001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements. See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership. The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License. You may obtain a copy of the License at
009 *
010 * http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018
019 package org.apache.hadoop.security.alias;
020
021 import java.io.IOException;
022 import java.net.URI;
023 import java.util.ArrayList;
024 import java.util.List;
025
026 import org.apache.hadoop.classification.InterfaceAudience;
027 import org.apache.hadoop.conf.Configuration;
028 import org.apache.hadoop.io.Text;
029 import org.apache.hadoop.security.Credentials;
030 import org.apache.hadoop.security.UserGroupInformation;
031
032 /**
033 * A CredentialProvider for UGIs. It uses the credentials object associated
034 * with the current user to find credentials. This provider is created using a
035 * URI of "user:///".
036 */
037 @InterfaceAudience.Private
038 public class UserProvider extends CredentialProvider {
039 public static final String SCHEME_NAME = "user";
040 private final UserGroupInformation user;
041 private final Credentials credentials;
042
043 private UserProvider() throws IOException {
044 user = UserGroupInformation.getCurrentUser();
045 credentials = user.getCredentials();
046 }
047
048 @Override
049 public boolean isTransient() {
050 return true;
051 }
052
053 @Override
054 public CredentialEntry getCredentialEntry(String alias) {
055 byte[] bytes = credentials.getSecretKey(new Text(alias));
056 if (bytes == null) {
057 return null;
058 }
059 return new CredentialEntry(alias, new String(bytes).toCharArray());
060 }
061
062 @Override
063 public CredentialEntry createCredentialEntry(String name, char[] credential)
064 throws IOException {
065 Text nameT = new Text(name);
066 if (credentials.getSecretKey(nameT) != null) {
067 throw new IOException("Credential " + name +
068 " already exists in " + this);
069 }
070 credentials.addSecretKey(new Text(name),
071 new String(credential).getBytes("UTF-8"));
072 return new CredentialEntry(name, credential);
073 }
074
075 @Override
076 public void deleteCredentialEntry(String name) throws IOException {
077 byte[] cred = credentials.getSecretKey(new Text(name));
078 if (cred != null) {
079 credentials.removeSecretKey(new Text(name));
080 }
081 else {
082 throw new IOException("Credential " + name +
083 " does not exist in " + this);
084 }
085 }
086
087 @Override
088 public String toString() {
089 return SCHEME_NAME + ":///";
090 }
091
092 @Override
093 public void flush() {
094 user.addCredentials(credentials);
095 }
096
097 public static class Factory extends CredentialProviderFactory {
098
099 @Override
100 public CredentialProvider createProvider(URI providerName,
101 Configuration conf) throws IOException {
102 if (SCHEME_NAME.equals(providerName.getScheme())) {
103 return new UserProvider();
104 }
105 return null;
106 }
107 }
108
109 @Override
110 public List<String> getAliases() throws IOException {
111 List<String> list = new ArrayList<String>();
112 List<Text> aliases = credentials.getAllSecretKeys();
113 for (Text key : aliases) {
114 list.add(key.toString());
115 }
116 return list;
117 }
118 }