Source code

001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018
019package org.apache.hadoop.security.alias;
020
021import java.io.IOException;
022import java.net.URI;
023import java.util.ArrayList;
024import java.util.List;
025
026import org.apache.hadoop.classification.InterfaceAudience;
027import org.apache.hadoop.conf.Configuration;
028import org.apache.hadoop.io.Text;
029import org.apache.hadoop.security.Credentials;
030import org.apache.hadoop.security.UserGroupInformation;
031
032/**
033 * A CredentialProvider for UGIs. It uses the credentials object associated
034 * with the current user to find credentials. This provider is created using a
035 * URI of "user:///".
036 */
037@InterfaceAudience.Private
038public class UserProvider extends CredentialProvider {
039  public static final String SCHEME_NAME = "user";
040  private final UserGroupInformation user;
041  private final Credentials credentials;
042
043  private UserProvider() throws IOException {
044    user = UserGroupInformation.getCurrentUser();
045    credentials = user.getCredentials();
046  }
047
048  @Override
049  public boolean isTransient() {
050    return true;
051  }
052
053  @Override
054  public CredentialEntry getCredentialEntry(String alias) {
055    byte[] bytes = credentials.getSecretKey(new Text(alias));
056    if (bytes == null) {
057      return null;
058    }
059    return new CredentialEntry(alias, new String(bytes).toCharArray());
060  }
061
062  @Override
063  public CredentialEntry createCredentialEntry(String name, char[] credential) 
064      throws IOException {
065    Text nameT = new Text(name);
066    if (credentials.getSecretKey(nameT) != null) {
067      throw new IOException("Credential " + name + 
068          " already exists in " + this);
069    }
070    credentials.addSecretKey(new Text(name), 
071        new String(credential).getBytes("UTF-8"));
072    return new CredentialEntry(name, credential);
073  }
074
075  @Override
076  public void deleteCredentialEntry(String name) throws IOException {
077    byte[] cred = credentials.getSecretKey(new Text(name));
078    if (cred != null) {
079      credentials.removeSecretKey(new Text(name));
080    }
081    else {
082      throw new IOException("Credential " + name + 
083          " does not exist in " + this);
084    }
085  }
086
087  @Override
088  public String toString() {
089    return SCHEME_NAME + ":///";
090  }
091
092  @Override
093  public void flush() {
094    user.addCredentials(credentials);
095  }
096
097  public static class Factory extends CredentialProviderFactory {
098
099    @Override
100    public CredentialProvider createProvider(URI providerName,
101                                      Configuration conf) throws IOException {
102      if (SCHEME_NAME.equals(providerName.getScheme())) {
103        return new UserProvider();
104      }
105      return null;
106    }
107  }
108
109  @Override
110  public List<String> getAliases() throws IOException {
111    List<String> list = new ArrayList<String>();
112    List<Text> aliases = credentials.getAllSecretKeys();
113    for (Text key : aliases) {
114      list.add(key.toString());
115    }
116    return list;
117  }
118}