Example 11 with SecurityProtocol
use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.
the class SaslAuthenticatorTest method testInvalidMechanism.
/**
* Tests that clients using invalid SASL mechanisms fail authentication.
*/
@Test
public void testInvalidMechanism() throws Exception {
String node = "0";
SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
saslClientConfigs.put(SaslConfigs.SASL_MECHANISM, "INVALID");
server = createEchoServer(securityProtocol);
createAndCheckClientConnectionFailure(securityProtocol, node);
server.verifyAuthenticationMetrics(0, 1);
}
Also used :
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
Test(org.junit.Test)
Example 12 with SecurityProtocol
use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.
the class SaslAuthenticatorTest method testValidSaslPlainOverSsl.
/**
* Tests good path SASL/PLAIN client and server channels using SSL transport layer.
*/
@Test
public void testValidSaslPlainOverSsl() throws Exception {
String node = "0";
SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
server = createEchoServer(securityProtocol);
createAndCheckClientConnection(securityProtocol, node);
server.verifyAuthenticationMetrics(1, 0);
}
Also used :
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
Test(org.junit.Test)
Example 13 with SecurityProtocol
use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.
the class SaslAuthenticatorTest method testInvalidLoginModule.
/**
* Tests that connections cannot be created if the login module class is unavailable.
*/
@Test
public void testInvalidLoginModule() throws Exception {
TestJaasConfig jaasConfig = configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
jaasConfig.createOrUpdateEntry(TestJaasConfig.LOGIN_CONTEXT_CLIENT, "InvalidLoginModule", TestJaasConfig.defaultClientOptions());
SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
server = createEchoServer(securityProtocol);
try {
createSelector(securityProtocol, saslClientConfigs);
fail("SASL/PLAIN channel created without valid login module");
} catch (KafkaException e) {
// Expected exception
}
}
Also used :
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
KafkaException(org.apache.kafka.common.KafkaException)
Test(org.junit.Test)
Example 14 with SecurityProtocol
use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.
the class SaslAuthenticatorTest method testPacketSizeTooBig.
/**
* Tests that packets that are too big during Kafka SASL handshake request flow
* or the actual SASL authentication flow result in authentication failure
* and do not cause any failures in the server.
*/
@Test
public void testPacketSizeTooBig() throws Exception {
SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
server = createEchoServer(securityProtocol);
// Send SASL packet with large size after valid handshake request
String node1 = "invalid1";
createClientConnection(SecurityProtocol.PLAINTEXT, node1);
sendHandshakeRequestReceiveResponse(node1, (short) 1);
ByteBuffer buffer = ByteBuffer.allocate(1024);
buffer.putInt(Integer.MAX_VALUE);
buffer.put(new byte[buffer.capacity() - 4]);
buffer.rewind();
selector.send(new NetworkSend(node1, buffer));
NetworkTestUtils.waitForChannelClose(selector, node1, ChannelState.READY.state());
selector.close();
// Test good connection still works
createAndCheckClientConnection(securityProtocol, "good1");
// Send packet with large size before handshake request
String node2 = "invalid2";
createClientConnection(SecurityProtocol.PLAINTEXT, node2);
buffer.clear();
buffer.putInt(Integer.MAX_VALUE);
buffer.put(new byte[buffer.capacity() - 4]);
buffer.rewind();
selector.send(new NetworkSend(node2, buffer));
NetworkTestUtils.waitForChannelClose(selector, node2, ChannelState.READY.state());
selector.close();
// Test good connection still works
createAndCheckClientConnection(securityProtocol, "good2");
}
Also used :
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
NetworkSend(org.apache.kafka.common.network.NetworkSend)
ByteBuffer(java.nio.ByteBuffer)
Test(org.junit.Test)
Example 15 with SecurityProtocol
use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.
the class SaslAuthenticatorTest method testApiVersionsRequestWithUnsupportedVersion.
/**
* Tests that unsupported version of ApiVersionsRequest before SASL handshake request
* returns error response and does not result in authentication failure. This test
* is similar to {@link #testUnauthenticatedApiVersionsRequest(SecurityProtocol, short)}
* where a non-SASL client is used to send requests that are processed by
* {@link SaslServerAuthenticator} of the server prior to client authentication.
*/
@Test
public void testApiVersionsRequestWithUnsupportedVersion() throws Exception {
short handshakeVersion = ApiKeys.SASL_HANDSHAKE.latestVersion();
SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
server = createEchoServer(securityProtocol);
// Send ApiVersionsRequest with unsupported version and validate error response.
String node = "1";
createClientConnection(SecurityProtocol.PLAINTEXT, node);
RequestHeader header = new RequestHeader(ApiKeys.API_VERSIONS, Short.MAX_VALUE, "someclient", 1);
ApiVersionsRequest request = new ApiVersionsRequest.Builder().build();
selector.send(request.toSend(node, header));
ByteBuffer responseBuffer = waitForResponse();
ResponseHeader.parse(responseBuffer);
ApiVersionsResponse response = ApiVersionsResponse.parse(responseBuffer, (short) 0);
assertEquals(Errors.UNSUPPORTED_VERSION, response.error());
// Send ApiVersionsRequest with a supported version. This should succeed.
sendVersionRequestReceiveResponse(node);
// Test that client can authenticate successfully
sendHandshakeRequestReceiveResponse(node, handshakeVersion);
authenticateUsingSaslPlainAndCheckConnection(node, handshakeVersion > 0);
}
Also used :
ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse)
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
RequestHeader(org.apache.kafka.common.requests.RequestHeader)
ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest)
ByteBuffer(java.nio.ByteBuffer)
Test(org.junit.Test)
Aggregations
SecurityProtocol (org.apache.kafka.common.security.auth.SecurityProtocol)33
Test (org.junit.Test)29
HashMap (java.util.HashMap)8
InetSocketAddress (java.net.InetSocketAddress)5
RequestHeader (org.apache.kafka.common.requests.RequestHeader)4
ScramLoginModule (org.apache.kafka.common.security.scram.ScramLoginModule)4
PlainLoginModule (org.apache.kafka.common.security.plain.PlainLoginModule)3
IOException (java.io.IOException)2
ByteBuffer (java.nio.ByteBuffer)2
KafkaException (org.apache.kafka.common.KafkaException)2
ListenerName (org.apache.kafka.common.network.ListenerName)2
NetworkSend (org.apache.kafka.common.network.NetworkSend)2
ApiVersionsRequest (org.apache.kafka.common.requests.ApiVersionsRequest)2
ApiVersionsResponse (org.apache.kafka.common.requests.ApiVersionsResponse)2
TestSecurityConfig (org.apache.kafka.common.security.TestSecurityConfig)2
SelectionKey (java.nio.channels.SelectionKey)1
ArrayList (java.util.ArrayList)1
LinkedHashMap (java.util.LinkedHashMap)1
Random (java.util.Random)1
TopicPartition (org.apache.kafka.common.TopicPartition)1
