001/** 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.hdfs.security.token.block; 019 020import java.io.IOException; 021import java.util.EnumSet; 022import java.util.HashMap; 023import java.util.Map; 024 025import org.apache.hadoop.hdfs.protocol.ExtendedBlock; 026import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager.AccessMode; 027import org.apache.hadoop.security.token.SecretManager; 028import org.apache.hadoop.security.token.Token; 029 030import com.google.common.annotations.VisibleForTesting; 031 032/** 033 * Manages a {@link BlockTokenSecretManager} per block pool. Routes the requests 034 * given a block pool Id to corresponding {@link BlockTokenSecretManager} 035 */ 036public class BlockPoolTokenSecretManager extends 037 SecretManager<BlockTokenIdentifier> { 038 039 private final Map<String, BlockTokenSecretManager> map = 040 new HashMap<String, BlockTokenSecretManager>(); 041 042 /** 043 * Add a block pool Id and corresponding {@link BlockTokenSecretManager} to map 044 * @param bpid block pool Id 045 * @param secretMgr {@link BlockTokenSecretManager} 046 */ 047 public synchronized void addBlockPool(String bpid, 048 BlockTokenSecretManager secretMgr) { 049 map.put(bpid, secretMgr); 050 } 051 052 synchronized BlockTokenSecretManager get(String bpid) { 053 BlockTokenSecretManager secretMgr = map.get(bpid); 054 if (secretMgr == null) { 055 throw new IllegalArgumentException("Block pool " + bpid 056 + " is not found"); 057 } 058 return secretMgr; 059 } 060 061 public synchronized boolean isBlockPoolRegistered(String bpid) { 062 return map.containsKey(bpid); 063 } 064 065 /** Return an empty BlockTokenIdentifer */ 066 @Override 067 public BlockTokenIdentifier createIdentifier() { 068 return new BlockTokenIdentifier(); 069 } 070 071 @Override 072 public byte[] createPassword(BlockTokenIdentifier identifier) { 073 return get(identifier.getBlockPoolId()).createPassword(identifier); 074 } 075 076 @Override 077 public byte[] retrievePassword(BlockTokenIdentifier identifier) 078 throws InvalidToken { 079 return get(identifier.getBlockPoolId()).retrievePassword(identifier); 080 } 081 082 /** 083 * See {@link BlockTokenSecretManager#checkAccess(BlockTokenIdentifier, 084 * String, ExtendedBlock, AccessMode)} 085 */ 086 public void checkAccess(BlockTokenIdentifier id, String userId, 087 ExtendedBlock block, AccessMode mode) throws InvalidToken { 088 get(block.getBlockPoolId()).checkAccess(id, userId, block, mode); 089 } 090 091 /** 092 * See {@link BlockTokenSecretManager#checkAccess(Token, String, 093 * ExtendedBlock, AccessMode)} 094 */ 095 public void checkAccess(Token<BlockTokenIdentifier> token, 096 String userId, ExtendedBlock block, AccessMode mode) throws InvalidToken { 097 get(block.getBlockPoolId()).checkAccess(token, userId, block, mode); 098 } 099 100 /** 101 * See {@link BlockTokenSecretManager#addKeys(ExportedBlockKeys)} 102 */ 103 public void addKeys(String bpid, ExportedBlockKeys exportedKeys) 104 throws IOException { 105 get(bpid).addKeys(exportedKeys); 106 } 107 108 /** 109 * See {@link BlockTokenSecretManager#generateToken(ExtendedBlock, EnumSet)} 110 */ 111 public Token<BlockTokenIdentifier> generateToken(ExtendedBlock b, 112 EnumSet<AccessMode> of) throws IOException { 113 return get(b.getBlockPoolId()).generateToken(b, of); 114 } 115 116 @VisibleForTesting 117 public void clearAllKeysForTesting() { 118 for (BlockTokenSecretManager btsm : map.values()) { 119 btsm.clearAllKeysForTesting(); 120 } 121 } 122 123 public DataEncryptionKey generateDataEncryptionKey(String blockPoolId) { 124 return get(blockPoolId).generateDataEncryptionKey(); 125 } 126 127 public byte[] retrieveDataEncryptionKey(int keyId, String blockPoolId, 128 byte[] nonce) throws IOException { 129 return get(blockPoolId).retrieveDataEncryptionKey(keyId, nonce); 130 } 131}