Skip to content

[improve] [pip] PIP-290 Provide a way to implement WSS E2E encryption and not need to expose the private key to the WebSocket Proxy#20923

Merged
poorbarcode merged 51 commits into
apache:masterfrom
poorbarcode:pip/290
Aug 23, 2023
Merged

Conversation

@poorbarcode

@poorbarcode poorbarcode commented Aug 2, 2023
edited
Loading

Copy link
Copy Markdown
Contributor

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

Matching PR in forked repository

PR in forked repository: x

@poorbarcode poorbarcode self-assigned this Aug 2, 2023
@github-actions github-actions Bot added type/PIP doc-required Your PR changes impact docs and you will update later. labels Aug 2, 2023
@poorbarcode poorbarcode added this to the 3.2.0 milestone Aug 2, 2023
@poorbarcode poorbarcode changed the title [improve] [pip] PIP-290 Provide a way to implement WSS E2E encryption and not need to expose the private key to the WebSocket Proxy. [improve] [pip] PIP-290 Provide a way to implement WSS E2E encryption and not need to expose the private key to the WebSocket Proxy Aug 2, 2023
@poorbarcode poorbarcode mentioned this pull request Aug 10, 2023
Closed
4 tasks
@poorbarcode poorbarcode mentioned this pull request Aug 17, 2023
Merged
4 tasks
codelipenghui
codelipenghui previously approved these changes Aug 21, 2023
View reviewed changes
Comment thread pip/pip-290.md Outdated
Comment on lines +98 to +99
| `encryptionKeyValues` | Base64 encoded and URL encoded secret key |
| `encryptionKeyMetadata` | Base64 encoded and URL encoded and JSON formatted key-value metadata list of encryption key |

@codelipenghui codelipenghui Aug 21, 2023

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not add the key metadata to the encryptionKeyValues JSON structure? So that it will align with the returned data structure to consumers.

And could you please also provide an example of what is the original data looks like? without base64 and URL encoding.

@poorbarcode poorbarcode Aug 21, 2023

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not add the key metadata to the encryptionKeyValues JSON structure? So that it will align with the returned data structure to consumers.

I added a new mode for the parameter encryptionKeys: If a producer registered with a JSON parameter encryptionKeys, and the encryptionKeys[{key_name}].keyValue is not empty, Web Socket Proxy Server will mark this Producer as Client-Side Encryption Producer, then discard server-side batch messages, server-side compression, and server-side encryption.

And could you please also provide an example of what is the original data looks like? without base64 and URL encoding.

Done.

@codelipenghui codelipenghui dismissed their stale review August 21, 2023 14:31

Accidently clicked the approve button

@poorbarcode poorbarcode merged commit faa2d3d into apache:master Aug 23, 2023
poorbarcode added a commit that referenced this pull request Aug 25, 2023
@poorbarcode
[feat][ws] PIP-290 Make WSS support E2E encryption (#20958)
07eef59 
See PIP: #20923
poorbarcode added a commit to streamnative/pulsar-archived that referenced this pull request Aug 29, 2023
@poorbarcode
[feat][ws] PIP-290 Make WSS support E2E encryption (apache#20958)
aa93a99 
See PIP: apache#20923

(cherry picked from commit 07eef59)
@poorbarcode poorbarcode mentioned this pull request Aug 30, 2023
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@codelipenghui codelipenghui codelipenghui approved these changes

Assignees

@poorbarcode poorbarcode

Labels

area/websocket doc-required Your PR changes impact docs and you will update later. type/PIP

Projects

None yet

Milestone

3.2.0

Development

Successfully merging this pull request may close these issues.

2 participants

@poorbarcode @codelipenghui