ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] incubator-ranger git commit: RANGER-1273 - Add tests for Kafka + SASL_SSL + PLAIN
Date Wed, 18 Jan 2017 09:55:40 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/master b2774746c -> 18406ea59


RANGER-1273 - Add tests for Kafka + SASL_SSL + PLAIN

Signed off by Vel.


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/07f0fee7
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/07f0fee7
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/07f0fee7

Branch: refs/heads/master
Commit: 07f0fee7c8cd8355d5c184ae772ac2aa7dd33563
Parents: b277474
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Jan 16 15:09:31 2017 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Jan 18 09:53:13 2017 +0000

----------------------------------------------------------------------
 plugin-kafka/pom.xml                            |  10 +
 .../KafkaRangerAuthorizerSASLSSLTest.java       | 267 +++++++++++++++++++
 .../authorizer/KafkaRangerAuthorizerTest.java   |  54 +---
 .../kafka/authorizer/KafkaTestUtils.java        |  74 +++++
 .../src/test/resources/kafka_plain.jaas         |  13 +
 pom.xml                                         |   1 +
 6 files changed, 371 insertions(+), 48 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/07f0fee7/plugin-kafka/pom.xml
----------------------------------------------------------------------
diff --git a/plugin-kafka/pom.xml b/plugin-kafka/pom.xml
index 05aace2..2f58010 100644
--- a/plugin-kafka/pom.xml
+++ b/plugin-kafka/pom.xml
@@ -103,5 +103,15 @@
                 <filtering>false</filtering>
             </testResource>
         </testResources>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.19.1</version>
+                <configuration>
+                    <reuseForks>false</reuseForks>
+                </configuration>
+            </plugin>
+        </plugins>
     </build>
 </project>

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/07f0fee7/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java
----------------------------------------------------------------------
diff --git a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java
b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java
new file mode 100644
index 0000000..235523b
--- /dev/null
+++ b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerSASLSSLTest.java
@@ -0,0 +1,267 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.authorization.kafka.authorizer;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.math.BigInteger;
+import java.net.ServerSocket;
+import java.security.KeyStore;
+import java.util.Arrays;
+import java.util.Properties;
+import java.util.concurrent.Future;
+
+import org.I0Itec.zkclient.ZkClient;
+import org.I0Itec.zkclient.ZkConnection;
+import org.apache.curator.test.TestingServer;
+import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.kafka.clients.CommonClientConfigs;
+import org.apache.kafka.clients.consumer.ConsumerRecord;
+import org.apache.kafka.clients.consumer.ConsumerRecords;
+import org.apache.kafka.clients.consumer.KafkaConsumer;
+import org.apache.kafka.clients.producer.KafkaProducer;
+import org.apache.kafka.clients.producer.Producer;
+import org.apache.kafka.clients.producer.ProducerRecord;
+import org.apache.kafka.clients.producer.RecordMetadata;
+import org.apache.kafka.common.config.SslConfigs;
+import org.junit.Assert;
+import org.junit.Test;
+
+import kafka.admin.AdminUtils;
+import kafka.admin.RackAwareMode;
+import kafka.server.KafkaConfig;
+import kafka.server.KafkaServerStartable;
+import kafka.utils.ZKStringSerializer$;
+import kafka.utils.ZkUtils;
+
+/**
+ * A simple test that starts a Kafka broker, creates "test" and "dev" topics, sends a message
to them and consumes it. We also plug in a 
+ * CustomAuthorizer that enforces some authorization rules:
+ * 
+ *  - The "IT" group can do anything
+ *  - The "public" group can only "read/describe" on the "test" topic, not "write".
+ * 
+ * Policies available from admin via:
+ * 
+ * http://localhost:6080/service/plugins/policies/download/KafkaTest
+ * 
+ * Clients and services authenticate to Kafka using the SASL SSL protocol as part of this
test.
+ */
+public class KafkaRangerAuthorizerSASLSSLTest {
+    
+    private static KafkaServerStartable kafkaServer;
+    private static TestingServer zkServer;
+    private static int port;
+    private static String serviceKeystorePath;
+    private static String clientKeystorePath;
+    private static String truststorePath;
+    
+    @org.junit.BeforeClass
+    public static void setup() throws Exception {
+    	// JAAS Config file
+        String basedir = System.getProperty("basedir");
+        if (basedir == null) {
+            basedir = new File(".").getCanonicalPath();
+        }
+
+        File f = new File(basedir + "/src/test/resources/kafka_plain.jaas");
+        System.setProperty("java.security.auth.login.config", f.getPath());
+        
+    	// Create keys
+    	String serviceDN = "CN=Service,O=Apache,L=Dublin,ST=Leinster,C=IE";
+    	String clientDN = "CN=Client,O=Apache,L=Dublin,ST=Leinster,C=IE";
+    	
+    	// Create a truststore
+    	KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
+    	keystore.load(null, "security".toCharArray());
+    	
+    	serviceKeystorePath = 
+    			KafkaTestUtils.createAndStoreKey(serviceDN, serviceDN, BigInteger.valueOf(30), 
+    					"sspass", "myservicekey", "skpass", keystore);
+    	clientKeystorePath = 
+    			KafkaTestUtils.createAndStoreKey(clientDN, clientDN, BigInteger.valueOf(31), 
+    					"cspass", "myclientkey", "ckpass", keystore);
+    	
+    	File truststoreFile = File.createTempFile("kafkatruststore", ".jks");
+    	keystore.store(new FileOutputStream(truststoreFile), "security".toCharArray());
+    	truststorePath = truststoreFile.getPath();
+    			
+        zkServer = new TestingServer();
+        
+        // Get a random port
+        ServerSocket serverSocket = new ServerSocket(0);
+        port = serverSocket.getLocalPort();
+        serverSocket.close();
+        
+        final Properties props = new Properties();
+        props.put("broker.id", 1);
+        props.put("host.name", "localhost");
+        props.put("port", port);
+        props.put("log.dir", "/tmp/kafka");
+        props.put("zookeeper.connect", zkServer.getConnectString());
+        props.put("replica.socket.timeout.ms", "1500");
+        props.put("controlled.shutdown.enable", Boolean.TRUE.toString());
+        // Enable SASL_SSL
+        props.put("listeners", "SASL_SSL://localhost:" + port);
+        props.put("security.inter.broker.protocol", "SASL_SSL");
+        props.put("sasl.enabled.mechanisms", "PLAIN");
+        props.put("sasl.mechanism.inter.broker.protocol", "PLAIN");
+        
+        props.put("ssl.keystore.location", serviceKeystorePath);
+        props.put("ssl.keystore.password", "sspass");
+        props.put("ssl.key.password", "skpass");
+        props.put("ssl.truststore.location", truststorePath);
+        props.put("ssl.truststore.password", "security");
+        
+        // Plug in Apache Ranger authorizer
+        props.put("authorizer.class.name", "org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer");
+        
+        // Create users for testing
+        UserGroupInformation.createUserForTesting("alice", new String[] {"IT"});
+        
+        KafkaConfig config = new KafkaConfig(props);
+        kafkaServer = new KafkaServerStartable(config);
+        kafkaServer.startup();
+
+        // Create some topics
+        ZkClient zkClient = new ZkClient(zkServer.getConnectString(), 30000, 30000, ZKStringSerializer$.MODULE$);
+
+        final ZkUtils zkUtils = new ZkUtils(zkClient, new ZkConnection(zkServer.getConnectString()),
false);
+        AdminUtils.createTopic(zkUtils, "test", 1, 1, new Properties(), RackAwareMode.Enforced$.MODULE$);
+        AdminUtils.createTopic(zkUtils, "dev", 1, 1, new Properties(), RackAwareMode.Enforced$.MODULE$);
+    }
+    
+    @org.junit.AfterClass
+    public static void cleanup() throws Exception {
+        if (kafkaServer != null) {
+            kafkaServer.shutdown();
+        }
+        if (zkServer != null) {
+            zkServer.stop();
+        }
+        
+        File clientKeystoreFile = new File(clientKeystorePath);
+        if (clientKeystoreFile.exists()) {
+            clientKeystoreFile.delete();
+        }
+        File serviceKeystoreFile = new File(serviceKeystorePath);
+        if (serviceKeystoreFile.exists()) {
+            serviceKeystoreFile.delete();
+        }
+        File truststoreFile = new File(truststorePath);
+        if (truststoreFile.exists()) {
+            truststoreFile.delete();
+        }
+    }
+    
+    @Test
+    public void testAuthorizedRead() throws Exception {
+        // Create the Producer
+        Properties producerProps = new Properties();
+        producerProps.put("bootstrap.servers", "localhost:" + port);
+        producerProps.put("acks", "all");
+        producerProps.put("key.serializer", "org.apache.kafka.common.serialization.StringSerializer");
+        producerProps.put("value.serializer", "org.apache.kafka.common.serialization.StringSerializer");
+        producerProps.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SASL_SSL");
+        producerProps.put("sasl.mechanism", "PLAIN");
+        
+        producerProps.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, "JKS");
+        producerProps.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, serviceKeystorePath);
+        producerProps.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, "sspass");
+        producerProps.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, "skpass");
+        producerProps.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, truststorePath);
+        producerProps.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, "security");
+        
+        final Producer<String, String> producer = new KafkaProducer<>(producerProps);
+        
+        // Create the Consumer
+        Properties consumerProps = new Properties();
+        consumerProps.put("bootstrap.servers", "localhost:" + port);
+        consumerProps.put("group.id", "test");
+        consumerProps.put("enable.auto.commit", "true");
+        consumerProps.put("auto.offset.reset", "earliest");
+        consumerProps.put("auto.commit.interval.ms", "1000");
+        consumerProps.put("session.timeout.ms", "30000");
+        consumerProps.put("key.deserializer", "org.apache.kafka.common.serialization.StringDeserializer");
+        consumerProps.put("value.deserializer", "org.apache.kafka.common.serialization.StringDeserializer");
+        consumerProps.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SASL_SSL");
+        consumerProps.put("sasl.mechanism", "PLAIN");
+        
+        consumerProps.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, "JKS");
+        consumerProps.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, clientKeystorePath);
+        consumerProps.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, "cspass");
+        consumerProps.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, "ckpass");
+        consumerProps.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, truststorePath);
+        consumerProps.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, "security");
+        
+        final KafkaConsumer<String, String> consumer = new KafkaConsumer<>(consumerProps);
+        consumer.subscribe(Arrays.asList("test"));
+        
+        // Send a message
+        producer.send(new ProducerRecord<String, String>("test", "somekey", "somevalue"));
+        producer.flush();
+        
+        // Poll until we consume it
+        
+        ConsumerRecord<String, String> record = null;
+        for (int i = 0; i < 1000; i++) {
+            ConsumerRecords<String, String> records = consumer.poll(100);
+            if (records.count() > 0) {
+                record = records.iterator().next();
+                break;
+            }
+            Thread.sleep(1000);
+        }
+
+        Assert.assertNotNull(record);
+        Assert.assertEquals("somevalue", record.value());
+
+        producer.close();
+        consumer.close();
+    }
+    
+    @Test
+    public void testAuthorizedWrite() throws Exception {
+        // Create the Producer
+        Properties producerProps = new Properties();
+        producerProps.put("bootstrap.servers", "localhost:" + port);
+        producerProps.put("acks", "all");
+        producerProps.put("key.serializer", "org.apache.kafka.common.serialization.StringSerializer");
+        producerProps.put("value.serializer", "org.apache.kafka.common.serialization.StringSerializer");
+        producerProps.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SASL_SSL");
+        producerProps.put("sasl.mechanism", "PLAIN");
+        
+        producerProps.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, "JKS");
+        producerProps.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, serviceKeystorePath);
+        producerProps.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, "sspass");
+        producerProps.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, "skpass");
+        producerProps.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, truststorePath);
+        producerProps.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, "security");
+        
+        final Producer<String, String> producer = new KafkaProducer<>(producerProps);
+        
+        // Send a message
+        Future<RecordMetadata> record = 
+            producer.send(new ProducerRecord<String, String>("dev", "somekey", "somevalue"));
+        producer.flush();
+        record.get();
+
+        producer.close();
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/07f0fee7/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
----------------------------------------------------------------------
diff --git a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
index 4a4e2b5..80e3144 100644
--- a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
+++ b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaRangerAuthorizerTest.java
@@ -23,14 +23,8 @@ import java.math.BigInteger;
 import java.net.ServerSocket;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
 import java.security.KeyStore;
-import java.security.SecureRandom;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
 import java.util.Arrays;
-import java.util.Date;
 import java.util.Properties;
 import java.util.concurrent.Future;
 
@@ -48,13 +42,6 @@ import org.apache.kafka.clients.producer.Producer;
 import org.apache.kafka.clients.producer.ProducerRecord;
 import org.apache.kafka.clients.producer.RecordMetadata;
 import org.apache.kafka.common.config.SslConfigs;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x500.style.RFC4519Style;
-import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
-import org.bouncycastle.cert.X509v3CertificateBuilder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 import org.junit.Assert;
 import org.junit.Test;
 
@@ -96,8 +83,12 @@ public class KafkaRangerAuthorizerTest {
     	KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
     	keystore.load(null, "security".toCharArray());
     	
-    	serviceKeystorePath = createAndStoreKey(serviceDN, serviceDN, BigInteger.valueOf(30),
"sspass", "myservicekey", "skpass", keystore);
-    	clientKeystorePath = createAndStoreKey(clientDN, clientDN, BigInteger.valueOf(31), "cspass",
"myclientkey", "ckpass", keystore);
+    	serviceKeystorePath = 
+    			KafkaTestUtils.createAndStoreKey(serviceDN, serviceDN, BigInteger.valueOf(30), 
+    					"sspass", "myservicekey", "skpass", keystore);
+    	clientKeystorePath = 
+    			KafkaTestUtils.createAndStoreKey(clientDN, clientDN, BigInteger.valueOf(31), 
+    					"cspass", "myclientkey", "ckpass", keystore);
     	
     	File truststoreFile = File.createTempFile("kafkatruststore", ".jks");
     	keystore.store(new FileOutputStream(truststoreFile), "security".toCharArray());
@@ -175,39 +166,6 @@ public class KafkaRangerAuthorizerTest {
         }
     }
     
-    private static String createAndStoreKey(String subjectName, String issuerName, BigInteger
serial, String keystorePassword,
-    		String keystoreAlias, String keyPassword, KeyStore trustStore) throws Exception {
-    	
-    	// Create KeyPair
-    	KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
-    	keyPairGenerator.initialize(2048, new SecureRandom());
-    	KeyPair keyPair = keyPairGenerator.generateKeyPair();
-    	
-    	Date currentDate = new Date();
-    	Date expiryDate = new Date(currentDate.getTime() + 365L * 24L * 60L * 60L * 1000L);
-    	
-    	// Create X509Certificate
-    	X509v3CertificateBuilder certBuilder =
-    			new X509v3CertificateBuilder(new X500Name(RFC4519Style.INSTANCE, issuerName), serial,
currentDate, expiryDate, 
-    					new X500Name(RFC4519Style.INSTANCE, subjectName), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
-    	ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
-    	X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certBuilder.build(contentSigner));
-    	
-    	// Store Private Key + Certificate in Keystore
-    	KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
-    	keystore.load(null, keystorePassword.toCharArray());
-    	keystore.setKeyEntry(keystoreAlias, keyPair.getPrivate(), keyPassword.toCharArray(),
new Certificate[] {certificate});
-    	
-    	File keystoreFile = File.createTempFile("kafkakeystore", ".jks");
-    	keystore.store(new FileOutputStream(keystoreFile), keystorePassword.toCharArray());
-    	
-    	// Now store the Certificate in the truststore
-    	trustStore.setCertificateEntry(keystoreAlias, certificate);
-    	
-    	return keystoreFile.getPath();
-    	
-    }
-    
     // The "public" group can read from "test"
     @Test
     public void testAuthorizedRead() throws Exception {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/07f0fee7/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaTestUtils.java
----------------------------------------------------------------------
diff --git a/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaTestUtils.java
b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaTestUtils.java
new file mode 100644
index 0000000..3186615
--- /dev/null
+++ b/plugin-kafka/src/test/java/org/apache/ranger/authorization/kafka/authorizer/KafkaTestUtils.java
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.authorization.kafka.authorizer;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.math.BigInteger;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.SecureRandom;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.style.RFC4519Style;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+
+public final class KafkaTestUtils {
+    
+    public static String createAndStoreKey(String subjectName, String issuerName, BigInteger
serial, String keystorePassword,
+    		String keystoreAlias, String keyPassword, KeyStore trustStore) throws Exception {
+    	
+    	// Create KeyPair
+    	KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
+    	keyPairGenerator.initialize(2048, new SecureRandom());
+    	KeyPair keyPair = keyPairGenerator.generateKeyPair();
+    	
+    	Date currentDate = new Date();
+    	Date expiryDate = new Date(currentDate.getTime() + 365L * 24L * 60L * 60L * 1000L);
+    	
+    	// Create X509Certificate
+    	X509v3CertificateBuilder certBuilder =
+    			new X509v3CertificateBuilder(new X500Name(RFC4519Style.INSTANCE, issuerName), serial,
currentDate, expiryDate, 
+    					new X500Name(RFC4519Style.INSTANCE, subjectName), SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
+    	ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
+    	X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certBuilder.build(contentSigner));
+    	
+    	// Store Private Key + Certificate in Keystore
+    	KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
+    	keystore.load(null, keystorePassword.toCharArray());
+    	keystore.setKeyEntry(keystoreAlias, keyPair.getPrivate(), keyPassword.toCharArray(),
new Certificate[] {certificate});
+    	
+    	File keystoreFile = File.createTempFile("kafkakeystore", ".jks");
+    	keystore.store(new FileOutputStream(keystoreFile), keystorePassword.toCharArray());
+    	
+    	// Now store the Certificate in the truststore
+    	trustStore.setCertificateEntry(keystoreAlias, certificate);
+    	
+    	return keystoreFile.getPath();
+    	
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/07f0fee7/plugin-kafka/src/test/resources/kafka_plain.jaas
----------------------------------------------------------------------
diff --git a/plugin-kafka/src/test/resources/kafka_plain.jaas b/plugin-kafka/src/test/resources/kafka_plain.jaas
new file mode 100644
index 0000000..6c090f7
--- /dev/null
+++ b/plugin-kafka/src/test/resources/kafka_plain.jaas
@@ -0,0 +1,13 @@
+KafkaServer {
+            org.apache.kafka.common.security.plain.PlainLoginModule required
+            username="admin"
+            password="password"
+            user_admin="password"
+            user_alice="security";
+};
+
+KafkaClient {
+            org.apache.kafka.common.security.plain.PlainLoginModule required
+            username="alice"
+            password="security";
+};
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/07f0fee7/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 13e5da8..2ad43d5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -578,6 +578,7 @@
                         <exclude>atlassian-ide-plugin.xml</exclude>
                         <exclude>**/.pydevproject</exclude>
                         <exclude>**/derby.log</exclude>
+                        <exclude>**/*.jaas</exclude>
                     </excludes>
                 </configuration>
             </plugin>


Mime
View raw message