/// <exception cref="System.IO.IOException"/> public override void UpdateToken(MRDelegationTokenIdentifier tokenId, long renewDate ) { if (Log.IsDebugEnabled()) { Log.Debug("Updating token " + tokenId.GetSequenceNumber()); } // Files cannot be atomically replaced, therefore we write a temporary // update file, remove the original token file, then rename the update // file to the token file. During recovery either the token file will be // used or if that is missing and an update file is present then the // update file is used. Path tokenPath = GetTokenPath(tokenId); Path tmp = new Path(tokenPath.GetParent(), UpdateTmpFilePrefix + tokenPath.GetName ()); WriteFile(tmp, BuildTokenData(tokenId, renewDate)); try { DeleteFile(tokenPath); } catch (IOException e) { fs.Delete(tmp, false); throw; } if (!fs.Rename(tmp, tokenPath)) { throw new IOException("Could not rename " + tmp + " to " + tokenPath); } }
/// <exception cref="System.IO.IOException"/> public override void StoreToken(MRDelegationTokenIdentifier tokenId, long renewDate ) { if (Log.IsDebugEnabled()) { Log.Debug("Storing token " + tokenId.GetSequenceNumber()); } ByteArrayOutputStream memStream = new ByteArrayOutputStream(); DataOutputStream dataStream = new DataOutputStream(memStream); try { tokenId.Write(dataStream); dataStream.WriteLong(renewDate); dataStream.Close(); dataStream = null; } finally { IOUtils.Cleanup(Log, dataStream); } string dbKey = GetTokenDatabaseKey(tokenId); try { db.Put(JniDBFactory.Bytes(dbKey), memStream.ToByteArray()); } catch (DBException e) { throw new IOException(e); } }
/// <exception cref="System.IO.IOException"/> public override void RemoveToken(MRDelegationTokenIdentifier tokenId) { if (Log.IsDebugEnabled()) { Log.Debug("Removing token " + tokenId.GetSequenceNumber()); } DeleteFile(GetTokenPath(tokenId)); }
/// <exception cref="System.IO.IOException"/> public override void StoreToken(MRDelegationTokenIdentifier tokenId, long renewDate ) { if (Log.IsDebugEnabled()) { Log.Debug("Storing token " + tokenId.GetSequenceNumber()); } Path tokenPath = GetTokenPath(tokenId); if (fs.Exists(tokenPath)) { throw new IOException(tokenPath + " already exists"); } CreateNewFile(tokenPath, BuildTokenData(tokenId, renewDate)); }
private Path GetTokenPath(MRDelegationTokenIdentifier tokenId) { Path bucketPath = GetTokenBucketPath(GetBucketId(tokenId)); return(new Path(bucketPath, TokenFilePrefix + tokenId.GetSequenceNumber())); }
private static int GetBucketId(MRDelegationTokenIdentifier tokenId) { return(tokenId.GetSequenceNumber() % NumTokenBuckets); }
private string GetTokenDatabaseKey(MRDelegationTokenIdentifier tokenId) { return TokenStateKeyPrefix + tokenId.GetSequenceNumber(); }
public virtual void TestRecovery() { Configuration conf = new Configuration(); HistoryServerStateStoreService store = new HistoryServerMemStateStoreService(); store.Init(conf); store.Start(); TestJHSDelegationTokenSecretManager.JHSDelegationTokenSecretManagerForTest mgr = new TestJHSDelegationTokenSecretManager.JHSDelegationTokenSecretManagerForTest(store ); mgr.StartThreads(); MRDelegationTokenIdentifier tokenId1 = new MRDelegationTokenIdentifier(new Text("tokenOwner" ), new Text("tokenRenewer"), new Text("tokenUser")); Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier> token1 = new Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier>(tokenId1, mgr ); MRDelegationTokenIdentifier tokenId2 = new MRDelegationTokenIdentifier(new Text("tokenOwner" ), new Text("tokenRenewer"), new Text("tokenUser")); Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier> token2 = new Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier>(tokenId2, mgr ); DelegationKey[] keys = mgr.GetAllKeys(); long tokenRenewDate1 = mgr.GetAllTokens()[tokenId1].GetRenewDate(); long tokenRenewDate2 = mgr.GetAllTokens()[tokenId2].GetRenewDate(); mgr.StopThreads(); mgr = new TestJHSDelegationTokenSecretManager.JHSDelegationTokenSecretManagerForTest (store); mgr.Recover(store.LoadState()); IList <DelegationKey> recoveredKeys = Arrays.AsList(mgr.GetAllKeys()); foreach (DelegationKey key in keys) { NUnit.Framework.Assert.IsTrue("key missing after recovery", recoveredKeys.Contains (key)); } NUnit.Framework.Assert.IsTrue("token1 missing", mgr.GetAllTokens().Contains(tokenId1 )); NUnit.Framework.Assert.AreEqual("token1 renew date", tokenRenewDate1, mgr.GetAllTokens ()[tokenId1].GetRenewDate()); NUnit.Framework.Assert.IsTrue("token2 missing", mgr.GetAllTokens().Contains(tokenId2 )); NUnit.Framework.Assert.AreEqual("token2 renew date", tokenRenewDate2, mgr.GetAllTokens ()[tokenId2].GetRenewDate()); mgr.StartThreads(); mgr.VerifyToken(tokenId1, token1.GetPassword()); mgr.VerifyToken(tokenId2, token2.GetPassword()); MRDelegationTokenIdentifier tokenId3 = new MRDelegationTokenIdentifier(new Text("tokenOwner" ), new Text("tokenRenewer"), new Text("tokenUser")); Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier> token3 = new Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier>(tokenId3, mgr ); NUnit.Framework.Assert.AreEqual("sequence number restore", tokenId2.GetSequenceNumber () + 1, tokenId3.GetSequenceNumber()); mgr.CancelToken(token1, "tokenOwner"); // Testing with full principal name MRDelegationTokenIdentifier tokenIdFull = new MRDelegationTokenIdentifier(new Text ("tokenOwner/localhost@LOCALHOST"), new Text("tokenRenewer"), new Text("tokenUser" )); KerberosName.SetRules("RULE:[1:$1]\nRULE:[2:$1]"); Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier> tokenFull = new Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier>(tokenIdFull, mgr); // Negative test try { mgr.CancelToken(tokenFull, "tokenOwner"); } catch (AccessControlException ace) { NUnit.Framework.Assert.IsTrue(ace.Message.Contains("is not authorized to cancel the token" )); } // Succeed to cancel with full principal mgr.CancelToken(tokenFull, tokenIdFull.GetOwner().ToString()); long tokenRenewDate3 = mgr.GetAllTokens()[tokenId3].GetRenewDate(); mgr.StopThreads(); mgr = new TestJHSDelegationTokenSecretManager.JHSDelegationTokenSecretManagerForTest (store); mgr.Recover(store.LoadState()); NUnit.Framework.Assert.IsFalse("token1 should be missing", mgr.GetAllTokens().Contains (tokenId1)); NUnit.Framework.Assert.IsTrue("token2 missing", mgr.GetAllTokens().Contains(tokenId2 )); NUnit.Framework.Assert.AreEqual("token2 renew date", tokenRenewDate2, mgr.GetAllTokens ()[tokenId2].GetRenewDate()); NUnit.Framework.Assert.IsTrue("token3 missing", mgr.GetAllTokens().Contains(tokenId3 )); NUnit.Framework.Assert.AreEqual("token3 renew date", tokenRenewDate3, mgr.GetAllTokens ()[tokenId3].GetRenewDate()); mgr.StartThreads(); mgr.VerifyToken(tokenId2, token2.GetPassword()); mgr.VerifyToken(tokenId3, token3.GetPassword()); mgr.StopThreads(); }