqPGL0NhXv0ZSD879+d3U
+pkTDt8YHo3g6nY0/JYME+/U1WlHeUMcitFXm2FcgBh5eBAiMIKwmfsoVMtLluM1u
+RmBJK5kg7xq9Ozx6xlvNc+b9+QKBgQDNIghMnM51jSqNX2HCZelPiu1PipCQEVN2
+dPk4OCbqB0Jlp6p42jPYQh1QeJ3KoETlQQjUQJMbsSB0Lf1EUPaQraw3xvilWQpi
+RF7lkzZcStmcdzghtDDYL63TFc5a+SoLjuZ2LfTR6zxr58tuDxRMrc3wczw/mHbS
+Ehgr6TzQKwKBgHozhF9rc1c1Upi2u1+8461jKiZ/sFZUSz+yMqMNJ/OCjAvTTs5V
+Rqab6R8w8G5XJSHQWfxOIzXv4ujqaTw5CgOy/IU4NA1Fk31exeMoNjcyATCS77N/
+hraPIcoZfd2xPdK9NMr1MIMD5Hos7IfekUBuOrOX/7USrUldDolfC2VxAoGAQXLw
+TvFg9iSaRQz/tfSqIhTjbpN5WF4O0Sa1NXjFAbpbNu/t9i04iXFexQQW5EWKddLw
+LDiGNzmmbysVOazTXonq/sjfIHJuW7gQxxLXL086ay+mmypQw0lDHqxAcMo63gE0
+CtTS3f8+Afes8mqhQW3a3TMHMAtHLfNT/v6lxo0CgYA5sR43Z8RkYkGBiR+zoB8H
+gnVDGh7Am0HCI9ZTuhPXYe3i8iLOQDTV3iw6ffA7FAvjLvjFK89gB6fc3pCCwT/Y
+d45svjrPtJTzrH3DC4JT1EQWPhJEODYdVrH1gI+x2KNeFsZB7hF47rkNvTLozRlb
+obk5poVuMFIKZFbIFNj7xQ==
+-----END PRIVATE KEY-----

pulsar-broker/src/test/resources/authentication/tls/cacert.pem

+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            b7:07:a3:fe:2a:7e:03:c6
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=testCA
+        Validity
+            Not Before: Feb 16 22:52:50 2017 GMT
+            Not After : Feb 16 22:52:50 2020 GMT
+        Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=testCA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b2:19:fa:5b:d4:d5:5f:ed:5c:64:2b:71:8d:93:
+                    5f:01:b3:19:d8:b7:a7:02:41:b5:20:ee:e5:6f:33:
+                    58:96:01:cd:22:e2:c8:b4:21:84:4a:a5:ae:24:55:
+                    7e:d9:00:a1:ff:fb:6d:77:15:d2:5e:f0:65:f4:3b:
+                    bb:ca:e1:9f:3e:02:c7:c7:d8:92:73:ee:b7:3b:5d:
+                    d9:a9:f6:ad:07:31:42:90:91:20:fd:32:91:73:a5:
+                    a3:f1:93:a0:83:c7:87:84:d9:b3:d0:6a:55:a2:b5:
+                    22:97:e5:fc:b7:8d:74:42:ec:5b:82:cd:0d:fc:51:
+                    9f:b3:b2:db:cb:7f:9a:e8:21
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                DB:22:F6:EF:06:5B:88:5F:9F:32:15:9E:A4:86:21:C4:85:12:CC:66
+            X509v3 Authority Key Identifier: 
+                keyid:DB:22:F6:EF:06:5B:88:5F:9F:32:15:9E:A4:86:21:C4:85:12:CC:66
+                DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=testCA
+                serial:B7:07:A3:FE:2A:7E:03:C6
+
+            X509v3 Basic Constraints: 
+                CA:TRUE
+    Signature Algorithm: sha1WithRSAEncryption
+        5b:d3:fb:37:b7:c4:83:0b:9b:77:04:e4:42:fb:3d:7d:4b:a4:
+        8c:f5:2d:ca:f4:81:36:f4:87:d8:0f:60:b0:bb:b6:be:cc:84:
+        fa:3e:70:c4:bd:fe:24:80:98:6a:84:c9:22:14:46:f7:ae:0f:
+        82:0c:6b:ab:87:19:d3:be:0f:23:be:44:05:b5:88:28:b3:f4:
+        5b:e4:37:1f:cb:6b:b9:42:25:cc:6b:7e:80:7e:af:6e:57:a4:
+        25:bd:47:b9:cb:24:da:54:6a:aa:b8:e4:98:6e:2d:6b:35:a2:
+        8f:93:26:d5:b3:c1:7e:aa:de:5e:52:68:5a:1e:c9:4a:f6:ce:
+        02:9c
+-----BEGIN CERTIFICATE-----
+MIIC5DCCAk2gAwIBAgIJALcHo/4qfgPGMA0GCSqGSIb3DQEBBQUAMFYxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnRlc3RDQTAeFw0xNzAyMTYyMjUyNTBa
+Fw0yMDAyMTYyMjUyNTBaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
+YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMT
+BnRlc3RDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAshn6W9TVX+1cZCtx
+jZNfAbMZ2LenAkG1IO7lbzNYlgHNIuLItCGESqWuJFV+2QCh//ttdxXSXvBl9Du7
+yuGfPgLHx9iSc+63O13ZqfatBzFCkJEg/TKRc6Wj8ZOgg8eHhNmz0GpVorUil+X8
+t410Quxbgs0N/FGfs7Lby3+a6CECAwEAAaOBuTCBtjAdBgNVHQ4EFgQU2yL27wZb
+iF+fMhWepIYhxIUSzGYwgYYGA1UdIwR/MH2AFNsi9u8GW4hfnzIVnqSGIcSFEsxm
+oVqkWDBWMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UE
+ChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ8wDQYDVQQDEwZ0ZXN0Q0GCCQC3
+B6P+Kn4DxjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFvT+ze3xIML
+m3cE5EL7PX1LpIz1Lcr0gTb0h9gPYLC7tr7MhPo+cMS9/iSAmGqEySIURveuD4IM
+a6uHGdO+DyO+RAW1iCiz9FvkNx/La7lCJcxrfoB+r25XpCW9R7nLJNpUaqq45Jhu
+LWs1oo+TJtWzwX6q3l5SaFoeyUr2zgKc
+-----END CERTIFICATE-----

pulsar-broker/src/test/resources/authentication/tls/client-cert.pem

+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            b7:07:a3:fe:2a:7e:03:c8
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=testCA
+        Validity
+            Not Before: Feb 16 23:00:44 2017 GMT
+            Not After : Feb 16 23:00:44 2018 GMT
+        Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=superUser
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:e8:da:eb:a8:0b:e8:e8:20:ca:2a:ae:14:c2:07:
+                    87:ab:70:47:00:2c:9d:7b:f5:9f:ea:f6:68:cb:15:
+                    37:8c:1d:9d:2e:88:d7:c7:fa:b6:69:be:26:84:ec:
+                    a4:96:dc:98:13:0b:7c:72:f3:4e:af:04:28:e7:da:
+                    1f:9d:88:e9:1b:a5:21:74:5b:6a:eb:ce:69:fa:3e:
+                    57:31:cb:06:4e:38:ab:f5:f5:cf:a9:f3:1f:15:7e:
+                    72:14:e0:62:ab:21:61:d4:78:19:82:3a:6b:2d:71:
+                    bc:2c:5f:f5:60:5b:46:6b:77:9f:fe:31:64:a6:5a:
+                    94:4b:8d:a0:4c:18:3d:b1:d3:32:11:36:5f:2c:2c:
+                    6d:32:b8:03:7b:fb:4e:f4:e3:96:6a:40:6b:ca:70:
+                    0f:5f:0e:37:ca:6d:5c:02:fa:25:ff:96:75:0f:47:
+                    d5:d1:53:43:3a:e7:90:a1:79:3c:e4:95:35:d1:fb:
+                    05:02:18:c6:f0:a7:63:78:9b:5c:62:46:0c:50:4c:
+                    02:f1:01:8d:15:49:7a:40:0d:84:bd:e0:84:0b:5e:
+                    36:2a:05:93:30:3d:6c:2a:bd:e5:9c:5d:0b:f2:93:
+                    88:4b:e9:db:92:0e:40:20:1d:ca:a3:74:4b:68:81:
+                    8f:25:f7:07:d4:21:f8:d8:b0:06:b8:2e:1e:4e:e6:
+                    7c:c9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                BC:04:07:17:DE:EA:8E:22:D1:0C:B5:7F:51:83:8C:EE:9B:AD:FE:FC
+            X509v3 Authority Key Identifier: 
+                keyid:DB:22:F6:EF:06:5B:88:5F:9F:32:15:9E:A4:86:21:C4:85:12:CC:66
+
+    Signature Algorithm: sha1WithRSAEncryption
+        41:25:f8:28:74:4a:59:88:05:8d:27:7b:c0:eb:8e:4c:7b:91:
+        10:2e:5e:e0:e7:90:aa:06:3b:c6:8b:23:c9:20:d5:58:ad:65:
+        30:8b:c3:13:0f:15:86:84:a9:f8:85:45:50:57:fe:7e:79:16:
+        59:31:df:01:f9:fd:78:3f:33:84:cd:f0:99:bd:f6:c6:19:4f:
+        b1:de:bd:6c:9d:9d:8a:98:5f:df:3b:cd:e7:2c:ff:37:e7:7b:
+        9b:88:cb:ca:18:08:45:52:1c:ab:f4:3a:f7:13:5e:a2:44:29:
+        7e:c2:f0:09:6d:fa:68:82:8b:ac:1c:24:99:66:43:fc:cf:07:
+        24:f0
+-----BEGIN CERTIFICATE-----
+MIIDLDCCApWgAwIBAgIJALcHo/4qfgPIMA0GCSqGSIb3DQEBBQUAMFYxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnRlc3RDQTAeFw0xNzAyMTYyMzAwNDRa
+Fw0xODAyMTYyMzAwNDRaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
+YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMT
+CXN1cGVyVXNlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOja66gL
+6OggyiquFMIHh6twRwAsnXv1n+r2aMsVN4wdnS6I18f6tmm+JoTspJbcmBMLfHLz
+Tq8EKOfaH52I6RulIXRbauvOafo+VzHLBk44q/X1z6nzHxV+chTgYqshYdR4GYI6
+ay1xvCxf9WBbRmt3n/4xZKZalEuNoEwYPbHTMhE2XywsbTK4A3v7TvTjlmpAa8pw
+D18ON8ptXAL6Jf+WdQ9H1dFTQzrnkKF5POSVNdH7BQIYxvCnY3ibXGJGDFBMAvEB
+jRVJekANhL3ghAteNioFkzA9bCq95ZxdC/KTiEvp25IOQCAdyqN0S2iBjyX3B9Qh
++NiwBrguHk7mfMkCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd
+T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFLwEBxfe6o4i
+0Qy1f1GDjO6brf78MB8GA1UdIwQYMBaAFNsi9u8GW4hfnzIVnqSGIcSFEsxmMA0G
+CSqGSIb3DQEBBQUAA4GBAEEl+Ch0SlmIBY0ne8Drjkx7kRAuXuDnkKoGO8aLI8kg
+1VitZTCLwxMPFYaEqfiFRVBX/n55Flkx3wH5/Xg/M4TN8Jm99sYZT7HevWydnYqY
+X987zecs/zfne5uIy8oYCEVSHKv0OvcTXqJEKX7C8Alt+miCi6wcJJlmQ/zPByTw
+-----END CERTIFICATE-----

pulsar-broker/src/test/resources/authentication/tls/client-key.pem

+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDo2uuoC+joIMoq
+rhTCB4ercEcALJ179Z/q9mjLFTeMHZ0uiNfH+rZpviaE7KSW3JgTC3xy806vBCjn
+2h+diOkbpSF0W2rrzmn6PlcxywZOOKv19c+p8x8VfnIU4GKrIWHUeBmCOmstcbws
+X/VgW0Zrd5/+MWSmWpRLjaBMGD2x0zIRNl8sLG0yuAN7+07045ZqQGvKcA9fDjfK
+bVwC+iX/lnUPR9XRU0M655CheTzklTXR+wUCGMbwp2N4m1xiRgxQTALxAY0VSXpA
+DYS94IQLXjYqBZMwPWwqveWcXQvyk4hL6duSDkAgHcqjdEtogY8l9wfUIfjYsAa4
+Lh5O5nzJAgMBAAECggEAHTdywBgWdiG/HBHRmvLU7Abfcb8nV2lfUlzukySrXpJM
+qY0T/gyQHL52GNGUaTVug106lTXAFqef9k9hDiQik4xpoS7jQIkatQJjcGT3+pKT
+yP25u6o8qTa/W6031B8RJlaXZMatsfsGUE8N+7QYJt3QnlVWOqU83Cn+Be44t3n6
+FIDsNdNb2ML/h+4jNrKbNXRKOd4qiAUOzyZ1q1H74fGkHq1fEJQ9mXW75/T7xbWN
+Yb2Cs4bWFeYnEJaNoeWsadGfpNzULOBI0PB55hX1m7KhbJqkCyZmcSlMG4JMnuHf
+Q0zZyIjElRWpJRAle0jSQ4IpZBZYOlYsH+GHV9eH/QKBgQD33CqzUaIHlXYQknP8
+ZCwd0Gu4edumvY0WTzW/fq07LuX8T7fx5wF93xKhbECn0JghElQOyuLxJ1IDm2Oi
+AckmBDRrd4eL4eaAVNIWwYQqSLilQMsdVZbvh4zkKBTBMpyLxgPOCLDwsA2lrAS6
+w8J9IRsBI9OpNcg3/IdhBdUZgwKBgQDwgJpz0tVPqY9Fqe+Uaj4u2Mu2lCfOpTDY
+oCGzMBlDO5yzZDR2jKoOZ3b/SB8n4Dyed+VWQd80z2WYcHweXAbGPzPIdiF2q/KB
+VkFpfDmd22uoCPM1snnbIycg32VFo3anrrWbzHfkwJgvV5gVCQt7m+5F0SiZpcHX
+0mt07DRawwKBgFE9p/1Yr3w+4BD0f/HlP5SSIQy5XGad0KXUVrCqq8svRxDZbFhs
+uE9yk5+3ZMXcmFCWuliS5anXkok+IH0UisLcM/ZZmmMeKzg7FRWCXnihl2wK/chi
+qnNega6y+IKOvUMPJ2Yb8Ssi+YYpCO/ShGgRNtG71X+r8jFvo0wI5l1TAoGBANgu
+4adHVxM6mVzHemHwdmDp44QE/RtVhejTWDeX/r1esmbWpgoCO0KjYmXqUIcpm5Pe
+tjmpEJiJ7Qrv4cHweu5tFYEWHtJrkZsNC9NkJO5utADhuq0D92Ex4hQ8eu30F852
+zyxyyTrInIPBuyT9cmL0MWR0tIgYZXw42vrI7+69AoGABjHcheK5fTQBRsUWSkpD
+YEz1AZoMyuib/zLqnZZjt7rasQY7/hYbFVN/Q/eTkJFV5ETLRr9mGms7FiWZry4y
+XmPhku2Ed7jiTrzErNtU99tzrPcuJp7h1rLPbFdwqtsiEtOrBZ0n3QdbkNF8Y4TO
+qaqdxv3/Gf9er+TxtYHJKz4=
+-----END PRIVATE KEY-----

pulsar-client-cpp/lib/auth/AuthTls.cc

@@ -18,47 +18,47 @@
 
 namespace pulsar {
     AuthDataTls::AuthDataTls(ParamMap& params) {
-        tlsCertificates_ = params["tlsCertificates"];
-        tlsPrivateKey_ = params["tlsPrivateKey"];
+        tlsCertificates_ = params["tlsCertFile"];
+        tlsPrivateKey_ = params["tlsKeyFile"];
     }
-    
+
     AuthDataTls::~AuthDataTls() {
-        
+
     }
-    
+
     bool AuthDataTls::hasDataForTls() {
         return true;
     }
-    
+
     std::string AuthDataTls::getTlsCertificates() {
         return tlsCertificates_;
     }
-    
+
     std::string AuthDataTls::getTlsPrivateKey() {
         return tlsPrivateKey_;
     }
-    
+
     AuthTls::AuthTls(AuthenticationDataPtr& authDataTls) {
         authDataTls_ = authDataTls;
     }
-    
+
     AuthTls::~AuthTls() {
     }
-    
+
     AuthenticationPtr AuthTls::create(ParamMap& params) {
         AuthenticationDataPtr authDataTls = AuthenticationDataPtr(new AuthDataTls(params));
         return AuthenticationPtr(new AuthTls(authDataTls));
     }
-    
+
     const std::string AuthTls::getAuthMethodName() const {
         return "tls";
     }
-    
+
     Result AuthTls::getAuthData(AuthenticationDataPtr& authDataContent) const {
         authDataContent = authDataTls_;
         return ResultOk;
     }
-    
+
     extern "C" Authentication* create(ParamMap& params) {
         AuthenticationDataPtr authDataTls = AuthenticationDataPtr(new AuthDataTls(params));
         return new AuthTls(authDataTls);

pulsar-client-cpp/tests/AuthPluginTest.cc

@@ -16,6 +16,26 @@
 
 #include "pulsar/Auth.h"
 #include <gtest/gtest.h>
+#include <pulsar/Client.h>
+#include <boost/lexical_cast.hpp>
+#include <lib/LogUtils.h>
+
+#include "lib/Future.h"
+#include "lib/Utils.h"
+DECLARE_LOG_OBJECT()
+
+using namespace pulsar;
+
+int globalTestTlsMessagesCounter = 0;
+static std::string lookupUrlTls = "pulsar+ssl://localhost:9886";
+
+static void sendCallBackTls(Result r, const Message& msg) {
+    ASSERT_EQ(r, ResultOk);
+    std::string prefix = "test-tls-message-";
+    std::string messageContent = prefix + boost::lexical_cast<std::string>(globalTestTlsMessagesCounter++);
+    ASSERT_EQ(messageContent, msg.getDataAsString());
+    LOG_DEBUG("Received publish acknowledgement for " << msg.getDataAsString());
+}
 
 TEST(AuthPluginTest, testCreate) {
     pulsar::AuthenticationDataPtr data;
@@ -29,6 +49,70 @@ TEST(AuthPluginTest, testCreate) {
     ASSERT_EQ(auth.use_count(), 1);
 }
 
+TEST(AuthPluginTest, testTls) {
+    ClientConfiguration config = ClientConfiguration();
+    config.setUseTls(true);
+    std::string certfile = "../../pulsar-broker/src/test/resources/authentication/tls/cacert.pem";
+    std::string params =  "tlsCertFile:../../pulsar-broker/src/test/resources/authentication/tls/client-cert.pem,tlsKeyFile:../../pulsar-broker/src/test/resources/authentication/tls/client-key.pem";
+    config.setTlsTrustCertsFilePath(certfile);
+    config.setTlsAllowInsecureConnection(false);
+    AuthenticationPtr auth = pulsar::Auth::create("../lib/auth/libauthtls.so", params);
+    config.setAuthentication(auth);
+    Client client(lookupUrlTls,config);
+
+    std::string topicName = "persistent://property/cluster/namespace/test-tls";
+    std::string subName = "subscription-name";
+    int numOfMessages = 10;
+
+    Producer producer;
+    Promise<Result, Producer> producerPromise;
+    client.createProducerAsync(topicName, WaitForCallbackValue<Producer>(producerPromise));
+    Future<Result, Producer> producerFuture = producerPromise.getFuture();
+    Result result = producerFuture.get(producer);
+    ASSERT_EQ(ResultOk, result);
+
+    Consumer consumer;
+    Promise<Result, Consumer> consumerPromise;
+    client.subscribeAsync(topicName, subName, WaitForCallbackValue<Consumer>(consumerPromise));
+    Future<Result, Consumer> consumerFuture = consumerPromise.getFuture();
+    result = consumerFuture.get(consumer);
+    ASSERT_EQ(ResultOk, result);
+
+    // handling dangling subscriptions
+    consumer.unsubscribe();
+    client.subscribe(topicName, subName, consumer);
+
+    std::string temp = producer.getTopic();
+    ASSERT_EQ(temp, topicName);
+    temp = consumer.getTopic();
+    ASSERT_EQ(temp, topicName);
+    ASSERT_EQ(consumer.getSubscriptionName(), subName);
+
+    // Send Asynchronously
+    std::string prefix = "test-tls-message-";
+    for (int i = 0; i<numOfMessages; i++) {
+        std::string messageContent = prefix + boost::lexical_cast<std::string>(i);
+        Message msg = MessageBuilder().setContent(messageContent).setProperty("msgIndex", boost::lexical_cast<std::string>(i)).build();
+        producer.sendAsync(msg, &sendCallBackTls);
+        LOG_INFO("sending message " << messageContent);
+    }
+
+    Message receivedMsg;
+    int i = 0;
+    while (consumer.receive(receivedMsg, 5000) == ResultOk) {
+        std::string expectedMessageContent = prefix + boost::lexical_cast<std::string>(i);
+        LOG_INFO("Received Message with [ content - " << receivedMsg.getDataAsString() << "] [ messageID = " << receivedMsg.getMessageId() << "]");
+        ASSERT_EQ(receivedMsg.getProperty("msgIndex"), boost::lexical_cast<std::string>(i++));
+        ASSERT_EQ(expectedMessageContent, receivedMsg.getDataAsString());
+        ASSERT_EQ(ResultOk, consumer.acknowledge(receivedMsg));
+    }
+    // Number of messages produced
+    ASSERT_EQ(globalTestTlsMessagesCounter, numOfMessages);
+
+    // Number of messages consumed
+    ASSERT_EQ(i, numOfMessages);
+}
+
 TEST(AuthPluginTest, testDisable) {
     pulsar::AuthenticationDataPtr data;
 

pulsar-client-cpp/tests/authentication.conf

+#
+# Copyright 2016 Yahoo Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+### --- General broker settings --- ###
+
+# Zookeeper quorum connection string
+zookeeperServers=
+
+# Global Zookeeper quorum connection string
+globalZookeeperServers=
+
+brokerServicePort=9885
+brokerServicePortTls=9886
+
+# Port to use to server HTTP request
+webServicePort=9765
+webServicePortTls=9766
+
+# Hostname or IP address the service binds on, default is 0.0.0.0.
+bindAddress=0.0.0.0
+
+# Hostname or IP address the service advertises to the outside world. If not set, the value of InetAddress.getLocalHost().getHostName() is used.
+advertisedAddress=localhost
+
+# Name of the cluster to which this broker belongs to
+clusterName=cluster
+
+# Zookeeper session timeout in milliseconds
+zooKeeperSessionTimeoutMillis=30000
+
+# Time to wait for broker graceful shutdown. After this time elapses, the process will be killed
+brokerShutdownTimeoutMs=3000
+
+# Enable backlog quota check. Enforces action on topic when the quota is reached
+backlogQuotaCheckEnabled=true
+
+# How often to check for topics that have reached the quota
+backlogQuotaCheckIntervalInSeconds=60
+
+# Default per-topic backlog quota limit
+backlogQuotaDefaultLimitGB=10
+
+# Enable the deletion of inactive topics
+brokerDeleteInactiveTopicsEnabled=true
+
+# How often to check for inactive topics
+brokerDeleteInactiveTopicsFrequencySeconds=60
+
+# How frequently to proactively check and purge expired messages
+messageExpiryCheckIntervalInMinutes=5
+
+# Enable check for minimum allowed client library version
+clientLibraryVersionCheckEnabled=false
+
+# Allow client libraries with no version information
+clientLibraryVersionCheckAllowUnversioned=true
+
+# Path for the file used to determine the rotation status for the broker when responding
+# to service discovery health checks
+statusFilePath=/usr/local/apache/htdocs
+
+# Max number of unacknowledged messages allowed to receive messages by a consumer on a shared subscription. Broker will stop sending
+# messages to consumer once, this limit reaches until consumer starts acknowledging messages back
+# Using a value of 0, is disabling unackeMessage limit check and consumer can receive messages without any restriction
+maxUnackedMessagesPerConsumer=50000
+
+### --- Authentication --- ###
+
+# Enable TLS
+tlsEnabled=true
+tlsCertificateFilePath=./pulsar-broker/src/test/resources/authentication/tls/broker-cert.pem
+tlsKeyFilePath=./pulsar-broker/src/test/resources/authentication/tls/broker-key.pem
+tlsTrustCertsFilePath=./pulsar-broker/src/test/resources/authentication/tls/cacert.pem
+tlsAllowInsecureConnection=true
+
+# Enable authentication
+authenticationEnabled=true
+
+# Autentication provider name list, which is comma separated list of class names
+authenticationProviders=com.yahoo.pulsar.broker.authentication.AuthenticationProviderTls
+
+# Enforce authorization
+authorizationEnabled=true
+
+# Role names that are treated as "super-user", meaning they will be able to do all admin
+# operations and publish/consume from all topics
+superUserRoles=localhost,superUser
+
+# Authentication settings of the broker itself. Used when the broker connects to other brokers,
+# either in same or other clusters
+brokerClientAuthenticationPlugin=
+brokerClientAuthenticationParameters=
+
+### --- BookKeeper Client --- ###
+
+# Authentication plugin to use when connecting to bookies
+bookkeeperClientAuthenticationPlugin=
+
+# BookKeeper auth plugin implementatation specifics parameters name and values
+bookkeeperClientAuthenticationParametersName=
+bookkeeperClientAuthenticationParameters=
+
+# Timeout for BK add / read operations
+bookkeeperClientTimeoutInSeconds=30
+
+# Speculative reads are initiated if a read request doesn't complete within a certain time
+# Using a value of 0, is disabling the speculative reads
+bookkeeperClientSpeculativeReadTimeoutInMillis=0
+
+# Enable bookies health check. Bookies that have more than the configured number of failure within
+# the interval will be quarantined for some time. During this period, new ledgers won't be created
+# on these bookies
+bookkeeperClientHealthCheckEnabled=true
+bookkeeperClientHealthCheckIntervalSeconds=60
+bookkeeperClientHealthCheckErrorThresholdPerInterval=5
+bookkeeperClientHealthCheckQuarantineTimeInSeconds=1800
+
+# Enable rack-aware bookie selection policy. BK will chose bookies from different racks when
+# forming a new bookie ensemble
+bookkeeperClientRackawarePolicyEnabled=true
+
+# Enable bookie isolation by specifying a list of bookie groups to choose from. Any bookie
+# outside the specified groups will not be used by the broker
+bookkeeperClientIsolationGroups=
+
+### --- Managed Ledger --- ###
+
+# Number of bookies to use when creating a ledger
+managedLedgerDefaultEnsembleSize=1
+
+# Number of copies to store for each message
+managedLedgerDefaultWriteQuorum=1
+
+# Number of guaranteed copies (acks to wait before write is complete)
+managedLedgerDefaultAckQuorum=1
+
+# Amount of memory to use for caching data payload in managed ledger. This memory
+# is allocated from JVM direct memory and it's shared across all the topics
+# running  in the same broker
+managedLedgerCacheSizeMB=1024
+
+# Threshold to which bring down the cache level when eviction is triggered
+managedLedgerCacheEvictionWatermark=0.9
+
+# Rate limit the amount of writes generated by consumer acking the messages
+managedLedgerDefaultMarkDeleteRateLimit=0.1
+
+# Max number of entries to append to a ledger before triggering a rollover
+# A ledger rollover is triggered on these conditions
+#  * Either the max rollover time has been reached
+#  * or max entries have been written to the ledged and at least min-time
+#    has passed
+managedLedgerMaxEntriesPerLedger=50000
+
+# Minimum time between ledger rollover for a topic
+managedLedgerMinLedgerRolloverTimeMinutes=10
+
+# Maximum time before forcing a ledger rollover for a topic
+managedLedgerMaxLedgerRolloverTimeMinutes=240
+
+# Max number of entries to append to a cursor ledger
+managedLedgerCursorMaxEntriesPerLedger=50000
+
+# Max time before triggering a rollover on a cursor ledger
+managedLedgerCursorRolloverTimeInSeconds=14400
+
+
+
+### --- Load balancer --- ###
+
+# Enable load balancer
+loadBalancerEnabled=false
+
+# Strategy to assign a new bundle
+loadBalancerPlacementStrategy=weightedRandomSelection
+
+# Percentage of change to trigger load report update
+loadBalancerReportUpdateThresholdPercentage=10
+
+# maximum interval to update load report
+loadBalancerReportUpdateMaxIntervalMinutes=15
+
+# Frequency of report to collect
+loadBalancerHostUsageCheckIntervalMinutes=1
+
+# Load shedding interval. Broker periodically checks whether some traffic should be offload from
+# some over-loaded broker to other under-loaded brokers
+loadBalancerSheddingIntervalMinutes=30
+
+# Prevent the same topics to be shed and moved to other broker more that once within this timeframe
+loadBalancerSheddingGracePeriodMinutes=30
+
+# Usage threshold to determine a broker as under-loaded
+loadBalancerBrokerUnderloadedThresholdPercentage=1
+
+# Usage threshold to determine a broker as over-loaded
+loadBalancerBrokerOverloadedThresholdPercentage=85
+
+# Interval to update namespace bundle resource quotat
+loadBalancerResourceQuotaUpdateIntervalMinutes=15
+
+# Usage threshold to determine a broker is having just right level of load
+loadBalancerBrokerComfortLoadLevelPercentage=65
+
+# enable/disable namespace bundle auto split
+loadBalancerAutoBundleSplitEnabled=false
+
+# interval to detect & split hot namespace bundle
+loadBalancerNamespaceBundleSplitIntervalMinutes=15
+
+# maximum topics in a bundle, otherwise bundle split will be triggered
+loadBalancerNamespaceBundleMaxTopics=1000
+
+# maximum sessions (producers + consumers) in a bundle, otherwise bundle split will be triggered
+loadBalancerNamespaceBundleMaxSessions=1000
+
+# maximum msgRate (in + out) in a bundle, otherwise bundle split will be triggered
+loadBalancerNamespaceBundleMaxMsgRate=1000
+
+# maximum bandwidth (in + out) in a bundle, otherwise bundle split will be triggered
+loadBalancerNamespaceBundleMaxBandwidthMbytes=100
+
+# maximum number of bundles in a namespace
+loadBalancerNamespaceMaximumBundles=128
+
+### --- Replication --- ###
+
+# Enable replication metrics
+replicationMetricsEnabled=true
+
+# Max number of connections to open for each broker in a remote cluster
+# More connections host-to-host lead to better throughput over high-latency
+# links.
+replicationConnectionsPerBroker=16
+
+# Replicator producer queue size
+replicationProducerQueueSize=1000
+
+# Default message retention time
+defaultRetentionTimeInMinutes=0
+
+# Default retention size
+defaultRetentionSizeInMB=0
+
+# How often to check whether the connections are still alive
+keepAliveIntervalSeconds=30
+
+# How often broker checks for inactive topics to be deleted (topics with no subscriptions and no one connected)
+brokerServicePurgeInactiveFrequencyInSeconds=60

pulsar-client-cpp/tests/client.conf

+#
+# Copyright 2016 Yahoo Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Pulsar Client configuration
+webServiceUrl=https://localhost:9766/
+brokerServiceUrl=pulsar+ssl://localhost:9886/
+useTls=true
+tlsAllowInsecureConnection=true
+tlsTrustCertsFilePath=./pulsar-broker/src/test/resources/authentication/tls/cacert.pem
+authPlugin=com.yahoo.pulsar.client.impl.auth.AuthenticationTls
+authParams=tlsCertFile:./pulsar-broker/src/test/resources/authentication/tls/client-cert.pem,tlsKeyFile:./pulsar-broker/src/test/resources/authentication/tls/client-key.pem

pulsar-client-cpp/travis-build.sh

@@ -5,9 +5,9 @@
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
 #  You may obtain a copy of the License at
-# 
+#
 #      http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -58,13 +58,18 @@ if [ "$3" = "all" -o "$3" = "dep" ]; then
   exec_cmd "pushd $1/ && wget https://github.com/google/protobuf/releases/download/v2.6.1/protobuf-2.6.1.tar.gz && popd";
   exec_cmd "pushd /usr/src/gtest && cmake . && make && cp *.a /usr/lib && popd";
   exec_cmd "pushd $1/ && tar xvfz $1/protobuf-2.6.1.tar.gz && pushd $1/protobuf-2.6.1 && ./configure && make && make install && popd && popd";
-fi           
+fi
 
 if [ "$3" = "all" -o "$3" = "compile" ]; then
   # Compile and run unit tests
   exec_cmd "pushd $2/pulsar-client-cpp && cmake . && make && popd";
   PULSAR_STANDALONE_CONF=$2/pulsar-client-cpp/tests/standalone.conf $2/bin/pulsar standalone &
-  pid=$!;
-  exec_cmd "sleep 10 && pushd $2/pulsar-client-cpp/tests && ./main && popd";
+  standalone_pid=$!;
+  PULSAR_STANDALONE_CONF=$2/pulsar-client-cpp/tests/authentication.conf $2/bin/pulsar standalone --zookeeper-port 2191 --bookkeeper-port 3191 --zookeeper-dir data2/standalone/zookeeper --bookkeeper-dir data2/standalone/zookeeper &
+  auth_pid=$!;
+  sleep 10
+  PULSAR_CLIENT_CONF=$2/pulsar-client-cpp/tests/client.conf $2/bin/pulsar-admin clusters create --url http://localhost:9765/ --url-secure https://localhost:9766/ --broker-url pulsar://localhost:9885/ --broker-url-secure pulsar+ssl://localhost:9886/ cluster
+  exec_cmd "sleep 5 && pushd $2/pulsar-client-cpp/tests && ./main && popd";
   exec_cmd "kill -SIGTERM $pid";
-fi 
+  exec_cmd "kill -SIGTERM $auth_pid";
+fi