storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/pkg/event/target/kafka_scram_client.go

storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/pkg/event/target/kafka_scram_client.go (about)

     1  /*
     2   * MinIO Cloud Storage, (C) 2020 MinIO, Inc.
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   */
    16  
    17  package target
    18  
    19  import (
    20  	"crypto/sha256"
    21  	"crypto/sha512"
    22  
    23  	"github.com/xdg/scram"
    24  )
    25  
    26  // KafkaSHA256 is a function that returns a crypto/sha256 hasher and should be used
    27  // to create Client objects configured for SHA-256 hashing.
    28  var KafkaSHA256 scram.HashGeneratorFcn = sha256.New
    29  
    30  // KafkaSHA512 is a function that returns a crypto/sha512 hasher and should be used
    31  // to create Client objects configured for SHA-512 hashing.
    32  var KafkaSHA512 scram.HashGeneratorFcn = sha512.New
    33  
    34  // XDGSCRAMClient implements the client-side of an authentication
    35  // conversation with a server.  A new conversation must be created for
    36  // each authentication attempt.
    37  type XDGSCRAMClient struct {
    38  	*scram.Client
    39  	*scram.ClientConversation
    40  	scram.HashGeneratorFcn
    41  }
    42  
    43  // Begin constructs a SCRAM client component based on a given hash.Hash
    44  // factory receiver.  This constructor will normalize the username, password
    45  // and authzID via the SASLprep algorithm, as recommended by RFC-5802.  If
    46  // SASLprep fails, the method returns an error.
    47  func (x *XDGSCRAMClient) Begin(userName, password, authzID string) (err error) {
    48  	x.Client, err = x.HashGeneratorFcn.NewClient(userName, password, authzID)
    49  	if err != nil {
    50  		return err
    51  	}
    52  	x.ClientConversation = x.Client.NewConversation()
    53  	return nil
    54  }
    55  
    56  // Step takes a string provided from a server (or just an empty string for the
    57  // very first conversation step) and attempts to move the authentication
    58  // conversation forward.  It returns a string to be sent to the server or an
    59  // error if the server message is invalid.  Calling Step after a conversation
    60  // completes is also an error.
    61  func (x *XDGSCRAMClient) Step(challenge string) (response string, err error) {
    62  	response, err = x.ClientConversation.Step(challenge)
    63  	return
    64  }
    65  
    66  // Done returns true if the conversation is completed or has errored.
    67  func (x *XDGSCRAMClient) Done() bool {
    68  	return x.ClientConversation.Done()
    69  }