All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.mariadb.jdbc.plugin.credential.aws.AwsIamCredentialPlugin Maven / Gradle / Ivy

// SPDX-License-Identifier: LGPL-2.1-or-later
// Copyright (c) 2012-2014 Monty Program Ab
// Copyright (c) 2015-2023 MariaDB Corporation Ab

package org.mariadb.jdbc.plugin.credential.aws;

import static java.time.LocalDateTime.now;

import java.sql.SQLException;
import java.time.LocalDateTime;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import org.mariadb.jdbc.Configuration;
import org.mariadb.jdbc.HostAddress;
import org.mariadb.jdbc.plugin.Credential;
import org.mariadb.jdbc.plugin.CredentialPlugin;

/**
 * Permit AWS database IAM authentication.
 *
 * 

Token is generated using IAM credential and region. * *

Implementation use SDK DefaultAWSCredentialsProviderChain and DefaultAwsRegionProviderChain * (environment variable / system properties, files, ...) or using connection string options : * accessKeyId, secretKey, region. * * @see DefaultCredentialsProvider * @see DefaultAwsRegionProviderChain */ public class AwsIamCredentialPlugin implements CredentialPlugin { private static final int TOKEN_TTL = 10; private static final Map cache = new ConcurrentHashMap<>(); private AwsCredentialGenerator generator; private KeyCache key; @Override public String type() { return "AWS-IAM"; } @Override public boolean mustUseSsl() { return true; } @Override public CredentialPlugin initialize(Configuration conf, String userName, HostAddress hostAddress) throws SQLException { try { Class.forName("software.amazon.awssdk.auth.credentials.AwsBasicCredentials"); } catch (ClassNotFoundException ex) { throw new SQLException( "Identity plugin 'AWS-IAM' is used without having AWS SDK in " + "classpath. " + "Please add 'software.amazon.awssdk:rds' to classpath"); } this.generator = new AwsCredentialGenerator(conf.nonMappedOptions(), conf.user(), hostAddress); this.key = new KeyCache(conf, conf.user(), hostAddress); return this; } @Override public Credential get() { IdentityExpire val = cache.get(key); if (val != null && val.isValid()) { return val.getCredential(); } Credential credential = generator.getToken(); cache.put(key, new IdentityExpire(credential)); return credential; } private static class IdentityExpire { private final LocalDateTime expiration; private final Credential credential; public IdentityExpire(Credential credential) { this.credential = credential; expiration = now().plusMinutes(TOKEN_TTL); } public boolean isValid() { return expiration.isAfter(now()); } public Credential getCredential() { return credential; } } private static class KeyCache { private final Configuration conf; private final String userName; private final HostAddress hostAddress; public KeyCache(Configuration conf, String userName, HostAddress hostAddress) { this.conf = conf; this.userName = userName; this.hostAddress = hostAddress; } @Override public boolean equals(Object o) { if (this == o) { return true; } if (o == null || getClass() != o.getClass()) { return false; } KeyCache keyCache = (KeyCache) o; return conf.equals(keyCache.conf) && Objects.equals(userName, keyCache.userName) && hostAddress.equals(keyCache.hostAddress); } @Override public int hashCode() { return Objects.hash(conf, userName, hostAddress); } } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy