common/src/main/java/org/apache/falcon/security/CredentialProviderHelper.java - falcon - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.falcon.security;

 import org.apache.falcon.FalconException;
 import org.apache.hadoop.conf.Configuration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.util.List;

 /**
  * Helper class for Hadoop credential provider functionality. Reflection to used to avoid
  * directly referencing the classes and methods so that version dependency is not introduced
  * as the Hadoop credential provider is only introduced in 2.6.0 and later.
  */

 public final class CredentialProviderHelper {

     private static final Logger LOG = LoggerFactory.getLogger(CredentialProviderHelper.class);

     private static Class<?> clsCredProvider;
     private static Class<?> clsCredProviderFactory;
     private static Method methGetPassword;
     private static Method methCreateCredEntry;
     private static Method methFlush;
     private static Method methGetProviders;

     public static final String CREDENTIAL_PROVIDER_PATH = "hadoop.security.credential.provider.path";

     static {
         try {
             LOG.debug("Reflecting credential provider classes and methods");
             clsCredProvider = Class.forName("org.apache.hadoop.security.alias.CredentialProvider");
             clsCredProviderFactory = Class.forName("org.apache.hadoop.security.alias.CredentialProviderFactory");
             methCreateCredEntry = clsCredProvider.getMethod("createCredentialEntry", String.class, char[].class);
             methFlush = clsCredProvider.getMethod("flush");
             methGetPassword = Configuration.class.getMethod("getPassword", String.class);
             methGetProviders = clsCredProviderFactory.getMethod("getProviders", new Class[] { Configuration.class });
             LOG.debug("Found CredentialProviderFactory#getProviders");
         } catch (ClassNotFoundException | NoSuchMethodException cnfe) {
             LOG.debug("Ignoring exception", cnfe);
         }
     }

     private CredentialProviderHelper() {

     }

     public static boolean isProviderAvailable() {
         return !(clsCredProvider == null
                 || clsCredProviderFactory == null
                 || methCreateCredEntry == null
                 || methGetPassword == null
                 || methFlush == null);
     }

     public static String resolveAlias(Configuration conf, String alias) throws FalconException {
         try {
             char[] cred = (char[]) methGetPassword.invoke(conf, alias);
             if (cred == null) {
                 throw new FalconException("The provided alias cannot be resolved");
             }
             return new String(cred);
         } catch (InvocationTargetException ite) {
             throw new FalconException("Error resolving password "
                     + " from the credential providers ", ite.getTargetException());
         } catch (IllegalAccessException iae) {
             throw new FalconException("Error invoking the credential provider method", iae);
         }
     }

     public static void createCredentialEntry(Configuration conf, String alias, String credential)
         throws FalconException {
         if (!isProviderAvailable()) {
             throw new FalconException("CredentialProvider facility not available in the hadoop environment");
         }

         try {
             List<?> result = (List<?>) methGetProviders.invoke(null, new Object[] { conf });
             Object provider = result.get(0);
             LOG.debug("Using credential provider " + provider);

             methCreateCredEntry.invoke(provider, new Object[] { alias, credential.toCharArray() });
             methFlush.invoke(provider, new Object[] {});
         } catch (InvocationTargetException ite) {
             throw new FalconException(
                     "Error creating credential entry using the credential provider", ite.getTargetException());
         } catch (IllegalAccessException iae) {
             throw new FalconException("Error accessing the credential create method", iae);
         }
     }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.falcon.security;

	import org.apache.falcon.FalconException;
	import org.apache.hadoop.conf.Configuration;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	import java.lang.reflect.InvocationTargetException;
	import java.lang.reflect.Method;
	import java.util.List;

	/**
	* Helper class for Hadoop credential provider functionality. Reflection to used to avoid
	* directly referencing the classes and methods so that version dependency is not introduced
	* as the Hadoop credential provider is only introduced in 2.6.0 and later.
	*/

	public final class CredentialProviderHelper {

	private static final Logger LOG = LoggerFactory.getLogger(CredentialProviderHelper.class);

	private static Class<?> clsCredProvider;
	private static Class<?> clsCredProviderFactory;
	private static Method methGetPassword;
	private static Method methCreateCredEntry;
	private static Method methFlush;
	private static Method methGetProviders;

	public static final String CREDENTIAL_PROVIDER_PATH = "hadoop.security.credential.provider.path";

	static {
	try {
	LOG.debug("Reflecting credential provider classes and methods");
	clsCredProvider = Class.forName("org.apache.hadoop.security.alias.CredentialProvider");
	clsCredProviderFactory = Class.forName("org.apache.hadoop.security.alias.CredentialProviderFactory");
	methCreateCredEntry = clsCredProvider.getMethod("createCredentialEntry", String.class, char[].class);
	methFlush = clsCredProvider.getMethod("flush");
	methGetPassword = Configuration.class.getMethod("getPassword", String.class);
	methGetProviders = clsCredProviderFactory.getMethod("getProviders", new Class[] { Configuration.class });
	LOG.debug("Found CredentialProviderFactory#getProviders");
	} catch (ClassNotFoundException \| NoSuchMethodException cnfe) {
	LOG.debug("Ignoring exception", cnfe);
	}
	}

	private CredentialProviderHelper() {

	}

	public static boolean isProviderAvailable() {
	return !(clsCredProvider == null
	\|\| clsCredProviderFactory == null
	\|\| methCreateCredEntry == null
	\|\| methGetPassword == null
	\|\| methFlush == null);
	}

	public static String resolveAlias(Configuration conf, String alias) throws FalconException {
	try {
	char[] cred = (char[]) methGetPassword.invoke(conf, alias);
	if (cred == null) {
	throw new FalconException("The provided alias cannot be resolved");
	}
	return new String(cred);
	} catch (InvocationTargetException ite) {
	throw new FalconException("Error resolving password "
	+ " from the credential providers ", ite.getTargetException());
	} catch (IllegalAccessException iae) {
	throw new FalconException("Error invoking the credential provider method", iae);
	}
	}

	public static void createCredentialEntry(Configuration conf, String alias, String credential)
	throws FalconException {
	if (!isProviderAvailable()) {
	throw new FalconException("CredentialProvider facility not available in the hadoop environment");
	}

	try {
	List<?> result = (List<?>) methGetProviders.invoke(null, new Object[] { conf });
	Object provider = result.get(0);
	LOG.debug("Using credential provider " + provider);

	methCreateCredEntry.invoke(provider, new Object[] { alias, credential.toCharArray() });
	methFlush.invoke(provider, new Object[] {});
	} catch (InvocationTargetException ite) {
	throw new FalconException(
	"Error creating credential entry using the credential provider", ite.getTargetException());
	} catch (IllegalAccessException iae) {
	throw new FalconException("Error accessing the credential create method", iae);
	}
	}
	}