org.apache.kafka.common.security.scram.internals.ScramCredentialUtils Maven / Gradle / Ivy
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.kafka.common.security.scram.internals;
import java.util.Base64;
import java.util.Collection;
import java.util.Properties;
import org.apache.kafka.common.security.authenticator.CredentialCache;
import org.apache.kafka.common.security.scram.ScramCredential;
/**
* SCRAM Credential persistence utility functions. Implements format conversion used
* for the credential store implemented in Kafka. Credentials are persisted as a comma-separated
* String of key-value pairs:
*
* salt=salt,stored_key=stored_key,server_key=server_key,iterations=iterations
*
*
*/
public final class ScramCredentialUtils {
private static final String SALT = "salt";
private static final String STORED_KEY = "stored_key";
private static final String SERVER_KEY = "server_key";
private static final String ITERATIONS = "iterations";
private ScramCredentialUtils() {}
public static String credentialToString(ScramCredential credential) {
return String.format("%s=%s,%s=%s,%s=%s,%s=%d",
SALT,
Base64.getEncoder().encodeToString(credential.salt()),
STORED_KEY,
Base64.getEncoder().encodeToString(credential.storedKey()),
SERVER_KEY,
Base64.getEncoder().encodeToString(credential.serverKey()),
ITERATIONS,
credential.iterations());
}
public static ScramCredential credentialFromString(String str) {
Properties props = toProps(str);
if (props.size() != 4 || !props.containsKey(SALT) || !props.containsKey(STORED_KEY) ||
!props.containsKey(SERVER_KEY) || !props.containsKey(ITERATIONS)) {
throw new IllegalArgumentException("Credentials not valid: " + str);
}
byte[] salt = Base64.getDecoder().decode(props.getProperty(SALT));
byte[] storedKey = Base64.getDecoder().decode(props.getProperty(STORED_KEY));
byte[] serverKey = Base64.getDecoder().decode(props.getProperty(SERVER_KEY));
int iterations = Integer.parseInt(props.getProperty(ITERATIONS));
return new ScramCredential(salt, storedKey, serverKey, iterations);
}
private static Properties toProps(String str) {
Properties props = new Properties();
String[] tokens = str.split(",");
for (String token : tokens) {
int index = token.indexOf('=');
if (index <= 0)
throw new IllegalArgumentException("Credentials not valid: " + str);
props.put(token.substring(0, index), token.substring(index + 1));
}
return props;
}
public static void createCache(CredentialCache cache, Collection mechanisms) {
for (String mechanism : ScramMechanism.mechanismNames()) {
if (mechanisms.contains(mechanism))
cache.createCache(mechanism, ScramCredential.class);
}
}
}