Examples with SslClientAuth org.apache.kafka.common.config.SslClientAuth used on opensource projects
Example 1 with SslClientAuth
use of org.apache.kafka.common.config.SslClientAuth in project kafka by apache.
the class SaslAuthenticatorTest method verifySslClientAuthForSaslSslListener.
private void verifySslClientAuthForSaslSslListener(boolean useListenerPrefix, SslClientAuth configuredClientAuth) throws Exception {
SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
configureMechanisms("PLAIN", Collections.singletonList("PLAIN"));
String listenerPrefix = useListenerPrefix ? ListenerName.forSecurityProtocol(securityProtocol).configPrefix() : "";
saslServerConfigs.put(listenerPrefix + BrokerSecurityConfigs.SSL_CLIENT_AUTH_CONFIG, configuredClientAuth.name());
saslServerConfigs.put(BrokerSecurityConfigs.PRINCIPAL_BUILDER_CLASS_CONFIG, SaslSslPrincipalBuilder.class.getName());
server = createEchoServer(securityProtocol);
SslClientAuth expectedClientAuth = useListenerPrefix ? configuredClientAuth : SslClientAuth.NONE;
String certDn = "O=A client,CN=localhost";
KafkaPrincipal principalWithMutualTls = SaslSslPrincipalBuilder.saslSslPrincipal(TestJaasConfig.USERNAME, certDn);
KafkaPrincipal principalWithOneWayTls = SaslSslPrincipalBuilder.saslSslPrincipal(TestJaasConfig.USERNAME, "ANONYMOUS");
// Client configured with valid key store
createAndCheckClientConnectionAndPrincipal(securityProtocol, "0", expectedClientAuth == SslClientAuth.NONE ? principalWithOneWayTls : principalWithMutualTls);
// Client does not configure key store
removeClientSslKeystore();
if (expectedClientAuth != SslClientAuth.REQUIRED) {
createAndCheckClientConnectionAndPrincipal(securityProtocol, "1", principalWithOneWayTls);
} else {
createAndCheckSslAuthenticationFailure(securityProtocol, "1");
}
// Client configures untrusted key store
CertStores newStore = new CertStores(false, "localhost");
newStore.keyStoreProps().forEach((k, v) -> saslClientConfigs.put(k, v));
if (expectedClientAuth == SslClientAuth.NONE) {
createAndCheckClientConnectionAndPrincipal(securityProtocol, "2", principalWithOneWayTls);
} else {
createAndCheckSslAuthenticationFailure(securityProtocol, "2");
}
}
Also used :
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
KafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal)
SslClientAuth(org.apache.kafka.common.config.SslClientAuth)
CertStores(org.apache.kafka.common.network.CertStores)
Example 2 with SslClientAuth
use of org.apache.kafka.common.config.SslClientAuth in project kafka by apache.
the class DefaultSslEngineFactory method createSslClientAuth.
private static SslClientAuth createSslClientAuth(String key) {
SslClientAuth auth = SslClientAuth.forConfig(key);
if (auth != null) {
return auth;
}
log.warn("Unrecognized client authentication configuration {}. Falling " + "back to NONE. Recognized client authentication configurations are {}.", key, String.join(", ", SslClientAuth.VALUES.stream().map(Enum::name).collect(Collectors.toList())));
return SslClientAuth.NONE;
}
Also used :
SslClientAuth(org.apache.kafka.common.config.SslClientAuth)
Aggregations
SslClientAuth (org.apache.kafka.common.config.SslClientAuth)2
CertStores (org.apache.kafka.common.network.CertStores)1
KafkaPrincipal (org.apache.kafka.common.security.auth.KafkaPrincipal)1
SecurityProtocol (org.apache.kafka.common.security.auth.SecurityProtocol)1
