001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.hbase.security; 019 020import java.io.IOException; 021import java.net.InetAddress; 022import javax.security.sasl.Sasl; 023import org.apache.hadoop.conf.Configuration; 024import org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProvider; 025import org.apache.hadoop.security.token.Token; 026import org.apache.hadoop.security.token.TokenIdentifier; 027import org.apache.yetus.audience.InterfaceAudience; 028import org.slf4j.Logger; 029import org.slf4j.LoggerFactory; 030 031import org.apache.hbase.thirdparty.io.netty.channel.ChannelPipeline; 032import org.apache.hbase.thirdparty.io.netty.handler.codec.LengthFieldBasedFrameDecoder; 033 034/** 035 * Implement SASL logic for netty rpc client. 036 * @since 2.0.0 037 */ 038@InterfaceAudience.Private 039public class NettyHBaseSaslRpcClient extends AbstractHBaseSaslRpcClient { 040 private static final Logger LOG = LoggerFactory.getLogger(NettyHBaseSaslRpcClient.class); 041 042 public NettyHBaseSaslRpcClient(Configuration conf, SaslClientAuthenticationProvider provider, 043 Token<? extends TokenIdentifier> token, InetAddress serverAddr, SecurityInfo securityInfo, 044 boolean fallbackAllowed, String rpcProtection) throws IOException { 045 super(conf, provider, token, serverAddr, securityInfo, fallbackAllowed, rpcProtection); 046 } 047 048 public void setupSaslHandler(ChannelPipeline p) { 049 String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP); 050 LOG.trace("SASL client context established. Negotiated QoP {}", qop); 051 if (qop == null || "auth".equalsIgnoreCase(qop)) { 052 return; 053 } 054 // add wrap and unwrap handlers to pipeline. 055 p.addFirst(new SaslWrapHandler(saslClient), 056 new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4), 057 new SaslUnwrapHandler(saslClient)); 058 } 059 060 public String getSaslQOP() { 061 return (String) saslClient.getNegotiatedProperty(Sasl.QOP); 062 } 063}