Example 11 with ApiVersionsRequest
use of org.apache.kafka.common.requests.ApiVersionsRequest in project apache-kafka-on-k8s by banzaicloud.
the class SaslAuthenticatorTest method sendVersionRequestReceiveResponse.
private ApiVersionsResponse sendVersionRequestReceiveResponse(String node) throws Exception {
ApiVersionsRequest handshakeRequest = createApiVersionsRequestV0();
ApiVersionsResponse response = (ApiVersionsResponse) sendKafkaRequestReceiveResponse(node, ApiKeys.API_VERSIONS, handshakeRequest);
assertEquals(Errors.NONE, response.error());
return response;
}
Also used :
ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse)
ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest)
Example 12 with ApiVersionsRequest
use of org.apache.kafka.common.requests.ApiVersionsRequest in project kafka by apache.
the class SaslClientAuthenticator method authenticate.
/**
* Sends an empty message to the server to initiate the authentication process. It then evaluates server challenges
* via `SaslClient.evaluateChallenge` and returns client responses until authentication succeeds or fails.
*
* The messages are sent and received as size delimited bytes that consists of a 4 byte network-ordered size N
* followed by N bytes representing the opaque payload.
*/
@SuppressWarnings("fallthrough")
public void authenticate() throws IOException {
if (netOutBuffer != null && !flushNetOutBufferAndUpdateInterestOps())
return;
switch(saslState) {
case SEND_APIVERSIONS_REQUEST:
// Always use version 0 request since brokers treat requests with schema exceptions as GSSAPI tokens
ApiVersionsRequest apiVersionsRequest = new ApiVersionsRequest.Builder().build((short) 0);
send(apiVersionsRequest.toSend(nextRequestHeader(ApiKeys.API_VERSIONS, apiVersionsRequest.version())));
setSaslState(SaslState.RECEIVE_APIVERSIONS_RESPONSE);
break;
case RECEIVE_APIVERSIONS_RESPONSE:
ApiVersionsResponse apiVersionsResponse = (ApiVersionsResponse) receiveKafkaResponse();
if (apiVersionsResponse == null)
break;
else {
setSaslAuthenticateAndHandshakeVersions(apiVersionsResponse);
reauthInfo.apiVersionsResponseReceivedFromBroker = apiVersionsResponse;
setSaslState(SaslState.SEND_HANDSHAKE_REQUEST);
// Fall through to send handshake request with the latest supported version
}
case SEND_HANDSHAKE_REQUEST:
sendHandshakeRequest(saslHandshakeVersion);
setSaslState(SaslState.RECEIVE_HANDSHAKE_RESPONSE);
break;
case RECEIVE_HANDSHAKE_RESPONSE:
SaslHandshakeResponse handshakeResponse = (SaslHandshakeResponse) receiveKafkaResponse();
if (handshakeResponse == null)
break;
else {
handleSaslHandshakeResponse(handshakeResponse);
setSaslState(SaslState.INITIAL);
// Fall through and start SASL authentication using the configured client mechanism
}
case INITIAL:
sendInitialToken();
setSaslState(SaslState.INTERMEDIATE);
break;
case REAUTH_PROCESS_ORIG_APIVERSIONS_RESPONSE:
setSaslAuthenticateAndHandshakeVersions(reauthInfo.apiVersionsResponseFromOriginalAuthentication);
// Will set immediately
setSaslState(SaslState.REAUTH_SEND_HANDSHAKE_REQUEST);
// Fall through to send handshake request with the latest supported version
case REAUTH_SEND_HANDSHAKE_REQUEST:
sendHandshakeRequest(saslHandshakeVersion);
setSaslState(SaslState.REAUTH_RECEIVE_HANDSHAKE_OR_OTHER_RESPONSE);
break;
case REAUTH_RECEIVE_HANDSHAKE_OR_OTHER_RESPONSE:
handshakeResponse = (SaslHandshakeResponse) receiveKafkaResponse();
if (handshakeResponse == null)
break;
handleSaslHandshakeResponse(handshakeResponse);
// Will set immediately
setSaslState(SaslState.REAUTH_INITIAL);
/*
* Fall through and start SASL authentication using the configured client
* mechanism. Note that we have to either fall through or add a loop to enter
* the switch statement again. We will fall through to avoid adding the loop and
* therefore minimize the changes to authentication-related code due to the
* changes related to re-authentication.
*/
case REAUTH_INITIAL:
sendInitialToken();
setSaslState(SaslState.INTERMEDIATE);
break;
case INTERMEDIATE:
byte[] serverToken = receiveToken();
boolean noResponsesPending = serverToken != null && !sendSaslClientToken(serverToken, false);
// For versions with SASL_AUTHENTICATE header, server always sends a response to each SASL_AUTHENTICATE request.
if (saslClient.isComplete()) {
if (saslAuthenticateVersion == DISABLE_KAFKA_SASL_AUTHENTICATE_HEADER || noResponsesPending)
setSaslState(SaslState.COMPLETE);
else
setSaslState(SaslState.CLIENT_COMPLETE);
}
break;
case CLIENT_COMPLETE:
byte[] serverResponse = receiveToken();
if (serverResponse != null)
setSaslState(SaslState.COMPLETE);
break;
case COMPLETE:
break;
case FAILED:
// Should never get here since exception would have been propagated earlier
throw new IllegalStateException("SASL handshake has already failed");
}
}
Also used :
ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse)
SaslHandshakeResponse(org.apache.kafka.common.requests.SaslHandshakeResponse)
ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest)
Example 13 with ApiVersionsRequest
use of org.apache.kafka.common.requests.ApiVersionsRequest in project kafka by apache.
the class KafkaAdminClientTest method testDescribeFeaturesFailure.
@Test
public void testDescribeFeaturesFailure() {
try (final AdminClientUnitTestEnv env = mockClientEnv()) {
env.kafkaClient().prepareResponse(body -> body instanceof ApiVersionsRequest, prepareApiVersionsResponseForDescribeFeatures(Errors.INVALID_REQUEST));
final DescribeFeaturesOptions options = new DescribeFeaturesOptions();
options.timeoutMs(10000);
final KafkaFuture<FeatureMetadata> future = env.adminClient().describeFeatures(options).featureMetadata();
final ExecutionException e = assertThrows(ExecutionException.class, future::get);
assertEquals(e.getCause().getClass(), Errors.INVALID_REQUEST.exception().getClass());
}
}
Also used :
ExecutionException(java.util.concurrent.ExecutionException)
ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
Test(org.junit.jupiter.api.Test)
Example 14 with ApiVersionsRequest
use of org.apache.kafka.common.requests.ApiVersionsRequest in project kafka by apache.
the class SaslAuthenticatorTest method sendVersionRequestReceiveResponse.
private ApiVersionsResponse sendVersionRequestReceiveResponse(String node) throws Exception {
ApiVersionsRequest handshakeRequest = createApiVersionsRequestV0();
ApiVersionsResponse response = (ApiVersionsResponse) sendKafkaRequestReceiveResponse(node, ApiKeys.API_VERSIONS, handshakeRequest);
assertEquals(Errors.NONE.code(), response.data().errorCode());
return response;
}
Also used :
ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse)
ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest)
Example 15 with ApiVersionsRequest
use of org.apache.kafka.common.requests.ApiVersionsRequest in project kafka by apache.
the class SaslAuthenticatorTest method testValidApiVersionsRequest.
/**
* Tests that valid ApiVersionRequest is handled by the server correctly and
* returns an NONE error.
*/
@Test
public void testValidApiVersionsRequest() throws Exception {
short handshakeVersion = ApiKeys.SASL_HANDSHAKE.latestVersion();
SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
server = createEchoServer(securityProtocol);
// Send ApiVersionsRequest with valid version and validate error response.
String node = "1";
short version = ApiKeys.API_VERSIONS.latestVersion();
createClientConnection(SecurityProtocol.PLAINTEXT, node);
RequestHeader header = new RequestHeader(ApiKeys.API_VERSIONS, version, "someclient", 1);
ApiVersionsRequest request = new ApiVersionsRequest.Builder().build(version);
selector.send(new NetworkSend(node, request.toSend(header)));
ByteBuffer responseBuffer = waitForResponse();
ResponseHeader.parse(responseBuffer, ApiKeys.API_VERSIONS.responseHeaderVersion(version));
ApiVersionsResponse response = ApiVersionsResponse.parse(responseBuffer, version);
assertEquals(Errors.NONE.code(), response.data().errorCode());
// Test that client can authenticate successfully
sendHandshakeRequestReceiveResponse(node, handshakeVersion);
authenticateUsingSaslPlainAndCheckConnection(node, handshakeVersion > 0);
}
Also used :
ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse)
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
RequestHeader(org.apache.kafka.common.requests.RequestHeader)
NetworkSend(org.apache.kafka.common.network.NetworkSend)
ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest)
ByteBuffer(java.nio.ByteBuffer)
Test(org.junit.jupiter.api.Test)
Aggregations
ApiVersionsRequest (org.apache.kafka.common.requests.ApiVersionsRequest)16
ApiVersionsResponse (org.apache.kafka.common.requests.ApiVersionsResponse)10
RequestHeader (org.apache.kafka.common.requests.RequestHeader)10
ByteBuffer (java.nio.ByteBuffer)8
SecurityProtocol (org.apache.kafka.common.security.auth.SecurityProtocol)7
Test (org.junit.jupiter.api.Test)6
NetworkSend (org.apache.kafka.common.network.NetworkSend)4
IllegalSaslStateException (org.apache.kafka.common.errors.IllegalSaslStateException)3
ApiKeys (org.apache.kafka.common.protocol.ApiKeys)3
Test (org.junit.Test)3
InvalidRequestException (org.apache.kafka.common.errors.InvalidRequestException)2
UnsupportedSaslMechanismException (org.apache.kafka.common.errors.UnsupportedSaslMechanismException)2
ApiVersion (org.apache.kafka.common.message.ApiVersionsResponseData.ApiVersion)2
RequestAndSize (org.apache.kafka.common.requests.RequestAndSize)2
RequestContext (org.apache.kafka.common.requests.RequestContext)2
SaslHandshakeResponse (org.apache.kafka.common.requests.SaslHandshakeResponse)2
IOException (java.io.IOException)1
InetAddress (java.net.InetAddress)1
Collections (java.util.Collections)1
HashMap (java.util.HashMap)1
