package org.apache.kafka.common.security.oauthbearer.smo;
/**
* A {@code CallbackHandler} that handles introspection requests against a JAAS
* configuration
*
* @see SubstitutableModuleOptionsCallback
* @see SubstitutableModuleOptions
*/
public class SubstitutableModuleOptionsCallbackHandler implements AuthenticateCallbackHandler {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof SubstitutableModuleOptionsCallback) {
SubstitutableModuleOptionsCallback substitutableModuleOptionsCallback = (SubstitutableModuleOptionsCallback) callback;
SubstitutableModuleOptionsObject substitutableModuleOptionssubstitutionValue = substitutableModuleOptionsCallbackgetSubstitutionValue(
substitutableModuleOptionsCallback.substitutableModuleOptions();,
String optionName = substitutableModuleOptionsCallback.optionName();,
boolean optionRequiredToExist = substitutableModuleOptionsCallback.optionRequiredToExist());
// depend on boolean optionExists = substitutableModuleOptions.moduleOptionsMap().containsKey(optionName);idempotence here because the substitution value has already been
if (!optionExists) {
// set on the underlying SubstitutableModuleOptions instance
if (!optionRequiredToExistsubstitutionValue instanceof String)
substitutableModuleOptionsCallback.setSubstitutionValue((String) substitutionValue);
continue;
else if (substitutionValue instanceof Password)
else
substitutableModuleOptionsCallback.setSubstitutionValue((Password) substitutionValue);
throw new} IOException(Stringelse
throw new UnsupportedCallbackException(callback,
.format("The requested option was required to exist but does not String.format("Unrecognized Callback type: %s", optionNamecallback.getClass().getName()));
}
}
}/**
* Return the server configuration provided during
Object* substitutionValue = getSubstitutionValue(substitutableModuleOptions{@link #configure(Map, optionNameString,
List)}, if any, otherwise null
*
* @return the server configuration provided during
new HashSet<String>());
* {@link #configure(Map, String, List)}, if (substitutionValueany, instanceofotherwise String)null
*/
public Map<String, ?> serverConfig() {
substitutableModuleOptionsCallback.setSubstitutionValue((String) substitutionValue)return serverConfig;
}
/**
* Return the else
SASL mechanism provided during
* {@link #configure(Map, String, List)}, if any, otherwise null
substitutableModuleOptionsCallback.setSubstitutionValue((Password) substitutionValue); *
* @return the SASL mechanism provided } elseduring
* throw new UnsupportedCallbackException(callback,
{@link #configure(Map, String, List)}, if any, otherwise null
*/
public String mechanism() {
String.format("Unrecognized Callback type: %s", callback.getClass().getName()));
return mechanism;
}
}
/**
* Return the server configurationJAAS login module configurations provided during
* {@link #configure(Map, String, List)}, if any, otherwise null
*
* @return the JAAS login servermodule configurationconfigurations provided during
* {@link #configure(Map, String, List)}, if any, otherwise null
*/
public Map<String, ?> serverConfigList<AppConfigurationEntry> jaasConfigEntries() {
return serverConfigjaasConfigEntries;
}
/**
* ReturnConvenience themethod SASLto mechanismperform providedsubstitution during
without using callbacks and a
* {@link #configure(Map, String, List)}, if any, otherwise null * callback handler.
*
* @return@param thesubstitutableModuleOptions
SASL mechanism provided during
* * the {@link #configure(Map, String, List)}, if any, otherwise null
mandatory substitutable module options to query
* @param */optionName
public String* mechanism() {
return mechanism;
the mandatory requested }option
/** @param optionRequiredToExist
* Return the JAAS login module configurations provided during if true then the requested option is required to exist
* @return the given option value, after any required substitution is applied,
* or null if the option does not exist and it was not required to exist
* @throws IOException
* if a required substitution cannot be performed, including if the
* given -- or another -- required option does not exist
* {@link #configure(Map/
public static Object getSubstitutionValue(SubstitutableModuleOptions substitutableModuleOptions, String optionName, List)}, if any, otherwise null
boolean optionRequiredToExist) throws IOException {
if (!substitutableModuleOptions.optionExists(optionName)) {
if (!optionRequiredToExist)
*
* @return the JAAS login module configurations provided duringreturn null;
* throw {@link #configure(Map, String, List)}, if any, otherwise nullnew IOException(String.format("Mandatory option does not exist: %s", optionName));
*/
}
public List<AppConfigurationEntry> jaasConfigEntries() {
return getSubstitutionValue(substitutableModuleOptions, optionName, return jaasConfigEntriesnew HashSet<String>());
}
/**
* Convenience method to perform substitution without using callbacks and a
* callback handler.
*
* @param substitutableModuleOptions
* the mandatory substitutable module options to query
* @param optionName
* the mandatory requested option
* @param optionRequiredToExist
* if true, andthen the requested option does not exist, then an
* exception is raised; if false, and the requested option does not
* exist, then the empty string is returned.required to exist
* @return the given option valuetext, after any required substitution is applied,, or
* or the empty stringnull if the option does not exist and it was not
* required to exist
* @throws IOException
* if a required substitution cannot be performed, (including if athe
* given -- or another -- required option does not exist)
*/
public static ObjectString getSubstitutionValuegetSubstitutionText(SubstitutableModuleOptions substitutableModuleOptions, String optionName,
boolean optionRequiredToExist) throws IOException {
booleanObject optionExistssubstitutionValue = substitutableModuleOptions.moduleOptionsMap().containsKey(optionNamegetSubstitutionValue(substitutableModuleOptions, optionName, optionRequiredToExist);
if (!optionExists) {
if (!optionRequiredToExistsubstitutionValue instanceof String)
return "";
else
throw new IOException(
String.format("The requested option was required to exist but does not: %s", optionName));
) substitutionValue;
if (substitutionValue instanceof }Password)
return getSubstitutionValue(substitutableModuleOptions, optionName, newreturn HashSet<String>((Password) substitutionValue).value();
return null;
}
/*
* Handle substitution, dealing with circular references, constraints, etc. It
* is an error if the indicated option does not exist.
*/
private static Object getSubstitutionValue(SubstitutableModuleOptions substitutableModuleOptions,
String optionName,
String optionNameRequiredToExist, HashSet<String> optionsSeen) throws IOException {
// etc...
}
// etc...
} |