use of org.apache.kafka.common.config.types.Password in project apache-kafka-on-k8s by banzaicloud.
the class JaasContext method loadClientContext.
/**
* Returns an instance of this class.
*
* If JAAS configuration property @link SaslConfigs#SASL_JAAS_CONFIG} is specified,
* the configuration object is created by parsing the property value. Otherwise, the default Configuration
* is returned. The context name is always `KafkaClient`.
*/
public static JaasContext loadClientContext(Map<String, ?> configs) {
String globalContextName = GLOBAL_CONTEXT_NAME_CLIENT;
Password dynamicJaasConfig = (Password) configs.get(SaslConfigs.SASL_JAAS_CONFIG);
return load(JaasContext.Type.CLIENT, null, globalContextName, dynamicJaasConfig);
}
use of org.apache.kafka.common.config.types.Password in project apache-kafka-on-k8s by banzaicloud.
the class SSLUtils method configureSslContextFactoryKeyStore.
/**
* Configures KeyStore related settings in SslContextFactory
*/
protected static void configureSslContextFactoryKeyStore(SslContextFactory ssl, Map<String, Object> sslConfigValues) {
ssl.setKeyStoreType((String) getOrDefault(sslConfigValues, SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, SslConfigs.DEFAULT_SSL_KEYSTORE_TYPE));
String sslKeystoreLocation = (String) sslConfigValues.get(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG);
if (sslKeystoreLocation != null)
ssl.setKeyStorePath(sslKeystoreLocation);
Password sslKeystorePassword = (Password) sslConfigValues.get(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG);
if (sslKeystorePassword != null)
ssl.setKeyStorePassword(sslKeystorePassword.value());
Password sslKeyPassword = (Password) sslConfigValues.get(SslConfigs.SSL_KEY_PASSWORD_CONFIG);
if (sslKeyPassword != null)
ssl.setKeyManagerPassword(sslKeyPassword.value());
}
use of org.apache.kafka.common.config.types.Password in project apache-kafka-on-k8s by banzaicloud.
the class SSLUtils method configureSslContextFactoryTrustStore.
/**
* Configures TrustStore related settings in SslContextFactory
*/
protected static void configureSslContextFactoryTrustStore(SslContextFactory ssl, Map<String, Object> sslConfigValues) {
ssl.setTrustStoreType((String) getOrDefault(sslConfigValues, SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, SslConfigs.DEFAULT_SSL_TRUSTSTORE_TYPE));
String sslTruststoreLocation = (String) sslConfigValues.get(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG);
if (sslTruststoreLocation != null)
ssl.setTrustStorePath(sslTruststoreLocation);
Password sslTruststorePassword = (Password) sslConfigValues.get(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG);
if (sslTruststorePassword != null)
ssl.setTrustStorePassword(sslTruststorePassword.value());
}
use of org.apache.kafka.common.config.types.Password in project apache-kafka-on-k8s by banzaicloud.
the class AbstractConfigTest method testValuesWithSecondaryPrefix.
@Test
public void testValuesWithSecondaryPrefix() {
String prefix = "listener.name.listener1.";
Password saslJaasConfig1 = new Password("test.myLoginModule1 required;");
Password saslJaasConfig2 = new Password("test.myLoginModule2 required;");
Password saslJaasConfig3 = new Password("test.myLoginModule3 required;");
Properties props = new Properties();
props.put("listener.name.listener1.test-mechanism.sasl.jaas.config", saslJaasConfig1.value());
props.put("test-mechanism.sasl.jaas.config", saslJaasConfig2.value());
props.put("sasl.jaas.config", saslJaasConfig3.value());
props.put("listener.name.listener1.gssapi.sasl.kerberos.kinit.cmd", "/usr/bin/kinit2");
props.put("listener.name.listener1.gssapi.sasl.kerberos.service.name", "testkafka");
props.put("listener.name.listener1.gssapi.sasl.kerberos.min.time.before.relogin", "60000");
props.put("ssl.provider", "TEST");
TestSecurityConfig config = new TestSecurityConfig(props);
Map<String, Object> valuesWithPrefixOverride = config.valuesWithPrefixOverride(prefix);
// prefix with mechanism overrides global
assertTrue(config.unused().contains("listener.name.listener1.test-mechanism.sasl.jaas.config"));
assertTrue(config.unused().contains("test-mechanism.sasl.jaas.config"));
assertEquals(saslJaasConfig1, valuesWithPrefixOverride.get("test-mechanism.sasl.jaas.config"));
assertEquals(saslJaasConfig3, valuesWithPrefixOverride.get("sasl.jaas.config"));
assertFalse(config.unused().contains("listener.name.listener1.test-mechanism.sasl.jaas.config"));
assertFalse(config.unused().contains("test-mechanism.sasl.jaas.config"));
assertFalse(config.unused().contains("sasl.jaas.config"));
// prefix with mechanism overrides default
assertFalse(config.unused().contains("sasl.kerberos.kinit.cmd"));
assertTrue(config.unused().contains("listener.name.listener1.gssapi.sasl.kerberos.kinit.cmd"));
assertFalse(config.unused().contains("gssapi.sasl.kerberos.kinit.cmd"));
assertFalse(config.unused().contains("sasl.kerberos.kinit.cmd"));
assertEquals("/usr/bin/kinit2", valuesWithPrefixOverride.get("gssapi.sasl.kerberos.kinit.cmd"));
assertFalse(config.unused().contains("listener.name.listener1.sasl.kerberos.kinit.cmd"));
// prefix override for mechanism with no default
assertFalse(config.unused().contains("sasl.kerberos.service.name"));
assertTrue(config.unused().contains("listener.name.listener1.gssapi.sasl.kerberos.service.name"));
assertFalse(config.unused().contains("gssapi.sasl.kerberos.service.name"));
assertFalse(config.unused().contains("sasl.kerberos.service.name"));
assertEquals("testkafka", valuesWithPrefixOverride.get("gssapi.sasl.kerberos.service.name"));
assertFalse(config.unused().contains("listener.name.listener1.gssapi.sasl.kerberos.service.name"));
// unset with no default
assertTrue(config.unused().contains("ssl.provider"));
assertNull(valuesWithPrefixOverride.get("gssapi.ssl.provider"));
assertTrue(config.unused().contains("ssl.provider"));
}
use of org.apache.kafka.common.config.types.Password in project apache-kafka-on-k8s by banzaicloud.
the class SslTransportLayerTest method testInvalidKeyPassword.
/**
* Tests that client connections cannot be created to a server
* if key password is invalid
*/
@Test
public void testInvalidKeyPassword() throws Exception {
String node = "0";
sslServerConfigs.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, new Password("invalid"));
server = createEchoServer(SecurityProtocol.SSL);
createSelector(sslClientConfigs);
InetSocketAddress addr = new InetSocketAddress("localhost", server.port());
selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
NetworkTestUtils.waitForChannelClose(selector, node, ChannelState.State.AUTHENTICATION_FAILED);
server.verifyAuthenticationMetrics(0, 1);
}
Aggregations