Package org.apache.hadoop.security

Class ProviderUtils

java.lang.Object
org.apache.hadoop.security.ProviderUtils
public final class ProviderUtils extends Object
Utility methods for both key and credential provider APIs.

  • Field Details

  • Method Details

    • unnestUri

      public static Path unnestUri(URI nestedUri)
      Convert a nested URI to decode the underlying path. The translation takes the authority and parses it into the underlying scheme and authority. For example, "myscheme://hdfs@nn/my/path" is converted to "hdfs://nn/my/path".
      Parameters:
      nestedUri - the URI from the nested URI
      Returns:
      the unnested path

    • nestURIForLocalJavaKeyStoreProvider

      public static URI nestURIForLocalJavaKeyStoreProvider(URI localFile) throws URISyntaxException
      Mangle given local java keystore file URI to allow use as a LocalJavaKeyStoreProvider.
      Parameters:
      localFile - absolute URI with file scheme and no authority component. i.e. return of File.toURI, e.g. file:///home/larry/creds.jceks
      Returns:
      URI of the form localjceks://file/home/larry/creds.jceks
      Throws:
      IllegalArgumentException - if localFile isn't not a file uri or if it has an authority component.
      URISyntaxException - if the wrapping process violates RFC 2396

    • excludeIncompatibleCredentialProviders

      public static Configuration excludeIncompatibleCredentialProviders(Configuration config, Class<? extends FileSystem> fileSystemClass) throws IOException
      There are certain integrations of the credential provider API in which a recursive dependency between the provider and the hadoop filesystem abstraction causes a problem. These integration points need to leverage this utility method to remove problematic provider types from the existing provider path within the configuration.
      Parameters:
      config - the existing configuration with provider path
      fileSystemClass - the class which providers must be compatible
      Returns:
      Configuration clone with new provider path
      Throws:
      IOException - raised on errors performing I/O.

    • locatePassword

      public static char[] locatePassword(String envWithPass, String fileWithPass) throws IOException
      The password is either found in the environment or in a file. This routine implements the logic for locating the password in these locations.
      Parameters:
      envWithPass - The name of the environment variable that might contain the password. Must not be null.
      fileWithPass - The name of a file that could contain the password. Can be null.
      Returns:
      The password as a char []; null if not found.
      Throws:
      IOException - If fileWithPass is non-null and points to a nonexistent file or a file that fails to open and be read properly.

    • noPasswordWarning

      public static String noPasswordWarning(String envKey, String fileKey)

    • noPasswordError

      public static String noPasswordError(String envKey, String fileKey)