001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements. See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership. The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License. You may obtain a copy of the License at
009 *
010 * http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018
019 package org.apache.hadoop.security.alias;
020
021 import java.io.IOException;
022 import java.util.List;
023
024 import org.apache.hadoop.classification.InterfaceAudience;
025 import org.apache.hadoop.classification.InterfaceStability;
026
027 /**
028 * A provider of credentials or password for Hadoop applications. Provides an
029 * abstraction to separate credential storage from users of them. It
030 * is intended to support getting or storing passwords in a variety of ways,
031 * including third party bindings.
032 */
033 @InterfaceAudience.Public
034 @InterfaceStability.Unstable
035 public abstract class CredentialProvider {
036 public static final String CLEAR_TEXT_FALLBACK
037 = "hadoop.security.credential.clear-text-fallback";
038
039 /**
040 * The combination of both the alias and the actual credential value.
041 */
042 public static class CredentialEntry {
043 private final String alias;
044 private final char[] credential;
045
046 protected CredentialEntry(String alias,
047 char[] credential) {
048 this.alias = alias;
049 this.credential = credential;
050 }
051
052 public String getAlias() {
053 return alias;
054 }
055
056 public char[] getCredential() {
057 return credential;
058 }
059
060 public String toString() {
061 StringBuilder buf = new StringBuilder();
062 buf.append("alias(");
063 buf.append(alias);
064 buf.append(")=");
065 if (credential == null) {
066 buf.append("null");
067 } else {
068 for(char c: credential) {
069 buf.append(c);
070 }
071 }
072 return buf.toString();
073 }
074 }
075
076 /**
077 * Indicates whether this provider represents a store
078 * that is intended for transient use - such as the UserProvider
079 * is. These providers are generally used to provide job access to
080 * passwords rather than for long term storage.
081 * @return true if transient, false otherwise
082 */
083 public boolean isTransient() {
084 return false;
085 }
086
087 /**
088 * Ensures that any changes to the credentials are written to persistent store.
089 * @throws IOException
090 */
091 public abstract void flush() throws IOException;
092
093 /**
094 * Get the credential entry for a specific alias.
095 * @param alias the name of a specific credential
096 * @return the credentialEntry
097 * @throws IOException
098 */
099 public abstract CredentialEntry getCredentialEntry(String alias)
100 throws IOException;
101
102 /**
103 * Get the aliases for all credentials.
104 * @return the list of alias names
105 * @throws IOException
106 */
107 public abstract List<String> getAliases() throws IOException;
108
109 /**
110 * Create a new credential. The given alias must not already exist.
111 * @param name the alias of the credential
112 * @param credential the credential value for the alias.
113 * @throws IOException
114 */
115 public abstract CredentialEntry createCredentialEntry(String name,
116 char[] credential) throws IOException;
117
118 /**
119 * Delete the given credential.
120 * @param name the alias of the credential to delete
121 * @throws IOException
122 */
123 public abstract void deleteCredentialEntry(String name) throws IOException;
124 }