Example 31 with RequestHeader
use of org.apache.kafka.common.requests.RequestHeader in project kafka by apache.
the class SaslAuthenticatorTest method testSaslHandshakeRequestWithUnsupportedVersion.
/**
* Tests that unsupported version of SASL handshake request returns error
* response and fails authentication. This test is similar to
* {@link #testUnauthenticatedApiVersionsRequest(SecurityProtocol, short)}
* where a non-SASL client is used to send requests that are processed by
* {@link SaslServerAuthenticator} of the server prior to client authentication.
*/
@Test
public void testSaslHandshakeRequestWithUnsupportedVersion() throws Exception {
SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
server = createEchoServer(securityProtocol);
// Send SaslHandshakeRequest and validate that connection is closed by server.
String node1 = "invalid1";
createClientConnection(SecurityProtocol.PLAINTEXT, node1);
SaslHandshakeRequest request = buildSaslHandshakeRequest("PLAIN", ApiKeys.SASL_HANDSHAKE.latestVersion());
RequestHeader header = new RequestHeader(ApiKeys.SASL_HANDSHAKE, Short.MAX_VALUE, "someclient", 2);
selector.send(new NetworkSend(node1, request.toSend(header)));
// This test uses a non-SASL PLAINTEXT client in order to do manual handshake.
// So the channel is in READY state.
NetworkTestUtils.waitForChannelClose(selector, node1, ChannelState.READY.state());
selector.close();
// Test good connection still works
createAndCheckClientConnection(securityProtocol, "good1");
}
Also used :
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
RequestHeader(org.apache.kafka.common.requests.RequestHeader)
NetworkSend(org.apache.kafka.common.network.NetworkSend)
SaslHandshakeRequest(org.apache.kafka.common.requests.SaslHandshakeRequest)
Test(org.junit.jupiter.api.Test)
Example 32 with RequestHeader
use of org.apache.kafka.common.requests.RequestHeader in project kafka by apache.
the class SaslAuthenticatorTest method testDisallowedKafkaRequestsBeforeAuthentication.
/**
* Tests that Kafka requests that are forbidden until successful authentication result
* in authentication failure and do not cause any failures in the server.
*/
@Test
public void testDisallowedKafkaRequestsBeforeAuthentication() throws Exception {
SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
server = createEchoServer(securityProtocol);
// Send metadata request before Kafka SASL handshake request
String node1 = "invalid1";
createClientConnection(SecurityProtocol.PLAINTEXT, node1);
MetadataRequest metadataRequest1 = new MetadataRequest.Builder(Collections.singletonList("sometopic"), true).build();
RequestHeader metadataRequestHeader1 = new RequestHeader(ApiKeys.METADATA, metadataRequest1.version(), "someclient", 1);
selector.send(new NetworkSend(node1, metadataRequest1.toSend(metadataRequestHeader1)));
NetworkTestUtils.waitForChannelClose(selector, node1, ChannelState.READY.state());
selector.close();
// Test good connection still works
createAndCheckClientConnection(securityProtocol, "good1");
// Send metadata request after Kafka SASL handshake request
String node2 = "invalid2";
createClientConnection(SecurityProtocol.PLAINTEXT, node2);
sendHandshakeRequestReceiveResponse(node2, (short) 1);
MetadataRequest metadataRequest2 = new MetadataRequest.Builder(Collections.singletonList("sometopic"), true).build();
RequestHeader metadataRequestHeader2 = new RequestHeader(ApiKeys.METADATA, metadataRequest2.version(), "someclient", 2);
selector.send(new NetworkSend(node2, metadataRequest2.toSend(metadataRequestHeader2)));
NetworkTestUtils.waitForChannelClose(selector, node2, ChannelState.READY.state());
selector.close();
// Test good connection still works
createAndCheckClientConnection(securityProtocol, "good2");
}
Also used :
MetadataRequest(org.apache.kafka.common.requests.MetadataRequest)
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
RequestHeader(org.apache.kafka.common.requests.RequestHeader)
NetworkSend(org.apache.kafka.common.network.NetworkSend)
Test(org.junit.jupiter.api.Test)
Example 33 with RequestHeader
use of org.apache.kafka.common.requests.RequestHeader in project kafka by apache.
the class SaslAuthenticatorTest method testValidApiVersionsRequest.
/**
* Tests that valid ApiVersionRequest is handled by the server correctly and
* returns an NONE error.
*/
@Test
public void testValidApiVersionsRequest() throws Exception {
short handshakeVersion = ApiKeys.SASL_HANDSHAKE.latestVersion();
SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
server = createEchoServer(securityProtocol);
// Send ApiVersionsRequest with valid version and validate error response.
String node = "1";
short version = ApiKeys.API_VERSIONS.latestVersion();
createClientConnection(SecurityProtocol.PLAINTEXT, node);
RequestHeader header = new RequestHeader(ApiKeys.API_VERSIONS, version, "someclient", 1);
ApiVersionsRequest request = new ApiVersionsRequest.Builder().build(version);
selector.send(new NetworkSend(node, request.toSend(header)));
ByteBuffer responseBuffer = waitForResponse();
ResponseHeader.parse(responseBuffer, ApiKeys.API_VERSIONS.responseHeaderVersion(version));
ApiVersionsResponse response = ApiVersionsResponse.parse(responseBuffer, version);
assertEquals(Errors.NONE.code(), response.data().errorCode());
// Test that client can authenticate successfully
sendHandshakeRequestReceiveResponse(node, handshakeVersion);
authenticateUsingSaslPlainAndCheckConnection(node, handshakeVersion > 0);
}
Also used :
ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse)
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
RequestHeader(org.apache.kafka.common.requests.RequestHeader)
NetworkSend(org.apache.kafka.common.network.NetworkSend)
ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest)
ByteBuffer(java.nio.ByteBuffer)
Test(org.junit.jupiter.api.Test)
Example 34 with RequestHeader
use of org.apache.kafka.common.requests.RequestHeader in project kafka by apache.
the class SaslServerAuthenticatorTest method testApiVersionsRequest.
private void testApiVersionsRequest(short version, String expectedSoftwareName, String expectedSoftwareVersion) throws IOException {
TransportLayer transportLayer = mock(TransportLayer.class, Answers.RETURNS_DEEP_STUBS);
Map<String, ?> configs = Collections.singletonMap(BrokerSecurityConfigs.SASL_ENABLED_MECHANISMS_CONFIG, Collections.singletonList(SCRAM_SHA_256.mechanismName()));
ChannelMetadataRegistry metadataRegistry = new DefaultChannelMetadataRegistry();
SaslServerAuthenticator authenticator = setupAuthenticator(configs, transportLayer, SCRAM_SHA_256.mechanismName(), metadataRegistry);
RequestHeader header = new RequestHeader(ApiKeys.API_VERSIONS, version, "clientId", 0);
ByteBuffer headerBuffer = RequestTestUtils.serializeRequestHeader(header);
ApiVersionsRequest request = new ApiVersionsRequest.Builder().build(version);
ByteBuffer requestBuffer = request.serialize();
requestBuffer.rewind();
when(transportLayer.socketChannel().socket().getInetAddress()).thenReturn(InetAddress.getLoopbackAddress());
when(transportLayer.read(any(ByteBuffer.class))).then(invocation -> {
invocation.<ByteBuffer>getArgument(0).putInt(headerBuffer.remaining() + requestBuffer.remaining());
return 4;
}).then(invocation -> {
invocation.<ByteBuffer>getArgument(0).put(headerBuffer.duplicate()).put(requestBuffer.duplicate());
return headerBuffer.remaining() + requestBuffer.remaining();
});
authenticator.authenticate();
assertEquals(expectedSoftwareName, metadataRegistry.clientInformation().softwareName());
assertEquals(expectedSoftwareVersion, metadataRegistry.clientInformation().softwareVersion());
verify(transportLayer, times(2)).read(any(ByteBuffer.class));
}
Also used :
Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows)
Assertions.fail(org.junit.jupiter.api.Assertions.fail)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest)
AppInfoParser(org.apache.kafka.common.utils.AppInfoParser)
RequestTestUtils(org.apache.kafka.common.requests.RequestTestUtils)
HashMap(java.util.HashMap)
AuthenticateCallbackHandler(org.apache.kafka.common.security.auth.AuthenticateCallbackHandler)
ClientInformation(org.apache.kafka.common.network.ClientInformation)
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
ByteBuffer(java.nio.ByteBuffer)
InetAddress(java.net.InetAddress)
ListenerName(org.apache.kafka.common.network.ListenerName)
RequestHeader(org.apache.kafka.common.requests.RequestHeader)
IllegalSaslStateException(org.apache.kafka.common.errors.IllegalSaslStateException)
ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse)
Map(java.util.Map)
PlainLoginModule(org.apache.kafka.common.security.plain.PlainLoginModule)
SCRAM_SHA_256(org.apache.kafka.common.security.scram.internals.ScramMechanism.SCRAM_SHA_256)
Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals)
DefaultChannelMetadataRegistry(org.apache.kafka.common.network.DefaultChannelMetadataRegistry)
Answers(org.mockito.Answers)
Time(org.apache.kafka.common.utils.Time)
BrokerSecurityConfigs(org.apache.kafka.common.config.internals.BrokerSecurityConfigs)
TransportLayer(org.apache.kafka.common.network.TransportLayer)
IOException(java.io.IOException)
Mockito.times(org.mockito.Mockito.times)
InvalidReceiveException(org.apache.kafka.common.network.InvalidReceiveException)
Mockito.when(org.mockito.Mockito.when)
ApiKeys(org.apache.kafka.common.protocol.ApiKeys)
Subject(javax.security.auth.Subject)
Mockito.verify(org.mockito.Mockito.verify)
Test(org.junit.jupiter.api.Test)
ApiMessageType(org.apache.kafka.common.message.ApiMessageType)
ChannelMetadataRegistry(org.apache.kafka.common.network.ChannelMetadataRegistry)
Collections(java.util.Collections)
Mockito.mock(org.mockito.Mockito.mock)
TransportLayer(org.apache.kafka.common.network.TransportLayer)
DefaultChannelMetadataRegistry(org.apache.kafka.common.network.DefaultChannelMetadataRegistry)
ChannelMetadataRegistry(org.apache.kafka.common.network.ChannelMetadataRegistry)
RequestHeader(org.apache.kafka.common.requests.RequestHeader)
DefaultChannelMetadataRegistry(org.apache.kafka.common.network.DefaultChannelMetadataRegistry)
ByteBuffer(java.nio.ByteBuffer)
ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest)
Example 35 with RequestHeader
use of org.apache.kafka.common.requests.RequestHeader in project kafka by apache.
the class SaslServerAuthenticatorTest method testUnexpectedRequestType.
@Test
public void testUnexpectedRequestType() throws IOException {
TransportLayer transportLayer = mock(TransportLayer.class);
Map<String, ?> configs = Collections.singletonMap(BrokerSecurityConfigs.SASL_ENABLED_MECHANISMS_CONFIG, Collections.singletonList(SCRAM_SHA_256.mechanismName()));
SaslServerAuthenticator authenticator = setupAuthenticator(configs, transportLayer, SCRAM_SHA_256.mechanismName(), new DefaultChannelMetadataRegistry());
RequestHeader header = new RequestHeader(ApiKeys.METADATA, (short) 0, "clientId", 13243);
ByteBuffer headerBuffer = RequestTestUtils.serializeRequestHeader(header);
when(transportLayer.read(any(ByteBuffer.class))).then(invocation -> {
invocation.<ByteBuffer>getArgument(0).putInt(headerBuffer.remaining());
return 4;
}).then(invocation -> {
// serialize only the request header. the authenticator should not parse beyond this
invocation.<ByteBuffer>getArgument(0).put(headerBuffer.duplicate());
return headerBuffer.remaining();
});
try {
authenticator.authenticate();
fail("Expected authenticate() to raise an exception");
} catch (IllegalSaslStateException e) {
// expected exception
}
verify(transportLayer, times(2)).read(any(ByteBuffer.class));
}
Also used :
Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows)
Assertions.fail(org.junit.jupiter.api.Assertions.fail)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest)
AppInfoParser(org.apache.kafka.common.utils.AppInfoParser)
RequestTestUtils(org.apache.kafka.common.requests.RequestTestUtils)
HashMap(java.util.HashMap)
AuthenticateCallbackHandler(org.apache.kafka.common.security.auth.AuthenticateCallbackHandler)
ClientInformation(org.apache.kafka.common.network.ClientInformation)
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
ByteBuffer(java.nio.ByteBuffer)
InetAddress(java.net.InetAddress)
ListenerName(org.apache.kafka.common.network.ListenerName)
RequestHeader(org.apache.kafka.common.requests.RequestHeader)
IllegalSaslStateException(org.apache.kafka.common.errors.IllegalSaslStateException)
ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse)
Map(java.util.Map)
PlainLoginModule(org.apache.kafka.common.security.plain.PlainLoginModule)
SCRAM_SHA_256(org.apache.kafka.common.security.scram.internals.ScramMechanism.SCRAM_SHA_256)
Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals)
DefaultChannelMetadataRegistry(org.apache.kafka.common.network.DefaultChannelMetadataRegistry)
Answers(org.mockito.Answers)
Time(org.apache.kafka.common.utils.Time)
BrokerSecurityConfigs(org.apache.kafka.common.config.internals.BrokerSecurityConfigs)
TransportLayer(org.apache.kafka.common.network.TransportLayer)
IOException(java.io.IOException)
Mockito.times(org.mockito.Mockito.times)
InvalidReceiveException(org.apache.kafka.common.network.InvalidReceiveException)
Mockito.when(org.mockito.Mockito.when)
ApiKeys(org.apache.kafka.common.protocol.ApiKeys)
Subject(javax.security.auth.Subject)
Mockito.verify(org.mockito.Mockito.verify)
Test(org.junit.jupiter.api.Test)
ApiMessageType(org.apache.kafka.common.message.ApiMessageType)
ChannelMetadataRegistry(org.apache.kafka.common.network.ChannelMetadataRegistry)
Collections(java.util.Collections)
Mockito.mock(org.mockito.Mockito.mock)
TransportLayer(org.apache.kafka.common.network.TransportLayer)
RequestHeader(org.apache.kafka.common.requests.RequestHeader)
DefaultChannelMetadataRegistry(org.apache.kafka.common.network.DefaultChannelMetadataRegistry)
IllegalSaslStateException(org.apache.kafka.common.errors.IllegalSaslStateException)
ByteBuffer(java.nio.ByteBuffer)
Test(org.junit.jupiter.api.Test)
Aggregations
RequestHeader (org.apache.kafka.common.requests.RequestHeader)35
ByteBuffer (java.nio.ByteBuffer)19
SecurityProtocol (org.apache.kafka.common.security.auth.SecurityProtocol)12
Test (org.junit.jupiter.api.Test)12
ApiVersionsRequest (org.apache.kafka.common.requests.ApiVersionsRequest)11
NetworkSend (org.apache.kafka.common.network.NetworkSend)10
ApiVersionsResponse (org.apache.kafka.common.requests.ApiVersionsResponse)10
ApiKeys (org.apache.kafka.common.protocol.ApiKeys)7
IllegalSaslStateException (org.apache.kafka.common.errors.IllegalSaslStateException)6
RequestContext (org.apache.kafka.common.requests.RequestContext)6
Test (org.junit.Test)5
Collections (java.util.Collections)4
MetadataRequest (org.apache.kafka.common.requests.MetadataRequest)4
IOException (java.io.IOException)3
InetAddress (java.net.InetAddress)3
HashMap (java.util.HashMap)3
Map (java.util.Map)3
ApiVersionsResponseData (org.apache.kafka.common.message.ApiVersionsResponseData)3
ApiVersion (org.apache.kafka.common.message.ApiVersionsResponseData.ApiVersion)3
TransportLayer (org.apache.kafka.common.network.TransportLayer)3
