use of com.mysql.cj.protocol.a.authentication.AwsIamClearAuthenticationPlugin in project aws-mysql-jdbc by awslabs.
the class NativeAuthenticationProvider method loadAuthenticationPlugins.
/**
* Fill the authentication plugins map.
*
* Starts by filling the map with instances of the built-in authentication plugins. Then creates instances of plugins listed in the "authenticationPlugins"
* connection property and adds them to the map too.
*
* The key for the map entry is got by {@link AuthenticationPlugin#getProtocolPluginName()} thus it is possible to replace built-in plugins with custom
* implementations. To do it, the custom plugin should return one of the values "mysql_native_password", "mysql_clear_password", "sha256_password",
* "caching_sha2_password", "mysql_old_password", "authentication_ldap_sasl_client" or "authentication_kerberos_client" from its own getProtocolPluginName()
* method.
*/
@SuppressWarnings("unchecked")
private void loadAuthenticationPlugins() {
// default plugin
RuntimeProperty<String> defaultAuthenticationPluginProp = this.propertySet.getStringProperty(PropertyKey.defaultAuthenticationPlugin);
String defaultAuthenticationPluginValue = defaultAuthenticationPluginProp.getValue();
if (defaultAuthenticationPluginValue == null || "".equals(defaultAuthenticationPluginValue.trim())) {
throw ExceptionFactory.createException(WrongArgumentException.class, Messages.getString("AuthenticationProvider.BadDefaultAuthenticationPlugin", new Object[] { defaultAuthenticationPluginValue }), getExceptionInterceptor());
}
// disabled plugins
String disabledPlugins = this.propertySet.getStringProperty(PropertyKey.disabledAuthenticationPlugins).getValue();
List<String> disabledAuthenticationPlugins;
if (disabledPlugins != null && !"".equals(disabledPlugins)) {
disabledAuthenticationPlugins = StringUtils.split(disabledPlugins, ",", true);
} else {
disabledAuthenticationPlugins = Collections.EMPTY_LIST;
}
this.authenticationPlugins = new HashMap<>();
List<AuthenticationPlugin<NativePacketPayload>> pluginsToInit = new LinkedList<>();
// built-in plugins
pluginsToInit.add(new Sha256PasswordPlugin());
pluginsToInit.add(new CachingSha2PasswordPlugin());
pluginsToInit.add(new MysqlOldPasswordPlugin());
pluginsToInit.add(new AuthenticationLdapSaslClientPlugin());
pluginsToInit.add(new AuthenticationKerberosClient());
pluginsToInit.add(new AuthenticationOciClient());
final boolean useAwsIam = this.propertySet.getBooleanProperty(PropertyKey.useAwsIam).getValue();
if (useAwsIam) {
try {
Class.forName("software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider");
} catch (ClassNotFoundException ex) {
throw ExceptionFactory.createException(Messages.getString("AuthenticationAwsIamPlugin.MissingSDK"));
}
final String host = this.protocol.getSocketConnection().getHost();
final int port = this.protocol.getSocketConnection().getPort();
final AwsIamAuthenticationTokenHelper tokenHelper = new AwsIamAuthenticationTokenHelper(host, port, this.propertySet.getStringProperty(PropertyKey.logger).getStringValue());
pluginsToInit.add(new AwsIamAuthenticationPlugin(tokenHelper));
pluginsToInit.add(new AwsIamClearAuthenticationPlugin(tokenHelper));
final String defaultPluginClassName = this.propertySet.getStringProperty(PropertyKey.defaultAuthenticationPlugin).getPropertyDefinition().getDefaultValue();
if (defaultAuthenticationPluginValue.equals(defaultPluginClassName)) {
defaultAuthenticationPluginValue = AwsIamAuthenticationPlugin.class.getName();
}
} else {
pluginsToInit.add(new MysqlNativePasswordPlugin());
pluginsToInit.add(new MysqlClearPasswordPlugin());
}
// plugins from authenticationPluginClasses connection parameter
String authenticationPluginClasses = this.propertySet.getStringProperty(PropertyKey.authenticationPlugins).getValue();
if (authenticationPluginClasses != null && !"".equals(authenticationPluginClasses.trim())) {
List<String> pluginsToCreate = StringUtils.split(authenticationPluginClasses, ",", true);
for (String className : pluginsToCreate) {
try {
pluginsToInit.add((AuthenticationPlugin<NativePacketPayload>) Class.forName(className).newInstance());
} catch (Throwable t) {
throw ExceptionFactory.createException(WrongArgumentException.class, Messages.getString("AuthenticationProvider.BadAuthenticationPlugin", new Object[] { className }), t, this.exceptionInterceptor);
}
}
}
// add plugin instances
boolean defaultFound = false;
for (AuthenticationPlugin<NativePacketPayload> plugin : pluginsToInit) {
String pluginProtocolName = plugin.getProtocolPluginName();
String pluginClassName = plugin.getClass().getName();
boolean disabledByProtocolName = disabledAuthenticationPlugins.contains(pluginProtocolName);
boolean disabledByClassName = disabledAuthenticationPlugins.contains(pluginClassName);
if (disabledByProtocolName || disabledByClassName) {
// check if the default plugin is disabled
if (!defaultFound && (defaultAuthenticationPluginValue.equals(pluginProtocolName) || defaultAuthenticationPluginValue.equals(pluginClassName))) {
throw ExceptionFactory.createException(WrongArgumentException.class, Messages.getString("AuthenticationProvider.BadDisabledAuthenticationPlugin", new Object[] { disabledByClassName ? pluginClassName : pluginProtocolName }), getExceptionInterceptor());
}
} else {
this.authenticationPlugins.put(pluginProtocolName, plugin);
if (!defaultFound && (defaultAuthenticationPluginValue.equals(pluginProtocolName) || defaultAuthenticationPluginValue.equals(pluginClassName))) {
this.clientDefaultAuthenticationPluginName = pluginProtocolName;
this.clientDefaultAuthenticationPluginExplicitelySet = defaultAuthenticationPluginProp.isExplicitlySet();
defaultFound = true;
}
}
}
// check if the default plugin is listed
if (!defaultFound) {
throw ExceptionFactory.createException(WrongArgumentException.class, Messages.getString("AuthenticationProvider.DefaultAuthenticationPluginIsNotListed", new Object[] { defaultAuthenticationPluginValue }), getExceptionInterceptor());
}
}
Aggregations