001/** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 019package org.apache.hadoop.security.alias; 020 021import java.io.IOException; 022import java.util.List; 023 024import org.apache.hadoop.classification.InterfaceAudience; 025import org.apache.hadoop.classification.InterfaceStability; 026 027/** 028 * A provider of credentials or password for Hadoop applications. Provides an 029 * abstraction to separate credential storage from users of them. It 030 * is intended to support getting or storing passwords in a variety of ways, 031 * including third party bindings. 032 */ 033@InterfaceAudience.Public 034@InterfaceStability.Unstable 035public abstract class CredentialProvider { 036 public static final String CLEAR_TEXT_FALLBACK 037 = "hadoop.security.credential.clear-text-fallback"; 038 039 /** 040 * The combination of both the alias and the actual credential value. 041 */ 042 public static class CredentialEntry { 043 private final String alias; 044 private final char[] credential; 045 046 protected CredentialEntry(String alias, 047 char[] credential) { 048 this.alias = alias; 049 this.credential = credential; 050 } 051 052 public String getAlias() { 053 return alias; 054 } 055 056 public char[] getCredential() { 057 return credential; 058 } 059 060 public String toString() { 061 StringBuilder buf = new StringBuilder(); 062 buf.append("alias("); 063 buf.append(alias); 064 buf.append(")="); 065 if (credential == null) { 066 buf.append("null"); 067 } else { 068 for(char c: credential) { 069 buf.append(c); 070 } 071 } 072 return buf.toString(); 073 } 074 } 075 076 /** 077 * Indicates whether this provider represents a store 078 * that is intended for transient use - such as the UserProvider 079 * is. These providers are generally used to provide job access to 080 * passwords rather than for long term storage. 081 * @return true if transient, false otherwise 082 */ 083 public boolean isTransient() { 084 return false; 085 } 086 087 /** 088 * Ensures that any changes to the credentials are written to persistent store. 089 * @throws IOException 090 */ 091 public abstract void flush() throws IOException; 092 093 /** 094 * Get the credential entry for a specific alias. 095 * @param alias the name of a specific credential 096 * @return the credentialEntry 097 * @throws IOException 098 */ 099 public abstract CredentialEntry getCredentialEntry(String alias) 100 throws IOException; 101 102 /** 103 * Get the aliases for all credentials. 104 * @return the list of alias names 105 * @throws IOException 106 */ 107 public abstract List<String> getAliases() throws IOException; 108 109 /** 110 * Create a new credential. The given alias must not already exist. 111 * @param name the alias of the credential 112 * @param credential the credential value for the alias. 113 * @throws IOException 114 */ 115 public abstract CredentialEntry createCredentialEntry(String name, 116 char[] credential) throws IOException; 117 118 /** 119 * Delete the given credential. 120 * @param name the alias of the credential to delete 121 * @throws IOException 122 */ 123 public abstract void deleteCredentialEntry(String name) throws IOException; 124}