Package com.mapr.security

Class SecurityHelper

java.lang.Object
com.mapr.security.SecurityHelper
public class SecurityHelper extends Object
SecurityHelper class

  • Constructor Details

    • SecurityHelper

      public SecurityHelper()

  • Method Details

    • zookeeperAuthRequestCreationHelper

      public static byte[] zookeeperAuthRequestCreationHelper(com.mapr.fs.proto.Security.TicketAndKey ticketAndKey, long sessionId, String clusterName)

    • ticketReadingHelper

      public static com.mapr.fs.proto.Security.TicketAndKey ticketReadingHelper()

    • getHostFromCluster

      public static List<String> getHostFromCluster(String clusterName)
      Retrieves all the cldb hosts for a given cluster, will only include first nic listed for each cldb
      Parameters:
      clusterName - the cluster name
      Returns:
      a List of hosts or null if cluster cannot be found or no host are avalible

    • getClusterFromHost

      public static String getClusterFromHost(List<String> hosts)
      Retrieves the cluster name from a given list of cldb hosts, will return the first cluster name found in order of the hosts.
      Parameters:
      hosts - list of host names for the cluster desired
      Returns:
      the cluster name or null if no clusters can be found

    • addCLDBsToAuthReqFull

      public static boolean addCLDBsToAuthReqFull(com.mapr.fs.proto.Security.AuthenticationReqFull.Builder bld, String clusterName)
      Adds CLDBs to the cldb field inside AuthenticationReqFull.Builder.
      Parameters:
      bld - the builder to add cldb to
      clusterName - The cluster name that specifies all the cldbs, if null or empty will just default to current cluster name
      Returns:
      true if successfully added cldb field to the builder, else false

    • checkCLDBAuthReqFull

      public static boolean checkCLDBAuthReqFull(com.mapr.fs.proto.Security.AuthenticationReqFull req)
      Checks to see if this AuthenticationReqFull message has a hostname in the cldb field that matchs that of the current cluster that this node is in.
      Parameters:
      req - Message to be check to see if correct cldb host name is contained in it
      Returns:
      true iff one of cldbs' hostname match to one of the hostnames of current cluster, ie if correct cluster

    • createAuthRespWrongTicket

      public static com.mapr.fs.proto.Security.AuthenticationResp createAuthRespWrongTicket()
      Builds AuthenticationResp message to be sent when server receives a ticket that is not meant for the current node.
      Returns:
      The built AuthenticationResp message or null if there was an error

    • getPasswordFromCredStore

      public static char[] getPasswordFromCredStore(SecurityHelper.CredStore credStore, String alias, String storeType, String storePass) throws IllegalArgumentException
      Obtains the password from the Hadoop Credential Provider credential store. Equivalent to the Hadoop Configuration.getPassword() method except that it does not use any Hadoop packages
      Parameters:
      credStore - Credential store. Must be either CRED_KEYSTORE or CRED_TRUSTSTORE: - CRED_KEYSTORE will access ${MAPR_HOME}/conf/maprkeycreds. - CRED_TRUSTSTORE will access ${MAPR_HOME}/conf/maprtrustcreds.
      alias - The alias whose value is to be retrieved. You can get a list of aliases by using the "hadoop credential list" command, for example: # hadoop credential list -provider localjceks://file/opt/mapr/conf/maprkeycreds.jceks Listing aliases for CredentialProvider: localjceks://file/opt/mapr/conf/maprkeycreds.jceks ssl.client.keystore.keypassword ssl.server.keystore.password ssl.client.keystore.password ssl.server.keystore.keypassword
      storeType - The credential store type. Supported values are "jks", "jceks" and "bcfks". JKS key and trust stores use JCEKS credential stores.
      storePass - Store password. If set to null, the default Hadoop Credential store password of "none" is used.
      Throws:
      IllegalArgumentException