Source code

001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.crypto.key;
019
020import org.apache.hadoop.security.Credentials;
021import org.apache.hadoop.security.token.Token;
022
023import java.io.IOException;
024
025/**
026 * A KeyProvider extension with the ability to add a renewer's Delegation
027 * Tokens to the provided Credentials.
028 */
029public class KeyProviderDelegationTokenExtension extends
030    KeyProviderExtension
031    <KeyProviderDelegationTokenExtension.DelegationTokenExtension> {
032
033  private static DelegationTokenExtension DEFAULT_EXTENSION =
034      new DefaultDelegationTokenExtension();
035
036  /**
037   * DelegationTokenExtension is a type of Extension that exposes methods to
038   * needed to work with Delegation Tokens.
039   */
040  public interface DelegationTokenExtension extends
041    KeyProviderExtension.Extension {
042
043    /**
044     * The implementer of this class will take a renewer and add all
045     * delegation tokens associated with the renewer to the
046     * <code>Credentials</code> object if it is not already present,
047     * @param renewer the user allowed to renew the delegation tokens
048     * @param credentials cache in which to add new delegation tokens
049     * @return list of new delegation tokens
050     * @throws IOException thrown if IOException if an IO error occurs.
051     */
052    public Token<?>[] addDelegationTokens(final String renewer,
053        Credentials credentials) throws IOException;
054  }
055
056  /**
057   * Default implementation of {@link DelegationTokenExtension} that
058   * implements the method as a no-op.
059   */
060  private static class DefaultDelegationTokenExtension implements
061    DelegationTokenExtension {
062
063    @Override
064    public Token<?>[] addDelegationTokens(String renewer,
065        Credentials credentials) {
066      return null;
067    }
068
069  }
070
071  private KeyProviderDelegationTokenExtension(KeyProvider keyProvider,
072      DelegationTokenExtension extensions) {
073    super(keyProvider, extensions);
074  }
075
076  /**
077   * Passes the renewer and Credentials object to the underlying
078   * {@link DelegationTokenExtension}
079   * @param renewer the user allowed to renew the delegation tokens
080   * @param credentials cache in which to add new delegation tokens
081   * @return list of new delegation tokens
082   * @throws IOException thrown if IOException if an IO error occurs.
083   */
084  public Token<?>[] addDelegationTokens(final String renewer,
085      Credentials credentials) throws IOException {
086    return getExtension().addDelegationTokens(renewer, credentials);
087  }
088
089  /**
090   * Creates a <code>KeyProviderDelegationTokenExtension</code> using a given
091   * {@link KeyProvider}.
092   * <p/>
093   * If the given <code>KeyProvider</code> implements the
094   * {@link DelegationTokenExtension} interface the <code>KeyProvider</code>
095   * itself will provide the extension functionality, otherwise a default
096   * extension implementation will be used.
097   *
098   * @param keyProvider <code>KeyProvider</code> to use to create the
099   * <code>KeyProviderDelegationTokenExtension</code> extension.
100   * @return a <code>KeyProviderDelegationTokenExtension</code> instance
101   * using the given <code>KeyProvider</code>.
102   */
103  public static KeyProviderDelegationTokenExtension
104      createKeyProviderDelegationTokenExtension(KeyProvider keyProvider) {
105
106    DelegationTokenExtension delTokExtension =
107        (keyProvider instanceof DelegationTokenExtension) ?
108            (DelegationTokenExtension) keyProvider :
109            DEFAULT_EXTENSION;
110    return new KeyProviderDelegationTokenExtension(
111        keyProvider, delTokExtension);
112
113  }
114
115}