hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/protocol/SCMSecurityProtocol.java - ozone - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with this
  * work for additional information regarding copyright ownership.  The ASF
  * licenses this file to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  * License for the specific language governing permissions and limitations under
  * the License.
  */
 package org.apache.hadoop.hdds.protocol;

 import java.io.IOException;
 import java.util.List;

 import org.apache.hadoop.hdds.annotation.InterfaceAudience;
 import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
 import org.apache.hadoop.hdds.protocol.proto.HddsProtos.DatanodeDetailsProto;
 import org.apache.hadoop.hdds.protocol.proto.HddsProtos.OzoneManagerDetailsProto;
 import org.apache.hadoop.hdds.protocol.proto.HddsProtos.ScmNodeDetailsProto;
 import org.apache.hadoop.hdds.scm.ScmConfig;
 import org.apache.hadoop.hdds.security.x509.crl.CRLInfo;
 import org.apache.hadoop.security.KerberosInfo;

 /**
  * The protocol used to perform security related operations with SCM.
  */
 @KerberosInfo(
     serverPrincipal = ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
 @InterfaceAudience.Private
 public interface SCMSecurityProtocol {

   @SuppressWarnings("checkstyle:ConstantName")
   /**
    * Version 1: Initial version.
    */
   long versionID = 1L;

   /**
    * Get SCM signed certificate for DataNode.
    *
    * @param dataNodeDetails - DataNode Details.
    * @param certSignReq     - Certificate signing request.
    * @return byte[]         - SCM signed certificate.
    */
   String getDataNodeCertificate(
       DatanodeDetailsProto dataNodeDetails,
       String certSignReq) throws IOException;

   /**
    * Get SCM signed certificate for OM.
    *
    * @param omDetails       - DataNode Details.
    * @param certSignReq     - Certificate signing request.
    * @return String         - pem encoded SCM signed
    *                          certificate.
    */
   String getOMCertificate(OzoneManagerDetailsProto omDetails,
       String certSignReq) throws IOException;


   /**
    * Get signed certificate for SCM.
    *
    * @param scmNodeDetails  - SCM Node Details.
    * @param certSignReq     - Certificate signing request.
    * @return String         - pem encoded SCM signed
    *                          certificate.
    */
   String getSCMCertificate(ScmNodeDetailsProto scmNodeDetails,
       String certSignReq) throws IOException;

   /**
    * Get SCM signed certificate for given certificate serial id if it exists.
    * Throws exception if it's not found.
    *
    * @param certSerialId    - Certificate serial id.
    * @return String         - pem encoded SCM signed
    *                          certificate with given cert id if it
    *                          exists.
    */
   String getCertificate(String certSerialId) throws IOException;

   /**
    * Get CA certificate.
    *
    * @return String         - pem encoded CA certificate.
    */
   String getCACertificate() throws IOException;

   /**
    * Get list of certificates meet the query criteria.
    *
    * @param type            - node type: OM/SCM/DN.
    * @param startSerialId   - start certificate serial id.
    * @param count           - max number of certificates returned in a batch.
    * @param isRevoked       - whether list for revoked certs only.
    * @return list of PEM encoded certificate strings.
    */
   List<String> listCertificate(HddsProtos.NodeType type, long startSerialId,
       int count, boolean isRevoked) throws IOException;

   /**
    * Get Root CA certificate.
    * @return
    * @throws IOException
    */
   String getRootCACertificate() throws IOException;

   /**
    * Returns all the individual SCM CA's along with Root CA.
    *
    * For example 3 nodes SCM HA cluster, the output will be
    *
    * SCM1 CA
    * SCM2 CA
    * SCM3 CA
    * Root CA
    * @return list of CA's
    *
    * For example on non-HA cluster the output will be SCM CA and Root CA.
    *
    * SCM CA
    * Root CA
    *
    * @throws IOException
    */
   List<String> listCACertificate() throws IOException;

   /**
    * Get the CRLInfo based on the CRL Id.
    * @param crlIds - crl ids
    * @return list of CRLInfo
    * @throws IOException
    */
   List<CRLInfo> getCrls(List<Long> crlIds) throws IOException;

   /**
    * Get the latest CRL id.
    * @return latest CRL id.
    */
   long getLatestCrlId() throws IOException;

 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with this
	* work for additional information regarding copyright ownership. The ASF
	* licenses this file to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	* License for the specific language governing permissions and limitations under
	* the License.
	*/
	package org.apache.hadoop.hdds.protocol;

	import java.io.IOException;
	import java.util.List;

	import org.apache.hadoop.hdds.annotation.InterfaceAudience;
	import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
	import org.apache.hadoop.hdds.protocol.proto.HddsProtos.DatanodeDetailsProto;
	import org.apache.hadoop.hdds.protocol.proto.HddsProtos.OzoneManagerDetailsProto;
	import org.apache.hadoop.hdds.protocol.proto.HddsProtos.ScmNodeDetailsProto;
	import org.apache.hadoop.hdds.scm.ScmConfig;
	import org.apache.hadoop.hdds.security.x509.crl.CRLInfo;
	import org.apache.hadoop.security.KerberosInfo;

	/**
	* The protocol used to perform security related operations with SCM.
	*/
	@KerberosInfo(
	serverPrincipal = ScmConfig.ConfigStrings.HDDS_SCM_KERBEROS_PRINCIPAL_KEY)
	@InterfaceAudience.Private
	public interface SCMSecurityProtocol {

	@SuppressWarnings("checkstyle:ConstantName")
	/**
	* Version 1: Initial version.
	*/
	long versionID = 1L;

	/**
	* Get SCM signed certificate for DataNode.
	*
	* @param dataNodeDetails - DataNode Details.
	* @param certSignReq - Certificate signing request.
	* @return byte[] - SCM signed certificate.
	*/
	String getDataNodeCertificate(
	DatanodeDetailsProto dataNodeDetails,
	String certSignReq) throws IOException;

	/**
	* Get SCM signed certificate for OM.
	*
	* @param omDetails - DataNode Details.
	* @param certSignReq - Certificate signing request.
	* @return String - pem encoded SCM signed
	* certificate.
	*/
	String getOMCertificate(OzoneManagerDetailsProto omDetails,
	String certSignReq) throws IOException;


	/**
	* Get signed certificate for SCM.
	*
	* @param scmNodeDetails - SCM Node Details.
	* @param certSignReq - Certificate signing request.
	* @return String - pem encoded SCM signed
	* certificate.
	*/
	String getSCMCertificate(ScmNodeDetailsProto scmNodeDetails,
	String certSignReq) throws IOException;

	/**
	* Get SCM signed certificate for given certificate serial id if it exists.
	* Throws exception if it's not found.
	*
	* @param certSerialId - Certificate serial id.
	* @return String - pem encoded SCM signed
	* certificate with given cert id if it
	* exists.
	*/
	String getCertificate(String certSerialId) throws IOException;

	/**
	* Get CA certificate.
	*
	* @return String - pem encoded CA certificate.
	*/
	String getCACertificate() throws IOException;

	/**
	* Get list of certificates meet the query criteria.
	*
	* @param type - node type: OM/SCM/DN.
	* @param startSerialId - start certificate serial id.
	* @param count - max number of certificates returned in a batch.
	* @param isRevoked - whether list for revoked certs only.
	* @return list of PEM encoded certificate strings.
	*/
	List<String> listCertificate(HddsProtos.NodeType type, long startSerialId,
	int count, boolean isRevoked) throws IOException;

	/**
	* Get Root CA certificate.
	* @return
	* @throws IOException
	*/
	String getRootCACertificate() throws IOException;

	/**
	* Returns all the individual SCM CA's along with Root CA.
	*
	* For example 3 nodes SCM HA cluster, the output will be
	*
	* SCM1 CA
	* SCM2 CA
	* SCM3 CA
	* Root CA
	* @return list of CA's
	*
	* For example on non-HA cluster the output will be SCM CA and Root CA.
	*
	* SCM CA
	* Root CA
	*
	* @throws IOException
	*/
	List<String> listCACertificate() throws IOException;

	/**
	* Get the CRLInfo based on the CRL Id.
	* @param crlIds - crl ids
	* @return list of CRLInfo
	* @throws IOException
	*/
	List<CRLInfo> getCrls(List<Long> crlIds) throws IOException;

	/**
	* Get the latest CRL id.
	* @return latest CRL id.
	*/
	long getLatestCrlId() throws IOException;

	}