com.denismo.aws.iam.IAMPasswordValidator.java Source code

Java tutorial

Introduction

Here is the source code for com.denismo.aws.iam.IAMPasswordValidator.java

Source

/*
 * Copyright (c) 2013 Denis Mikhalkin.
 *
 * This software is provided to you under the Apache License,
 * Version 2.0 (the "License"); you may not use this file except
 * in compliance with the License.  You may obtain a copy of the
 * License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package com.denismo.aws.iam;

import com.amazonaws.AmazonClientException;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapAuthenticationException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * User: Denis Mikhalkin
 * Date: 30/03/13
 * Time: 10:40 PM
 */
public class IAMPasswordValidator {
    private static final Logger LOG = LoggerFactory.getLogger(IAMPasswordValidator.class);

    public boolean verifyIAMPassword(Entry user, String pw)
            throws LdapInvalidAttributeValueException, LdapAuthenticationException {
        boolean role = false;
        AWSCredentials creds;
        if (isRole(user)) {
            role = true;
            String[] parts = pw.split("\\|");
            if (parts == null || parts.length < 3)
                throw new LdapAuthenticationException();
            creds = new BasicSessionCredentials(parts[0], parts[1], parts[2]);
        } else {
            creds = new BasicAWSCredentials(user.get("accessKey").getString(), pw);
        }
        LOG.debug("Verifying {} {} with accessKey <hidden> and secretKey <hidden>", role ? "role" : "user",
                user.get("uid").getString());
        AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(creds);
        try {
            client.getAccountSummary();
        } catch (AmazonClientException e) {
            System.err.println(e.getMessage());
            return false;
        } finally {
            client.shutdown();
        }
        return true;
    }

    private boolean isRole(Entry user) {
        return user.hasObjectClass("iamrole");
    }
}