Pass private key as header in curl PUT returning error for illegal character-CodePudding

I have a .pem file containing my private key that I need to pass as an authorization header.

I've tried just using the command $(cat $REPO_ROOT/pulsar/tls/broker/broker.key.pem) but I'm getting the response: <h1>Bad Message 400</h1><pre>reason: Illegal character LF=\n</pre>0

Can I not pass the contents of my .pem straight into the header?

CLUSTER=standalone
TENANT=sandbox
NAMESPACE=integration_test
AUTHORIZATION=$(cat $REPO_ROOT/pulsar/tls/broker/broker.key.pem)


# Create tenant
curl -L -X PUT "http://localhost:$HOST_PULSAR_PORT/admin/v2/tenants/$TENANT" \
    --header "Authorization: Bearer $AUTHORIZATION" \
    --header 'Content-Type: application/json' \
    --data-raw "{\"allowedClusters\": [\"$CLUSTER\"]}"

CodePudding user response：

The private key needs to be carefully secured. You should never have to pass it in an HTTP header.

For Pulsar you should be using the private key to generate a JWT token to use in the HTTP header. You can use the following command:

bin/pulsar tokens create --private-key file:///path/to/my-private.key \
            --subject test-user

The subject of the token should match the authorization role on the Pulsar tenant or namespace. For more details, see https://pulsar.apache.org/docs/en/security-token-admin/

CodePudding user response：

Private keys are never meant to be sent as a header in a web request. Perhaps the public key.

When you try to send this:

Authorization: Bearer $AUTHORIZATION

I suspect you should send a signed JWT token instead?

Also, you try to send a pem file, as application/json, that does not match either. A pem file is typically a multi-line data structure and that needs to be encoded to be able to be sent in a header.