Search in sources :

Example 1 with TokenInformation

use of org.apache.kafka.common.security.token.delegation.TokenInformation in project apache-kafka-on-k8s by banzaicloud.

the class SaslAuthenticatorTest method testTokenAuthenticationOverSaslScram.

@Test
public void testTokenAuthenticationOverSaslScram() throws Exception {
    SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
    TestJaasConfig jaasConfig = configureMechanisms("SCRAM-SHA-256", Arrays.asList("SCRAM-SHA-256"));
    // create jaas config for token auth
    Map<String, Object> options = new HashMap<>();
    String tokenId = "token1";
    String tokenHmac = "abcdefghijkl";
    // tokenId
    options.put("username", tokenId);
    // token hmac
    options.put("password", tokenHmac);
    // enable token authentication
    options.put(ScramLoginModule.TOKEN_AUTH_CONFIG, "true");
    jaasConfig.createOrUpdateEntry(TestJaasConfig.LOGIN_CONTEXT_CLIENT, ScramLoginModule.class.getName(), options);
    server = createEchoServer(securityProtocol);
    // Check invalid tokenId/tokenInfo in tokenCache
    createAndCheckClientConnectionFailure(securityProtocol, "0");
    // Check valid token Info and invalid credentials
    KafkaPrincipal owner = SecurityUtils.parseKafkaPrincipal("User:Owner");
    KafkaPrincipal renewer = SecurityUtils.parseKafkaPrincipal("User:Renewer1");
    TokenInformation tokenInfo = new TokenInformation(tokenId, owner, Collections.singleton(renewer), System.currentTimeMillis(), System.currentTimeMillis(), System.currentTimeMillis());
    server.tokenCache().addToken(tokenId, tokenInfo);
    createAndCheckClientConnectionFailure(securityProtocol, "0");
    // Check with valid token Info and credentials
    updateTokenCredentialCache(tokenId, tokenHmac);
    createAndCheckClientConnection(securityProtocol, "0");
}
Also used : HashMap(java.util.HashMap) ScramLoginModule(org.apache.kafka.common.security.scram.ScramLoginModule) SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) KafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal) TokenInformation(org.apache.kafka.common.security.token.delegation.TokenInformation) Test(org.junit.Test)

Example 2 with TokenInformation

use of org.apache.kafka.common.security.token.delegation.TokenInformation in project apache-kafka-on-k8s by banzaicloud.

the class RequestResponseTest method createDescribeTokenResponse.

private DescribeDelegationTokenResponse createDescribeTokenResponse() {
    List<KafkaPrincipal> renewers = new ArrayList<>();
    renewers.add(SecurityUtils.parseKafkaPrincipal("User:user1"));
    renewers.add(SecurityUtils.parseKafkaPrincipal("User:user2"));
    List<DelegationToken> tokenList = new LinkedList<>();
    TokenInformation tokenInfo1 = new TokenInformation("1", SecurityUtils.parseKafkaPrincipal("User:owner"), renewers, System.currentTimeMillis(), System.currentTimeMillis(), System.currentTimeMillis());
    TokenInformation tokenInfo2 = new TokenInformation("2", SecurityUtils.parseKafkaPrincipal("User:owner1"), renewers, System.currentTimeMillis(), System.currentTimeMillis(), System.currentTimeMillis());
    tokenList.add(new DelegationToken(tokenInfo1, "test".getBytes()));
    tokenList.add(new DelegationToken(tokenInfo2, "test".getBytes()));
    return new DescribeDelegationTokenResponse(20, Errors.NONE, tokenList);
}
Also used : DelegationToken(org.apache.kafka.common.security.token.delegation.DelegationToken) ArrayList(java.util.ArrayList) KafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal) TokenInformation(org.apache.kafka.common.security.token.delegation.TokenInformation) LinkedList(java.util.LinkedList)

Example 3 with TokenInformation

use of org.apache.kafka.common.security.token.delegation.TokenInformation in project apache-kafka-on-k8s by banzaicloud.

the class DescribeDelegationTokenResponse method toStruct.

@Override
protected Struct toStruct(short version) {
    Struct struct = new Struct(ApiKeys.DESCRIBE_DELEGATION_TOKEN.responseSchema(version));
    List<Struct> tokenDetailsStructs = new ArrayList<>(tokens.size());
    struct.set(ERROR_CODE, error.code());
    for (DelegationToken token : tokens) {
        TokenInformation tokenInfo = token.tokenInfo();
        Struct singleRequestStruct = struct.instance(TOKEN_DETAILS_KEY_NAME);
        Struct ownerStruct = singleRequestStruct.instance(OWNER_KEY_NAME);
        ownerStruct.set(PRINCIPAL_TYPE, tokenInfo.owner().getPrincipalType());
        ownerStruct.set(PRINCIPAL_NAME, tokenInfo.owner().getName());
        singleRequestStruct.set(OWNER_KEY_NAME, ownerStruct);
        singleRequestStruct.set(ISSUE_TIMESTAMP_KEY_NAME, tokenInfo.issueTimestamp());
        singleRequestStruct.set(EXPIRY_TIMESTAMP_NAME, tokenInfo.expiryTimestamp());
        singleRequestStruct.set(MAX_TIMESTAMP_NAME, tokenInfo.maxTimestamp());
        singleRequestStruct.set(TOKEN_ID_KEY_NAME, tokenInfo.tokenId());
        singleRequestStruct.set(HMAC_KEY_NAME, ByteBuffer.wrap(token.hmac()));
        Object[] renewersArray = new Object[tokenInfo.renewers().size()];
        int i = 0;
        for (KafkaPrincipal principal : tokenInfo.renewers()) {
            Struct renewerStruct = singleRequestStruct.instance(RENEWERS_KEY_NAME);
            renewerStruct.set(PRINCIPAL_TYPE, principal.getPrincipalType());
            renewerStruct.set(PRINCIPAL_NAME, principal.getName());
            renewersArray[i++] = renewerStruct;
        }
        singleRequestStruct.set(RENEWERS_KEY_NAME, renewersArray);
        tokenDetailsStructs.add(singleRequestStruct);
    }
    struct.set(TOKEN_DETAILS_KEY_NAME, tokenDetailsStructs.toArray());
    struct.setIfExists(THROTTLE_TIME_MS, throttleTimeMs);
    return struct;
}
Also used : DelegationToken(org.apache.kafka.common.security.token.delegation.DelegationToken) ArrayList(java.util.ArrayList) TokenInformation(org.apache.kafka.common.security.token.delegation.TokenInformation) KafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal) Struct(org.apache.kafka.common.protocol.types.Struct)

Aggregations

KafkaPrincipal (org.apache.kafka.common.security.auth.KafkaPrincipal)3 TokenInformation (org.apache.kafka.common.security.token.delegation.TokenInformation)3 ArrayList (java.util.ArrayList)2 DelegationToken (org.apache.kafka.common.security.token.delegation.DelegationToken)2 HashMap (java.util.HashMap)1 LinkedList (java.util.LinkedList)1 Struct (org.apache.kafka.common.protocol.types.Struct)1 SecurityProtocol (org.apache.kafka.common.security.auth.SecurityProtocol)1 ScramLoginModule (org.apache.kafka.common.security.scram.ScramLoginModule)1 Test (org.junit.Test)1