/// <exception cref="System.IO.IOException"/>
public Org.Apache.Hadoop.Security.Token.Token <object> Run()
{
Credentials c;
try
{
c = DelegationTokenFetcher.GetDTfromRemote(this._enclosing.connectionFactory, this
._enclosing.nnUri, renewer, proxyUser);
}
catch (IOException e)
{
if (e.InnerException is ConnectException)
{
FileSystem.Log.Warn("Couldn't connect to " + this._enclosing.nnUri + ", assuming security is disabled"
);
return(null);
}
if (FileSystem.Log.IsDebugEnabled())
{
FileSystem.Log.Debug("Exception getting delegation token", e);
}
throw;
}
foreach (Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> t in c.GetAllTokens
())
{
if (FileSystem.Log.IsDebugEnabled())
{
FileSystem.Log.Debug("Got dt for " + this._enclosing.GetUri() + ";t.service=" + t
.GetService());
}
return(t);
}
return(null);
}
/// <exception cref="System.Exception"/>
public long Run()
{
IPEndPoint serviceAddr = SecurityUtil.GetTokenServiceAddr(token);
return(DelegationTokenFetcher.RenewDelegationToken(this._enclosing.connectionFactory
, DFSUtil.CreateUri(this._enclosing.GetUnderlyingProtocol(), serviceAddr), (Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>)token));
}
public virtual void TestCancelTokenFromHttp()
{
bootstrap = StartHttpServer(httpPort, testToken, serviceUrl);
DelegationTokenFetcher.CancelDelegationToken(connectionFactory, serviceUrl, testToken
);
if (assertionError != null)
{
throw assertionError;
}
}
public virtual void TestTokenFetchFail()
{
try
{
DelegationTokenFetcher.Main(new string[] { "-webservice=" + serviceUrl, tokenFile });
NUnit.Framework.Assert.Fail("Token fetcher shouldn't start in absense of NN");
}
catch (IOException)
{
}
}
public virtual void TestRenewTokenFromHttp()
{
bootstrap = StartHttpServer(httpPort, testToken, serviceUrl);
NUnit.Framework.Assert.IsTrue("testRenewTokenFromHttp error", long.Parse(ExpDate)
== DelegationTokenFetcher.RenewDelegationToken(connectionFactory, serviceUrl, testToken
));
if (assertionError != null)
{
throw assertionError;
}
}
public virtual void TestTokenRenewFail()
{
try
{
DelegationTokenFetcher.RenewDelegationToken(connectionFactory, serviceUrl, testToken
);
NUnit.Framework.Assert.Fail("Token fetcher shouldn't be able to renew tokens in absense of NN"
);
}
catch (IOException)
{
}
}
public virtual void ExpectedTokenCancelFail()
{
try
{
DelegationTokenFetcher.CancelDelegationToken(connectionFactory, serviceUrl, testToken
);
NUnit.Framework.Assert.Fail("Token fetcher shouldn't be able to cancel tokens in absense of NN"
);
}
catch (IOException)
{
}
}
private static void ExpectDelegationTokenFetcherExit(string[] args)
{
try
{
DelegationTokenFetcher.Main(args);
NUnit.Framework.Assert.Fail("should call exit");
}
catch (ExitUtil.ExitException)
{
ExitUtil.ResetFirstExitException();
}
catch (Exception ex)
{
NUnit.Framework.Assert.Fail("expectDelegationTokenFetcherExit ex error " + ex);
}
}
public virtual void ExpectedTokenRenewErrorHttpResponse()
{
bootstrap = StartHttpServer(httpPort, testToken, serviceUrl);
try
{
DelegationTokenFetcher.RenewDelegationToken(connectionFactory, new URI(serviceUrl
.ToString() + "/exception"), CreateToken(serviceUrl));
NUnit.Framework.Assert.Fail("Token fetcher shouldn't be able to renew tokens using an invalid"
+ " NN URL");
}
catch (IOException)
{
}
if (assertionError != null)
{
throw assertionError;
}
}
public virtual void ExpectedTokenIsRetrievedFromHttp()
{
bootstrap = StartHttpServer(httpPort, testToken, serviceUrl);
DelegationTokenFetcher.Main(new string[] { "-webservice=" + serviceUrl, tokenFile });
Path p = new Path(fileSys.GetWorkingDirectory(), tokenFile);
Credentials creds = Credentials.ReadTokenStorageFile(p, conf);
IEnumerator <Org.Apache.Hadoop.Security.Token.Token <object> > itr = creds.GetAllTokens
().GetEnumerator();
NUnit.Framework.Assert.IsTrue("token not exist error", itr.HasNext());
Org.Apache.Hadoop.Security.Token.Token <object> fetchedToken = itr.Next();
Assert.AssertArrayEquals("token wrong identifier error", testToken.GetIdentifier(
), fetchedToken.GetIdentifier());
Assert.AssertArrayEquals("token wrong password error", testToken.GetPassword(), fetchedToken
.GetPassword());
if (assertionError != null)
{
throw assertionError;
}
}
public virtual void ExpectedTokenIsRetrievedFromDFS()
{
byte[] ident = new DelegationTokenIdentifier(new Text("owner"), new Text("renewer"
), new Text("realuser")).GetBytes();
byte[] pw = new byte[] { 42 };
Text service = new Text(uri.ToString());
// Create a token for the fetcher to fetch, wire NN to return it when asked
// for this particular user.
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> t = new Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>(ident, pw, FakeRenewer.Kind, service);
Org.Mockito.Mockito.When(dfs.AddDelegationTokens(Matchers.Eq((string)null), Matchers.Any
<Credentials>())).ThenAnswer(new _Answer_77(service, t));
Org.Mockito.Mockito.When(dfs.GetUri()).ThenReturn(uri);
FakeRenewer.Reset();
FileSystem fileSys = FileSystem.GetLocal(conf);
try
{
DelegationTokenFetcher.Main(new string[] { "-fs", uri.ToString(), tokenFile });
Path p = new Path(fileSys.GetWorkingDirectory(), tokenFile);
Credentials creds = Credentials.ReadTokenStorageFile(p, conf);
IEnumerator <Org.Apache.Hadoop.Security.Token.Token <object> > itr = creds.GetAllTokens
().GetEnumerator();
// make sure we got back exactly the 1 token we expected
NUnit.Framework.Assert.IsTrue(itr.HasNext());
NUnit.Framework.Assert.AreEqual(t, itr.Next());
NUnit.Framework.Assert.IsTrue(!itr.HasNext());
DelegationTokenFetcher.Main(new string[] { "--print", tokenFile });
DelegationTokenFetcher.Main(new string[] { "--renew", tokenFile });
NUnit.Framework.Assert.AreEqual(t, FakeRenewer.lastRenewed);
FakeRenewer.Reset();
DelegationTokenFetcher.Main(new string[] { "--cancel", tokenFile });
NUnit.Framework.Assert.AreEqual(t, FakeRenewer.lastCanceled);
}
finally
{
fileSys.Delete(new Path(tokenFile), true);
}
}
