001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security;
019
020import java.util.concurrent.ConcurrentHashMap;
021import java.util.concurrent.ConcurrentMap;
022import org.apache.hadoop.hbase.protobuf.generated.AuthenticationProtos.TokenIdentifier.Kind;
023import org.apache.yetus.audience.InterfaceAudience;
024
025import org.apache.hadoop.hbase.shaded.protobuf.generated.AdminProtos;
026import org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos;
027import org.apache.hadoop.hbase.shaded.protobuf.generated.MasterProtos;
028import org.apache.hadoop.hbase.shaded.protobuf.generated.MasterProtos.MasterService;
029import org.apache.hadoop.hbase.shaded.protobuf.generated.RegionServerStatusProtos;
030import org.apache.hadoop.hbase.shaded.protobuf.generated.RegistryProtos;
031
032/**
033 * Maps RPC protocol interfaces to required configuration
034 */
035@InterfaceAudience.Private
036public class SecurityInfo {
037  /** Maps RPC service names to authentication information */
038  private static ConcurrentMap<String, SecurityInfo> infos = new ConcurrentHashMap<>();
039  // populate info for known services
040  static {
041    infos.put(AdminProtos.AdminService.getDescriptor().getName(),
042      new SecurityInfo(SecurityConstants.REGIONSERVER_KRB_PRINCIPAL, Kind.HBASE_AUTH_TOKEN));
043    infos.put(ClientProtos.ClientService.getDescriptor().getName(),
044      new SecurityInfo(SecurityConstants.REGIONSERVER_KRB_PRINCIPAL, Kind.HBASE_AUTH_TOKEN));
045    infos.put(MasterService.getDescriptor().getName(),
046      new SecurityInfo(SecurityConstants.MASTER_KRB_PRINCIPAL, Kind.HBASE_AUTH_TOKEN));
047    infos.put(RegionServerStatusProtos.RegionServerStatusService.getDescriptor().getName(),
048      new SecurityInfo(SecurityConstants.MASTER_KRB_PRINCIPAL, Kind.HBASE_AUTH_TOKEN));
049    infos.put(MasterProtos.HbckService.getDescriptor().getName(),
050      new SecurityInfo(SecurityConstants.MASTER_KRB_PRINCIPAL, Kind.HBASE_AUTH_TOKEN));
051    infos.put(RegistryProtos.ClientMetaService.getDescriptor().getName(),
052      new SecurityInfo(SecurityConstants.MASTER_KRB_PRINCIPAL, Kind.HBASE_AUTH_TOKEN));
053    // NOTE: IF ADDING A NEW SERVICE, BE SURE TO UPDATE HBasePolicyProvider ALSO ELSE
054    // new Service will not be found when all is Kerberized!!!!
055  }
056
057  /**
058   * Adds a security configuration for a new service name. Note that this will have no effect if the
059   * service name was already registered.
060   */
061  public static void addInfo(String serviceName, SecurityInfo securityInfo) {
062    infos.putIfAbsent(serviceName, securityInfo);
063  }
064
065  /**
066   * Returns the security configuration associated with the given service name.
067   */
068  public static SecurityInfo getInfo(String serviceName) {
069    return infos.get(serviceName);
070  }
071
072  private final String serverPrincipal;
073  private final Kind tokenKind;
074
075  public SecurityInfo(String serverPrincipal, Kind tokenKind) {
076    this.serverPrincipal = serverPrincipal;
077    this.tokenKind = tokenKind;
078  }
079
080  public String getServerPrincipal() {
081    return serverPrincipal;
082  }
083
084  public Kind getTokenKind() {
085    return tokenKind;
086  }
087}