delete all credential info

2021-09-07 20:51:36 +08:00
parent 9e01d244f9
commit 8f0bfb72a2
7 changed files with 55 additions and 14 deletions
--- a/src/main/java/com/xuxd/kafka/console/service/impl/AclServiceImpl.java
+++ b/src/main/java/com/xuxd/kafka/console/service/impl/AclServiceImpl.java
@@ -199,8 +199,10 @@ public class AclServiceImpl implements AclService, SmartInitializingSingleton {
            vo.setConsistencyDescription("Password is null.");
        } else {
            vo.setPassword(dos.stream().findFirst().get().getPassword());
+            // check for consistency.
+            boolean consistent = configConsole.isPassConsistent(username, vo.getPassword());
+            vo.setConsistencyDescription(consistent ? "Consistent" : "Password is not consistent.");
        }
-        // check for consistency.

        return ResponseData.create().data(vo).success();
    }
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -26,13 +26,14 @@ spring:
    name: kafka-console-ui
  # h2 database
  datasource:
-#    url: jdbc:h2:file:/data/demo
-    url: jdbc:h2:mem:testdb
+    url: jdbc:h2:file:${data.dir:${user.dir}}/data/db/kafak-console
+#    url: jdbc:h2:mem:testdb
    driver-class-name: org.h2.Driver
-    username: sa
-    password: password
+    username: kafka
+    password: 1234567890
    schema: classpath:db/schema-h2.sql
 #    data: classpath:db/data-h2.sql
+    initialization-mode: always
  h2:
    console:
      enabled: true
--- a/src/main/resources/db/schema-h2.sql
+++ b/src/main/resources/db/schema-h2.sql
@@ -1,6 +1,6 @@
 -- DROP TABLE IF EXISTS T_KAKFA_USER;

-CREATE TABLE if not exists T_KAFKA_USER
+CREATE TABLE IF NOT EXISTS T_KAFKA_USER
 (
    ID IDENTITY NOT NULL COMMENT '主键ID',
    USERNAME VARCHAR(50) NOT NULL DEFAULT '' COMMENT '姓名',
@@ -8,5 +8,4 @@ CREATE TABLE if not exists T_KAFKA_USER
    UPDATE_TIME TIMESTAMP NOT  NULL DEFAULT NOW() COMMENT '更新时间',
    PRIMARY KEY (ID),
    UNIQUE (USERNAME)
-);
-
+);
--- a/src/main/scala/kafka/console/KafkaConfigConsole.scala
+++ b/src/main/scala/kafka/console/KafkaConfigConsole.scala
@@ -1,5 +1,6 @@
 package kafka.console

+import java.security.MessageDigest
 import java.util
 import java.util.concurrent.TimeUnit
 import java.util.{Properties, Set}
@@ -10,6 +11,8 @@ import kafka.utils.Implicits.PropertiesOps
 import org.apache.kafka.clients.admin._
 import org.apache.kafka.common.security.scram.internals.{ScramCredentialUtils, ScramFormatter}

+import scala.jdk.CollectionConverters.{CollectionHasAsScala, DictionaryHasAsScala, SeqHasAsJava}
+
 /**
 * kafka-console-ui.
 *
@@ -69,12 +72,41 @@ class KafkaConfigConsole(config: KafkaConfig) extends KafkaConsole(config: Kafka
        }).asInstanceOf[Boolean]
    }

+    /**
+     * password consistency check.
+     * return true: is consistent, or not.
+     */
+    def isPassConsistent(username: String, password: String): Boolean = {
+        withZKClient(zkClient => {
+            val entityConfig = zkClient.fetchEntityConfig(ConfigType.User, username)
+            log.info(entityConfig.toString)
+            var res: Boolean = false
+            entityConfig.asScala.foreach(e => {
+                val credential = ScramCredentialUtils.credentialFromString(e._2.asInstanceOf[String])
+                val scramFormatter = new ScramFormatter(org.apache.kafka.common.security.scram.internals.ScramMechanism.forMechanismName(e._1.asInstanceOf[String]))
+                val saltPassword = scramFormatter.saltedPassword(password, credential.salt(), credential.iterations())
+                val expectStoredKey = credential.storedKey()
+                val computedStoredKey = scramFormatter.storedKey(scramFormatter.clientKey(saltPassword))
+                res |= MessageDigest.isEqual(expectStoredKey, computedStoredKey)
+            })
+            res
+        }).asInstanceOf[Boolean]
+    }
+
    def deleteUser(name: String): (Boolean, String) = {
        withAdminClient(adminClient => {
            try {
-                adminClient.alterUserScramCredentials(util.Arrays.asList(
-                    new UserScramCredentialDeletion(name, ScramMechanism.fromMechanismName(config.getSaslMechanism))))
-                    .all().get(3000, TimeUnit.MILLISECONDS)
+                //                adminClient.alterUserScramCredentials(util.Arrays.asList(
+                //                    new UserScramCredentialDeletion(name, ScramMechanism.fromMechanismName(config.getSaslMechanism))))
+                //                    .all().get(3000, TimeUnit.MILLISECONDS)
+                // all delete
+                val userDetail = getUserDetailList(util.Collections.singletonList(name))
+                userDetail.values().asScala.foreach(u => {
+                    adminClient.alterUserScramCredentials(u.credentialInfos().asScala.map(s => new UserScramCredentialDeletion(u.name(), s.mechanism())
+                        .asInstanceOf[UserScramCredentialAlteration]).toList.asJava)
+                        .all().get(3000, TimeUnit.MILLISECONDS)
+                })
+
                (true, null)
            } catch {
                case ex: Exception => log.error("deleteUser error", ex)