/// <summary>Opens a url with read and connect timeouts</summary>
/// <param name="url">URL to open</param>
/// <param name="isSpnego">whether the url should be authenticated via SPNEGO</param>
/// <returns>URLConnection</returns>
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// "/>
public virtual URLConnection OpenConnection(Uri url, bool isSpnego)
{
if (isSpnego)
{
if (Log.IsDebugEnabled())
{
Log.Debug("open AuthenticatedURL connection" + url);
}
UserGroupInformation.GetCurrentUser().CheckTGTAndReloginFromKeytab();
AuthenticatedURL.Token authToken = new AuthenticatedURL.Token();
return(new AuthenticatedURL(new KerberosUgiAuthenticator(), connConfigurator).OpenConnection
(url, authToken));
}
else
{
if (Log.IsDebugEnabled())
{
Log.Debug("open URL connection");
}
URLConnection connection = url.OpenConnection();
if (connection is HttpURLConnection)
{
connConfigurator.Configure((HttpURLConnection)connection);
}
return(connection);
}
}
/// <summary>
/// Returns an authenticated
/// <see cref="HttpURLConnection"/>
/// .
/// </summary>
/// <param name="url">the URL to connect to. Only HTTP/S URLs are supported.</param>
/// <param name="token">the authentication token being used for the user.</param>
/// <returns>
/// an authenticated
/// <see cref="HttpURLConnection"/>
/// .
/// </returns>
/// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
/// <exception cref="AuthenticationException">if an authentication exception occurred.
/// </exception>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// "/>
public virtual HttpURLConnection OpenConnection(Uri url, AuthenticatedURL.Token token
)
{
if (url == null)
{
throw new ArgumentException("url cannot be NULL");
}
if (!Runtime.EqualsIgnoreCase(url.Scheme, "http") && !Runtime.EqualsIgnoreCase
(url.Scheme, "https"))
{
throw new ArgumentException("url must be for a HTTP or HTTPS resource");
}
if (token == null)
{
throw new ArgumentException("token cannot be NULL");
}
authenticator.Authenticate(url, token);
HttpURLConnection conn = (HttpURLConnection)url.OpenConnection();
if (connConfigurator != null)
{
conn = connConfigurator.Configure(conn);
}
InjectToken(conn, token);
return(conn);
}
/// <summary>Performs SPNEGO authentication against the specified URL.</summary>
/// <remarks>
/// Performs SPNEGO authentication against the specified URL.
/// <p>
/// If a token is given it does a NOP and returns the given token.
/// <p>
/// If no token is given, it will perform the SPNEGO authentication sequence using an
/// HTTP <code>OPTIONS</code> request.
/// </remarks>
/// <param name="url">the URl to authenticate against.</param>
/// <param name="token">the authentication token being used for the user.</param>
/// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
/// <exception cref="AuthenticationException">if an authentication error occurred.</exception>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// "/>
public virtual void Authenticate(Uri url, AuthenticatedURL.Token token)
{
if (!token.IsSet())
{
this.url = url;
base64 = new Base64(0);
conn = (HttpURLConnection)url.OpenConnection();
if (connConfigurator != null)
{
conn = connConfigurator.Configure(conn);
}
conn.SetRequestMethod(AuthHttpMethod);
conn.Connect();
bool needFallback = false;
if (conn.GetResponseCode() == HttpURLConnection.HttpOk)
{
Log.Debug("JDK performed authentication on our behalf.");
// If the JDK already did the SPNEGO back-and-forth for
// us, just pull out the token.
AuthenticatedURL.ExtractToken(conn, token);
if (IsTokenKerberos(token))
{
return;
}
needFallback = true;
}
if (!needFallback && IsNegotiate())
{
Log.Debug("Performing our own SPNEGO sequence.");
DoSpnegoSequence(token);
}
else
{
Log.Debug("Using fallback authenticator sequence.");
Authenticator auth = GetFallBackAuthenticator();
// Make sure that the fall back authenticator have the same
// ConnectionConfigurator, since the method might be overridden.
// Otherwise the fall back authenticator might not have the information
// to make the connection (e.g., SSL certificates)
auth.SetConnectionConfigurator(connConfigurator);
auth.Authenticate(url, token);
}
}
}
/// <summary>Calls the wrapped configure() method, then sets timeouts</summary>
/// <param name="conn">
/// the
/// <see cref="HttpURLConnection"/>
/// instance to configure.
/// </param>
/// <returns>the connection</returns>
/// <exception cref="System.IO.IOException"/>
public virtual HttpURLConnection Configure(HttpURLConnection conn)
{
if (cc != null)
{
conn = cc.Configure(conn);
}
conn.SetConnectTimeout(timeout * 1000);
// conversion to milliseconds
conn.SetReadTimeout(timeout * 1000);
return(conn);
}
/// <summary>Performs simple authentication against the specified URL.</summary>
/// <remarks>
/// Performs simple authentication against the specified URL.
/// <p>
/// If a token is given it does a NOP and returns the given token.
/// <p>
/// If no token is given, it will perform an HTTP <code>OPTIONS</code> request injecting an additional
/// parameter
/// <see cref="UserName"/>
/// in the query string with the value returned by the
/// <see cref="GetUserName()"/>
/// method.
/// <p>
/// If the response is successful it will update the authentication token.
/// </remarks>
/// <param name="url">the URl to authenticate against.</param>
/// <param name="token">the authencation token being used for the user.</param>
/// <exception cref="System.IO.IOException">if an IO error occurred.</exception>
/// <exception cref="AuthenticationException">if an authentication error occurred.</exception>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// "/>
public virtual void Authenticate(Uri url, AuthenticatedURL.Token token)
{
string strUrl = url.ToString();
string paramSeparator = (strUrl.Contains("?")) ? "&" : "?";
strUrl += paramSeparator + UserNameEq + GetUserName();
url = new Uri(strUrl);
HttpURLConnection conn = (HttpURLConnection)url.OpenConnection();
if (connConfigurator != null)
{
conn = connConfigurator.Configure(conn);
}
conn.SetRequestMethod("OPTIONS");
conn.Connect();
AuthenticatedURL.ExtractToken(conn, token);
}
public virtual void TestConnectionConfigurator()
{
HttpURLConnection conn = Org.Mockito.Mockito.Mock <HttpURLConnection>();
Org.Mockito.Mockito.When(conn.GetResponseCode()).ThenReturn(HttpURLConnection.HttpUnauthorized
);
ConnectionConfigurator connConf = Org.Mockito.Mockito.Mock <ConnectionConfigurator
>();
Org.Mockito.Mockito.When(connConf.Configure(Org.Mockito.Mockito.Any <HttpURLConnection
>())).ThenReturn(conn);
Authenticator authenticator = Org.Mockito.Mockito.Mock <Authenticator>();
AuthenticatedURL aURL = new AuthenticatedURL(authenticator, connConf);
aURL.OpenConnection(new Uri("http://foo"), new AuthenticatedURL.Token());
Org.Mockito.Mockito.Verify(connConf).Configure(Org.Mockito.Mockito.Any <HttpURLConnection
>());
}
public void SetupConnection(Connection connection, bool start = true)
{
if (Connection != null)
{
Close();
}
lock (lckObject)
{
ConnectionConfigurator?.Configure(connection);
Connection = connection;
Connection.StateChanged += Connection_StatusChanged;
Connection.DataReceived += ProcessReceivedData;
PacketReader.Clear();
State = SessionState.Working;
if (start)
{
Start();
}
}
}
