Examples with TestSecurityConfig org.apache.kafka.common.security.TestSecurityConfig used on opensource projects

Search in sources :

Example 11 with TestSecurityConfig

use of org.apache.kafka.common.security.TestSecurityConfig in project kafka by apache.

the class SslFactoryTest method testUsedConfigs.

@Test
public void testUsedConfigs() throws IOException, GeneralSecurityException {
    Map<String, Object> serverSslConfig = sslConfigsBuilder(Mode.SERVER).createNewTrustStore(File.createTempFile("truststore", ".jks")).useClientCert(false).build();
    serverSslConfig.put(SslConfigs.SSL_ENGINE_FACTORY_CLASS_CONFIG, TestSslUtils.TestSslEngineFactory.class);
    TestSecurityConfig securityConfig = new TestSecurityConfig(serverSslConfig);
    SslFactory sslFactory = new SslFactory(Mode.SERVER);
    sslFactory.configure(securityConfig.values());
    assertFalse(securityConfig.unused().contains(SslConfigs.SSL_ENGINE_FACTORY_CLASS_CONFIG));
}
Also used : TestSslUtils(org.apache.kafka.test.TestSslUtils) TestSecurityConfig(org.apache.kafka.common.security.TestSecurityConfig) Test(org.junit.jupiter.api.Test)

Example 12 with TestSecurityConfig

use of org.apache.kafka.common.security.TestSecurityConfig in project kafka by apache.

the class SslTransportLayerTest method testEndpointIdentificationDisabled.

/**
     * Tests that server certificate with invalid IP address is accepted by
     * a client that has disabled endpoint validation
     */
@Test
public void testEndpointIdentificationDisabled() throws Exception {
    String node = "0";
    String serverHost = InetAddress.getLocalHost().getHostAddress();
    SecurityProtocol securityProtocol = SecurityProtocol.SSL;
    server = new NioEchoServer(ListenerName.forSecurityProtocol(securityProtocol), securityProtocol, new TestSecurityConfig(sslServerConfigs), serverHost);
    server.start();
    sslClientConfigs.remove(SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG);
    createSelector(sslClientConfigs);
    InetSocketAddress addr = new InetSocketAddress(serverHost, server.port());
    selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
    NetworkTestUtils.checkClientConnection(selector, node, 100, 10);
}
Also used : InetSocketAddress(java.net.InetSocketAddress) SecurityProtocol(org.apache.kafka.common.protocol.SecurityProtocol) TestSecurityConfig(org.apache.kafka.common.security.TestSecurityConfig) Test(org.junit.Test)

Example 13 with TestSecurityConfig

use of org.apache.kafka.common.security.TestSecurityConfig in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method startServerWithoutSaslAuthenticateHeader.

private NioEchoServer startServerWithoutSaslAuthenticateHeader(final SecurityProtocol securityProtocol, String saslMechanism) throws Exception {
    final ListenerName listenerName = ListenerName.forSecurityProtocol(securityProtocol);
    final Map<String, ?> configs = Collections.emptyMap();
    final JaasContext jaasContext = JaasContext.loadServerContext(listenerName, saslMechanism, configs);
    final Map<String, JaasContext> jaasContexts = Collections.singletonMap(saslMechanism, jaasContext);
    boolean isScram = ScramMechanism.isScram(saslMechanism);
    if (isScram)
        ScramCredentialUtils.createCache(credentialCache, Arrays.asList(saslMechanism));
    SaslChannelBuilder serverChannelBuilder = new SaslChannelBuilder(Mode.SERVER, jaasContexts, securityProtocol, listenerName, false, saslMechanism, true, credentialCache, null) {

        @Override
        protected SaslServerAuthenticator buildServerAuthenticator(Map<String, ?> configs, String id, TransportLayer transportLayer, Map<String, Subject> subjects) throws IOException {
            return new SaslServerAuthenticator(configs, id, jaasContexts, subjects, null, credentialCache, listenerName, securityProtocol, transportLayer, null) {

                @Override
                protected ApiVersionsResponse apiVersionsResponse() {
                    List<ApiVersion> apiVersions = new ArrayList<>(ApiVersionsResponse.defaultApiVersionsResponse().apiVersions());
                    for (Iterator<ApiVersion> it = apiVersions.iterator(); it.hasNext(); ) {
                        ApiVersion apiVersion = it.next();
                        if (apiVersion.apiKey == ApiKeys.SASL_AUTHENTICATE.id) {
                            it.remove();
                            break;
                        }
                    }
                    return new ApiVersionsResponse(0, Errors.NONE, apiVersions);
                }

                @Override
                protected void enableKafkaSaslAuthenticateHeaders(boolean flag) {
                // Don't enable Kafka SASL_AUTHENTICATE headers
                }
            };
        }
    };
    serverChannelBuilder.configure(saslServerConfigs);
    server = new NioEchoServer(listenerName, securityProtocol, new TestSecurityConfig(saslServerConfigs), "localhost", serverChannelBuilder, credentialCache);
    server.start();
    return server;
}
Also used : ApiVersion(org.apache.kafka.common.requests.ApiVersionsResponse.ApiVersion) ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse) ArrayList(java.util.ArrayList) ListenerName(org.apache.kafka.common.network.ListenerName) TransportLayer(org.apache.kafka.common.network.TransportLayer) JaasContext(org.apache.kafka.common.security.JaasContext) NioEchoServer(org.apache.kafka.common.network.NioEchoServer) TestSecurityConfig(org.apache.kafka.common.security.TestSecurityConfig) SaslChannelBuilder(org.apache.kafka.common.network.SaslChannelBuilder) Map(java.util.Map) HashMap(java.util.HashMap)

Example 14 with TestSecurityConfig

use of org.apache.kafka.common.security.TestSecurityConfig in project apache-kafka-on-k8s by banzaicloud.

the class AbstractConfigTest method testValuesWithPrefixOverride.

@Test
public void testValuesWithPrefixOverride() {
    String prefix = "prefix.";
    Properties props = new Properties();
    props.put("sasl.mechanism", "PLAIN");
    props.put("prefix.sasl.mechanism", "GSSAPI");
    props.put("prefix.sasl.kerberos.kinit.cmd", "/usr/bin/kinit2");
    props.put("prefix.ssl.truststore.location", "my location");
    props.put("sasl.kerberos.service.name", "service name");
    props.put("ssl.keymanager.algorithm", "algorithm");
    TestSecurityConfig config = new TestSecurityConfig(props);
    Map<String, Object> valuesWithPrefixOverride = config.valuesWithPrefixOverride(prefix);
    // prefix overrides global
    assertTrue(config.unused().contains("prefix.sasl.mechanism"));
    assertTrue(config.unused().contains("sasl.mechanism"));
    assertEquals("GSSAPI", valuesWithPrefixOverride.get("sasl.mechanism"));
    assertFalse(config.unused().contains("sasl.mechanism"));
    assertFalse(config.unused().contains("prefix.sasl.mechanism"));
    // prefix overrides default
    assertTrue(config.unused().contains("prefix.sasl.kerberos.kinit.cmd"));
    assertFalse(config.unused().contains("sasl.kerberos.kinit.cmd"));
    assertEquals("/usr/bin/kinit2", valuesWithPrefixOverride.get("sasl.kerberos.kinit.cmd"));
    assertFalse(config.unused().contains("sasl.kerberos.kinit.cmd"));
    assertFalse(config.unused().contains("prefix.sasl.kerberos.kinit.cmd"));
    // prefix override with no default
    assertTrue(config.unused().contains("prefix.ssl.truststore.location"));
    assertFalse(config.unused().contains("ssl.truststore.location"));
    assertEquals("my location", valuesWithPrefixOverride.get("ssl.truststore.location"));
    assertFalse(config.unused().contains("ssl.truststore.location"));
    assertFalse(config.unused().contains("prefix.ssl.truststore.location"));
    // global overrides default
    assertTrue(config.unused().contains("ssl.keymanager.algorithm"));
    assertEquals("algorithm", valuesWithPrefixOverride.get("ssl.keymanager.algorithm"));
    assertFalse(config.unused().contains("ssl.keymanager.algorithm"));
    // global with no default
    assertTrue(config.unused().contains("sasl.kerberos.service.name"));
    assertEquals("service name", valuesWithPrefixOverride.get("sasl.kerberos.service.name"));
    assertFalse(config.unused().contains("sasl.kerberos.service.name"));
    // unset with default
    assertFalse(config.unused().contains("sasl.kerberos.min.time.before.relogin"));
    assertEquals(SaslConfigs.DEFAULT_KERBEROS_MIN_TIME_BEFORE_RELOGIN, valuesWithPrefixOverride.get("sasl.kerberos.min.time.before.relogin"));
    assertFalse(config.unused().contains("sasl.kerberos.min.time.before.relogin"));
    // unset with no default
    assertFalse(config.unused().contains("ssl.key.password"));
    assertNull(valuesWithPrefixOverride.get("ssl.key.password"));
    assertFalse(config.unused().contains("ssl.key.password"));
}
Also used : TestSecurityConfig(org.apache.kafka.common.security.TestSecurityConfig) Properties(java.util.Properties) Test(org.junit.Test)

Example 15 with TestSecurityConfig

use of org.apache.kafka.common.security.TestSecurityConfig in project apache-kafka-on-k8s by banzaicloud.

the class AbstractConfigTest method testValuesWithSecondaryPrefix.

@Test
public void testValuesWithSecondaryPrefix() {
    String prefix = "listener.name.listener1.";
    Password saslJaasConfig1 = new Password("test.myLoginModule1 required;");
    Password saslJaasConfig2 = new Password("test.myLoginModule2 required;");
    Password saslJaasConfig3 = new Password("test.myLoginModule3 required;");
    Properties props = new Properties();
    props.put("listener.name.listener1.test-mechanism.sasl.jaas.config", saslJaasConfig1.value());
    props.put("test-mechanism.sasl.jaas.config", saslJaasConfig2.value());
    props.put("sasl.jaas.config", saslJaasConfig3.value());
    props.put("listener.name.listener1.gssapi.sasl.kerberos.kinit.cmd", "/usr/bin/kinit2");
    props.put("listener.name.listener1.gssapi.sasl.kerberos.service.name", "testkafka");
    props.put("listener.name.listener1.gssapi.sasl.kerberos.min.time.before.relogin", "60000");
    props.put("ssl.provider", "TEST");
    TestSecurityConfig config = new TestSecurityConfig(props);
    Map<String, Object> valuesWithPrefixOverride = config.valuesWithPrefixOverride(prefix);
    // prefix with mechanism overrides global
    assertTrue(config.unused().contains("listener.name.listener1.test-mechanism.sasl.jaas.config"));
    assertTrue(config.unused().contains("test-mechanism.sasl.jaas.config"));
    assertEquals(saslJaasConfig1, valuesWithPrefixOverride.get("test-mechanism.sasl.jaas.config"));
    assertEquals(saslJaasConfig3, valuesWithPrefixOverride.get("sasl.jaas.config"));
    assertFalse(config.unused().contains("listener.name.listener1.test-mechanism.sasl.jaas.config"));
    assertFalse(config.unused().contains("test-mechanism.sasl.jaas.config"));
    assertFalse(config.unused().contains("sasl.jaas.config"));
    // prefix with mechanism overrides default
    assertFalse(config.unused().contains("sasl.kerberos.kinit.cmd"));
    assertTrue(config.unused().contains("listener.name.listener1.gssapi.sasl.kerberos.kinit.cmd"));
    assertFalse(config.unused().contains("gssapi.sasl.kerberos.kinit.cmd"));
    assertFalse(config.unused().contains("sasl.kerberos.kinit.cmd"));
    assertEquals("/usr/bin/kinit2", valuesWithPrefixOverride.get("gssapi.sasl.kerberos.kinit.cmd"));
    assertFalse(config.unused().contains("listener.name.listener1.sasl.kerberos.kinit.cmd"));
    // prefix override for mechanism with no default
    assertFalse(config.unused().contains("sasl.kerberos.service.name"));
    assertTrue(config.unused().contains("listener.name.listener1.gssapi.sasl.kerberos.service.name"));
    assertFalse(config.unused().contains("gssapi.sasl.kerberos.service.name"));
    assertFalse(config.unused().contains("sasl.kerberos.service.name"));
    assertEquals("testkafka", valuesWithPrefixOverride.get("gssapi.sasl.kerberos.service.name"));
    assertFalse(config.unused().contains("listener.name.listener1.gssapi.sasl.kerberos.service.name"));
    // unset with no default
    assertTrue(config.unused().contains("ssl.provider"));
    assertNull(valuesWithPrefixOverride.get("gssapi.ssl.provider"));
    assertTrue(config.unused().contains("ssl.provider"));
}
Also used : TestSecurityConfig(org.apache.kafka.common.security.TestSecurityConfig) Properties(java.util.Properties) Password(org.apache.kafka.common.config.types.Password) Test(org.junit.Test)

Aggregations

TestSecurityConfig (org.apache.kafka.common.security.TestSecurityConfig)27 InetSocketAddress (java.net.InetSocketAddress)13 Properties (java.util.Properties)8 SecurityProtocol (org.apache.kafka.common.security.auth.SecurityProtocol)8 LogContext (org.apache.kafka.common.utils.LogContext)8 Test (org.junit.Test)8 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)8 Test (org.junit.jupiter.api.Test)7 ArgumentsSource (org.junit.jupiter.params.provider.ArgumentsSource)7 HashMap (java.util.HashMap)5 Password (org.apache.kafka.common.config.types.Password)5 ListenerName (org.apache.kafka.common.network.ListenerName)3 NioEchoServer (org.apache.kafka.common.network.NioEchoServer)3 SaslChannelBuilder (org.apache.kafka.common.network.SaslChannelBuilder)3 ApiVersionsResponse (org.apache.kafka.common.requests.ApiVersionsResponse)3 JaasContext (org.apache.kafka.common.security.JaasContext)3 SelectionKey (java.nio.channels.SelectionKey)2 Map (java.util.Map)2 SSLEngine (javax.net.ssl.SSLEngine)2 SSLParameters (javax.net.ssl.SSLParameters)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial