Package org.apache.storm.security.auth

Class ClientAuthUtils

  • public class ClientAuthUtils
extends Object

    • Constructor Detail

      • ClientAuthUtils

        public ClientAuthUtils()

    • Method Detail

      • getConfiguration

        public static Configuration getConfiguration​(Map<String,​Object> topoConf)
        Construct a JAAS configuration object per storm configuration file.
        Parameters:
        topoConf - Storm configuration
        Returns:
        JAAS configuration object

      • getEntries

        public static AppConfigurationEntry[] getEntries​(Configuration configuration,
                                                 String section)
                                          throws IOException
        Get configurations for a section.
        Parameters:
        configuration - The config to pull the key/value pairs out of.
        section - The app configuration entry name to get stuff from.
        Returns:
        Return array of config entries or null if configuration is null
        Throws:
        IOException

      • pullConfig

        public static SortedMap<String,​?> pullConfig​(Map<String,​Object> topoConf,
                                                   String section)
                                            throws IOException
        Pull a set of keys out of a Configuration.
        Parameters:
        topoConf - The config containing the jaas conf file.
        section - The app configuration entry name to get stuff from.
        Returns:
        Return a map of the configs in conf.
        Throws:
        IOException

      • get

        public static String get​(Map<String,​Object> topoConf,
                         String section,
                         String key)
                  throws IOException
        Pull a the value given section and key from Configuration.
        Parameters:
        topoConf - The config containing the jaas conf file.
        section - The app configuration entry name to get stuff from.
        key - The key to look up inside of the section
        Returns:
        Return a the String value of the configuration value
        Throws:
        IOException

      • getPrincipalToLocalPlugin

        public static IPrincipalToLocal getPrincipalToLocalPlugin​(Map<String,​Object> topoConf)
        Construct a principal to local plugin.
        Parameters:
        topoConf - storm configuration
        Returns:
        the plugin

      • getGroupMappingServiceProviderPlugin

        public static IGroupMappingServiceProvider getGroupMappingServiceProviderPlugin​(Map<String,​Object> conf)
        Construct a group mapping service provider plugin.
        Parameters:
        conf - daemon configuration
        Returns:
        the plugin

      • getCredentialRenewers

        public static Collection<ICredentialsRenewer> getCredentialRenewers​(Map<String,​Object> conf)
        Get all of the configured Credential Renewer Plugins.
        Parameters:
        conf - the storm configuration to use.
        Returns:
        the configured credential renewers.

      • getNimbusAutoCredPlugins

        public static Collection<INimbusCredentialPlugin> getNimbusAutoCredPlugins​(Map<String,​Object> conf)
        Get all the Nimbus Auto cred plugins.
        Parameters:
        conf - nimbus configuration to use.
        Returns:
        nimbus auto credential plugins.

      • getAutoCredentials

        public static Collection<IAutoCredentials> getAutoCredentials​(Map<String,​Object> topoConf)
        Get all of the configured AutoCredential Plugins.
        Parameters:
        topoConf - the storm configuration to use.
        Returns:
        the configured auto credentials.

      • workerTokenCredentialsKey

        public static String workerTokenCredentialsKey​(WorkerTokenServiceType type)
        Get the key used to store a WorkerToken in the credentials map.
        Parameters:
        type - the type of service to get.
        Returns:
        the key as a String.

      • readWorkerToken

        public static WorkerToken readWorkerToken​(Map<String,​String> credentials,
                                          WorkerTokenServiceType type)
        Read a WorkerToken out of credentials for the given type.
        Parameters:
        credentials - the credentials map.
        type - the type of service we are looking for.
        Returns:
        the deserialized WorkerToken or null if none could be found.

      • setWorkerToken

        public static void setWorkerToken​(Map<String,​String> credentials,
                                  WorkerToken token)
        Store a worker token in some credentials. It can be pulled back out by calling readWorkerToken.
        Parameters:
        credentials - the credentials map.
        token - the token you want to store.

      • findWorkerToken

        public static WorkerToken findWorkerToken​(Subject subject,
                                          WorkerTokenServiceType type)
        Find a worker token in a given subject with a given token type.
        Parameters:
        subject - what to look in.
        type - the type of token to look for.
        Returns:
        the token or null.

      • areWorkerTokensEnabledServer

        public static boolean areWorkerTokensEnabledServer​(MultiThriftServer<?> multiThriftServer,
                                                   Map<String,​Object> conf)
        Check if worker tokens should be enabled on the server side or not.
        Parameters:
        multiThriftServer - a collection of Thrift servers to know if the transport support tokens or not. No need to create a token if the transport does not support it.
        conf - the daemon configuration to be sure the tokens are secure.
        Returns:
        true if we can enable them, else false.

      • areWorkerTokensEnabledServer

        public static boolean areWorkerTokensEnabledServer​(ThriftConnectionType connectionType,
                                                   Map<String,​Object> conf)
        Check if worker tokens should be enabled on the server side or not (for a given server).
        Parameters:
        connectionType - the type of server this is for.
        conf - the daemon configuration to be sure the tokens are secure.
        Returns:
        true if we can enable them, else false.

      • serializeWorkerTokenInfo

        public static byte[] serializeWorkerTokenInfo​(WorkerTokenInfo wti)
        Turn a WorkerTokenInfo in a byte array.
        Parameters:
        wti - what to serialize.
        Returns:
        the resulting byte array.

      • getWorkerTokenInfo

        public static WorkerTokenInfo getWorkerTokenInfo​(WorkerToken wt)
        Get and deserialize the WorkerTokenInfo in the worker token.
        Parameters:
        wt - the token.
        Returns:
        the deserialized info.

      • populateSubject

        public static Subject populateSubject​(Subject subject,
                                      Collection<IAutoCredentials> autos,
                                      Map<String,​String> credentials)
        Populate a subject from credentials using the IAutoCredentials.
        Parameters:
        subject - the subject to populate or null if a new Subject should be created.
        autos - the IAutoCredentials to call to populate the subject.
        credentials - the credentials to pull from
        Returns:
        the populated subject.

      • updateSubject

        public static void updateSubject​(Subject subject,
                                 Collection<IAutoCredentials> autos,
                                 Map<String,​String> credentials)
        Update a subject from credentials using the IAutoCredentials.
        Parameters:
        subject - the subject to update
        autos - the IAutoCredentials to call to update the subject.
        credentials - the credentials to pull from

      • deserializeKerberosTicket

        public static KerberosTicket deserializeKerberosTicket​(byte[] tgtBytes)