001/** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.crypto.key; 019 020import org.apache.hadoop.security.Credentials; 021import org.apache.hadoop.security.token.Token; 022 023import java.io.IOException; 024 025/** 026 * A KeyProvider extension with the ability to add a renewer's Delegation 027 * Tokens to the provided Credentials. 028 */ 029public class KeyProviderDelegationTokenExtension extends 030 KeyProviderExtension 031 <KeyProviderDelegationTokenExtension.DelegationTokenExtension> { 032 033 private static DelegationTokenExtension DEFAULT_EXTENSION = 034 new DefaultDelegationTokenExtension(); 035 036 /** 037 * DelegationTokenExtension is a type of Extension that exposes methods to 038 * needed to work with Delegation Tokens. 039 */ 040 public interface DelegationTokenExtension extends 041 KeyProviderExtension.Extension { 042 043 /** 044 * The implementer of this class will take a renewer and add all 045 * delegation tokens associated with the renewer to the 046 * <code>Credentials</code> object if it is not already present, 047 * @param renewer the user allowed to renew the delegation tokens 048 * @param credentials cache in which to add new delegation tokens 049 * @return list of new delegation tokens 050 * @throws IOException thrown if IOException if an IO error occurs. 051 */ 052 public Token<?>[] addDelegationTokens(final String renewer, 053 Credentials credentials) throws IOException; 054 } 055 056 /** 057 * Default implementation of {@link DelegationTokenExtension} that 058 * implements the method as a no-op. 059 */ 060 private static class DefaultDelegationTokenExtension implements 061 DelegationTokenExtension { 062 063 @Override 064 public Token<?>[] addDelegationTokens(String renewer, 065 Credentials credentials) { 066 return null; 067 } 068 069 } 070 071 private KeyProviderDelegationTokenExtension(KeyProvider keyProvider, 072 DelegationTokenExtension extensions) { 073 super(keyProvider, extensions); 074 } 075 076 /** 077 * Passes the renewer and Credentials object to the underlying 078 * {@link DelegationTokenExtension} 079 * @param renewer the user allowed to renew the delegation tokens 080 * @param credentials cache in which to add new delegation tokens 081 * @return list of new delegation tokens 082 * @throws IOException thrown if IOException if an IO error occurs. 083 */ 084 public Token<?>[] addDelegationTokens(final String renewer, 085 Credentials credentials) throws IOException { 086 return getExtension().addDelegationTokens(renewer, credentials); 087 } 088 089 /** 090 * Creates a <code>KeyProviderDelegationTokenExtension</code> using a given 091 * {@link KeyProvider}. 092 * <p/> 093 * If the given <code>KeyProvider</code> implements the 094 * {@link DelegationTokenExtension} interface the <code>KeyProvider</code> 095 * itself will provide the extension functionality, otherwise a default 096 * extension implementation will be used. 097 * 098 * @param keyProvider <code>KeyProvider</code> to use to create the 099 * <code>KeyProviderDelegationTokenExtension</code> extension. 100 * @return a <code>KeyProviderDelegationTokenExtension</code> instance 101 * using the given <code>KeyProvider</code>. 102 */ 103 public static KeyProviderDelegationTokenExtension 104 createKeyProviderDelegationTokenExtension(KeyProvider keyProvider) { 105 106 DelegationTokenExtension delTokExtension = 107 (keyProvider instanceof DelegationTokenExtension) ? 108 (DelegationTokenExtension) keyProvider : 109 DEFAULT_EXTENSION; 110 return new KeyProviderDelegationTokenExtension( 111 keyProvider, delTokExtension); 112 113 } 114 115}