/** * Constructs Principal using configured principalBuilder. * @return the built principal */ @Override public KafkaPrincipal principal() { InetAddress clientAddress = transportLayer.socketChannel().socket().getInetAddress(); // listenerName should only be null in Client mode where principal() should not be called if (listenerName == null) throw new IllegalStateException("Unexpected call to principal() when listenerName is null"); SslAuthenticationContext context = new SslAuthenticationContext( transportLayer.sslSession(), clientAddress, listenerName.value()); return principalBuilder.build(context); }
@Test public void testPrincipalIfSSLPeerIsNotAuthenticated() throws Exception { SSLSession session = mock(SSLSession.class); when(session.getPeerPrincipal()).thenReturn(KafkaPrincipal.ANONYMOUS); DefaultKafkaPrincipalBuilder builder = new DefaultKafkaPrincipalBuilder(null, null); KafkaPrincipal principal = builder.build( new SslAuthenticationContext(session, InetAddress.getLocalHost(), SecurityProtocol.PLAINTEXT.name())); assertEquals(KafkaPrincipal.ANONYMOUS, principal); builder.close(); verify(session, atLeastOnce()).getPeerPrincipal(); }
@Test @SuppressWarnings("deprecation") public void testUseOldPrincipalBuilderForSslIfProvided() throws Exception { TransportLayer transportLayer = mock(TransportLayer.class); Authenticator authenticator = mock(Authenticator.class); PrincipalBuilder oldPrincipalBuilder = mock(PrincipalBuilder.class); SSLSession session = mock(SSLSession.class); when(oldPrincipalBuilder.buildPrincipal(any(), any())) .thenReturn(new DummyPrincipal("foo")); DefaultKafkaPrincipalBuilder builder = DefaultKafkaPrincipalBuilder.fromOldPrincipalBuilder(authenticator, transportLayer, oldPrincipalBuilder, null); KafkaPrincipal principal = builder.build( new SslAuthenticationContext(session, InetAddress.getLocalHost(), SecurityProtocol.PLAINTEXT.name())); assertEquals(KafkaPrincipal.USER_TYPE, principal.getPrincipalType()); assertEquals("foo", principal.getName()); builder.close(); verify(oldPrincipalBuilder).buildPrincipal(transportLayer, authenticator); verify(oldPrincipalBuilder).close(); }
@Test public void testUseSessionPeerPrincipalForSsl() throws Exception { SSLSession session = mock(SSLSession.class); when(session.getPeerPrincipal()).thenReturn(new DummyPrincipal("foo")); DefaultKafkaPrincipalBuilder builder = new DefaultKafkaPrincipalBuilder(null, null); KafkaPrincipal principal = builder.build( new SslAuthenticationContext(session, InetAddress.getLocalHost(), SecurityProtocol.PLAINTEXT.name())); assertEquals(KafkaPrincipal.USER_TYPE, principal.getPrincipalType()); assertEquals("foo", principal.getName()); builder.close(); verify(session, atLeastOnce()).getPeerPrincipal(); }
@Test public void testPrincipalWithSslPrincipalMapper() throws Exception { SSLSession session = mock(SSLSession.class); when(session.getPeerPrincipal()).thenReturn(new X500Principal("CN=Duke, OU=ServiceUsers, O=Org, C=US")) .thenReturn(new X500Principal("CN=Duke, OU=SME, O=mycp, L=Fulton, ST=MD, C=US")) .thenReturn(new X500Principal("CN=duke, OU=JavaSoft, O=Sun Microsystems")) .thenReturn(new X500Principal("OU=JavaSoft, O=Sun Microsystems, C=US")); List<String> rules = Arrays.asList( "RULE:^CN=(.*),OU=ServiceUsers.*$/$1/L", "RULE:^CN=(.*),OU=(.*),O=(.*),L=(.*),ST=(.*),C=(.*)$/$1@$2/L", "RULE:^.*[Cc][Nn]=([a-zA-Z0-9.]*).*$/$1/U", "DEFAULT" ); SslPrincipalMapper mapper = SslPrincipalMapper.fromRules(rules); DefaultKafkaPrincipalBuilder builder = new DefaultKafkaPrincipalBuilder(null, mapper); SslAuthenticationContext sslContext = new SslAuthenticationContext(session, InetAddress.getLocalHost(), SecurityProtocol.PLAINTEXT.name()); KafkaPrincipal principal = builder.build(sslContext); assertEquals("duke", principal.getName()); principal = builder.build(sslContext); assertEquals("duke@sme", principal.getName()); principal = builder.build(sslContext); assertEquals("DUKE", principal.getName()); principal = builder.build(sslContext); assertEquals("OU=JavaSoft,O=Sun Microsystems,C=US", principal.getName()); builder.close(); verify(session, times(4)).getPeerPrincipal(); }