org.apache.hadoop.security.token
Class SecretManager<T extends TokenIdentifier>

java.lang.Object
  extended by org.apache.hadoop.security.token.SecretManager<T>
Type Parameters:
T - The type of the token identifier
Direct Known Subclasses:
AbstractDelegationTokenSecretManager, JobTokenSecretManager

public abstract class SecretManager<T extends TokenIdentifier>
extends Object

The server-side secret manager for each token type.


Nested Class Summary
static class SecretManager.InvalidToken
          The token was invalid and the message explains why.
 
Constructor Summary
SecretManager()
           
 
Method Summary
abstract  T createIdentifier()
          Create an empty token identifier.
protected static byte[] createPassword(byte[] identifier, SecretKey key)
          Compute HMAC of the identifier using the secret key and return the output as password
protected abstract  byte[] createPassword(T identifier)
          Create the password for the given identifier.
protected static SecretKey createSecretKey(byte[] key)
          Convert the byte[] to a secret key
protected  SecretKey generateSecret()
          Generate a new random secret key.
abstract  byte[] retrievePassword(T identifier)
          Retrieve the password for the given token identifier.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SecretManager

public SecretManager()
Method Detail

createPassword

protected abstract byte[] createPassword(T identifier)
Create the password for the given identifier. identifier may be modified inside this method.

Parameters:
identifier - the identifier to use
Returns:
the new password

retrievePassword

public abstract byte[] retrievePassword(T identifier)
                                 throws SecretManager.InvalidToken
Retrieve the password for the given token identifier. Should check the date or registry to make sure the token hasn't expired or been revoked. Returns the relevant password.

Parameters:
identifier - the identifier to validate
Returns:
the password to use
Throws:
SecretManager.InvalidToken - the token was invalid

createIdentifier

public abstract T createIdentifier()
Create an empty token identifier.

Returns:
the newly created empty token identifier

generateSecret

protected SecretKey generateSecret()
Generate a new random secret key.

Returns:
the new key

createPassword

protected static byte[] createPassword(byte[] identifier,
                                       SecretKey key)
Compute HMAC of the identifier using the secret key and return the output as password

Parameters:
identifier - the bytes of the identifier
key - the secret key
Returns:
the bytes of the generated password

createSecretKey

protected static SecretKey createSecretKey(byte[] key)
Convert the byte[] to a secret key

Parameters:
key - the byte[] to create a secret key from
Returns:
the secret key


Copyright © 2009 The Apache Software Foundation