Class: Kafka::Sasl::Gssapi

Inherits:

Object

• Object
• Kafka::Sasl::Gssapi

Defined in:

lib/kafka/sasl/gssapi.rb

Constant Summary

GSSAPI_IDENT =

"GSSAPI"

GSSAPI_CONFIDENTIALITY =

false

Instance Method Summary

• #authenticate!(host, encoder, decoder) ⇒ Object
• #configured? ⇒ Boolean
• #handshake_messages ⇒ Object
• #ident ⇒ Object
• #initialize(logger:, principal:, keytab:) ⇒ Gssapi constructor

  A new instance of Gssapi.

• #initialize_gssapi_context(host) ⇒ Object
• #load_gssapi ⇒ Object
• #send_and_receive_sasl_token ⇒ Object

Constructor Details

#initialize(logger:, principal:, keytab:) ⇒ Gssapi

Returns a new instance of Gssapi.

# File 'lib/kafka/sasl/gssapi.rb', line 9

def initialize(logger:, principal:, keytab:)
  @logger = TaggedLogger.new(logger)
  @principal = principal
  @keytab = keytab
end

Instance Method Details

#authenticate!(host, encoder, decoder) ⇒ Object

# File 'lib/kafka/sasl/gssapi.rb', line 23

def authenticate!(host, encoder, decoder)
  load_gssapi
  initialize_gssapi_context(host)

  @encoder = encoder
  @decoder = decoder

  # send gssapi token and receive token to verify
  token_to_verify = send_and_receive_sasl_token

  # verify incoming token
  unless @gssapi_ctx.init_context(token_to_verify)
    raise Kafka::Error, "GSSAPI context verification failed."
  end

  # we can continue, so send OK
  @encoder.write([0, 2].pack('l>c'))

  # read wrapped message and return it back with principal
  handshake_messages
end

#configured? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/kafka/sasl/gssapi.rb', line 15

def configured?
  @principal && !@principal.empty?
end

#handshake_messages ⇒ Object

Raises:

• (Kafka::Error)

# File 'lib/kafka/sasl/gssapi.rb', line 45

def handshake_messages
  msg = @decoder.bytes
  raise Kafka::Error, "GSSAPI negotiation failed." unless msg
  # unwrap with integrity only
  msg_unwrapped = @gssapi_ctx.unwrap_message(msg, GSSAPI_CONFIDENTIALITY)
  msg_wrapped = @gssapi_ctx.wrap_message(msg_unwrapped + @principal, GSSAPI_CONFIDENTIALITY)
  @encoder.write_bytes(msg_wrapped)
end

#ident ⇒ Object

# File 'lib/kafka/sasl/gssapi.rb', line 19

def ident
  GSSAPI_IDENT
end

#initialize_gssapi_context(host) ⇒ Object

# File 'lib/kafka/sasl/gssapi.rb', line 68

def initialize_gssapi_context(host)
  @logger.debug "GSSAPI: Initializing context with #{host}, principal #{@principal}"

  @gssapi_ctx = GSSAPI::Simple.new(host, @principal, @keytab)
  @gssapi_token = @gssapi_ctx.init_context(nil)
end

#load_gssapi ⇒ Object

# File 'lib/kafka/sasl/gssapi.rb', line 59

def load_gssapi
  begin
    require "gssapi"
  rescue LoadError
    @logger.error "In order to use GSSAPI authentication you need to install the `gssapi` gem."
    raise
  end
end

#send_and_receive_sasl_token ⇒ Object

# File 'lib/kafka/sasl/gssapi.rb', line 54

def send_and_receive_sasl_token
  @encoder.write_bytes(@gssapi_token)
  @decoder.bytes
end