View Javadoc

1   /**
2    *
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *     http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing, software
14   * distributed under the License is distributed on an "AS IS" BASIS,
15   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16   * See the License for the specific language governing permissions and
17   * limitations under the License.
18   */
19  package org.apache.hadoop.hbase.security;
20  
21  import org.apache.commons.codec.binary.Base64;
22  import org.apache.hadoop.classification.InterfaceAudience;
23  
24  import java.util.Map;
25  import java.util.TreeMap;
26  
27  import javax.security.sasl.Sasl;
28  
29  @InterfaceAudience.Private
30  public class SaslUtil {
31    public static final String SASL_DEFAULT_REALM = "default";
32    public static final Map<String, String> SASL_PROPS =
33        new TreeMap<String, String>();
34    public static final int SWITCH_TO_SIMPLE_AUTH = -88;
35  
36    public static enum QualityOfProtection {
37      AUTHENTICATION("auth"),
38      INTEGRITY("auth-int"),
39      PRIVACY("auth-conf");
40  
41      public final String saslQop;
42  
43      private QualityOfProtection(String saslQop) {
44        this.saslQop = saslQop;
45      }
46  
47      public String getSaslQop() {
48        return saslQop;
49      }
50    }
51  
52    /** Splitting fully qualified Kerberos name into parts */
53    public static String[] splitKerberosName(String fullName) {
54      return fullName.split("[/@]");
55    }
56  
57    static String encodeIdentifier(byte[] identifier) {
58      return new String(Base64.encodeBase64(identifier));
59    }
60  
61    static byte[] decodeIdentifier(String identifier) {
62      return Base64.decodeBase64(identifier.getBytes());
63    }
64  
65    static char[] encodePassword(byte[] password) {
66      return new String(Base64.encodeBase64(password)).toCharArray();
67    }
68  
69    static void initSaslProperties(String rpcProtection) {
70      QualityOfProtection saslQOP = QualityOfProtection.AUTHENTICATION;
71      if (QualityOfProtection.INTEGRITY.name().toLowerCase()
72          .equals(rpcProtection)) {
73        saslQOP = QualityOfProtection.INTEGRITY;
74      } else if (QualityOfProtection.PRIVACY.name().toLowerCase().equals(
75          rpcProtection)) {
76        saslQOP = QualityOfProtection.PRIVACY;
77      }
78  
79      SaslUtil.SASL_PROPS.put(Sasl.QOP, saslQOP.getSaslQop());
80      SaslUtil.SASL_PROPS.put(Sasl.SERVER_AUTH, "true");
81    }
82  }