Package org.apache.hadoop.security

Class ProviderUtils

java.lang.Object

org.apache.hadoop.security.ProviderUtils

public final class ProviderUtils
extends java.lang.Object

Utility methods for both key and credential provider APIs.

Field Summary

Fields

Modifier and Type	Field	Description
static java.lang.String	NO_PASSWORD_CONT
static java.lang.String	NO_PASSWORD_ERROR
static java.lang.String	NO_PASSWORD_INSTRUCTIONS_DOC
static java.lang.String	NO_PASSWORD_WARN

Method Summary

Modifier and Type	Method	Description
static Configuration	excludeIncompatibleCredentialProviders(Configuration config, java.lang.Class<? extends FileSystem> fileSystemClass)	There are certain integrations of the credential provider API in which a recursive dependency between the provider and the hadoop filesystem abstraction causes a problem.
static char[]	locatePassword(java.lang.String envWithPass, java.lang.String fileWithPass)	The password is either found in the environment or in a file.
static java.net.URI	nestURIForLocalJavaKeyStoreProvider(java.net.URI localFile)	Mangle given local java keystore file URI to allow use as a LocalJavaKeyStoreProvider.
static java.lang.String	noPasswordError(java.lang.String envKey, java.lang.String fileKey)
static java.lang.String	noPasswordWarning(java.lang.String envKey, java.lang.String fileKey)
static Path	unnestUri(java.net.URI nestedUri)	Convert a nested URI to decode the underlying path.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

NO_PASSWORD_WARN

@VisibleForTesting
public static final java.lang.String NO_PASSWORD_WARN

See Also:

Constant Field Values

NO_PASSWORD_ERROR

@VisibleForTesting
public static final java.lang.String NO_PASSWORD_ERROR

See Also:

Constant Field Values

NO_PASSWORD_CONT

@VisibleForTesting
public static final java.lang.String NO_PASSWORD_CONT

See Also:

Constant Field Values

NO_PASSWORD_INSTRUCTIONS_DOC

@VisibleForTesting
public static final java.lang.String NO_PASSWORD_INSTRUCTIONS_DOC

See Also:

Constant Field Values

Method Detail

unnestUri

public static Path unnestUri(java.net.URI nestedUri)

Convert a nested URI to decode the underlying path. The translation takes the authority and parses it into the underlying scheme and authority. For example, "myscheme://hdfs@nn/my/path" is converted to "hdfs://nn/my/path".

Parameters:

nestedUri - the URI from the nested URI

Returns:

the unnested path

nestURIForLocalJavaKeyStoreProvider

public static java.net.URI nestURIForLocalJavaKeyStoreProvider(java.net.URI localFile)
                                                        throws java.net.URISyntaxException

Mangle given local java keystore file URI to allow use as a LocalJavaKeyStoreProvider.

Parameters:

localFile - absolute URI with file scheme and no authority component. i.e. return of File.toURI, e.g. file:///home/larry/creds.jceks

Returns:

URI of the form localjceks://file/home/larry/creds.jceks

Throws:

java.lang.IllegalArgumentException - if localFile isn't not a file uri or if it has an authority component.

java.net.URISyntaxException - if the wrapping process violates RFC 2396

excludeIncompatibleCredentialProviders

public static Configuration excludeIncompatibleCredentialProviders(Configuration config,
                                                                   java.lang.Class<? extends FileSystem> fileSystemClass)
                                                            throws java.io.IOException

There are certain integrations of the credential provider API in which a recursive dependency between the provider and the hadoop filesystem abstraction causes a problem. These integration points need to leverage this utility method to remove problematic provider types from the existing provider path within the configuration.

Parameters:

config - the existing configuration with provider path

fileSystemClass - the class which providers must be compatible

Returns:

Configuration clone with new provider path

Throws:

java.io.IOException - raised on errors performing I/O.

locatePassword

public static char[] locatePassword(java.lang.String envWithPass,
                                    java.lang.String fileWithPass)
                             throws java.io.IOException

The password is either found in the environment or in a file. This routine implements the logic for locating the password in these locations.

Parameters:

envWithPass - The name of the environment variable that might contain the password. Must not be null.

fileWithPass - The name of a file that could contain the password. Can be null.

Returns:

The password as a char []; null if not found.

Throws:

java.io.IOException - If fileWithPass is non-null and points to a nonexistent file or a file that fails to open and be read properly.

noPasswordWarning

public static java.lang.String noPasswordWarning(java.lang.String envKey,
                                                 java.lang.String fileKey)

noPasswordError

public static java.lang.String noPasswordError(java.lang.String envKey,
                                               java.lang.String fileKey)