Package org.apache.hadoop.security.alias

Class AbstractJavaKeyStoreProvider

java.lang.Object
org.apache.hadoop.security.alias.CredentialProvider
org.apache.hadoop.security.alias.AbstractJavaKeyStoreProvider
Direct Known Subclasses:
KeyStoreProvider, LocalKeyStoreProvider
@Private public abstract class AbstractJavaKeyStoreProvider extends CredentialProvider
Abstract class for implementing credential providers that are based on Java Keystores as the underlying credential store. The password for the keystore is taken from the HADOOP_CREDSTORE_PASSWORD environment variable with a default of 'none'. It is expected that for access to credential protected resource to copy the creds from the original provider into the job's Credentials object, which is accessed via the UserProvider. Therefore, these providers won't be directly used by MapReduce tasks.

  • Field Details

  • Constructor Details

  • Method Details

    • getConf

      protected Configuration getConf()

    • getPath

      public Path getPath()

    • setPath

      public void setPath(Path p)

    • getPassword

      public char[] getPassword()

    • setPassword

      public void setPassword(char[] pass)

    • isChanged

      public boolean isChanged()

    • setChanged

      public void setChanged(boolean chg)

    • getReadLock

      public Lock getReadLock()

    • setReadLock

      public void setReadLock(Lock rl)

    • getWriteLock

      public Lock getWriteLock()

    • setWriteLock

      public void setWriteLock(Lock wl)

    • getUri

      public URI getUri()

    • getKeyStore

      public KeyStore getKeyStore()

    • getPathAsString

      protected final String getPathAsString()

    • getSchemeName

      protected abstract String getSchemeName()

    • getKeyStoreType

      protected abstract String getKeyStoreType()

    • getAlgorithm

      protected abstract String getAlgorithm()

    • getOutputStreamForKeystore

      protected abstract OutputStream getOutputStreamForKeystore() throws IOException
      Throws:
      IOException

    • keystoreExists

      protected abstract boolean keystoreExists() throws IOException
      Throws:
      IOException

    • getInputStreamForFile

      protected abstract InputStream getInputStreamForFile() throws IOException
      Throws:
      IOException

    • createPermissions

      protected abstract void createPermissions(String perms) throws IOException
      Throws:
      IOException

    • stashOriginalFilePermissions

      protected abstract void stashOriginalFilePermissions() throws IOException
      Throws:
      IOException

    • initFileSystem

      protected void initFileSystem(URI keystoreUri) throws IOException
      Throws:
      IOException

    • getCredentialEntry

      public CredentialProvider.CredentialEntry getCredentialEntry(String alias) throws IOException
      Description copied from class: CredentialProvider
      Get the credential entry for a specific alias.
      Specified by:
      getCredentialEntry in class CredentialProvider
      Parameters:
      alias - the name of a specific credential
      Returns:
      the credentialEntry
      Throws:
      IOException - raised on errors performing I/O.

    • bytesToChars

      public static char[] bytesToChars(byte[] bytes) throws IOException
      Throws:
      IOException

    • getAliases

      public List<String> getAliases() throws IOException
      Description copied from class: CredentialProvider
      Get the aliases for all credentials.
      Specified by:
      getAliases in class CredentialProvider
      Returns:
      the list of alias names
      Throws:
      IOException - raised on errors performing I/O.

    • createCredentialEntry

      public CredentialProvider.CredentialEntry createCredentialEntry(String alias, char[] credential) throws IOException
      Description copied from class: CredentialProvider
      Create a new credential. The given alias must not already exist.
      Specified by:
      createCredentialEntry in class CredentialProvider
      Parameters:
      alias - the alias of the credential
      credential - the credential value for the alias.
      Returns:
      CredentialEntry.
      Throws:
      IOException - raised on errors performing I/O.

    • deleteCredentialEntry

      public void deleteCredentialEntry(String name) throws IOException
      Description copied from class: CredentialProvider
      Delete the given credential.
      Specified by:
      deleteCredentialEntry in class CredentialProvider
      Parameters:
      name - the alias of the credential to delete
      Throws:
      IOException - raised on errors performing I/O.

    • flush

      public void flush() throws IOException
      Description copied from class: CredentialProvider
      Ensures that any changes to the credentials are written to persistent store.
      Specified by:
      flush in class CredentialProvider
      Throws:
      IOException - raised on errors performing I/O.

    • needsPassword

      public boolean needsPassword() throws IOException
      Description copied from class: CredentialProvider
      Does this provider require a password? This means that a password is required for normal operation, and it has not been found through normal means. If true, the password should be provided by the caller using setPassword().
      Overrides:
      needsPassword in class CredentialProvider
      Returns:
      Whether or not the provider requires a password
      Throws:
      IOException - raised on errors performing I/O.

    • noPasswordWarning

      public String noPasswordWarning()
      Description copied from class: CredentialProvider
      If a password for the provider is needed, but is not provided, this will return a warning and instructions for supplying said password to the provider.
      Overrides:
      noPasswordWarning in class CredentialProvider
      Returns:
      A warning and instructions for supplying the password

    • noPasswordError

      public String noPasswordError()
      Description copied from class: CredentialProvider
      If a password for the provider is needed, but is not provided, this will return an error message and instructions for supplying said password to the provider.
      Overrides:
      noPasswordError in class CredentialProvider
      Returns:
      An error message and instructions for supplying the password

    • toString

      public String toString()
      Overrides:
      toString in class Object