use of org.apache.kafka.common.security.token.delegation.TokenInformation in project apache-kafka-on-k8s by banzaicloud.
the class SaslAuthenticatorTest method testTokenAuthenticationOverSaslScram.
@Test
public void testTokenAuthenticationOverSaslScram() throws Exception {
SecurityProtocol securityProtocol = SecurityProtocol.SASL_SSL;
TestJaasConfig jaasConfig = configureMechanisms("SCRAM-SHA-256", Arrays.asList("SCRAM-SHA-256"));
// create jaas config for token auth
Map<String, Object> options = new HashMap<>();
String tokenId = "token1";
String tokenHmac = "abcdefghijkl";
// tokenId
options.put("username", tokenId);
// token hmac
options.put("password", tokenHmac);
// enable token authentication
options.put(ScramLoginModule.TOKEN_AUTH_CONFIG, "true");
jaasConfig.createOrUpdateEntry(TestJaasConfig.LOGIN_CONTEXT_CLIENT, ScramLoginModule.class.getName(), options);
server = createEchoServer(securityProtocol);
// Check invalid tokenId/tokenInfo in tokenCache
createAndCheckClientConnectionFailure(securityProtocol, "0");
// Check valid token Info and invalid credentials
KafkaPrincipal owner = SecurityUtils.parseKafkaPrincipal("User:Owner");
KafkaPrincipal renewer = SecurityUtils.parseKafkaPrincipal("User:Renewer1");
TokenInformation tokenInfo = new TokenInformation(tokenId, owner, Collections.singleton(renewer), System.currentTimeMillis(), System.currentTimeMillis(), System.currentTimeMillis());
server.tokenCache().addToken(tokenId, tokenInfo);
createAndCheckClientConnectionFailure(securityProtocol, "0");
// Check with valid token Info and credentials
updateTokenCredentialCache(tokenId, tokenHmac);
createAndCheckClientConnection(securityProtocol, "0");
}
use of org.apache.kafka.common.security.token.delegation.TokenInformation in project apache-kafka-on-k8s by banzaicloud.
the class RequestResponseTest method createDescribeTokenResponse.
private DescribeDelegationTokenResponse createDescribeTokenResponse() {
List<KafkaPrincipal> renewers = new ArrayList<>();
renewers.add(SecurityUtils.parseKafkaPrincipal("User:user1"));
renewers.add(SecurityUtils.parseKafkaPrincipal("User:user2"));
List<DelegationToken> tokenList = new LinkedList<>();
TokenInformation tokenInfo1 = new TokenInformation("1", SecurityUtils.parseKafkaPrincipal("User:owner"), renewers, System.currentTimeMillis(), System.currentTimeMillis(), System.currentTimeMillis());
TokenInformation tokenInfo2 = new TokenInformation("2", SecurityUtils.parseKafkaPrincipal("User:owner1"), renewers, System.currentTimeMillis(), System.currentTimeMillis(), System.currentTimeMillis());
tokenList.add(new DelegationToken(tokenInfo1, "test".getBytes()));
tokenList.add(new DelegationToken(tokenInfo2, "test".getBytes()));
return new DescribeDelegationTokenResponse(20, Errors.NONE, tokenList);
}
use of org.apache.kafka.common.security.token.delegation.TokenInformation in project apache-kafka-on-k8s by banzaicloud.
the class DescribeDelegationTokenResponse method toStruct.
@Override
protected Struct toStruct(short version) {
Struct struct = new Struct(ApiKeys.DESCRIBE_DELEGATION_TOKEN.responseSchema(version));
List<Struct> tokenDetailsStructs = new ArrayList<>(tokens.size());
struct.set(ERROR_CODE, error.code());
for (DelegationToken token : tokens) {
TokenInformation tokenInfo = token.tokenInfo();
Struct singleRequestStruct = struct.instance(TOKEN_DETAILS_KEY_NAME);
Struct ownerStruct = singleRequestStruct.instance(OWNER_KEY_NAME);
ownerStruct.set(PRINCIPAL_TYPE, tokenInfo.owner().getPrincipalType());
ownerStruct.set(PRINCIPAL_NAME, tokenInfo.owner().getName());
singleRequestStruct.set(OWNER_KEY_NAME, ownerStruct);
singleRequestStruct.set(ISSUE_TIMESTAMP_KEY_NAME, tokenInfo.issueTimestamp());
singleRequestStruct.set(EXPIRY_TIMESTAMP_NAME, tokenInfo.expiryTimestamp());
singleRequestStruct.set(MAX_TIMESTAMP_NAME, tokenInfo.maxTimestamp());
singleRequestStruct.set(TOKEN_ID_KEY_NAME, tokenInfo.tokenId());
singleRequestStruct.set(HMAC_KEY_NAME, ByteBuffer.wrap(token.hmac()));
Object[] renewersArray = new Object[tokenInfo.renewers().size()];
int i = 0;
for (KafkaPrincipal principal : tokenInfo.renewers()) {
Struct renewerStruct = singleRequestStruct.instance(RENEWERS_KEY_NAME);
renewerStruct.set(PRINCIPAL_TYPE, principal.getPrincipalType());
renewerStruct.set(PRINCIPAL_NAME, principal.getName());
renewersArray[i++] = renewerStruct;
}
singleRequestStruct.set(RENEWERS_KEY_NAME, renewersArray);
tokenDetailsStructs.add(singleRequestStruct);
}
struct.set(TOKEN_DETAILS_KEY_NAME, tokenDetailsStructs.toArray());
struct.setIfExists(THROTTLE_TIME_MS, throttleTimeMs);
return struct;
}
Aggregations