HADOOP-13503. Improve SaslRpcClient failure logging. Contributed by Xiaobing Zhou.

(cherry picked from commit 9fdd1ea72497f7a8aadbfedeba36688e0c16c52e)

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java

@@ -303,13 +303,16 @@ public class SaslRpcClient {
         authType.getProtocol() + "/" + authType.getServerId(),
         KerberosPrincipal.KRB_NT_SRV_HST).getName();
 
-    boolean isPrincipalValid = false;
-
     // use the pattern if defined
     String serverKeyPattern = conf.get(serverKey + ".pattern");
     if (serverKeyPattern != null && !serverKeyPattern.isEmpty()) {
       Pattern pattern = GlobPattern.compile(serverKeyPattern);
-      isPrincipalValid = pattern.matcher(serverPrincipal).matches();
+      if (!pattern.matcher(serverPrincipal).matches()) {
+        throw new IllegalArgumentException(String.format(
+            "Server has invalid Kerberos principal: %s,"
+                + " doesn't match the pattern: %s",
+            serverPrincipal, serverKeyPattern));
+      }
     } else {
       // check that the server advertised principal matches our conf
       String confPrincipal = SecurityUtil.getServerPrincipal(
@@ -328,11 +331,11 @@ public class SaslRpcClient {
             "Kerberos principal name does NOT have the expected hostname part: "
                 + confPrincipal);
       }
-      isPrincipalValid = serverPrincipal.equals(confPrincipal);
-    }
-    if (!isPrincipalValid) {
-      throw new IllegalArgumentException(
-          "Server has invalid Kerberos principal: " + serverPrincipal);
+      if (!serverPrincipal.equals(confPrincipal)) {
+        throw new IllegalArgumentException(String.format(
+            "Server has invalid Kerberos principal: %s, expecting: %s",
+            serverPrincipal, confPrincipal));
+      }
     }
     return serverPrincipal;
   }