2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
18 package org
.apache
.hadoop
.hbase
.security
;
20 import java
.io
.ByteArrayInputStream
;
21 import java
.io
.DataInputStream
;
22 import java
.io
.IOException
;
24 import java
.util
.Optional
;
26 import javax
.security
.sasl
.Sasl
;
27 import javax
.security
.sasl
.SaslException
;
28 import javax
.security
.sasl
.SaslServer
;
30 import org
.apache
.hadoop
.hbase
.security
.provider
.AttemptingUserProvidingSaslServer
;
31 import org
.apache
.hadoop
.hbase
.security
.provider
.SaslServerAuthenticationProvider
;
32 import org
.apache
.hadoop
.security
.UserGroupInformation
;
33 import org
.apache
.hadoop
.security
.token
.SecretManager
;
34 import org
.apache
.hadoop
.security
.token
.SecretManager
.InvalidToken
;
35 import org
.apache
.hadoop
.security
.token
.TokenIdentifier
;
36 import org
.apache
.yetus
.audience
.InterfaceAudience
;
39 * A utility class that encapsulates SASL logic for RPC server. Copied from
40 * <code>org.apache.hadoop.security</code>
42 @InterfaceAudience.Private
43 public class HBaseSaslRpcServer
{
45 private final AttemptingUserProvidingSaslServer serverWithProvider
;
46 private final SaslServer saslServer
;
48 public HBaseSaslRpcServer(SaslServerAuthenticationProvider provider
,
49 Map
<String
, String
> saslProps
, SecretManager
<TokenIdentifier
> secretManager
)
51 serverWithProvider
= provider
.createServer(secretManager
, saslProps
);
52 saslServer
= serverWithProvider
.getServer();
55 public boolean isComplete() {
56 return saslServer
.isComplete();
59 public byte[] evaluateResponse(byte[] response
) throws SaslException
{
60 return saslServer
.evaluateResponse(response
);
63 /** Release resources used by wrapped saslServer */
64 public void dispose() {
65 SaslUtil
.safeDispose(saslServer
);
68 public String
getAttemptingUser() {
69 Optional
<UserGroupInformation
> optionalUser
= serverWithProvider
.getAttemptingUser();
70 if (optionalUser
.isPresent()) {
71 optionalUser
.get().toString();
76 public byte[] wrap(byte[] buf
, int off
, int len
) throws SaslException
{
77 return saslServer
.wrap(buf
, off
, len
);
80 public byte[] unwrap(byte[] buf
, int off
, int len
) throws SaslException
{
81 return saslServer
.unwrap(buf
, off
, len
);
84 public String
getNegotiatedQop() {
85 return (String
) saslServer
.getNegotiatedProperty(Sasl
.QOP
);
88 public String
getAuthorizationID() {
89 return saslServer
.getAuthorizationID();
92 public static <T
extends TokenIdentifier
> T
getIdentifier(String id
,
93 SecretManager
<T
> secretManager
) throws InvalidToken
{
94 byte[] tokenId
= SaslUtil
.decodeIdentifier(id
);
95 T tokenIdentifier
= secretManager
.createIdentifier();
97 tokenIdentifier
.readFields(new DataInputStream(new ByteArrayInputStream(tokenId
)));
98 } catch (IOException e
) {
99 throw (InvalidToken
) new InvalidToken("Can't de-serialize tokenIdentifier").initCause(e
);
101 return tokenIdentifier
;
