|
|
@@ -0,0 +1,84 @@
|
|
|
+/**
|
|
|
+ * Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
+ * you may not use this file except in compliance with the License.
|
|
|
+ * You may obtain a copy of the License at
|
|
|
+ *
|
|
|
+ * http://www.apache.org/licenses/LICENSE-2.0
|
|
|
+ *
|
|
|
+ * Unless required by applicable law or agreed to in writing, software
|
|
|
+ * distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
+ * See the License for the specific language governing permissions and
|
|
|
+ * limitations under the License. See accompanying LICENSE file.
|
|
|
+ */
|
|
|
+package org.apache.hadoop.security.authentication.util;
|
|
|
+
|
|
|
+import com.google.common.base.Charsets;
|
|
|
+import org.apache.hadoop.classification.InterfaceAudience;
|
|
|
+import org.apache.hadoop.classification.InterfaceStability;
|
|
|
+import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
|
|
|
+import org.apache.hadoop.security.authentication.util.SignerSecretProvider;
|
|
|
+
|
|
|
+import javax.servlet.ServletContext;
|
|
|
+import java.io.*;
|
|
|
+import java.nio.charset.Charset;
|
|
|
+import java.util.Properties;
|
|
|
+
|
|
|
+/**
|
|
|
+ * A SignerSecretProvider that simply loads a secret from a specified file.
|
|
|
+ */
|
|
|
+@InterfaceStability.Unstable
|
|
|
+@InterfaceAudience.Private
|
|
|
+public class FileSignerSecretProvider extends SignerSecretProvider {
|
|
|
+
|
|
|
+ private byte[] secret;
|
|
|
+ private byte[][] secrets;
|
|
|
+
|
|
|
+ public FileSignerSecretProvider() {}
|
|
|
+
|
|
|
+ @Override
|
|
|
+ public void init(Properties config, ServletContext servletContext,
|
|
|
+ long tokenValidity) throws Exception {
|
|
|
+
|
|
|
+ String signatureSecretFile = config.getProperty(
|
|
|
+ AuthenticationFilter.SIGNATURE_SECRET_FILE, null);
|
|
|
+
|
|
|
+ Reader reader = null;
|
|
|
+ if (signatureSecretFile != null) {
|
|
|
+ try {
|
|
|
+ StringBuilder sb = new StringBuilder();
|
|
|
+ reader = new InputStreamReader(
|
|
|
+ new FileInputStream(signatureSecretFile), Charsets.UTF_8);
|
|
|
+ int c = reader.read();
|
|
|
+ while (c > -1) {
|
|
|
+ sb.append((char) c);
|
|
|
+ c = reader.read();
|
|
|
+ }
|
|
|
+ secret = sb.toString().getBytes(Charset.forName("UTF-8"));
|
|
|
+ } catch (IOException ex) {
|
|
|
+ throw new RuntimeException("Could not read signature secret file: " +
|
|
|
+ signatureSecretFile);
|
|
|
+ } finally {
|
|
|
+ if (reader != null) {
|
|
|
+ try {
|
|
|
+ reader.close();
|
|
|
+ } catch (IOException e) {
|
|
|
+ // nothing to do
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ secrets = new byte[][]{secret};
|
|
|
+ }
|
|
|
+
|
|
|
+ @Override
|
|
|
+ public byte[] getCurrentSecret() {
|
|
|
+ return secret;
|
|
|
+ }
|
|
|
+
|
|
|
+ @Override
|
|
|
+ public byte[][] getAllSecrets() {
|
|
|
+ return secrets;
|
|
|
+ }
|
|
|
+}
|
Haohui Mai