/**
* Load Hadoop Job Token into secret manager.
*
* @param conf Configuration
* @throws IOException
*/
private void setupSecretManager(Configuration conf) throws IOException {
secretManager = new JobTokenSecretManager();
String localJobTokenFile = System.getenv().get(UserGroupInformation.HADOOP_TOKEN_FILE_LOCATION);
if (localJobTokenFile == null) {
throw new IOException(
"Could not find job credentials: environment "
+ "variable: "
+ UserGroupInformation.HADOOP_TOKEN_FILE_LOCATION
+ " was not defined.");
}
JobConf jobConf = new JobConf(conf);
// Find the JobTokenIdentifiers among all the tokens available in the
// jobTokenFile and store them in the secretManager.
Credentials credentials = TokenCache.loadTokens(localJobTokenFile, jobConf);
Collection<Token<? extends TokenIdentifier>> collection = credentials.getAllTokens();
for (Token<? extends TokenIdentifier> token : collection) {
TokenIdentifier tokenIdentifier = decodeIdentifier(token, JobTokenIdentifier.class);
if (tokenIdentifier instanceof JobTokenIdentifier) {
Token<JobTokenIdentifier> theToken = (Token<JobTokenIdentifier>) token;
JobTokenIdentifier jobTokenIdentifier = (JobTokenIdentifier) tokenIdentifier;
secretManager.addTokenForJob(jobTokenIdentifier.getJobId().toString(), theToken);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug(
"loaded JobToken credentials: "
+ credentials
+ " from "
+ "localJobTokenFile: "
+ localJobTokenFile);
}
}
/** {@inheritDoc} */
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
NameCallback nc = null;
PasswordCallback pc = null;
AuthorizeCallback ac = null;
for (Callback callback : callbacks) {
if (callback instanceof AuthorizeCallback) {
ac = (AuthorizeCallback) callback;
} else if (callback instanceof NameCallback) {
nc = (NameCallback) callback;
} else if (callback instanceof PasswordCallback) {
pc = (PasswordCallback) callback;
} else if (callback instanceof RealmCallback) {
continue; // realm is ignored
} else {
throw new UnsupportedCallbackException(
callback, "handle: Unrecognized SASL DIGEST-MD5 Callback");
}
}
if (pc != null) {
JobTokenIdentifier tokenIdentifier = getIdentifier(nc.getDefaultName(), secretManager);
char[] password = encodePassword(secretManager.retrievePassword(tokenIdentifier));
if (LOG.isDebugEnabled()) {
LOG.debug(
"handle: SASL server DIGEST-MD5 callback: setting "
+ "password for client: "
+ tokenIdentifier.getUser());
}
pc.setPassword(password);
}
if (ac != null) {
String authid = ac.getAuthenticationID();
String authzid = ac.getAuthorizationID();
if (authid.equals(authzid)) {
ac.setAuthorized(true);
} else {
ac.setAuthorized(false);
}
if (ac.isAuthorized()) {
if (LOG.isDebugEnabled()) {
String username = getIdentifier(authzid, secretManager).getUser().getUserName();
if (LOG.isDebugEnabled()) {
LOG.debug(
"handle: SASL server DIGEST-MD5 callback: setting "
+ "canonicalized client ID: "
+ username);
}
}
ac.setAuthorizedID(authzid);
}
}
}
