ARTEMIS-5316 XOAUTH2 SASL mechanism for broker connection

artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java

@@ -142,6 +142,8 @@ public class TransportConstants {
 
    public static final String TRUST_MANAGER_FACTORY_PLUGIN_PROP_NAME = "trustManagerFactoryPlugin";
 
+   public static final String AMQP_SASL_MECHANISM = "amqp.saslMechanisms";
+
    public static final String NETTY_VERSION;
 
    /**
@@ -536,6 +538,7 @@ private static int parseDefaultVariable(String variableName, int defaultValue) {
       allowableConnectorKeys.add(TransportConstants.TRUST_MANAGER_FACTORY_PLUGIN_PROP_NAME);
       allowableConnectorKeys.add(TransportConstants.HANDSHAKE_TIMEOUT);
       allowableConnectorKeys.add(TransportConstants.CRL_PATH_PROP_NAME);
+      allowableConnectorKeys.add(TransportConstants.AMQP_SASL_MECHANISM);
 
       ALLOWABLE_CONNECTOR_KEYS = Collections.unmodifiableSet(allowableConnectorKeys);
 

artemis-protocols/artemis-amqp-protocol/src/main/java/org/apache/activemq/artemis/protocol/amqp/connect/AMQPBrokerConnection.java

@@ -99,6 +99,7 @@
 import org.apache.activemq.artemis.spi.core.security.scram.SCRAM;
 import org.apache.activemq.artemis.utils.ConfigurationHelper;
 import org.apache.activemq.artemis.utils.UUIDGenerator;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.qpid.proton.amqp.Symbol;
 import org.apache.qpid.proton.amqp.messaging.Source;
 import org.apache.qpid.proton.amqp.messaging.Target;
@@ -1129,6 +1130,7 @@ public void connectionReadyForWrites(Object connectionID, boolean ready) {
    private static final String EXTERNAL = "EXTERNAL";
    private static final String PLAIN = "PLAIN";
    private static final String ANONYMOUS = "ANONYMOUS";
+   private static final String XOAUTH2 = "XOAUTH2";
    private static final byte[] EMPTY = new byte[0];
 
    private static class PlainSASLMechanism implements ClientSASL {
@@ -1204,6 +1206,47 @@ public static boolean isApplicable(final NettyConnection connection) {
       }
    }
 
+   private static class XOAuth2SASLMechanism implements ClientSASL {
+
+      private final String userName;
+      private final String token;
+
+      public XOAuth2SASLMechanism(String userName, String token) {
+         this.userName = userName;
+         this.token = token;
+      }
+
+      @Override
+      public String getName() {
+         return XOAUTH2;
+      }
+
+      @Override
+      public byte[] getInitialResponse() {
+         String response = String.format("user=%s\u0001auth=Bearer %s\u0001\u0001", userName, token);
+         return response.getBytes(StandardCharsets.UTF_8);
+      }
+
+      @Override
+      public byte[] getResponse(byte[] challenge) {
+         return EMPTY;
+      }
+
+      public static boolean isApplicable(AMQPBrokerConnectConfiguration brokerConnectConfiguration, NettyConnection connection) {
+         Map<String, Object> params = connection.getConnectorConfig().getParams();
+         String amqpSaslMechanism = ConfigurationHelper.getStringProperty(TransportConstants.AMQP_SASL_MECHANISM, null, params);
+
+         if(!StringUtils.equalsIgnoreCase(amqpSaslMechanism, XOAUTH2)) {
+            return false;
+         }
+
+         String username = brokerConnectConfiguration.getUser();
+         String password = brokerConnectConfiguration.getPassword();
+
+         return username != null && username.length() > 0 && password != null && password.length() > 0;
+      }
+   }
+
    private static final class SaslFactory implements ClientSASLFactory {
 
       private final NettyConnection connection;
@@ -1230,6 +1273,11 @@ public ClientSASL chooseMechanism(String[] offeredMechanims) {
                }
             }
          }
+
+         if (availableMechanisms.contains(XOAUTH2) && XOAuth2SASLMechanism.isApplicable(brokerConnectConfiguration, connection)) {
+            return new XOAuth2SASLMechanism(brokerConnectConfiguration.getUser(), brokerConnectConfiguration.getPassword());
+         }
+
          if (availableMechanisms.contains(PLAIN) && PlainSASLMechanism.isApplicable(brokerConnectConfiguration.getUser(), brokerConnectConfiguration.getPassword())) {
             return new PlainSASLMechanism(brokerConnectConfiguration.getUser(), brokerConnectConfiguration.getPassword());
          }