Example 6 with TestJaasConfig
use of org.apache.kafka.common.security.authenticator.TestJaasConfig in project kafka by apache.
the class SaslChannelBuilderTest method createChannelBuilder.
private SaslChannelBuilder createChannelBuilder(SecurityProtocol securityProtocol, String saslMechanism) {
Class<?> loginModule = null;
switch(saslMechanism) {
case "PLAIN":
loginModule = PlainLoginModule.class;
break;
case "SCRAM-SHA-256":
loginModule = ScramLoginModule.class;
break;
case "OAUTHBEARER":
loginModule = OAuthBearerLoginModule.class;
break;
case "GSSAPI":
loginModule = TestGssapiLoginModule.class;
break;
default:
throw new IllegalArgumentException("Unsupported SASL mechanism " + saslMechanism);
}
TestJaasConfig jaasConfig = new TestJaasConfig();
jaasConfig.addEntry("jaasContext", loginModule.getName(), new HashMap<>());
JaasContext jaasContext = new JaasContext("jaasContext", JaasContext.Type.SERVER, jaasConfig, null);
Map<String, JaasContext> jaasContexts = Collections.singletonMap(saslMechanism, jaasContext);
return new SaslChannelBuilder(Mode.CLIENT, jaasContexts, securityProtocol, new ListenerName(saslMechanism), false, saslMechanism, true, null, null, null, Time.SYSTEM, new LogContext(), defaultApiVersionsSupplier());
}
Also used :
JaasContext(org.apache.kafka.common.security.JaasContext)
LogContext(org.apache.kafka.common.utils.LogContext)
TestJaasConfig(org.apache.kafka.common.security.authenticator.TestJaasConfig)
Example 7 with TestJaasConfig
use of org.apache.kafka.common.security.authenticator.TestJaasConfig in project kafka by apache.
the class SaslChannelBuilderTest method testNativeGssapiCredentials.
@Test
public void testNativeGssapiCredentials() throws Exception {
System.setProperty(SaslChannelBuilder.GSS_NATIVE_PROP, "true");
TestJaasConfig jaasConfig = new TestJaasConfig();
jaasConfig.addEntry("jaasContext", TestGssapiLoginModule.class.getName(), new HashMap<>());
JaasContext jaasContext = new JaasContext("jaasContext", JaasContext.Type.SERVER, jaasConfig, null);
Map<String, JaasContext> jaasContexts = Collections.singletonMap("GSSAPI", jaasContext);
GSSManager gssManager = Mockito.mock(GSSManager.class);
GSSName gssName = Mockito.mock(GSSName.class);
Mockito.when(gssManager.createName(Mockito.anyString(), Mockito.any())).thenAnswer(unused -> gssName);
Oid oid = new Oid("1.2.840.113554.1.2.2");
Mockito.when(gssManager.createCredential(gssName, GSSContext.INDEFINITE_LIFETIME, oid, GSSCredential.ACCEPT_ONLY)).thenAnswer(unused -> Mockito.mock(GSSCredential.class));
SaslChannelBuilder channelBuilder1 = createGssapiChannelBuilder(jaasContexts, gssManager);
assertEquals(1, channelBuilder1.subject("GSSAPI").getPrincipals().size());
assertEquals(1, channelBuilder1.subject("GSSAPI").getPrivateCredentials().size());
SaslChannelBuilder channelBuilder2 = createGssapiChannelBuilder(jaasContexts, gssManager);
assertEquals(1, channelBuilder2.subject("GSSAPI").getPrincipals().size());
assertEquals(1, channelBuilder2.subject("GSSAPI").getPrivateCredentials().size());
assertSame(channelBuilder1.subject("GSSAPI"), channelBuilder2.subject("GSSAPI"));
Mockito.verify(gssManager, Mockito.times(1)).createCredential(gssName, GSSContext.INDEFINITE_LIFETIME, oid, GSSCredential.ACCEPT_ONLY);
}
Also used :
GSSName(org.ietf.jgss.GSSName)
JaasContext(org.apache.kafka.common.security.JaasContext)
GSSCredential(org.ietf.jgss.GSSCredential)
GSSManager(org.ietf.jgss.GSSManager)
Oid(org.ietf.jgss.Oid)
TestJaasConfig(org.apache.kafka.common.security.authenticator.TestJaasConfig)
Test(org.junit.jupiter.api.Test)
Example 8 with TestJaasConfig
use of org.apache.kafka.common.security.authenticator.TestJaasConfig in project kafka by apache.
the class OAuthBearerUnsecuredValidatorCallbackHandlerTest method createCallbackHandler.
@SuppressWarnings({ "unchecked", "rawtypes" })
private static OAuthBearerUnsecuredValidatorCallbackHandler createCallbackHandler(Map<String, String> options) {
TestJaasConfig config = new TestJaasConfig();
config.createOrUpdateEntry("KafkaClient", "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule", (Map) options);
OAuthBearerUnsecuredValidatorCallbackHandler callbackHandler = new OAuthBearerUnsecuredValidatorCallbackHandler();
callbackHandler.configure(Collections.emptyMap(), OAuthBearerLoginModule.OAUTHBEARER_MECHANISM, Arrays.asList(config.getAppConfigurationEntry("KafkaClient")[0]));
return callbackHandler;
}
Also used :
TestJaasConfig(org.apache.kafka.common.security.authenticator.TestJaasConfig)
Example 9 with TestJaasConfig
use of org.apache.kafka.common.security.authenticator.TestJaasConfig in project kafka by apache.
the class OAuthBearerUnsecuredLoginCallbackHandlerTest method createCallbackHandler.
@SuppressWarnings({ "unchecked", "rawtypes" })
private static OAuthBearerUnsecuredLoginCallbackHandler createCallbackHandler(Map<String, String> options, MockTime mockTime) {
TestJaasConfig config = new TestJaasConfig();
config.createOrUpdateEntry("KafkaClient", "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule", (Map) options);
OAuthBearerUnsecuredLoginCallbackHandler callbackHandler = new OAuthBearerUnsecuredLoginCallbackHandler();
callbackHandler.time(mockTime);
callbackHandler.configure(Collections.emptyMap(), OAuthBearerLoginModule.OAUTHBEARER_MECHANISM, Arrays.asList(config.getAppConfigurationEntry("KafkaClient")[0]));
return callbackHandler;
}
Also used :
TestJaasConfig(org.apache.kafka.common.security.authenticator.TestJaasConfig)
Aggregations
TestJaasConfig (org.apache.kafka.common.security.authenticator.TestJaasConfig)9
JaasContext (org.apache.kafka.common.security.JaasContext)5
HashMap (java.util.HashMap)2
PlainLoginModule (org.apache.kafka.common.security.plain.PlainLoginModule)2
AppConfigurationEntry (javax.security.auth.login.AppConfigurationEntry)1
OAuthBearerLoginModule (org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule)1
LogContext (org.apache.kafka.common.utils.LogContext)1
GSSCredential (org.ietf.jgss.GSSCredential)1
GSSManager (org.ietf.jgss.GSSManager)1
GSSName (org.ietf.jgss.GSSName)1
Oid (org.ietf.jgss.Oid)1
Before (org.junit.Before)1
BeforeEach (org.junit.jupiter.api.BeforeEach)1
Test (org.junit.jupiter.api.Test)1
