* org.onap.dmaap
* ================================================================================
* Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * Modification copyright (C) 2021 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*
*
*******************************************************************************/
-package org.onap.dmaap.kafkaAuthorize;
+package org.onap.dmaap.kafkaauthorize;
-import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
-
-import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
-
import org.apache.kafka.common.errors.SaslAuthenticationException;
-import org.apache.kafka.common.security.JaasContext;
-import org.apache.kafka.common.security.authenticator.SaslServerCallbackHandler;
-import org.apache.kafka.common.security.plain.PlainAuthenticateCallback;
-import org.apache.kafka.common.security.plain.internals.PlainSaslServer;
import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProviderFactory;
/**
private boolean complete;
private String authorizationId;
+ private static final String AUTH_EXC_NOT_COMPLETE = "Authentication exchange has not completed";
/**
try {
aafResponse = AuthorizationProviderFactory.getProviderFactory().getProvider().authenticate(username,
password);
- } catch (Exception e) {
+ } catch (Exception ignored) {
+ throw new SaslAuthenticationException("Authentication failed: " + aafResponse + " User " + username);
}
if (null != aafResponse) {
throw new SaslAuthenticationException("Authentication failed: " + aafResponse + " User " + username);
}
-
if (!authorizationIdFromClient.isEmpty() && !authorizationIdFromClient.equals(username))
throw new SaslAuthenticationException("Authentication failed: Client requested an authorization id that is different from username");
@Override
public String getAuthorizationID() {
if (!complete)
- throw new IllegalStateException("Authentication exchange has not completed");
+ throw new IllegalStateException(AUTH_EXC_NOT_COMPLETE);
return authorizationId;
}
@Override
public Object getNegotiatedProperty(String propName) {
if (!complete)
- throw new IllegalStateException("Authentication exchange has not completed");
+ throw new IllegalStateException(AUTH_EXC_NOT_COMPLETE);
return null;
}
@Override
public byte[] unwrap(byte[] incoming, int offset, int len) {
if (!complete)
- throw new IllegalStateException("Authentication exchange has not completed");
+ throw new IllegalStateException(AUTH_EXC_NOT_COMPLETE);
return Arrays.copyOfRange(incoming, offset, offset + len);
}
@Override
public byte[] wrap(byte[] outgoing, int offset, int len) {
if (!complete)
- throw new IllegalStateException("Authentication exchange has not completed");
+ throw new IllegalStateException(AUTH_EXC_NOT_COMPLETE);
return Arrays.copyOfRange(outgoing, offset, offset + len);
}
@Override
public void dispose() {
+ // TODO Auto-generate method stub
}
public static class PlainSaslServerFactory1 implements SaslServerFactory {
throws SaslException {
if (!PLAIN_MECHANISM.equals(mechanism))
- throw new SaslException(String.format("Mechanism \'%s\' is not supported. Only PLAIN is supported.", mechanism));
+ throw new SaslException(String.format("Mechanism '%s' is not supported. Only PLAIN is supported.", mechanism));
return new PlainSaslServer1();
}