All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.trino.server.security.jwt.JwtAuthenticatorSupportModule Maven / Gradle / Ivy

There is a newer version: 465
Show newest version
/*
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package io.trino.server.security.jwt;

import com.google.inject.Binder;
import com.google.inject.Module;
import com.google.inject.Provides;
import com.google.inject.Scopes;
import com.google.inject.Singleton;
import com.google.inject.TypeLiteral;
import io.airlift.configuration.AbstractConfigurationAwareModule;
import io.airlift.http.client.HttpClient;
import io.jsonwebtoken.Locator;

import java.net.URI;
import java.security.Key;

import static io.airlift.configuration.ConditionalModule.conditionalModule;
import static io.airlift.configuration.ConfigBinder.configBinder;
import static io.airlift.http.client.HttpClientBinder.httpClientBinder;

public class JwtAuthenticatorSupportModule
        extends AbstractConfigurationAwareModule
{
    @Override
    protected void setup(Binder binder)
    {
        configBinder(binder).bindConfig(JwtAuthenticatorConfig.class);
        install(conditionalModule(
                JwtAuthenticatorConfig.class,
                JwtAuthenticatorSupportModule::isHttp,
                new JwkModule(),
                jwkBinder -> jwkBinder.bind(new TypeLiteral>() {}).annotatedWith(ForJwt.class).to(FileSigningKeyLocator.class).in(Scopes.SINGLETON)));
    }

    private static boolean isHttp(JwtAuthenticatorConfig config)
    {
        return config.getKeyFile().startsWith("https://") || config.getKeyFile().startsWith("http://");
    }

    private static class JwkModule
            implements Module
    {
        @Override
        public void configure(Binder binder)
        {
            httpClientBinder(binder).bindHttpClient("jwk", ForJwt.class);
        }

        @Provides
        @Singleton
        @ForJwt
        public static JwkService createJwkService(JwtAuthenticatorConfig config, @ForJwt HttpClient httpClient)
        {
            return new JwkService(URI.create(config.getKeyFile()), httpClient);
        }

        @Provides
        @Singleton
        @ForJwt
        public static Locator createJwkSigningKeyLocator(@ForJwt JwkService jwkService)
        {
            return new JwkSigningKeyLocator(jwkService);
        }

        // this module can be added multiple times, and this prevents multiple processing by Guice
        @Override
        public int hashCode()
        {
            return JwkModule.class.hashCode();
        }

        @Override
        public boolean equals(Object obj)
        {
            return obj instanceof JwkModule;
        }
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy