Search in sources :

Example 1 with AwsIamAuthenticationPlugin

use of com.mysql.cj.protocol.a.authentication.AwsIamAuthenticationPlugin in project aws-mysql-jdbc by awslabs.

the class NativeAuthenticationProvider method loadAuthenticationPlugins.

/**
 * Fill the authentication plugins map.
 *
 * Starts by filling the map with instances of the built-in authentication plugins. Then creates instances of plugins listed in the "authenticationPlugins"
 * connection property and adds them to the map too.
 *
 * The key for the map entry is got by {@link AuthenticationPlugin#getProtocolPluginName()} thus it is possible to replace built-in plugins with custom
 * implementations. To do it, the custom plugin should return one of the values "mysql_native_password", "mysql_clear_password", "sha256_password",
 * "caching_sha2_password", "mysql_old_password", "authentication_ldap_sasl_client" or "authentication_kerberos_client" from its own getProtocolPluginName()
 * method.
 */
@SuppressWarnings("unchecked")
private void loadAuthenticationPlugins() {
    // default plugin
    RuntimeProperty<String> defaultAuthenticationPluginProp = this.propertySet.getStringProperty(PropertyKey.defaultAuthenticationPlugin);
    String defaultAuthenticationPluginValue = defaultAuthenticationPluginProp.getValue();
    if (defaultAuthenticationPluginValue == null || "".equals(defaultAuthenticationPluginValue.trim())) {
        throw ExceptionFactory.createException(WrongArgumentException.class, Messages.getString("AuthenticationProvider.BadDefaultAuthenticationPlugin", new Object[] { defaultAuthenticationPluginValue }), getExceptionInterceptor());
    }
    // disabled plugins
    String disabledPlugins = this.propertySet.getStringProperty(PropertyKey.disabledAuthenticationPlugins).getValue();
    List<String> disabledAuthenticationPlugins;
    if (disabledPlugins != null && !"".equals(disabledPlugins)) {
        disabledAuthenticationPlugins = StringUtils.split(disabledPlugins, ",", true);
    } else {
        disabledAuthenticationPlugins = Collections.EMPTY_LIST;
    }
    this.authenticationPlugins = new HashMap<>();
    List<AuthenticationPlugin<NativePacketPayload>> pluginsToInit = new LinkedList<>();
    // built-in plugins
    pluginsToInit.add(new Sha256PasswordPlugin());
    pluginsToInit.add(new CachingSha2PasswordPlugin());
    pluginsToInit.add(new MysqlOldPasswordPlugin());
    pluginsToInit.add(new AuthenticationLdapSaslClientPlugin());
    pluginsToInit.add(new AuthenticationKerberosClient());
    pluginsToInit.add(new AuthenticationOciClient());
    final boolean useAwsIam = this.propertySet.getBooleanProperty(PropertyKey.useAwsIam).getValue();
    if (useAwsIam) {
        try {
            Class.forName("software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider");
        } catch (ClassNotFoundException ex) {
            throw ExceptionFactory.createException(Messages.getString("AuthenticationAwsIamPlugin.MissingSDK"));
        }
        final String host = this.protocol.getSocketConnection().getHost();
        final int port = this.protocol.getSocketConnection().getPort();
        final AwsIamAuthenticationTokenHelper tokenHelper = new AwsIamAuthenticationTokenHelper(host, port, this.propertySet.getStringProperty(PropertyKey.logger).getStringValue());
        pluginsToInit.add(new AwsIamAuthenticationPlugin(tokenHelper));
        pluginsToInit.add(new AwsIamClearAuthenticationPlugin(tokenHelper));
        final String defaultPluginClassName = this.propertySet.getStringProperty(PropertyKey.defaultAuthenticationPlugin).getPropertyDefinition().getDefaultValue();
        if (defaultAuthenticationPluginValue.equals(defaultPluginClassName)) {
            defaultAuthenticationPluginValue = AwsIamAuthenticationPlugin.class.getName();
        }
    } else {
        pluginsToInit.add(new MysqlNativePasswordPlugin());
        pluginsToInit.add(new MysqlClearPasswordPlugin());
    }
    // plugins from authenticationPluginClasses connection parameter
    String authenticationPluginClasses = this.propertySet.getStringProperty(PropertyKey.authenticationPlugins).getValue();
    if (authenticationPluginClasses != null && !"".equals(authenticationPluginClasses.trim())) {
        List<String> pluginsToCreate = StringUtils.split(authenticationPluginClasses, ",", true);
        for (String className : pluginsToCreate) {
            try {
                pluginsToInit.add((AuthenticationPlugin<NativePacketPayload>) Class.forName(className).newInstance());
            } catch (Throwable t) {
                throw ExceptionFactory.createException(WrongArgumentException.class, Messages.getString("AuthenticationProvider.BadAuthenticationPlugin", new Object[] { className }), t, this.exceptionInterceptor);
            }
        }
    }
    // add plugin instances
    boolean defaultFound = false;
    for (AuthenticationPlugin<NativePacketPayload> plugin : pluginsToInit) {
        String pluginProtocolName = plugin.getProtocolPluginName();
        String pluginClassName = plugin.getClass().getName();
        boolean disabledByProtocolName = disabledAuthenticationPlugins.contains(pluginProtocolName);
        boolean disabledByClassName = disabledAuthenticationPlugins.contains(pluginClassName);
        if (disabledByProtocolName || disabledByClassName) {
            // check if the default plugin is disabled
            if (!defaultFound && (defaultAuthenticationPluginValue.equals(pluginProtocolName) || defaultAuthenticationPluginValue.equals(pluginClassName))) {
                throw ExceptionFactory.createException(WrongArgumentException.class, Messages.getString("AuthenticationProvider.BadDisabledAuthenticationPlugin", new Object[] { disabledByClassName ? pluginClassName : pluginProtocolName }), getExceptionInterceptor());
            }
        } else {
            this.authenticationPlugins.put(pluginProtocolName, plugin);
            if (!defaultFound && (defaultAuthenticationPluginValue.equals(pluginProtocolName) || defaultAuthenticationPluginValue.equals(pluginClassName))) {
                this.clientDefaultAuthenticationPluginName = pluginProtocolName;
                this.clientDefaultAuthenticationPluginExplicitelySet = defaultAuthenticationPluginProp.isExplicitlySet();
                defaultFound = true;
            }
        }
    }
    // check if the default plugin is listed
    if (!defaultFound) {
        throw ExceptionFactory.createException(WrongArgumentException.class, Messages.getString("AuthenticationProvider.DefaultAuthenticationPluginIsNotListed", new Object[] { defaultAuthenticationPluginValue }), getExceptionInterceptor());
    }
}
Also used : MysqlOldPasswordPlugin(com.mysql.cj.protocol.a.authentication.MysqlOldPasswordPlugin) AuthenticationKerberosClient(com.mysql.cj.protocol.a.authentication.AuthenticationKerberosClient) WrongArgumentException(com.mysql.cj.exceptions.WrongArgumentException) AuthenticationLdapSaslClientPlugin(com.mysql.cj.protocol.a.authentication.AuthenticationLdapSaslClientPlugin) Sha256PasswordPlugin(com.mysql.cj.protocol.a.authentication.Sha256PasswordPlugin) AuthenticationOciClient(com.mysql.cj.protocol.a.authentication.AuthenticationOciClient) MysqlClearPasswordPlugin(com.mysql.cj.protocol.a.authentication.MysqlClearPasswordPlugin) AwsIamAuthenticationTokenHelper(com.mysql.cj.protocol.a.authentication.AwsIamAuthenticationTokenHelper) LinkedList(java.util.LinkedList) AwsIamClearAuthenticationPlugin(com.mysql.cj.protocol.a.authentication.AwsIamClearAuthenticationPlugin) AuthenticationPlugin(com.mysql.cj.protocol.AuthenticationPlugin) AwsIamClearAuthenticationPlugin(com.mysql.cj.protocol.a.authentication.AwsIamClearAuthenticationPlugin) AwsIamAuthenticationPlugin(com.mysql.cj.protocol.a.authentication.AwsIamAuthenticationPlugin) AwsIamAuthenticationPlugin(com.mysql.cj.protocol.a.authentication.AwsIamAuthenticationPlugin) CachingSha2PasswordPlugin(com.mysql.cj.protocol.a.authentication.CachingSha2PasswordPlugin) MysqlNativePasswordPlugin(com.mysql.cj.protocol.a.authentication.MysqlNativePasswordPlugin)

Aggregations

WrongArgumentException (com.mysql.cj.exceptions.WrongArgumentException)1 AuthenticationPlugin (com.mysql.cj.protocol.AuthenticationPlugin)1 AuthenticationKerberosClient (com.mysql.cj.protocol.a.authentication.AuthenticationKerberosClient)1 AuthenticationLdapSaslClientPlugin (com.mysql.cj.protocol.a.authentication.AuthenticationLdapSaslClientPlugin)1 AuthenticationOciClient (com.mysql.cj.protocol.a.authentication.AuthenticationOciClient)1 AwsIamAuthenticationPlugin (com.mysql.cj.protocol.a.authentication.AwsIamAuthenticationPlugin)1 AwsIamAuthenticationTokenHelper (com.mysql.cj.protocol.a.authentication.AwsIamAuthenticationTokenHelper)1 AwsIamClearAuthenticationPlugin (com.mysql.cj.protocol.a.authentication.AwsIamClearAuthenticationPlugin)1 CachingSha2PasswordPlugin (com.mysql.cj.protocol.a.authentication.CachingSha2PasswordPlugin)1 MysqlClearPasswordPlugin (com.mysql.cj.protocol.a.authentication.MysqlClearPasswordPlugin)1 MysqlNativePasswordPlugin (com.mysql.cj.protocol.a.authentication.MysqlNativePasswordPlugin)1 MysqlOldPasswordPlugin (com.mysql.cj.protocol.a.authentication.MysqlOldPasswordPlugin)1 Sha256PasswordPlugin (com.mysql.cj.protocol.a.authentication.Sha256PasswordPlugin)1 LinkedList (java.util.LinkedList)1