Example 16 with NetworkSend
use of org.apache.kafka.common.network.NetworkSend in project kafka by apache.
the class SaslAuthenticatorTest method testDisallowedKafkaRequestsBeforeAuthentication.
/**
* Tests that Kafka requests that are forbidden until successful authentication result
* in authentication failure and do not cause any failures in the server.
*/
@Test
public void testDisallowedKafkaRequestsBeforeAuthentication() throws Exception {
SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
server = createEchoServer(securityProtocol);
// Send metadata request before Kafka SASL handshake request
String node1 = "invalid1";
createClientConnection(SecurityProtocol.PLAINTEXT, node1);
MetadataRequest metadataRequest1 = new MetadataRequest.Builder(Collections.singletonList("sometopic"), true).build();
RequestHeader metadataRequestHeader1 = new RequestHeader(ApiKeys.METADATA, metadataRequest1.version(), "someclient", 1);
selector.send(new NetworkSend(node1, metadataRequest1.toSend(metadataRequestHeader1)));
NetworkTestUtils.waitForChannelClose(selector, node1, ChannelState.READY.state());
selector.close();
// Test good connection still works
createAndCheckClientConnection(securityProtocol, "good1");
// Send metadata request after Kafka SASL handshake request
String node2 = "invalid2";
createClientConnection(SecurityProtocol.PLAINTEXT, node2);
sendHandshakeRequestReceiveResponse(node2, (short) 1);
MetadataRequest metadataRequest2 = new MetadataRequest.Builder(Collections.singletonList("sometopic"), true).build();
RequestHeader metadataRequestHeader2 = new RequestHeader(ApiKeys.METADATA, metadataRequest2.version(), "someclient", 2);
selector.send(new NetworkSend(node2, metadataRequest2.toSend(metadataRequestHeader2)));
NetworkTestUtils.waitForChannelClose(selector, node2, ChannelState.READY.state());
selector.close();
// Test good connection still works
createAndCheckClientConnection(securityProtocol, "good2");
}
Also used :
MetadataRequest(org.apache.kafka.common.requests.MetadataRequest)
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
RequestHeader(org.apache.kafka.common.requests.RequestHeader)
NetworkSend(org.apache.kafka.common.network.NetworkSend)
Test(org.junit.jupiter.api.Test)
Example 17 with NetworkSend
use of org.apache.kafka.common.network.NetworkSend in project kafka by apache.
the class SaslAuthenticatorTest method testInvalidSaslPacket.
/**
* Tests that any invalid data during Kafka SASL handshake request flow
* or the actual SASL authentication flow result in authentication failure
* and do not cause any failures in the server.
*/
@Test
public void testInvalidSaslPacket() throws Exception {
SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
server = createEchoServer(securityProtocol);
// Send invalid SASL packet after valid handshake request
String node1 = "invalid1";
createClientConnection(SecurityProtocol.PLAINTEXT, node1);
sendHandshakeRequestReceiveResponse(node1, (short) 1);
Random random = new Random();
byte[] bytes = new byte[1024];
random.nextBytes(bytes);
selector.send(new NetworkSend(node1, ByteBufferSend.sizePrefixed(ByteBuffer.wrap(bytes))));
NetworkTestUtils.waitForChannelClose(selector, node1, ChannelState.READY.state());
selector.close();
// Test good connection still works
createAndCheckClientConnection(securityProtocol, "good1");
// Send invalid SASL packet before handshake request
String node2 = "invalid2";
createClientConnection(SecurityProtocol.PLAINTEXT, node2);
random.nextBytes(bytes);
selector.send(new NetworkSend(node2, ByteBufferSend.sizePrefixed(ByteBuffer.wrap(bytes))));
NetworkTestUtils.waitForChannelClose(selector, node2, ChannelState.READY.state());
selector.close();
// Test good connection still works
createAndCheckClientConnection(securityProtocol, "good2");
}
Also used :
Random(java.util.Random)
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
NetworkSend(org.apache.kafka.common.network.NetworkSend)
Test(org.junit.jupiter.api.Test)
Example 18 with NetworkSend
use of org.apache.kafka.common.network.NetworkSend in project kafka by apache.
the class SaslAuthenticatorTest method testValidApiVersionsRequest.
/**
* Tests that valid ApiVersionRequest is handled by the server correctly and
* returns an NONE error.
*/
@Test
public void testValidApiVersionsRequest() throws Exception {
short handshakeVersion = ApiKeys.SASL_HANDSHAKE.latestVersion();
SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
server = createEchoServer(securityProtocol);
// Send ApiVersionsRequest with valid version and validate error response.
String node = "1";
short version = ApiKeys.API_VERSIONS.latestVersion();
createClientConnection(SecurityProtocol.PLAINTEXT, node);
RequestHeader header = new RequestHeader(ApiKeys.API_VERSIONS, version, "someclient", 1);
ApiVersionsRequest request = new ApiVersionsRequest.Builder().build(version);
selector.send(new NetworkSend(node, request.toSend(header)));
ByteBuffer responseBuffer = waitForResponse();
ResponseHeader.parse(responseBuffer, ApiKeys.API_VERSIONS.responseHeaderVersion(version));
ApiVersionsResponse response = ApiVersionsResponse.parse(responseBuffer, version);
assertEquals(Errors.NONE.code(), response.data().errorCode());
// Test that client can authenticate successfully
sendHandshakeRequestReceiveResponse(node, handshakeVersion);
authenticateUsingSaslPlainAndCheckConnection(node, handshakeVersion > 0);
}
Also used :
ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse)
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
RequestHeader(org.apache.kafka.common.requests.RequestHeader)
NetworkSend(org.apache.kafka.common.network.NetworkSend)
ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest)
ByteBuffer(java.nio.ByteBuffer)
Test(org.junit.jupiter.api.Test)
Example 19 with NetworkSend
use of org.apache.kafka.common.network.NetworkSend in project kafka by apache.
the class SaslAuthenticatorTest method testPacketSizeTooBig.
/**
* Tests that packets that are too big during Kafka SASL handshake request flow
* or the actual SASL authentication flow result in authentication failure
* and do not cause any failures in the server.
*/
@Test
public void testPacketSizeTooBig() throws Exception {
SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
server = createEchoServer(securityProtocol);
// Send SASL packet with large size after valid handshake request
String node1 = "invalid1";
createClientConnection(SecurityProtocol.PLAINTEXT, node1);
sendHandshakeRequestReceiveResponse(node1, (short) 1);
ByteBuffer buffer = ByteBuffer.allocate(1024);
buffer.putInt(Integer.MAX_VALUE);
buffer.put(new byte[buffer.capacity() - 4]);
buffer.rewind();
selector.send(new NetworkSend(node1, ByteBufferSend.sizePrefixed(buffer)));
NetworkTestUtils.waitForChannelClose(selector, node1, ChannelState.READY.state());
selector.close();
// Test good connection still works
createAndCheckClientConnection(securityProtocol, "good1");
// Send packet with large size before handshake request
String node2 = "invalid2";
createClientConnection(SecurityProtocol.PLAINTEXT, node2);
buffer.clear();
buffer.putInt(Integer.MAX_VALUE);
buffer.put(new byte[buffer.capacity() - 4]);
buffer.rewind();
selector.send(new NetworkSend(node2, ByteBufferSend.sizePrefixed(buffer)));
NetworkTestUtils.waitForChannelClose(selector, node2, ChannelState.READY.state());
selector.close();
// Test good connection still works
createAndCheckClientConnection(securityProtocol, "good2");
}
Also used :
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
NetworkSend(org.apache.kafka.common.network.NetworkSend)
ByteBuffer(java.nio.ByteBuffer)
Test(org.junit.jupiter.api.Test)
Example 20 with NetworkSend
use of org.apache.kafka.common.network.NetworkSend in project kafka by apache.
the class MockSelector method completeDelayedReceives.
private void completeDelayedReceives() {
for (NetworkSend completedSend : completedSends) {
Iterator<DelayedReceive> delayedReceiveIterator = delayedReceives.iterator();
while (delayedReceiveIterator.hasNext()) {
DelayedReceive delayedReceive = delayedReceiveIterator.next();
if (delayedReceive.source().equals(completedSend.destinationId())) {
completedReceives.add(delayedReceive.receive());
delayedReceiveIterator.remove();
}
}
}
}
Also used :
NetworkSend(org.apache.kafka.common.network.NetworkSend)
Aggregations
NetworkSend (org.apache.kafka.common.network.NetworkSend)20
ByteBuffer (java.nio.ByteBuffer)10
SecurityProtocol (org.apache.kafka.common.security.auth.SecurityProtocol)10
RequestHeader (org.apache.kafka.common.requests.RequestHeader)9
Test (org.junit.jupiter.api.Test)8
ApiVersionsRequest (org.apache.kafka.common.requests.ApiVersionsRequest)4
SaslAuthenticateRequest (org.apache.kafka.common.requests.SaslAuthenticateRequest)4
ApiVersionsResponse (org.apache.kafka.common.requests.ApiVersionsResponse)3
Random (java.util.Random)2
SaslException (javax.security.sasl.SaslException)2
IllegalSaslStateException (org.apache.kafka.common.errors.IllegalSaslStateException)2
UnsupportedVersionException (org.apache.kafka.common.errors.UnsupportedVersionException)2
Test (org.junit.Test)2
IOException (java.io.IOException)1
PrivilegedActionException (java.security.PrivilegedActionException)1
KafkaException (org.apache.kafka.common.KafkaException)1
AuthenticationException (org.apache.kafka.common.errors.AuthenticationException)1
SaslAuthenticationException (org.apache.kafka.common.errors.SaslAuthenticationException)1
UnsupportedSaslMechanismException (org.apache.kafka.common.errors.UnsupportedSaslMechanismException)1
ApiVersionsRequestData (org.apache.kafka.common.message.ApiVersionsRequestData)1
