org.eclipse.ditto.connectivity.service.messaging.kafka.KafkaAuthenticationSpecificConfig Maven / Gradle / Ivy
/*
* Copyright (c) 2017 Contributors to the Eclipse Foundation
*
* See the NOTICE file(s) distributed with this work for additional
* information regarding copyright ownership.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0
*
* SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.ditto.connectivity.service.messaging.kafka;
import java.text.MessageFormat;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import javax.annotation.Nullable;
import org.apache.kafka.common.config.SaslConfigs;
import org.eclipse.ditto.base.model.headers.DittoHeaders;
import org.eclipse.ditto.connectivity.model.Connection;
import org.eclipse.ditto.connectivity.model.ConnectionConfigurationInvalidException;
/**
* Adds the correct authentication for the chosen SASL mechanism in the specific config of the connection.
*/
final class KafkaAuthenticationSpecificConfig implements KafkaSpecificConfig {
private static final String SPECIFIC_CONFIG_SASL_MECHANISM_KEY = "saslMechanism";
@SuppressWarnings("squid:S2068")
private static final String JAAS_CONFIG_TEMPLATE = "%s required username=\"%s\" password=\"%s\";";
private static final String PLAIN_SASL_MECHANISM = "PLAIN";
private static final String DEFAULT_SASL_MECHANISM = PLAIN_SASL_MECHANISM;
private static final Map SASL_MECHANISMS_WITH_LOGIN_MODULE = new HashMap<>();
@Nullable private static KafkaAuthenticationSpecificConfig instance;
private KafkaAuthenticationSpecificConfig() {
SASL_MECHANISMS_WITH_LOGIN_MODULE.put(PLAIN_SASL_MECHANISM,
"org.apache.kafka.common.security.plain.PlainLoginModule");
SASL_MECHANISMS_WITH_LOGIN_MODULE.put("SCRAM-SHA-256",
"org.apache.kafka.common.security.scram.ScramLoginModule");
SASL_MECHANISMS_WITH_LOGIN_MODULE.put("SCRAM-SHA-512",
"org.apache.kafka.common.security.scram.ScramLoginModule");
}
public static KafkaAuthenticationSpecificConfig getInstance() {
KafkaAuthenticationSpecificConfig result = instance;
if (null == result) {
result = new KafkaAuthenticationSpecificConfig();
instance = result;
}
return result;
}
@Override
public boolean isApplicable(final Connection connection) {
return connection.getUsername().isPresent() && connection.getPassword().isPresent();
}
@Override
public void validateOrThrow(final Connection connection, final DittoHeaders dittoHeaders) {
if (!isValid(connection)) {
final String message = MessageFormat.format(
"The connection configuration contains an invalid value for SASL mechanisms: <{0}>. Allowed " +
"mechanisms are: <{1}>", getSaslMechanismOrDefault(connection),
SASL_MECHANISMS_WITH_LOGIN_MODULE.keySet());
throw ConnectionConfigurationInvalidException.newBuilder(message)
.dittoHeaders(dittoHeaders)
.build();
}
}
@Override
public boolean isValid(final Connection connection) {
return containsValidSaslMechanismConfiguration(connection);
}
private static boolean containsValidSaslMechanismConfiguration(final Connection connection) {
final String mechanism = getSaslMechanismOrDefault(connection);
return SASL_MECHANISMS_WITH_LOGIN_MODULE.containsKey(mechanism.toUpperCase());
}
@Override
public Map apply(final Connection connection) {
final Optional username = connection.getUsername();
final Optional password = connection.getPassword();
// chose to not use isApplicable() but directly check username and password since we need to Optional#get them.
if (isValid(connection) && username.isPresent() && password.isPresent()) {
final String saslMechanism = getSaslMechanismOrDefault(connection).toUpperCase();
final String loginModule = getLoginModuleForSaslMechanism(saslMechanism);
final String jaasConfig = getJaasConfig(loginModule, username.get(), password.get());
return Map.of(SaslConfigs.SASL_MECHANISM, saslMechanism,
SaslConfigs.SASL_JAAS_CONFIG, jaasConfig);
}
return Collections.emptyMap();
}
private static String getJaasConfig(final String loginModule, final String username, final String password) {
return String.format(JAAS_CONFIG_TEMPLATE, loginModule, username, password);
}
private static String getSaslMechanismOrDefault(final Connection connection) {
return connection.getSpecificConfig().getOrDefault(SPECIFIC_CONFIG_SASL_MECHANISM_KEY, DEFAULT_SASL_MECHANISM);
}
private static String getLoginModuleForSaslMechanism(final String saslMechanism) {
return SASL_MECHANISMS_WITH_LOGIN_MODULE.get(saslMechanism);
}
}