/// <exception cref="System.IO.IOException"/>
public override void UpdateToken(MRDelegationTokenIdentifier tokenId, long renewDate
)
{
if (Log.IsDebugEnabled())
{
Log.Debug("Updating token " + tokenId.GetSequenceNumber());
}
// Files cannot be atomically replaced, therefore we write a temporary
// update file, remove the original token file, then rename the update
// file to the token file. During recovery either the token file will be
// used or if that is missing and an update file is present then the
// update file is used.
Path tokenPath = GetTokenPath(tokenId);
Path tmp = new Path(tokenPath.GetParent(), UpdateTmpFilePrefix + tokenPath.GetName
());
WriteFile(tmp, BuildTokenData(tokenId, renewDate));
try
{
DeleteFile(tokenPath);
}
catch (IOException e)
{
fs.Delete(tmp, false);
throw;
}
if (!fs.Rename(tmp, tokenPath))
{
throw new IOException("Could not rename " + tmp + " to " + tokenPath);
}
}
/// <exception cref="System.IO.IOException"/>
public override void StoreToken(MRDelegationTokenIdentifier tokenId, long renewDate
)
{
if (Log.IsDebugEnabled())
{
Log.Debug("Storing token " + tokenId.GetSequenceNumber());
}
ByteArrayOutputStream memStream = new ByteArrayOutputStream();
DataOutputStream dataStream = new DataOutputStream(memStream);
try
{
tokenId.Write(dataStream);
dataStream.WriteLong(renewDate);
dataStream.Close();
dataStream = null;
}
finally
{
IOUtils.Cleanup(Log, dataStream);
}
string dbKey = GetTokenDatabaseKey(tokenId);
try
{
db.Put(JniDBFactory.Bytes(dbKey), memStream.ToByteArray());
}
catch (DBException e)
{
throw new IOException(e);
}
}
/// <exception cref="System.IO.IOException"/>
public override void RemoveToken(MRDelegationTokenIdentifier tokenId)
{
if (Log.IsDebugEnabled())
{
Log.Debug("Removing token " + tokenId.GetSequenceNumber());
}
DeleteFile(GetTokenPath(tokenId));
}
/// <exception cref="System.IO.IOException"/>
public override void StoreToken(MRDelegationTokenIdentifier tokenId, long renewDate
)
{
if (Log.IsDebugEnabled())
{
Log.Debug("Storing token " + tokenId.GetSequenceNumber());
}
Path tokenPath = GetTokenPath(tokenId);
if (fs.Exists(tokenPath))
{
throw new IOException(tokenPath + " already exists");
}
CreateNewFile(tokenPath, BuildTokenData(tokenId, renewDate));
}
private Path GetTokenPath(MRDelegationTokenIdentifier tokenId)
{
Path bucketPath = GetTokenBucketPath(GetBucketId(tokenId));
return(new Path(bucketPath, TokenFilePrefix + tokenId.GetSequenceNumber()));
}
private static int GetBucketId(MRDelegationTokenIdentifier tokenId)
{
return(tokenId.GetSequenceNumber() % NumTokenBuckets);
}
private string GetTokenDatabaseKey(MRDelegationTokenIdentifier tokenId)
{
return TokenStateKeyPrefix + tokenId.GetSequenceNumber();
}
public virtual void TestRecovery()
{
Configuration conf = new Configuration();
HistoryServerStateStoreService store = new HistoryServerMemStateStoreService();
store.Init(conf);
store.Start();
TestJHSDelegationTokenSecretManager.JHSDelegationTokenSecretManagerForTest mgr =
new TestJHSDelegationTokenSecretManager.JHSDelegationTokenSecretManagerForTest(store
);
mgr.StartThreads();
MRDelegationTokenIdentifier tokenId1 = new MRDelegationTokenIdentifier(new Text("tokenOwner"
), new Text("tokenRenewer"), new Text("tokenUser"));
Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier> token1 = new
Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier>(tokenId1, mgr
);
MRDelegationTokenIdentifier tokenId2 = new MRDelegationTokenIdentifier(new Text("tokenOwner"
), new Text("tokenRenewer"), new Text("tokenUser"));
Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier> token2 = new
Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier>(tokenId2, mgr
);
DelegationKey[] keys = mgr.GetAllKeys();
long tokenRenewDate1 = mgr.GetAllTokens()[tokenId1].GetRenewDate();
long tokenRenewDate2 = mgr.GetAllTokens()[tokenId2].GetRenewDate();
mgr.StopThreads();
mgr = new TestJHSDelegationTokenSecretManager.JHSDelegationTokenSecretManagerForTest
(store);
mgr.Recover(store.LoadState());
IList <DelegationKey> recoveredKeys = Arrays.AsList(mgr.GetAllKeys());
foreach (DelegationKey key in keys)
{
NUnit.Framework.Assert.IsTrue("key missing after recovery", recoveredKeys.Contains
(key));
}
NUnit.Framework.Assert.IsTrue("token1 missing", mgr.GetAllTokens().Contains(tokenId1
));
NUnit.Framework.Assert.AreEqual("token1 renew date", tokenRenewDate1, mgr.GetAllTokens
()[tokenId1].GetRenewDate());
NUnit.Framework.Assert.IsTrue("token2 missing", mgr.GetAllTokens().Contains(tokenId2
));
NUnit.Framework.Assert.AreEqual("token2 renew date", tokenRenewDate2, mgr.GetAllTokens
()[tokenId2].GetRenewDate());
mgr.StartThreads();
mgr.VerifyToken(tokenId1, token1.GetPassword());
mgr.VerifyToken(tokenId2, token2.GetPassword());
MRDelegationTokenIdentifier tokenId3 = new MRDelegationTokenIdentifier(new Text("tokenOwner"
), new Text("tokenRenewer"), new Text("tokenUser"));
Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier> token3 = new
Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier>(tokenId3, mgr
);
NUnit.Framework.Assert.AreEqual("sequence number restore", tokenId2.GetSequenceNumber
() + 1, tokenId3.GetSequenceNumber());
mgr.CancelToken(token1, "tokenOwner");
// Testing with full principal name
MRDelegationTokenIdentifier tokenIdFull = new MRDelegationTokenIdentifier(new Text
("tokenOwner/localhost@LOCALHOST"), new Text("tokenRenewer"), new Text("tokenUser"
));
KerberosName.SetRules("RULE:[1:$1]\nRULE:[2:$1]");
Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier> tokenFull = new
Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier>(tokenIdFull,
mgr);
// Negative test
try
{
mgr.CancelToken(tokenFull, "tokenOwner");
}
catch (AccessControlException ace)
{
NUnit.Framework.Assert.IsTrue(ace.Message.Contains("is not authorized to cancel the token"
));
}
// Succeed to cancel with full principal
mgr.CancelToken(tokenFull, tokenIdFull.GetOwner().ToString());
long tokenRenewDate3 = mgr.GetAllTokens()[tokenId3].GetRenewDate();
mgr.StopThreads();
mgr = new TestJHSDelegationTokenSecretManager.JHSDelegationTokenSecretManagerForTest
(store);
mgr.Recover(store.LoadState());
NUnit.Framework.Assert.IsFalse("token1 should be missing", mgr.GetAllTokens().Contains
(tokenId1));
NUnit.Framework.Assert.IsTrue("token2 missing", mgr.GetAllTokens().Contains(tokenId2
));
NUnit.Framework.Assert.AreEqual("token2 renew date", tokenRenewDate2, mgr.GetAllTokens
()[tokenId2].GetRenewDate());
NUnit.Framework.Assert.IsTrue("token3 missing", mgr.GetAllTokens().Contains(tokenId3
));
NUnit.Framework.Assert.AreEqual("token3 renew date", tokenRenewDate3, mgr.GetAllTokens
()[tokenId3].GetRenewDate());
mgr.StartThreads();
mgr.VerifyToken(tokenId2, token2.GetPassword());
mgr.VerifyToken(tokenId3, token3.GetPassword());
mgr.StopThreads();
}
