public virtual void TestUnnestUri()
{
Assert.Equal(new Path("hdfs://nn.example.com/my/path"), ProviderUtils
.UnnestUri(new URI("myscheme://[email protected]/my/path")));
Assert.Equal(new Path("hdfs://nn/my/path?foo=bar&baz=bat#yyy")
, ProviderUtils.UnnestUri(new URI("myscheme://hdfs@nn/my/path?foo=bar&baz=bat#yyy"
)));
Assert.Equal(new Path("inner://[email protected]/my/path"),
ProviderUtils.UnnestUri(new URI("outer://inner@[email protected]/my/path")));
Assert.Equal(new Path("user:///"), ProviderUtils.UnnestUri(new
URI("outer://user/")));
}
public virtual void TestJksProvider()
{
Configuration conf = new Configuration();
Path jksPath = new Path(tmpDir.ToString(), "test.jks");
string ourUrl = JavaKeyStoreProvider.SchemeName + "://file" + jksPath.ToUri();
FilePath file = new FilePath(tmpDir, "test.jks");
file.Delete();
conf.Set(CredentialProviderFactory.CredentialProviderPath, ourUrl);
CheckSpecificProvider(conf, ourUrl);
Path path = ProviderUtils.UnnestUri(new URI(ourUrl));
FileSystem fs = path.GetFileSystem(conf);
FileStatus s = fs.GetFileStatus(path);
Assert.True(s.GetPermission().ToString().Equals("rwx------"));
Assert.True(file + " should exist", file.IsFile());
// check permission retention after explicit change
fs.SetPermission(path, new FsPermission("777"));
CheckPermissionRetention(conf, ourUrl, path);
}
public virtual void TestJksProvider()
{
Configuration conf = new Configuration();
Path jksPath = new Path(testRootDir.ToString(), "test.jks");
string ourUrl = JavaKeyStoreProvider.SchemeName + "://file" + jksPath.ToUri();
FilePath file = new FilePath(testRootDir, "test.jks");
file.Delete();
conf.Set(KeyProviderFactory.KeyProviderPath, ourUrl);
CheckSpecificProvider(conf, ourUrl);
// START : Test flush error by failure injection
conf.Set(KeyProviderFactory.KeyProviderPath, ourUrl.Replace(JavaKeyStoreProvider.
SchemeName, FailureInjectingJavaKeyStoreProvider.SchemeName));
// get a new instance of the provider to ensure it was saved correctly
KeyProvider provider = KeyProviderFactory.GetProviders(conf)[0];
// inject failure during keystore write
FailureInjectingJavaKeyStoreProvider fProvider = (FailureInjectingJavaKeyStoreProvider
)provider;
fProvider.SetWriteFail(true);
provider.CreateKey("key5", new byte[] { 1 }, KeyProvider.Options(conf).SetBitLength
(8));
NUnit.Framework.Assert.IsNotNull(provider.GetCurrentKey("key5"));
try
{
provider.Flush();
NUnit.Framework.Assert.Fail("Should not succeed");
}
catch (Exception)
{
}
// Ignore
// SHould be reset to pre-flush state
NUnit.Framework.Assert.IsNull(provider.GetCurrentKey("key5"));
// Un-inject last failure and
// inject failure during keystore backup
fProvider.SetWriteFail(false);
fProvider.SetBackupFail(true);
provider.CreateKey("key6", new byte[] { 1 }, KeyProvider.Options(conf).SetBitLength
(8));
NUnit.Framework.Assert.IsNotNull(provider.GetCurrentKey("key6"));
try
{
provider.Flush();
NUnit.Framework.Assert.Fail("Should not succeed");
}
catch (Exception)
{
}
// Ignore
// SHould be reset to pre-flush state
NUnit.Framework.Assert.IsNull(provider.GetCurrentKey("key6"));
// END : Test flush error by failure injection
conf.Set(KeyProviderFactory.KeyProviderPath, ourUrl.Replace(FailureInjectingJavaKeyStoreProvider
.SchemeName, JavaKeyStoreProvider.SchemeName));
Path path = ProviderUtils.UnnestUri(new URI(ourUrl));
FileSystem fs = path.GetFileSystem(conf);
FileStatus s = fs.GetFileStatus(path);
Assert.True(s.GetPermission().ToString().Equals("rwx------"));
Assert.True(file + " should exist", file.IsFile());
// Corrupt file and Check if JKS can reload from _OLD file
FilePath oldFile = new FilePath(file.GetPath() + "_OLD");
file.RenameTo(oldFile);
file.Delete();
file.CreateNewFile();
Assert.True(oldFile.Exists());
provider = KeyProviderFactory.GetProviders(conf)[0];
Assert.True(file.Exists());
Assert.True(oldFile + "should be deleted", !oldFile.Exists());
VerifyAfterReload(file, provider);
Assert.True(!oldFile.Exists());
// _NEW and current file should not exist together
FilePath newFile = new FilePath(file.GetPath() + "_NEW");
newFile.CreateNewFile();
try
{
provider = KeyProviderFactory.GetProviders(conf)[0];
NUnit.Framework.Assert.Fail("_NEW and current file should not exist together !!");
}
catch (Exception)
{
}
finally
{
// Ignore
if (newFile.Exists())
{
newFile.Delete();
}
}
// Load from _NEW file
file.RenameTo(newFile);
file.Delete();
try
{
provider = KeyProviderFactory.GetProviders(conf)[0];
NUnit.Framework.Assert.IsFalse(newFile.Exists());
NUnit.Framework.Assert.IsFalse(oldFile.Exists());
}
catch (Exception)
{
NUnit.Framework.Assert.Fail("JKS should load from _NEW file !!");
}
// Ignore
VerifyAfterReload(file, provider);
// _NEW exists but corrupt.. must load from _OLD
newFile.CreateNewFile();
file.RenameTo(oldFile);
file.Delete();
try
{
provider = KeyProviderFactory.GetProviders(conf)[0];
NUnit.Framework.Assert.IsFalse(newFile.Exists());
NUnit.Framework.Assert.IsFalse(oldFile.Exists());
}
catch (Exception)
{
NUnit.Framework.Assert.Fail("JKS should load from _OLD file !!");
}
finally
{
// Ignore
if (newFile.Exists())
{
newFile.Delete();
}
}
VerifyAfterReload(file, provider);
// check permission retention after explicit change
fs.SetPermission(path, new FsPermission("777"));
CheckPermissionRetention(conf, ourUrl, path);
// Check that an uppercase keyname results in an error
provider = KeyProviderFactory.GetProviders(conf)[0];
try
{
provider.CreateKey("UPPERCASE", KeyProvider.Options(conf));
NUnit.Framework.Assert.Fail("Expected failure on creating key name with uppercase "
+ "characters");
}
catch (ArgumentException e)
{
GenericTestUtils.AssertExceptionContains("Uppercase key names", e);
}
}
/// <exception cref="System.IO.IOException"/>
private JavaKeyStoreProvider(URI uri, Configuration conf)
: base(conf)
{
this.uri = uri;
path = ProviderUtils.UnnestUri(uri);
fs = path.GetFileSystem(conf);
// Get the password file from the conf, if not present from the user's
// environment var
if (Runtime.GetEnv().Contains(KeystorePasswordEnvVar))
{
password = Runtime.Getenv(KeystorePasswordEnvVar).ToCharArray();
}
if (password == null)
{
string pwFile = conf.Get(KeystorePasswordFileKey);
if (pwFile != null)
{
ClassLoader cl = Thread.CurrentThread().GetContextClassLoader();
Uri pwdFile = cl.GetResource(pwFile);
if (pwdFile == null)
{
// Provided Password file does not exist
throw new IOException("Password file does not exists");
}
using (InputStream @is = pwdFile.OpenStream())
{
password = IOUtils.ToString(@is).Trim().ToCharArray();
}
}
}
if (password == null)
{
password = KeystorePasswordDefault;
}
try
{
Path oldPath = ConstructOldPath(path);
Path newPath = ConstructNewPath(path);
keyStore = KeyStore.GetInstance(SchemeName);
FsPermission perm = null;
if (fs.Exists(path))
{
// flush did not proceed to completion
// _NEW should not exist
if (fs.Exists(newPath))
{
throw new IOException(string.Format("Keystore not loaded due to some inconsistency "
+ "('%s' and '%s' should not exist together)!!", path, newPath));
}
perm = TryLoadFromPath(path, oldPath);
}
else
{
perm = TryLoadIncompleteFlush(oldPath, newPath);
}
// Need to save off permissions in case we need to
// rewrite the keystore in flush()
permissions = perm;
}
catch (KeyStoreException e)
{
throw new IOException("Can't create keystore", e);
}
catch (NoSuchAlgorithmException e)
{
throw new IOException("Can't load keystore " + path, e);
}
catch (CertificateException e)
{
throw new IOException("Can't load keystore " + path, e);
}
ReadWriteLock Lock = new ReentrantReadWriteLock(true);
readLock = Lock.ReadLock();
writeLock = Lock.WriteLock();
}
/// <exception cref="System.IO.IOException"/>
protected internal virtual void InitFileSystem(URI keystoreUri, Configuration conf
)
{
path = ProviderUtils.UnnestUri(keystoreUri);
}
/// <exception cref="System.UriFormatException"/>
/// <exception cref="System.IO.IOException"/>
private static Path ExtractKMSPath(URI uri)
{
return(ProviderUtils.UnnestUri(uri));
}