Example 1 with AuthenticationTls
use of org.apache.pulsar.client.impl.auth.AuthenticationTls in project incubator-pulsar by apache.
the class ProxyWithAuthorizationTest method createPulsarClient.
@SuppressWarnings("deprecation")
private PulsarClient createPulsarClient(String proxyServiceUrl, ClientBuilder clientBuilder) throws PulsarClientException {
Map<String, String> authParams = Maps.newHashMap();
authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
Authentication authTls = new AuthenticationTls();
authTls.configure(authParams);
return clientBuilder.serviceUrl(proxyServiceUrl).statsInterval(0, TimeUnit.SECONDS).tlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH).allowTlsInsecureConnection(true).authentication(authTls).enableTls(true).build();
}
Also used :
AuthenticationTls(org.apache.pulsar.client.impl.auth.AuthenticationTls)
Authentication(org.apache.pulsar.client.api.Authentication)
Example 2 with AuthenticationTls
use of org.apache.pulsar.client.impl.auth.AuthenticationTls in project incubator-pulsar by apache.
the class ProxyWithoutServiceDiscoveryTest method testDiscoveryService.
/**
* <pre>
* It verifies e2e tls + Authentication + Authorization (client -> proxy -> broker>
*
* 1. client connects to proxy over tls and pass auth-data
* 2. proxy authenticate client and retrieve client-role
* and send it to broker as originalPrincipal over tls
* 3. client creates producer/consumer via proxy
* 4. broker authorize producer/consumer create request using originalPrincipal
*
* </pre>
*
* @throws Exception
*/
@Test
public void testDiscoveryService() throws Exception {
log.info("-- Starting {} test --", methodName);
final String proxyServiceUrl = "pulsar://localhost:" + proxyConfig.getServicePortTls();
Map<String, String> authParams = Maps.newHashMap();
authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
Authentication authTls = new AuthenticationTls();
authTls.configure(authParams);
// create a client which connects to proxy over tls and pass authData
PulsarClient proxyClient = createPulsarClient(authTls, proxyServiceUrl);
admin.properties().createProperty("my-property", new PropertyAdmin(Lists.newArrayList("appid1", "appid2"), Sets.newHashSet("without-service-discovery")));
admin.namespaces().createNamespace("my-property/without-service-discovery/my-ns");
Consumer<byte[]> consumer = proxyClient.newConsumer().topic("persistent://my-property/without-service-discovery/my-ns/my-topic1").subscriptionName("my-subscriber-name").subscribe();
Producer<byte[]> producer = proxyClient.newProducer().topic("persistent://my-property/without-service-discovery/my-ns/my-topic1").create();
final int msgs = 10;
for (int i = 0; i < msgs; i++) {
String message = "my-message-" + i;
producer.send(message.getBytes());
}
Message<byte[]> msg = null;
Set<String> messageSet = Sets.newHashSet();
int count = 0;
for (int i = 0; i < 10; i++) {
msg = consumer.receive(5, TimeUnit.SECONDS);
String receivedMessage = new String(msg.getData());
log.debug("Received message: [{}]", receivedMessage);
String expectedMessage = "my-message-" + i;
testMessageOrderAndDuplicates(messageSet, receivedMessage, expectedMessage);
count++;
}
// Acknowledge the consumption of all messages at once
Assert.assertEquals(msgs, count);
consumer.acknowledgeCumulative(msg);
consumer.close();
log.info("-- Exiting {} test --", methodName);
}
Also used :
AuthenticationTls(org.apache.pulsar.client.impl.auth.AuthenticationTls)
PropertyAdmin(org.apache.pulsar.common.policies.data.PropertyAdmin)
Authentication(org.apache.pulsar.client.api.Authentication)
PulsarClient(org.apache.pulsar.client.api.PulsarClient)
Test(org.testng.annotations.Test)
Example 3 with AuthenticationTls
use of org.apache.pulsar.client.impl.auth.AuthenticationTls in project incubator-pulsar by apache.
the class AuthenticatedProducerConsumerTest method testAnonymousSyncProducerAndConsumer.
@Test(dataProvider = "batch")
public void testAnonymousSyncProducerAndConsumer(int batchMessageDelayMs) throws Exception {
log.info("-- Starting {} test --", methodName);
Map<String, String> authParams = new HashMap<>();
authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
Authentication authTls = new AuthenticationTls();
authTls.configure(authParams);
internalSetup(authTls);
admin.clusters().createCluster("use", new ClusterData(brokerUrl.toString(), brokerUrlTls.toString(), "pulsar://localhost:" + BROKER_PORT, "pulsar+ssl://localhost:" + BROKER_PORT_TLS));
admin.properties().createProperty("my-property", new PropertyAdmin(Lists.newArrayList("anonymousUser"), Sets.newHashSet("use")));
// make a PulsarAdmin instance as "anonymousUser" for http request
admin.close();
ClientConfiguration clientConf = new ClientConfiguration();
clientConf.setOperationTimeout(1, TimeUnit.SECONDS);
admin = spy(new PulsarAdmin(brokerUrl, clientConf));
admin.namespaces().createNamespace("my-property/use/my-ns");
admin.persistentTopics().grantPermission("persistent://my-property/use/my-ns/my-topic", "anonymousUser", EnumSet.allOf(AuthAction.class));
// setup the client
pulsarClient.close();
pulsarClient = PulsarClient.builder().serviceUrl("pulsar://localhost:" + BROKER_PORT).operationTimeout(1, TimeUnit.SECONDS).build();
// unauthorized topic test
Exception pulsarClientException = null;
try {
pulsarClient.newConsumer().topic("persistent://my-property/use/my-ns/other-topic").subscriptionName("my-subscriber-name").subscribe();
} catch (Exception e) {
pulsarClientException = e;
}
Assert.assertTrue(pulsarClientException instanceof PulsarClientException);
testSyncProducerAndConsumer(batchMessageDelayMs);
log.info("-- Exiting {} test --", methodName);
}
Also used :
AuthenticationTls(org.apache.pulsar.client.impl.auth.AuthenticationTls)
ClusterData(org.apache.pulsar.common.policies.data.ClusterData)
PropertyAdmin(org.apache.pulsar.common.policies.data.PropertyAdmin)
PulsarAdmin(org.apache.pulsar.client.admin.PulsarAdmin)
PulsarAdminException(org.apache.pulsar.client.admin.PulsarAdminException)
InternalServerErrorException(javax.ws.rs.InternalServerErrorException)
AuthAction(org.apache.pulsar.common.policies.data.AuthAction)
Test(org.testng.annotations.Test)
Example 4 with AuthenticationTls
use of org.apache.pulsar.client.impl.auth.AuthenticationTls in project incubator-pulsar by apache.
the class BrokerServiceLookupTest method testDiscoveryLookupTls.
/**
* Verify discovery-service binary-proto lookup using tls
*
* @throws Exception
*/
@SuppressWarnings("deprecation")
@Test
public void testDiscoveryLookupTls() throws Exception {
final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/certificate/server.crt";
final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/certificate/server.key";
final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/certificate/client.crt";
final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/certificate/client.key";
// (1) restart broker1 with tls enabled
conf.setTlsAllowInsecureConnection(true);
conf.setTlsEnabled(true);
conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
stopBroker();
startBroker();
// (2) start discovery service
ServiceConfig config = new ServiceConfig();
config.setServicePort(nextFreePort());
config.setServicePortTls(nextFreePort());
config.setTlsEnabled(true);
config.setBindOnLocalhost(true);
config.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
config.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
DiscoveryService discoveryService = spy(new DiscoveryService(config));
doReturn(mockZooKeeperClientFactory).when(discoveryService).getZooKeeperClientFactory();
discoveryService.start();
// (3) lookup using discovery service
final String discoverySvcUrl = discoveryService.getServiceUrlTls();
Map<String, String> authParams = new HashMap<>();
authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
Authentication auth = new AuthenticationTls();
auth.configure(authParams);
PulsarClient pulsarClient2 = PulsarClient.builder().serviceUrl(discoverySvcUrl).authentication(auth).enableTls(true).allowTlsInsecureConnection(true).build();
Consumer<byte[]> consumer = pulsarClient2.newConsumer().topic("persistent://my-property2/use2/my-ns/my-topic1").subscriptionName("my-subscriber-name").subscribe();
Producer<byte[]> producer = pulsarClient2.newProducer().topic("persistent://my-property2/use2/my-ns/my-topic1").create();
for (int i = 0; i < 10; i++) {
String message = "my-message-" + i;
producer.send(message.getBytes());
}
Message<byte[]> msg = null;
Set<String> messageSet = Sets.newHashSet();
for (int i = 0; i < 10; i++) {
msg = consumer.receive(5, TimeUnit.SECONDS);
String receivedMessage = new String(msg.getData());
log.debug("Received message: [{}]", receivedMessage);
String expectedMessage = "my-message-" + i;
testMessageOrderAndDuplicates(messageSet, receivedMessage, expectedMessage);
}
// Acknowledge the consumption of all messages at once
consumer.acknowledgeCumulative(msg);
consumer.close();
producer.close();
}
Also used :
HashMap(java.util.HashMap)
AuthenticationTls(org.apache.pulsar.client.impl.auth.AuthenticationTls)
ServiceConfig(org.apache.pulsar.discovery.service.server.ServiceConfig)
DiscoveryService(org.apache.pulsar.discovery.service.DiscoveryService)
Test(org.testng.annotations.Test)
Example 5 with AuthenticationTls
use of org.apache.pulsar.client.impl.auth.AuthenticationTls in project incubator-pulsar by apache.
the class BrokerServiceTest method testTlsAuthDisallowInsecure.
@SuppressWarnings("deprecation")
@Test
public void testTlsAuthDisallowInsecure() throws Exception {
final String topicName = "persistent://prop/usw/my-ns/newTopic";
final String subName = "newSub";
Authentication auth;
Set<String> providers = new HashSet<>();
providers.add("org.apache.pulsar.broker.authentication.AuthenticationProviderTls");
conf.setAuthenticationEnabled(true);
conf.setAuthenticationProviders(providers);
conf.setTlsEnabled(true);
conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
conf.setTlsAllowInsecureConnection(false);
restartBroker();
Map<String, String> authParams = new HashMap<>();
authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
PulsarClient pulsarClient = null;
// Case 1: Access without client certificate
try {
pulsarClient = PulsarClient.builder().serviceUrl(brokerUrlTls.toString()).enableTls(true).allowTlsInsecureConnection(true).statsInterval(0, TimeUnit.SECONDS).build();
@Cleanup Consumer<byte[]> consumer = pulsarClient.newConsumer().topic(topicName).subscriptionName(subName).subscribe();
fail("should fail");
} catch (Exception e) {
assertTrue(e.getMessage().contains("Authentication required"));
} finally {
pulsarClient.close();
}
// Case 2: Access with client certificate
try {
auth = new AuthenticationTls();
auth.configure(authParams);
pulsarClient = PulsarClient.builder().authentication(auth).serviceUrl(brokerUrlTls.toString()).enableTls(true).allowTlsInsecureConnection(true).statsInterval(0, TimeUnit.SECONDS).build();
@Cleanup Consumer<byte[]> consumer = pulsarClient.newConsumer().topic(topicName).subscriptionName(subName).subscribe();
fail("should fail");
} catch (Exception e) {
assertTrue(e.getMessage().contains("Authentication required"));
} finally {
pulsarClient.close();
}
}
Also used :
AuthenticationTls(org.apache.pulsar.client.impl.auth.AuthenticationTls)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
HashMap(java.util.HashMap)
Authentication(org.apache.pulsar.client.api.Authentication)
PulsarClient(org.apache.pulsar.client.api.PulsarClient)
Cleanup(lombok.Cleanup)
TimeoutException(java.util.concurrent.TimeoutException)
ManagedLedgerException(org.apache.bookkeeper.mledger.ManagedLedgerException)
IOException(java.io.IOException)
PersistenceException(org.apache.pulsar.broker.service.BrokerServiceException.PersistenceException)
ExecutionException(java.util.concurrent.ExecutionException)
HashSet(java.util.HashSet)
Test(org.testng.annotations.Test)
Aggregations
AuthenticationTls (org.apache.pulsar.client.impl.auth.AuthenticationTls)17
Authentication (org.apache.pulsar.client.api.Authentication)10
Test (org.testng.annotations.Test)10
HashMap (java.util.HashMap)7
PropertyAdmin (org.apache.pulsar.common.policies.data.PropertyAdmin)6
PulsarAdmin (org.apache.pulsar.client.admin.PulsarAdmin)5
PulsarClient (org.apache.pulsar.client.api.PulsarClient)5
ClusterData (org.apache.pulsar.common.policies.data.ClusterData)5
HashSet (java.util.HashSet)4
IOException (java.io.IOException)3
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)3
ExecutionException (java.util.concurrent.ExecutionException)3
TimeoutException (java.util.concurrent.TimeoutException)3
InternalServerErrorException (javax.ws.rs.InternalServerErrorException)3
Cleanup (lombok.Cleanup)3
ManagedLedgerException (org.apache.bookkeeper.mledger.ManagedLedgerException)3
PersistenceException (org.apache.pulsar.broker.service.BrokerServiceException.PersistenceException)3
PulsarAdminException (org.apache.pulsar.client.admin.PulsarAdminException)3
URI (java.net.URI)1
URL (java.net.URL)1
