SecretManager (Apache Hadoop Common 2.10.0 API)

java.lang.Object
- org.apache.hadoop.security.token.SecretManager<T>

Type Parameters:
T - The type of the token identifier

Direct Known Subclasses:

AbstractDelegationTokenSecretManager
```
@InterfaceAudience.Public
@InterfaceStability.Evolving
public abstract class SecretManager<T extends TokenIdentifier>
extends Object
```
The server-side secret manager for each token type.

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static class SecretManager.InvalidToken
The token was invalid and the message explains why.

Nested Classes
Modifier and Type	Class and Description
`static class`	`SecretManager.InvalidToken` The token was invalid and the message explains why.

Constructor Summary

Constructors
Constructor and Description

SecretManager()

Constructors
Constructor and Description
`SecretManager()`

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`checkAvailableForRead()` No-op if the secret manager is available for reading tokens, throw a StandbyException otherwise.
`abstract T`	`createIdentifier()` Create an empty token identifier.
`static byte[]`	`createPassword(byte[] identifier, SecretKey key)` Compute HMAC of the identifier using the secret key and return the output as password
`protected abstract byte[]`	`createPassword(T identifier)` Create the password for the given identifier.
`protected static SecretKey`	`createSecretKey(byte[] key)` Convert the byte[] to a secret key
`protected SecretKey`	`generateSecret()` Generate a new random secret key.
`byte[]`	`retriableRetrievePassword(T identifier)` The same functionality with `retrievePassword(T)`, except that this method can throw a `RetriableException` or a `StandbyException` to indicate that client can retry/failover the same operation because of temporary issue on the server side.
`abstract byte[]`	`retrievePassword(T identifier)` Retrieve the password for the given token identifier.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SecretManager
```
public SecretManager()
```
- Method Detail
  - createPassword
```
protected abstract byte[] createPassword(T identifier)
```
    Create the password for the given identifier. identifier may be modified inside this method.
    
    Parameters:
    identifier - the identifier to use
    
    Returns:
    the new password
  - retrievePassword
```
public abstract byte[] retrievePassword(T identifier)
                                 throws SecretManager.InvalidToken
```
    Retrieve the password for the given token identifier. Should check the date or registry to make sure the token hasn't expired or been revoked. Returns the relevant password.
    
    Parameters:
    identifier - the identifier to validate
    
    Returns:
    the password to use
    
    Throws:
    
    SecretManager.InvalidToken - the token was invalid
  - retriableRetrievePassword
```
public byte[] retriableRetrievePassword(T identifier)
                                 throws SecretManager.InvalidToken,
                                        StandbyException,
                                        RetriableException,
                                        IOException
```
    The same functionality with retrievePassword(T), except that this method can throw a RetriableException or a StandbyException to indicate that client can retry/failover the same operation because of temporary issue on the server side.
    
    Parameters:
    identifier - the identifier to validate
    
    Returns:
    the password to use
    
    Throws:
    
    SecretManager.InvalidToken - the token was invalid
    
    StandbyException - the server is in standby state, the client can try other servers
    
    RetriableException - the token was invalid, and the server thinks this may be a temporary issue and suggests the client to retry
    
    IOException - to allow future exceptions to be added without breaking compatibility
  - createIdentifier
```
public abstract T createIdentifier()
```
    Create an empty token identifier.
    
    Returns:
    the newly created empty token identifier
  - checkAvailableForRead
```
public void checkAvailableForRead()
                           throws StandbyException
```
    No-op if the secret manager is available for reading tokens, throw a StandbyException otherwise.
    
    Throws:
    
    StandbyException - if the secret manager is not available to read tokens
  - generateSecret
```
protected SecretKey generateSecret()
```
    Generate a new random secret key.
    
    Returns:
    the new key
  - createPassword
```
public static byte[] createPassword(byte[] identifier,
                    SecretKey key)
```
    Compute HMAC of the identifier using the secret key and return the output as password
    
    Parameters:
    identifier - the bytes of the identifier
    key - the secret key
    
    Returns:
    the bytes of the generated password
  - createSecretKey
```
protected static SecretKey createSecretKey(byte[] key)
```
    Convert the byte[] to a secret key
    
    Parameters:
    key - the byte[] to create a secret key from
    
    Returns:
    the secret key

Class SecretManager<T extends TokenIdentifier>

Nested Class Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

SecretManager

Method Detail

createPassword

retrievePassword

retriableRetrievePassword

createIdentifier

checkAvailableForRead

generateSecret

createPassword

createSecretKey