org.apache.hadoop.security.authentication.util

Class KerberosUtil

java.lang.Object

org.apache.hadoop.security.authentication.util.KerberosUtil

public class KerberosUtil
extends Object

Field Summary

Fields

Modifier and Type	Field and Description
static Oid	GSS_KRB5_MECH_OID
static Oid	GSS_SPNEGO_MECH_OID
static Oid	NT_GSS_KRB5_PRINCIPAL_OID

Constructor Summary

Constructors

Constructor and Description
KerberosUtil()

Method Summary

Modifier and Type	Method and Description
static String	getDefaultRealm() Return the default realm for this JVM.
static String	getDefaultRealmProtected() Return the default realm for this JVM.
static String	getDomainRealm(String shortprinc)
static String	getKrb5LoginModuleName()
static Oid	getOidInstance(String oidName)
static String[]	getPrincipalNames(String keytab, Pattern pattern) Get all the unique principals from keytabfile which matches a pattern.
static String	getServicePrincipal(String service, String hostname) Create Kerberos principal for a given service and hostname, inferring realm from the fqdn of the hostname.
static String	getTokenServerName(byte[] rawToken) Extract the TGS server principal from the given gssapi kerberos or spnego wrapped token.
static boolean	hasKerberosKeyTab(Subject subject) Check if the subject contains Kerberos keytab related objects.
static boolean	hasKerberosTicket(Subject subject) Check if the subject contains Kerberos ticket.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

GSS_SPNEGO_MECH_OID

public static final Oid GSS_SPNEGO_MECH_OID

GSS_KRB5_MECH_OID

public static final Oid GSS_KRB5_MECH_OID

NT_GSS_KRB5_PRINCIPAL_OID

public static final Oid NT_GSS_KRB5_PRINCIPAL_OID

Constructor Detail

KerberosUtil

public KerberosUtil()

Method Detail

getKrb5LoginModuleName

public static String getKrb5LoginModuleName()

getOidInstance

public static Oid getOidInstance(String oidName)
                          throws ClassNotFoundException,
                                 GSSException,
                                 NoSuchFieldException,
                                 IllegalAccessException

Throws:

ClassNotFoundException

GSSException

NoSuchFieldException

IllegalAccessException

getDefaultRealm

public static String getDefaultRealm()
                              throws ClassNotFoundException,
                                     NoSuchMethodException,
                                     IllegalArgumentException,
                                     IllegalAccessException,
                                     InvocationTargetException

Return the default realm for this JVM.

Returns:

The default realm

Throws:

IllegalArgumentException - If the default realm does not exist.

ClassNotFoundException - Not thrown. Exists for compatibility.

NoSuchMethodException - Not thrown. Exists for compatibility.

IllegalAccessException - Not thrown. Exists for compatibility.

InvocationTargetException - Not thrown. Exists for compatibility.

getDefaultRealmProtected

public static String getDefaultRealmProtected()

Return the default realm for this JVM. If the default realm does not exist, this method returns null.

Returns:

The default realm

getDomainRealm

public static String getDomainRealm(String shortprinc)

getServicePrincipal

public static final String getServicePrincipal(String service,
                                               String hostname)
                                        throws UnknownHostException

Create Kerberos principal for a given service and hostname, inferring realm from the fqdn of the hostname. It converts hostname to lower case. If hostname is null or "0.0.0.0", it uses dynamically looked-up fqdn of the current host instead. If domain_realm mappings are inadequately specified, it will use default_realm, per usual Kerberos behavior. If default_realm also gives a null value, then a principal without realm will be returned, which by Kerberos definitions is just another way to specify default realm.

Parameters:

service - Service for which you want to generate the principal.

hostname - Fully-qualified domain name.

Returns:

Converted Kerberos principal name.

Throws:

UnknownHostException - If no IP address for the local host could be found.

getPrincipalNames

public static final String[] getPrincipalNames(String keytab,
                                               Pattern pattern)
                                        throws IOException

Get all the unique principals from keytabfile which matches a pattern.

Parameters:

keytab - Name of the keytab file to be read.

pattern - pattern to be matched.

Returns:

list of unique principals which matches the pattern.

Throws:

IOException - if cannot get the principal name

hasKerberosKeyTab

public static boolean hasKerberosKeyTab(Subject subject)

Check if the subject contains Kerberos keytab related objects. The Kerberos keytab object attached in subject has been changed from KerberosKey (JDK 7) to KeyTab (JDK 8)

Parameters:

subject - subject to be checked

Returns:

true if the subject contains Kerberos keytab

hasKerberosTicket

public static boolean hasKerberosTicket(Subject subject)

Check if the subject contains Kerberos ticket.

Parameters:

subject - subject to be checked

Returns:

true if the subject contains Kerberos ticket

getTokenServerName

public static String getTokenServerName(byte[] rawToken)

Extract the TGS server principal from the given gssapi kerberos or spnego wrapped token.

Parameters:

rawToken - bytes of the gss token

Returns:

String of server principal

Throws:

IllegalArgumentException - if token is undecodable