KeyProviderDelegationTokenExtension.java

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.hadoop.crypto.key;

import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.token.Token;

import java.io.IOException;

/**
 * A KeyProvider extension with the ability to add a renewer's Delegation
 * Tokens to the provided Credentials.
 */
public class KeyProviderDelegationTokenExtension extends
    KeyProviderExtension
    <KeyProviderDelegationTokenExtension.DelegationTokenExtension> {

  private static DelegationTokenExtension DEFAULT_EXTENSION =
      new DefaultDelegationTokenExtension();

  /**
   * DelegationTokenExtension is a type of Extension that exposes methods
   * needed to work with Delegation Tokens.
   */
  public interface DelegationTokenExtension extends
    KeyProviderExtension.Extension {

    /**
     * The implementer of this class will take a renewer and add all
     * delegation tokens associated with the renewer to the
     * <code>Credentials</code> object if it is not already present,
     * @param renewer the user allowed to renew the delegation tokens
     * @param credentials cache in which to add new delegation tokens
     * @return list of new delegation tokens
     * @throws IOException thrown if IOException if an IO error occurs.
     */
    Token<?>[] addDelegationTokens(final String renewer,
        Credentials credentials) throws IOException;

    /**
     * Renews the given token.
     * @param token The token to be renewed.
     * @return The token's lifetime after renewal, or 0 if it can't be renewed.
     * @throws IOException
     */
    long renewDelegationToken(final Token<?> token) throws IOException;

    /**
     * Cancels the given token.
     * @param token The token to be cancelled.
     * @throws IOException
     */
    Void cancelDelegationToken(final Token<?> token) throws IOException;
  }

  /**
   * Default implementation of {@link DelegationTokenExtension} that
   * implements the method as a no-op.
   */
  private static class DefaultDelegationTokenExtension implements
    DelegationTokenExtension {

    @Override
    public Token<?>[] addDelegationTokens(String renewer,
        Credentials credentials) {
      return null;
    }

    @Override
    public long renewDelegationToken(final Token<?> token) throws IOException {
      return 0;
    }

    @Override
    public Void cancelDelegationToken(final Token<?> token) throws IOException {
      return null;
    }
  }

  private KeyProviderDelegationTokenExtension(KeyProvider keyProvider,
      DelegationTokenExtension extensions) {
    super(keyProvider, extensions);
  }

  /**
   * Passes the renewer and Credentials object to the underlying
   * {@link DelegationTokenExtension}
   * @param renewer the user allowed to renew the delegation tokens
   * @param credentials cache in which to add new delegation tokens
   * @return list of new delegation tokens
   * @throws IOException thrown if IOException if an IO error occurs.
   */
  public Token<?>[] addDelegationTokens(final String renewer,
      Credentials credentials) throws IOException {
    return getExtension().addDelegationTokens(renewer, credentials);
  }

  /**
   * Creates a <code>KeyProviderDelegationTokenExtension</code> using a given
   * {@link KeyProvider}.
   * <p/>
   * If the given <code>KeyProvider</code> implements the
   * {@link DelegationTokenExtension} interface the <code>KeyProvider</code>
   * itself will provide the extension functionality, otherwise a default
   * extension implementation will be used.
   *
   * @param keyProvider <code>KeyProvider</code> to use to create the
   * <code>KeyProviderDelegationTokenExtension</code> extension.
   * @return a <code>KeyProviderDelegationTokenExtension</code> instance
   * using the given <code>KeyProvider</code>.
   */
  public static KeyProviderDelegationTokenExtension
      createKeyProviderDelegationTokenExtension(KeyProvider keyProvider) {

    DelegationTokenExtension delTokExtension =
        (keyProvider instanceof DelegationTokenExtension) ?
            (DelegationTokenExtension) keyProvider :
            DEFAULT_EXTENSION;
    return new KeyProviderDelegationTokenExtension(
        keyProvider, delTokExtension);

  }

}