Search in sources :

Example 21 with Password

use of org.apache.kafka.common.config.types.Password in project kafka by apache.

the class SslTransportLayerTest method testInvalidKeyPassword.

/**
     * Tests that client connections cannot be created to a server
     * if key password is invalid
     */
@Test
public void testInvalidKeyPassword() throws Exception {
    String node = "0";
    sslServerConfigs.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, new Password("invalid"));
    server = createEchoServer(SecurityProtocol.SSL);
    createSelector(sslClientConfigs);
    InetSocketAddress addr = new InetSocketAddress("localhost", server.port());
    selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
    NetworkTestUtils.waitForChannelClose(selector, node);
}
Also used : InetSocketAddress(java.net.InetSocketAddress) Password(org.apache.kafka.common.config.types.Password) Test(org.junit.Test)

Example 22 with Password

use of org.apache.kafka.common.config.types.Password in project kafka by apache.

the class SslFactory method createSSLContext.

private SSLContext createSSLContext() throws GeneralSecurityException, IOException {
    SSLContext sslContext;
    if (provider != null)
        sslContext = SSLContext.getInstance(protocol, provider);
    else
        sslContext = SSLContext.getInstance(protocol);
    KeyManager[] keyManagers = null;
    if (keystore != null) {
        String kmfAlgorithm = this.kmfAlgorithm != null ? this.kmfAlgorithm : KeyManagerFactory.getDefaultAlgorithm();
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmfAlgorithm);
        KeyStore ks = keystore.load();
        Password keyPassword = this.keyPassword != null ? this.keyPassword : keystore.password;
        kmf.init(ks, keyPassword.value().toCharArray());
        keyManagers = kmf.getKeyManagers();
    }
    String tmfAlgorithm = this.tmfAlgorithm != null ? this.tmfAlgorithm : TrustManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
    KeyStore ts = truststore == null ? null : truststore.load();
    tmf.init(ts);
    sslContext.init(keyManagers, tmf.getTrustManagers(), this.secureRandomImplementation);
    return sslContext;
}
Also used : TrustManagerFactory(javax.net.ssl.TrustManagerFactory) SSLContext(javax.net.ssl.SSLContext) KeyManager(javax.net.ssl.KeyManager) KeyStore(java.security.KeyStore) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) Password(org.apache.kafka.common.config.types.Password)

Example 23 with Password

use of org.apache.kafka.common.config.types.Password in project apache-kafka-on-k8s by banzaicloud.

the class JaasContextTest method configurationEntry.

private AppConfigurationEntry configurationEntry(JaasContext.Type contextType, String jaasConfigProp) {
    Password saslJaasConfig = jaasConfigProp == null ? null : new Password(jaasConfigProp);
    JaasContext context = JaasContext.load(contextType, null, contextType.name(), saslJaasConfig);
    List<AppConfigurationEntry> entries = context.configurationEntries();
    assertEquals(1, entries.size());
    return entries.get(0);
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) Password(org.apache.kafka.common.config.types.Password)

Example 24 with Password

use of org.apache.kafka.common.config.types.Password in project apache-kafka-on-k8s by banzaicloud.

the class LoginManagerTest method setUp.

@Before
public void setUp() {
    dynamicPlainContext = new Password(PlainLoginModule.class.getName() + " required user=\"plainuser\" password=\"plain-secret\";");
    dynamicDigestContext = new Password(TestDigestLoginModule.class.getName() + " required user=\"digestuser\" password=\"digest-secret\";");
    TestJaasConfig.createConfiguration("SCRAM-SHA-256", Collections.singletonList("SCRAM-SHA-256"));
}
Also used : PlainLoginModule(org.apache.kafka.common.security.plain.PlainLoginModule) Password(org.apache.kafka.common.config.types.Password) Before(org.junit.Before)

Example 25 with Password

use of org.apache.kafka.common.config.types.Password in project apache-kafka-on-k8s by banzaicloud.

the class TestSslUtils method createSslConfig.

public static Map<String, Object> createSslConfig(boolean useClientCert, boolean trustStore, Mode mode, File trustStoreFile, String certAlias, String cn, CertificateBuilder certBuilder) throws IOException, GeneralSecurityException {
    Map<String, X509Certificate> certs = new HashMap<>();
    File keyStoreFile = null;
    Password password = mode == Mode.SERVER ? new Password("ServerPassword") : new Password("ClientPassword");
    Password trustStorePassword = new Password("TrustStorePassword");
    if (mode == Mode.CLIENT && useClientCert) {
        keyStoreFile = File.createTempFile("clientKS", ".jks");
        KeyPair cKP = generateKeyPair("RSA");
        X509Certificate cCert = certBuilder.generate("CN=" + cn + ", O=A client", cKP);
        createKeyStore(keyStoreFile.getPath(), password, "client", cKP.getPrivate(), cCert);
        certs.put(certAlias, cCert);
        keyStoreFile.deleteOnExit();
    } else if (mode == Mode.SERVER) {
        keyStoreFile = File.createTempFile("serverKS", ".jks");
        KeyPair sKP = generateKeyPair("RSA");
        X509Certificate sCert = certBuilder.generate("CN=" + cn + ", O=A server", sKP);
        createKeyStore(keyStoreFile.getPath(), password, password, "server", sKP.getPrivate(), sCert);
        certs.put(certAlias, sCert);
        keyStoreFile.deleteOnExit();
    }
    if (trustStore) {
        createTrustStore(trustStoreFile.getPath(), trustStorePassword, certs);
        trustStoreFile.deleteOnExit();
    }
    return createSslConfig(mode, keyStoreFile, password, password, trustStoreFile, trustStorePassword);
}
Also used : KeyPair(java.security.KeyPair) HashMap(java.util.HashMap) DEROctetString(org.bouncycastle.asn1.DEROctetString) File(java.io.File) X509Certificate(java.security.cert.X509Certificate) Password(org.apache.kafka.common.config.types.Password)

Aggregations

Password (org.apache.kafka.common.config.types.Password)41 HashMap (java.util.HashMap)9 Properties (java.util.Properties)7 Test (org.junit.Test)7 TestSecurityConfig (org.apache.kafka.common.security.TestSecurityConfig)6 PlainLoginModule (org.apache.kafka.common.security.plain.PlainLoginModule)6 Test (org.junit.jupiter.api.Test)6 InetSocketAddress (java.net.InetSocketAddress)5 SecurityProtocol (org.apache.kafka.common.security.auth.SecurityProtocol)5 DEROctetString (org.bouncycastle.asn1.DEROctetString)5 KeyStore (java.security.KeyStore)4 AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)4 ValidString (org.apache.kafka.common.config.ConfigDef.ValidString)4 X509Certificate (java.security.cert.X509Certificate)3 LogContext (org.apache.kafka.common.utils.LogContext)3 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)3 ArgumentsSource (org.junit.jupiter.params.provider.ArgumentsSource)3 File (java.io.File)2 FileInputStream (java.io.FileInputStream)2 IOException (java.io.IOException)2