exec/java-exec/src/main/java/org/apache/drill/exec/rpc/BitRpcUtility.java - drill - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *    http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.drill.exec.rpc;

 import com.google.common.collect.ImmutableList;
 import com.google.protobuf.Internal.EnumLite;
 import com.google.protobuf.MessageLite;
 import org.apache.drill.exec.proto.CoordinationProtos.DrillbitEndpoint;
 import org.apache.drill.exec.rpc.security.AuthenticatorFactory;
 import org.apache.drill.exec.rpc.security.SaslProperties;
 import org.apache.hadoop.security.UserGroupInformation;

 import java.io.IOException;
 import java.util.List;
 import java.util.Map;

 /**
  * Utility class providing common methods shared between {@link org.apache.drill.exec.rpc.data.DataClient} and
  * {@link org.apache.drill.exec.rpc.control.ControlClient}
  */
 public final class BitRpcUtility {
   private static final org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(BitRpcUtility.class);

   /**
    * Method to do validation on the handshake message received from server side. Only used by BitClients NOT UserClient.
    * Verify if rpc version of handshake message matches the supported RpcVersion and also validates the
    * security configuration between client and server
    * @param handshakeRpcVersion - rpc version received in handshake message
    * @param remoteAuthMechs - authentication mechanisms supported by server
    * @param rpcVersion - supported rpc version on client
    * @param connection - client connection
    * @param config - client connectin config
    * @param client - data client or control client
    * @return - Immutable list of authentication mechanisms supported by server or null
    * @throws RpcException - exception is thrown if rpc version or authentication configuration mismatch is found
    */
   public static List<String> validateHandshake(int handshakeRpcVersion, List<String> remoteAuthMechs, int rpcVersion,
                                                ClientConnection connection, BitConnectionConfig config,
                                                BasicClient client) throws RpcException {

     if (handshakeRpcVersion != rpcVersion) {
       throw new RpcException(String.format("Invalid rpc version.  Expected %d, actual %d.",
         handshakeRpcVersion, rpcVersion));
     }

     if (remoteAuthMechs.size() != 0) { // remote requires authentication
       client.setAuthComplete(false);
       return ImmutableList.copyOf(remoteAuthMechs);
     } else {
       if (config.getAuthMechanismToUse() != null) { // local requires authentication
         throw new RpcException(String.format("Remote Drillbit does not require auth, but auth is enabled in " +
           "local Drillbit configuration. [Details: connection: (%s) and LocalAuthMechanism: (%s). Please check " +
           "security configuration for bit-to-bit.", connection.getName(), config.getAuthMechanismToUse()));
       }
     }
     return null;
   }

   /**
    * Creates various instances needed to start the SASL handshake. This is called from
    * {@link BasicClient#prepareSaslHandshake(RpcConnectionHandler, List)} only for
    * {@link org.apache.drill.exec.rpc.data.DataClient} and {@link org.apache.drill.exec.rpc.control.ControlClient}
    *
    * @param connectionHandler    - Connection handler used by client's to know about success/failure conditions.
    * @param serverAuthMechanisms - List of auth mechanisms configured on server side
    * @param connection - ClientConnection used for authentication
    * @param config - ClientConnection config
    * @param endpoint - Remote DrillbitEndpoint
    * @param client - Either of DataClient/ControlClient instance
    * @param saslRpcType - SASL_MESSAGE RpcType for Data and Control channel
    */
   public static <T extends EnumLite, CC extends ClientConnection, HS extends MessageLite, HR extends MessageLite>
   void prepareSaslHandshake(final RpcConnectionHandler<CC> connectionHandler, List<String> serverAuthMechanisms,
                             CC connection, BitConnectionConfig config, DrillbitEndpoint endpoint,
                             final BasicClient<T, CC, HS, HR> client, T saslRpcType) {
     try {
       final Map<String, String> saslProperties = SaslProperties.getSaslProperties(connection.isEncryptionEnabled(),
         connection.getMaxWrappedSize());
       final UserGroupInformation ugi = UserGroupInformation.getLoginUser();
       final AuthenticatorFactory factory = config.getAuthFactory(serverAuthMechanisms);
       client.startSaslHandshake(connectionHandler, config.getSaslClientProperties(endpoint, saslProperties),
         ugi, factory, saslRpcType);
     } catch (final IOException e) {
       logger.error("Failed while doing setup for starting sasl handshake for connection", connection.getName());
       final Exception ex = new RpcException(String.format("Failed to initiate authentication to %s",
         endpoint.getAddress()), e);
       connectionHandler.connectionFailed(RpcConnectionHandler.FailureType.AUTHENTICATION, ex);
     }
   }

   // Suppress default constructor
   private BitRpcUtility() {
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.drill.exec.rpc;

	import com.google.common.collect.ImmutableList;
	import com.google.protobuf.Internal.EnumLite;
	import com.google.protobuf.MessageLite;
	import org.apache.drill.exec.proto.CoordinationProtos.DrillbitEndpoint;
	import org.apache.drill.exec.rpc.security.AuthenticatorFactory;
	import org.apache.drill.exec.rpc.security.SaslProperties;
	import org.apache.hadoop.security.UserGroupInformation;

	import java.io.IOException;
	import java.util.List;
	import java.util.Map;

	/**
	* Utility class providing common methods shared between {@link org.apache.drill.exec.rpc.data.DataClient} and
	* {@link org.apache.drill.exec.rpc.control.ControlClient}
	*/
	public final class BitRpcUtility {
	private static final org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(BitRpcUtility.class);

	/**
	* Method to do validation on the handshake message received from server side. Only used by BitClients NOT UserClient.
	* Verify if rpc version of handshake message matches the supported RpcVersion and also validates the
	* security configuration between client and server
	* @param handshakeRpcVersion - rpc version received in handshake message
	* @param remoteAuthMechs - authentication mechanisms supported by server
	* @param rpcVersion - supported rpc version on client
	* @param connection - client connection
	* @param config - client connectin config
	* @param client - data client or control client
	* @return - Immutable list of authentication mechanisms supported by server or null
	* @throws RpcException - exception is thrown if rpc version or authentication configuration mismatch is found
	*/
	public static List<String> validateHandshake(int handshakeRpcVersion, List<String> remoteAuthMechs, int rpcVersion,
	ClientConnection connection, BitConnectionConfig config,
	BasicClient client) throws RpcException {

	if (handshakeRpcVersion != rpcVersion) {
	throw new RpcException(String.format("Invalid rpc version. Expected %d, actual %d.",
	handshakeRpcVersion, rpcVersion));
	}

	if (remoteAuthMechs.size() != 0) { // remote requires authentication
	client.setAuthComplete(false);
	return ImmutableList.copyOf(remoteAuthMechs);
	} else {
	if (config.getAuthMechanismToUse() != null) { // local requires authentication
	throw new RpcException(String.format("Remote Drillbit does not require auth, but auth is enabled in " +
	"local Drillbit configuration. [Details: connection: (%s) and LocalAuthMechanism: (%s). Please check " +
	"security configuration for bit-to-bit.", connection.getName(), config.getAuthMechanismToUse()));
	}
	}
	return null;
	}

	/**
	* Creates various instances needed to start the SASL handshake. This is called from
	* {@link BasicClient#prepareSaslHandshake(RpcConnectionHandler, List)} only for
	* {@link org.apache.drill.exec.rpc.data.DataClient} and {@link org.apache.drill.exec.rpc.control.ControlClient}
	*
	* @param connectionHandler - Connection handler used by client's to know about success/failure conditions.
	* @param serverAuthMechanisms - List of auth mechanisms configured on server side
	* @param connection - ClientConnection used for authentication
	* @param config - ClientConnection config
	* @param endpoint - Remote DrillbitEndpoint
	* @param client - Either of DataClient/ControlClient instance
	* @param saslRpcType - SASL_MESSAGE RpcType for Data and Control channel
	*/
	public static <T extends EnumLite, CC extends ClientConnection, HS extends MessageLite, HR extends MessageLite>
	void prepareSaslHandshake(final RpcConnectionHandler<CC> connectionHandler, List<String> serverAuthMechanisms,
	CC connection, BitConnectionConfig config, DrillbitEndpoint endpoint,
	final BasicClient<T, CC, HS, HR> client, T saslRpcType) {
	try {
	final Map<String, String> saslProperties = SaslProperties.getSaslProperties(connection.isEncryptionEnabled(),
	connection.getMaxWrappedSize());
	final UserGroupInformation ugi = UserGroupInformation.getLoginUser();
	final AuthenticatorFactory factory = config.getAuthFactory(serverAuthMechanisms);
	client.startSaslHandshake(connectionHandler, config.getSaslClientProperties(endpoint, saslProperties),
	ugi, factory, saslRpcType);
	} catch (final IOException e) {
	logger.error("Failed while doing setup for starting sasl handshake for connection", connection.getName());
	final Exception ex = new RpcException(String.format("Failed to initiate authentication to %s",
	endpoint.getAddress()), e);
	connectionHandler.connectionFailed(RpcConnectionHandler.FailureType.AUTHENTICATION, ex);
	}
	}

	// Suppress default constructor
	private BitRpcUtility() {
	}
	}