provides first draft implementation of AuthMetadataFlyweight

right now it supports encoding only

Signed-off-by: Oleh Dokuka <[email protected]>

Author: OlegDokuka

rsocket-core/src/main/java/io/rsocket/metadata/security/AuthMetadataFlyweight.java

@@ -0,0 +1,155 @@
+package io.rsocket.metadata.security;
+
+import io.netty.buffer.ByteBuf;
+import io.netty.buffer.ByteBufAllocator;
+import io.netty.buffer.ByteBufUtil;
+import io.rsocket.buffer.TupleByteBuf;
+import io.rsocket.util.CharByteBufUtil;
+
+public class AuthMetadataFlyweight {
+
+  static final int STREAM_METADATA_KNOWN_MASK = 0x80; // 1000 0000
+  static final byte STREAM_METADATA_LENGTH_MASK = 0x7F; // 0111 1111
+
+  static final int USERNAME_BYTES_LENGTH = 1;
+  static final int AUTH_TYPE_ID_LENGTH = 1;
+
+  private AuthMetadataFlyweight() {}
+
+  /**
+   * Encode a Authentication CompositeMetadata payload using custom authentication type
+   *
+   * @throws IllegalArgumentException if customAuthType is non US_ASCII string if customAuthType is
+   *     empty string if customAuthType is has length greater than 128 bytes
+   * @param allocator the {@link ByteBufAllocator} to use to create intermediate buffers as needed.
+   * @param customAuthType the custom mime type to encode.
+   * @param metadata the metadata value to encode.
+   */
+  public static ByteBuf encodeMetadata(
+      ByteBufAllocator allocator, String customAuthType, ByteBuf metadata) {
+
+    int actualASCIILength = ByteBufUtil.utf8Bytes(customAuthType);
+    if (actualASCIILength != customAuthType.length()) {
+      metadata.release();
+      throw new IllegalArgumentException("custom auth type must be US_ASCII characters only");
+    }
+    if (actualASCIILength < 1 || actualASCIILength > 128) {
+      metadata.release();
+      throw new IllegalArgumentException(
+          "custom auth type must have a strictly positive length that fits on 7 unsigned bits, ie 1-128");
+    }
+
+    int capacity = 1 + actualASCIILength;
+    ByteBuf headerBuffer = allocator.buffer(capacity, capacity);
+    // encoded length is one less than actual length, since 0 is never a valid length, which gives
+    // wider representation range
+    headerBuffer.writeByte(actualASCIILength - 1);
+
+    ByteBufUtil.reserveAndWriteUtf8(headerBuffer, customAuthType, actualASCIILength);
+
+    return TupleByteBuf.of(allocator, headerBuffer, metadata);
+  }
+
+  /**
+   * Encode a Authentication CompositeMetadata payload using custom authentication type
+   *
+   * @throws IllegalArgumentException if customAuthType is non US_ASCII string if customAuthType is
+   *     empty string if customAuthType is has length greater than 128 bytes
+   * @param allocator the {@link ByteBufAllocator} to use to create intermediate buffers as needed.
+   * @param authType the custom mime type to encode.
+   * @param metadata the metadata value to encode.
+   */
+  public static ByteBuf encodeMetadata(
+      ByteBufAllocator allocator, WellKnownAuthType authType, ByteBuf metadata) {
+
+    if (authType == WellKnownAuthType.UNPARSEABLE_AUTH_TYPE
+        || authType == WellKnownAuthType.UNKNOWN_RESERVED_AUTH_TYPE) {
+      metadata.release();
+      throw new IllegalArgumentException("only allowed AuthType should be used");
+    }
+
+    int capacity = AUTH_TYPE_ID_LENGTH;
+    ByteBuf headerBuffer =
+        allocator
+            .buffer(capacity, capacity)
+            .writeByte(authType.getIdentifier() | STREAM_METADATA_KNOWN_MASK);
+
+    return TupleByteBuf.of(allocator, headerBuffer, metadata);
+  }
+
+  /**
+   * Encode a Authentication CompositeMetadata payload using Simple Authentication format
+   *
+   * @throws IllegalArgumentException if username length is greater than 128
+   * @param allocator the {@link ByteBufAllocator} to use to create intermediate buffers as needed.
+   * @param username the char sequence which represents user name.
+   * @param password the char sequence which represents user password.
+   */
+  public static ByteBuf encodeSimpleMetadata(
+      ByteBufAllocator allocator, char[] username, char[] password) {
+
+    int usernameLength = CharByteBufUtil.utf8Bytes(username);
+    if (usernameLength > 128) {
+      throw new IllegalArgumentException(
+          "Username should be shorter than or equal to 128 bytes length in UTF-8 encoding");
+    }
+
+    int passwordLength = CharByteBufUtil.utf8Bytes(password);
+    int capacity = AUTH_TYPE_ID_LENGTH + USERNAME_BYTES_LENGTH + usernameLength + passwordLength;
+    final ByteBuf buffer =
+        allocator
+            .buffer(capacity, capacity)
+            .writeByte(WellKnownAuthType.SIMPLE.getIdentifier() | STREAM_METADATA_KNOWN_MASK)
+            .writeByte(usernameLength);
+
+    CharByteBufUtil.writeUtf8(buffer, username);
+    CharByteBufUtil.writeUtf8(buffer, password);
+
+    return buffer;
+  }
+
+  /**
+   * Encode a Authentication CompositeMetadata payload using Bearer Authentication format
+   *
+   * @param allocator the {@link ByteBufAllocator} to use to create intermediate buffers as needed.
+   * @param token the char sequence which represents BEARER token.
+   */
+  public static ByteBuf encodeBearerMetadata(ByteBufAllocator allocator, char[] token) {
+
+    int tokenLength = CharByteBufUtil.utf8Bytes(token);
+    int capacity = AUTH_TYPE_ID_LENGTH + tokenLength;
+    final ByteBuf buffer =
+        allocator
+            .buffer(capacity, capacity)
+            .writeByte(WellKnownAuthType.BEARER.getIdentifier() | STREAM_METADATA_KNOWN_MASK);
+
+    CharByteBufUtil.writeUtf8(buffer, token);
+
+    return buffer;
+  }
+
+  /**
+   * Encode a new Authentication Metadata payload information, first verifying if the passed {@link
+   * String} matches a {@link WellKnownAuthType} (in which case it will be encoded in a compressed
+   * fashion using the mime id of that type).
+   *
+   * <p>Prefer using {@link #encodeMetadata(ByteBufAllocator, String, ByteBuf)} if you already know
+   * that the mime type is not a {@link WellKnownAuthType}.
+   *
+   * @param allocator the {@link ByteBufAllocator} to use to create intermediate buffers as needed.
+   * @param authType the mime type to encode, as a {@link String}. well known mime types are
+   *     compressed.
+   * @param metadata the metadata value to encode.
+   * @see #encodeMetadata(ByteBufAllocator, WellKnownAuthType, ByteBuf)
+   * @see #encodeMetadata(ByteBufAllocator, String, ByteBuf)
+   */
+  public static ByteBuf encodeMetadataWithCompression(
+      ByteBufAllocator allocator, String authType, ByteBuf metadata) {
+    WellKnownAuthType wkn = WellKnownAuthType.fromString(authType);
+    if (wkn == WellKnownAuthType.UNPARSEABLE_AUTH_TYPE) {
+      return AuthMetadataFlyweight.encodeMetadata(allocator, authType, metadata);
+    } else {
+      return AuthMetadataFlyweight.encodeMetadata(allocator, wkn, metadata);
+    }
+  }
+}

rsocket-core/src/main/java/io/rsocket/metadata/security/WellKnownAuthType.java

@@ -0,0 +1,121 @@
+/*
+ * Copyright 2015-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.rsocket.metadata.security;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Enumeration of Well Known Auth Types, as defined in the eponymous extension. Such auth types are
+ * used in composite metadata (which can include routing and/or tracing metadata). Per
+ * specification, identifiers are between 0 and 127 (inclusive).
+ */
+public enum WellKnownAuthType {
+  UNPARSEABLE_AUTH_TYPE("UNPARSEABLE_AUTH_TYPE_DO_NOT_USE", (byte) -2),
+  UNKNOWN_RESERVED_AUTH_TYPE("UNKNOWN_YET_RESERVED_DO_NOT_USE", (byte) -1),
+
+  SIMPLE("simple", (byte) 0x00),
+  BEARER("bearer", (byte) 0x01);
+  // ... reserved for future use ...
+
+  static final WellKnownAuthType[] TYPES_BY_AUTH_ID;
+  static final Map<String, WellKnownAuthType> TYPES_BY_AUTH_STRING;
+
+  static {
+    // precompute an array of all valid auth ids, filling the blanks with the RESERVED enum
+    TYPES_BY_AUTH_ID = new WellKnownAuthType[128]; // 0-127 inclusive
+    Arrays.fill(TYPES_BY_AUTH_ID, UNKNOWN_RESERVED_AUTH_TYPE);
+    // also prepare a Map of the types by auth string
+    TYPES_BY_AUTH_STRING = new HashMap<>(128);
+
+    for (WellKnownAuthType value : values()) {
+      if (value.getIdentifier() >= 0) {
+        TYPES_BY_AUTH_ID[value.getIdentifier()] = value;
+        TYPES_BY_AUTH_STRING.put(value.getString(), value);
+      }
+    }
+  }
+
+  private final byte identifier;
+  private final String str;
+
+  WellKnownAuthType(String str, byte identifier) {
+    this.str = str;
+    this.identifier = identifier;
+  }
+
+  /**
+   * Find the {@link WellKnownAuthType} for the given identifier (as an {@code int}). Valid
+   * identifiers are defined to be integers between 0 and 127, inclusive. Identifiers outside of
+   * this range will produce the {@link #UNPARSEABLE_AUTH_TYPE}. Additionally, some identifiers in
+   * that range are still only reserved and don't have a type associated yet: this method returns
+   * the {@link #UNKNOWN_RESERVED_AUTH_TYPE} when passing such an identifier, which lets call sites
+   * potentially detect this and keep the original representation when transmitting the associated
+   * metadata buffer.
+   *
+   * @param id the looked up identifier
+   * @return the {@link WellKnownAuthType}, or {@link #UNKNOWN_RESERVED_AUTH_TYPE} if the id is out
+   *     of the specification's range, or {@link #UNKNOWN_RESERVED_AUTH_TYPE} if the id is one that
+   *     is merely reserved but unknown to this implementation.
+   */
+  public static WellKnownAuthType fromIdentifier(int id) {
+    if (id < 0x00 || id > 0x7F) {
+      return UNPARSEABLE_AUTH_TYPE;
+    }
+    return TYPES_BY_AUTH_ID[id];
+  }
+
+  /**
+   * Find the {@link WellKnownAuthType} for the given {@link String} representation. If the
+   * representation is {@code null} or doesn't match a {@link WellKnownAuthType}, the {@link
+   * #UNPARSEABLE_AUTH_TYPE} is returned.
+   *
+   * @param authType the looked up auth type
+   * @return the matching {@link WellKnownAuthType}, or {@link #UNPARSEABLE_AUTH_TYPE} if none
+   *     matches
+   */
+  public static WellKnownAuthType fromString(String authType) {
+    if (authType == null) throw new IllegalArgumentException("type must be non-null");
+
+    // force UNPARSEABLE if by chance UNKNOWN_RESERVED_AUTH_TYPE's text has been used
+    if (authType.equals(UNKNOWN_RESERVED_AUTH_TYPE.str)) {
+      return UNPARSEABLE_AUTH_TYPE;
+    }
+
+    return TYPES_BY_AUTH_STRING.getOrDefault(authType, UNPARSEABLE_AUTH_TYPE);
+  }
+
+  /** @return the byte identifier of the auth type, guaranteed to be positive or zero. */
+  public byte getIdentifier() {
+    return identifier;
+  }
+
+  /**
+   * @return the auth type represented as a {@link String}, which is made of US_ASCII compatible
+   *     characters only
+   */
+  public String getString() {
+    return str;
+  }
+
+  /** @see #getString() */
+  @Override
+  public String toString() {
+    return str;
+  }
+}