SecretManager (Apache Hadoop Main 2.8.3 API)

java.lang.Object
- org.apache.hadoop.security.token.SecretManager<T>

Type Parameters:
T - The type of the token identifier

Direct Known Subclasses:

AbstractDelegationTokenSecretManager, BaseClientToAMTokenSecretManager
```
@InterfaceAudience.Public
@InterfaceStability.Evolving
public abstract class SecretManager<T extends TokenIdentifier>
extends Object
```
The server-side secret manager for each token type.

Constructor Summary

Constructors
Constructor and Description

SecretManager()

Constructors
Constructor and Description
`SecretManager()`

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`checkAvailableForRead()` No-op if the secret manager is available for reading tokens, throw a StandbyException otherwise.
`abstract T`	`createIdentifier()` Create an empty token identifier.
`protected static byte[]`	`createPassword(byte[] identifier, SecretKey key)` Compute HMAC of the identifier using the secret key and return the output as password
`protected abstract byte[]`	`createPassword(T identifier)` Create the password for the given identifier.
`protected static SecretKey`	`createSecretKey(byte[] key)` Convert the byte[] to a secret key
`protected SecretKey`	`generateSecret()` Generate a new random secret key.
`byte[]`	`retriableRetrievePassword(T identifier)` The same functionality with `retrievePassword(T)`, except that this method can throw a `RetriableException` or a `StandbyException` to indicate that client can retry/failover the same operation because of temporary issue on the server side.
`abstract byte[]`	`retrievePassword(T identifier)` Retrieve the password for the given token identifier.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SecretManager
```
public SecretManager()
```
- Method Detail
  - createPassword
```
protected abstract byte[] createPassword(T identifier)
```
    Create the password for the given identifier. identifier may be modified inside this method.
    
    Parameters:
    identifier - the identifier to use
    
    Returns:
    the new password
  - retrievePassword
```
public abstract byte[] retrievePassword(T identifier)
                                 throws org.apache.hadoop.security.token.SecretManager.InvalidToken
```
    Retrieve the password for the given token identifier. Should check the date or registry to make sure the token hasn't expired or been revoked. Returns the relevant password.
    
    Parameters:
    identifier - the identifier to validate
    
    Returns:
    the password to use
    
    Throws:
    
    org.apache.hadoop.security.token.SecretManager.InvalidToken - the token was invalid
  - retriableRetrievePassword
```
public byte[] retriableRetrievePassword(T identifier)
                                 throws org.apache.hadoop.security.token.SecretManager.InvalidToken,
                                        org.apache.hadoop.ipc.StandbyException,
                                        org.apache.hadoop.ipc.RetriableException,
                                        IOException
```
    The same functionality with retrievePassword(T), except that this method can throw a RetriableException or a StandbyException to indicate that client can retry/failover the same operation because of temporary issue on the server side.
    
    Parameters:
    identifier - the identifier to validate
    
    Returns:
    the password to use
    
    Throws:
    
    org.apache.hadoop.security.token.SecretManager.InvalidToken - the token was invalid
    
    org.apache.hadoop.ipc.StandbyException - the server is in standby state, the client can try other servers
    
    org.apache.hadoop.ipc.RetriableException - the token was invalid, and the server thinks this may be a temporary issue and suggests the client to retry
    
    IOException - to allow future exceptions to be added without breaking compatibility
  - createIdentifier
```
public abstract T createIdentifier()
```
    Create an empty token identifier.
    
    Returns:
    the newly created empty token identifier
  - checkAvailableForRead
```
public void checkAvailableForRead()
                           throws org.apache.hadoop.ipc.StandbyException
```
    No-op if the secret manager is available for reading tokens, throw a StandbyException otherwise.
    
    Throws:
    
    org.apache.hadoop.ipc.StandbyException - if the secret manager is not available to read tokens
  - generateSecret
```
protected SecretKey generateSecret()
```
    Generate a new random secret key.
    
    Returns:
    the new key
  - createPassword
```
protected static byte[] createPassword(byte[] identifier,
                    SecretKey key)
```
    Compute HMAC of the identifier using the secret key and return the output as password
    
    Parameters:
    identifier - the bytes of the identifier
    key - the secret key
    
    Returns:
    the bytes of the generated password
  - createSecretKey
```
protected static SecretKey createSecretKey(byte[] key)
```
    Convert the byte[] to a secret key
    
    Parameters:
    key - the byte[] to create a secret key from
    
    Returns:
    the secret key

Class SecretManager<T extends TokenIdentifier>

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

SecretManager

Method Detail

createPassword

retrievePassword

retriableRetrievePassword

createIdentifier

checkAvailableForRead

generateSecret

createPassword

createSecretKey