hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/CredentialProvider.java - hadoop - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.hadoop.security.alias;

 import java.io.IOException;
 import java.util.List;

 import org.apache.hadoop.classification.InterfaceAudience;
 import org.apache.hadoop.classification.InterfaceStability;
 import org.apache.hadoop.fs.CommonConfigurationKeysPublic;

 /**
  * A provider of credentials or password for Hadoop applications. Provides an
  * abstraction to separate credential storage from users of them. It
  * is intended to support getting or storing passwords in a variety of ways,
  * including third party bindings.
  */
 @InterfaceAudience.Public
 @InterfaceStability.Unstable
 public abstract class CredentialProvider {
   public static final String CLEAR_TEXT_FALLBACK =
       CommonConfigurationKeysPublic.
           HADOOP_SECURITY_CREDENTIAL_CLEAR_TEXT_FALLBACK;

   /**
    * The combination of both the alias and the actual credential value.
    */
   public static class CredentialEntry {
     private final String alias;
     private final char[] credential;

     protected CredentialEntry(String alias,
                          char[] credential) {
       this.alias = alias;
       this.credential = credential;
     }

     public String getAlias() {
       return alias;
     }

     public char[] getCredential() {
       return credential;
     }

     public String toString() {
       StringBuilder buf = new StringBuilder();
       buf.append("alias(");
       buf.append(alias);
       buf.append(")=");
       if (credential == null) {
         buf.append("null");
       } else {
         for(char c: credential) {
           buf.append(c);
         }
       }
       return buf.toString();
     }
   }

   /**
    * Indicates whether this provider represents a store
    * that is intended for transient use - such as the UserProvider
    * is. These providers are generally used to provide job access to
    * passwords rather than for long term storage.
    * @return true if transient, false otherwise
    */
   public boolean isTransient() {
     return false;
   }

   /**
    * Ensures that any changes to the credentials are written to persistent
    * store.
    * @throws IOException
    */
   public abstract void flush() throws IOException;

   /**
    * Get the credential entry for a specific alias.
    * @param alias the name of a specific credential
    * @return the credentialEntry
    * @throws IOException
    */
   public abstract CredentialEntry getCredentialEntry(String alias)
       throws IOException;

   /**
    * Get the aliases for all credentials.
    * @return the list of alias names
    * @throws IOException
    */
   public abstract List<String> getAliases() throws IOException;

   /**
    * Create a new credential. The given alias must not already exist.
    * @param name the alias of the credential
    * @param credential the credential value for the alias.
    * @throws IOException
    */
   public abstract CredentialEntry createCredentialEntry(String name,
       char[] credential) throws IOException;

   /**
    * Delete the given credential.
    * @param name the alias of the credential to delete
    * @throws IOException
    */
   public abstract void deleteCredentialEntry(String name) throws IOException;

   /**
    * Does this provider require a password? This means that a password is
    * required for normal operation, and it has not been found through normal
    * means. If true, the password should be provided by the caller using
    * setPassword().
    * @return Whether or not the provider requires a password
    * @throws IOException
    */
   public boolean needsPassword() throws IOException {
     return false;
   }

   /**
    * If a password for the provider is needed, but is not provided, this will
    * return a warning and instructions for supplying said password to the
    * provider.
    * @return A warning and instructions for supplying the password
    */
   public String noPasswordWarning() {
     return null;
   }

   /**
    * If a password for the provider is needed, but is not provided, this will
    * return an error message and instructions for supplying said password to
    * the provider.
    * @return An error message and instructions for supplying the password
    */
   public String noPasswordError() {
     return null;
   }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.hadoop.security.alias;

	import java.io.IOException;
	import java.util.List;

	import org.apache.hadoop.classification.InterfaceAudience;
	import org.apache.hadoop.classification.InterfaceStability;
	import org.apache.hadoop.fs.CommonConfigurationKeysPublic;

	/**
	* A provider of credentials or password for Hadoop applications. Provides an
	* abstraction to separate credential storage from users of them. It
	* is intended to support getting or storing passwords in a variety of ways,
	* including third party bindings.
	*/
	@InterfaceAudience.Public
	@InterfaceStability.Unstable
	public abstract class CredentialProvider {
	public static final String CLEAR_TEXT_FALLBACK =
	CommonConfigurationKeysPublic.
	HADOOP_SECURITY_CREDENTIAL_CLEAR_TEXT_FALLBACK;

	/**
	* The combination of both the alias and the actual credential value.
	*/
	public static class CredentialEntry {
	private final String alias;
	private final char[] credential;

	protected CredentialEntry(String alias,
	char[] credential) {
	this.alias = alias;
	this.credential = credential;
	}

	public String getAlias() {
	return alias;
	}

	public char[] getCredential() {
	return credential;
	}

	public String toString() {
	StringBuilder buf = new StringBuilder();
	buf.append("alias(");
	buf.append(alias);
	buf.append(")=");
	if (credential == null) {
	buf.append("null");
	} else {
	for(char c: credential) {
	buf.append(c);
	}
	}
	return buf.toString();
	}
	}

	/**
	* Indicates whether this provider represents a store
	* that is intended for transient use - such as the UserProvider
	* is. These providers are generally used to provide job access to
	* passwords rather than for long term storage.
	* @return true if transient, false otherwise
	*/
	public boolean isTransient() {
	return false;
	}

	/**
	* Ensures that any changes to the credentials are written to persistent
	* store.
	* @throws IOException
	*/
	public abstract void flush() throws IOException;

	/**
	* Get the credential entry for a specific alias.
	* @param alias the name of a specific credential
	* @return the credentialEntry
	* @throws IOException
	*/
	public abstract CredentialEntry getCredentialEntry(String alias)
	throws IOException;

	/**
	* Get the aliases for all credentials.
	* @return the list of alias names
	* @throws IOException
	*/
	public abstract List<String> getAliases() throws IOException;

	/**
	* Create a new credential. The given alias must not already exist.
	* @param name the alias of the credential
	* @param credential the credential value for the alias.
	* @throws IOException
	*/
	public abstract CredentialEntry createCredentialEntry(String name,
	char[] credential) throws IOException;

	/**
	* Delete the given credential.
	* @param name the alias of the credential to delete
	* @throws IOException
	*/
	public abstract void deleteCredentialEntry(String name) throws IOException;

	/**
	* Does this provider require a password? This means that a password is
	* required for normal operation, and it has not been found through normal
	* means. If true, the password should be provided by the caller using
	* setPassword().
	* @return Whether or not the provider requires a password
	* @throws IOException
	*/
	public boolean needsPassword() throws IOException {
	return false;
	}

	/**
	* If a password for the provider is needed, but is not provided, this will
	* return a warning and instructions for supplying said password to the
	* provider.
	* @return A warning and instructions for supplying the password
	*/
	public String noPasswordWarning() {
	return null;
	}

	/**
	* If a password for the provider is needed, but is not provided, this will
	* return an error message and instructions for supplying said password to
	* the provider.
	* @return An error message and instructions for supplying the password
	*/
	public String noPasswordError() {
	return null;
	}
	}