src/kudu/rpc/rpc_verification_util.cc - kudu - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.

 #include "kudu/rpc/rpc_verification_util.h"

 #include <ostream>

 #include <glog/logging.h>

 #include "kudu/rpc/rpc_header.pb.h"
 #include "kudu/security/token_verifier.h"

 namespace kudu {

 using security::TokenVerificationResult;

 namespace rpc {

 Status ParseTokenVerificationResult(const TokenVerificationResult& result,
                                     ErrorStatusPB::RpcErrorCodePB retry_error,
                                     ErrorStatusPB::RpcErrorCodePB* error) {
   DCHECK(error);
   switch (result) {
     case TokenVerificationResult::VALID: return Status::OK();

     case TokenVerificationResult::INVALID_TOKEN:
     case TokenVerificationResult::INVALID_SIGNATURE:
     case TokenVerificationResult::EXPIRED_TOKEN:
     case TokenVerificationResult::EXPIRED_SIGNING_KEY: {
       // These errors indicate the client should get a new token and try again.
       *error = retry_error;
       break;
     }
     case TokenVerificationResult::UNKNOWN_SIGNING_KEY: {
       // The server doesn't recognize the signing key. This indicates that the
       // server has not been updated with the most recent TSKs, so tell the
       // client to try again later.
       *error = ErrorStatusPB::ERROR_UNAVAILABLE;
       break;
     }
     case TokenVerificationResult::INCOMPATIBLE_FEATURE: {
       // These error types aren't recoverable by having the client get a new token.
       *error = ErrorStatusPB::FATAL_UNAUTHORIZED;
       break;
     }
     default:
       LOG(FATAL) << "Unknown verification result: " << static_cast<int>(result);
   }
   return Status::NotAuthorized(TokenVerificationResultToString(result));
 }

 } // namespace rpc
 } // namespace kudu
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.

	#include "kudu/rpc/rpc_verification_util.h"

	#include <ostream>

	#include <glog/logging.h>

	#include "kudu/rpc/rpc_header.pb.h"
	#include "kudu/security/token_verifier.h"

	namespace kudu {

	using security::TokenVerificationResult;

	namespace rpc {

	Status ParseTokenVerificationResult(const TokenVerificationResult& result,
	ErrorStatusPB::RpcErrorCodePB retry_error,
	ErrorStatusPB::RpcErrorCodePB* error) {
	DCHECK(error);
	switch (result) {
	case TokenVerificationResult::VALID: return Status::OK();

	case TokenVerificationResult::INVALID_TOKEN:
	case TokenVerificationResult::INVALID_SIGNATURE:
	case TokenVerificationResult::EXPIRED_TOKEN:
	case TokenVerificationResult::EXPIRED_SIGNING_KEY: {
	// These errors indicate the client should get a new token and try again.
	*error = retry_error;
	break;
	}
	case TokenVerificationResult::UNKNOWN_SIGNING_KEY: {
	// The server doesn't recognize the signing key. This indicates that the
	// server has not been updated with the most recent TSKs, so tell the
	// client to try again later.
	*error = ErrorStatusPB::ERROR_UNAVAILABLE;
	break;
	}
	case TokenVerificationResult::INCOMPATIBLE_FEATURE: {
	// These error types aren't recoverable by having the client get a new token.
	*error = ErrorStatusPB::FATAL_UNAUTHORIZED;
	break;
	}
	default:
	LOG(FATAL) << "Unknown verification result: " << static_cast<int>(result);
	}
	return Status::NotAuthorized(TokenVerificationResultToString(result));
	}

	} // namespace rpc
	} // namespace kudu