Example 1 with AwsIamAuthenticationTokenHelper
use of com.mysql.cj.protocol.a.authentication.AwsIamAuthenticationTokenHelper in project aws-mysql-jdbc by awslabs.
the class NativeAuthenticationProvider method loadAuthenticationPlugins.
/**
* Fill the authentication plugins map.
*
* Starts by filling the map with instances of the built-in authentication plugins. Then creates instances of plugins listed in the "authenticationPlugins"
* connection property and adds them to the map too.
*
* The key for the map entry is got by {@link AuthenticationPlugin#getProtocolPluginName()} thus it is possible to replace built-in plugins with custom
* implementations. To do it, the custom plugin should return one of the values "mysql_native_password", "mysql_clear_password", "sha256_password",
* "caching_sha2_password", "mysql_old_password", "authentication_ldap_sasl_client" or "authentication_kerberos_client" from its own getProtocolPluginName()
* method.
*/
@SuppressWarnings("unchecked")
private void loadAuthenticationPlugins() {
// default plugin
RuntimeProperty<String> defaultAuthenticationPluginProp = this.propertySet.getStringProperty(PropertyKey.defaultAuthenticationPlugin);
String defaultAuthenticationPluginValue = defaultAuthenticationPluginProp.getValue();
if (defaultAuthenticationPluginValue == null || "".equals(defaultAuthenticationPluginValue.trim())) {
throw ExceptionFactory.createException(WrongArgumentException.class, Messages.getString("AuthenticationProvider.BadDefaultAuthenticationPlugin", new Object[] { defaultAuthenticationPluginValue }), getExceptionInterceptor());
}
// disabled plugins
String disabledPlugins = this.propertySet.getStringProperty(PropertyKey.disabledAuthenticationPlugins).getValue();
List<String> disabledAuthenticationPlugins;
if (disabledPlugins != null && !"".equals(disabledPlugins)) {
disabledAuthenticationPlugins = StringUtils.split(disabledPlugins, ",", true);
} else {
disabledAuthenticationPlugins = Collections.EMPTY_LIST;
}
this.authenticationPlugins = new HashMap<>();
List<AuthenticationPlugin<NativePacketPayload>> pluginsToInit = new LinkedList<>();
// built-in plugins
pluginsToInit.add(new Sha256PasswordPlugin());
pluginsToInit.add(new CachingSha2PasswordPlugin());
pluginsToInit.add(new MysqlOldPasswordPlugin());
pluginsToInit.add(new AuthenticationLdapSaslClientPlugin());
pluginsToInit.add(new AuthenticationKerberosClient());
pluginsToInit.add(new AuthenticationOciClient());
final boolean useAwsIam = this.propertySet.getBooleanProperty(PropertyKey.useAwsIam).getValue();
if (useAwsIam) {
try {
Class.forName("software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider");
} catch (ClassNotFoundException ex) {
throw ExceptionFactory.createException(Messages.getString("AuthenticationAwsIamPlugin.MissingSDK"));
}
final String host = this.protocol.getSocketConnection().getHost();
final int port = this.protocol.getSocketConnection().getPort();
final AwsIamAuthenticationTokenHelper tokenHelper = new AwsIamAuthenticationTokenHelper(host, port, this.propertySet.getStringProperty(PropertyKey.logger).getStringValue());
pluginsToInit.add(new AwsIamAuthenticationPlugin(tokenHelper));
pluginsToInit.add(new AwsIamClearAuthenticationPlugin(tokenHelper));
final String defaultPluginClassName = this.propertySet.getStringProperty(PropertyKey.defaultAuthenticationPlugin).getPropertyDefinition().getDefaultValue();
if (defaultAuthenticationPluginValue.equals(defaultPluginClassName)) {
defaultAuthenticationPluginValue = AwsIamAuthenticationPlugin.class.getName();
}
} else {
pluginsToInit.add(new MysqlNativePasswordPlugin());
pluginsToInit.add(new MysqlClearPasswordPlugin());
}
// plugins from authenticationPluginClasses connection parameter
String authenticationPluginClasses = this.propertySet.getStringProperty(PropertyKey.authenticationPlugins).getValue();
if (authenticationPluginClasses != null && !"".equals(authenticationPluginClasses.trim())) {
List<String> pluginsToCreate = StringUtils.split(authenticationPluginClasses, ",", true);
for (String className : pluginsToCreate) {
try {
pluginsToInit.add((AuthenticationPlugin<NativePacketPayload>) Class.forName(className).newInstance());
} catch (Throwable t) {
throw ExceptionFactory.createException(WrongArgumentException.class, Messages.getString("AuthenticationProvider.BadAuthenticationPlugin", new Object[] { className }), t, this.exceptionInterceptor);
}
}
}
// add plugin instances
boolean defaultFound = false;
for (AuthenticationPlugin<NativePacketPayload> plugin : pluginsToInit) {
String pluginProtocolName = plugin.getProtocolPluginName();
String pluginClassName = plugin.getClass().getName();
boolean disabledByProtocolName = disabledAuthenticationPlugins.contains(pluginProtocolName);
boolean disabledByClassName = disabledAuthenticationPlugins.contains(pluginClassName);
if (disabledByProtocolName || disabledByClassName) {
// check if the default plugin is disabled
if (!defaultFound && (defaultAuthenticationPluginValue.equals(pluginProtocolName) || defaultAuthenticationPluginValue.equals(pluginClassName))) {
throw ExceptionFactory.createException(WrongArgumentException.class, Messages.getString("AuthenticationProvider.BadDisabledAuthenticationPlugin", new Object[] { disabledByClassName ? pluginClassName : pluginProtocolName }), getExceptionInterceptor());
}
} else {
this.authenticationPlugins.put(pluginProtocolName, plugin);
if (!defaultFound && (defaultAuthenticationPluginValue.equals(pluginProtocolName) || defaultAuthenticationPluginValue.equals(pluginClassName))) {
this.clientDefaultAuthenticationPluginName = pluginProtocolName;
this.clientDefaultAuthenticationPluginExplicitelySet = defaultAuthenticationPluginProp.isExplicitlySet();
defaultFound = true;
}
}
}
// check if the default plugin is listed
if (!defaultFound) {
throw ExceptionFactory.createException(WrongArgumentException.class, Messages.getString("AuthenticationProvider.DefaultAuthenticationPluginIsNotListed", new Object[] { defaultAuthenticationPluginValue }), getExceptionInterceptor());
}
}
Also used :
MysqlOldPasswordPlugin(com.mysql.cj.protocol.a.authentication.MysqlOldPasswordPlugin)
AuthenticationKerberosClient(com.mysql.cj.protocol.a.authentication.AuthenticationKerberosClient)
WrongArgumentException(com.mysql.cj.exceptions.WrongArgumentException)
AuthenticationLdapSaslClientPlugin(com.mysql.cj.protocol.a.authentication.AuthenticationLdapSaslClientPlugin)
Sha256PasswordPlugin(com.mysql.cj.protocol.a.authentication.Sha256PasswordPlugin)
AuthenticationOciClient(com.mysql.cj.protocol.a.authentication.AuthenticationOciClient)
MysqlClearPasswordPlugin(com.mysql.cj.protocol.a.authentication.MysqlClearPasswordPlugin)
AwsIamAuthenticationTokenHelper(com.mysql.cj.protocol.a.authentication.AwsIamAuthenticationTokenHelper)
LinkedList(java.util.LinkedList)
AwsIamClearAuthenticationPlugin(com.mysql.cj.protocol.a.authentication.AwsIamClearAuthenticationPlugin)
AuthenticationPlugin(com.mysql.cj.protocol.AuthenticationPlugin)
AwsIamClearAuthenticationPlugin(com.mysql.cj.protocol.a.authentication.AwsIamClearAuthenticationPlugin)
AwsIamAuthenticationPlugin(com.mysql.cj.protocol.a.authentication.AwsIamAuthenticationPlugin)
AwsIamAuthenticationPlugin(com.mysql.cj.protocol.a.authentication.AwsIamAuthenticationPlugin)
CachingSha2PasswordPlugin(com.mysql.cj.protocol.a.authentication.CachingSha2PasswordPlugin)
MysqlNativePasswordPlugin(com.mysql.cj.protocol.a.authentication.MysqlNativePasswordPlugin)
Example 2 with AwsIamAuthenticationTokenHelper
use of com.mysql.cj.protocol.a.authentication.AwsIamAuthenticationTokenHelper in project aws-mysql-jdbc by awslabs.
the class AwsIamAuthenticationHelperTest method test_5_InvalidHostUsingIP.
/**
* Attempt to create new {@link AwsIamAuthenticationTokenHelper} with invalid RDS format.
*/
@Test
public void test_5_InvalidHostUsingIP() {
Assertions.assertThrows(CJException.class, () -> new AwsIamAuthenticationTokenHelper("192.168.0.1", PORT, StandardLogger.class.getName()));
Assertions.assertThrows(CJException.class, () -> new AwsIamAuthenticationTokenHelper("localhost", PORT, StandardLogger.class.getName()));
}
Also used :
AwsIamAuthenticationTokenHelper(com.mysql.cj.protocol.a.authentication.AwsIamAuthenticationTokenHelper)
Test(org.junit.jupiter.api.Test)
Example 3 with AwsIamAuthenticationTokenHelper
use of com.mysql.cj.protocol.a.authentication.AwsIamAuthenticationTokenHelper in project aws-mysql-jdbc by awslabs.
the class AwsIamAuthenticationHelperTest method test_6_InvalidRegion.
/**
* Attempt to create new {@link AwsIamAuthenticationTokenHelper} with invalid region.
*/
@Test
public void test_6_InvalidRegion() {
Assertions.assertThrows(CJException.class, () -> new AwsIamAuthenticationTokenHelper("MyDBInstanceName.SomeServerName.fake-1.rds.amazonaws.com", PORT, StandardLogger.class.getName()));
Assertions.assertThrows(CJException.class, () -> new AwsIamAuthenticationTokenHelper("MyDBInstanceName.SomeServerName. .rds.amazonaws.com", PORT, StandardLogger.class.getName()));
}
Also used :
AwsIamAuthenticationTokenHelper(com.mysql.cj.protocol.a.authentication.AwsIamAuthenticationTokenHelper)
Test(org.junit.jupiter.api.Test)
Example 4 with AwsIamAuthenticationTokenHelper
use of com.mysql.cj.protocol.a.authentication.AwsIamAuthenticationTokenHelper in project aws-mysql-jdbc by awslabs.
the class AwsIamAuthenticationHelperTest method test_4_EmptyHost.
/**
* Attempt to create new {@link AwsIamAuthenticationTokenHelper} with empty hostname.
*/
@Test
public void test_4_EmptyHost() {
Assertions.assertThrows(CJException.class, () -> new AwsIamAuthenticationTokenHelper("", PORT, StandardLogger.class.getName()));
Assertions.assertThrows(CJException.class, () -> new AwsIamAuthenticationTokenHelper(" ", PORT, StandardLogger.class.getName()));
}
Also used :
AwsIamAuthenticationTokenHelper(com.mysql.cj.protocol.a.authentication.AwsIamAuthenticationTokenHelper)
Test(org.junit.jupiter.api.Test)
Aggregations
AwsIamAuthenticationTokenHelper (com.mysql.cj.protocol.a.authentication.AwsIamAuthenticationTokenHelper)4
Test (org.junit.jupiter.api.Test)3
WrongArgumentException (com.mysql.cj.exceptions.WrongArgumentException)1
AuthenticationPlugin (com.mysql.cj.protocol.AuthenticationPlugin)1
AuthenticationKerberosClient (com.mysql.cj.protocol.a.authentication.AuthenticationKerberosClient)1
AuthenticationLdapSaslClientPlugin (com.mysql.cj.protocol.a.authentication.AuthenticationLdapSaslClientPlugin)1
AuthenticationOciClient (com.mysql.cj.protocol.a.authentication.AuthenticationOciClient)1
AwsIamAuthenticationPlugin (com.mysql.cj.protocol.a.authentication.AwsIamAuthenticationPlugin)1
AwsIamClearAuthenticationPlugin (com.mysql.cj.protocol.a.authentication.AwsIamClearAuthenticationPlugin)1
CachingSha2PasswordPlugin (com.mysql.cj.protocol.a.authentication.CachingSha2PasswordPlugin)1
MysqlClearPasswordPlugin (com.mysql.cj.protocol.a.authentication.MysqlClearPasswordPlugin)1
MysqlNativePasswordPlugin (com.mysql.cj.protocol.a.authentication.MysqlNativePasswordPlugin)1
MysqlOldPasswordPlugin (com.mysql.cj.protocol.a.authentication.MysqlOldPasswordPlugin)1
Sha256PasswordPlugin (com.mysql.cj.protocol.a.authentication.Sha256PasswordPlugin)1
LinkedList (java.util.LinkedList)1
