[Bug] tlsTrustCertsFilePath does not work for OAuth2 authentication

[BewareMyPower]

Search before asking

• I searched in the issues and found nothing similar.

Version

OS: macOS m1
Client: https://archive.apache.org/dist/pulsar/pulsar-client-cpp-3.4.1/

Minimal reproduce step

The same reproduce steps with #184

What did you expect to see?

What did you see instead?

Even if setTlsTrustCertsFilePath is configured, the OAuth2 authentication will still fail.

2023-12-05 15:30:28.066 ERROR [0x16d9c7000] AuthOauth2:390 | Response failed for issuerurl <...>. ErrorCode 60: SSL certificate problem: unable to get local issuer certificate passedin: 

Anything else?

It's a regression brought by #313, the tlsTrustCertsFilePath config didn't work for OAuth2.

pulsar-client-cpp/lib/auth/AuthOauth2.cc

Line 346 in 63d494f

curl.get(tokenEndPoint_, "Content-Type: application/x-www-form-urlencoded", options, nullptr);

The last argument is nullptr, i.e. CurlWrapper does not load any CA certs for AuthOauth2::authenticate.

While you can see it's applied in

pulsar-client-cpp/lib/auth/AuthOauth2.cc

Lines 232 to 237 in 63d494f

	if (!tlsTrustCertsFilePath_.empty()) {
	tlsContext.reset(new CurlWrapper::TlsContext);
	tlsContext->trustCertsFilePath = tlsTrustCertsFilePath_;
	}
	auto result = curl.get(wellKnownUrl, "Accept: application/json", {}, tlsContext.get());

Are you willing to submit a PR?

• I'm willing to submit a PR!

[BewareMyPower]

The workflow here can describe this issue more clearly.

2023-12-05 12:06:36.958 INFO  [140093743501632] ClientConnection:189 | [<none> -> pulsar://localhost:6650] Create ClientConnection, timeout=10000
2023-12-05 12:06:36.958 INFO  [140093743501632] ConnectionPool:114 | Created connection for pulsar://localhost:6650-0
2023-12-05 12:06:36.962 INFO  [140093735237184] ClientConnection:396 | [[::1]:51810 -> [::1]:6650] Connected to broker
2023-12-05 12:06:36.968 ERROR [140093735237184] AuthOauth2:272 | Response failed for getting the well-known configuration https://dev-kt-aa9ne.us.auth0.com./ Error Code 77: error setting certificate file: /etc/ssl/certs/ca-certificates.crt
2023-12-05 12:06:36.968 ERROR [140093735237184] ClientConnection:515 | [[::1]:51810 -> [::1]:6650] Failed to establish connection: AuthenticationError
2023-12-05 12:06:36.968 ERROR [140093735237184] ClientConnection:1315 | [[::1]:51810 -> [::1]:6650] Connection closed with AuthenticationError (refCnt: 2)
2023-12-05 12:06:36.968 INFO  [140093735237184] ConnectionPool:129 | Remove connection for pulsar://localhost:6650-0
2023-12-05 12:06:36.968 ERROR [140093735237184] ClientImpl:198 | Error Checking/Getting Partition Metadata while creating producer on persistent://public/default/oauth2-test -- AuthenticationError
/home/runner/work/pulsar-client-cpp/pulsar-client-cpp/tests/oauth2/Oauth2Test.cc:84: Failure
Expected equality of these values:
  ResultOk
    Which is: Ok
  client.createProducer("oauth2-test", producer)
    Which is: AuthenticationError
[  FAILED  ] Oauth2Test.testTlsTrustFilePath (12 ms)

    const auto caPath = "/etc/ssl/certs/my-cert.crt";
    /* ... */
    ClientConfiguration conf;
    conf.setTlsTrustCertsFilePath(caPath);
    auto params = gCommonParams;
    params["private_key"] = "file://" + gKeyPath;
    conf.setAuth(AuthOauth2::create(params));

The code above shows the default CA cert (/etc/ssl/certs/ca-certificates.crt) was deleted, even if setting tlsTrustCertsFilePath with the new location (/etc/ssl/certs/my-cert.crt), the OAuth2 authentication still failed.