Examples with AuthenticationDataCommand org.apache.pulsar.broker.authentication.AuthenticationDataCommand used on opensource projects

Example 6 with AuthenticationDataCommand

use of org.apache.pulsar.broker.authentication.AuthenticationDataCommand in project incubator-pulsar by apache.

the class AuthenticationProviderAthenzTest method testAuthenticateSignedTokenWithDifferentDomain.

@Test
public void testAuthenticateSignedTokenWithDifferentDomain() throws Exception {
    List<String> roles = new ArrayList<String>() {

        {
            add("test_role");
        }
    };
    RoleToken token = new RoleToken.Builder("Z1", "invalid", roles).principal("test_app").build();
    String privateKey = new String(Files.readAllBytes(Paths.get("./src/test/resources/zts_private.pem")));
    token.sign(privateKey);
    AuthenticationDataSource authData = new AuthenticationDataCommand(token.getSignedToken(), new InetSocketAddress("localhost", PortManager.nextFreePort()), null);
    try {
        provider.authenticate(authData);
        fail("Token which has different domain should not be authenticated");
    } catch (AuthenticationException e) {
    // OK, expected
    }
}

Example 7 with AuthenticationDataCommand

use of org.apache.pulsar.broker.authentication.AuthenticationDataCommand in project incubator-pulsar by apache.

the class AuthenticationProviderAthenzTest method testAuthenticateSignedToken.

@Test
public void testAuthenticateSignedToken() throws Exception {
    List<String> roles = new ArrayList<String>() {

        {
            add("test_role");
        }
    };
    RoleToken token = new RoleToken.Builder("Z1", "test_provider", roles).principal("test_app").build();
    String privateKey = new String(Files.readAllBytes(Paths.get("./src/test/resources/zts_private.pem")));
    token.sign(privateKey);
    AuthenticationDataSource authData = new AuthenticationDataCommand(token.getSignedToken(), new InetSocketAddress("localhost", PortManager.nextFreePort()), null);
    assertEquals(provider.authenticate(authData), "test_app");
}

Example 8 with AuthenticationDataCommand

use of org.apache.pulsar.broker.authentication.AuthenticationDataCommand in project incubator-pulsar by apache.

the class ServerCnxTest method testConnectCommandWithAuthenticationNegative.

@Test(timeOut = 30000)
public void testConnectCommandWithAuthenticationNegative() throws Exception {
    AuthenticationException e = new AuthenticationException();
    AuthenticationService authenticationService = mock(AuthenticationService.class);
    doReturn(authenticationService).when(brokerService).getAuthenticationService();
    doThrow(e).when(authenticationService).authenticate(new AuthenticationDataCommand(Mockito.anyString()), Mockito.anyString());
    doReturn(true).when(brokerService).isAuthenticationEnabled();
    resetChannel();
    assertTrue(channel.isActive());
    assertEquals(serverCnx.getState(), State.Start);
    // test server response to CONNECT
    ByteBuf clientCommand = Commands.newConnect("none", "", null);
    channel.writeInbound(clientCommand);
    assertEquals(serverCnx.getState(), State.Start);
    assertTrue(getResponse() instanceof CommandError);
    channel.finish();
}

Example 9 with AuthenticationDataCommand

use of org.apache.pulsar.broker.authentication.AuthenticationDataCommand in project incubator-pulsar by apache.

the class ServerCnx method handleConnect.

@Override
protected void handleConnect(CommandConnect connect) {
    checkArgument(state == State.Start);
    if (service.isAuthenticationEnabled()) {
        try {
            String authMethod = "none";
            if (connect.hasAuthMethodName()) {
                authMethod = connect.getAuthMethodName();
            } else if (connect.hasAuthMethod()) {
                // Legacy client is passing enum
                authMethod = connect.getAuthMethod().name().substring(10).toLowerCase();
            }
            String authData = connect.getAuthData().toStringUtf8();
            ChannelHandler sslHandler = ctx.channel().pipeline().get(PulsarChannelInitializer.TLS_HANDLER);
            SSLSession sslSession = null;
            if (sslHandler != null) {
                sslSession = ((SslHandler) sslHandler).engine().getSession();
            }
            originalPrincipal = getOriginalPrincipal(connect.hasOriginalAuthData() ? connect.getOriginalAuthData() : null, connect.hasOriginalAuthMethod() ? connect.getOriginalAuthMethod() : null, connect.hasOriginalPrincipal() ? connect.getOriginalPrincipal() : null, sslSession);
            authenticationData = new AuthenticationDataCommand(authData, remoteAddress, sslSession);
            authRole = getBrokerService().getAuthenticationService().authenticate(authenticationData, authMethod);
            log.info("[{}] Client successfully authenticated with {} role {} and originalPrincipal {}", remoteAddress, authMethod, authRole, originalPrincipal);
        } catch (AuthenticationException e) {
            String msg = "Unable to authenticate";
            log.warn("[{}] {}: {}", remoteAddress, msg, e.getMessage());
            ctx.writeAndFlush(Commands.newError(-1, ServerError.AuthenticationError, msg));
            close();
            return;
        }
    }
    if (log.isDebugEnabled()) {
        log.debug("Received CONNECT from {}", remoteAddress);
    }
    ctx.writeAndFlush(Commands.newConnected(connect.getProtocolVersion()));
    state = State.Connected;
    remoteEndpointProtocolVersion = connect.getProtocolVersion();
    String version = connect.hasClientVersion() ? connect.getClientVersion() : null;
    if (isNotBlank(version) && !version.contains(" ")) /* ignore default version: pulsar client */
    {
        this.clientVersion = version.intern();
    }
}