@Private
public final class DataTransferSaslUtil
extends java.lang.Object
| Modifier and Type | Field | Description |
|---|---|---|
static java.lang.String |
NAME_DELIMITER |
Delimiter for the three-part SASL username string.
|
static int |
SASL_TRANSFER_MAGIC_NUMBER |
Sent by clients and validated by servers.
|
| Modifier and Type | Method | Description |
|---|---|---|
static void |
checkSaslComplete(org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslParticipant sasl,
java.util.Map<java.lang.String,java.lang.String> saslProps) |
Checks that SASL negotiation has completed for the given participant, and
the negotiated quality of protection is included in the given SASL
properties and therefore acceptable.
|
static java.util.Map<java.lang.String,java.lang.String> |
createSaslPropertiesForEncryption(java.lang.String encryptionAlgorithm) |
Creates SASL properties required for an encrypted SASL negotiation.
|
static IOStreamPair |
createStreamPair(org.apache.hadoop.conf.Configuration conf,
org.apache.hadoop.crypto.CipherOption cipherOption,
java.io.OutputStream out,
java.io.InputStream in,
boolean isServer) |
Create IOStreamPair of
CryptoInputStream
and CryptoOutputStream |
static char[] |
encryptionKeyToPassword(byte[] encryptionKey) |
For an encrypted SASL negotiation, encodes an encryption key to a SASL
password.
|
static java.net.InetAddress |
getPeerAddress(Peer peer) |
Returns InetAddress from peer.
|
static org.apache.hadoop.security.SaslPropertiesResolver |
getSaslPropertiesResolver(org.apache.hadoop.conf.Configuration conf) |
Creates a SaslPropertiesResolver from the given configuration.
|
static org.apache.hadoop.crypto.CipherOption |
negotiateCipherOption(org.apache.hadoop.conf.Configuration conf,
java.util.List<org.apache.hadoop.crypto.CipherOption> options) |
Negotiate a cipher option which server supports.
|
static byte[] |
readSaslMessage(java.io.InputStream in) |
Reads a SASL negotiation message.
|
static SaslResponseWithNegotiatedCipherOption |
readSaslMessageAndNegotiatedCipherOption(java.io.InputStream in) |
Read SASL message and negotiated cipher option from server.
|
static byte[] |
readSaslMessageAndNegotiationCipherOptions(java.io.InputStream in,
java.util.List<org.apache.hadoop.crypto.CipherOption> cipherOptions) |
Reads a SASL negotiation message and negotiation cipher options.
|
static org.apache.hadoop.hdfs.protocol.datatransfer.sasl.DataTransferSaslUtil.SaslMessageWithHandshake |
readSaslMessageWithHandshakeSecret(java.io.InputStream in) |
|
static boolean |
requestedQopContainsPrivacy(java.util.Map<java.lang.String,java.lang.String> saslProps) |
Check whether requested SASL Qop contains privacy.
|
static void |
sendGenericSaslErrorMessage(java.io.OutputStream out,
java.lang.String message) |
Sends a SASL negotiation message indicating an error.
|
static void |
sendSaslMessage(java.io.OutputStream out,
byte[] payload) |
Sends a SASL negotiation message.
|
static void |
sendSaslMessage(java.io.OutputStream out,
org.apache.hadoop.hdfs.protocol.proto.DataTransferProtos.DataTransferEncryptorMessageProto.DataTransferEncryptorStatus status,
byte[] payload,
java.lang.String message) |
Sends a SASL negotiation message.
|
static void |
sendSaslMessage(java.io.OutputStream out,
org.apache.hadoop.hdfs.protocol.proto.DataTransferProtos.DataTransferEncryptorMessageProto.DataTransferEncryptorStatus status,
byte[] payload,
java.lang.String message,
org.apache.hadoop.hdfs.protocol.proto.DataTransferProtos.HandshakeSecretProto handshakeSecret) |
|
static void |
sendSaslMessage(java.io.OutputStream out,
org.apache.hadoop.hdfs.protocol.proto.DataTransferProtos.DataTransferEncryptorMessageProto.DataTransferEncryptorStatus status,
byte[] payload,
java.lang.String message,
org.apache.hadoop.hdfs.protocol.proto.DataTransferProtos.HandshakeSecretProto handshakeSecret,
boolean accessTokenError) |
|
static void |
sendSaslMessageAndNegotiatedCipherOption(java.io.OutputStream out,
byte[] payload,
org.apache.hadoop.crypto.CipherOption option) |
Send SASL message and negotiated cipher option to client.
|
static void |
sendSaslMessageAndNegotiationCipherOptions(java.io.OutputStream out,
byte[] payload,
java.util.List<org.apache.hadoop.crypto.CipherOption> options) |
Send a SASL negotiation message and negotiation cipher options to server.
|
static void |
sendSaslMessageHandshakeSecret(java.io.OutputStream out,
byte[] payload,
byte[] secret,
java.lang.String bpid) |
|
static void |
sendSaslMessageHandshakeSecret(java.io.OutputStream out,
org.apache.hadoop.hdfs.protocol.proto.DataTransferProtos.DataTransferEncryptorMessageProto.DataTransferEncryptorStatus status,
byte[] payload,
java.lang.String message,
byte[] secret,
java.lang.String bpid) |
|
static org.apache.hadoop.crypto.CipherOption |
unwrap(org.apache.hadoop.crypto.CipherOption option,
org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslParticipant sasl) |
Decrypt the key and iv of the negotiated cipher option.
|
static org.apache.hadoop.crypto.CipherOption |
wrap(org.apache.hadoop.crypto.CipherOption option,
org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslParticipant sasl) |
Encrypt the key and iv of the negotiated cipher option.
|
public static final java.lang.String NAME_DELIMITER
public static final int SASL_TRANSFER_MAGIC_NUMBER
public static void checkSaslComplete(org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslParticipant sasl,
java.util.Map<java.lang.String,java.lang.String> saslProps)
throws java.io.IOException
sasl - participant to checksaslProps - properties of SASL negotiationjava.io.IOException - for any errorpublic static boolean requestedQopContainsPrivacy(java.util.Map<java.lang.String,java.lang.String> saslProps)
saslProps - properties of SASL negotiationpublic static java.util.Map<java.lang.String,java.lang.String> createSaslPropertiesForEncryption(java.lang.String encryptionAlgorithm)
encryptionAlgorithm - to use for SASL negotationpublic static char[] encryptionKeyToPassword(byte[] encryptionKey)
encryptionKey - to encodepublic static java.net.InetAddress getPeerAddress(Peer peer)
public static org.apache.hadoop.security.SaslPropertiesResolver getSaslPropertiesResolver(org.apache.hadoop.conf.Configuration conf)
conf - configuration to readpublic static byte[] readSaslMessage(java.io.InputStream in)
throws java.io.IOException
in - stream to readjava.io.IOException - for any errorpublic static byte[] readSaslMessageAndNegotiationCipherOptions(java.io.InputStream in,
java.util.List<org.apache.hadoop.crypto.CipherOption> cipherOptions)
throws java.io.IOException
in - stream to readcipherOptions - list to store negotiation cipher optionsjava.io.IOException - for any errorpublic static org.apache.hadoop.hdfs.protocol.datatransfer.sasl.DataTransferSaslUtil.SaslMessageWithHandshake readSaslMessageWithHandshakeSecret(java.io.InputStream in)
throws java.io.IOException
java.io.IOExceptionpublic static org.apache.hadoop.crypto.CipherOption negotiateCipherOption(org.apache.hadoop.conf.Configuration conf,
java.util.List<org.apache.hadoop.crypto.CipherOption> options)
throws java.io.IOException
conf - the configurationoptions - the cipher options which client supportsjava.io.IOExceptionpublic static void sendSaslMessageAndNegotiatedCipherOption(java.io.OutputStream out,
byte[] payload,
org.apache.hadoop.crypto.CipherOption option)
throws java.io.IOException
out - stream to receive messagepayload - to sendoption - negotiated cipher optionjava.io.IOException - for any errorpublic static IOStreamPair createStreamPair(org.apache.hadoop.conf.Configuration conf, org.apache.hadoop.crypto.CipherOption cipherOption, java.io.OutputStream out, java.io.InputStream in, boolean isServer) throws java.io.IOException
CryptoInputStream
and CryptoOutputStreamconf - the configurationcipherOption - negotiated cipher optionout - underlying output streamin - underlying input streamisServer - is server sidejava.io.IOException - for any errorpublic static void sendGenericSaslErrorMessage(java.io.OutputStream out,
java.lang.String message)
throws java.io.IOException
out - stream to receive messagemessage - to sendjava.io.IOException - for any errorpublic static void sendSaslMessage(java.io.OutputStream out,
byte[] payload)
throws java.io.IOException
out - stream to receive messagepayload - to sendjava.io.IOException - for any errorpublic static void sendSaslMessageHandshakeSecret(java.io.OutputStream out,
byte[] payload,
byte[] secret,
java.lang.String bpid)
throws java.io.IOException
java.io.IOExceptionpublic static void sendSaslMessageAndNegotiationCipherOptions(java.io.OutputStream out,
byte[] payload,
java.util.List<org.apache.hadoop.crypto.CipherOption> options)
throws java.io.IOException
out - stream to receive messagepayload - to sendoptions - cipher options to negotiatejava.io.IOException - for any errorpublic static SaslResponseWithNegotiatedCipherOption readSaslMessageAndNegotiatedCipherOption(java.io.InputStream in) throws java.io.IOException
in - stream to readjava.io.IOException - for any errorpublic static org.apache.hadoop.crypto.CipherOption wrap(org.apache.hadoop.crypto.CipherOption option,
org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslParticipant sasl)
throws java.io.IOException
option - negotiated cipher optionsasl - SASL participant representing serverjava.io.IOException - for any errorpublic static org.apache.hadoop.crypto.CipherOption unwrap(org.apache.hadoop.crypto.CipherOption option,
org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslParticipant sasl)
throws java.io.IOException
option - negotiated cipher optionsasl - SASL participant representing clientjava.io.IOException - for any errorpublic static void sendSaslMessage(java.io.OutputStream out,
org.apache.hadoop.hdfs.protocol.proto.DataTransferProtos.DataTransferEncryptorMessageProto.DataTransferEncryptorStatus status,
byte[] payload,
java.lang.String message)
throws java.io.IOException
out - stream to receive messagestatus - negotiation statuspayload - to sendmessage - to sendjava.io.IOException - for any errorpublic static void sendSaslMessage(java.io.OutputStream out,
org.apache.hadoop.hdfs.protocol.proto.DataTransferProtos.DataTransferEncryptorMessageProto.DataTransferEncryptorStatus status,
byte[] payload,
java.lang.String message,
org.apache.hadoop.hdfs.protocol.proto.DataTransferProtos.HandshakeSecretProto handshakeSecret)
throws java.io.IOException
java.io.IOExceptionpublic static void sendSaslMessage(java.io.OutputStream out,
org.apache.hadoop.hdfs.protocol.proto.DataTransferProtos.DataTransferEncryptorMessageProto.DataTransferEncryptorStatus status,
byte[] payload,
java.lang.String message,
org.apache.hadoop.hdfs.protocol.proto.DataTransferProtos.HandshakeSecretProto handshakeSecret,
boolean accessTokenError)
throws java.io.IOException
java.io.IOExceptionpublic static void sendSaslMessageHandshakeSecret(java.io.OutputStream out,
org.apache.hadoop.hdfs.protocol.proto.DataTransferProtos.DataTransferEncryptorMessageProto.DataTransferEncryptorStatus status,
byte[] payload,
java.lang.String message,
byte[] secret,
java.lang.String bpid)
throws java.io.IOException
java.io.IOExceptionCopyright © 2008–2025 Apache Software Foundation. All rights reserved.