HBASE-26553. Address taklwu's comments

Author: anmolnar

hbase-client/src/test/java/org/apache/hadoop/hbase/security/provider/OAuthBearerSaslClientCallbackHandlerTest.java

@@ -68,7 +68,7 @@ public void testWithZeroTokens() {
     assertEquals(IOException.class, e.getCause().getClass());
   }
 
-  @Test()
+  @Test
   public void testWithPotentiallyMultipleTokens() throws Exception {
     OAuthBearerSaslClientAuthenticationProvider.OAuthBearerSaslClientCallbackHandler handler =
       createCallbackHandler();

hbase-common/src/main/java/org/apache/hadoop/hbase/exceptions/IllegalSaslStateException.java

@@ -36,5 +36,4 @@ public IllegalSaslStateException(String message) {
   public IllegalSaslStateException(String message, Throwable cause) {
     super(message, cause);
   }
-
 }

hbase-common/src/main/java/org/apache/hadoop/hbase/security/auth/AuthenticateCallbackHandler.java

@@ -45,9 +45,4 @@ public interface AuthenticateCallbackHandler extends CallbackHandler {
    */
   default void configure(
     Configuration configs, String saslMechanism, Map<String, String> saslProps) {}
-
-  /**
-   * Closes this instance.
-   */
-  default void close() {}
 }

hbase-common/src/main/java/org/apache/hadoop/hbase/security/oauthbearer/OAuthBearerExtensionsValidatorCallback.java

@@ -17,7 +17,7 @@
  */
 package org.apache.hadoop.hbase.security.oauthbearer;
 
-import static org.apache.hadoop.hbase.security.oauthbearer.Utils.subtractMap;
+import static org.apache.hadoop.hbase.security.oauthbearer.OAuthBearerStringUtils.subtractMap;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;

hbase-common/src/main/java/org/apache/hadoop/hbase/security/oauthbearer/Utils.java renamed to hbase-common/src/main/java/org/apache/hadoop/hbase/security/oauthbearer/OAuthBearerStringUtils.java

@@ -23,7 +23,7 @@
 import org.apache.yetus.audience.InterfaceAudience;
 
 @InterfaceAudience.Public
-public final class Utils {
+public final class OAuthBearerStringUtils {
   /**
    *  Converts a {@code Map} class into a string, concatenating keys and values
    *  Example:
@@ -76,16 +76,7 @@ public static <K, V> Map<K, V> subtractMap(Map<? extends K, ? extends V> minuend
       .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
   }
 
-  /**
-   * Checks if a string is null, empty or whitespace only.
-   * @param str a string to be checked
-   * @return true if the string is null, empty or whitespace only; otherwise, return false.
-   */
-  public static boolean isBlank(String str) {
-    return str == null || str.trim().isEmpty();
-  }
-
-  private Utils() {
+  private OAuthBearerStringUtils() {
     // empty
   }
 }

hbase-common/src/main/java/org/apache/hadoop/hbase/security/oauthbearer/OAuthBearerTokenCallback.java

@@ -30,7 +30,7 @@
  * 2.0 Authorization Framework</a>. Callback handlers should communicate other
  * problems by raising an {@code IOException}.
  * <p>
- * This class was introduced in 2.0.0 and, while it feels stable, it could
+ * This class was introduced in 3.0.0 and, while it feels stable, it could
  * evolve. We will try to evolve the API in a compatible manner, but we reserve
  * the right to make breaking changes in minor releases, if necessary. We will
  * update the {@code InterfaceStability} annotation and this notice once the API

hbase-common/src/main/java/org/apache/hadoop/hbase/security/oauthbearer/internals/OAuthBearerClientInitialResponse.java

@@ -24,7 +24,7 @@
 import java.util.regex.Pattern;
 import javax.security.sasl.SaslException;
 import org.apache.hadoop.hbase.security.auth.SaslExtensions;
-import org.apache.hadoop.hbase.security.oauthbearer.Utils;
+import org.apache.hadoop.hbase.security.oauthbearer.OAuthBearerStringUtils;
 import org.apache.yetus.audience.InterfaceAudience;
 
 /**
@@ -64,7 +64,7 @@ public OAuthBearerClientInitialResponse(byte[] response) throws SaslException {
     String authzid = matcher.group("authzid");
     this.authorizationId = authzid == null ? "" : authzid;
     String kvPairs = matcher.group("kvpairs");
-    Map<String, String> properties = Utils.parseMap(kvPairs, "=", SEPARATOR);
+    Map<String, String> properties = OAuthBearerStringUtils.parseMap(kvPairs, "=", SEPARATOR);
     String auth = properties.get(AUTH_KEY);
     if (auth == null) {
       throw new SaslException("Invalid OAUTHBEARER client first message: 'auth' not specified");
@@ -207,6 +207,6 @@ public static void validateExtensions(SaslExtensions extensions) throws SaslExce
    * Converts the SASLExtensions to an OAuth protocol-friendly string
    */
   private String extensionsMessage() {
-    return Utils.mkString(saslExtensions.map(), "", "", "=", SEPARATOR);
+    return OAuthBearerStringUtils.mkString(saslExtensions.map(), "", "", "=", SEPARATOR);
   }
 }

hbase-common/src/main/java/org/apache/hadoop/hbase/security/oauthbearer/internals/OAuthBearerSaslServer.java

@@ -36,7 +36,7 @@
 import org.apache.hadoop.hbase.security.oauthbearer.OAuthBearerExtensionsValidatorCallback;
 import org.apache.hadoop.hbase.security.oauthbearer.OAuthBearerToken;
 import org.apache.hadoop.hbase.security.oauthbearer.OAuthBearerValidatorCallback;
-import org.apache.hadoop.hbase.security.oauthbearer.Utils;
+import org.apache.hadoop.hbase.security.oauthbearer.OAuthBearerStringUtils;
 import org.apache.yetus.audience.InterfaceAudience;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -103,7 +103,7 @@ public byte[] evaluateResponse(byte[] response)
       return process(clientResponse.tokenValue(), clientResponse.authorizationId(),
         clientResponse.extensions());
     } catch (SaslAuthenticationException e) {
-      LOG.error("SASL authentication error: {}", e.getMessage());
+      LOG.error("SASL authentication error", e);
       throw e;
     } catch (Exception e) {
       LOG.error("SASL server problem", e);
@@ -215,7 +215,7 @@ private Map<String, String> processExtensions(OAuthBearerToken token, SaslExtens
     if (!extensionsCallback.invalidExtensions().isEmpty()) {
       String errorMessage = String.format("Authentication failed: %d extensions are invalid! "
           + "They are: %s", extensionsCallback.invalidExtensions().size(),
-        Utils.mkString(extensionsCallback.invalidExtensions(), "", "", ": ", "; "));
+        OAuthBearerStringUtils.mkString(extensionsCallback.invalidExtensions(), "", "", ": ", "; "));
       LOG.debug(errorMessage);
       throw new SaslAuthenticationException(errorMessage);
     }

hbase-common/src/main/java/org/apache/hadoop/hbase/security/oauthbearer/internals/knox/OAuthBearerSignedJwt.java

@@ -37,8 +37,8 @@
 import java.util.Map;
 import java.util.Objects;
 import java.util.Set;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.hadoop.hbase.security.oauthbearer.OAuthBearerToken;
-import org.apache.hadoop.hbase.security.oauthbearer.Utils;
 import org.apache.yetus.audience.InterfaceAudience;
 
 /**
@@ -145,7 +145,7 @@ public OAuthBearerSignedJwt validate(){
       }
       lifetime = expirationTimeSeconds.toInstant().toEpochMilli();
       String principalName = claims.getSubject();
-      if (Utils.isBlank(principalName)) {
+      if (StringUtils.isBlank(principalName)) {
         throw new OAuthBearerIllegalTokenException(OAuthBearerValidationResult
           .newFailure("No principal name in JWT claim"));
       }
@@ -165,13 +165,13 @@ private JWTClaimsSet validateToken(String jwtToken)
     JWTClaimsSet.Builder jwtClaimsSetBuilder = new JWTClaimsSet.Builder();
 
     // Audience
-    if (!Utils.isBlank(requiredAudience)) {
+    if (!StringUtils.isBlank(requiredAudience)) {
       requiredClaims.add("aud");
       jwtClaimsSetBuilder.audience(requiredAudience);
     }
 
     // Issuer
-    if (!Utils.isBlank(requiredIssuer)) {
+    if (!StringUtils.isBlank(requiredIssuer)) {
       requiredClaims.add("iss");
       jwtClaimsSetBuilder.issuer(requiredIssuer);
     }

hbase-common/src/main/java/org/apache/hadoop/hbase/security/oauthbearer/internals/knox/OAuthBearerSignedJwtValidatorCallbackHandler.java

@@ -27,11 +27,11 @@
 import java.util.Objects;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.UnsupportedCallbackException;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hbase.security.auth.AuthenticateCallbackHandler;
 import org.apache.hadoop.hbase.security.oauthbearer.OAuthBearerExtensionsValidatorCallback;
 import org.apache.hadoop.hbase.security.oauthbearer.OAuthBearerValidatorCallback;
-import org.apache.hadoop.hbase.security.oauthbearer.Utils;
 import org.apache.yetus.audience.InterfaceAudience;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -91,7 +91,7 @@ public class OAuthBearerSignedJwtValidatorCallbackHandler implements Authenticat
   public void handle(Callback[] callbacks) throws UnsupportedCallbackException {
     if (!configured) {
       throw new RuntimeException(
-        "OAuthBearerSignedJwtValidatorCallbackHandler handler be configured first.");
+        "OAuthBearerSignedJwtValidatorCallbackHandler must be configured first.");
     }
 
     for (Callback callback : callbacks) {
@@ -171,7 +171,7 @@ private int allowableClockSkewSeconds() {
       ALLOWABLE_CLOCK_SKEW_SECONDS_OPTION);
     int allowableClockSkewSeconds = 0;
     try {
-      allowableClockSkewSeconds = Utils.isBlank(allowableClockSkewSecondsValue)
+      allowableClockSkewSeconds = StringUtils.isBlank(allowableClockSkewSecondsValue)
         ? 0 : Integer.parseInt(allowableClockSkewSecondsValue.trim());
     } catch (NumberFormatException e) {
       throw new OAuthBearerConfigException(e.getMessage(), e);
@@ -188,12 +188,12 @@ private void loadJwkSet() throws IOException, ParseException {
     String jwksFile = hBaseConfiguration.get(JWKS_FILE);
     String jwksUrl = hBaseConfiguration.get(JWKS_URL);
 
-    if (Utils.isBlank(jwksFile) && Utils.isBlank(jwksUrl)) {
+    if (StringUtils.isBlank(jwksFile) && StringUtils.isBlank(jwksUrl)) {
       throw new RuntimeException("Failed to initialize JWKS db. "
         + JWKS_FILE + " or " + JWKS_URL + " must be specified in the config.");
     }
 
-    if (!Utils.isBlank(jwksFile)) {
+    if (!StringUtils.isBlank(jwksFile)) {
       this.jwkSet = JWKSet.load(new File(jwksFile));
       LOG.debug("JWKS db initialized from file: {}", jwksFile);
       return;