Source code

001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hdfs.security.token.block;
019
020import java.io.IOException;
021import java.util.EnumSet;
022import java.util.HashMap;
023import java.util.Map;
024
025import org.apache.hadoop.hdfs.protocol.ExtendedBlock;
026import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager.AccessMode;
027import org.apache.hadoop.security.token.SecretManager;
028import org.apache.hadoop.security.token.Token;
029
030import com.google.common.annotations.VisibleForTesting;
031
032/**
033 * Manages a {@link BlockTokenSecretManager} per block pool. Routes the requests
034 * given a block pool Id to corresponding {@link BlockTokenSecretManager}
035 */
036public class BlockPoolTokenSecretManager extends
037    SecretManager<BlockTokenIdentifier> {
038  
039  private final Map<String, BlockTokenSecretManager> map = 
040    new HashMap<String, BlockTokenSecretManager>();
041
042  /**
043   * Add a block pool Id and corresponding {@link BlockTokenSecretManager} to map
044   * @param bpid block pool Id
045   * @param secretMgr {@link BlockTokenSecretManager}
046   */
047  public synchronized void addBlockPool(String bpid,
048      BlockTokenSecretManager secretMgr) {
049    map.put(bpid, secretMgr);
050  }
051
052  @VisibleForTesting
053  public synchronized BlockTokenSecretManager get(String bpid) {
054    BlockTokenSecretManager secretMgr = map.get(bpid);
055    if (secretMgr == null) {
056      throw new IllegalArgumentException("Block pool " + bpid
057          + " is not found");
058    }
059    return secretMgr;
060  }
061  
062  public synchronized boolean isBlockPoolRegistered(String bpid) {
063    return map.containsKey(bpid);
064  }
065
066  /** Return an empty BlockTokenIdentifer */
067  @Override
068  public BlockTokenIdentifier createIdentifier() {
069    return new BlockTokenIdentifier();
070  }
071
072  @Override
073  public byte[] createPassword(BlockTokenIdentifier identifier) {
074    return get(identifier.getBlockPoolId()).createPassword(identifier);
075  }
076
077  @Override
078  public byte[] retrievePassword(BlockTokenIdentifier identifier)
079      throws InvalidToken {
080    return get(identifier.getBlockPoolId()).retrievePassword(identifier);
081  }
082
083  /**
084   * See {@link BlockTokenSecretManager#checkAccess(BlockTokenIdentifier, 
085   *                String, ExtendedBlock, AccessMode)}
086   */
087  public void checkAccess(BlockTokenIdentifier id, String userId,
088      ExtendedBlock block, AccessMode mode) throws InvalidToken {
089    get(block.getBlockPoolId()).checkAccess(id, userId, block, mode);
090  }
091
092  /**
093   * See {@link BlockTokenSecretManager#checkAccess(Token, String, 
094   *                ExtendedBlock, AccessMode)}
095   */
096  public void checkAccess(Token<BlockTokenIdentifier> token,
097      String userId, ExtendedBlock block, AccessMode mode) throws InvalidToken {
098    get(block.getBlockPoolId()).checkAccess(token, userId, block, mode);
099  }
100
101  /**
102   * See {@link BlockTokenSecretManager#addKeys(ExportedBlockKeys)}
103   */
104  public void addKeys(String bpid, ExportedBlockKeys exportedKeys)
105      throws IOException {
106    get(bpid).addKeys(exportedKeys);
107  }
108
109  /**
110   * See {@link BlockTokenSecretManager#generateToken(ExtendedBlock, EnumSet)}
111   */
112  public Token<BlockTokenIdentifier> generateToken(ExtendedBlock b,
113      EnumSet<AccessMode> of) throws IOException {
114    return get(b.getBlockPoolId()).generateToken(b, of);
115  }
116  
117  @VisibleForTesting
118  public void clearAllKeysForTesting() {
119    for (BlockTokenSecretManager btsm : map.values()) {
120      btsm.clearAllKeysForTesting();
121    }
122  }
123
124  public DataEncryptionKey generateDataEncryptionKey(String blockPoolId) {
125    return get(blockPoolId).generateDataEncryptionKey();
126  }
127  
128  public byte[] retrieveDataEncryptionKey(int keyId, String blockPoolId,
129      byte[] nonce) throws IOException {
130    return get(blockPoolId).retrieveDataEncryptionKey(keyId, nonce);
131  }
132}