/** * Helper that checks to see if we should encrypt the packets between HBase * based on the client config. If the client has set "integrity" or "privacy" * then the packets will be encrypted. If set to "authentication" then no * encryption is used. Any other value will throw an exception * @return A string to compare against to see if we should wrap or not. * @throws IllegalArgumentException if the config doesn't contain one of * the three strings above. */ private String parseQOP() { final String protection = config.hasProperty(RPC_QOP_KEY) ? config.getString(RPC_QOP_KEY) : "authentication"; if ("integrity".equalsIgnoreCase(protection)) { return "auth-int"; } if ("privacy".equalsIgnoreCase(protection)) { return "auth-conf"; } if ("authentication".equalsIgnoreCase(protection)) { return "auth"; } throw new IllegalArgumentException("Unrecognized rpc protection level: " + protection); }
/** * Attempts to refresh the ticket by shelling out to the kinit utility */ private void refreshTicketCache() { String cmd = "/usr/bin/kinit"; if (config.hasProperty("asynchbase.security.auth.kinit")) { cmd = config.getString("asynchbase.security.auth.kinit"); } final String args = "-R"; try { LOG.info("Executing kinit command: " + cmd + " " + args); Shell.execCommand(cmd, args); } catch (Exception e) { throw new RuntimeException("Could not renew TGT due to problem " + "running shell command: '" + cmd + " " + args + "';", e); } }
/** * Default ctor * @param hbase_client The HBaseClient to fetch configuration and timers from * @throws IllegalArgumentException if the * asynchbase.security.auth.simple.username is missing, null or empty. */ public SimpleClientAuthProvider(final HBaseClient hbase_client) { super(hbase_client); if (!hbase_client.getConfig().hasProperty(USERNAME_KEY)) { throw new IllegalArgumentException("Missing client username"); } username = hbase_client.getConfig().getString(USERNAME_KEY); if (username == null || username.isEmpty()) { throw new IllegalArgumentException("Missing client username"); } }
config.getString(SECURITY_AUTHENTICATION_KEY).trim() : "simple";
final Login client_login = Login.getCurrentLogin(); String server_principal = hbase_client.getConfig().getString(PRINCIPAL_KEY); if (server_principal.contains("_HOST")) { try {
/** * Default ctor that will attempt a login and setup the Login singleton * @param hbase_client The HBaseClient to fetch configuration and timers from * @throws IllegalArgumentException if the * asynchbase.security.auth.simple.username is missing, null or empty. * @throws IllegalStateException if the login was unsuccessful */ public KerberosClientAuthProvider(final HBaseClient hbase_client) { super(hbase_client); String password = null; if (hbase_client.getConfig().hasProperty(PASSWORD_KEY)) { password = hbase_client.getConfig().getString(PASSWORD_KEY); } try { Login.initUserIfNeeded(hbase_client.getConfig(), (HashedWheelTimer)hbase_client.getTimer(), hbase_client.getConfig().getString(Login.LOGIN_CONTEXT_NAME_KEY), new ClientCallbackHandler(password)); } catch (LoginException e) { throw new IllegalStateException("Failed to get login context", e); } //-- Prepare principals needed for SaslClient -- final Login client_login = Login.getCurrentLogin(); client_principal_name = getClientPrincipalName(client_login); }