Package org.apache.hadoop.security.alias

Class AbstractJavaKeyStoreProvider

java.lang.Object

org.apache.hadoop.security.alias.CredentialProvider

org.apache.hadoop.security.alias.AbstractJavaKeyStoreProvider

Direct Known Subclasses:

KeyStoreProvider, LocalKeyStoreProvider

@Private
public abstract class AbstractJavaKeyStoreProvider
extends CredentialProvider

Abstract class for implementing credential providers that are based on Java Keystores as the underlying credential store. The password for the keystore is taken from the HADOOP_CREDSTORE_PASSWORD environment variable with a default of 'none'. It is expected that for access to credential protected resource to copy the creds from the original provider into the job's Credentials object, which is accessed via the UserProvider. Therefore, these providers won't be directly used by MapReduce tasks.

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.security.alias.CredentialProvider

CredentialProvider.CredentialEntry

Field Summary

Fields

Modifier and Type	Field	Description
static java.lang.String	CREDENTIAL_PASSWORD_DEFAULT
static java.lang.String	CREDENTIAL_PASSWORD_ENV_VAR
static java.lang.String	CREDENTIAL_PASSWORD_FILE_KEY
static org.slf4j.Logger	LOG

Fields inherited from class org.apache.hadoop.security.alias.CredentialProvider

CLEAR_TEXT_FALLBACK

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	AbstractJavaKeyStoreProvider(java.net.URI uri, Configuration conf)

Method Summary

Modifier and Type	Method	Description
static char[]	bytesToChars(byte[] bytes)
CredentialProvider.CredentialEntry	createCredentialEntry(java.lang.String alias, char[] credential)	Create a new credential.
protected abstract void	createPermissions(java.lang.String perms)
void	deleteCredentialEntry(java.lang.String name)	Delete the given credential.
void	flush()	Ensures that any changes to the credentials are written to persistent store.
protected abstract java.lang.String	getAlgorithm()
java.util.List<java.lang.String>	getAliases()	Get the aliases for all credentials.
protected Configuration	getConf()
CredentialProvider.CredentialEntry	getCredentialEntry(java.lang.String alias)	Get the credential entry for a specific alias.
protected abstract java.io.InputStream	getInputStreamForFile()
java.security.KeyStore	getKeyStore()
protected abstract java.lang.String	getKeyStoreType()
protected abstract java.io.OutputStream	getOutputStreamForKeystore()
char[]	getPassword()
Path	getPath()
protected java.lang.String	getPathAsString()
java.util.concurrent.locks.Lock	getReadLock()
protected abstract java.lang.String	getSchemeName()
java.net.URI	getUri()
java.util.concurrent.locks.Lock	getWriteLock()
protected void	initFileSystem(java.net.URI keystoreUri)
boolean	isChanged()
protected abstract boolean	keystoreExists()
boolean	needsPassword()	Does this provider require a password? This means that a password is required for normal operation, and it has not been found through normal means.
java.lang.String	noPasswordError()	If a password for the provider is needed, but is not provided, this will return an error message and instructions for supplying said password to the provider.
java.lang.String	noPasswordWarning()	If a password for the provider is needed, but is not provided, this will return a warning and instructions for supplying said password to the provider.
void	setChanged(boolean chg)
void	setPassword(char[] pass)
void	setPath(Path p)
void	setReadLock(java.util.concurrent.locks.Lock rl)
void	setWriteLock(java.util.concurrent.locks.Lock wl)
protected abstract void	stashOriginalFilePermissions()
java.lang.String	toString()

Methods inherited from class org.apache.hadoop.security.alias.CredentialProvider

isTransient

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

LOG

public static final org.slf4j.Logger LOG

CREDENTIAL_PASSWORD_ENV_VAR

public static final java.lang.String CREDENTIAL_PASSWORD_ENV_VAR

See Also:

Constant Field Values

CREDENTIAL_PASSWORD_FILE_KEY

public static final java.lang.String CREDENTIAL_PASSWORD_FILE_KEY

See Also:

Constant Field Values

CREDENTIAL_PASSWORD_DEFAULT

public static final java.lang.String CREDENTIAL_PASSWORD_DEFAULT

See Also:

Constant Field Values

Constructor Detail

AbstractJavaKeyStoreProvider

protected AbstractJavaKeyStoreProvider(java.net.URI uri,
                                       Configuration conf)
                                throws java.io.IOException

Throws:

java.io.IOException

Method Detail

getConf

protected Configuration getConf()

getPath

public Path getPath()

setPath

public void setPath(Path p)

getPassword

public char[] getPassword()

setPassword

public void setPassword(char[] pass)

isChanged

public boolean isChanged()

setChanged

public void setChanged(boolean chg)

getReadLock

public java.util.concurrent.locks.Lock getReadLock()

setReadLock

public void setReadLock(java.util.concurrent.locks.Lock rl)

getWriteLock

public java.util.concurrent.locks.Lock getWriteLock()

setWriteLock

public void setWriteLock(java.util.concurrent.locks.Lock wl)

getUri

public java.net.URI getUri()

getKeyStore

public java.security.KeyStore getKeyStore()

getPathAsString

protected final java.lang.String getPathAsString()

getSchemeName

protected abstract java.lang.String getSchemeName()

getKeyStoreType

protected abstract java.lang.String getKeyStoreType()

getAlgorithm

protected abstract java.lang.String getAlgorithm()

getOutputStreamForKeystore

protected abstract java.io.OutputStream getOutputStreamForKeystore()
                                                            throws java.io.IOException

Throws:

java.io.IOException

keystoreExists

protected abstract boolean keystoreExists()
                                   throws java.io.IOException

Throws:

java.io.IOException

getInputStreamForFile

protected abstract java.io.InputStream getInputStreamForFile()
                                                      throws java.io.IOException

Throws:

java.io.IOException

createPermissions

protected abstract void createPermissions(java.lang.String perms)
                                   throws java.io.IOException

Throws:

java.io.IOException

stashOriginalFilePermissions

protected abstract void stashOriginalFilePermissions()
                                              throws java.io.IOException

Throws:

java.io.IOException

initFileSystem

protected void initFileSystem(java.net.URI keystoreUri)
                       throws java.io.IOException

Throws:

java.io.IOException

getCredentialEntry

public CredentialProvider.CredentialEntry getCredentialEntry(java.lang.String alias)
                                                      throws java.io.IOException

Description copied from class: CredentialProvider

Get the credential entry for a specific alias.

Specified by:

getCredentialEntry in class CredentialProvider

Parameters:

alias - the name of a specific credential

Returns:

the credentialEntry

Throws:

java.io.IOException - raised on errors performing I/O.

bytesToChars

public static char[] bytesToChars(byte[] bytes)
                           throws java.io.IOException

Throws:

java.io.IOException

getAliases

public java.util.List<java.lang.String> getAliases()
                                            throws java.io.IOException

Description copied from class: CredentialProvider

Get the aliases for all credentials.

Specified by:

getAliases in class CredentialProvider

Returns:

the list of alias names

Throws:

java.io.IOException - raised on errors performing I/O.

createCredentialEntry

public CredentialProvider.CredentialEntry createCredentialEntry(java.lang.String alias,
                                                                char[] credential)
                                                         throws java.io.IOException

Description copied from class: CredentialProvider

Create a new credential. The given alias must not already exist.

Specified by:

createCredentialEntry in class CredentialProvider

Parameters:

alias - the alias of the credential

credential - the credential value for the alias.

Returns:

CredentialEntry.

Throws:

java.io.IOException - raised on errors performing I/O.

deleteCredentialEntry

public void deleteCredentialEntry(java.lang.String name)
                           throws java.io.IOException

Description copied from class: CredentialProvider

Delete the given credential.

Specified by:

deleteCredentialEntry in class CredentialProvider

Parameters:

name - the alias of the credential to delete

Throws:

java.io.IOException - raised on errors performing I/O.

flush

public void flush()
           throws java.io.IOException

Description copied from class: CredentialProvider

Ensures that any changes to the credentials are written to persistent store.

Specified by:

flush in class CredentialProvider

Throws:

java.io.IOException - raised on errors performing I/O.

needsPassword

public boolean needsPassword()
                      throws java.io.IOException

Description copied from class: CredentialProvider

Does this provider require a password? This means that a password is required for normal operation, and it has not been found through normal means. If true, the password should be provided by the caller using setPassword().

Overrides:

needsPassword in class CredentialProvider

Returns:

Whether or not the provider requires a password

Throws:

java.io.IOException - raised on errors performing I/O.

noPasswordWarning

public java.lang.String noPasswordWarning()

Description copied from class: CredentialProvider

If a password for the provider is needed, but is not provided, this will return a warning and instructions for supplying said password to the provider.

Overrides:

noPasswordWarning in class CredentialProvider

Returns:

A warning and instructions for supplying the password

noPasswordError

public java.lang.String noPasswordError()

Description copied from class: CredentialProvider

If a password for the provider is needed, but is not provided, this will return an error message and instructions for supplying said password to the provider.

Overrides:

noPasswordError in class CredentialProvider

Returns:

An error message and instructions for supplying the password

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object