Search in sources :

Example 26 with Password

use of org.apache.kafka.common.config.types.Password in project apache-kafka-on-k8s by banzaicloud.

the class JaasContext method loadClientContext.

/**
 * Returns an instance of this class.
 *
 * If JAAS configuration property @link SaslConfigs#SASL_JAAS_CONFIG} is specified,
 * the configuration object is created by parsing the property value. Otherwise, the default Configuration
 * is returned. The context name is always `KafkaClient`.
 */
public static JaasContext loadClientContext(Map<String, ?> configs) {
    String globalContextName = GLOBAL_CONTEXT_NAME_CLIENT;
    Password dynamicJaasConfig = (Password) configs.get(SaslConfigs.SASL_JAAS_CONFIG);
    return load(JaasContext.Type.CLIENT, null, globalContextName, dynamicJaasConfig);
}
Also used : Password(org.apache.kafka.common.config.types.Password)

Example 27 with Password

use of org.apache.kafka.common.config.types.Password in project apache-kafka-on-k8s by banzaicloud.

the class SSLUtils method configureSslContextFactoryKeyStore.

/**
 * Configures KeyStore related settings in SslContextFactory
 */
protected static void configureSslContextFactoryKeyStore(SslContextFactory ssl, Map<String, Object> sslConfigValues) {
    ssl.setKeyStoreType((String) getOrDefault(sslConfigValues, SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, SslConfigs.DEFAULT_SSL_KEYSTORE_TYPE));
    String sslKeystoreLocation = (String) sslConfigValues.get(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG);
    if (sslKeystoreLocation != null)
        ssl.setKeyStorePath(sslKeystoreLocation);
    Password sslKeystorePassword = (Password) sslConfigValues.get(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG);
    if (sslKeystorePassword != null)
        ssl.setKeyStorePassword(sslKeystorePassword.value());
    Password sslKeyPassword = (Password) sslConfigValues.get(SslConfigs.SSL_KEY_PASSWORD_CONFIG);
    if (sslKeyPassword != null)
        ssl.setKeyManagerPassword(sslKeyPassword.value());
}
Also used : Password(org.apache.kafka.common.config.types.Password)

Example 28 with Password

use of org.apache.kafka.common.config.types.Password in project apache-kafka-on-k8s by banzaicloud.

the class SSLUtils method configureSslContextFactoryTrustStore.

/**
 * Configures TrustStore related settings in SslContextFactory
 */
protected static void configureSslContextFactoryTrustStore(SslContextFactory ssl, Map<String, Object> sslConfigValues) {
    ssl.setTrustStoreType((String) getOrDefault(sslConfigValues, SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, SslConfigs.DEFAULT_SSL_TRUSTSTORE_TYPE));
    String sslTruststoreLocation = (String) sslConfigValues.get(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG);
    if (sslTruststoreLocation != null)
        ssl.setTrustStorePath(sslTruststoreLocation);
    Password sslTruststorePassword = (Password) sslConfigValues.get(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG);
    if (sslTruststorePassword != null)
        ssl.setTrustStorePassword(sslTruststorePassword.value());
}
Also used : Password(org.apache.kafka.common.config.types.Password)

Example 29 with Password

use of org.apache.kafka.common.config.types.Password in project apache-kafka-on-k8s by banzaicloud.

the class AbstractConfigTest method testValuesWithSecondaryPrefix.

@Test
public void testValuesWithSecondaryPrefix() {
    String prefix = "listener.name.listener1.";
    Password saslJaasConfig1 = new Password("test.myLoginModule1 required;");
    Password saslJaasConfig2 = new Password("test.myLoginModule2 required;");
    Password saslJaasConfig3 = new Password("test.myLoginModule3 required;");
    Properties props = new Properties();
    props.put("listener.name.listener1.test-mechanism.sasl.jaas.config", saslJaasConfig1.value());
    props.put("test-mechanism.sasl.jaas.config", saslJaasConfig2.value());
    props.put("sasl.jaas.config", saslJaasConfig3.value());
    props.put("listener.name.listener1.gssapi.sasl.kerberos.kinit.cmd", "/usr/bin/kinit2");
    props.put("listener.name.listener1.gssapi.sasl.kerberos.service.name", "testkafka");
    props.put("listener.name.listener1.gssapi.sasl.kerberos.min.time.before.relogin", "60000");
    props.put("ssl.provider", "TEST");
    TestSecurityConfig config = new TestSecurityConfig(props);
    Map<String, Object> valuesWithPrefixOverride = config.valuesWithPrefixOverride(prefix);
    // prefix with mechanism overrides global
    assertTrue(config.unused().contains("listener.name.listener1.test-mechanism.sasl.jaas.config"));
    assertTrue(config.unused().contains("test-mechanism.sasl.jaas.config"));
    assertEquals(saslJaasConfig1, valuesWithPrefixOverride.get("test-mechanism.sasl.jaas.config"));
    assertEquals(saslJaasConfig3, valuesWithPrefixOverride.get("sasl.jaas.config"));
    assertFalse(config.unused().contains("listener.name.listener1.test-mechanism.sasl.jaas.config"));
    assertFalse(config.unused().contains("test-mechanism.sasl.jaas.config"));
    assertFalse(config.unused().contains("sasl.jaas.config"));
    // prefix with mechanism overrides default
    assertFalse(config.unused().contains("sasl.kerberos.kinit.cmd"));
    assertTrue(config.unused().contains("listener.name.listener1.gssapi.sasl.kerberos.kinit.cmd"));
    assertFalse(config.unused().contains("gssapi.sasl.kerberos.kinit.cmd"));
    assertFalse(config.unused().contains("sasl.kerberos.kinit.cmd"));
    assertEquals("/usr/bin/kinit2", valuesWithPrefixOverride.get("gssapi.sasl.kerberos.kinit.cmd"));
    assertFalse(config.unused().contains("listener.name.listener1.sasl.kerberos.kinit.cmd"));
    // prefix override for mechanism with no default
    assertFalse(config.unused().contains("sasl.kerberos.service.name"));
    assertTrue(config.unused().contains("listener.name.listener1.gssapi.sasl.kerberos.service.name"));
    assertFalse(config.unused().contains("gssapi.sasl.kerberos.service.name"));
    assertFalse(config.unused().contains("sasl.kerberos.service.name"));
    assertEquals("testkafka", valuesWithPrefixOverride.get("gssapi.sasl.kerberos.service.name"));
    assertFalse(config.unused().contains("listener.name.listener1.gssapi.sasl.kerberos.service.name"));
    // unset with no default
    assertTrue(config.unused().contains("ssl.provider"));
    assertNull(valuesWithPrefixOverride.get("gssapi.ssl.provider"));
    assertTrue(config.unused().contains("ssl.provider"));
}
Also used : TestSecurityConfig(org.apache.kafka.common.security.TestSecurityConfig) Properties(java.util.Properties) Password(org.apache.kafka.common.config.types.Password) Test(org.junit.Test)

Example 30 with Password

use of org.apache.kafka.common.config.types.Password in project apache-kafka-on-k8s by banzaicloud.

the class SslTransportLayerTest method testInvalidKeyPassword.

/**
 * Tests that client connections cannot be created to a server
 * if key password is invalid
 */
@Test
public void testInvalidKeyPassword() throws Exception {
    String node = "0";
    sslServerConfigs.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, new Password("invalid"));
    server = createEchoServer(SecurityProtocol.SSL);
    createSelector(sslClientConfigs);
    InetSocketAddress addr = new InetSocketAddress("localhost", server.port());
    selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
    NetworkTestUtils.waitForChannelClose(selector, node, ChannelState.State.AUTHENTICATION_FAILED);
    server.verifyAuthenticationMetrics(0, 1);
}
Also used : InetSocketAddress(java.net.InetSocketAddress) Password(org.apache.kafka.common.config.types.Password) Test(org.junit.Test)

Aggregations

Password (org.apache.kafka.common.config.types.Password)41 HashMap (java.util.HashMap)9 Properties (java.util.Properties)7 Test (org.junit.Test)7 TestSecurityConfig (org.apache.kafka.common.security.TestSecurityConfig)6 PlainLoginModule (org.apache.kafka.common.security.plain.PlainLoginModule)6 Test (org.junit.jupiter.api.Test)6 InetSocketAddress (java.net.InetSocketAddress)5 SecurityProtocol (org.apache.kafka.common.security.auth.SecurityProtocol)5 DEROctetString (org.bouncycastle.asn1.DEROctetString)5 KeyStore (java.security.KeyStore)4 AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)4 ValidString (org.apache.kafka.common.config.ConfigDef.ValidString)4 X509Certificate (java.security.cert.X509Certificate)3 LogContext (org.apache.kafka.common.utils.LogContext)3 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)3 ArgumentsSource (org.junit.jupiter.params.provider.ArgumentsSource)3 File (java.io.File)2 FileInputStream (java.io.FileInputStream)2 IOException (java.io.IOException)2