Examples with SslFactory org.apache.kafka.common.security.ssl.SslFactory used on opensource projects

Example 1 with SslFactory

use of org.apache.kafka.common.security.ssl.SslFactory in project kafka by apache.

the class SslChannelBuilder method configure.

public void configure(Map<String, ?> configs) throws KafkaException {
    try {
        this.configs = configs;
        this.sslFactory = new SslFactory(mode);
        this.sslFactory.configure(this.configs);
        this.principalBuilder = ChannelBuilders.createPrincipalBuilder(configs);
    } catch (Exception e) {
        throw new KafkaException(e);
    }
}

Example 2 with SslFactory

use of org.apache.kafka.common.security.ssl.SslFactory in project kafka by apache.

the class SaslChannelBuilder method configure.

public void configure(Map<String, ?> configs) throws KafkaException {
    try {
        this.configs = configs;
        boolean hasKerberos;
        if (mode == Mode.SERVER) {
            List<String> enabledMechanisms = (List<String>) this.configs.get(SaslConfigs.SASL_ENABLED_MECHANISMS);
            hasKerberos = enabledMechanisms == null || enabledMechanisms.contains(SaslConfigs.GSSAPI_MECHANISM);
        } else {
            hasKerberos = clientSaslMechanism.equals(SaslConfigs.GSSAPI_MECHANISM);
        }
        if (hasKerberos) {
            String defaultRealm;
            try {
                defaultRealm = defaultKerberosRealm();
            } catch (Exception ke) {
                defaultRealm = "";
            }
            @SuppressWarnings("unchecked") List<String> principalToLocalRules = (List<String>) configs.get(SaslConfigs.SASL_KERBEROS_PRINCIPAL_TO_LOCAL_RULES);
            if (principalToLocalRules != null)
                kerberosShortNamer = KerberosShortNamer.fromUnparsedRules(defaultRealm, principalToLocalRules);
        }
        this.loginManager = LoginManager.acquireLoginManager(jaasContext, hasKerberos, configs);
        if (this.securityProtocol == SecurityProtocol.SASL_SSL) {
            // Disable SSL client authentication as we are using SASL authentication
            this.sslFactory = new SslFactory(mode, "none");
            this.sslFactory.configure(configs);
        }
    } catch (Exception e) {
        throw new KafkaException(e);
    }
}

Example 3 with SslFactory

use of org.apache.kafka.common.security.ssl.SslFactory in project kafka by apache.

the class SslSelectorTest method testRenegotiation.

/**
     * Tests that SSL renegotiation initiated by the server are handled correctly by the client
     * @throws Exception
     */
@Test
public void testRenegotiation() throws Exception {
    ChannelBuilder channelBuilder = new SslChannelBuilder(Mode.CLIENT) {

        @Override
        protected SslTransportLayer buildTransportLayer(SslFactory sslFactory, String id, SelectionKey key) throws IOException {
            SocketChannel socketChannel = (SocketChannel) key.channel();
            SslTransportLayer transportLayer = new SslTransportLayer(id, key, sslFactory.createSslEngine(socketChannel.socket().getInetAddress().getHostName(), socketChannel.socket().getPort()), true);
            transportLayer.startHandshake();
            return transportLayer;
        }
    };
    channelBuilder.configure(sslClientConfigs);
    Selector selector = new Selector(5000, metrics, time, "MetricGroup2", channelBuilder);
    try {
        int reqs = 500;
        String node = "0";
        // create connections
        InetSocketAddress addr = new InetSocketAddress("localhost", server.port);
        selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
        // send echo requests and receive responses
        int requests = 0;
        int responses = 0;
        int renegotiates = 0;
        while (!selector.isChannelReady(node)) {
            selector.poll(1000L);
        }
        selector.send(createSend(node, node + "-" + 0));
        requests++;
        // loop until we complete all requests
        while (responses < reqs) {
            selector.poll(0L);
            if (responses >= 100 && renegotiates == 0) {
                renegotiates++;
                server.renegotiate();
            }
            assertEquals("No disconnects should have occurred.", 0, selector.disconnected().size());
            // handle any responses we may have gotten
            for (NetworkReceive receive : selector.completedReceives()) {
                String[] pieces = asString(receive).split("-");
                assertEquals("Should be in the form 'conn-counter'", 2, pieces.length);
                assertEquals("Check the source", receive.source(), pieces[0]);
                assertEquals("Check that the receive has kindly been rewound", 0, receive.payload().position());
                assertEquals("Check the request counter", responses, Integer.parseInt(pieces[1]));
                responses++;
            }
            // prepare new sends for the next round
            for (int i = 0; i < selector.completedSends().size() && requests < reqs && selector.isChannelReady(node); i++, requests++) {
                selector.send(createSend(node, node + "-" + requests));
            }
        }
    } finally {
        selector.close();
    }
}