Examples with DefaultKafkaPrincipalBuilder org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder used on opensource projects

Example 6 with DefaultKafkaPrincipalBuilder

use of org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder in project kafka by apache.

the class DefaultKafkaPrincipalBuilderTest method testPrincipalBuilderGssapi.

@Test
public void testPrincipalBuilderGssapi() throws Exception {
    SaslServer server = mock(SaslServer.class);
    KerberosShortNamer kerberosShortNamer = mock(KerberosShortNamer.class);
    when(server.getMechanismName()).thenReturn(SaslConfigs.GSSAPI_MECHANISM);
    when(server.getAuthorizationID()).thenReturn("foo/host@REALM.COM");
    when(kerberosShortNamer.shortName(any())).thenReturn("foo");
    DefaultKafkaPrincipalBuilder builder = new DefaultKafkaPrincipalBuilder(kerberosShortNamer, null);
    KafkaPrincipal principal = builder.build(new SaslAuthenticationContext(server, SecurityProtocol.SASL_PLAINTEXT, InetAddress.getLocalHost(), SecurityProtocol.SASL_PLAINTEXT.name()));
    assertEquals(KafkaPrincipal.USER_TYPE, principal.getPrincipalType());
    assertEquals("foo", principal.getName());
    verify(server, atLeastOnce()).getMechanismName();
    verify(server, atLeastOnce()).getAuthorizationID();
    verify(kerberosShortNamer, atLeastOnce()).shortName(any());
}

Example 7 with DefaultKafkaPrincipalBuilder

use of org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder in project kafka by apache.

the class DefaultKafkaPrincipalBuilderTest method testPrincipalWithSslPrincipalMapper.

@Test
public void testPrincipalWithSslPrincipalMapper() throws Exception {
    SSLSession session = mock(SSLSession.class);
    when(session.getPeerPrincipal()).thenReturn(new X500Principal("CN=Duke, OU=ServiceUsers, O=Org, C=US")).thenReturn(new X500Principal("CN=Duke, OU=SME, O=mycp, L=Fulton, ST=MD, C=US")).thenReturn(new X500Principal("CN=duke, OU=JavaSoft, O=Sun Microsystems")).thenReturn(new X500Principal("OU=JavaSoft, O=Sun Microsystems, C=US"));
    String rules = String.join(", ", "RULE:^CN=(.*),OU=ServiceUsers.*$/$1/L", "RULE:^CN=(.*),OU=(.*),O=(.*),L=(.*),ST=(.*),C=(.*)$/$1@$2/L", "RULE:^.*[Cc][Nn]=([a-zA-Z0-9.]*).*$/$1/U", "DEFAULT");
    SslPrincipalMapper mapper = SslPrincipalMapper.fromRules(rules);
    DefaultKafkaPrincipalBuilder builder = new DefaultKafkaPrincipalBuilder(null, mapper);
    SslAuthenticationContext sslContext = new SslAuthenticationContext(session, InetAddress.getLocalHost(), SecurityProtocol.PLAINTEXT.name());
    KafkaPrincipal principal = builder.build(sslContext);
    assertEquals("duke", principal.getName());
    principal = builder.build(sslContext);
    assertEquals("duke@sme", principal.getName());
    principal = builder.build(sslContext);
    assertEquals("DUKE", principal.getName());
    principal = builder.build(sslContext);
    assertEquals("OU=JavaSoft,O=Sun Microsystems,C=US", principal.getName());
    verify(session, times(4)).getPeerPrincipal();
}

Example 8 with DefaultKafkaPrincipalBuilder

use of org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder in project kafka by apache.

the class DefaultKafkaPrincipalBuilderTest method testReturnAnonymousPrincipalForPlaintext.

@Test
public void testReturnAnonymousPrincipalForPlaintext() throws Exception {
    DefaultKafkaPrincipalBuilder builder = new DefaultKafkaPrincipalBuilder(null, null);
    assertEquals(KafkaPrincipal.ANONYMOUS, builder.build(new PlaintextAuthenticationContext(InetAddress.getLocalHost(), SecurityProtocol.PLAINTEXT.name())));
}

Example 9 with DefaultKafkaPrincipalBuilder

use of org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder in project kafka by apache.

the class DefaultKafkaPrincipalBuilderTest method testUseSessionPeerPrincipalForSsl.

@Test
public void testUseSessionPeerPrincipalForSsl() throws Exception {
    SSLSession session = mock(SSLSession.class);
    when(session.getPeerPrincipal()).thenReturn(new DummyPrincipal("foo"));
    DefaultKafkaPrincipalBuilder builder = new DefaultKafkaPrincipalBuilder(null, null);
    KafkaPrincipal principal = builder.build(new SslAuthenticationContext(session, InetAddress.getLocalHost(), SecurityProtocol.PLAINTEXT.name()));
    assertEquals(KafkaPrincipal.USER_TYPE, principal.getPrincipalType());
    assertEquals("foo", principal.getName());
    verify(session, atLeastOnce()).getPeerPrincipal();
}

Example 10 with DefaultKafkaPrincipalBuilder

use of org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder in project kafka by apache.

the class DefaultKafkaPrincipalBuilderTest method testPrincipalBuilderSerde.

@Test
public void testPrincipalBuilderSerde() throws Exception {
    SaslServer server = mock(SaslServer.class);
    KerberosShortNamer kerberosShortNamer = mock(KerberosShortNamer.class);
    when(server.getMechanismName()).thenReturn(SaslConfigs.GSSAPI_MECHANISM);
    when(server.getAuthorizationID()).thenReturn("foo/host@REALM.COM");
    when(kerberosShortNamer.shortName(any())).thenReturn("foo");
    DefaultKafkaPrincipalBuilder builder = new DefaultKafkaPrincipalBuilder(kerberosShortNamer, null);
    KafkaPrincipal principal = builder.build(new SaslAuthenticationContext(server, SecurityProtocol.SASL_PLAINTEXT, InetAddress.getLocalHost(), SecurityProtocol.SASL_PLAINTEXT.name()));
    assertEquals(KafkaPrincipal.USER_TYPE, principal.getPrincipalType());
    assertEquals("foo", principal.getName());
    byte[] serializedPrincipal = builder.serialize(principal);
    KafkaPrincipal deserializedPrincipal = builder.deserialize(serializedPrincipal);
    assertEquals(principal, deserializedPrincipal);
    verify(server, atLeastOnce()).getMechanismName();
    verify(server, atLeastOnce()).getAuthorizationID();
    verify(kerberosShortNamer, atLeastOnce()).shortName(any());
}