/// <exception cref="System.IO.IOException"/>
public override void StoreTokenMasterKey(DelegationKey key)
{
if (Log.IsDebugEnabled())
{
Log.Debug("Storing master key " + key.GetKeyId());
}
Path keyPath = new Path(tokenKeysStatePath, TokenMasterKeyFilePrefix + key.GetKeyId
());
if (fs.Exists(keyPath))
{
throw new IOException(keyPath + " already exists");
}
ByteArrayOutputStream memStream = new ByteArrayOutputStream();
DataOutputStream dataStream = new DataOutputStream(memStream);
try
{
key.Write(dataStream);
dataStream.Close();
dataStream = null;
}
finally
{
IOUtils.Cleanup(Log, dataStream);
}
CreateNewFile(keyPath, memStream.ToByteArray());
}
/// <summary>Add a MasterKey to the list of keys.</summary>
/// <param name="key">DelegationKey</param>
/// <exception cref="System.IO.IOException"/>
public virtual void UpdatePersistedMasterKey(DelegationKey key)
{
lock (this)
{
AddKey(key);
}
}
/// <exception cref="System.IO.IOException"/>
public override void StoreTokenMasterKey(DelegationKey masterKey)
{
if (Log.IsDebugEnabled())
{
Log.Debug("Storing master key " + masterKey.GetKeyId());
}
ByteArrayOutputStream memStream = new ByteArrayOutputStream();
DataOutputStream dataStream = new DataOutputStream(memStream);
try
{
masterKey.Write(dataStream);
dataStream.Close();
dataStream = null;
}
finally
{
IOUtils.Cleanup(Log, dataStream);
}
string dbKey = GetTokenMasterKeyDatabaseKey(masterKey);
try
{
db.Put(JniDBFactory.Bytes(dbKey), memStream.ToByteArray());
}
catch (DBException e)
{
throw new IOException(e);
}
}
/// <exception cref="System.IO.IOException"/>
protected internal override void StoreRMDTMasterKeyState(DelegationKey masterKey)
{
string dbKey = GetRMDTMasterKeyNodeKey(masterKey);
if (Log.IsDebugEnabled())
{
Log.Debug("Storing token master key to " + dbKey);
}
ByteArrayOutputStream os = new ByteArrayOutputStream();
DataOutputStream @out = new DataOutputStream(os);
try
{
masterKey.Write(@out);
}
finally
{
@out.Close();
}
try
{
db.Put(JniDBFactory.Bytes(dbKey), os.ToByteArray());
}
catch (DBException e)
{
throw new IOException(e);
}
}
/// <summary>This method is intended to be used only while reading edit logs.</summary>
/// <param name="identifier">
/// DelegationTokenIdentifier read from the edit logs or
/// fsimage
/// </param>
/// <param name="expiryTime">token expiry time</param>
/// <exception cref="System.IO.IOException"/>
public override void AddPersistedDelegationToken(DelegationTokenIdentifier identifier
, long expiryTime)
{
lock (this)
{
if (running)
{
// a safety check
throw new IOException("Can't add persisted delegation token to a running SecretManager."
);
}
int keyId = identifier.GetMasterKeyId();
DelegationKey dKey = allKeys[keyId];
if (dKey == null)
{
Log.Warn("No KEY found for persisted identifier " + identifier.ToString());
return;
}
byte[] password = CreatePassword(identifier.GetBytes(), dKey.GetKey());
if (identifier.GetSequenceNumber() > this.delegationTokenSequenceNumber)
{
this.delegationTokenSequenceNumber = identifier.GetSequenceNumber();
}
if (currentTokens[identifier] == null)
{
currentTokens[identifier] = new AbstractDelegationTokenSecretManager.DelegationTokenInformation
(expiryTime, password, GetTrackingIdIfEnabled(identifier));
}
else
{
throw new IOException("Same delegation token being added twice; invalid entry in fsimage or editlogs"
);
}
}
}
/// <exception cref="System.IO.IOException"/>
public override void StoreTokenMasterKey(DelegationKey key)
{
if (state.tokenMasterKeyState.Contains(key))
{
throw new IOException("token master key " + key + " was stored twice");
}
state.tokenMasterKeyState.AddItem(key);
}
/// <exception cref="System.Exception"/>
private void LoadRMDTSecretManagerState(RMStateStore.RMState rmState)
{
CheckAndResumeUpdateOperation(rmDTSecretManagerRoot);
FileStatus[] childNodes = ListStatusWithRetries(rmDTSecretManagerRoot);
foreach (FileStatus childNodeStatus in childNodes)
{
System.Diagnostics.Debug.Assert(childNodeStatus.IsFile());
string childNodeName = childNodeStatus.GetPath().GetName();
if (CheckAndRemovePartialRecordWithRetries(childNodeStatus.GetPath()))
{
continue;
}
if (childNodeName.StartsWith(DelegationTokenSequenceNumberPrefix))
{
rmState.rmSecretManagerState.dtSequenceNumber = System.Convert.ToInt32(childNodeName
.Split("_")[1]);
continue;
}
Path childNodePath = GetNodePath(rmDTSecretManagerRoot, childNodeName);
byte[] childData = ReadFileWithRetries(childNodePath, childNodeStatus.GetLen());
ByteArrayInputStream @is = new ByteArrayInputStream(childData);
using (DataInputStream fsIn = new DataInputStream(@is))
{
if (childNodeName.StartsWith(DelegationKeyPrefix))
{
DelegationKey key = new DelegationKey();
key.ReadFields(fsIn);
rmState.rmSecretManagerState.masterKeyState.AddItem(key);
if (Log.IsDebugEnabled())
{
Log.Debug("Loaded delegation key: keyId=" + key.GetKeyId() + ", expirationDate="
+ key.GetExpiryDate());
}
}
else
{
if (childNodeName.StartsWith(DelegationTokenPrefix))
{
RMDelegationTokenIdentifierData identifierData = new RMDelegationTokenIdentifierData
();
identifierData.ReadFields(fsIn);
RMDelegationTokenIdentifier identifier = identifierData.GetTokenIdentifier();
long renewDate = identifierData.GetRenewDate();
rmState.rmSecretManagerState.delegationTokenState[identifier] = renewDate;
if (Log.IsDebugEnabled())
{
Log.Debug("Loaded RMDelegationTokenIdentifier: " + identifier + " renewDate=" + renewDate
);
}
}
else
{
Log.Warn("Unknown file for recovering RMDelegationTokenSecretManager");
}
}
}
}
}
/// <exception cref="System.IO.IOException"/>
public override void RemoveTokenMasterKey(DelegationKey key)
{
if (Log.IsDebugEnabled())
{
Log.Debug("Removing master key " + key.GetKeyId());
}
Path keyPath = new Path(tokenKeysStatePath, TokenMasterKeyFilePrefix + key.GetKeyId
());
DeleteFile(keyPath);
}
/// <exception cref="System.Exception"/>
protected internal override void RemoveRMDTMasterKeyState(DelegationKey masterKey
)
{
lock (this)
{
Path nodeCreatePath = GetNodePath(rmDTSecretManagerRoot, DelegationKeyPrefix + masterKey
.GetKeyId());
Log.Info("Removing RMDelegationKey_" + masterKey.GetKeyId());
DeleteFileWithRetries(nodeCreatePath);
}
}
/// <exception cref="System.Exception"/>
protected internal override void RemoveRMDTMasterKeyState(DelegationKey delegationKey
)
{
lock (this)
{
Log.Info("Remove RMDT master key with key id: " + delegationKey.GetKeyId());
ICollection <DelegationKey> rmDTMasterKeyState = state.rmSecretManagerState.GetMasterKeyState
();
rmDTMasterKeyState.Remove(delegationKey);
}
}
/// <exception cref="System.IO.IOException"/>
public override void RemoveTokenMasterKey(DelegationKey key)
{
try
{
byte[] k = CreateTokenMasterKeyEntryKey(key.GetKeyId());
db.Delete(k);
}
catch (DBException e)
{
throw new IOException(e);
}
}
protected override void RemoveStoredMasterKey(DelegationKey key)
{
try
{
Log.Info("removing master key with keyID " + key.GetKeyId());
rmContext.GetStateStore().RemoveRMDTMasterKey(key);
}
catch (Exception e)
{
Log.Error("Error in removing master key with KeyID: " + key.GetKeyId());
ExitUtil.Terminate(1, e);
}
}
protected override void StoreNewMasterKey(DelegationKey newKey)
{
try
{
Log.Info("storing master key with keyID " + newKey.GetKeyId());
rmContext.GetStateStore().StoreRMDTMasterKey(newKey);
}
catch (Exception e)
{
Log.Error("Error in storing master key with KeyID: " + newKey.GetKeyId());
ExitUtil.Terminate(1, e);
}
}
/// <exception cref="System.IO.IOException"/>
private void LoadTokenMasterKey(HistoryServerStateStoreService.HistoryServerState
state, byte[] data)
{
DelegationKey key = new DelegationKey();
DataInputStream @in = new DataInputStream(new ByteArrayInputStream(data));
try
{
key.ReadFields(@in);
}
finally
{
IOUtils.Cleanup(Log, @in);
}
state.tokenMasterKeyState.AddItem(key);
}
/// <exception cref="System.Exception"/>
protected internal override void StoreRMDTMasterKeyState(DelegationKey masterKey)
{
lock (this)
{
Path nodeCreatePath = GetNodePath(rmDTSecretManagerRoot, DelegationKeyPrefix + masterKey
.GetKeyId());
ByteArrayOutputStream os = new ByteArrayOutputStream();
using (DataOutputStream fsOut = new DataOutputStream(os))
{
Log.Info("Storing RMDelegationKey_" + masterKey.GetKeyId());
masterKey.Write(fsOut);
WriteFileWithRetries(nodeCreatePath, os.ToByteArray(), true);
}
}
}
/// <exception cref="System.IO.IOException"/>
private DelegationKey LoadDelegationKey(byte[] data)
{
DelegationKey key = new DelegationKey();
DataInputStream @in = new DataInputStream(new ByteArrayInputStream(data));
try
{
key.ReadFields(@in);
}
finally
{
IOUtils.Cleanup(Log, @in);
}
return(key);
}
protected override void RemoveStoredMasterKey(DelegationKey key)
{
if (Log.IsDebugEnabled())
{
Log.Debug("Removing master key " + key.GetKeyId());
}
try
{
store.RemoveTokenMasterKey(key);
}
catch (IOException e)
{
Log.Error("Unable to remove master key " + key.GetKeyId(), e);
}
}
/// <summary>Process the Delegation Token related section in fsimage.</summary>
/// <param name="in">DataInputStream to process</param>
/// <param name="v">Visitor to walk over records</param>
/// <exception cref="System.IO.IOException"/>
private void ProcessDelegationTokens(DataInputStream @in, ImageVisitor v)
{
v.Visit(ImageVisitor.ImageElement.CurrentDelegationKeyId, @in.ReadInt());
int numDKeys = @in.ReadInt();
v.VisitEnclosingElement(ImageVisitor.ImageElement.DelegationKeys, ImageVisitor.ImageElement
.NumDelegationKeys, numDKeys);
for (int i = 0; i < numDKeys; i++)
{
DelegationKey key = new DelegationKey();
key.ReadFields(@in);
v.Visit(ImageVisitor.ImageElement.DelegationKey, key.ToString());
}
v.LeaveEnclosingElement();
v.Visit(ImageVisitor.ImageElement.DelegationTokenSequenceNumber, @in.ReadInt());
int numDTokens = @in.ReadInt();
v.VisitEnclosingElement(ImageVisitor.ImageElement.DelegationTokens, ImageVisitor.ImageElement
.NumDelegationTokens, numDTokens);
for (int i_1 = 0; i_1 < numDTokens; i_1++)
{
DelegationTokenIdentifier id = new DelegationTokenIdentifier();
id.ReadFields(@in);
long expiryTime = @in.ReadLong();
v.VisitEnclosingElement(ImageVisitor.ImageElement.DelegationTokenIdentifier);
v.Visit(ImageVisitor.ImageElement.DelegationTokenIdentifierKind, id.GetKind().ToString
());
v.Visit(ImageVisitor.ImageElement.DelegationTokenIdentifierSeqno, id.GetSequenceNumber
());
v.Visit(ImageVisitor.ImageElement.DelegationTokenIdentifierOwner, id.GetOwner().ToString
());
v.Visit(ImageVisitor.ImageElement.DelegationTokenIdentifierRenewer, id.GetRenewer
().ToString());
v.Visit(ImageVisitor.ImageElement.DelegationTokenIdentifierRealuser, id.GetRealUser
().ToString());
v.Visit(ImageVisitor.ImageElement.DelegationTokenIdentifierIssueDate, id.GetIssueDate
());
v.Visit(ImageVisitor.ImageElement.DelegationTokenIdentifierMaxDate, id.GetMaxDate
());
v.Visit(ImageVisitor.ImageElement.DelegationTokenIdentifierExpiryTime, expiryTime
);
v.Visit(ImageVisitor.ImageElement.DelegationTokenIdentifierMasterKeyId, id.GetMasterKeyId
());
v.LeaveEnclosingElement();
}
// DELEGATION_TOKEN_IDENTIFIER
v.LeaveEnclosingElement();
}
/// <exception cref="System.IO.IOException"/>
private static byte[] BuildTokenMasterKeyData(DelegationKey key)
{
ByteArrayOutputStream memStream = new ByteArrayOutputStream();
DataOutputStream dataStream = new DataOutputStream(memStream);
try
{
key.Write(dataStream);
dataStream.Close();
}
finally
{
IOUtils.Cleanup(Log, dataStream);
}
return(memStream.ToByteArray());
}
/// <exception cref="System.IO.IOException"/>
public override void RemoveTokenMasterKey(DelegationKey masterKey)
{
if (Log.IsDebugEnabled())
{
Log.Debug("Removing master key " + masterKey.GetKeyId());
}
string dbKey = GetTokenMasterKeyDatabaseKey(masterKey);
try
{
db.Delete(JniDBFactory.Bytes(dbKey));
}
catch (DBException e)
{
throw new IOException(e);
}
}
/// <exception cref="System.IO.IOException"/>
public override void StoreTokenMasterKey(DelegationKey key)
{
try
{
byte[] k = CreateTokenMasterKeyEntryKey(key.GetKeyId());
if (db.Get(k) != null)
{
throw new IOException(key + " already exists");
}
byte[] v = BuildTokenMasterKeyData(key);
db.Put(k, v);
}
catch (DBException e)
{
throw new IOException(e);
}
}
public virtual DelegationKey CheckCurrentKeyInStateStore(ICollection <DelegationKey
> rmDTMasterKeyState)
{
lock (this)
{
foreach (int keyId in this._enclosing._enclosing.allKeys.Keys)
{
if (keyId == this._enclosing._enclosing.currentId)
{
DelegationKey currentKey = this._enclosing._enclosing.allKeys[keyId];
NUnit.Framework.Assert.IsTrue(rmDTMasterKeyState.Contains(currentKey));
return(currentKey);
}
}
return(null);
}
}
/// <summary>Call namesystem to update editlogs for new master key.</summary>
/// <exception cref="System.IO.IOException"/>
protected override void LogUpdateMasterKey(DelegationKey key)
{
//AbstractDelegationTokenManager
lock (noInterruptsLock)
{
// The edit logging code will fail catastrophically if it
// is interrupted during a logSync, since the interrupt
// closes the edit log files. Doing this inside the
// above lock and then checking interruption status
// prevents this bug.
if (Sharpen.Thread.Interrupted())
{
throw new ThreadInterruptedException("Interrupted before updating master key");
}
namesystem.LogUpdateMasterKey(key);
}
}
/// <exception cref="System.IO.IOException"/>
protected internal override void RemoveRMDTMasterKeyState(DelegationKey masterKey
)
{
string dbKey = GetRMDTMasterKeyNodeKey(masterKey);
if (Log.IsDebugEnabled())
{
Log.Debug("Removing token master key at " + dbKey);
}
try
{
db.Delete(JniDBFactory.Bytes(dbKey));
}
catch (DBException e)
{
throw new IOException(e);
}
}
/// <exception cref="System.IO.IOException"/>
protected override void StoreNewMasterKey(DelegationKey key)
{
if (Log.IsDebugEnabled())
{
Log.Debug("Storing master key " + key.GetKeyId());
}
try
{
if (stateStore != null)
{
stateStore.StoreTokenMasterKey(key);
}
}
catch (IOException e)
{
Log.Error("Unable to store master key " + key.GetKeyId(), e);
}
}
/// <exception cref="System.Exception"/>
protected internal override void StoreRMDTMasterKeyState(DelegationKey delegationKey
)
{
lock (this)
{
ICollection <DelegationKey> rmDTMasterKeyState = state.rmSecretManagerState.GetMasterKeyState
();
if (rmDTMasterKeyState.Contains(delegationKey))
{
IOException e = new IOException("RMDTMasterKey with keyID: " + delegationKey.GetKeyId
() + " is already stored");
Log.Info("Error storing info for RMDTMasterKey with keyID: " + delegationKey.GetKeyId
(), e);
throw e;
}
state.GetRMDTSecretManagerState().GetMasterKeyState().AddItem(delegationKey);
Log.Info("Store RMDT master key with key id: " + delegationKey.GetKeyId() + ". Currently rmDTMasterKeyState size: "
+ rmDTMasterKeyState.Count);
}
}
/// <summary>Private helper method to load delegation keys from fsimage.</summary>
/// <exception cref="System.IO.IOException">on error</exception>
private void LoadAllKeys(DataInput @in)
{
lock (this)
{
StartupProgress prog = NameNode.GetStartupProgress();
Step step = new Step(StepType.DelegationKeys);
prog.BeginStep(Phase.LoadingFsimage, step);
int numberOfKeys = @in.ReadInt();
prog.SetTotal(Phase.LoadingFsimage, step, numberOfKeys);
StartupProgress.Counter counter = prog.GetCounter(Phase.LoadingFsimage, step);
for (int i = 0; i < numberOfKeys; i++)
{
DelegationKey value = new DelegationKey();
value.ReadFields(@in);
this._enclosing.AddKey(value);
counter.Increment();
}
prog.EndStep(Phase.LoadingFsimage, step);
}
}
/// <exception cref="System.IO.IOException"/>
private int LoadRMDTSecretManagerKeys(RMStateStore.RMState state)
{
int numKeys = 0;
LeveldbIterator iter = null;
try
{
iter = new LeveldbIterator(db);
iter.Seek(JniDBFactory.Bytes(RmDtMasterKeyKeyPrefix));
while (iter.HasNext())
{
KeyValuePair <byte[], byte[]> entry = iter.Next();
string key = JniDBFactory.AsString(entry.Key);
if (!key.StartsWith(RmDtMasterKeyKeyPrefix))
{
break;
}
DelegationKey masterKey = LoadDelegationKey(entry.Value);
state.rmSecretManagerState.masterKeyState.AddItem(masterKey);
++numKeys;
if (Log.IsDebugEnabled())
{
Log.Debug("Loaded RM delegation key from " + key + ": keyId=" + masterKey.GetKeyId
() + ", expirationDate=" + masterKey.GetExpiryDate());
}
}
}
catch (DBException e)
{
throw new IOException(e);
}
finally
{
if (iter != null)
{
iter.Close();
}
}
return(numKeys);
}
public virtual void TestTokenStore()
{
HistoryServerStateStoreService store = CreateAndStartStore();
// verify initially the store is empty
HistoryServerStateStoreService.HistoryServerState state = store.LoadState();
NUnit.Framework.Assert.IsTrue("token state not empty", state.tokenState.IsEmpty()
);
NUnit.Framework.Assert.IsTrue("key state not empty", state.tokenMasterKeyState.IsEmpty
());
// store a key and some tokens
DelegationKey key1 = new DelegationKey(1, 2, Sharpen.Runtime.GetBytesForString("keyData1"
));
MRDelegationTokenIdentifier token1 = new MRDelegationTokenIdentifier(new Text("tokenOwner1"
), new Text("tokenRenewer1"), new Text("tokenUser1"));
token1.SetSequenceNumber(1);
long tokenDate1 = 1L;
MRDelegationTokenIdentifier token2 = new MRDelegationTokenIdentifier(new Text("tokenOwner2"
), new Text("tokenRenewer2"), new Text("tokenUser2"));
token2.SetSequenceNumber(12345678);
long tokenDate2 = 87654321L;
store.StoreTokenMasterKey(key1);
store.StoreToken(token1, tokenDate1);
store.StoreToken(token2, tokenDate2);
store.Close();
// verify the key and tokens can be recovered
store = CreateAndStartStore();
state = store.LoadState();
NUnit.Framework.Assert.AreEqual("incorrect loaded token count", 2, state.tokenState
.Count);
NUnit.Framework.Assert.IsTrue("missing token 1", state.tokenState.Contains(token1
));
NUnit.Framework.Assert.AreEqual("incorrect token 1 date", tokenDate1, state.tokenState
[token1]);
NUnit.Framework.Assert.IsTrue("missing token 2", state.tokenState.Contains(token2
));
NUnit.Framework.Assert.AreEqual("incorrect token 2 date", tokenDate2, state.tokenState
[token2]);
NUnit.Framework.Assert.AreEqual("incorrect master key count", 1, state.tokenMasterKeyState
.Count);
NUnit.Framework.Assert.IsTrue("missing master key 1", state.tokenMasterKeyState.Contains
(key1));
// store some more keys and tokens, remove the previous key and one
// of the tokens, and renew a previous token
DelegationKey key2 = new DelegationKey(3, 4, Sharpen.Runtime.GetBytesForString("keyData2"
));
DelegationKey key3 = new DelegationKey(5, 6, Sharpen.Runtime.GetBytesForString("keyData3"
));
MRDelegationTokenIdentifier token3 = new MRDelegationTokenIdentifier(new Text("tokenOwner3"
), new Text("tokenRenewer3"), new Text("tokenUser3"));
token3.SetSequenceNumber(12345679);
long tokenDate3 = 87654321L;
store.RemoveToken(token1);
store.StoreTokenMasterKey(key2);
long newTokenDate2 = 975318642L;
store.UpdateToken(token2, newTokenDate2);
store.RemoveTokenMasterKey(key1);
store.StoreTokenMasterKey(key3);
store.StoreToken(token3, tokenDate3);
store.Close();
// verify the new keys and tokens are recovered, the removed key and
// token are no longer present, and the renewed token has the updated
// expiration date
store = CreateAndStartStore();
state = store.LoadState();
NUnit.Framework.Assert.AreEqual("incorrect loaded token count", 2, state.tokenState
.Count);
NUnit.Framework.Assert.IsFalse("token 1 not removed", state.tokenState.Contains(token1
));
NUnit.Framework.Assert.IsTrue("missing token 2", state.tokenState.Contains(token2
));
NUnit.Framework.Assert.AreEqual("incorrect token 2 date", newTokenDate2, state.tokenState
[token2]);
NUnit.Framework.Assert.IsTrue("missing token 3", state.tokenState.Contains(token3
));
NUnit.Framework.Assert.AreEqual("incorrect token 3 date", tokenDate3, state.tokenState
[token3]);
NUnit.Framework.Assert.AreEqual("incorrect master key count", 2, state.tokenMasterKeyState
.Count);
NUnit.Framework.Assert.IsFalse("master key 1 not removed", state.tokenMasterKeyState
.Contains(key1));
NUnit.Framework.Assert.IsTrue("missing master key 2", state.tokenMasterKeyState.Contains
(key2));
NUnit.Framework.Assert.IsTrue("missing master key 3", state.tokenMasterKeyState.Contains
(key3));
store.Close();
}
/// <summary>Blocking method to remove a delegation token master key.</summary> /// <remarks> /// Blocking method to remove a delegation token master key. /// Implementations must not return from this method until the key has been /// removed from the state store. /// </remarks> /// <param name="key">the master key to remove</param> /// <exception cref="System.IO.IOException"/> public abstract void RemoveTokenMasterKey(DelegationKey key);
