001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018
019package org.apache.hadoop.security.alias;
020
021import java.io.IOException;
022import java.net.URI;
023import java.net.URISyntaxException;
024import java.util.ArrayList;
025import java.util.Iterator;
026import java.util.List;
027import java.util.ServiceLoader;
028
029import org.apache.hadoop.classification.InterfaceAudience;
030import org.apache.hadoop.classification.InterfaceStability;
031import org.apache.hadoop.conf.Configuration;
032
033/**
034 * A factory to create a list of CredentialProvider based on the path given in a
035 * Configuration. It uses a service loader interface to find the available
036 * CredentialProviders and create them based on the list of URIs.
037 */
038@InterfaceAudience.Public
039@InterfaceStability.Unstable
040public abstract class CredentialProviderFactory {
041  public static final String CREDENTIAL_PROVIDER_PATH =
042      "hadoop.security.credential.provider.path";
043
044  public abstract CredentialProvider createProvider(URI providerName,
045                                             Configuration conf
046                                             ) throws IOException;
047
048  private static final ServiceLoader<CredentialProviderFactory> serviceLoader =
049      ServiceLoader.load(CredentialProviderFactory.class);
050
051  // Iterate through the serviceLoader to avoid lazy loading.
052  // Lazy loading would require synchronization in concurrent use cases.
053  static {
054    Iterator<CredentialProviderFactory> iterServices = serviceLoader.iterator();
055    while (iterServices.hasNext()) {
056      iterServices.next();
057    }
058  }
059
060  public static List<CredentialProvider> getProviders(Configuration conf
061                                               ) throws IOException {
062    List<CredentialProvider> result = new ArrayList<CredentialProvider>();
063    for(String path: conf.getStringCollection(CREDENTIAL_PROVIDER_PATH)) {
064      try {
065        URI uri = new URI(path);
066        boolean found = false;
067        // Iterate serviceLoader in a synchronized block since
068        // serviceLoader iterator is not thread-safe.
069        synchronized (serviceLoader) {
070          for (CredentialProviderFactory factory : serviceLoader) {
071            CredentialProvider kp = factory.createProvider(uri, conf);
072            if (kp != null) {
073              result.add(kp);
074              found = true;
075              break;
076            }
077          }
078        }
079        if (!found) {
080          throw new IOException("No CredentialProviderFactory for " + uri + " in " +
081              CREDENTIAL_PROVIDER_PATH);
082        }
083      } catch (URISyntaxException error) {
084        throw new IOException("Bad configuration of " + CREDENTIAL_PROVIDER_PATH +
085            " at " + path, error);
086      }
087    }
088    return result;
089  }
090}