1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase.security;
20
21 import org.apache.commons.codec.binary.Base64;
22
23 import java.util.Map;
24 import java.util.TreeMap;
25
26 import javax.security.sasl.Sasl;
27
28 public class SaslUtil {
29 public static final String SASL_DEFAULT_REALM = "default";
30 public static final Map<String, String> SASL_PROPS =
31 new TreeMap<String, String>();
32 public static final int SWITCH_TO_SIMPLE_AUTH = -88;
33
34 public static enum QualityOfProtection {
35 AUTHENTICATION("auth"),
36 INTEGRITY("auth-int"),
37 PRIVACY("auth-conf");
38
39 public final String saslQop;
40
41 private QualityOfProtection(String saslQop) {
42 this.saslQop = saslQop;
43 }
44
45 public String getSaslQop() {
46 return saslQop;
47 }
48 }
49
50
51 public static String[] splitKerberosName(String fullName) {
52 return fullName.split("[/@]");
53 }
54
55 static String encodeIdentifier(byte[] identifier) {
56 return new String(Base64.encodeBase64(identifier));
57 }
58
59 static byte[] decodeIdentifier(String identifier) {
60 return Base64.decodeBase64(identifier.getBytes());
61 }
62
63 static char[] encodePassword(byte[] password) {
64 return new String(Base64.encodeBase64(password)).toCharArray();
65 }
66
67 static void initSaslProperties(String rpcProtection) {
68 QualityOfProtection saslQOP = QualityOfProtection.AUTHENTICATION;
69 if (QualityOfProtection.INTEGRITY.name().toLowerCase()
70 .equals(rpcProtection)) {
71 saslQOP = QualityOfProtection.INTEGRITY;
72 } else if (QualityOfProtection.PRIVACY.name().toLowerCase().equals(
73 rpcProtection)) {
74 saslQOP = QualityOfProtection.PRIVACY;
75 }
76
77 SaslUtil.SASL_PROPS.put(Sasl.QOP, saslQOP.getSaslQop());
78 SaslUtil.SASL_PROPS.put(Sasl.SERVER_AUTH, "true");
79 }
80 }