/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ import {AuthenticationProviderConfig} from './authentication-provider-config'; import {ValidationUtils} from '../utils/validation-utils'; export class KerberosProviderConfig extends AuthenticationProviderConfig { static CONFIG_PREFIX = 'Config Prefix'; static SIG_SECRET = 'Signature Secret'; static TYPE = 'Type'; static ANON_ALLOWED = 'Allow Anonymous'; static TOKEN_VALIDITY = 'Token Expiration'; static COOKIE_DOMAIN = 'Domain'; static COOKIE_PATH = 'Path'; static KRB_PRINCIPAL = 'Principal'; static KRB_KEYTAB = 'KeyTab'; static KRB_RULES = 'Name Rules'; private static displayPropertyNames = [KerberosProviderConfig.CONFIG_PREFIX, KerberosProviderConfig.SIG_SECRET, KerberosProviderConfig.ANON_ALLOWED, KerberosProviderConfig.TOKEN_VALIDITY, KerberosProviderConfig.COOKIE_DOMAIN, KerberosProviderConfig.COOKIE_PATH, KerberosProviderConfig.KRB_PRINCIPAL, KerberosProviderConfig.KRB_KEYTAB, KerberosProviderConfig.KRB_RULES ]; private static displayPropertyNameBindings: Map<string, string> = new Map([ [KerberosProviderConfig.CONFIG_PREFIX, 'config.prefix'], [KerberosProviderConfig.SIG_SECRET, 'signature.secret'], [KerberosProviderConfig.TYPE, 'type'], [KerberosProviderConfig.ANON_ALLOWED, 'simple.anonymous.allowed'], [KerberosProviderConfig.TOKEN_VALIDITY, 'token.validity'], [KerberosProviderConfig.COOKIE_DOMAIN, 'cookie.domain'], [KerberosProviderConfig.COOKIE_PATH, 'cookie.path'], [KerberosProviderConfig.KRB_PRINCIPAL, 'kerberos.principal'], [KerberosProviderConfig.KRB_KEYTAB, 'kerberos.keytab'], [KerberosProviderConfig.KRB_RULES, 'kerberos.name.rules'] ]); constructor() { super('HadoopAuth'); this.setParam(this.getDisplayNamePropertyBinding(KerberosProviderConfig.CONFIG_PREFIX), 'hadoop.auth.config'); this.setParam(this.getDisplayNamePropertyBinding(KerberosProviderConfig.TYPE), 'kerberos'); } getDisplayPropertyNames(): string[] { return KerberosProviderConfig.displayPropertyNames; } getDisplayNamePropertyBinding(name: string) { let propName: string; if (name === KerberosProviderConfig.CONFIG_PREFIX) { propName = KerberosProviderConfig.displayPropertyNameBindings.get(name); } else { let prefix = this.getParam(KerberosProviderConfig.displayPropertyNameBindings.get(KerberosProviderConfig.CONFIG_PREFIX)); if (prefix) { propName = prefix + '.' + KerberosProviderConfig.displayPropertyNameBindings.get(name); } else { propName = KerberosProviderConfig.displayPropertyNameBindings.get(name); } } return propName; } isPasswordParam(name: string): boolean { return (name === KerberosProviderConfig.SIG_SECRET); } setParam(name: string, value: string) { console.debug('KerberosProviderConfig --> setParam(' + name + ', ' + value + ')'); // TODO: PJZ: DELETE ME if (name === this.getDisplayNamePropertyBinding(KerberosProviderConfig.CONFIG_PREFIX)) { // If the config prefix property has changed, then the properties need to be modified accordingly let prevPrefix = this.getParam(this.getDisplayNamePropertyBinding(KerberosProviderConfig.CONFIG_PREFIX)); if (value !== prevPrefix) { // Iterate over those properties which have already been set for (let propName of this.getParamNames()) { console.debug('\tPrevious property ' + propName); if (propName.startsWith(prevPrefix)) { // If the property name includes the previous config prefix let suffix = propName.substring(prevPrefix.length + 1); // prefix + '.' let newPropName = value + '.' + suffix; this.setParam(newPropName, this.getParam(propName)); console.debug('\tRenamed ' + propName + ' to ' + newPropName + ' because config prefix changed.'); this.removeParam(propName); console.debug('\tDeleted ' + propName + ' because config prefix changed.'); } } super.setParam(name, value); // Update the config prefix property itself } } else { super.setParam(name, value); } } isValidParamValue(paramName: string): boolean { let isValid = true; switch (paramName) { case KerberosProviderConfig.ANON_ALLOWED: isValid = this.isValidAllowAnon(); break; case KerberosProviderConfig.TOKEN_VALIDITY: isValid = this.isValidTokenExpiration(); break; default: isValid = true; } return isValid; } private isValidTokenExpiration(): boolean { let isValid = true; let tokenExpiration = this.getParam(this.getDisplayNamePropertyBinding(KerberosProviderConfig.TOKEN_VALIDITY)); if (tokenExpiration) { isValid = ValidationUtils.isValidNumber(tokenExpiration); if (!isValid) { console.debug(KerberosProviderConfig.TOKEN_VALIDITY + ' value is not valid.'); } } return isValid; } private isValidAllowAnon(): boolean { let isValid = true; let allowAnon = this.getParam(this.getDisplayNamePropertyBinding(KerberosProviderConfig.ANON_ALLOWED)); if (allowAnon) { isValid = ValidationUtils.isValidBoolean(allowAnon); if (!isValid) { console.debug(KerberosProviderConfig.ANON_ALLOWED + ' value is not valid.'); } } return isValid; } }