Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance. Project price only 1 $
You can buy this project and download/modify it how often you want.
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to you under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.hazelcast.org.apache.calcite.avatica.remote;
import com.hazelcast.org.slf4j.Logger;
import com.hazelcast.org.slf4j.LoggerFactory;
import java.io.File;
import java.lang.Thread.UncaughtExceptionHandler;
import java.security.Principal;
import java.util.AbstractMap;
import java.util.HashSet;
import java.util.Map.Entry;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
/**
* A utility to perform Kerberos logins and renewals.
*/
public class KerberosConnection {
private static final Logger LOG = LoggerFactory.getLogger(KerberosConnection.class);
private static final String IBM_KRB5_LOGIN_MODULE =
"com.ibm.security.auth.module.Krb5LoginModule";
private static final String SUN_KRB5_LOGIN_MODULE =
"com.sun.security.auth.module.Krb5LoginModule";
private static final String JAAS_CONF_NAME = "AvaticaKeytabConf";
private static final String RENEWAL_THREAD_NAME = "Avatica Kerberos Renewal Thread";
// Thanks Hadoop! Lifted from UserGroupInformation and PlatformName
private static final String JAVA_VENDOR_NAME = System.getProperty("java.vendor");
private static final boolean IS_IBM_JAVA = JAVA_VENDOR_NAME.contains("IBM");
/** The percentage of the Kerberos ticket's lifetime which we should start trying to renew it */
public static final float PERCENT_OF_LIFETIME_TO_RENEW = 0.80f;
/** How long should we sleep between checks to renew the Kerberos ticket */
public static final long RENEWAL_PERIOD = 30L;
private final String principal;
private final Configuration jaasConf;
private Subject subject;
private RenewalTask renewalTask;
private Thread renewalThread;
/**
* Constructs an instance.
*
* @param principal The Kerberos principal
* @param keytab The keytab containing keys for the Kerberos principal
*/
public KerberosConnection(String principal, File keytab) {
this.principal = Objects.requireNonNull(principal);
this.jaasConf = new ClientKeytabJaasConf(principal,
Objects.requireNonNull(keytab).getAbsolutePath());
}
public synchronized Subject getSubject() {
return this.subject;
}
/**
* Perform a Kerberos login and launch a daemon thread to periodically perfrom renewals of that
* Kerberos login. Exceptions are intentionally caught and rethrown as unchecked exceptions as
* there is nothing Avatica itself can do if the Kerberos login fails.
*
* @throws RuntimeException If the Kerberos login fails
*/
public synchronized void login() {
final Entry securityMaterial = performKerberosLogin();
subject = securityMaterial.getValue();
// Launch a thread to periodically perform renewals
final Entry renewalMaterial = createRenewalThread(
securityMaterial.getKey(), subject, KerberosConnection.RENEWAL_PERIOD);
renewalTask = renewalMaterial.getKey();
renewalThread = renewalMaterial.getValue();
renewalThread.start();
}
/**
* Performs a Kerberos login given the {@code principal} and {@code keytab}.
*
* @return The {@code Subject} and {@code LoginContext} from the successful login.
* @throws RuntimeException if the login failed
*/
Entry performKerberosLogin() {
// Loosely based on Apache Kerby's JaasKrbUtil class
// Synchronized by the caller
// Create a KerberosPrincipal given the principal.
final Set principals = new HashSet();
principals.add(new KerberosPrincipal(principal));
final Subject subject = new Subject(false, principals, new HashSet