/// <exception cref="System.IO.IOException"/> public override void StoreTokenMasterKey(DelegationKey key) { if (Log.IsDebugEnabled()) { Log.Debug("Storing master key " + key.GetKeyId()); } Path keyPath = new Path(tokenKeysStatePath, TokenMasterKeyFilePrefix + key.GetKeyId ()); if (fs.Exists(keyPath)) { throw new IOException(keyPath + " already exists"); } ByteArrayOutputStream memStream = new ByteArrayOutputStream(); DataOutputStream dataStream = new DataOutputStream(memStream); try { key.Write(dataStream); dataStream.Close(); dataStream = null; } finally { IOUtils.Cleanup(Log, dataStream); } CreateNewFile(keyPath, memStream.ToByteArray()); }
/// <summary>Add a MasterKey to the list of keys.</summary> /// <param name="key">DelegationKey</param> /// <exception cref="System.IO.IOException"/> public virtual void UpdatePersistedMasterKey(DelegationKey key) { lock (this) { AddKey(key); } }
/// <exception cref="System.IO.IOException"/> public override void StoreTokenMasterKey(DelegationKey masterKey) { if (Log.IsDebugEnabled()) { Log.Debug("Storing master key " + masterKey.GetKeyId()); } ByteArrayOutputStream memStream = new ByteArrayOutputStream(); DataOutputStream dataStream = new DataOutputStream(memStream); try { masterKey.Write(dataStream); dataStream.Close(); dataStream = null; } finally { IOUtils.Cleanup(Log, dataStream); } string dbKey = GetTokenMasterKeyDatabaseKey(masterKey); try { db.Put(JniDBFactory.Bytes(dbKey), memStream.ToByteArray()); } catch (DBException e) { throw new IOException(e); } }
/// <exception cref="System.IO.IOException"/> protected internal override void StoreRMDTMasterKeyState(DelegationKey masterKey) { string dbKey = GetRMDTMasterKeyNodeKey(masterKey); if (Log.IsDebugEnabled()) { Log.Debug("Storing token master key to " + dbKey); } ByteArrayOutputStream os = new ByteArrayOutputStream(); DataOutputStream @out = new DataOutputStream(os); try { masterKey.Write(@out); } finally { @out.Close(); } try { db.Put(JniDBFactory.Bytes(dbKey), os.ToByteArray()); } catch (DBException e) { throw new IOException(e); } }
/// <summary>This method is intended to be used only while reading edit logs.</summary> /// <param name="identifier"> /// DelegationTokenIdentifier read from the edit logs or /// fsimage /// </param> /// <param name="expiryTime">token expiry time</param> /// <exception cref="System.IO.IOException"/> public override void AddPersistedDelegationToken(DelegationTokenIdentifier identifier , long expiryTime) { lock (this) { if (running) { // a safety check throw new IOException("Can't add persisted delegation token to a running SecretManager." ); } int keyId = identifier.GetMasterKeyId(); DelegationKey dKey = allKeys[keyId]; if (dKey == null) { Log.Warn("No KEY found for persisted identifier " + identifier.ToString()); return; } byte[] password = CreatePassword(identifier.GetBytes(), dKey.GetKey()); if (identifier.GetSequenceNumber() > this.delegationTokenSequenceNumber) { this.delegationTokenSequenceNumber = identifier.GetSequenceNumber(); } if (currentTokens[identifier] == null) { currentTokens[identifier] = new AbstractDelegationTokenSecretManager.DelegationTokenInformation (expiryTime, password, GetTrackingIdIfEnabled(identifier)); } else { throw new IOException("Same delegation token being added twice; invalid entry in fsimage or editlogs" ); } } }
/// <exception cref="System.IO.IOException"/> public override void StoreTokenMasterKey(DelegationKey key) { if (state.tokenMasterKeyState.Contains(key)) { throw new IOException("token master key " + key + " was stored twice"); } state.tokenMasterKeyState.AddItem(key); }
/// <exception cref="System.Exception"/> private void LoadRMDTSecretManagerState(RMStateStore.RMState rmState) { CheckAndResumeUpdateOperation(rmDTSecretManagerRoot); FileStatus[] childNodes = ListStatusWithRetries(rmDTSecretManagerRoot); foreach (FileStatus childNodeStatus in childNodes) { System.Diagnostics.Debug.Assert(childNodeStatus.IsFile()); string childNodeName = childNodeStatus.GetPath().GetName(); if (CheckAndRemovePartialRecordWithRetries(childNodeStatus.GetPath())) { continue; } if (childNodeName.StartsWith(DelegationTokenSequenceNumberPrefix)) { rmState.rmSecretManagerState.dtSequenceNumber = System.Convert.ToInt32(childNodeName .Split("_")[1]); continue; } Path childNodePath = GetNodePath(rmDTSecretManagerRoot, childNodeName); byte[] childData = ReadFileWithRetries(childNodePath, childNodeStatus.GetLen()); ByteArrayInputStream @is = new ByteArrayInputStream(childData); using (DataInputStream fsIn = new DataInputStream(@is)) { if (childNodeName.StartsWith(DelegationKeyPrefix)) { DelegationKey key = new DelegationKey(); key.ReadFields(fsIn); rmState.rmSecretManagerState.masterKeyState.AddItem(key); if (Log.IsDebugEnabled()) { Log.Debug("Loaded delegation key: keyId=" + key.GetKeyId() + ", expirationDate=" + key.GetExpiryDate()); } } else { if (childNodeName.StartsWith(DelegationTokenPrefix)) { RMDelegationTokenIdentifierData identifierData = new RMDelegationTokenIdentifierData (); identifierData.ReadFields(fsIn); RMDelegationTokenIdentifier identifier = identifierData.GetTokenIdentifier(); long renewDate = identifierData.GetRenewDate(); rmState.rmSecretManagerState.delegationTokenState[identifier] = renewDate; if (Log.IsDebugEnabled()) { Log.Debug("Loaded RMDelegationTokenIdentifier: " + identifier + " renewDate=" + renewDate ); } } else { Log.Warn("Unknown file for recovering RMDelegationTokenSecretManager"); } } } } }
/// <exception cref="System.IO.IOException"/> public override void RemoveTokenMasterKey(DelegationKey key) { if (Log.IsDebugEnabled()) { Log.Debug("Removing master key " + key.GetKeyId()); } Path keyPath = new Path(tokenKeysStatePath, TokenMasterKeyFilePrefix + key.GetKeyId ()); DeleteFile(keyPath); }
/// <exception cref="System.Exception"/> protected internal override void RemoveRMDTMasterKeyState(DelegationKey masterKey ) { lock (this) { Path nodeCreatePath = GetNodePath(rmDTSecretManagerRoot, DelegationKeyPrefix + masterKey .GetKeyId()); Log.Info("Removing RMDelegationKey_" + masterKey.GetKeyId()); DeleteFileWithRetries(nodeCreatePath); } }
/// <exception cref="System.Exception"/> protected internal override void RemoveRMDTMasterKeyState(DelegationKey delegationKey ) { lock (this) { Log.Info("Remove RMDT master key with key id: " + delegationKey.GetKeyId()); ICollection <DelegationKey> rmDTMasterKeyState = state.rmSecretManagerState.GetMasterKeyState (); rmDTMasterKeyState.Remove(delegationKey); } }
/// <exception cref="System.IO.IOException"/> public override void RemoveTokenMasterKey(DelegationKey key) { try { byte[] k = CreateTokenMasterKeyEntryKey(key.GetKeyId()); db.Delete(k); } catch (DBException e) { throw new IOException(e); } }
protected override void RemoveStoredMasterKey(DelegationKey key) { try { Log.Info("removing master key with keyID " + key.GetKeyId()); rmContext.GetStateStore().RemoveRMDTMasterKey(key); } catch (Exception e) { Log.Error("Error in removing master key with KeyID: " + key.GetKeyId()); ExitUtil.Terminate(1, e); } }
protected override void StoreNewMasterKey(DelegationKey newKey) { try { Log.Info("storing master key with keyID " + newKey.GetKeyId()); rmContext.GetStateStore().StoreRMDTMasterKey(newKey); } catch (Exception e) { Log.Error("Error in storing master key with KeyID: " + newKey.GetKeyId()); ExitUtil.Terminate(1, e); } }
/// <exception cref="System.IO.IOException"/> private void LoadTokenMasterKey(HistoryServerStateStoreService.HistoryServerState state, byte[] data) { DelegationKey key = new DelegationKey(); DataInputStream @in = new DataInputStream(new ByteArrayInputStream(data)); try { key.ReadFields(@in); } finally { IOUtils.Cleanup(Log, @in); } state.tokenMasterKeyState.AddItem(key); }
/// <exception cref="System.Exception"/> protected internal override void StoreRMDTMasterKeyState(DelegationKey masterKey) { lock (this) { Path nodeCreatePath = GetNodePath(rmDTSecretManagerRoot, DelegationKeyPrefix + masterKey .GetKeyId()); ByteArrayOutputStream os = new ByteArrayOutputStream(); using (DataOutputStream fsOut = new DataOutputStream(os)) { Log.Info("Storing RMDelegationKey_" + masterKey.GetKeyId()); masterKey.Write(fsOut); WriteFileWithRetries(nodeCreatePath, os.ToByteArray(), true); } } }
/// <exception cref="System.IO.IOException"/> private DelegationKey LoadDelegationKey(byte[] data) { DelegationKey key = new DelegationKey(); DataInputStream @in = new DataInputStream(new ByteArrayInputStream(data)); try { key.ReadFields(@in); } finally { IOUtils.Cleanup(Log, @in); } return(key); }
protected override void RemoveStoredMasterKey(DelegationKey key) { if (Log.IsDebugEnabled()) { Log.Debug("Removing master key " + key.GetKeyId()); } try { store.RemoveTokenMasterKey(key); } catch (IOException e) { Log.Error("Unable to remove master key " + key.GetKeyId(), e); } }
/// <summary>Process the Delegation Token related section in fsimage.</summary> /// <param name="in">DataInputStream to process</param> /// <param name="v">Visitor to walk over records</param> /// <exception cref="System.IO.IOException"/> private void ProcessDelegationTokens(DataInputStream @in, ImageVisitor v) { v.Visit(ImageVisitor.ImageElement.CurrentDelegationKeyId, @in.ReadInt()); int numDKeys = @in.ReadInt(); v.VisitEnclosingElement(ImageVisitor.ImageElement.DelegationKeys, ImageVisitor.ImageElement .NumDelegationKeys, numDKeys); for (int i = 0; i < numDKeys; i++) { DelegationKey key = new DelegationKey(); key.ReadFields(@in); v.Visit(ImageVisitor.ImageElement.DelegationKey, key.ToString()); } v.LeaveEnclosingElement(); v.Visit(ImageVisitor.ImageElement.DelegationTokenSequenceNumber, @in.ReadInt()); int numDTokens = @in.ReadInt(); v.VisitEnclosingElement(ImageVisitor.ImageElement.DelegationTokens, ImageVisitor.ImageElement .NumDelegationTokens, numDTokens); for (int i_1 = 0; i_1 < numDTokens; i_1++) { DelegationTokenIdentifier id = new DelegationTokenIdentifier(); id.ReadFields(@in); long expiryTime = @in.ReadLong(); v.VisitEnclosingElement(ImageVisitor.ImageElement.DelegationTokenIdentifier); v.Visit(ImageVisitor.ImageElement.DelegationTokenIdentifierKind, id.GetKind().ToString ()); v.Visit(ImageVisitor.ImageElement.DelegationTokenIdentifierSeqno, id.GetSequenceNumber ()); v.Visit(ImageVisitor.ImageElement.DelegationTokenIdentifierOwner, id.GetOwner().ToString ()); v.Visit(ImageVisitor.ImageElement.DelegationTokenIdentifierRenewer, id.GetRenewer ().ToString()); v.Visit(ImageVisitor.ImageElement.DelegationTokenIdentifierRealuser, id.GetRealUser ().ToString()); v.Visit(ImageVisitor.ImageElement.DelegationTokenIdentifierIssueDate, id.GetIssueDate ()); v.Visit(ImageVisitor.ImageElement.DelegationTokenIdentifierMaxDate, id.GetMaxDate ()); v.Visit(ImageVisitor.ImageElement.DelegationTokenIdentifierExpiryTime, expiryTime ); v.Visit(ImageVisitor.ImageElement.DelegationTokenIdentifierMasterKeyId, id.GetMasterKeyId ()); v.LeaveEnclosingElement(); } // DELEGATION_TOKEN_IDENTIFIER v.LeaveEnclosingElement(); }
/// <exception cref="System.IO.IOException"/> private static byte[] BuildTokenMasterKeyData(DelegationKey key) { ByteArrayOutputStream memStream = new ByteArrayOutputStream(); DataOutputStream dataStream = new DataOutputStream(memStream); try { key.Write(dataStream); dataStream.Close(); } finally { IOUtils.Cleanup(Log, dataStream); } return(memStream.ToByteArray()); }
/// <exception cref="System.IO.IOException"/> public override void RemoveTokenMasterKey(DelegationKey masterKey) { if (Log.IsDebugEnabled()) { Log.Debug("Removing master key " + masterKey.GetKeyId()); } string dbKey = GetTokenMasterKeyDatabaseKey(masterKey); try { db.Delete(JniDBFactory.Bytes(dbKey)); } catch (DBException e) { throw new IOException(e); } }
/// <exception cref="System.IO.IOException"/> public override void StoreTokenMasterKey(DelegationKey key) { try { byte[] k = CreateTokenMasterKeyEntryKey(key.GetKeyId()); if (db.Get(k) != null) { throw new IOException(key + " already exists"); } byte[] v = BuildTokenMasterKeyData(key); db.Put(k, v); } catch (DBException e) { throw new IOException(e); } }
public virtual DelegationKey CheckCurrentKeyInStateStore(ICollection <DelegationKey > rmDTMasterKeyState) { lock (this) { foreach (int keyId in this._enclosing._enclosing.allKeys.Keys) { if (keyId == this._enclosing._enclosing.currentId) { DelegationKey currentKey = this._enclosing._enclosing.allKeys[keyId]; NUnit.Framework.Assert.IsTrue(rmDTMasterKeyState.Contains(currentKey)); return(currentKey); } } return(null); } }
/// <summary>Call namesystem to update editlogs for new master key.</summary> /// <exception cref="System.IO.IOException"/> protected override void LogUpdateMasterKey(DelegationKey key) { //AbstractDelegationTokenManager lock (noInterruptsLock) { // The edit logging code will fail catastrophically if it // is interrupted during a logSync, since the interrupt // closes the edit log files. Doing this inside the // above lock and then checking interruption status // prevents this bug. if (Sharpen.Thread.Interrupted()) { throw new ThreadInterruptedException("Interrupted before updating master key"); } namesystem.LogUpdateMasterKey(key); } }
/// <exception cref="System.IO.IOException"/> protected internal override void RemoveRMDTMasterKeyState(DelegationKey masterKey ) { string dbKey = GetRMDTMasterKeyNodeKey(masterKey); if (Log.IsDebugEnabled()) { Log.Debug("Removing token master key at " + dbKey); } try { db.Delete(JniDBFactory.Bytes(dbKey)); } catch (DBException e) { throw new IOException(e); } }
/// <exception cref="System.IO.IOException"/> protected override void StoreNewMasterKey(DelegationKey key) { if (Log.IsDebugEnabled()) { Log.Debug("Storing master key " + key.GetKeyId()); } try { if (stateStore != null) { stateStore.StoreTokenMasterKey(key); } } catch (IOException e) { Log.Error("Unable to store master key " + key.GetKeyId(), e); } }
/// <exception cref="System.Exception"/> protected internal override void StoreRMDTMasterKeyState(DelegationKey delegationKey ) { lock (this) { ICollection <DelegationKey> rmDTMasterKeyState = state.rmSecretManagerState.GetMasterKeyState (); if (rmDTMasterKeyState.Contains(delegationKey)) { IOException e = new IOException("RMDTMasterKey with keyID: " + delegationKey.GetKeyId () + " is already stored"); Log.Info("Error storing info for RMDTMasterKey with keyID: " + delegationKey.GetKeyId (), e); throw e; } state.GetRMDTSecretManagerState().GetMasterKeyState().AddItem(delegationKey); Log.Info("Store RMDT master key with key id: " + delegationKey.GetKeyId() + ". Currently rmDTMasterKeyState size: " + rmDTMasterKeyState.Count); } }
/// <summary>Private helper method to load delegation keys from fsimage.</summary> /// <exception cref="System.IO.IOException">on error</exception> private void LoadAllKeys(DataInput @in) { lock (this) { StartupProgress prog = NameNode.GetStartupProgress(); Step step = new Step(StepType.DelegationKeys); prog.BeginStep(Phase.LoadingFsimage, step); int numberOfKeys = @in.ReadInt(); prog.SetTotal(Phase.LoadingFsimage, step, numberOfKeys); StartupProgress.Counter counter = prog.GetCounter(Phase.LoadingFsimage, step); for (int i = 0; i < numberOfKeys; i++) { DelegationKey value = new DelegationKey(); value.ReadFields(@in); this._enclosing.AddKey(value); counter.Increment(); } prog.EndStep(Phase.LoadingFsimage, step); } }
/// <exception cref="System.IO.IOException"/> private int LoadRMDTSecretManagerKeys(RMStateStore.RMState state) { int numKeys = 0; LeveldbIterator iter = null; try { iter = new LeveldbIterator(db); iter.Seek(JniDBFactory.Bytes(RmDtMasterKeyKeyPrefix)); while (iter.HasNext()) { KeyValuePair <byte[], byte[]> entry = iter.Next(); string key = JniDBFactory.AsString(entry.Key); if (!key.StartsWith(RmDtMasterKeyKeyPrefix)) { break; } DelegationKey masterKey = LoadDelegationKey(entry.Value); state.rmSecretManagerState.masterKeyState.AddItem(masterKey); ++numKeys; if (Log.IsDebugEnabled()) { Log.Debug("Loaded RM delegation key from " + key + ": keyId=" + masterKey.GetKeyId () + ", expirationDate=" + masterKey.GetExpiryDate()); } } } catch (DBException e) { throw new IOException(e); } finally { if (iter != null) { iter.Close(); } } return(numKeys); }
public virtual void TestTokenStore() { HistoryServerStateStoreService store = CreateAndStartStore(); // verify initially the store is empty HistoryServerStateStoreService.HistoryServerState state = store.LoadState(); NUnit.Framework.Assert.IsTrue("token state not empty", state.tokenState.IsEmpty() ); NUnit.Framework.Assert.IsTrue("key state not empty", state.tokenMasterKeyState.IsEmpty ()); // store a key and some tokens DelegationKey key1 = new DelegationKey(1, 2, Sharpen.Runtime.GetBytesForString("keyData1" )); MRDelegationTokenIdentifier token1 = new MRDelegationTokenIdentifier(new Text("tokenOwner1" ), new Text("tokenRenewer1"), new Text("tokenUser1")); token1.SetSequenceNumber(1); long tokenDate1 = 1L; MRDelegationTokenIdentifier token2 = new MRDelegationTokenIdentifier(new Text("tokenOwner2" ), new Text("tokenRenewer2"), new Text("tokenUser2")); token2.SetSequenceNumber(12345678); long tokenDate2 = 87654321L; store.StoreTokenMasterKey(key1); store.StoreToken(token1, tokenDate1); store.StoreToken(token2, tokenDate2); store.Close(); // verify the key and tokens can be recovered store = CreateAndStartStore(); state = store.LoadState(); NUnit.Framework.Assert.AreEqual("incorrect loaded token count", 2, state.tokenState .Count); NUnit.Framework.Assert.IsTrue("missing token 1", state.tokenState.Contains(token1 )); NUnit.Framework.Assert.AreEqual("incorrect token 1 date", tokenDate1, state.tokenState [token1]); NUnit.Framework.Assert.IsTrue("missing token 2", state.tokenState.Contains(token2 )); NUnit.Framework.Assert.AreEqual("incorrect token 2 date", tokenDate2, state.tokenState [token2]); NUnit.Framework.Assert.AreEqual("incorrect master key count", 1, state.tokenMasterKeyState .Count); NUnit.Framework.Assert.IsTrue("missing master key 1", state.tokenMasterKeyState.Contains (key1)); // store some more keys and tokens, remove the previous key and one // of the tokens, and renew a previous token DelegationKey key2 = new DelegationKey(3, 4, Sharpen.Runtime.GetBytesForString("keyData2" )); DelegationKey key3 = new DelegationKey(5, 6, Sharpen.Runtime.GetBytesForString("keyData3" )); MRDelegationTokenIdentifier token3 = new MRDelegationTokenIdentifier(new Text("tokenOwner3" ), new Text("tokenRenewer3"), new Text("tokenUser3")); token3.SetSequenceNumber(12345679); long tokenDate3 = 87654321L; store.RemoveToken(token1); store.StoreTokenMasterKey(key2); long newTokenDate2 = 975318642L; store.UpdateToken(token2, newTokenDate2); store.RemoveTokenMasterKey(key1); store.StoreTokenMasterKey(key3); store.StoreToken(token3, tokenDate3); store.Close(); // verify the new keys and tokens are recovered, the removed key and // token are no longer present, and the renewed token has the updated // expiration date store = CreateAndStartStore(); state = store.LoadState(); NUnit.Framework.Assert.AreEqual("incorrect loaded token count", 2, state.tokenState .Count); NUnit.Framework.Assert.IsFalse("token 1 not removed", state.tokenState.Contains(token1 )); NUnit.Framework.Assert.IsTrue("missing token 2", state.tokenState.Contains(token2 )); NUnit.Framework.Assert.AreEqual("incorrect token 2 date", newTokenDate2, state.tokenState [token2]); NUnit.Framework.Assert.IsTrue("missing token 3", state.tokenState.Contains(token3 )); NUnit.Framework.Assert.AreEqual("incorrect token 3 date", tokenDate3, state.tokenState [token3]); NUnit.Framework.Assert.AreEqual("incorrect master key count", 2, state.tokenMasterKeyState .Count); NUnit.Framework.Assert.IsFalse("master key 1 not removed", state.tokenMasterKeyState .Contains(key1)); NUnit.Framework.Assert.IsTrue("missing master key 2", state.tokenMasterKeyState.Contains (key2)); NUnit.Framework.Assert.IsTrue("missing master key 3", state.tokenMasterKeyState.Contains (key3)); store.Close(); }
/// <summary>Blocking method to remove a delegation token master key.</summary> /// <remarks> /// Blocking method to remove a delegation token master key. /// Implementations must not return from this method until the key has been /// removed from the state store. /// </remarks> /// <param name="key">the master key to remove</param> /// <exception cref="System.IO.IOException"/> public abstract void RemoveTokenMasterKey(DelegationKey key);