internal virtual string GetServerPrincipal(RpcHeaderProtos.RpcSaslProto.SaslAuth
authType)
{
KerberosInfo krbInfo = SecurityUtil.GetKerberosInfo(protocol, conf);
Log.Debug("Get kerberos info proto:" + protocol + " info:" + krbInfo);
if (krbInfo == null)
{
// protocol has no support for kerberos
return(null);
}
string serverKey = krbInfo.ServerPrincipal();
if (serverKey == null)
{
throw new ArgumentException("Can't obtain server Kerberos config key from protocol="
+ protocol.GetCanonicalName());
}
// construct server advertised principal for comparision
string serverPrincipal = new KerberosPrincipal(authType.GetProtocol() + "/" + authType
.GetServerId(), KerberosPrincipal.KrbNtSrvHst).GetName();
bool isPrincipalValid = false;
// use the pattern if defined
string serverKeyPattern = conf.Get(serverKey + ".pattern");
if (serverKeyPattern != null && !serverKeyPattern.IsEmpty())
{
Pattern pattern = GlobPattern.Compile(serverKeyPattern);
isPrincipalValid = pattern.Matcher(serverPrincipal).Matches();
}
else
{
// check that the server advertised principal matches our conf
string confPrincipal = SecurityUtil.GetServerPrincipal(conf.Get(serverKey), serverAddr
.Address);
if (Log.IsDebugEnabled())
{
Log.Debug("getting serverKey: " + serverKey + " conf value: " + conf.Get(serverKey
) + " principal: " + confPrincipal);
}
if (confPrincipal == null || confPrincipal.IsEmpty())
{
throw new ArgumentException("Failed to specify server's Kerberos principal name");
}
KerberosName name = new KerberosName(confPrincipal);
if (name.GetHostName() == null)
{
throw new ArgumentException("Kerberos principal name does NOT have the expected hostname part: "
+ confPrincipal);
}
isPrincipalValid = serverPrincipal.Equals(confPrincipal);
}
if (!isPrincipalValid)
{
throw new ArgumentException("Server has invalid Kerberos principal: " + serverPrincipal
);
}
return(serverPrincipal);
}
