@Override public KafkaPrincipal principal() { SaslAuthenticationContext context = new SaslAuthenticationContext(saslServer, securityProtocol, clientAddress(), listenerName.value()); KafkaPrincipal principal = principalBuilder.build(context); if (ScramMechanism.isScram(saslMechanism) && Boolean.parseBoolean((String) saslServer.getNegotiatedProperty(ScramLoginModule.TOKEN_AUTH_CONFIG))) { principal.tokenAuthenticated(true); } return principal; }
@Test public void testPrincipalBuilderGssapi() throws Exception { SaslServer server = mock(SaslServer.class); KerberosShortNamer kerberosShortNamer = mock(KerberosShortNamer.class); when(server.getMechanismName()).thenReturn(SaslConfigs.GSSAPI_MECHANISM); when(server.getAuthorizationID()).thenReturn("foo/host@REALM.COM"); when(kerberosShortNamer.shortName(any())).thenReturn("foo"); DefaultKafkaPrincipalBuilder builder = new DefaultKafkaPrincipalBuilder(kerberosShortNamer, null); KafkaPrincipal principal = builder.build(new SaslAuthenticationContext(server, SecurityProtocol.SASL_PLAINTEXT, InetAddress.getLocalHost(), SecurityProtocol.SASL_PLAINTEXT.name())); assertEquals(KafkaPrincipal.USER_TYPE, principal.getPrincipalType()); assertEquals("foo", principal.getName()); builder.close(); verify(server, atLeastOnce()).getMechanismName(); verify(server, atLeastOnce()).getAuthorizationID(); verify(kerberosShortNamer, atLeastOnce()).shortName(any()); }
@Test public void testPrincipalBuilderScram() throws Exception { SaslServer server = mock(SaslServer.class); when(server.getMechanismName()).thenReturn(ScramMechanism.SCRAM_SHA_256.mechanismName()); when(server.getAuthorizationID()).thenReturn("foo"); DefaultKafkaPrincipalBuilder builder = new DefaultKafkaPrincipalBuilder(null, null); KafkaPrincipal principal = builder.build(new SaslAuthenticationContext(server, SecurityProtocol.SASL_PLAINTEXT, InetAddress.getLocalHost(), SecurityProtocol.SASL_PLAINTEXT.name())); assertEquals(KafkaPrincipal.USER_TYPE, principal.getPrincipalType()); assertEquals("foo", principal.getName()); builder.close(); verify(server, atLeastOnce()).getMechanismName(); verify(server, atLeastOnce()).getAuthorizationID(); }