clients/src/main/java/org/apache/kafka/common/security/JaasConfig.java - kafka - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements. See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  *
  *    http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.kafka.common.security;

 import java.io.IOException;
 import java.io.StreamTokenizer;
 import java.io.StringReader;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;

 import javax.security.auth.login.AppConfigurationEntry;
 import javax.security.auth.login.Configuration;
 import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;

 import org.apache.kafka.common.KafkaException;
 import org.apache.kafka.common.config.SaslConfigs;

 /**
  * JAAS configuration parser that constructs a JAAS configuration object with a single
  * login context from the Kafka configuration option {@link SaslConfigs#SASL_JAAS_CONFIG}.
  * <p/>
  * JAAS configuration file format is described <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html">here</a>.
  * The format of the property value is:
  * <pre>
  * {@code
  *   <loginModuleClass> <controlFlag> (<optionName>=<optionValue>)*;
  * }
  * </pre>
  */
 class JaasConfig extends Configuration {

     private final String loginContextName;
     private final List<AppConfigurationEntry> configEntries;

     public JaasConfig(String loginContextName, String jaasConfigParams) {
         StreamTokenizer tokenizer = new StreamTokenizer(new StringReader(jaasConfigParams));
         tokenizer.slashSlashComments(true);
         tokenizer.slashStarComments(true);
         tokenizer.wordChars('-', '-');
         tokenizer.wordChars('_', '_');
         tokenizer.wordChars('$', '$');

         try {
             configEntries = new ArrayList<>();
             while (tokenizer.nextToken() != StreamTokenizer.TT_EOF) {
                 configEntries.add(parseAppConfigurationEntry(tokenizer));
             }
             if (configEntries.isEmpty())
                 throw new IllegalArgumentException("Login module not specified in JAAS config");

             this.loginContextName = loginContextName;

         } catch (IOException e) {
             throw new KafkaException("Unexpected exception while parsing JAAS config");
         }
     }

     @Override
     public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
         if (this.loginContextName.equals(name))
             return configEntries.toArray(new AppConfigurationEntry[0]);
         else
             return  null;
     }

     private LoginModuleControlFlag loginModuleControlFlag(String flag) {
         if (flag == null)
             throw new IllegalArgumentException("Login module control flag is not available in the JAAS config");

         LoginModuleControlFlag controlFlag;
         switch (flag.toUpperCase(Locale.ROOT)) {
             case "REQUIRED":
                 controlFlag = LoginModuleControlFlag.REQUIRED;
                 break;
             case "REQUISITE":
                 controlFlag = LoginModuleControlFlag.REQUISITE;
                 break;
             case "SUFFICIENT":
                 controlFlag = LoginModuleControlFlag.SUFFICIENT;
                 break;
             case "OPTIONAL":
                 controlFlag = LoginModuleControlFlag.OPTIONAL;
                 break;
             default:
                 throw new IllegalArgumentException("Invalid login module control flag '" + flag + "' in JAAS config");
         }
         return controlFlag;
     }

     private AppConfigurationEntry parseAppConfigurationEntry(StreamTokenizer tokenizer) throws IOException {
         String loginModule = tokenizer.sval;
         if (tokenizer.nextToken() == StreamTokenizer.TT_EOF)
             throw new IllegalArgumentException("Login module control flag not specified in JAAS config");
         LoginModuleControlFlag controlFlag = loginModuleControlFlag(tokenizer.sval);
         Map<String, String> options = new HashMap<>();
         while (tokenizer.nextToken() != StreamTokenizer.TT_EOF && tokenizer.ttype != ';') {
             String key = tokenizer.sval;
             if (tokenizer.nextToken() != '=' || tokenizer.nextToken() == StreamTokenizer.TT_EOF || tokenizer.sval == null)
                 throw new IllegalArgumentException("Value not specified for key '" + key + "' in JAAS config");
             String value = tokenizer.sval;
             options.put(key, value);
         }
         if (tokenizer.ttype != ';')
             throw new IllegalArgumentException("JAAS config entry not terminated by semi-colon");
         return new AppConfigurationEntry(loginModule, controlFlag, options);
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.kafka.common.security;

	import java.io.IOException;
	import java.io.StreamTokenizer;
	import java.io.StringReader;
	import java.util.ArrayList;
	import java.util.HashMap;
	import java.util.List;
	import java.util.Locale;
	import java.util.Map;

	import javax.security.auth.login.AppConfigurationEntry;
	import javax.security.auth.login.Configuration;
	import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;

	import org.apache.kafka.common.KafkaException;
	import org.apache.kafka.common.config.SaslConfigs;

	/**
	* JAAS configuration parser that constructs a JAAS configuration object with a single
	* login context from the Kafka configuration option {@link SaslConfigs#SASL_JAAS_CONFIG}.
	* <p/>
	* JAAS configuration file format is described <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html">here</a>.
	* The format of the property value is:
	* <pre>
	* {@code
	* <loginModuleClass> <controlFlag> (<optionName>=<optionValue>)*;
	* }
	* </pre>
	*/
	class JaasConfig extends Configuration {

	private final String loginContextName;
	private final List<AppConfigurationEntry> configEntries;

	public JaasConfig(String loginContextName, String jaasConfigParams) {
	StreamTokenizer tokenizer = new StreamTokenizer(new StringReader(jaasConfigParams));
	tokenizer.slashSlashComments(true);
	tokenizer.slashStarComments(true);
	tokenizer.wordChars('-', '-');
	tokenizer.wordChars('_', '_');
	tokenizer.wordChars('$', '$');

	try {
	configEntries = new ArrayList<>();
	while (tokenizer.nextToken() != StreamTokenizer.TT_EOF) {
	configEntries.add(parseAppConfigurationEntry(tokenizer));
	}
	if (configEntries.isEmpty())
	throw new IllegalArgumentException("Login module not specified in JAAS config");

	this.loginContextName = loginContextName;

	} catch (IOException e) {
	throw new KafkaException("Unexpected exception while parsing JAAS config");
	}
	}

	@Override
	public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
	if (this.loginContextName.equals(name))
	return configEntries.toArray(new AppConfigurationEntry[0]);
	else
	return null;
	}

	private LoginModuleControlFlag loginModuleControlFlag(String flag) {
	if (flag == null)
	throw new IllegalArgumentException("Login module control flag is not available in the JAAS config");

	LoginModuleControlFlag controlFlag;
	switch (flag.toUpperCase(Locale.ROOT)) {
	case "REQUIRED":
	controlFlag = LoginModuleControlFlag.REQUIRED;
	break;
	case "REQUISITE":
	controlFlag = LoginModuleControlFlag.REQUISITE;
	break;
	case "SUFFICIENT":
	controlFlag = LoginModuleControlFlag.SUFFICIENT;
	break;
	case "OPTIONAL":
	controlFlag = LoginModuleControlFlag.OPTIONAL;
	break;
	default:
	throw new IllegalArgumentException("Invalid login module control flag '" + flag + "' in JAAS config");
	}
	return controlFlag;
	}

	private AppConfigurationEntry parseAppConfigurationEntry(StreamTokenizer tokenizer) throws IOException {
	String loginModule = tokenizer.sval;
	if (tokenizer.nextToken() == StreamTokenizer.TT_EOF)
	throw new IllegalArgumentException("Login module control flag not specified in JAAS config");
	LoginModuleControlFlag controlFlag = loginModuleControlFlag(tokenizer.sval);
	Map<String, String> options = new HashMap<>();
	while (tokenizer.nextToken() != StreamTokenizer.TT_EOF && tokenizer.ttype != ';') {
	String key = tokenizer.sval;
	if (tokenizer.nextToken() != '=' \|\| tokenizer.nextToken() == StreamTokenizer.TT_EOF \|\| tokenizer.sval == null)
	throw new IllegalArgumentException("Value not specified for key '" + key + "' in JAAS config");
	String value = tokenizer.sval;
	options.put(key, value);
	}
	if (tokenizer.ttype != ';')
	throw new IllegalArgumentException("JAAS config entry not terminated by semi-colon");
	return new AppConfigurationEntry(loginModule, controlFlag, options);
	}
	}