Examples with NetworkSend org.apache.kafka.common.network.NetworkSend used on opensource projects

Example 1 with NetworkSend

use of org.apache.kafka.common.network.NetworkSend in project kafka by apache.

the class SaslAuthenticatorTest method authenticateUsingSaslPlainAndCheckConnection.

private void authenticateUsingSaslPlainAndCheckConnection(String node) throws Exception {
    // Authenticate using PLAIN username/password
    String authString = "" + TestJaasConfig.USERNAME + "" + TestJaasConfig.PASSWORD;
    selector.send(new NetworkSend(node, ByteBuffer.wrap(authString.getBytes("UTF-8"))));
    waitForResponse();
    // Check send/receive on the manually authenticated connection
    NetworkTestUtils.checkClientConnection(selector, node, 100, 10);
}

Example 2 with NetworkSend

use of org.apache.kafka.common.network.NetworkSend in project kafka by apache.

the class SaslServerAuthenticator method authenticate.

/**
     * Evaluates client responses via `SaslServer.evaluateResponse` and returns the issued challenge to the client until
     * authentication succeeds or fails.
     *
     * The messages are sent and received as size delimited bytes that consists of a 4 byte network-ordered size N
     * followed by N bytes representing the opaque payload.
     */
public void authenticate() throws IOException {
    if (netOutBuffer != null && !flushNetOutBufferAndUpdateInterestOps())
        return;
    if (saslServer != null && saslServer.isComplete()) {
        setSaslState(SaslState.COMPLETE);
        return;
    }
    if (netInBuffer == null)
        netInBuffer = new NetworkReceive(maxReceiveSize, node);
    netInBuffer.readFrom(transportLayer);
    if (netInBuffer.complete()) {
        netInBuffer.payload().rewind();
        byte[] clientToken = new byte[netInBuffer.payload().remaining()];
        netInBuffer.payload().get(clientToken, 0, clientToken.length);
        // reset the networkReceive as we read all the data.
        netInBuffer = null;
        try {
            switch(saslState) {
                case HANDSHAKE_REQUEST:
                    handleKafkaRequest(clientToken);
                    break;
                case GSSAPI_OR_HANDSHAKE_REQUEST:
                    if (handleKafkaRequest(clientToken))
                        break;
                // This is required for interoperability with 0.9.0.x clients which do not send handshake request
                case AUTHENTICATE:
                    byte[] response = saslServer.evaluateResponse(clientToken);
                    if (response != null) {
                        netOutBuffer = new NetworkSend(node, ByteBuffer.wrap(response));
                        flushNetOutBufferAndUpdateInterestOps();
                    }
                    // update SASL state. Current SASL state will be updated when outgoing writes to the client complete.
                    if (saslServer.isComplete())
                        setSaslState(SaslState.COMPLETE);
                    break;
                default:
                    break;
            }
        } catch (Exception e) {
            setSaslState(SaslState.FAILED);
            throw new IOException(e);
        }
    }
}

Example 3 with NetworkSend

use of org.apache.kafka.common.network.NetworkSend in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method authenticateUsingSaslPlainAndCheckConnection.

private void authenticateUsingSaslPlainAndCheckConnection(String node, boolean enableSaslAuthenticateHeader) throws Exception {
    // Authenticate using PLAIN username/password
    String authString = "\u0000" + TestJaasConfig.USERNAME + "\u0000" + TestJaasConfig.PASSWORD;
    ByteBuffer authBuf = ByteBuffer.wrap(authString.getBytes("UTF-8"));
    if (enableSaslAuthenticateHeader) {
        SaslAuthenticateRequest request = new SaslAuthenticateRequest.Builder(authBuf).build();
        sendKafkaRequestReceiveResponse(node, ApiKeys.SASL_AUTHENTICATE, request);
    } else {
        selector.send(new NetworkSend(node, authBuf));
        waitForResponse();
    }
    // Check send/receive on the manually authenticated connection
    NetworkTestUtils.checkClientConnection(selector, node, 100, 10);
}

Example 4 with NetworkSend

use of org.apache.kafka.common.network.NetworkSend in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method testInvalidSaslPacket.

/**
 * Tests that any invalid data during Kafka SASL handshake request flow
 * or the actual SASL authentication flow result in authentication failure
 * and do not cause any failures in the server.
 */
@Test
public void testInvalidSaslPacket() throws Exception {
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
    configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
    server = createEchoServer(securityProtocol);
    // Send invalid SASL packet after valid handshake request
    String node1 = "invalid1";
    createClientConnection(SecurityProtocol.PLAINTEXT, node1);
    sendHandshakeRequestReceiveResponse(node1, (short) 1);
    Random random = new Random();
    byte[] bytes = new byte[1024];
    random.nextBytes(bytes);
    selector.send(new NetworkSend(node1, ByteBuffer.wrap(bytes)));
    NetworkTestUtils.waitForChannelClose(selector, node1, ChannelState.READY.state());
    selector.close();
    // Test good connection still works
    createAndCheckClientConnection(securityProtocol, "good1");
    // Send invalid SASL packet before handshake request
    String node2 = "invalid2";
    createClientConnection(SecurityProtocol.PLAINTEXT, node2);
    random.nextBytes(bytes);
    selector.send(new NetworkSend(node2, ByteBuffer.wrap(bytes)));
    NetworkTestUtils.waitForChannelClose(selector, node2, ChannelState.READY.state());
    selector.close();
    // Test good connection still works
    createAndCheckClientConnection(securityProtocol, "good2");
}

Example 5 with NetworkSend

use of org.apache.kafka.common.network.NetworkSend in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method testPacketSizeTooBig.

/**
 * Tests that packets that are too big during Kafka SASL handshake request flow
 * or the actual SASL authentication flow result in authentication failure
 * and do not cause any failures in the server.
 */
@Test
public void testPacketSizeTooBig() throws Exception {
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
    configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
    server = createEchoServer(securityProtocol);
    // Send SASL packet with large size after valid handshake request
    String node1 = "invalid1";
    createClientConnection(SecurityProtocol.PLAINTEXT, node1);
    sendHandshakeRequestReceiveResponse(node1, (short) 1);
    ByteBuffer buffer = ByteBuffer.allocate(1024);
    buffer.putInt(Integer.MAX_VALUE);
    buffer.put(new byte[buffer.capacity() - 4]);
    buffer.rewind();
    selector.send(new NetworkSend(node1, buffer));
    NetworkTestUtils.waitForChannelClose(selector, node1, ChannelState.READY.state());
    selector.close();
    // Test good connection still works
    createAndCheckClientConnection(securityProtocol, "good1");
    // Send packet with large size before handshake request
    String node2 = "invalid2";
    createClientConnection(SecurityProtocol.PLAINTEXT, node2);
    buffer.clear();
    buffer.putInt(Integer.MAX_VALUE);
    buffer.put(new byte[buffer.capacity() - 4]);
    buffer.rewind();
    selector.send(new NetworkSend(node2, buffer));
    NetworkTestUtils.waitForChannelClose(selector, node2, ChannelState.READY.state());
    selector.close();
    // Test good connection still works
    createAndCheckClientConnection(securityProtocol, "good2");
}