1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase.security;
20
21 import org.apache.commons.codec.binary.Base64;
22 import org.apache.hadoop.hbase.classification.InterfaceAudience;
23
24 import java.util.Map;
25 import java.util.TreeMap;
26
27 import javax.security.sasl.Sasl;
28
29 import org.apache.commons.codec.binary.Base64;
30 import org.apache.commons.logging.Log;
31 import org.apache.commons.logging.LogFactory;
32 import org.apache.hadoop.hbase.classification.InterfaceAudience;
33
34 @InterfaceAudience.Private
35 public class SaslUtil {
36 private static final Log log = LogFactory.getLog(SaslUtil.class);
37 public static final String SASL_DEFAULT_REALM = "default";
38 public static final int SWITCH_TO_SIMPLE_AUTH = -88;
39
40 public enum QualityOfProtection {
41 AUTHENTICATION("auth"),
42 INTEGRITY("auth-int"),
43 PRIVACY("auth-conf");
44
45 private final String saslQop;
46
47 QualityOfProtection(String saslQop) {
48 this.saslQop = saslQop;
49 }
50
51 public String getSaslQop() {
52 return saslQop;
53 }
54
55 public boolean matches(String stringQop) {
56 if (saslQop.equals(stringQop)) {
57 log.warn("Use authentication/integrity/privacy as value for rpc protection "
58 + "configurations instead of auth/auth-int/auth-conf.");
59 return true;
60 }
61 return name().equalsIgnoreCase(stringQop);
62 }
63 }
64
65
66 public static String[] splitKerberosName(String fullName) {
67 return fullName.split("[/@]");
68 }
69
70 static String encodeIdentifier(byte[] identifier) {
71 return new String(Base64.encodeBase64(identifier));
72 }
73
74 static byte[] decodeIdentifier(String identifier) {
75 return Base64.decodeBase64(identifier.getBytes());
76 }
77
78 static char[] encodePassword(byte[] password) {
79 return new String(Base64.encodeBase64(password)).toCharArray();
80 }
81
82
83
84
85
86
87 public static QualityOfProtection getQop(String stringQop) {
88 for (QualityOfProtection qop : QualityOfProtection.values()) {
89 if (qop.matches(stringQop)) {
90 return qop;
91 }
92 }
93 throw new IllegalArgumentException("Invalid qop: " + stringQop
94 + ". It must be one of 'authentication', 'integrity', 'privacy'.");
95 }
96
97
98
99
100
101 static Map<String, String> initSaslProperties(String rpcProtection) {
102 String saslQop;
103 if (rpcProtection.isEmpty()) {
104 saslQop = QualityOfProtection.AUTHENTICATION.getSaslQop();
105 } else {
106 String[] qops = rpcProtection.split(",");
107 StringBuilder saslQopBuilder = new StringBuilder();
108 for (int i = 0; i < qops.length; ++i) {
109 QualityOfProtection qop = getQop(qops[i]);
110 saslQopBuilder.append(",").append(qop.getSaslQop());
111 }
112 saslQop = saslQopBuilder.substring(1);
113 }
114 Map<String, String> saslProps = new TreeMap<>();
115 saslProps.put(Sasl.QOP, saslQop);
116 saslProps.put(Sasl.SERVER_AUTH, "true");
117 return saslProps;
118 }
119 }