clients/src/main/java/org/apache/kafka/common/security/JaasUtils.java - kafka - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.kafka.common.security;

 import javax.security.auth.login.Configuration;
 import javax.security.auth.login.AppConfigurationEntry;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.io.IOException;

 import org.apache.kafka.common.KafkaException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 public class JaasUtils {
     private static final Logger LOG = LoggerFactory.getLogger(JaasUtils.class);
     public static final String JAVA_LOGIN_CONFIG_PARAM = "java.security.auth.login.config";

     public static final String LOGIN_CONTEXT_SERVER = "KafkaServer";
     public static final String LOGIN_CONTEXT_CLIENT = "KafkaClient";
     public static final String SERVICE_NAME = "serviceName";

     public static final String ZK_SASL_CLIENT = "zookeeper.sasl.client";
     public static final String ZK_LOGIN_CONTEXT_NAME_KEY = "zookeeper.sasl.clientconfig";

     /**
      * Construct a JAAS configuration object per kafka jaas configuration file
      * @param loginContextName
      * @param key
      * @return JAAS configuration object
      */
     public static String jaasConfig(String loginContextName, String key) throws IOException {
         AppConfigurationEntry[] configurationEntries = Configuration.getConfiguration().getAppConfigurationEntry(loginContextName);
         if (configurationEntries == null) {
             String errorMessage = "Could not find a '" + loginContextName + "' entry in this configuration.";
             throw new IOException(errorMessage);
         }

         for (AppConfigurationEntry entry: configurationEntries) {
             Object val = entry.getOptions().get(key);
             if (val != null)
                 return (String) val;
         }
         return null;
     }

     public static String defaultKerberosRealm()
         throws ClassNotFoundException, NoSuchMethodException,
                IllegalArgumentException, IllegalAccessException,
                InvocationTargetException {

         //TODO Find a way to avoid using these proprietary classes as access to Java 9 will block access by default
         //due to the Jigsaw module system

         Object kerbConf;
         Class<?> classRef;
         Method getInstanceMethod;
         Method getDefaultRealmMethod;
         if (System.getProperty("java.vendor").contains("IBM")) {
             classRef = Class.forName("com.ibm.security.krb5.internal.Config");
         } else {
             classRef = Class.forName("sun.security.krb5.Config");
         }
         getInstanceMethod = classRef.getMethod("getInstance", new Class[0]);
         kerbConf = getInstanceMethod.invoke(classRef, new Object[0]);
         getDefaultRealmMethod = classRef.getDeclaredMethod("getDefaultRealm",
                                                            new Class[0]);
         return (String) getDefaultRealmMethod.invoke(kerbConf, new Object[0]);
     }

     public static boolean isZkSecurityEnabled() {
         boolean isSecurityEnabled = false;
         boolean zkSaslEnabled = Boolean.parseBoolean(System.getProperty(ZK_SASL_CLIENT, "true"));
         String zkLoginContextName = System.getProperty(ZK_LOGIN_CONTEXT_NAME_KEY, "Client");

         try {
             Configuration loginConf = Configuration.getConfiguration();
             isSecurityEnabled = loginConf.getAppConfigurationEntry(zkLoginContextName) != null;
         } catch (Exception e) {
             throw new KafkaException("Exception while loading Zookeeper JAAS login context '" + zkLoginContextName + "'", e);
         }
         if (isSecurityEnabled && !zkSaslEnabled) {
             LOG.error("JAAS configuration is present, but system property " +
                         ZK_SASL_CLIENT + " is set to false, which disables " +
                         "SASL in the ZooKeeper client");
             throw new KafkaException("Exception while determining if ZooKeeper is secure");
         }

         return isSecurityEnabled;
     }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.kafka.common.security;

	import javax.security.auth.login.Configuration;
	import javax.security.auth.login.AppConfigurationEntry;
	import java.lang.reflect.InvocationTargetException;
	import java.lang.reflect.Method;
	import java.io.IOException;

	import org.apache.kafka.common.KafkaException;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	public class JaasUtils {
	private static final Logger LOG = LoggerFactory.getLogger(JaasUtils.class);
	public static final String JAVA_LOGIN_CONFIG_PARAM = "java.security.auth.login.config";

	public static final String LOGIN_CONTEXT_SERVER = "KafkaServer";
	public static final String LOGIN_CONTEXT_CLIENT = "KafkaClient";
	public static final String SERVICE_NAME = "serviceName";

	public static final String ZK_SASL_CLIENT = "zookeeper.sasl.client";
	public static final String ZK_LOGIN_CONTEXT_NAME_KEY = "zookeeper.sasl.clientconfig";

	/**
	* Construct a JAAS configuration object per kafka jaas configuration file
	* @param loginContextName
	* @param key
	* @return JAAS configuration object
	*/
	public static String jaasConfig(String loginContextName, String key) throws IOException {
	AppConfigurationEntry[] configurationEntries = Configuration.getConfiguration().getAppConfigurationEntry(loginContextName);
	if (configurationEntries == null) {
	String errorMessage = "Could not find a '" + loginContextName + "' entry in this configuration.";
	throw new IOException(errorMessage);
	}

	for (AppConfigurationEntry entry: configurationEntries) {
	Object val = entry.getOptions().get(key);
	if (val != null)
	return (String) val;
	}
	return null;
	}

	public static String defaultKerberosRealm()
	throws ClassNotFoundException, NoSuchMethodException,
	IllegalArgumentException, IllegalAccessException,
	InvocationTargetException {

	//TODO Find a way to avoid using these proprietary classes as access to Java 9 will block access by default
	//due to the Jigsaw module system

	Object kerbConf;
	Class<?> classRef;
	Method getInstanceMethod;
	Method getDefaultRealmMethod;
	if (System.getProperty("java.vendor").contains("IBM")) {
	classRef = Class.forName("com.ibm.security.krb5.internal.Config");
	} else {
	classRef = Class.forName("sun.security.krb5.Config");
	}
	getInstanceMethod = classRef.getMethod("getInstance", new Class[0]);
	kerbConf = getInstanceMethod.invoke(classRef, new Object[0]);
	getDefaultRealmMethod = classRef.getDeclaredMethod("getDefaultRealm",
	new Class[0]);
	return (String) getDefaultRealmMethod.invoke(kerbConf, new Object[0]);
	}

	public static boolean isZkSecurityEnabled() {
	boolean isSecurityEnabled = false;
	boolean zkSaslEnabled = Boolean.parseBoolean(System.getProperty(ZK_SASL_CLIENT, "true"));
	String zkLoginContextName = System.getProperty(ZK_LOGIN_CONTEXT_NAME_KEY, "Client");

	try {
	Configuration loginConf = Configuration.getConfiguration();
	isSecurityEnabled = loginConf.getAppConfigurationEntry(zkLoginContextName) != null;
	} catch (Exception e) {
	throw new KafkaException("Exception while loading Zookeeper JAAS login context '" + zkLoginContextName + "'", e);
	}
	if (isSecurityEnabled && !zkSaslEnabled) {
	LOG.error("JAAS configuration is present, but system property " +
	ZK_SASL_CLIENT + " is set to false, which disables " +
	"SASL in the ZooKeeper client");
	throw new KafkaException("Exception while determining if ZooKeeper is secure");
	}

	return isSecurityEnabled;
	}
	}