View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  package org.apache.hadoop.hbase.security.visibility;
19  
20  import java.util.List;
21  import java.util.Map;
22  import java.util.Map.Entry;
23  
24  import com.google.protobuf.HBaseZeroCopyByteString;
25  import org.apache.hadoop.classification.InterfaceAudience;
26  import org.apache.hadoop.conf.Configuration;
27  import org.apache.hadoop.hbase.TagType;
28  import org.apache.hadoop.hbase.exceptions.DeserializationException;
29  import org.apache.hadoop.hbase.protobuf.ProtobufUtil;
30  import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.MultiUserAuthorizations;
31  import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.UserAuthorizations;
32  import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabel;
33  import org.apache.hadoop.hbase.protobuf.generated.VisibilityLabelsProtos.VisibilityLabelsRequest;
34  import org.apache.hadoop.hbase.util.Bytes;
35  import org.apache.hadoop.util.ReflectionUtils;
36  
37  import com.google.protobuf.InvalidProtocolBufferException;
38  
39  /**
40   * Utility method to support visibility
41   */
42  @InterfaceAudience.Private
43  public class VisibilityUtils {
44  
45    public static final String VISIBILITY_LABEL_GENERATOR_CLASS = 
46        "hbase.regionserver.scan.visibility.label.generator.class";
47    public static final byte VISIBILITY_TAG_TYPE = TagType.VISIBILITY_TAG_TYPE;
48    public static final String SYSTEM_LABEL = "system";
49  
50    /**
51     * Creates the labels data to be written to zookeeper.
52     * @param existingLabels
53     * @return Bytes form of labels and their ordinal details to be written to zookeeper.
54     */
55    public static byte[] getDataToWriteToZooKeeper(Map<String, Integer> existingLabels) {
56      VisibilityLabelsRequest.Builder visReqBuilder = VisibilityLabelsRequest.newBuilder();
57      for (Entry<String, Integer> entry : existingLabels.entrySet()) {
58        VisibilityLabel.Builder visLabBuilder = VisibilityLabel.newBuilder();
59        visLabBuilder.setLabel(HBaseZeroCopyByteString.wrap(Bytes.toBytes(entry.getKey())));
60        visLabBuilder.setOrdinal(entry.getValue());
61        visReqBuilder.addVisLabel(visLabBuilder.build());
62      }
63      return ProtobufUtil.prependPBMagic(visReqBuilder.build().toByteArray());
64    }
65  
66    /**
67     * Creates the user auth data to be written to zookeeper.
68     * @param userAuths
69     * @return Bytes form of user auths details to be written to zookeeper.
70     */
71    public static byte[] getUserAuthsDataToWriteToZooKeeper(Map<String, List<Integer>> userAuths) {
72      MultiUserAuthorizations.Builder builder = MultiUserAuthorizations.newBuilder();
73      for (Entry<String, List<Integer>> entry : userAuths.entrySet()) {
74        UserAuthorizations.Builder userAuthsBuilder = UserAuthorizations.newBuilder();
75        userAuthsBuilder.setUser(HBaseZeroCopyByteString.wrap(Bytes.toBytes(entry.getKey())));
76        for (Integer label : entry.getValue()) {
77          userAuthsBuilder.addAuth(label);
78        }
79        builder.addUserAuths(userAuthsBuilder.build());
80      }
81      return ProtobufUtil.prependPBMagic(builder.build().toByteArray());
82    }
83  
84    /**
85     * Reads back from the zookeeper. The data read here is of the form written by
86     * writeToZooKeeper(Map<byte[], Integer> entries).
87     * 
88     * @param data
89     * @return Labels and their ordinal details
90     * @throws DeserializationException
91     */
92    public static List<VisibilityLabel> readLabelsFromZKData(byte[] data)
93        throws DeserializationException {
94      if (ProtobufUtil.isPBMagicPrefix(data)) {
95        int pblen = ProtobufUtil.lengthOfPBMagic();
96        try {
97          VisibilityLabelsRequest request = VisibilityLabelsRequest.newBuilder()
98              .mergeFrom(data, pblen, data.length - pblen).build();
99          return request.getVisLabelList();
100       } catch (InvalidProtocolBufferException e) {
101         throw new DeserializationException(e);
102       }
103     }
104     return null;
105   }
106 
107   /**
108    * Reads back User auth data written to zookeeper.
109    * @param data
110    * @return User auth details
111    * @throws DeserializationException
112    */
113   public static MultiUserAuthorizations readUserAuthsFromZKData(byte[] data) 
114       throws DeserializationException {
115     if (ProtobufUtil.isPBMagicPrefix(data)) {
116       int pblen = ProtobufUtil.lengthOfPBMagic();
117       try {
118         MultiUserAuthorizations multiUserAuths = MultiUserAuthorizations.newBuilder()
119             .mergeFrom(data, pblen, data.length - pblen).build();
120         return multiUserAuths;
121       } catch (InvalidProtocolBufferException e) {
122         throw new DeserializationException(e);
123       }
124     }
125     return null;
126   }
127 
128   public static ScanLabelGenerator getScanLabelGenerator(Configuration conf) {
129     Class<? extends ScanLabelGenerator> scanLabelGeneratorKlass = conf
130         .getClass(VISIBILITY_LABEL_GENERATOR_CLASS, DefaultScanLabelGenerator.class,
131             ScanLabelGenerator.class);
132     return ReflectionUtils.newInstance(scanLabelGeneratorKlass, conf);
133   }
134 }