Source code

001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.crypto.key;
019
020import org.apache.hadoop.security.Credentials;
021import org.apache.hadoop.security.token.Token;
022
023import java.io.IOException;
024
025/**
026 * A KeyProvider extension with the ability to add a renewer's Delegation
027 * Tokens to the provided Credentials.
028 */
029public class KeyProviderDelegationTokenExtension extends
030    KeyProviderExtension
031    <KeyProviderDelegationTokenExtension.DelegationTokenExtension> {
032
033  private static DelegationTokenExtension DEFAULT_EXTENSION =
034      new DefaultDelegationTokenExtension();
035
036  /**
037   * DelegationTokenExtension is a type of Extension that exposes methods
038   * needed to work with Delegation Tokens.
039   */
040  public interface DelegationTokenExtension extends
041    KeyProviderExtension.Extension {
042
043    /**
044     * The implementer of this class will take a renewer and add all
045     * delegation tokens associated with the renewer to the
046     * <code>Credentials</code> object if it is not already present,
047     * @param renewer the user allowed to renew the delegation tokens
048     * @param credentials cache in which to add new delegation tokens
049     * @return list of new delegation tokens
050     * @throws IOException thrown if IOException if an IO error occurs.
051     */
052    Token<?>[] addDelegationTokens(final String renewer,
053        Credentials credentials) throws IOException;
054
055    /**
056     * Renews the given token.
057     * @param token The token to be renewed.
058     * @return The token's lifetime after renewal, or 0 if it can't be renewed.
059     * @throws IOException
060     */
061    long renewDelegationToken(final Token<?> token) throws IOException;
062
063    /**
064     * Cancels the given token.
065     * @param token The token to be cancelled.
066     * @throws IOException
067     */
068    Void cancelDelegationToken(final Token<?> token) throws IOException;
069  }
070
071  /**
072   * Default implementation of {@link DelegationTokenExtension} that
073   * implements the method as a no-op.
074   */
075  private static class DefaultDelegationTokenExtension implements
076    DelegationTokenExtension {
077
078    @Override
079    public Token<?>[] addDelegationTokens(String renewer,
080        Credentials credentials) {
081      return null;
082    }
083
084    @Override
085    public long renewDelegationToken(final Token<?> token) throws IOException {
086      return 0;
087    }
088
089    @Override
090    public Void cancelDelegationToken(final Token<?> token) throws IOException {
091      return null;
092    }
093  }
094
095  private KeyProviderDelegationTokenExtension(KeyProvider keyProvider,
096      DelegationTokenExtension extensions) {
097    super(keyProvider, extensions);
098  }
099
100  /**
101   * Passes the renewer and Credentials object to the underlying
102   * {@link DelegationTokenExtension}
103   * @param renewer the user allowed to renew the delegation tokens
104   * @param credentials cache in which to add new delegation tokens
105   * @return list of new delegation tokens
106   * @throws IOException thrown if IOException if an IO error occurs.
107   */
108  public Token<?>[] addDelegationTokens(final String renewer,
109      Credentials credentials) throws IOException {
110    return getExtension().addDelegationTokens(renewer, credentials);
111  }
112
113  /**
114   * Creates a <code>KeyProviderDelegationTokenExtension</code> using a given
115   * {@link KeyProvider}.
116   * <p/>
117   * If the given <code>KeyProvider</code> implements the
118   * {@link DelegationTokenExtension} interface the <code>KeyProvider</code>
119   * itself will provide the extension functionality, otherwise a default
120   * extension implementation will be used.
121   *
122   * @param keyProvider <code>KeyProvider</code> to use to create the
123   * <code>KeyProviderDelegationTokenExtension</code> extension.
124   * @return a <code>KeyProviderDelegationTokenExtension</code> instance
125   * using the given <code>KeyProvider</code>.
126   */
127  public static KeyProviderDelegationTokenExtension
128      createKeyProviderDelegationTokenExtension(KeyProvider keyProvider) {
129
130    DelegationTokenExtension delTokExtension =
131        (keyProvider instanceof DelegationTokenExtension) ?
132            (DelegationTokenExtension) keyProvider :
133            DEFAULT_EXTENSION;
134    return new KeyProviderDelegationTokenExtension(
135        keyProvider, delTokExtension);
136
137  }
138
139}