1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase.security;
20
21 import org.apache.commons.codec.binary.Base64;
22 import org.apache.hadoop.hbase.classification.InterfaceAudience;
23
24 import java.util.Map;
25 import java.util.TreeMap;
26
27 import javax.security.sasl.Sasl;
28
29 @InterfaceAudience.Private
30 public class SaslUtil {
31 public static final String SASL_DEFAULT_REALM = "default";
32 public static final Map<String, String> SASL_PROPS =
33 new TreeMap<String, String>();
34 public static final int SWITCH_TO_SIMPLE_AUTH = -88;
35
36 public static enum QualityOfProtection {
37 AUTHENTICATION("auth"),
38 INTEGRITY("auth-int"),
39 PRIVACY("auth-conf");
40
41 public final String saslQop;
42
43 private QualityOfProtection(String saslQop) {
44 this.saslQop = saslQop;
45 }
46
47 public String getSaslQop() {
48 return saslQop;
49 }
50 }
51
52
53 public static String[] splitKerberosName(String fullName) {
54 return fullName.split("[/@]");
55 }
56
57 static String encodeIdentifier(byte[] identifier) {
58 return new String(Base64.encodeBase64(identifier));
59 }
60
61 static byte[] decodeIdentifier(String identifier) {
62 return Base64.decodeBase64(identifier.getBytes());
63 }
64
65 static char[] encodePassword(byte[] password) {
66 return new String(Base64.encodeBase64(password)).toCharArray();
67 }
68
69 static void initSaslProperties(String rpcProtection) {
70 QualityOfProtection saslQOP = QualityOfProtection.AUTHENTICATION;
71 if (QualityOfProtection.INTEGRITY.name().toLowerCase()
72 .equals(rpcProtection)) {
73 saslQOP = QualityOfProtection.INTEGRITY;
74 } else if (QualityOfProtection.PRIVACY.name().toLowerCase().equals(
75 rpcProtection)) {
76 saslQOP = QualityOfProtection.PRIVACY;
77 }
78
79 SaslUtil.SASL_PROPS.put(Sasl.QOP, saslQOP.getSaslQop());
80 SaslUtil.SASL_PROPS.put(Sasl.SERVER_AUTH, "true");
81 }
82 }