core/src/main/java/org/apache/accumulo/core/client/impl/Credentials.java - accumulo - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.accumulo.core.client.impl;

 import static java.nio.charset.StandardCharsets.UTF_8;

 import java.nio.ByteBuffer;
 import java.util.Base64;

 import org.apache.accumulo.core.client.AccumuloClient;
 import org.apache.accumulo.core.client.AccumuloSecurityException;
 import org.apache.accumulo.core.client.impl.thrift.SecurityErrorCode;
 import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
 import org.apache.accumulo.core.client.security.tokens.AuthenticationToken.AuthenticationTokenSerializer;
 import org.apache.accumulo.core.security.thrift.TCredentials;

 /**
  * A wrapper for internal use. This class carries the instance, principal, and authentication token
  * for use in the public API, in a non-serialized form. This is important, so that the
  * authentication token carried in a {@link AccumuloClient} can be destroyed, invalidating future
  * RPC operations from that {@link AccumuloClient}.
  * <p>
  * See ACCUMULO-1312
  *
  * @since 1.6.0
  */
 public class Credentials {

   private String principal;
   private AuthenticationToken token;

   /**
    * Creates a new credentials object.
    *
    * @param principal
    *          unique identifier for the entity (e.g. a user or service) authorized for these
    *          credentials
    * @param token
    *          authentication token used to prove that the principal for these credentials has been
    *          properly verified
    */
   public Credentials(String principal, AuthenticationToken token) {
     this.principal = principal;
     this.token = token;
   }

   /**
    * Gets the principal.
    *
    * @return unique identifier for the entity (e.g. a user or service) authorized for these
    *         credentials
    */
   public String getPrincipal() {
     return principal;
   }

   /**
    * Gets the authentication token.
    *
    * @return authentication token used to prove that the principal for these credentials has been
    *         properly verified
    */
   public AuthenticationToken getToken() {
     return token;
   }

   /**
    * Converts the current object to the relevant thrift type. The object returned from this contains
    * a non-destroyable version of the {@link AuthenticationToken}, so this should be used just
    * before placing on the wire, and references to it should be tightly controlled.
    *
    * @param instanceID
    *          Accumulo instance ID
    * @return Thrift credentials
    * @throws RuntimeException
    *           if the authentication token has been destroyed (expired)
    */
   public TCredentials toThrift(String instanceID) {
     TCredentials tCreds = new TCredentials(getPrincipal(), getToken().getClass().getName(),
         ByteBuffer.wrap(AuthenticationTokenSerializer.serialize(getToken())), instanceID);
     if (getToken().isDestroyed())
       throw new RuntimeException("Token has been destroyed",
           new AccumuloSecurityException(getPrincipal(), SecurityErrorCode.TOKEN_EXPIRED));
     return tCreds;
   }

   /**
    * Converts a given thrift object to our internal Credentials representation.
    *
    * @param serialized
    *          a Thrift encoded set of credentials
    * @return a new Credentials instance; destroy the token when you're done.
    */
   public static Credentials fromThrift(TCredentials serialized) {
     return new Credentials(serialized.getPrincipal(), AuthenticationTokenSerializer
         .deserialize(serialized.getTokenClassName(), serialized.getToken()));
   }

   /**
    * Converts the current object to a serialized form. The object returned from this contains a
    * non-destroyable version of the {@link AuthenticationToken}, so references to it should be
    * tightly controlled.
    *
    * @return serialized form of these credentials
    */
   public final String serialize() {
     return (getPrincipal() == null ? "-"
         : Base64.getEncoder().encodeToString(getPrincipal().getBytes(UTF_8)))
         + ":"
         + (getToken() == null ? "-"
             : Base64.getEncoder().encodeToString(getToken().getClass().getName().getBytes(UTF_8)))
         + ":"
         + (getToken() == null ? "-"
             : Base64.getEncoder()
                 .encodeToString(AuthenticationTokenSerializer.serialize(getToken())));
   }

   /**
    * Converts the serialized form to an instance of {@link Credentials}. The original serialized
    * form will not be affected.
    *
    * @param serializedForm
    *          serialized form of credentials
    * @return deserialized credentials
    */
   public static final Credentials deserialize(String serializedForm) {
     String[] split = serializedForm.split(":", 3);
     String principal = split[0].equals("-") ? null
         : new String(Base64.getDecoder().decode(split[0]), UTF_8);
     String tokenType = split[1].equals("-") ? null
         : new String(Base64.getDecoder().decode(split[1]), UTF_8);
     AuthenticationToken token = null;
     if (!split[2].equals("-")) {
       byte[] tokenBytes = Base64.getDecoder().decode(split[2]);
       token = AuthenticationTokenSerializer.deserialize(tokenType, tokenBytes);
     }
     return new Credentials(principal, token);
   }

   @Override
   public int hashCode() {
     return getPrincipal() == null ? 0 : getPrincipal().hashCode();
   }

   @Override
   public boolean equals(Object obj) {
     if (obj == null || !(obj instanceof Credentials))
       return false;
     Credentials other = Credentials.class.cast(obj);
     boolean pEq = getPrincipal() == null ? (other.getPrincipal() == null)
         : (getPrincipal().equals(other.getPrincipal()));
     if (!pEq)
       return false;
     return getToken() == null ? (other.getToken() == null) : (getToken().equals(other.getToken()));
   }

   @Override
   public String toString() {
     return getClass().getName() + ":" + getPrincipal() + ":"
         + (getToken() == null ? null : getToken().getClass().getName()) + ":<hidden>";
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.accumulo.core.client.impl;

	import static java.nio.charset.StandardCharsets.UTF_8;

	import java.nio.ByteBuffer;
	import java.util.Base64;

	import org.apache.accumulo.core.client.AccumuloClient;
	import org.apache.accumulo.core.client.AccumuloSecurityException;
	import org.apache.accumulo.core.client.impl.thrift.SecurityErrorCode;
	import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
	import org.apache.accumulo.core.client.security.tokens.AuthenticationToken.AuthenticationTokenSerializer;
	import org.apache.accumulo.core.security.thrift.TCredentials;

	/**
	* A wrapper for internal use. This class carries the instance, principal, and authentication token
	* for use in the public API, in a non-serialized form. This is important, so that the
	* authentication token carried in a {@link AccumuloClient} can be destroyed, invalidating future
	* RPC operations from that {@link AccumuloClient}.
	* <p>
	* See ACCUMULO-1312
	*
	* @since 1.6.0
	*/
	public class Credentials {

	private String principal;
	private AuthenticationToken token;

	/**
	* Creates a new credentials object.
	*
	* @param principal
	* unique identifier for the entity (e.g. a user or service) authorized for these
	* credentials
	* @param token
	* authentication token used to prove that the principal for these credentials has been
	* properly verified
	*/
	public Credentials(String principal, AuthenticationToken token) {
	this.principal = principal;
	this.token = token;
	}

	/**
	* Gets the principal.
	*
	* @return unique identifier for the entity (e.g. a user or service) authorized for these
	* credentials
	*/
	public String getPrincipal() {
	return principal;
	}

	/**
	* Gets the authentication token.
	*
	* @return authentication token used to prove that the principal for these credentials has been
	* properly verified
	*/
	public AuthenticationToken getToken() {
	return token;
	}

	/**
	* Converts the current object to the relevant thrift type. The object returned from this contains
	* a non-destroyable version of the {@link AuthenticationToken}, so this should be used just
	* before placing on the wire, and references to it should be tightly controlled.
	*
	* @param instanceID
	* Accumulo instance ID
	* @return Thrift credentials
	* @throws RuntimeException
	* if the authentication token has been destroyed (expired)
	*/
	public TCredentials toThrift(String instanceID) {
	TCredentials tCreds = new TCredentials(getPrincipal(), getToken().getClass().getName(),
	ByteBuffer.wrap(AuthenticationTokenSerializer.serialize(getToken())), instanceID);
	if (getToken().isDestroyed())
	throw new RuntimeException("Token has been destroyed",
	new AccumuloSecurityException(getPrincipal(), SecurityErrorCode.TOKEN_EXPIRED));
	return tCreds;
	}

	/**
	* Converts a given thrift object to our internal Credentials representation.
	*
	* @param serialized
	* a Thrift encoded set of credentials
	* @return a new Credentials instance; destroy the token when you're done.
	*/
	public static Credentials fromThrift(TCredentials serialized) {
	return new Credentials(serialized.getPrincipal(), AuthenticationTokenSerializer
	.deserialize(serialized.getTokenClassName(), serialized.getToken()));
	}

	/**
	* Converts the current object to a serialized form. The object returned from this contains a
	* non-destroyable version of the {@link AuthenticationToken}, so references to it should be
	* tightly controlled.
	*
	* @return serialized form of these credentials
	*/
	public final String serialize() {
	return (getPrincipal() == null ? "-"
	: Base64.getEncoder().encodeToString(getPrincipal().getBytes(UTF_8)))
	+ ":"
	+ (getToken() == null ? "-"
	: Base64.getEncoder().encodeToString(getToken().getClass().getName().getBytes(UTF_8)))
	+ ":"
	+ (getToken() == null ? "-"
	: Base64.getEncoder()
	.encodeToString(AuthenticationTokenSerializer.serialize(getToken())));
	}

	/**
	* Converts the serialized form to an instance of {@link Credentials}. The original serialized
	* form will not be affected.
	*
	* @param serializedForm
	* serialized form of credentials
	* @return deserialized credentials
	*/
	public static final Credentials deserialize(String serializedForm) {
	String[] split = serializedForm.split(":", 3);
	String principal = split[0].equals("-") ? null
	: new String(Base64.getDecoder().decode(split[0]), UTF_8);
	String tokenType = split[1].equals("-") ? null
	: new String(Base64.getDecoder().decode(split[1]), UTF_8);
	AuthenticationToken token = null;
	if (!split[2].equals("-")) {
	byte[] tokenBytes = Base64.getDecoder().decode(split[2]);
	token = AuthenticationTokenSerializer.deserialize(tokenType, tokenBytes);
	}
	return new Credentials(principal, token);
	}

	@Override
	public int hashCode() {
	return getPrincipal() == null ? 0 : getPrincipal().hashCode();
	}

	@Override
	public boolean equals(Object obj) {
	if (obj == null \|\| !(obj instanceof Credentials))
	return false;
	Credentials other = Credentials.class.cast(obj);
	boolean pEq = getPrincipal() == null ? (other.getPrincipal() == null)
	: (getPrincipal().equals(other.getPrincipal()));
	if (!pEq)
	return false;
	return getToken() == null ? (other.getToken() == null) : (getToken().equals(other.getToken()));
	}

	@Override
	public String toString() {
	return getClass().getName() + ":" + getPrincipal() + ":"
	+ (getToken() == null ? null : getToken().getClass().getName()) + ":<hidden>";
	}
	}