1 /*
2  * Licensed to the Apache Software Foundation (ASF) under one
3  * or more contributor license agreements.  See the NOTICE file
4  * distributed with this work for additional information
5  * regarding copyright ownership.  The ASF licenses this file
6  * to you under the Apache License, Version 2.0 (the
7  * "License"); you may not use this file except in compliance
8  * with the License.  You may obtain a copy of the License at
9  *
10  *     http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing, software
13  * distributed under the License is distributed on an "AS IS" BASIS,
14  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15  * See the License for the specific language governing permissions and
16  * limitations under the License.
17  */
18 package org.apache.hadoop.hbase.security;
19 
20 import java.util.concurrent.ConcurrentHashMap;
21 import java.util.concurrent.ConcurrentMap;
22 
23 import org.apache.hadoop.hbase.classification.InterfaceAudience;
24 import org.apache.hadoop.hbase.protobuf.generated.AdminProtos;
25 import org.apache.hadoop.hbase.protobuf.generated.AuthenticationProtos.TokenIdentifier.Kind;
26 import org.apache.hadoop.hbase.protobuf.generated.ClientProtos;
27 import org.apache.hadoop.hbase.protobuf.generated.MasterProtos.MasterService;
28 import org.apache.hadoop.hbase.protobuf.generated.RegionServerStatusProtos;
29 
30 /**
31  * Maps RPC protocol interfaces to required configuration
32  */
33 @InterfaceAudience.Private
34 public class SecurityInfo {
35   /** Maps RPC service names to authentication information */
36   private static ConcurrentMap<String,SecurityInfo> infos = new ConcurrentHashMap<String,SecurityInfo>();
37   // populate info for known services
38   static {
39     infos.put(AdminProtos.AdminService.getDescriptor().getName(),
40         new SecurityInfo("hbase.regionserver.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
41     infos.put(ClientProtos.ClientService.getDescriptor().getName(),
42         new SecurityInfo("hbase.regionserver.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
43     infos.put(MasterService.getDescriptor().getName(),
44         new SecurityInfo("hbase.master.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
45     infos.put(RegionServerStatusProtos.RegionServerStatusService.getDescriptor().getName(),
46         new SecurityInfo("hbase.master.kerberos.principal", Kind.HBASE_AUTH_TOKEN));
47   }
48 
49   /**
50    * Adds a security configuration for a new service name.  Note that this will have no effect if
51    * the service name was already registered.
52    */
addInfo(String serviceName, SecurityInfo securityInfo)53   public static void addInfo(String serviceName, SecurityInfo securityInfo) {
54     infos.putIfAbsent(serviceName, securityInfo);
55   }
56 
57   /**
58    * Returns the security configuration associated with the given service name.
59    */
getInfo(String serviceName)60   public static SecurityInfo getInfo(String serviceName) {
61     return infos.get(serviceName);
62   }
63 
64   private final String serverPrincipal;
65   private final Kind tokenKind;
66 
SecurityInfo(String serverPrincipal, Kind tokenKind)67   public SecurityInfo(String serverPrincipal, Kind tokenKind) {
68     this.serverPrincipal = serverPrincipal;
69     this.tokenKind = tokenKind;
70   }
71 
getServerPrincipal()72   public String getServerPrincipal() {
73     return serverPrincipal;
74   }
75 
getTokenKind()76   public Kind getTokenKind() {
77     return tokenKind;
78   }
79 }
80