001    /**
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing, software
013     * distributed under the License is distributed on an "AS IS" BASIS,
014     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015     * See the License for the specific language governing permissions and
016     * limitations under the License.
017     */
018    package org.apache.hadoop.crypto.key;
019    
020    import org.apache.hadoop.security.Credentials;
021    import org.apache.hadoop.security.token.Token;
022    
023    import java.io.IOException;
024    
025    /**
026     * A KeyProvider extension with the ability to add a renewer's Delegation
027     * Tokens to the provided Credentials.
028     */
029    public class KeyProviderDelegationTokenExtension extends
030        KeyProviderExtension
031        <KeyProviderDelegationTokenExtension.DelegationTokenExtension> {
032    
033      private static DelegationTokenExtension DEFAULT_EXTENSION =
034          new DefaultDelegationTokenExtension();
035    
036      /**
037       * DelegationTokenExtension is a type of Extension that exposes methods to
038       * needed to work with Delegation Tokens.
039       */
040      public interface DelegationTokenExtension extends
041        KeyProviderExtension.Extension {
042    
043        /**
044         * The implementer of this class will take a renewer and add all
045         * delegation tokens associated with the renewer to the
046         * <code>Credentials</code> object if it is not already present,
047         * @param renewer the user allowed to renew the delegation tokens
048         * @param credentials cache in which to add new delegation tokens
049         * @return list of new delegation tokens
050         * @throws IOException thrown if IOException if an IO error occurs.
051         */
052        public Token<?>[] addDelegationTokens(final String renewer,
053            Credentials credentials) throws IOException;
054      }
055    
056      /**
057       * Default implementation of {@link DelegationTokenExtension} that
058       * implements the method as a no-op.
059       */
060      private static class DefaultDelegationTokenExtension implements
061        DelegationTokenExtension {
062    
063        @Override
064        public Token<?>[] addDelegationTokens(String renewer,
065            Credentials credentials) {
066          return null;
067        }
068    
069      }
070    
071      private KeyProviderDelegationTokenExtension(KeyProvider keyProvider,
072          DelegationTokenExtension extensions) {
073        super(keyProvider, extensions);
074      }
075    
076      /**
077       * Passes the renewer and Credentials object to the underlying
078       * {@link DelegationTokenExtension}
079       * @param renewer the user allowed to renew the delegation tokens
080       * @param credentials cache in which to add new delegation tokens
081       * @return list of new delegation tokens
082       * @throws IOException thrown if IOException if an IO error occurs.
083       */
084      public Token<?>[] addDelegationTokens(final String renewer,
085          Credentials credentials) throws IOException {
086        return getExtension().addDelegationTokens(renewer, credentials);
087      }
088    
089      /**
090       * Creates a <code>KeyProviderDelegationTokenExtension</code> using a given
091       * {@link KeyProvider}.
092       * <p/>
093       * If the given <code>KeyProvider</code> implements the
094       * {@link DelegationTokenExtension} interface the <code>KeyProvider</code>
095       * itself will provide the extension functionality, otherwise a default
096       * extension implementation will be used.
097       *
098       * @param keyProvider <code>KeyProvider</code> to use to create the
099       * <code>KeyProviderDelegationTokenExtension</code> extension.
100       * @return a <code>KeyProviderDelegationTokenExtension</code> instance
101       * using the given <code>KeyProvider</code>.
102       */
103      public static KeyProviderDelegationTokenExtension
104          createKeyProviderDelegationTokenExtension(KeyProvider keyProvider) {
105    
106        DelegationTokenExtension delTokExtension =
107            (keyProvider instanceof DelegationTokenExtension) ?
108                (DelegationTokenExtension) keyProvider :
109                DEFAULT_EXTENSION;
110        return new KeyProviderDelegationTokenExtension(
111            keyProvider, delTokExtension);
112    
113      }
114    
115    }