public ContainerTokenIdentifierForTest(ContainerTokenIdentifier identifier, string message) { YarnSecurityTestTokenProtos.ContainerTokenIdentifierForTestProto.Builder builder = YarnSecurityTestTokenProtos.ContainerTokenIdentifierForTestProto.NewBuilder(); ContainerIdPBImpl containerID = (ContainerIdPBImpl)identifier.GetContainerID(); if (containerID != null) { builder.SetContainerId(containerID.GetProto()); } builder.SetNmHostAddr(identifier.GetNmHostAddress()); builder.SetAppSubmitter(identifier.GetApplicationSubmitter()); ResourcePBImpl resource = (ResourcePBImpl)identifier.GetResource(); if (resource != null) { builder.SetResource(resource.GetProto()); } builder.SetExpiryTimeStamp(identifier.GetExpiryTimeStamp()); builder.SetMasterKeyId(identifier.GetMasterKeyId()); builder.SetRmIdentifier(identifier.GetRMIdentifier()); PriorityPBImpl priority = (PriorityPBImpl)identifier.GetPriority(); if (priority != null) { builder.SetPriority(priority.GetProto()); } builder.SetCreationTime(identifier.GetCreationTime()); builder.SetMessage(message); LogAggregationContextPBImpl logAggregationContext = (LogAggregationContextPBImpl) identifier.GetLogAggregationContext(); if (logAggregationContext != null) { builder.SetLogAggregationContext(logAggregationContext.GetProto()); } proto = ((YarnSecurityTestTokenProtos.ContainerTokenIdentifierForTestProto)builder .Build()); }
/// <summary> /// Override of this is to validate ContainerTokens generated by using /// different /// <see cref="Org.Apache.Hadoop.Yarn.Server.Api.Records.MasterKey"/> /// s. /// </summary> /// <exception cref="Org.Apache.Hadoop.Security.Token.SecretManager.InvalidToken"/> public override byte[] RetrievePassword(ContainerTokenIdentifier identifier) { lock (this) { int keyId = identifier.GetMasterKeyId(); MasterKeyData masterKeyToUse = null; if (this.previousMasterKey != null && keyId == this.previousMasterKey.GetMasterKey ().GetKeyId()) { // A container-launch has come in with a token generated off the last // master-key masterKeyToUse = this.previousMasterKey; } else { if (keyId == base.currentMasterKey.GetMasterKey().GetKeyId()) { // A container-launch has come in with a token generated off the current // master-key masterKeyToUse = base.currentMasterKey; } } if (nodeHostAddr != null && !identifier.GetNmHostAddress().Equals(nodeHostAddr)) { // Valid container token used for incorrect node. throw new SecretManager.InvalidToken("Given Container " + identifier.GetContainerID ().ToString() + " identifier is not valid for current Node manager. Expected : " + nodeHostAddr + " Found : " + identifier.GetNmHostAddress()); } if (masterKeyToUse != null) { return(RetrievePasswordInternal(identifier, masterKeyToUse)); } // Invalid request. Like startContainer() with token generated off // old-master-keys. throw new SecretManager.InvalidToken("Given Container " + identifier.GetContainerID ().ToString() + " seems to have an illegally generated token."); } }