Search in sources :

Example 11 with ApiVersionsRequest

use of org.apache.kafka.common.requests.ApiVersionsRequest in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method sendVersionRequestReceiveResponse.

private ApiVersionsResponse sendVersionRequestReceiveResponse(String node) throws Exception {
    ApiVersionsRequest handshakeRequest = createApiVersionsRequestV0();
    ApiVersionsResponse response = (ApiVersionsResponse) sendKafkaRequestReceiveResponse(node, ApiKeys.API_VERSIONS, handshakeRequest);
    assertEquals(Errors.NONE, response.error());
    return response;
}
Also used : ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse) ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest)

Example 12 with ApiVersionsRequest

use of org.apache.kafka.common.requests.ApiVersionsRequest in project kafka by apache.

the class SaslClientAuthenticator method authenticate.

/**
 * Sends an empty message to the server to initiate the authentication process. It then evaluates server challenges
 * via `SaslClient.evaluateChallenge` and returns client responses until authentication succeeds or fails.
 *
 * The messages are sent and received as size delimited bytes that consists of a 4 byte network-ordered size N
 * followed by N bytes representing the opaque payload.
 */
@SuppressWarnings("fallthrough")
public void authenticate() throws IOException {
    if (netOutBuffer != null && !flushNetOutBufferAndUpdateInterestOps())
        return;
    switch(saslState) {
        case SEND_APIVERSIONS_REQUEST:
            // Always use version 0 request since brokers treat requests with schema exceptions as GSSAPI tokens
            ApiVersionsRequest apiVersionsRequest = new ApiVersionsRequest.Builder().build((short) 0);
            send(apiVersionsRequest.toSend(nextRequestHeader(ApiKeys.API_VERSIONS, apiVersionsRequest.version())));
            setSaslState(SaslState.RECEIVE_APIVERSIONS_RESPONSE);
            break;
        case RECEIVE_APIVERSIONS_RESPONSE:
            ApiVersionsResponse apiVersionsResponse = (ApiVersionsResponse) receiveKafkaResponse();
            if (apiVersionsResponse == null)
                break;
            else {
                setSaslAuthenticateAndHandshakeVersions(apiVersionsResponse);
                reauthInfo.apiVersionsResponseReceivedFromBroker = apiVersionsResponse;
                setSaslState(SaslState.SEND_HANDSHAKE_REQUEST);
            // Fall through to send handshake request with the latest supported version
            }
        case SEND_HANDSHAKE_REQUEST:
            sendHandshakeRequest(saslHandshakeVersion);
            setSaslState(SaslState.RECEIVE_HANDSHAKE_RESPONSE);
            break;
        case RECEIVE_HANDSHAKE_RESPONSE:
            SaslHandshakeResponse handshakeResponse = (SaslHandshakeResponse) receiveKafkaResponse();
            if (handshakeResponse == null)
                break;
            else {
                handleSaslHandshakeResponse(handshakeResponse);
                setSaslState(SaslState.INITIAL);
            // Fall through and start SASL authentication using the configured client mechanism
            }
        case INITIAL:
            sendInitialToken();
            setSaslState(SaslState.INTERMEDIATE);
            break;
        case REAUTH_PROCESS_ORIG_APIVERSIONS_RESPONSE:
            setSaslAuthenticateAndHandshakeVersions(reauthInfo.apiVersionsResponseFromOriginalAuthentication);
            // Will set immediately
            setSaslState(SaslState.REAUTH_SEND_HANDSHAKE_REQUEST);
        // Fall through to send handshake request with the latest supported version
        case REAUTH_SEND_HANDSHAKE_REQUEST:
            sendHandshakeRequest(saslHandshakeVersion);
            setSaslState(SaslState.REAUTH_RECEIVE_HANDSHAKE_OR_OTHER_RESPONSE);
            break;
        case REAUTH_RECEIVE_HANDSHAKE_OR_OTHER_RESPONSE:
            handshakeResponse = (SaslHandshakeResponse) receiveKafkaResponse();
            if (handshakeResponse == null)
                break;
            handleSaslHandshakeResponse(handshakeResponse);
            // Will set immediately
            setSaslState(SaslState.REAUTH_INITIAL);
        /*
                 * Fall through and start SASL authentication using the configured client
                 * mechanism. Note that we have to either fall through or add a loop to enter
                 * the switch statement again. We will fall through to avoid adding the loop and
                 * therefore minimize the changes to authentication-related code due to the
                 * changes related to re-authentication.
                 */
        case REAUTH_INITIAL:
            sendInitialToken();
            setSaslState(SaslState.INTERMEDIATE);
            break;
        case INTERMEDIATE:
            byte[] serverToken = receiveToken();
            boolean noResponsesPending = serverToken != null && !sendSaslClientToken(serverToken, false);
            // For versions with SASL_AUTHENTICATE header, server always sends a response to each SASL_AUTHENTICATE request.
            if (saslClient.isComplete()) {
                if (saslAuthenticateVersion == DISABLE_KAFKA_SASL_AUTHENTICATE_HEADER || noResponsesPending)
                    setSaslState(SaslState.COMPLETE);
                else
                    setSaslState(SaslState.CLIENT_COMPLETE);
            }
            break;
        case CLIENT_COMPLETE:
            byte[] serverResponse = receiveToken();
            if (serverResponse != null)
                setSaslState(SaslState.COMPLETE);
            break;
        case COMPLETE:
            break;
        case FAILED:
            // Should never get here since exception would have been propagated earlier
            throw new IllegalStateException("SASL handshake has already failed");
    }
}
Also used : ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse) SaslHandshakeResponse(org.apache.kafka.common.requests.SaslHandshakeResponse) ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest)

Example 13 with ApiVersionsRequest

use of org.apache.kafka.common.requests.ApiVersionsRequest in project kafka by apache.

the class KafkaAdminClientTest method testDescribeFeaturesFailure.

@Test
public void testDescribeFeaturesFailure() {
    try (final AdminClientUnitTestEnv env = mockClientEnv()) {
        env.kafkaClient().prepareResponse(body -> body instanceof ApiVersionsRequest, prepareApiVersionsResponseForDescribeFeatures(Errors.INVALID_REQUEST));
        final DescribeFeaturesOptions options = new DescribeFeaturesOptions();
        options.timeoutMs(10000);
        final KafkaFuture<FeatureMetadata> future = env.adminClient().describeFeatures(options).featureMetadata();
        final ExecutionException e = assertThrows(ExecutionException.class, future::get);
        assertEquals(e.getCause().getClass(), Errors.INVALID_REQUEST.exception().getClass());
    }
}
Also used : ExecutionException(java.util.concurrent.ExecutionException) ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest) Test(org.junit.jupiter.api.Test)

Example 14 with ApiVersionsRequest

use of org.apache.kafka.common.requests.ApiVersionsRequest in project kafka by apache.

the class SaslAuthenticatorTest method sendVersionRequestReceiveResponse.

private ApiVersionsResponse sendVersionRequestReceiveResponse(String node) throws Exception {
    ApiVersionsRequest handshakeRequest = createApiVersionsRequestV0();
    ApiVersionsResponse response = (ApiVersionsResponse) sendKafkaRequestReceiveResponse(node, ApiKeys.API_VERSIONS, handshakeRequest);
    assertEquals(Errors.NONE.code(), response.data().errorCode());
    return response;
}
Also used : ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse) ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest)

Example 15 with ApiVersionsRequest

use of org.apache.kafka.common.requests.ApiVersionsRequest in project kafka by apache.

the class SaslAuthenticatorTest method testValidApiVersionsRequest.

/**
 * Tests that valid ApiVersionRequest is handled by the server correctly and
 * returns an NONE error.
 */
@Test
public void testValidApiVersionsRequest() throws Exception {
    short handshakeVersion = ApiKeys.SASL_HANDSHAKE.latestVersion();
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
    configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
    server = createEchoServer(securityProtocol);
    // Send ApiVersionsRequest with valid version and validate error response.
    String node = "1";
    short version = ApiKeys.API_VERSIONS.latestVersion();
    createClientConnection(SecurityProtocol.PLAINTEXT, node);
    RequestHeader header = new RequestHeader(ApiKeys.API_VERSIONS, version, "someclient", 1);
    ApiVersionsRequest request = new ApiVersionsRequest.Builder().build(version);
    selector.send(new NetworkSend(node, request.toSend(header)));
    ByteBuffer responseBuffer = waitForResponse();
    ResponseHeader.parse(responseBuffer, ApiKeys.API_VERSIONS.responseHeaderVersion(version));
    ApiVersionsResponse response = ApiVersionsResponse.parse(responseBuffer, version);
    assertEquals(Errors.NONE.code(), response.data().errorCode());
    // Test that client can authenticate successfully
    sendHandshakeRequestReceiveResponse(node, handshakeVersion);
    authenticateUsingSaslPlainAndCheckConnection(node, handshakeVersion > 0);
}
Also used : ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse) SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) RequestHeader(org.apache.kafka.common.requests.RequestHeader) NetworkSend(org.apache.kafka.common.network.NetworkSend) ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest) ByteBuffer(java.nio.ByteBuffer) Test(org.junit.jupiter.api.Test)

Aggregations

ApiVersionsRequest (org.apache.kafka.common.requests.ApiVersionsRequest)16 ApiVersionsResponse (org.apache.kafka.common.requests.ApiVersionsResponse)10 RequestHeader (org.apache.kafka.common.requests.RequestHeader)10 ByteBuffer (java.nio.ByteBuffer)8 SecurityProtocol (org.apache.kafka.common.security.auth.SecurityProtocol)7 Test (org.junit.jupiter.api.Test)6 NetworkSend (org.apache.kafka.common.network.NetworkSend)4 IllegalSaslStateException (org.apache.kafka.common.errors.IllegalSaslStateException)3 ApiKeys (org.apache.kafka.common.protocol.ApiKeys)3 Test (org.junit.Test)3 InvalidRequestException (org.apache.kafka.common.errors.InvalidRequestException)2 UnsupportedSaslMechanismException (org.apache.kafka.common.errors.UnsupportedSaslMechanismException)2 ApiVersion (org.apache.kafka.common.message.ApiVersionsResponseData.ApiVersion)2 RequestAndSize (org.apache.kafka.common.requests.RequestAndSize)2 RequestContext (org.apache.kafka.common.requests.RequestContext)2 SaslHandshakeResponse (org.apache.kafka.common.requests.SaslHandshakeResponse)2 IOException (java.io.IOException)1 InetAddress (java.net.InetAddress)1 Collections (java.util.Collections)1 HashMap (java.util.HashMap)1