ソース・コード

001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018
019package org.apache.hadoop.security.alias;
020
021import java.io.IOException;
022import java.util.List;
023
024import org.apache.hadoop.classification.InterfaceAudience;
025import org.apache.hadoop.classification.InterfaceStability;
026import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
027
028/**
029 * A provider of credentials or password for Hadoop applications. Provides an
030 * abstraction to separate credential storage from users of them. It
031 * is intended to support getting or storing passwords in a variety of ways,
032 * including third party bindings.
033 * 
034 * <code>CredentialProvider</code> implementations must be thread safe.
035 */
036@InterfaceAudience.Public
037@InterfaceStability.Unstable
038public abstract class CredentialProvider {
039  public static final String CLEAR_TEXT_FALLBACK =
040      CommonConfigurationKeysPublic.
041          HADOOP_SECURITY_CREDENTIAL_CLEAR_TEXT_FALLBACK;
042
043  /**
044   * The combination of both the alias and the actual credential value.
045   */
046  public static class CredentialEntry {
047    private final String alias;
048    private final char[] credential;
049
050    protected CredentialEntry(String alias,
051                         char[] credential) {
052      this.alias = alias;
053      this.credential = credential;
054    }
055
056    public String getAlias() {
057      return alias;
058    }
059
060    public char[] getCredential() {
061      return credential;
062    }
063
064    public String toString() {
065      StringBuilder buf = new StringBuilder();
066      buf.append("alias(");
067      buf.append(alias);
068      buf.append(")=");
069      if (credential == null) {
070        buf.append("null");
071      } else {
072        for(char c: credential) {
073          buf.append(c);
074        }
075      }
076      return buf.toString();
077    }
078  }
079
080  /**
081   * Indicates whether this provider represents a store
082   * that is intended for transient use - such as the UserProvider
083   * is. These providers are generally used to provide job access to
084   * passwords rather than for long term storage.
085   * @return true if transient, false otherwise
086   */
087  public boolean isTransient() {
088    return false;
089  }
090
091  /**
092   * Ensures that any changes to the credentials are written to persistent
093   * store.
094   * @throws IOException
095   */
096  public abstract void flush() throws IOException;
097
098  /**
099   * Get the credential entry for a specific alias.
100   * @param alias the name of a specific credential
101   * @return the credentialEntry
102   * @throws IOException
103   */
104  public abstract CredentialEntry getCredentialEntry(String alias) 
105      throws IOException;
106
107  /**
108   * Get the aliases for all credentials.
109   * @return the list of alias names
110   * @throws IOException
111   */
112  public abstract List<String> getAliases() throws IOException;
113
114  /**
115   * Create a new credential. The given alias must not already exist.
116   * @param name the alias of the credential
117   * @param credential the credential value for the alias.
118   * @throws IOException
119   */
120  public abstract CredentialEntry createCredentialEntry(String name, 
121      char[] credential) throws IOException;
122
123  /**
124   * Delete the given credential.
125   * @param name the alias of the credential to delete
126   * @throws IOException
127   */
128  public abstract void deleteCredentialEntry(String name) throws IOException;
129
130  /**
131   * Does this provider require a password? This means that a password is
132   * required for normal operation, and it has not been found through normal
133   * means. If true, the password should be provided by the caller using
134   * setPassword().
135   * @return Whether or not the provider requires a password
136   * @throws IOException
137   */
138  public boolean needsPassword() throws IOException {
139    return false;
140  }
141
142  /**
143   * If a password for the provider is needed, but is not provided, this will
144   * return a warning and instructions for supplying said password to the
145   * provider.
146   * @return A warning and instructions for supplying the password
147   */
148  public String noPasswordWarning() {
149    return null;
150  }
151
152  /**
153   * If a password for the provider is needed, but is not provided, this will
154   * return an error message and instructions for supplying said password to
155   * the provider.
156   * @return An error message and instructions for supplying the password
157   */
158  public String noPasswordError() {
159    return null;
160  }
161}