001/** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 019package org.apache.hadoop.security.alias; 020 021import java.io.IOException; 022import java.util.List; 023 024import org.apache.hadoop.classification.InterfaceAudience; 025import org.apache.hadoop.classification.InterfaceStability; 026 027/** 028 * A provider of credentials or password for Hadoop applications. Provides an 029 * abstraction to separate credential storage from users of them. It 030 * is intended to support getting or storing passwords in a variety of ways, 031 * including third party bindings. 032 * 033 * <code>CredentialProvider</code> implementations must be thread safe. 034 */ 035@InterfaceAudience.Public 036@InterfaceStability.Unstable 037public abstract class CredentialProvider { 038 public static final String CLEAR_TEXT_FALLBACK 039 = "hadoop.security.credential.clear-text-fallback"; 040 041 /** 042 * The combination of both the alias and the actual credential value. 043 */ 044 public static class CredentialEntry { 045 private final String alias; 046 private final char[] credential; 047 048 protected CredentialEntry(String alias, 049 char[] credential) { 050 this.alias = alias; 051 this.credential = credential; 052 } 053 054 public String getAlias() { 055 return alias; 056 } 057 058 public char[] getCredential() { 059 return credential; 060 } 061 062 public String toString() { 063 StringBuilder buf = new StringBuilder(); 064 buf.append("alias("); 065 buf.append(alias); 066 buf.append(")="); 067 if (credential == null) { 068 buf.append("null"); 069 } else { 070 for(char c: credential) { 071 buf.append(c); 072 } 073 } 074 return buf.toString(); 075 } 076 } 077 078 /** 079 * Indicates whether this provider represents a store 080 * that is intended for transient use - such as the UserProvider 081 * is. These providers are generally used to provide job access to 082 * passwords rather than for long term storage. 083 * @return true if transient, false otherwise 084 */ 085 public boolean isTransient() { 086 return false; 087 } 088 089 /** 090 * Ensures that any changes to the credentials are written to persistent store. 091 * @throws IOException 092 */ 093 public abstract void flush() throws IOException; 094 095 /** 096 * Get the credential entry for a specific alias. 097 * @param alias the name of a specific credential 098 * @return the credentialEntry 099 * @throws IOException 100 */ 101 public abstract CredentialEntry getCredentialEntry(String alias) 102 throws IOException; 103 104 /** 105 * Get the aliases for all credentials. 106 * @return the list of alias names 107 * @throws IOException 108 */ 109 public abstract List<String> getAliases() throws IOException; 110 111 /** 112 * Create a new credential. The given alias must not already exist. 113 * @param name the alias of the credential 114 * @param credential the credential value for the alias. 115 * @throws IOException 116 */ 117 public abstract CredentialEntry createCredentialEntry(String name, 118 char[] credential) throws IOException; 119 120 /** 121 * Delete the given credential. 122 * @param name the alias of the credential to delete 123 * @throws IOException 124 */ 125 public abstract void deleteCredentialEntry(String name) throws IOException; 126}