org.apache.hadoop.hdfs.security.token.block

Class BlockPoolTokenSecretManager

java.lang.Object

org.apache.hadoop.security.token.SecretManager<BlockTokenIdentifier>

org.apache.hadoop.hdfs.security.token.block.BlockPoolTokenSecretManager

public class BlockPoolTokenSecretManager
extends SecretManager<BlockTokenIdentifier>

Manages a BlockTokenSecretManager per block pool. Routes the requests given a block pool Id to corresponding BlockTokenSecretManager

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.hadoop.security.token.SecretManager

SecretManager.InvalidToken

Constructor Summary

Constructors

Constructor and Description
BlockPoolTokenSecretManager()

Method Summary

Methods

Modifier and Type	Method and Description
void	addBlockPool(String bpid, BlockTokenSecretManager secretMgr) Add a block pool Id and corresponding BlockTokenSecretManager to map
void	addKeys(String bpid, ExportedBlockKeys exportedKeys) See BlockTokenSecretManager.addKeys(ExportedBlockKeys)
void	checkAccess(BlockTokenIdentifier id, String userId, ExtendedBlock block, BlockTokenSecretManager.AccessMode mode) See BlockTokenSecretManager.checkAccess(BlockTokenIdentifier, String, ExtendedBlock, AccessMode)
void	checkAccess(Token<BlockTokenIdentifier> token, String userId, ExtendedBlock block, BlockTokenSecretManager.AccessMode mode) See BlockTokenSecretManager.checkAccess(Token, String, ExtendedBlock, AccessMode)
void	clearAllKeysForTesting()
BlockTokenIdentifier	createIdentifier() Return an empty BlockTokenIdentifer
byte[]	createPassword(BlockTokenIdentifier identifier) Create the password for the given identifier.
DataEncryptionKey	generateDataEncryptionKey(String blockPoolId)
Token<BlockTokenIdentifier>	generateToken(ExtendedBlock b, EnumSet<BlockTokenSecretManager.AccessMode> of) See BlockTokenSecretManager.generateToken(ExtendedBlock, EnumSet)
boolean	isBlockPoolRegistered(String bpid)
byte[]	retrieveDataEncryptionKey(int keyId, String blockPoolId, byte[] nonce)
byte[]	retrievePassword(BlockTokenIdentifier identifier) Retrieve the password for the given token identifier.

Methods inherited from class org.apache.hadoop.security.token.SecretManager

checkAvailableForRead, createPassword, createSecretKey, generateSecret

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BlockPoolTokenSecretManager

public BlockPoolTokenSecretManager()

Method Detail

addBlockPool

public void addBlockPool(String bpid,
                BlockTokenSecretManager secretMgr)

Add a block pool Id and corresponding BlockTokenSecretManager to map

Parameters:

bpid - block pool Id

secretMgr - BlockTokenSecretManager

isBlockPoolRegistered

public boolean isBlockPoolRegistered(String bpid)

createIdentifier

public BlockTokenIdentifier createIdentifier()

Return an empty BlockTokenIdentifer

Specified by:

createIdentifier in class SecretManager<BlockTokenIdentifier>

Returns:

the newly created empty token identifier

createPassword

public byte[] createPassword(BlockTokenIdentifier identifier)

Description copied from class: SecretManager

Create the password for the given identifier. identifier may be modified inside this method.

Specified by:

createPassword in class SecretManager<BlockTokenIdentifier>

Parameters:

identifier - the identifier to use

Returns:

the new password

retrievePassword

public byte[] retrievePassword(BlockTokenIdentifier identifier)
                        throws SecretManager.InvalidToken

Description copied from class: SecretManager

Retrieve the password for the given token identifier. Should check the date or registry to make sure the token hasn't expired or been revoked. Returns the relevant password.

Specified by:

retrievePassword in class SecretManager<BlockTokenIdentifier>

Parameters:

identifier - the identifier to validate

Returns:

the password to use

Throws:

SecretManager.InvalidToken - the token was invalid

checkAccess

public void checkAccess(BlockTokenIdentifier id,
               String userId,
               ExtendedBlock block,
               BlockTokenSecretManager.AccessMode mode)
                 throws SecretManager.InvalidToken

See BlockTokenSecretManager.checkAccess(BlockTokenIdentifier, String, ExtendedBlock, AccessMode)

Throws:

SecretManager.InvalidToken

checkAccess

public void checkAccess(Token<BlockTokenIdentifier> token,
               String userId,
               ExtendedBlock block,
               BlockTokenSecretManager.AccessMode mode)
                 throws SecretManager.InvalidToken

See BlockTokenSecretManager.checkAccess(Token, String, ExtendedBlock, AccessMode)

Throws:

SecretManager.InvalidToken

addKeys

public void addKeys(String bpid,
           ExportedBlockKeys exportedKeys)
             throws IOException

See BlockTokenSecretManager.addKeys(ExportedBlockKeys)

Throws:

IOException

generateToken

public Token<BlockTokenIdentifier> generateToken(ExtendedBlock b,
                                        EnumSet<BlockTokenSecretManager.AccessMode> of)
                                          throws IOException

See BlockTokenSecretManager.generateToken(ExtendedBlock, EnumSet)

Throws:

IOException

clearAllKeysForTesting

public void clearAllKeysForTesting()

generateDataEncryptionKey

public DataEncryptionKey generateDataEncryptionKey(String blockPoolId)

retrieveDataEncryptionKey

public byte[] retrieveDataEncryptionKey(int keyId,
                               String blockPoolId,
                               byte[] nonce)
                                 throws IOException

Throws:

IOException