public KafkaPrincipal principal() { return new KafkaPrincipal(KafkaPrincipal.USER_TYPE, clientPrincipalName); }
public void ensurePrincipalUnchanged(KafkaPrincipal reauthenticatedKafkaPrincipal) throws SaslAuthenticationException { if (!previousKafkaPrincipal.equals(reauthenticatedKafkaPrincipal)) { throw new SaslAuthenticationException(String.format( "Cannot change principals during re-authentication from %s.%s: %s.%s", previousKafkaPrincipal.getPrincipalType(), previousKafkaPrincipal.getName(), reauthenticatedKafkaPrincipal.getPrincipalType(), reauthenticatedKafkaPrincipal.getName())); } }
@Test public void testEqualsAndHashCode() { String name = "KafkaUser"; KafkaPrincipal principal1 = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, name); KafkaPrincipal principal2 = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, name); Assert.assertEquals(principal1.hashCode(), principal2.hashCode()); Assert.assertEquals(principal1, principal2); } }
@Override protected Struct toStruct() { short version = version(); Struct struct = new Struct(ApiKeys.CREATE_DELEGATION_TOKEN.requestSchema(version)); Object[] renewersArray = new Object[renewers.size()]; int i = 0; for (KafkaPrincipal principal: renewers) { Struct renewerStruct = struct.instance(RENEWERS_KEY_NAME); renewerStruct.set(PRINCIPAL_TYPE, principal.getPrincipalType()); renewerStruct.set(PRINCIPAL_NAME, principal.getName()); renewersArray[i++] = renewerStruct; } struct.set(RENEWERS_KEY_NAME, renewersArray); struct.set(MAX_LIFE_TIME_KEY_NAME, maxLifeTime); return struct; }
public String owner(String tokenId) { TokenInformation tokenInfo = tokenCache.get(tokenId); return tokenInfo == null ? null : tokenInfo.owner().getName(); }
private void verifyAcls(scala.collection.immutable.Set<Acl> acls) { final Iterator<Acl> iterator = acls.iterator(); while (iterator.hasNext()) { final Acl acl = iterator.next(); assert acl.principal().getPrincipalType().toLowerCase().equals("role") : "Only Acls with KafkaPrincipal of type \"role;\" is supported."; assert acl.permissionType().name().equals(Allow.name()) : "Only Acls with Permission of type \"Allow\" is supported."; } }
public boolean ownerOrRenewer(KafkaPrincipal principal) { return owner.equals(principal) || renewers.contains(principal); }
@Override public int hashCode() { int result = owner != null ? owner.hashCode() : 0; result = 31 * result + (renewers != null ? renewers.hashCode() : 0); result = 31 * result + (int) (issueTimestamp ^ (issueTimestamp >>> 32)); result = 31 * result + (int) (maxTimestamp ^ (maxTimestamp >>> 32)); result = 31 * result + (tokenId != null ? tokenId.hashCode() : 0); return result; } }
private void getSuperUsers(String kafkaSuperUsers) { super_users = new ArrayList<>(); String[] superUsers = kafkaSuperUsers.split(";"); for (String superUser : superUsers) { if (!superUser.isEmpty()) { final String trimmedUser = superUser.trim(); super_users.add(KafkaPrincipal.fromString(trimmedUser)); LOG.debug("Adding " + trimmedUser + " to list of Kafka SuperUsers."); } } }
@Override protected Struct toStruct() { short version = version(); Struct struct = new Struct(ApiKeys.DESCRIBE_DELEGATION_TOKEN.requestSchema(version)); if (owners == null) { struct.set(OWNER_KEY_NAME, null); } else { Object[] ownersArray = new Object[owners.size()]; int i = 0; for (KafkaPrincipal principal: owners) { Struct ownerStruct = struct.instance(OWNER_KEY_NAME); ownerStruct.set(PRINCIPAL_TYPE, principal.getPrincipalType()); ownerStruct.set(PRINCIPAL_NAME, principal.getName()); ownersArray[i++] = ownerStruct; } struct.set(OWNER_KEY_NAME, ownersArray); } return struct; }
@Test public void testPrincipalWithSslPrincipalMapper() throws Exception { SSLSession session = mock(SSLSession.class); when(session.getPeerPrincipal()).thenReturn(new X500Principal("CN=Duke, OU=ServiceUsers, O=Org, C=US")) .thenReturn(new X500Principal("CN=Duke, OU=SME, O=mycp, L=Fulton, ST=MD, C=US")) .thenReturn(new X500Principal("CN=duke, OU=JavaSoft, O=Sun Microsystems")) .thenReturn(new X500Principal("OU=JavaSoft, O=Sun Microsystems, C=US")); List<String> rules = Arrays.asList( "RULE:^CN=(.*),OU=ServiceUsers.*$/$1/L", "RULE:^CN=(.*),OU=(.*),O=(.*),L=(.*),ST=(.*),C=(.*)$/$1@$2/L", "RULE:^.*[Cc][Nn]=([a-zA-Z0-9.]*).*$/$1/U", "DEFAULT" ); SslPrincipalMapper mapper = SslPrincipalMapper.fromRules(rules); DefaultKafkaPrincipalBuilder builder = new DefaultKafkaPrincipalBuilder(null, mapper); SslAuthenticationContext sslContext = new SslAuthenticationContext(session, InetAddress.getLocalHost(), SecurityProtocol.PLAINTEXT.name()); KafkaPrincipal principal = builder.build(sslContext); assertEquals("duke", principal.getName()); principal = builder.build(sslContext); assertEquals("duke@sme", principal.getName()); principal = builder.build(sslContext); assertEquals("DUKE", principal.getName()); principal = builder.build(sslContext); assertEquals("OU=JavaSoft,O=Sun Microsystems,C=US", principal.getName()); builder.close(); verify(session, times(4)).getPeerPrincipal(); }
@Override public boolean equals(Object o) { if (this == o) { return true; } if (o == null || getClass() != o.getClass()) { return false; } TokenInformation that = (TokenInformation) o; if (issueTimestamp != that.issueTimestamp) { return false; } if (maxTimestamp != that.maxTimestamp) { return false; } if (owner != null ? !owner.equals(that.owner) : that.owner != null) { return false; } if (renewers != null ? !renewers.equals(that.renewers) : that.renewers != null) { return false; } return tokenId != null ? tokenId.equals(that.tokenId) : that.tokenId == null; }
@Test public void testPrincipalNameCanContainSeparator() { String name = "name:with:separator:in:it"; KafkaPrincipal principal = SecurityUtils.parseKafkaPrincipal(KafkaPrincipal.USER_TYPE + ":" + name); assertEquals(KafkaPrincipal.USER_TYPE, principal.getPrincipalType()); assertEquals(name, principal.getName()); }
private KafkaPrincipal convertToKafkaPrincipal(Principal principal) { return new KafkaPrincipal(KafkaPrincipal.USER_TYPE, principal.getName()); }
private String getRole(Acl acl) { return acl.principal().getName(); }
private boolean isSuperUser(KafkaPrincipal user) { if (super_users != null) { for (KafkaPrincipal superUser : super_users) { if (superUser.equals(user)) { return true; } } } return false; }
@Test public void testParseKafkaPrincipalWithNonUserPrincipalType() { String name = "foo"; String principalType = "Group"; KafkaPrincipal principal = SecurityUtils.parseKafkaPrincipal(principalType + ":" + name); assertEquals(principalType, principal.getPrincipalType()); assertEquals(name, principal.getName()); }
public static KafkaPrincipal parseKafkaPrincipal(String str) { if (str == null || str.isEmpty()) { throw new IllegalArgumentException("expected a string in format principalType:principalName but got " + str); } String[] split = str.split(":", 2); if (split.length != 2) { throw new IllegalArgumentException("expected a string in format principalType:principalName but got " + str); } return new KafkaPrincipal(split[0], split[1]); }
private String getName(RequestChannel.Session session) { final String principalName = session.principal().getName(); int start = principalName.indexOf("CN="); if (start >= 0) { String tmpName, name = ""; tmpName = principalName.substring(start + 3); int end = tmpName.indexOf(","); if (end > 0) { name = tmpName.substring(0, end); } else { name = tmpName; } return name; } else { return principalName; } } }
@Test public void testCreateOldPrincipalBuilder() throws Exception { TransportLayer transportLayer = mock(TransportLayer.class); Authenticator authenticator = mock(Authenticator.class); Map<String, Object> configs = new HashMap<>(); configs.put(BrokerSecurityConfigs.PRINCIPAL_BUILDER_CLASS_CONFIG, OldPrincipalBuilder.class); KafkaPrincipalBuilder builder = ChannelBuilders.createPrincipalBuilder(configs, transportLayer, authenticator, null, null); // test old principal builder is properly configured and delegated to assertTrue(OldPrincipalBuilder.configured); // test delegation KafkaPrincipal principal = builder.build(new PlaintextAuthenticationContext(InetAddress.getLocalHost(), SecurityProtocol.PLAINTEXT.name())); assertEquals(OldPrincipalBuilder.PRINCIPAL_NAME, principal.getName()); assertEquals(KafkaPrincipal.USER_TYPE, principal.getPrincipalType()); }