Search in sources :

Example 1 with SecurityProtocol

use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.

the class ClientAuthenticationFailureTest method setup.

@Before
public void setup() throws Exception {
    LoginManager.closeAll();
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
    saslServerConfigs = new HashMap<>();
    saslServerConfigs.put(BrokerSecurityConfigs.SASL_ENABLED_MECHANISMS_CONFIG, Arrays.asList("PLAIN"));
    saslClientConfigs = new HashMap<>();
    saslClientConfigs.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SASL_PLAINTEXT");
    saslClientConfigs.put(SaslConfigs.SASL_MECHANISM, "PLAIN");
    testJaasConfig = TestJaasConfig.createConfiguration("PLAIN", Arrays.asList("PLAIN"));
    testJaasConfig.setClientOptions("PLAIN", TestJaasConfig.USERNAME, "anotherpassword");
    server = createEchoServer(securityProtocol);
}
Also used : SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) Before(org.junit.Before)

Example 2 with SecurityProtocol

use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method testJaasConfigurationForListener.

@Test
public void testJaasConfigurationForListener() throws Exception {
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
    saslClientConfigs.put(SaslConfigs.SASL_MECHANISM, "PLAIN");
    saslServerConfigs.put(BrokerSecurityConfigs.SASL_ENABLED_MECHANISMS_CONFIG, Arrays.asList("PLAIN"));
    TestJaasConfig staticJaasConfig = new TestJaasConfig();
    Map<String, Object> globalServerOptions = new HashMap<>();
    globalServerOptions.put("user_global1", "gsecret1");
    globalServerOptions.put("user_global2", "gsecret2");
    staticJaasConfig.createOrUpdateEntry(TestJaasConfig.LOGIN_CONTEXT_SERVER, PlainLoginModule.class.getName(), globalServerOptions);
    Map<String, Object> clientListenerServerOptions = new HashMap<>();
    clientListenerServerOptions.put("user_client1", "csecret1");
    clientListenerServerOptions.put("user_client2", "csecret2");
    String clientJaasEntryName = "client." + TestJaasConfig.LOGIN_CONTEXT_SERVER;
    staticJaasConfig.createOrUpdateEntry(clientJaasEntryName, PlainLoginModule.class.getName(), clientListenerServerOptions);
    Configuration.setConfiguration(staticJaasConfig);
    // Listener-specific credentials
    server = createEchoServer(new ListenerName("client"), securityProtocol);
    saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "client1", "csecret1"));
    createAndCheckClientConnection(securityProtocol, "1");
    saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "global1", "gsecret1"));
    createAndCheckClientConnectionFailure(securityProtocol, "2");
    server.close();
    // Global credentials as there is no listener-specific JAAS entry
    server = createEchoServer(new ListenerName("other"), securityProtocol);
    saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "global1", "gsecret1"));
    createAndCheckClientConnection(securityProtocol, "3");
    saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, TestJaasConfig.jaasConfigProperty("PLAIN", "client1", "csecret1"));
    createAndCheckClientConnectionFailure(securityProtocol, "4");
}
Also used : HashMap(java.util.HashMap) SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) PlainLoginModule(org.apache.kafka.common.security.plain.PlainLoginModule) ListenerName(org.apache.kafka.common.network.ListenerName) Test(org.junit.Test)

Example 3 with SecurityProtocol

use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method testInvalidPasswordSaslScram.

/**
 * Tests that SASL/SCRAM clients fail authentication if password is invalid.
 */
@Test
public void testInvalidPasswordSaslScram() throws Exception {
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
    TestJaasConfig jaasConfig = configureMechanisms("SCRAM-SHA-256", Arrays.asList("SCRAM-SHA-256"));
    Map<String, Object> options = new HashMap<>();
    options.put("username", TestJaasConfig.USERNAME);
    options.put("password", "invalidpassword");
    jaasConfig.createOrUpdateEntry(TestJaasConfig.LOGIN_CONTEXT_CLIENT, ScramLoginModule.class.getName(), options);
    String node = "0";
    server = createEchoServer(securityProtocol);
    updateScramCredentialCache(TestJaasConfig.USERNAME, TestJaasConfig.PASSWORD);
    createAndCheckClientAuthenticationFailure(securityProtocol, node, "SCRAM-SHA-256", null);
    server.verifyAuthenticationMetrics(0, 1);
}
Also used : HashMap(java.util.HashMap) ScramLoginModule(org.apache.kafka.common.security.scram.ScramLoginModule) SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) Test(org.junit.Test)

Example 4 with SecurityProtocol

use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method testMissingPasswordSaslPlain.

/**
 * Tests that SASL/PLAIN clients with missing password in JAAS configuration fail authentication.
 */
@Test
public void testMissingPasswordSaslPlain() throws Exception {
    String node = "0";
    TestJaasConfig jaasConfig = configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
    jaasConfig.setClientOptions("PLAIN", "myuser", null);
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
    server = createEchoServer(securityProtocol);
    createSelector(securityProtocol, saslClientConfigs);
    InetSocketAddress addr = new InetSocketAddress("127.0.0.1", server.port());
    try {
        selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
        fail("SASL/PLAIN channel created without password");
    } catch (IOException e) {
    // Expected exception
    }
}
Also used : InetSocketAddress(java.net.InetSocketAddress) SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) IOException(java.io.IOException) Test(org.junit.Test)

Example 5 with SecurityProtocol

use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method testValidSaslScramMechanisms.

/**
 * Tests all supported SCRAM client and server channels. Also tests that all
 * supported SCRAM mechanisms can be supported simultaneously on a server.
 */
@Test
public void testValidSaslScramMechanisms() throws Exception {
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
    configureMechanisms("SCRAM-SHA-256", new ArrayList<>(ScramMechanism.mechanismNames()));
    server = createEchoServer(securityProtocol);
    updateScramCredentialCache(TestJaasConfig.USERNAME, TestJaasConfig.PASSWORD);
    for (String mechanism : ScramMechanism.mechanismNames()) {
        saslClientConfigs.put(SaslConfigs.SASL_MECHANISM, mechanism);
        createAndCheckClientConnection(securityProtocol, "node-" + mechanism);
    }
}
Also used : SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) Test(org.junit.Test)

Aggregations

SecurityProtocol (org.apache.kafka.common.security.auth.SecurityProtocol)94 Test (org.junit.jupiter.api.Test)50 Test (org.junit.Test)29 HashMap (java.util.HashMap)22 InetSocketAddress (java.net.InetSocketAddress)14 NetworkSend (org.apache.kafka.common.network.NetworkSend)11 RequestHeader (org.apache.kafka.common.requests.RequestHeader)11 PlainLoginModule (org.apache.kafka.common.security.plain.PlainLoginModule)10 TestSecurityConfig (org.apache.kafka.common.security.TestSecurityConfig)9 ScramLoginModule (org.apache.kafka.common.security.scram.ScramLoginModule)9 IOException (java.io.IOException)8 ByteBuffer (java.nio.ByteBuffer)8 ListenerName (org.apache.kafka.common.network.ListenerName)7 ApiVersionsRequest (org.apache.kafka.common.requests.ApiVersionsRequest)7 ApiVersionsResponse (org.apache.kafka.common.requests.ApiVersionsResponse)7 KafkaException (org.apache.kafka.common.KafkaException)6 LogContext (org.apache.kafka.common.utils.LogContext)6 Password (org.apache.kafka.common.config.types.Password)5 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)5 ArgumentsSource (org.junit.jupiter.params.provider.ArgumentsSource)5