[GitHub] storm pull request #2531: STORM-2898: Support for WorkerToken authentication

Tue, 30 Jan 2018 13:45:06 -0800 

Github user Ethanlm commented on a diff in the pull request:

    https://github.com/apache/storm/pull/2531#discussion_r164886401
  
    --- Diff: 
storm-client/src/jvm/org/apache/storm/security/auth/workertoken/WorkerTokenSigner.java
 ---
    @@ -0,0 +1,64 @@
    +/*
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + * http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +
    +package org.apache.storm.security.auth.workertoken;
    +
    +import java.security.InvalidKeyException;
    +import java.security.NoSuchAlgorithmException;
    +import javax.crypto.Mac;
    +import javax.crypto.SecretKey;
    +
    +/**
    + * Provides everything needed to sign a worker token with a secret key.
    + */
    +class WorkerTokenSigner {
    +    /**
    +     * The name of the hashing algorithm.
    +     */
    +    static final String DEFAULT_HMAC_ALGORITHM = "HmacSHA1";
    +
    +    /**
    +     * A thread local store for the Macs.
    +     */
    +    private static final ThreadLocal<Mac> threadLocalMac =
    +        ThreadLocal.withInitial(() -> {
    +            try {
    +                return Mac.getInstance(DEFAULT_HMAC_ALGORITHM);
    +            } catch (NoSuchAlgorithmException nsa) {
    +                throw new IllegalArgumentException("Can't find " + 
DEFAULT_HMAC_ALGORITHM + " algorithm.");
    +            }
    +        });
    +
    +    /**
    +     * Compute HMAC of the identifier using the secret key and return the
    +     * output as password.
    +     * @param identifier the bytes of the identifier
    +     * @param key the secret key
    +     * @return the bytes of the generated password
    +     */
    +    static byte[] createPassword(byte[] identifier,
    +                                           SecretKey key) {
    --- End diff --
    
    Is the function signature in one line better?


---

Reply via email to