@Override public void close() { if (oldPrincipalBuilder != null) oldPrincipalBuilder.close(); }
public String serviceName() { return login.serviceName(); }
public Subject subject() { return login.subject(); }
@Test @SuppressWarnings("deprecation") public void testUseOldPrincipalBuilderForPlaintextIfProvided() throws Exception { TransportLayer transportLayer = mock(TransportLayer.class); Authenticator authenticator = mock(Authenticator.class); PrincipalBuilder oldPrincipalBuilder = mock(PrincipalBuilder.class); when(oldPrincipalBuilder.buildPrincipal(any(), any())).thenReturn(new DummyPrincipal("foo")); DefaultKafkaPrincipalBuilder builder = DefaultKafkaPrincipalBuilder.fromOldPrincipalBuilder(authenticator, transportLayer, oldPrincipalBuilder, null); KafkaPrincipal principal = builder.build(new PlaintextAuthenticationContext( InetAddress.getLocalHost(), SecurityProtocol.PLAINTEXT.name())); assertEquals(KafkaPrincipal.USER_TYPE, principal.getPrincipalType()); assertEquals("foo", principal.getName()); builder.close(); verify(oldPrincipalBuilder).buildPrincipal(transportLayer, authenticator); verify(oldPrincipalBuilder).close(); }
@Test public void testUseSessionPeerPrincipalForSsl() throws Exception { SSLSession session = mock(SSLSession.class); when(session.getPeerPrincipal()).thenReturn(new DummyPrincipal("foo")); DefaultKafkaPrincipalBuilder builder = new DefaultKafkaPrincipalBuilder(null, null); KafkaPrincipal principal = builder.build( new SslAuthenticationContext(session, InetAddress.getLocalHost(), SecurityProtocol.PLAINTEXT.name())); assertEquals(KafkaPrincipal.USER_TYPE, principal.getPrincipalType()); assertEquals("foo", principal.getName()); builder.close(); verify(session, atLeastOnce()).getPeerPrincipal(); }
@Test public void testCreateOldPrincipalBuilder() throws Exception { TransportLayer transportLayer = mock(TransportLayer.class); Authenticator authenticator = mock(Authenticator.class); Map<String, Object> configs = new HashMap<>(); configs.put(BrokerSecurityConfigs.PRINCIPAL_BUILDER_CLASS_CONFIG, OldPrincipalBuilder.class); KafkaPrincipalBuilder builder = ChannelBuilders.createPrincipalBuilder(configs, transportLayer, authenticator, null, null); // test old principal builder is properly configured and delegated to assertTrue(OldPrincipalBuilder.configured); // test delegation KafkaPrincipal principal = builder.build(new PlaintextAuthenticationContext(InetAddress.getLocalHost(), SecurityProtocol.PLAINTEXT.name())); assertEquals(OldPrincipalBuilder.PRINCIPAL_NAME, principal.getName()); assertEquals(KafkaPrincipal.USER_TYPE, principal.getPrincipalType()); }
@Test public void testReturnAnonymousPrincipalForPlaintext() throws Exception { try (DefaultKafkaPrincipalBuilder builder = new DefaultKafkaPrincipalBuilder(null, null)) { assertEquals(KafkaPrincipal.ANONYMOUS, builder.build( new PlaintextAuthenticationContext(InetAddress.getLocalHost(), SecurityProtocol.PLAINTEXT.name()))); } }
@Override public KafkaPrincipal principal() { SaslAuthenticationContext context = new SaslAuthenticationContext(saslServer, securityProtocol, clientAddress(), listenerName.value()); KafkaPrincipal principal = principalBuilder.build(context); if (ScramMechanism.isScram(saslMechanism) && Boolean.parseBoolean((String) saslServer.getNegotiatedProperty(ScramLoginModule.TOKEN_AUTH_CONFIG))) { principal.tokenAuthenticated(true); } return principal; }
public KafkaPrincipal principal() { return new KafkaPrincipal(KafkaPrincipal.USER_TYPE, clientPrincipalName); }
private byte[] clientInitialResponse(String authorizationId, boolean illegalToken, Map<String, String> customExtensions) throws OAuthBearerConfigException, IOException, UnsupportedCallbackException { OAuthBearerTokenCallback callback = new OAuthBearerTokenCallback(); LOGIN_CALLBACK_HANDLER.handle(new Callback[] {callback}); OAuthBearerToken token = callback.token(); String compactSerialization = token.value(); String tokenValue = compactSerialization + (illegalToken ? "AB" : ""); return new OAuthBearerClientInitialResponse(tokenValue, authorizationId, new SaslExtensions(customExtensions)).toBytes(); } }
@Override public void close() { for (LoginManager loginManager : loginManagers.values()) loginManager.release(); loginManagers.clear(); for (AuthenticateCallbackHandler handler : saslCallbackHandlers.values()) handler.close(); }
private LoginManager(JaasContext jaasContext, String saslMechanism, Map<String, ?> configs, LoginMetadata<?> loginMetadata) throws LoginException { this.loginMetadata = loginMetadata; this.login = Utils.newInstance(loginMetadata.loginClass); loginCallbackHandler = Utils.newInstance(loginMetadata.loginCallbackClass); loginCallbackHandler.configure(configs, saslMechanism, jaasContext.configurationEntries()); login.configure(configs, jaasContext.name(), jaasContext.configuration(), loginCallbackHandler); login.login(); }
@SuppressWarnings("deprecation") private static org.apache.kafka.common.security.auth.PrincipalBuilder createPrincipalBuilder( Class<?> principalBuilderClass, Map<String, ?> configs) { org.apache.kafka.common.security.auth.PrincipalBuilder principalBuilder; if (principalBuilderClass == null) principalBuilder = new org.apache.kafka.common.security.auth.DefaultPrincipalBuilder(); else principalBuilder = (org.apache.kafka.common.security.auth.PrincipalBuilder) Utils.newInstance(principalBuilderClass); principalBuilder.configure(configs); return principalBuilder; }
/** Case insensitive lookup by protocol name */ public static SecurityProtocol forName(String name) { return SecurityProtocol.valueOf(name.toUpperCase(Locale.ROOT)); }
public boolean ownerOrRenewer(KafkaPrincipal principal) { return owner.equals(principal) || renewers.contains(principal); }
/** * Converts the SASLExtensions to an OAuth protocol-friendly string */ private String extensionsMessage() { return Utils.mkString(saslExtensions.map(), "", "", "=", SEPARATOR); } }
private void handleExtensionsCallback(SaslExtensionsCallback callback) throws IOException, UnsupportedCallbackException { if (extensions.length > extensionsIndex) { SaslExtensions extension = extensions[extensionsIndex++]; if (extension == RAISE_UNSUPPORTED_CB_EXCEPTION_FLAG) { throw new UnsupportedCallbackException(callback); } callback.extensions(extension); } else throw new IOException("no more extensions"); } }
public String ownerAsString() { return owner.toString(); }
private KafkaPrincipal convertToKafkaPrincipal(Principal principal) { return new KafkaPrincipal(KafkaPrincipal.USER_TYPE, principal.getName()); }
public Collection<String> renewersAsString() { Collection<String> renewerList = new ArrayList<>(); for (KafkaPrincipal renewer : renewers) { renewerList.add(renewer.toString()); } return renewerList; }