001    /**
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing, software
013     * distributed under the License is distributed on an "AS IS" BASIS,
014     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015     * See the License for the specific language governing permissions and
016     * limitations under the License.
017     */
018    
019    package org.apache.hadoop.security.alias;
020    
021    import java.io.IOException;
022    import java.util.List;
023    
024    import org.apache.hadoop.classification.InterfaceAudience;
025    import org.apache.hadoop.classification.InterfaceStability;
026    
027    /**
028     * A provider of credentials or password for Hadoop applications. Provides an
029     * abstraction to separate credential storage from users of them. It
030     * is intended to support getting or storing passwords in a variety of ways,
031     * including third party bindings.
032     */
033    @InterfaceAudience.Public
034    @InterfaceStability.Unstable
035    public abstract class CredentialProvider {
036      public static final String CLEAR_TEXT_FALLBACK 
037        = "hadoop.security.credential.clear-text-fallback";
038    
039      /**
040       * The combination of both the alias and the actual credential value.
041       */
042      public static class CredentialEntry {
043        private final String alias;
044        private final char[] credential;
045    
046        protected CredentialEntry(String alias,
047                             char[] credential) {
048          this.alias = alias;
049          this.credential = credential;
050        }
051    
052        public String getAlias() {
053          return alias;
054        }
055    
056        public char[] getCredential() {
057          return credential;
058        }
059    
060        public String toString() {
061          StringBuilder buf = new StringBuilder();
062          buf.append("alias(");
063          buf.append(alias);
064          buf.append(")=");
065          if (credential == null) {
066            buf.append("null");
067          } else {
068            for(char c: credential) {
069              buf.append(c);
070            }
071          }
072          return buf.toString();
073        }
074      }
075    
076      /**
077       * Indicates whether this provider represents a store
078       * that is intended for transient use - such as the UserProvider
079       * is. These providers are generally used to provide job access to
080       * passwords rather than for long term storage.
081       * @return true if transient, false otherwise
082       */
083      public boolean isTransient() {
084        return false;
085      }
086    
087      /**
088       * Ensures that any changes to the credentials are written to persistent store.
089       * @throws IOException
090       */
091      public abstract void flush() throws IOException;
092    
093      /**
094       * Get the credential entry for a specific alias.
095       * @param alias the name of a specific credential
096       * @return the credentialEntry
097       * @throws IOException
098       */
099      public abstract CredentialEntry getCredentialEntry(String alias) 
100          throws IOException;
101    
102      /**
103       * Get the aliases for all credentials.
104       * @return the list of alias names
105       * @throws IOException
106       */
107      public abstract List<String> getAliases() throws IOException;
108    
109      /**
110       * Create a new credential. The given alias must not already exist.
111       * @param name the alias of the credential
112       * @param credential the credential value for the alias.
113       * @throws IOException
114       */
115      public abstract CredentialEntry createCredentialEntry(String name, 
116          char[] credential) throws IOException;
117    
118      /**
119       * Delete the given credential.
120       * @param name the alias of the credential to delete
121       * @throws IOException
122       */
123      public abstract void deleteCredentialEntry(String name) throws IOException;
124    }