DIRKRB-703 Reduce client-side information leakage of MySQL plugin
diff --git a/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/client/mysql/MySQLHasClientPlugin.java b/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/client/mysql/MySQLHasClientPlugin.java
index 675f295..5ff56fe 100644
--- a/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/client/mysql/MySQLHasClientPlugin.java
+++ b/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/client/mysql/MySQLHasClientPlugin.java
@@ -38,20 +38,15 @@
@Override
protected void doLogin(AuthToken authToken) {
- //Get the ak info from env
+ //Get the user info from env
String userName = System.getenv("userName");
String password = System.getenv("password");
-
- String mysqlUrl = System.getenv("mysqlUrl");
- String mysqlUser = System.getenv("mysqlUser");
- String mysqlPasswd = System.getenv("mysqlPasswd");
-
- LOG.debug("Get the mysql login info successfully.");
+ LOG.debug("Get the user info successfully.");
authToken.setIssuer("has");
authToken.setSubject(userName);
- final Date now = new Date(new Date().getTime() / 1000 * 1000);
+ final Date now = new Date(System.currentTimeMillis() / 1000 * 1000);
authToken.setIssueTime(now);
// Set expiration in 60 minutes
Date exp = new Date(now.getTime() + 1000 * 60 * 60);
@@ -59,9 +54,6 @@
authToken.addAttribute("user", userName);
authToken.addAttribute("secret", password);
- authToken.addAttribute("mysqlUrl", mysqlUrl);
- authToken.addAttribute("mysqlUser", mysqlUser);
- authToken.addAttribute("mysqlPasswd", mysqlPasswd);
authToken.addAttribute("passPhrase", userName + password);
}
diff --git a/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/mysql/MySQLHasServerPlugin.java b/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/mysql/MySQLHasServerPlugin.java
index 982860e..98f0675 100644
--- a/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/mysql/MySQLHasServerPlugin.java
+++ b/has-project/has-plugins/src/main/java/org/apache/kerby/has/plugins/server/mysql/MySQLHasServerPlugin.java
@@ -49,7 +49,7 @@
public void doAuthenticate(AuthToken userToken, AuthToken authToken)
throws HasAuthenException {
- // Check if the token is expired.
+ // Check if the token is expired
Date expiredTime = userToken.getExpiredTime();
Date now = new Date();
if (now.after(expiredTime)) {
@@ -60,10 +60,10 @@
String user = (String) userToken.getAttributes().get("user");
String secret = (String) userToken.getAttributes().get("secret");
- String mysqlUrl = (String) userToken.getAttributes().get("mysqlUrl");
+ String mysqlUrl = System.getenv("mysqlUrl");
mysqlUrl = mysqlUrl.replace("jdbc:mysql:", "jdbc:mysql:thin:");
- String mysqlUser = (String) userToken.getAttributes().get("mysqlUser");
- String mysqlPasswd = (String) userToken.getAttributes().get("mysqlPasswd");
+ String mysqlUser = System.getenv("mysqlUser");
+ String mysqlPasswd = System.getenv("mysqlPasswd");
Connection connection = startConnection(mysqlUrl, mysqlUser, mysqlPasswd);
ResultSet res = null;
