Search in sources :

Example 26 with SecurityProtocol

use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method testMechanismPluggability.

/**
 * Tests that mechanisms that are not supported in Kafka can be plugged in without modifying
 * Kafka code if Sasl client and server providers are available.
 */
@Test
public void testMechanismPluggability() throws Exception {
    String node = "0";
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
    configureMechanisms("DIGEST-MD5", Arrays.asList("DIGEST-MD5"));
    server = createEchoServer(securityProtocol);
    createAndCheckClientConnection(securityProtocol, node);
}
Also used : SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) Test(org.junit.Test)

Example 27 with SecurityProtocol

use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method testInvalidPasswordSaslPlain.

/**
 * Tests that SASL/PLAIN clients with invalid password fail authentication.
 */
@Test
public void testInvalidPasswordSaslPlain() throws Exception {
    String node = "0";
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
    TestJaasConfig jaasConfig = configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
    jaasConfig.setClientOptions("PLAIN", TestJaasConfig.USERNAME, "invalidpassword");
    server = createEchoServer(securityProtocol);
    createAndCheckClientAuthenticationFailure(securityProtocol, node, "PLAIN", "Authentication failed: Invalid username or password");
    server.verifyAuthenticationMetrics(0, 1);
}
Also used : SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) Test(org.junit.Test)

Example 28 with SecurityProtocol

use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method testSaslHandshakeRequestWithUnsupportedVersion.

/**
 * Tests that unsupported version of SASL handshake request returns error
 * response and fails authentication. This test is similar to
 * {@link #testUnauthenticatedApiVersionsRequest(SecurityProtocol, short)}
 * where a non-SASL client is used to send requests that are processed by
 * {@link SaslServerAuthenticator} of the server prior to client authentication.
 */
@Test
public void testSaslHandshakeRequestWithUnsupportedVersion() throws Exception {
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_PLAINTEXT;
    configureMechanisms("PLAIN", Arrays.asList("PLAIN"));
    server = createEchoServer(securityProtocol);
    // Send SaslHandshakeRequest and validate that connection is closed by server.
    String node1 = "invalid1";
    createClientConnection(SecurityProtocol.PLAINTEXT, node1);
    SaslHandshakeRequest request = new SaslHandshakeRequest("PLAIN");
    RequestHeader header = new RequestHeader(ApiKeys.SASL_HANDSHAKE, Short.MAX_VALUE, "someclient", 2);
    selector.send(request.toSend(node1, header));
    // This test uses a non-SASL PLAINTEXT client in order to do manual handshake.
    // So the channel is in READY state.
    NetworkTestUtils.waitForChannelClose(selector, node1, ChannelState.READY.state());
    selector.close();
    // Test good connection still works
    createAndCheckClientConnection(securityProtocol, "good1");
}
Also used : SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) RequestHeader(org.apache.kafka.common.requests.RequestHeader) SaslHandshakeRequest(org.apache.kafka.common.requests.SaslHandshakeRequest) Test(org.junit.Test)

Example 29 with SecurityProtocol

use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method testValidSaslScramSha256.

/**
 * Tests good path SASL/SCRAM-SHA-256 client and server channels.
 */
@Test
public void testValidSaslScramSha256() throws Exception {
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
    configureMechanisms("SCRAM-SHA-256", Arrays.asList("SCRAM-SHA-256"));
    server = createEchoServer(securityProtocol);
    updateScramCredentialCache(TestJaasConfig.USERNAME, TestJaasConfig.PASSWORD);
    createAndCheckClientConnection(securityProtocol, "0");
    server.verifyAuthenticationMetrics(1, 0);
}
Also used : SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) Test(org.junit.Test)

Example 30 with SecurityProtocol

use of org.apache.kafka.common.security.auth.SecurityProtocol in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method testUnknownUserSaslScram.

/**
 * Tests that SASL/SCRAM clients without valid username fail authentication.
 */
@Test
public void testUnknownUserSaslScram() throws Exception {
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
    TestJaasConfig jaasConfig = configureMechanisms("SCRAM-SHA-256", Arrays.asList("SCRAM-SHA-256"));
    Map<String, Object> options = new HashMap<>();
    options.put("username", "unknownUser");
    options.put("password", TestJaasConfig.PASSWORD);
    jaasConfig.createOrUpdateEntry(TestJaasConfig.LOGIN_CONTEXT_CLIENT, ScramLoginModule.class.getName(), options);
    String node = "0";
    server = createEchoServer(securityProtocol);
    updateScramCredentialCache(TestJaasConfig.USERNAME, TestJaasConfig.PASSWORD);
    createAndCheckClientAuthenticationFailure(securityProtocol, node, "SCRAM-SHA-256", null);
    server.verifyAuthenticationMetrics(0, 1);
}
Also used : HashMap(java.util.HashMap) ScramLoginModule(org.apache.kafka.common.security.scram.ScramLoginModule) SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) Test(org.junit.Test)

Aggregations

SecurityProtocol (org.apache.kafka.common.security.auth.SecurityProtocol)33 Test (org.junit.Test)29 HashMap (java.util.HashMap)8 InetSocketAddress (java.net.InetSocketAddress)5 RequestHeader (org.apache.kafka.common.requests.RequestHeader)4 ScramLoginModule (org.apache.kafka.common.security.scram.ScramLoginModule)4 PlainLoginModule (org.apache.kafka.common.security.plain.PlainLoginModule)3 IOException (java.io.IOException)2 ByteBuffer (java.nio.ByteBuffer)2 KafkaException (org.apache.kafka.common.KafkaException)2 ListenerName (org.apache.kafka.common.network.ListenerName)2 NetworkSend (org.apache.kafka.common.network.NetworkSend)2 ApiVersionsRequest (org.apache.kafka.common.requests.ApiVersionsRequest)2 ApiVersionsResponse (org.apache.kafka.common.requests.ApiVersionsResponse)2 TestSecurityConfig (org.apache.kafka.common.security.TestSecurityConfig)2 SelectionKey (java.nio.channels.SelectionKey)1 ArrayList (java.util.ArrayList)1 LinkedHashMap (java.util.LinkedHashMap)1 Random (java.util.Random)1 TopicPartition (org.apache.kafka.common.TopicPartition)1