Example 91 with SecurityProtocol
use of org.apache.kafka.common.security.auth.SecurityProtocol in project kafka by apache.
the class SaslAuthenticatorTest method testMissingUsernameSaslPlain.
/**
* Tests that SASL/PLAIN clients without valid username fail authentication.
*/
@Test
public void testMissingUsernameSaslPlain() throws Exception {
String node = "0";
TestJaasConfig jaasConfig = configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
jaasConfig.setClientOptions("PLAIN", null, "mypassword");
SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
server = createEchoServer(securityProtocol);
createSelector(securityProtocol, saslClientConfigs);
InetSocketAddress addr = new InetSocketAddress("localhost", server.port());
try {
selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
fail("SASL/PLAIN channel created without username");
} catch (IOException e) {
// Expected exception
assertTrue(selector.channels().isEmpty(), "Channels not closed");
for (SelectionKey key : selector.keys()) assertFalse(key.isValid(), "Key not cancelled");
}
}
Also used :
SelectionKey(java.nio.channels.SelectionKey)
InetSocketAddress(java.net.InetSocketAddress)
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
IOException(java.io.IOException)
Test(org.junit.jupiter.api.Test)
Example 92 with SecurityProtocol
use of org.apache.kafka.common.security.auth.SecurityProtocol in project kafka by apache.
the class SaslAuthenticatorTest method testInvalidSaslPacket.
/**
* Tests that any invalid data during Kafka SASL handshake request flow
* or the actual SASL authentication flow result in authentication failure
* and do not cause any failures in the server.
*/
@Test
public void testInvalidSaslPacket() throws Exception {
SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
server = createEchoServer(securityProtocol);
// Send invalid SASL packet after valid handshake request
String node1 = "invalid1";
createClientConnection(SecurityProtocol.PLAINTEXT, node1);
sendHandshakeRequestReceiveResponse(node1, (short) 1);
Random random = new Random();
byte[] bytes = new byte[1024];
random.nextBytes(bytes);
selector.send(new NetworkSend(node1, ByteBufferSend.sizePrefixed(ByteBuffer.wrap(bytes))));
NetworkTestUtils.waitForChannelClose(selector, node1, ChannelState.READY.state());
selector.close();
// Test good connection still works
createAndCheckClientConnection(securityProtocol, "good1");
// Send invalid SASL packet before handshake request
String node2 = "invalid2";
createClientConnection(SecurityProtocol.PLAINTEXT, node2);
random.nextBytes(bytes);
selector.send(new NetworkSend(node2, ByteBufferSend.sizePrefixed(ByteBuffer.wrap(bytes))));
NetworkTestUtils.waitForChannelClose(selector, node2, ChannelState.READY.state());
selector.close();
// Test good connection still works
createAndCheckClientConnection(securityProtocol, "good2");
}
Also used :
Random(java.util.Random)
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
NetworkSend(org.apache.kafka.common.network.NetworkSend)
Test(org.junit.jupiter.api.Test)
Example 93 with SecurityProtocol
use of org.apache.kafka.common.security.auth.SecurityProtocol in project kafka by apache.
the class SaslAuthenticatorTest method testValidApiVersionsRequest.
/**
* Tests that valid ApiVersionRequest is handled by the server correctly and
* returns an NONE error.
*/
@Test
public void testValidApiVersionsRequest() throws Exception {
short handshakeVersion = ApiKeys.SASL_HANDSHAKE.latestVersion();
SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
server = createEchoServer(securityProtocol);
// Send ApiVersionsRequest with valid version and validate error response.
String node = "1";
short version = ApiKeys.API_VERSIONS.latestVersion();
createClientConnection(SecurityProtocol.PLAINTEXT, node);
RequestHeader header = new RequestHeader(ApiKeys.API_VERSIONS, version, "someclient", 1);
ApiVersionsRequest request = new ApiVersionsRequest.Builder().build(version);
selector.send(new NetworkSend(node, request.toSend(header)));
ByteBuffer responseBuffer = waitForResponse();
ResponseHeader.parse(responseBuffer, ApiKeys.API_VERSIONS.responseHeaderVersion(version));
ApiVersionsResponse response = ApiVersionsResponse.parse(responseBuffer, version);
assertEquals(Errors.NONE.code(), response.data().errorCode());
// Test that client can authenticate successfully
sendHandshakeRequestReceiveResponse(node, handshakeVersion);
authenticateUsingSaslPlainAndCheckConnection(node, handshakeVersion > 0);
}
Also used :
ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse)
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
RequestHeader(org.apache.kafka.common.requests.RequestHeader)
NetworkSend(org.apache.kafka.common.network.NetworkSend)
ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest)
ByteBuffer(java.nio.ByteBuffer)
Test(org.junit.jupiter.api.Test)
Example 94 with SecurityProtocol
use of org.apache.kafka.common.security.auth.SecurityProtocol in project kafka by apache.
the class SaslAuthenticatorFailureDelayTest method testInvalidPasswordSaslScram.
/**
* Tests that SASL/SCRAM clients with invalid password fail authentication with
* connection close delay if configured.
*/
@Test
public void testInvalidPasswordSaslScram() throws Exception {
String node = "0";
SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
TestJaasConfig jaasConfig = configureMechanisms("SCRAM-SHA-256", Collections.singletonList("SCRAM-SHA-256"));
jaasConfig.setClientOptions("SCRAM-SHA-256", TestJaasConfig.USERNAME, "invalidpassword");
server = createEchoServer(securityProtocol);
createAndCheckClientAuthenticationFailure(securityProtocol, node, "SCRAM-SHA-256", null);
server.verifyAuthenticationMetrics(0, 1);
}
Also used :
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
Test(org.junit.jupiter.api.Test)
Example 95 with SecurityProtocol
use of org.apache.kafka.common.security.auth.SecurityProtocol in project kafka by apache.
the class SaslAuthenticatorFailureDelayTest method testInvalidPasswordSaslPlain.
/**
* Tests that SASL/PLAIN clients with invalid password fail authentication.
*/
@Test
public void testInvalidPasswordSaslPlain() throws Exception {
String node = "0";
SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
TestJaasConfig jaasConfig = configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
jaasConfig.setClientOptions("PLAIN", TestJaasConfig.USERNAME, "invalidpassword");
server = createEchoServer(securityProtocol);
createAndCheckClientAuthenticationFailure(securityProtocol, node, "PLAIN", "Authentication failed: Invalid username or password");
server.verifyAuthenticationMetrics(0, 1);
}
Also used :
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
Test(org.junit.jupiter.api.Test)
Aggregations
SecurityProtocol (org.apache.kafka.common.security.auth.SecurityProtocol)106
Test (org.junit.jupiter.api.Test)50
Test (org.junit.Test)29
HashMap (java.util.HashMap)22
InetSocketAddress (java.net.InetSocketAddress)14
NetworkSend (org.apache.kafka.common.network.NetworkSend)11
RequestHeader (org.apache.kafka.common.requests.RequestHeader)11
IOException (java.io.IOException)10
PlainLoginModule (org.apache.kafka.common.security.plain.PlainLoginModule)10
TestSecurityConfig (org.apache.kafka.common.security.TestSecurityConfig)9
ScramLoginModule (org.apache.kafka.common.security.scram.ScramLoginModule)9
File (java.io.File)8
ByteBuffer (java.nio.ByteBuffer)8
Properties (java.util.Properties)8
ApiVersionsRequest (org.apache.kafka.common.requests.ApiVersionsRequest)7
ApiVersionsResponse (org.apache.kafka.common.requests.ApiVersionsResponse)7
LogContext (org.apache.kafka.common.utils.LogContext)6
Random (java.util.Random)5
Password (org.apache.kafka.common.config.types.Password)5
ListenerName (org.apache.kafka.common.network.ListenerName)5
