Search in sources :

Example 1 with SslFactory

use of org.apache.kafka.common.security.ssl.SslFactory in project kafka by apache.

the class SslChannelBuilder method configure.

public void configure(Map<String, ?> configs) throws KafkaException {
    try {
        this.configs = configs;
        this.sslFactory = new SslFactory(mode);
        this.sslFactory.configure(this.configs);
        this.principalBuilder = ChannelBuilders.createPrincipalBuilder(configs);
    } catch (Exception e) {
        throw new KafkaException(e);
    }
}
Also used : KafkaException(org.apache.kafka.common.KafkaException) SslFactory(org.apache.kafka.common.security.ssl.SslFactory) KafkaException(org.apache.kafka.common.KafkaException) IOException(java.io.IOException)

Example 2 with SslFactory

use of org.apache.kafka.common.security.ssl.SslFactory in project kafka by apache.

the class SaslChannelBuilder method configure.

public void configure(Map<String, ?> configs) throws KafkaException {
    try {
        this.configs = configs;
        boolean hasKerberos;
        if (mode == Mode.SERVER) {
            List<String> enabledMechanisms = (List<String>) this.configs.get(SaslConfigs.SASL_ENABLED_MECHANISMS);
            hasKerberos = enabledMechanisms == null || enabledMechanisms.contains(SaslConfigs.GSSAPI_MECHANISM);
        } else {
            hasKerberos = clientSaslMechanism.equals(SaslConfigs.GSSAPI_MECHANISM);
        }
        if (hasKerberos) {
            String defaultRealm;
            try {
                defaultRealm = defaultKerberosRealm();
            } catch (Exception ke) {
                defaultRealm = "";
            }
            @SuppressWarnings("unchecked") List<String> principalToLocalRules = (List<String>) configs.get(SaslConfigs.SASL_KERBEROS_PRINCIPAL_TO_LOCAL_RULES);
            if (principalToLocalRules != null)
                kerberosShortNamer = KerberosShortNamer.fromUnparsedRules(defaultRealm, principalToLocalRules);
        }
        this.loginManager = LoginManager.acquireLoginManager(jaasContext, hasKerberos, configs);
        if (this.securityProtocol == SecurityProtocol.SASL_SSL) {
            // Disable SSL client authentication as we are using SASL authentication
            this.sslFactory = new SslFactory(mode, "none");
            this.sslFactory.configure(configs);
        }
    } catch (Exception e) {
        throw new KafkaException(e);
    }
}
Also used : List(java.util.List) KafkaException(org.apache.kafka.common.KafkaException) KafkaException(org.apache.kafka.common.KafkaException) IOException(java.io.IOException) InvocationTargetException(java.lang.reflect.InvocationTargetException) SslFactory(org.apache.kafka.common.security.ssl.SslFactory)

Example 3 with SslFactory

use of org.apache.kafka.common.security.ssl.SslFactory in project kafka by apache.

the class SslSelectorTest method testRenegotiation.

/**
     * Tests that SSL renegotiation initiated by the server are handled correctly by the client
     * @throws Exception
     */
@Test
public void testRenegotiation() throws Exception {
    ChannelBuilder channelBuilder = new SslChannelBuilder(Mode.CLIENT) {

        @Override
        protected SslTransportLayer buildTransportLayer(SslFactory sslFactory, String id, SelectionKey key) throws IOException {
            SocketChannel socketChannel = (SocketChannel) key.channel();
            SslTransportLayer transportLayer = new SslTransportLayer(id, key, sslFactory.createSslEngine(socketChannel.socket().getInetAddress().getHostName(), socketChannel.socket().getPort()), true);
            transportLayer.startHandshake();
            return transportLayer;
        }
    };
    channelBuilder.configure(sslClientConfigs);
    Selector selector = new Selector(5000, metrics, time, "MetricGroup2", channelBuilder);
    try {
        int reqs = 500;
        String node = "0";
        // create connections
        InetSocketAddress addr = new InetSocketAddress("localhost", server.port);
        selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
        // send echo requests and receive responses
        int requests = 0;
        int responses = 0;
        int renegotiates = 0;
        while (!selector.isChannelReady(node)) {
            selector.poll(1000L);
        }
        selector.send(createSend(node, node + "-" + 0));
        requests++;
        // loop until we complete all requests
        while (responses < reqs) {
            selector.poll(0L);
            if (responses >= 100 && renegotiates == 0) {
                renegotiates++;
                server.renegotiate();
            }
            assertEquals("No disconnects should have occurred.", 0, selector.disconnected().size());
            // handle any responses we may have gotten
            for (NetworkReceive receive : selector.completedReceives()) {
                String[] pieces = asString(receive).split("-");
                assertEquals("Should be in the form 'conn-counter'", 2, pieces.length);
                assertEquals("Check the source", receive.source(), pieces[0]);
                assertEquals("Check that the receive has kindly been rewound", 0, receive.payload().position());
                assertEquals("Check the request counter", responses, Integer.parseInt(pieces[1]));
                responses++;
            }
            // prepare new sends for the next round
            for (int i = 0; i < selector.completedSends().size() && requests < reqs && selector.isChannelReady(node); i++, requests++) {
                selector.send(createSend(node, node + "-" + requests));
            }
        }
    } finally {
        selector.close();
    }
}
Also used : SelectionKey(java.nio.channels.SelectionKey) SocketChannel(java.nio.channels.SocketChannel) InetSocketAddress(java.net.InetSocketAddress) SslFactory(org.apache.kafka.common.security.ssl.SslFactory) Test(org.junit.Test)

Aggregations

SslFactory (org.apache.kafka.common.security.ssl.SslFactory)3 IOException (java.io.IOException)2 KafkaException (org.apache.kafka.common.KafkaException)2 InvocationTargetException (java.lang.reflect.InvocationTargetException)1 InetSocketAddress (java.net.InetSocketAddress)1 SelectionKey (java.nio.channels.SelectionKey)1 SocketChannel (java.nio.channels.SocketChannel)1 List (java.util.List)1 Test (org.junit.Test)1