| /** |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package org.apache.hadoop.hdfs.security.token.block; |
| |
| import java.io.IOException; |
| import java.util.EnumSet; |
| import java.util.HashMap; |
| import java.util.Map; |
| |
| import org.apache.hadoop.hdfs.protocol.ExtendedBlock; |
| import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager.AccessMode; |
| import org.apache.hadoop.security.token.SecretManager; |
| import org.apache.hadoop.security.token.Token; |
| |
| import com.google.common.annotations.VisibleForTesting; |
| |
| /** |
| * Manages a {@link BlockTokenSecretManager} per block pool. Routes the requests |
| * given a block pool Id to corresponding {@link BlockTokenSecretManager} |
| */ |
| public class BlockPoolTokenSecretManager extends |
| SecretManager<BlockTokenIdentifier> { |
| |
| private final Map<String, BlockTokenSecretManager> map = |
| new HashMap<String, BlockTokenSecretManager>(); |
| |
| /** |
| * Add a block pool Id and corresponding {@link BlockTokenSecretManager} to map |
| * @param bpid block pool Id |
| * @param secretMgr {@link BlockTokenSecretManager} |
| */ |
| public synchronized void addBlockPool(String bpid, |
| BlockTokenSecretManager secretMgr) { |
| map.put(bpid, secretMgr); |
| } |
| |
| synchronized BlockTokenSecretManager get(String bpid) { |
| BlockTokenSecretManager secretMgr = map.get(bpid); |
| if (secretMgr == null) { |
| throw new IllegalArgumentException("Block pool " + bpid |
| + " is not found"); |
| } |
| return secretMgr; |
| } |
| |
| public synchronized boolean isBlockPoolRegistered(String bpid) { |
| return map.containsKey(bpid); |
| } |
| |
| /** Return an empty BlockTokenIdentifer */ |
| @Override |
| public BlockTokenIdentifier createIdentifier() { |
| return new BlockTokenIdentifier(); |
| } |
| |
| @Override |
| public byte[] createPassword(BlockTokenIdentifier identifier) { |
| return get(identifier.getBlockPoolId()).createPassword(identifier); |
| } |
| |
| @Override |
| public byte[] retrievePassword(BlockTokenIdentifier identifier) |
| throws InvalidToken { |
| return get(identifier.getBlockPoolId()).retrievePassword(identifier); |
| } |
| |
| /** |
| * See {@link BlockTokenSecretManager#checkAccess(BlockTokenIdentifier, |
| * String, ExtendedBlock, AccessMode)} |
| */ |
| public void checkAccess(BlockTokenIdentifier id, String userId, |
| ExtendedBlock block, AccessMode mode) throws InvalidToken { |
| get(block.getBlockPoolId()).checkAccess(id, userId, block, mode); |
| } |
| |
| /** |
| * See {@link BlockTokenSecretManager#checkAccess(Token, String, |
| * ExtendedBlock, AccessMode)} |
| */ |
| public void checkAccess(Token<BlockTokenIdentifier> token, |
| String userId, ExtendedBlock block, AccessMode mode) throws InvalidToken { |
| get(block.getBlockPoolId()).checkAccess(token, userId, block, mode); |
| } |
| |
| /** |
| * See {@link BlockTokenSecretManager#addKeys(ExportedBlockKeys)} |
| */ |
| public void addKeys(String bpid, ExportedBlockKeys exportedKeys) |
| throws IOException { |
| get(bpid).addKeys(exportedKeys); |
| } |
| |
| /** |
| * See {@link BlockTokenSecretManager#generateToken(ExtendedBlock, EnumSet)} |
| */ |
| public Token<BlockTokenIdentifier> generateToken(ExtendedBlock b, |
| EnumSet<AccessMode> of) throws IOException { |
| return get(b.getBlockPoolId()).generateToken(b, of); |
| } |
| |
| @VisibleForTesting |
| public void clearAllKeysForTesting() { |
| for (BlockTokenSecretManager btsm : map.values()) { |
| btsm.clearAllKeysForTesting(); |
| } |
| } |
| |
| public DataEncryptionKey generateDataEncryptionKey(String blockPoolId) { |
| return get(blockPoolId).generateDataEncryptionKey(); |
| } |
| |
| public byte[] retrieveDataEncryptionKey(int keyId, String blockPoolId, |
| byte[] nonce) throws IOException { |
| return get(blockPoolId).retrieveDataEncryptionKey(keyId, nonce); |
| } |
| } |