internal virtual string GetServerPrincipal(RpcHeaderProtos.RpcSaslProto.SaslAuth authType) { KerberosInfo krbInfo = SecurityUtil.GetKerberosInfo(protocol, conf); Log.Debug("Get kerberos info proto:" + protocol + " info:" + krbInfo); if (krbInfo == null) { // protocol has no support for kerberos return(null); } string serverKey = krbInfo.ServerPrincipal(); if (serverKey == null) { throw new ArgumentException("Can't obtain server Kerberos config key from protocol=" + protocol.GetCanonicalName()); } // construct server advertised principal for comparision string serverPrincipal = new KerberosPrincipal(authType.GetProtocol() + "/" + authType .GetServerId(), KerberosPrincipal.KrbNtSrvHst).GetName(); bool isPrincipalValid = false; // use the pattern if defined string serverKeyPattern = conf.Get(serverKey + ".pattern"); if (serverKeyPattern != null && !serverKeyPattern.IsEmpty()) { Pattern pattern = GlobPattern.Compile(serverKeyPattern); isPrincipalValid = pattern.Matcher(serverPrincipal).Matches(); } else { // check that the server advertised principal matches our conf string confPrincipal = SecurityUtil.GetServerPrincipal(conf.Get(serverKey), serverAddr .Address); if (Log.IsDebugEnabled()) { Log.Debug("getting serverKey: " + serverKey + " conf value: " + conf.Get(serverKey ) + " principal: " + confPrincipal); } if (confPrincipal == null || confPrincipal.IsEmpty()) { throw new ArgumentException("Failed to specify server's Kerberos principal name"); } KerberosName name = new KerberosName(confPrincipal); if (name.GetHostName() == null) { throw new ArgumentException("Kerberos principal name does NOT have the expected hostname part: " + confPrincipal); } isPrincipalValid = serverPrincipal.Equals(confPrincipal); } if (!isPrincipalValid) { throw new ArgumentException("Server has invalid Kerberos principal: " + serverPrincipal ); } return(serverPrincipal); }