use of org.apache.kafka.common.security.ssl.SslFactory in project kafka by apache.
the class SslChannelBuilder method configure.
public void configure(Map<String, ?> configs) throws KafkaException {
try {
this.configs = configs;
this.sslFactory = new SslFactory(mode);
this.sslFactory.configure(this.configs);
this.principalBuilder = ChannelBuilders.createPrincipalBuilder(configs);
} catch (Exception e) {
throw new KafkaException(e);
}
}
use of org.apache.kafka.common.security.ssl.SslFactory in project kafka by apache.
the class SaslChannelBuilder method configure.
public void configure(Map<String, ?> configs) throws KafkaException {
try {
this.configs = configs;
boolean hasKerberos;
if (mode == Mode.SERVER) {
List<String> enabledMechanisms = (List<String>) this.configs.get(SaslConfigs.SASL_ENABLED_MECHANISMS);
hasKerberos = enabledMechanisms == null || enabledMechanisms.contains(SaslConfigs.GSSAPI_MECHANISM);
} else {
hasKerberos = clientSaslMechanism.equals(SaslConfigs.GSSAPI_MECHANISM);
}
if (hasKerberos) {
String defaultRealm;
try {
defaultRealm = defaultKerberosRealm();
} catch (Exception ke) {
defaultRealm = "";
}
@SuppressWarnings("unchecked") List<String> principalToLocalRules = (List<String>) configs.get(SaslConfigs.SASL_KERBEROS_PRINCIPAL_TO_LOCAL_RULES);
if (principalToLocalRules != null)
kerberosShortNamer = KerberosShortNamer.fromUnparsedRules(defaultRealm, principalToLocalRules);
}
this.loginManager = LoginManager.acquireLoginManager(jaasContext, hasKerberos, configs);
if (this.securityProtocol == SecurityProtocol.SASL_SSL) {
// Disable SSL client authentication as we are using SASL authentication
this.sslFactory = new SslFactory(mode, "none");
this.sslFactory.configure(configs);
}
} catch (Exception e) {
throw new KafkaException(e);
}
}
use of org.apache.kafka.common.security.ssl.SslFactory in project kafka by apache.
the class SslSelectorTest method testRenegotiation.
/**
* Tests that SSL renegotiation initiated by the server are handled correctly by the client
* @throws Exception
*/
@Test
public void testRenegotiation() throws Exception {
ChannelBuilder channelBuilder = new SslChannelBuilder(Mode.CLIENT) {
@Override
protected SslTransportLayer buildTransportLayer(SslFactory sslFactory, String id, SelectionKey key) throws IOException {
SocketChannel socketChannel = (SocketChannel) key.channel();
SslTransportLayer transportLayer = new SslTransportLayer(id, key, sslFactory.createSslEngine(socketChannel.socket().getInetAddress().getHostName(), socketChannel.socket().getPort()), true);
transportLayer.startHandshake();
return transportLayer;
}
};
channelBuilder.configure(sslClientConfigs);
Selector selector = new Selector(5000, metrics, time, "MetricGroup2", channelBuilder);
try {
int reqs = 500;
String node = "0";
// create connections
InetSocketAddress addr = new InetSocketAddress("localhost", server.port);
selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
// send echo requests and receive responses
int requests = 0;
int responses = 0;
int renegotiates = 0;
while (!selector.isChannelReady(node)) {
selector.poll(1000L);
}
selector.send(createSend(node, node + "-" + 0));
requests++;
// loop until we complete all requests
while (responses < reqs) {
selector.poll(0L);
if (responses >= 100 && renegotiates == 0) {
renegotiates++;
server.renegotiate();
}
assertEquals("No disconnects should have occurred.", 0, selector.disconnected().size());
// handle any responses we may have gotten
for (NetworkReceive receive : selector.completedReceives()) {
String[] pieces = asString(receive).split("-");
assertEquals("Should be in the form 'conn-counter'", 2, pieces.length);
assertEquals("Check the source", receive.source(), pieces[0]);
assertEquals("Check that the receive has kindly been rewound", 0, receive.payload().position());
assertEquals("Check the request counter", responses, Integer.parseInt(pieces[1]));
responses++;
}
// prepare new sends for the next round
for (int i = 0; i < selector.completedSends().size() && requests < reqs && selector.isChannelReady(node); i++, requests++) {
selector.send(createSend(node, node + "-" + requests));
}
}
} finally {
selector.close();
}
}
Aggregations