Class ClientAuthUtils

java.lang.Object
org.apache.storm.security.auth.ClientAuthUtils

public class ClientAuthUtils extends Object
  • Field Details

  • Constructor Details

    • ClientAuthUtils

      public ClientAuthUtils()
  • Method Details

    • getJaasConf

      public static String getJaasConf(Map<String,Object> topoConf)
    • getConfiguration

      public static Configuration getConfiguration(Map<String,Object> topoConf)
      Construct a JAAS configuration object per storm configuration file.
      Parameters:
      topoConf - Storm configuration
      Returns:
      JAAS configuration object
    • getEntries

      public static AppConfigurationEntry[] getEntries(Configuration configuration, String section) throws IOException
      Get configurations for a section.
      Parameters:
      configuration - The config to pull the key/value pairs out of.
      section - The app configuration entry name to get stuff from.
      Returns:
      Return array of config entries or null if configuration is null
      Throws:
      IOException
    • pullConfig

      public static SortedMap<String,?> pullConfig(Map<String,Object> topoConf, String section) throws IOException
      Pull a set of keys out of a Configuration.
      Parameters:
      topoConf - The config containing the jaas conf file.
      section - The app configuration entry name to get stuff from.
      Returns:
      Return a map of the configs in conf.
      Throws:
      IOException
    • get

      public static String get(Map<String,Object> topoConf, String section, String key) throws IOException
      Pull a the value given section and key from Configuration.
      Parameters:
      topoConf - The config containing the jaas conf file.
      section - The app configuration entry name to get stuff from.
      key - The key to look up inside of the section
      Returns:
      Return a the String value of the configuration value
      Throws:
      IOException
    • getPrincipalToLocalPlugin

      public static IPrincipalToLocal getPrincipalToLocalPlugin(Map<String,Object> topoConf)
      Construct a principal to local plugin.
      Parameters:
      topoConf - storm configuration
      Returns:
      the plugin
    • getGroupMappingServiceProviderPlugin

      public static IGroupMappingServiceProvider getGroupMappingServiceProviderPlugin(Map<String,Object> conf)
      Construct a group mapping service provider plugin.
      Parameters:
      conf - daemon configuration
      Returns:
      the plugin
    • getCredentialRenewers

      public static Collection<ICredentialsRenewer> getCredentialRenewers(Map<String,Object> conf)
      Get all of the configured Credential Renewer Plugins.
      Parameters:
      conf - the storm configuration to use.
      Returns:
      the configured credential renewers.
    • getNimbusAutoCredPlugins

      public static Collection<INimbusCredentialPlugin> getNimbusAutoCredPlugins(Map<String,Object> conf)
      Get all the Nimbus Auto cred plugins.
      Parameters:
      conf - nimbus configuration to use.
      Returns:
      nimbus auto credential plugins.
    • getAutoCredentials

      public static Collection<IAutoCredentials> getAutoCredentials(Map<String,Object> topoConf)
      Get all of the configured AutoCredential Plugins.
      Parameters:
      topoConf - the storm configuration to use.
      Returns:
      the configured auto credentials.
    • workerTokenCredentialsKey

      public static String workerTokenCredentialsKey(WorkerTokenServiceType type)
      Get the key used to store a WorkerToken in the credentials map.
      Parameters:
      type - the type of service to get.
      Returns:
      the key as a String.
    • readWorkerToken

      public static WorkerToken readWorkerToken(Map<String,String> credentials, WorkerTokenServiceType type)
      Read a WorkerToken out of credentials for the given type.
      Parameters:
      credentials - the credentials map.
      type - the type of service we are looking for.
      Returns:
      the deserialized WorkerToken or null if none could be found.
    • setWorkerToken

      public static void setWorkerToken(Map<String,String> credentials, WorkerToken token)
      Store a worker token in some credentials. It can be pulled back out by calling readWorkerToken.
      Parameters:
      credentials - the credentials map.
      token - the token you want to store.
    • findWorkerToken

      public static WorkerToken findWorkerToken(Subject subject, WorkerTokenServiceType type)
      Find a worker token in a given subject with a given token type.
      Parameters:
      subject - what to look in.
      type - the type of token to look for.
      Returns:
      the token or null.
    • areWorkerTokensEnabledServer

      public static boolean areWorkerTokensEnabledServer(ThriftServer server, Map<String,Object> conf)
      Check if worker tokens should be enabled on the server side or not.
      Parameters:
      server - a Thrift server to know if the transport support tokens or not. No need to create a token if the transport does not support it.
      conf - the daemon configuration to be sure the tokens are secure.
      Returns:
      true if we can enable them, else false.
    • areWorkerTokensEnabledServer

      public static boolean areWorkerTokensEnabledServer(ThriftConnectionType connectionType, Map<String,Object> conf)
      Check if worker tokens should be enabled on the server side or not (for a given server).
      Parameters:
      connectionType - the type of server this is for.
      conf - the daemon configuration to be sure the tokens are secure.
      Returns:
      true if we can enable them, else false.
    • serializeWorkerTokenInfo

      public static byte[] serializeWorkerTokenInfo(WorkerTokenInfo wti)
      Turn a WorkerTokenInfo in a byte array.
      Parameters:
      wti - what to serialize.
      Returns:
      the resulting byte array.
    • getWorkerTokenInfo

      public static WorkerTokenInfo getWorkerTokenInfo(WorkerToken wt)
      Get and deserialize the WorkerTokenInfo in the worker token.
      Parameters:
      wt - the token.
      Returns:
      the deserialized info.
    • populateSubject

      public static Subject populateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String,String> credentials)
      Populate a subject from credentials using the IAutoCredentials.
      Parameters:
      subject - the subject to populate or null if a new Subject should be created.
      autos - the IAutoCredentials to call to populate the subject.
      credentials - the credentials to pull from
      Returns:
      the populated subject.
    • updateSubject

      public static void updateSubject(Subject subject, Collection<IAutoCredentials> autos, Map<String,String> credentials)
      Update a subject from credentials using the IAutoCredentials.
      Parameters:
      subject - the subject to update
      autos - the IAutoCredentials to call to update the subject.
      credentials - the credentials to pull from
    • getTransportPlugin

      public static ITransportPlugin getTransportPlugin(ThriftConnectionType type, Map<String,Object> topoConf)
      Construct a transport plugin per storm configuration.
    • makeDigestPayload

      public static String makeDigestPayload(Map<String,Object> topoConf, String configSection)
    • serializeKerberosTicket

      public static byte[] serializeKerberosTicket(KerberosTicket tgt) throws Exception
      Throws:
      Exception
    • deserializeKerberosTicket

      public static KerberosTicket deserializeKerberosTicket(byte[] tgtBytes)
    • cloneKerberosTicket

      public static KerberosTicket cloneKerberosTicket(KerberosTicket kerberosTicket)