/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.accumulo.cluster;
import static com.google.common.base.Preconditions.checkArgument;
import static java.util.Objects.requireNonNull;
import java.io.File;
import java.io.IOException;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
import org.apache.accumulo.core.client.security.tokens.KerberosToken;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.hadoop.security.UserGroupInformation;
/**
* Simple wrapper around a principal and its credentials: a password or a keytab.
*/
public class ClusterUser {
private String password;
private String principal;
private File keytab;
public ClusterUser(String principal, File keytab) {
requireNonNull(principal, "Principal was null");
requireNonNull(keytab, "Keytab was null");
checkArgument(keytab.exists() && keytab.isFile(), "Keytab should be a file");
this.principal = principal;
this.keytab = keytab;
}
public ClusterUser(String principal, String password) {
requireNonNull(principal, "Principal was null");
requireNonNull(password, "Password was null");
this.principal = principal;
this.password = password;
}
/**
* @return the principal
*/
public String getPrincipal() {
return principal;
}
/**
* @return the keytab, or null if login is password-based
*/
public File getKeytab() {
return keytab;
}
/**
* @return the password, or null if login is keytab-based
*/
public String getPassword() {
return password;
}
/**
* Computes the appropriate {@link AuthenticationToken} for the user represented by this object. May not yet be created in Accumulo.
*
* @return the correct {@link AuthenticationToken} to use with Accumulo for this user
* @throws IOException
* if performing necessary login failed
*/
public AuthenticationToken getToken() throws IOException {
if (null != password) {
return new PasswordToken(password);
} else if (null != keytab) {
UserGroupInformation.loginUserFromKeytab(principal, keytab.getAbsolutePath());
return new KerberosToken();
}
throw new IllegalStateException("One of password and keytab must be non-null");
}
@Override
public String toString() {
return "KerberosPrincipal [principal=" + principal + ", keytab=" + keytab + ", password=" + password + "]";
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + principal.hashCode();
result = prime * result + (keytab == null ? 0 : keytab.hashCode());
result = prime * result + (password == null ? 0 : password.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj) {
return true;
}
if (obj == null) {
return false;
}
if (obj instanceof ClusterUser) {
ClusterUser other = (ClusterUser) obj;
if (null == keytab) {
if (null != other.keytab) {
return false;
}
} else if (!keytab.equals(other.keytab)) {
return false;
}
if (null == password) {
if (null != other.password) {
return false;
}
} else if (!password.equals(other.password)) {
return false;
}
return principal.equals(other.principal);
}
return false;
}
}