public ContainerTokenIdentifierForTest(ContainerTokenIdentifier identifier, string
message)
{
YarnSecurityTestTokenProtos.ContainerTokenIdentifierForTestProto.Builder builder =
YarnSecurityTestTokenProtos.ContainerTokenIdentifierForTestProto.NewBuilder();
ContainerIdPBImpl containerID = (ContainerIdPBImpl)identifier.GetContainerID();
if (containerID != null)
{
builder.SetContainerId(containerID.GetProto());
}
builder.SetNmHostAddr(identifier.GetNmHostAddress());
builder.SetAppSubmitter(identifier.GetApplicationSubmitter());
ResourcePBImpl resource = (ResourcePBImpl)identifier.GetResource();
if (resource != null)
{
builder.SetResource(resource.GetProto());
}
builder.SetExpiryTimeStamp(identifier.GetExpiryTimeStamp());
builder.SetMasterKeyId(identifier.GetMasterKeyId());
builder.SetRmIdentifier(identifier.GetRMIdentifier());
PriorityPBImpl priority = (PriorityPBImpl)identifier.GetPriority();
if (priority != null)
{
builder.SetPriority(priority.GetProto());
}
builder.SetCreationTime(identifier.GetCreationTime());
builder.SetMessage(message);
LogAggregationContextPBImpl logAggregationContext = (LogAggregationContextPBImpl)
identifier.GetLogAggregationContext();
if (logAggregationContext != null)
{
builder.SetLogAggregationContext(logAggregationContext.GetProto());
}
proto = ((YarnSecurityTestTokenProtos.ContainerTokenIdentifierForTestProto)builder
.Build());
}
/// <summary>
/// Override of this is to validate ContainerTokens generated by using
/// different
/// <see cref="Org.Apache.Hadoop.Yarn.Server.Api.Records.MasterKey"/>
/// s.
/// </summary>
/// <exception cref="Org.Apache.Hadoop.Security.Token.SecretManager.InvalidToken"/>
public override byte[] RetrievePassword(ContainerTokenIdentifier identifier)
{
lock (this)
{
int keyId = identifier.GetMasterKeyId();
MasterKeyData masterKeyToUse = null;
if (this.previousMasterKey != null && keyId == this.previousMasterKey.GetMasterKey
().GetKeyId())
{
// A container-launch has come in with a token generated off the last
// master-key
masterKeyToUse = this.previousMasterKey;
}
else
{
if (keyId == base.currentMasterKey.GetMasterKey().GetKeyId())
{
// A container-launch has come in with a token generated off the current
// master-key
masterKeyToUse = base.currentMasterKey;
}
}
if (nodeHostAddr != null && !identifier.GetNmHostAddress().Equals(nodeHostAddr))
{
// Valid container token used for incorrect node.
throw new SecretManager.InvalidToken("Given Container " + identifier.GetContainerID
().ToString() + " identifier is not valid for current Node manager. Expected : "
+ nodeHostAddr + " Found : " + identifier.GetNmHostAddress());
}
if (masterKeyToUse != null)
{
return(RetrievePasswordInternal(identifier, masterKeyToUse));
}
// Invalid request. Like startContainer() with token generated off
// old-master-keys.
throw new SecretManager.InvalidToken("Given Container " + identifier.GetContainerID
().ToString() + " seems to have an illegally generated token.");
}
}
