• Home
• com.datastax.dse
• dse-java-driver-core
• 1.9.0
• source code
• DsePlainTextAuthProvider.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.datastax.driver.dse.auth.DsePlainTextAuthProvider Maven / Gradle / Ivy

/*
 * Copyright DataStax, Inc.
 *
 * This software can be used solely with DataStax Enterprise. Please consult the license at
 * http://www.datastax.com/terms/datastax-dse-driver-license-terms
 */
package com.datastax.driver.dse.auth;

import static com.google.common.base.Preconditions.checkNotNull;

import com.datastax.driver.core.AuthProvider;
import com.datastax.driver.core.Authenticator;
import com.datastax.driver.core.EndPoint;
import com.datastax.driver.core.ExtendedAuthProvider;
import com.datastax.driver.core.exceptions.AuthenticationException;
import com.google.common.base.Charsets;
import com.google.common.primitives.Bytes;
import java.net.InetSocketAddress;
import java.util.Arrays;

/**
 * AuthProvider that provides plain text authenticator instances for clients to connect to DSE
 * clusters secured with the DseAuthenticator.
 *
 * 
To create a cluster using this auth provider:
 *
 * 
 * Cluster cluster = Cluster.builder()
 *                          .addContactPoint(hostname)
 *                          .withAuthProvider(new DsePlainTextAuthProvider("username", "password"))
 *                          .build();
 * 
 */
public class DsePlainTextAuthProvider implements ExtendedAuthProvider {

  private final String username;
  private final String password;
  private final String authorizationId;

  /**
   * Creates an {@link AuthProvider} for the given username and password.
   *
   * @param username The username; cannot be {@code null}.
   * @param password The password; cannot be {@code null}.
   */
  public DsePlainTextAuthProvider(String username, String password) {
    checkNotNull(username, "username cannot be null");
    checkNotNull(password, "password cannot be null");
    this.username = username;
    this.password = password;
    this.authorizationId = "";
  }

  /**
   * Creates an {@link AuthProvider} for the given authentication ID (username), password and
   * authorization ID (authorizationId). Providing an authorization ID allows the currently
   * authenticated user to act as a different user (a.k.a. proxy authentication).
   *
   * @param username The username; cannot be {@code null}.
   * @param password The password; cannot be {@code null}.
   * @param authorizationId The authorization ID; cannot be {@code null}.
   */
  public DsePlainTextAuthProvider(String username, String password, String authorizationId) {
    checkNotNull(username, "username cannot be null");
    checkNotNull(password, "password cannot be null");
    checkNotNull(authorizationId, "authorizationId cannot be null");
    this.username = username;
    this.password = password;
    this.authorizationId = authorizationId;
  }

  @Override
  public Authenticator newAuthenticator(EndPoint endPoint, String authenticator)
      throws AuthenticationException {
    return new PlainTextAuthenticator(authenticator, username, password, authorizationId);
  }

  @Override
  public Authenticator newAuthenticator(InetSocketAddress host, String authenticator)
      throws AuthenticationException {
    throw new AssertionError(
        "The driver should never call this method on an object that implements ExtendedAuthProvider");
  }

  private static class PlainTextAuthenticator extends BaseDseAuthenticator {

    private static final byte[] MECHANISM = "PLAIN".getBytes(Charsets.UTF_8);
    private static final byte[] SERVER_INITIAL_CHALLENGE = "PLAIN-START".getBytes(Charsets.UTF_8);
    private static final byte[] NULL = new byte[] {0};

    private final byte[] authenticationId;
    private final byte[] password;
    private final byte[] authorizationId;

    PlainTextAuthenticator(
        String authenticator, String authenticationId, String password, String authorizationId) {
      super(authenticator);
      this.authenticationId = authenticationId.getBytes(Charsets.UTF_8);
      this.password = password.getBytes(Charsets.UTF_8);
      this.authorizationId = authorizationId.getBytes(Charsets.UTF_8);
    }

    @Override
    public byte[] getMechanism() {
      return MECHANISM.clone();
    }

    @Override
    public byte[] getInitialServerChallenge() {
      return SERVER_INITIAL_CHALLENGE.clone();
    }

    @Override
    public byte[] evaluateChallenge(byte[] challenge) {
      if (Arrays.equals(SERVER_INITIAL_CHALLENGE, challenge)) {
        // The SASL plain text format is authorizationId NUL username NUL password
        return Bytes.concat(authorizationId, NULL, authenticationId, NULL, password);
      }
      throw new RuntimeException("Incorrect challenge from server");
    }
  }
}