/// <exception cref="System.Exception"/>
public virtual RegisterApplicationMasterResponse RegisterAppAttempt(bool wait)
{
if (wait)
{
WaitForState(RMAppAttemptState.Launched);
}
responseId = 0;
RegisterApplicationMasterRequest req = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord
<RegisterApplicationMasterRequest>();
req.SetHost(string.Empty);
req.SetRpcPort(1);
req.SetTrackingUrl(string.Empty);
if (ugi == null)
{
ugi = UserGroupInformation.CreateRemoteUser(attemptId.ToString());
Org.Apache.Hadoop.Security.Token.Token <AMRMTokenIdentifier> token = context.GetRMApps
()[attemptId.GetApplicationId()].GetRMAppAttempt(attemptId).GetAMRMToken();
ugi.AddTokenIdentifier(token.DecodeIdentifier());
}
try
{
return(ugi.DoAs(new _PrivilegedExceptionAction_117(this, req)));
}
catch (UndeclaredThrowableException e)
{
throw (Exception)e.InnerException;
}
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="System.Exception"/>
internal static string GetDelegationToken(NamenodeProtocols nn, HttpServletRequest
request, Configuration conf, UserGroupInformation ugi)
{
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = ugi.DoAs
(new _PrivilegedExceptionAction_39(nn, ugi));
return(token == null ? null : token.EncodeToUrlString());
}
public virtual void TestDelegationTokenRpc()
{
ClientProtocol mockNN = Org.Mockito.Mockito.Mock <ClientProtocol>();
FSNamesystem mockNameSys = Org.Mockito.Mockito.Mock <FSNamesystem>();
DelegationTokenSecretManager sm = new DelegationTokenSecretManager(DFSConfigKeys.
DfsNamenodeDelegationKeyUpdateIntervalDefault, DFSConfigKeys.DfsNamenodeDelegationKeyUpdateIntervalDefault
, DFSConfigKeys.DfsNamenodeDelegationTokenMaxLifetimeDefault, 3600000, mockNameSys
);
sm.StartThreads();
Org.Apache.Hadoop.Ipc.Server server = new RPC.Builder(conf).SetProtocol(typeof(ClientProtocol
)).SetInstance(mockNN).SetBindAddress(Address).SetPort(0).SetNumHandlers(5).SetVerbose
(true).SetSecretManager(sm).Build();
server.Start();
UserGroupInformation current = UserGroupInformation.GetCurrentUser();
IPEndPoint addr = NetUtils.GetConnectAddress(server);
string user = current.GetUserName();
Text owner = new Text(user);
DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(owner, owner, null
);
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>(dtId, sm);
SecurityUtil.SetTokenService(token, addr);
Log.Info("Service for token is " + token.GetService());
current.AddToken(token);
current.DoAs(new _PrivilegedExceptionAction_100(addr, server));
}
public virtual void CancelDelegationToken <_T0>(Org.Apache.Hadoop.Security.Token.Token
<_T0> token)
where _T0 : AbstractDelegationTokenIdentifier
{
dfs.CancelDelegationToken((Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier
>)token);
}
internal static bool CheckEqual(Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier
> a, Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> b)
{
return(Arrays.Equals(a.GetIdentifier(), b.GetIdentifier()) && Arrays.Equals(a.GetPassword
(), b.GetPassword()) && IsEqual(a.GetKind(), b.GetKind()) && IsEqual(a.GetService
(), b.GetService()));
}
public virtual long RenewDelegationToken <_T0>(Org.Apache.Hadoop.Security.Token.Token
<_T0> token)
where _T0 : AbstractDelegationTokenIdentifier
{
return(dfs.RenewDelegationToken((Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier
>)token));
}
public virtual void TestSecureHAToken()
{
Configuration conf = DFSTestUtil.NewHAConfiguration(LogicalName);
conf.SetBoolean(DFSConfigKeys.DfsNamenodeDelegationTokenAlwaysUseKey, true);
MiniDFSCluster cluster = null;
WebHdfsFileSystem fs = null;
try
{
cluster = new MiniDFSCluster.Builder(conf).NnTopology(topo).NumDataNodes(0).Build
();
HATestUtil.SetFailoverConfigurations(cluster, conf, LogicalName);
cluster.WaitActive();
fs = Org.Mockito.Mockito.Spy((WebHdfsFileSystem)FileSystem.Get(WebhdfsUri, conf));
FileSystemTestHelper.AddFileSystemForTesting(WebhdfsUri, conf, fs);
cluster.TransitionToActive(0);
Org.Apache.Hadoop.Security.Token.Token <object> token = ((Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>)fs.GetDelegationToken(null));
cluster.ShutdownNameNode(0);
cluster.TransitionToActive(1);
token.Renew(conf);
token.Cancel(conf);
Org.Mockito.Mockito.Verify(fs).RenewDelegationToken(token);
Org.Mockito.Mockito.Verify(fs).CancelDelegationToken(token);
}
finally
{
IOUtils.Cleanup(null, fs);
if (cluster != null)
{
cluster.Shutdown();
}
}
}
/// <exception cref="System.IO.IOException"/>
public override TokenIdent CancelToken(Org.Apache.Hadoop.Security.Token.Token <TokenIdent
> token, string canceller)
{
lock (this)
{
ByteArrayInputStream buf = new ByteArrayInputStream(token.GetIdentifier());
DataInputStream @in = new DataInputStream(buf);
TokenIdent id = CreateIdentifier();
id.ReadFields(@in);
try
{
if (!currentTokens.Contains(id))
{
// See if token can be retrieved and placed in currentTokens
GetTokenInfo(id);
}
return(base.CancelToken(token, canceller));
}
catch (Exception e)
{
Log.Error("Exception while checking if token exist !!", e);
return(id);
}
}
}
/// <summary>Clone a token.</summary>
/// <param name="other">the token to clone</param>
public Token(Org.Apache.Hadoop.Security.Token.Token <T> other)
{
this.identifier = other.identifier;
this.password = other.password;
this.kind = other.kind;
this.service = other.service;
}
// Test the DT mast key in the state-store when the mast key is being rolled.
/// <exception cref="System.Exception"/>
public virtual void TestRMDTMasterKeyStateOnRollingMasterKey()
{
MemoryRMStateStore memStore = new MemoryRMStateStore();
memStore.Init(conf);
RMStateStore.RMState rmState = memStore.GetState();
IDictionary <RMDelegationTokenIdentifier, long> rmDTState = rmState.GetRMDTSecretManagerState
().GetTokenState();
ICollection <DelegationKey> rmDTMasterKeyState = rmState.GetRMDTSecretManagerState
().GetMasterKeyState();
MockRM rm1 = new TestRMDelegationTokens.MyMockRM(this, conf, memStore);
rm1.Start();
// on rm start, two master keys are created.
// One is created at RMDTSecretMgr.startThreads.updateCurrentKey();
// the other is created on the first run of
// tokenRemoverThread.rollMasterKey()
RMDelegationTokenSecretManager dtSecretManager = rm1.GetRMContext().GetRMDelegationTokenSecretManager
();
// assert all master keys are saved
NUnit.Framework.Assert.AreEqual(dtSecretManager.GetAllMasterKeys(), rmDTMasterKeyState
);
ICollection <DelegationKey> expiringKeys = new HashSet <DelegationKey>();
Sharpen.Collections.AddAll(expiringKeys, dtSecretManager.GetAllMasterKeys());
// request to generate a RMDelegationToken
GetDelegationTokenRequest request = Org.Mockito.Mockito.Mock <GetDelegationTokenRequest
>();
Org.Mockito.Mockito.When(request.GetRenewer()).ThenReturn("renewer1");
GetDelegationTokenResponse response = rm1.GetClientRMService().GetDelegationToken
(request);
Org.Apache.Hadoop.Yarn.Api.Records.Token delegationToken = response.GetRMDelegationToken
();
Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier> token1 = ConverterUtils
.ConvertFromYarn(delegationToken, (Text)null);
RMDelegationTokenIdentifier dtId1 = token1.DecodeIdentifier();
// For all keys that still remain in memory, we should have them stored
// in state-store also.
while (((TestRMDelegationTokens.TestRMDelegationTokenSecretManager)dtSecretManager
).numUpdatedKeys.Get() < 3)
{
((TestRMDelegationTokens.TestRMDelegationTokenSecretManager)dtSecretManager).CheckCurrentKeyInStateStore
(rmDTMasterKeyState);
Sharpen.Thread.Sleep(100);
}
// wait for token to expire and remove from state-store
// rollMasterKey is called every 1 second.
int count = 0;
while (rmDTState.Contains(dtId1) && count < 100)
{
Sharpen.Thread.Sleep(100);
count++;
}
rm1.Stop();
}
/// <exception cref="System.IO.IOException"/>
public override void WriteBlock(ExtendedBlock blk, StorageType storageType, Org.Apache.Hadoop.Security.Token.Token
<BlockTokenIdentifier> blockToken, string clientName, DatanodeInfo[] targets, StorageType
[] targetStorageTypes, DatanodeInfo source, BlockConstructionStage stage, int pipelineSize
, long minBytesRcvd, long maxBytesRcvd, long latestGenerationStamp, DataChecksum
requestedChecksum, CachingStrategy cachingStrategy, bool allowLazyPersist, bool
pinning, bool[] targetPinnings)
{
DataTransferProtos.ClientOperationHeaderProto header = DataTransferProtoUtil.BuildClientHeader
(blk, clientName, blockToken);
DataTransferProtos.ChecksumProto checksumProto = DataTransferProtoUtil.ToProto(requestedChecksum
);
DataTransferProtos.OpWriteBlockProto.Builder proto = DataTransferProtos.OpWriteBlockProto
.NewBuilder().SetHeader(header).SetStorageType(PBHelper.ConvertStorageType(storageType
)).AddAllTargets(PBHelper.Convert(targets, 1)).AddAllTargetStorageTypes(PBHelper
.ConvertStorageTypes(targetStorageTypes, 1)).SetStage(DataTransferProtoUtil.ToProto
(stage)).SetPipelineSize(pipelineSize).SetMinBytesRcvd(minBytesRcvd).SetMaxBytesRcvd
(maxBytesRcvd).SetLatestGenerationStamp(latestGenerationStamp).SetRequestedChecksum
(checksumProto).SetCachingStrategy(GetCachingStrategy(cachingStrategy)).SetAllowLazyPersist
(allowLazyPersist).SetPinning(pinning).AddAllTargetPinnings(PBHelper.Convert(targetPinnings
, 1));
if (source != null)
{
proto.SetSource(PBHelper.ConvertDatanodeInfo(source));
}
Send(@out, OP.WriteBlock, ((DataTransferProtos.OpWriteBlockProto)proto.Build()));
}
public virtual void TestAddRemoveRenewAction()
{
Text service = new Text("myservice");
Configuration conf = Org.Mockito.Mockito.Mock <Configuration>();
Org.Apache.Hadoop.Security.Token.Token <object> token = Org.Mockito.Mockito.Mock <Org.Apache.Hadoop.Security.Token.Token
>();
Org.Mockito.Mockito.DoReturn(service).When(token).GetService();
Org.Mockito.Mockito.DoAnswer(new _Answer_61()).When(token).Renew(Any <Configuration
>());
TestDelegationTokenRenewer.RenewableFileSystem fs = Org.Mockito.Mockito.Mock <TestDelegationTokenRenewer.RenewableFileSystem
>();
Org.Mockito.Mockito.DoReturn(conf).When(fs).GetConf();
Org.Mockito.Mockito.DoReturn(token).When(fs).GetRenewToken();
renewer.AddRenewAction(fs);
Assert.Equal("FileSystem not added to DelegationTokenRenewer",
1, renewer.GetRenewQueueLength());
Thread.Sleep(RenewCycle * 2);
Org.Mockito.Mockito.Verify(token, Org.Mockito.Mockito.AtLeast(2)).Renew(Eq(conf));
Org.Mockito.Mockito.Verify(token, Org.Mockito.Mockito.AtMost(3)).Renew(Eq(conf));
Org.Mockito.Mockito.Verify(token, Org.Mockito.Mockito.Never()).Cancel(Any <Configuration
>());
renewer.RemoveRenewAction(fs);
Org.Mockito.Mockito.Verify(token).Cancel(Eq(conf));
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).GetDelegationToken(null
);
Org.Mockito.Mockito.Verify(fs, Org.Mockito.Mockito.Never()).SetDelegationToken(Any
<Org.Apache.Hadoop.Security.Token.Token>());
Assert.Equal("FileSystem not removed from DelegationTokenRenewer"
, 0, renewer.GetRenewQueueLength());
}
public virtual void TestStopRenewalWhenFsGone()
{
Configuration conf = Org.Mockito.Mockito.Mock <Configuration>();
Org.Apache.Hadoop.Security.Token.Token <object> token = Org.Mockito.Mockito.Mock <Org.Apache.Hadoop.Security.Token.Token
>();
Org.Mockito.Mockito.DoReturn(new Text("myservice")).When(token).GetService();
Org.Mockito.Mockito.DoAnswer(new _Answer_157()).When(token).Renew(Any <Configuration
>());
TestDelegationTokenRenewer.RenewableFileSystem fs = Org.Mockito.Mockito.Mock <TestDelegationTokenRenewer.RenewableFileSystem
>();
Org.Mockito.Mockito.DoReturn(conf).When(fs).GetConf();
Org.Mockito.Mockito.DoReturn(token).When(fs).GetRenewToken();
renewer.AddRenewAction(fs);
Assert.Equal(1, renewer.GetRenewQueueLength());
Thread.Sleep(RenewCycle);
Org.Mockito.Mockito.Verify(token, Org.Mockito.Mockito.AtLeast(1)).Renew(Eq(conf));
Org.Mockito.Mockito.Verify(token, Org.Mockito.Mockito.AtMost(2)).Renew(Eq(conf));
// drop weak ref
fs = null;
System.GC.Collect();
System.GC.Collect();
System.GC.Collect();
// next renew should detect the fs as gone
Thread.Sleep(RenewCycle);
Org.Mockito.Mockito.Verify(token, Org.Mockito.Mockito.AtLeast(1)).Renew(Eq(conf));
Org.Mockito.Mockito.Verify(token, Org.Mockito.Mockito.AtMost(2)).Renew(Eq(conf));
Assert.Equal(0, renewer.GetRenewQueueLength());
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="System.Exception"/>
public virtual void TestMultipleTokensDoNotDeadlock()
{
Configuration conf = Org.Mockito.Mockito.Mock <Configuration>();
FileSystem fs = Org.Mockito.Mockito.Mock <FileSystem>();
Org.Mockito.Mockito.DoReturn(conf).When(fs).GetConf();
long distantFuture = Time.Now() + 3600 * 1000;
// 1h
Org.Apache.Hadoop.Security.Token.Token <object> token1 = Org.Mockito.Mockito.Mock <
Org.Apache.Hadoop.Security.Token.Token>();
Org.Mockito.Mockito.DoReturn(new Text("myservice1")).When(token1).GetService();
Org.Mockito.Mockito.DoReturn(distantFuture).When(token1).Renew(Eq(conf));
Org.Apache.Hadoop.Security.Token.Token <object> token2 = Org.Mockito.Mockito.Mock <
Org.Apache.Hadoop.Security.Token.Token>();
Org.Mockito.Mockito.DoReturn(new Text("myservice2")).When(token2).GetService();
Org.Mockito.Mockito.DoReturn(distantFuture).When(token2).Renew(Eq(conf));
TestDelegationTokenRenewer.RenewableFileSystem fs1 = Org.Mockito.Mockito.Mock <TestDelegationTokenRenewer.RenewableFileSystem
>();
Org.Mockito.Mockito.DoReturn(conf).When(fs1).GetConf();
Org.Mockito.Mockito.DoReturn(token1).When(fs1).GetRenewToken();
TestDelegationTokenRenewer.RenewableFileSystem fs2 = Org.Mockito.Mockito.Mock <TestDelegationTokenRenewer.RenewableFileSystem
>();
Org.Mockito.Mockito.DoReturn(conf).When(fs2).GetConf();
Org.Mockito.Mockito.DoReturn(token2).When(fs2).GetRenewToken();
renewer.AddRenewAction(fs1);
renewer.AddRenewAction(fs2);
Assert.Equal(2, renewer.GetRenewQueueLength());
renewer.RemoveRenewAction(fs1);
Assert.Equal(1, renewer.GetRenewQueueLength());
renewer.RemoveRenewAction(fs2);
Assert.Equal(0, renewer.GetRenewQueueLength());
Org.Mockito.Mockito.Verify(token1).Cancel(Eq(conf));
Org.Mockito.Mockito.Verify(token2).Cancel(Eq(conf));
}
public virtual void TestNodeHeartBeatResponse()
{
NodeHeartbeatResponse record = Org.Apache.Hadoop.Yarn.Util.Records.NewRecord <NodeHeartbeatResponse
>();
IDictionary <ApplicationId, ByteBuffer> appCredentials = new Dictionary <ApplicationId
, ByteBuffer>();
Credentials app1Cred = new Credentials();
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token1 = new Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>();
token1.SetKind(new Text("kind1"));
app1Cred.AddToken(new Text("token1"), token1);
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token2 = new Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>();
token2.SetKind(new Text("kind2"));
app1Cred.AddToken(new Text("token2"), token2);
DataOutputBuffer dob = new DataOutputBuffer();
app1Cred.WriteTokenStorageToStream(dob);
ByteBuffer byteBuffer1 = ByteBuffer.Wrap(dob.GetData(), 0, dob.GetLength());
appCredentials[ApplicationId.NewInstance(1234, 1)] = byteBuffer1;
record.SetSystemCredentialsForApps(appCredentials);
NodeHeartbeatResponse proto = new NodeHeartbeatResponsePBImpl(((NodeHeartbeatResponsePBImpl
)record).GetProto());
NUnit.Framework.Assert.AreEqual(appCredentials, proto.GetSystemCredentialsForApps
());
}
public virtual void TestGetNewTokenOnRenewFailure()
{
Text service = new Text("myservice");
Configuration conf = Org.Mockito.Mockito.Mock <Configuration>();
Org.Apache.Hadoop.Security.Token.Token <object> token1 = Org.Mockito.Mockito.Mock <
Org.Apache.Hadoop.Security.Token.Token>();
Org.Mockito.Mockito.DoReturn(service).When(token1).GetService();
Org.Mockito.Mockito.DoThrow(new IOException("boom")).When(token1).Renew(Eq(conf));
Org.Apache.Hadoop.Security.Token.Token <object> token2 = Org.Mockito.Mockito.Mock <
Org.Apache.Hadoop.Security.Token.Token>();
Org.Mockito.Mockito.DoReturn(service).When(token2).GetService();
Org.Mockito.Mockito.DoAnswer(new _Answer_117()).When(token2).Renew(Eq(conf));
TestDelegationTokenRenewer.RenewableFileSystem fs = Org.Mockito.Mockito.Mock <TestDelegationTokenRenewer.RenewableFileSystem
>();
Org.Mockito.Mockito.DoReturn(conf).When(fs).GetConf();
Org.Mockito.Mockito.DoReturn(token1).DoReturn(token2).When(fs).GetRenewToken();
Org.Mockito.Mockito.DoReturn(token2).When(fs).GetDelegationToken(null);
Org.Mockito.Mockito.DoAnswer(new _Answer_128(token2)).When(fs).AddDelegationTokens
(null, null);
renewer.AddRenewAction(fs);
Assert.Equal(1, renewer.GetRenewQueueLength());
Thread.Sleep(RenewCycle);
Org.Mockito.Mockito.Verify(fs).GetRenewToken();
Org.Mockito.Mockito.Verify(token1, Org.Mockito.Mockito.AtLeast(1)).Renew(Eq(conf)
);
Org.Mockito.Mockito.Verify(token1, Org.Mockito.Mockito.AtMost(2)).Renew(Eq(conf));
Org.Mockito.Mockito.Verify(fs).AddDelegationTokens(null, null);
Org.Mockito.Mockito.Verify(fs).SetDelegationToken(Eq(token2));
Assert.Equal(1, renewer.GetRenewQueueLength());
renewer.RemoveRenewAction(fs);
Org.Mockito.Mockito.Verify(token2).Cancel(Eq(conf));
Assert.Equal(0, renewer.GetRenewQueueLength());
}
private void AddJobToken(JobID jobId, string user, Org.Apache.Hadoop.Security.Token.Token
<JobTokenIdentifier> jobToken)
{
userRsrc[jobId.ToString()] = user;
secretManager.AddTokenForJob(jobId.ToString(), jobToken);
Log.Info("Added token for " + jobId.ToString());
}
/// <exception cref="System.IO.IOException"/>
public virtual GetDelegationTokenResponse GetDelegationToken(GetDelegationTokenRequest
request)
{
UserGroupInformation ugi = UserGroupInformation.GetCurrentUser();
// Verify that the connection is kerberos authenticated
if (!this.IsAllowedDelegationTokenOp())
{
throw new IOException("Delegation Token can be issued only with kerberos authentication"
);
}
GetDelegationTokenResponse response = this.recordFactory.NewRecordInstance <GetDelegationTokenResponse
>();
string user = ugi.GetUserName();
Text owner = new Text(user);
Text realUser = null;
if (ugi.GetRealUser() != null)
{
realUser = new Text(ugi.GetRealUser().GetUserName());
}
MRDelegationTokenIdentifier tokenIdentifier = new MRDelegationTokenIdentifier(owner
, new Text(request.GetRenewer()), realUser);
Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier> realJHSToken =
new Org.Apache.Hadoop.Security.Token.Token <MRDelegationTokenIdentifier>(tokenIdentifier
, this._enclosing.jhsDTSecretManager);
Org.Apache.Hadoop.Yarn.Api.Records.Token mrDToken = Org.Apache.Hadoop.Yarn.Api.Records.Token
.NewInstance(realJHSToken.GetIdentifier(), realJHSToken.GetKind().ToString(), realJHSToken
.GetPassword(), realJHSToken.GetService().ToString());
response.SetDelegationToken(mrDToken);
return(response);
}
public _PrivilegedExceptionAction_333(TestDelegationToken.TestDelegationTokenSecretManager
dtSecretManager, Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> token)
{
this.dtSecretManager = dtSecretManager;
this.token = token;
}
public virtual void TestDelegationTokenSelector()
{
TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
(24 * 60 * 60 * 1000, 10 * 1000, 1 * 1000, 3600000);
try
{
dtSecretManager.StartThreads();
AbstractDelegationTokenSelector ds = new AbstractDelegationTokenSelector <TestDelegationToken.TestDelegationTokenIdentifier
>(Kind);
//Creates a collection of tokens
Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> token1 = GenerateDelegationToken(dtSecretManager, "SomeUser1", "JobTracker");
token1.SetService(new Text("MY-SERVICE1"));
Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> token2 = GenerateDelegationToken(dtSecretManager, "SomeUser2", "JobTracker");
token2.SetService(new Text("MY-SERVICE2"));
IList <Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> > tokens = new AList <Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> >();
tokens.AddItem(token1);
tokens.AddItem(token2);
//try to select a token with a given service name (created earlier)
Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> t = ds.SelectToken(new Text("MY-SERVICE1"), tokens);
Assert.Equal(t, token1);
}
finally
{
dtSecretManager.StopThreads();
}
}
public virtual void TestTokenBySuperUser()
{
TestSaslRPC.TestTokenSecretManager sm = new TestSaslRPC.TestTokenSecretManager();
Configuration newConf = new Configuration(masterConf);
SecurityUtil.SetAuthenticationMethod(UserGroupInformation.AuthenticationMethod.Kerberos
, newConf);
UserGroupInformation.SetConfiguration(newConf);
Server server = new RPC.Builder(newConf).SetProtocol(typeof(TestDoAsEffectiveUser.TestProtocol
)).SetInstance(new TestDoAsEffectiveUser.TestImpl(this)).SetBindAddress(Address)
.SetPort(0).SetNumHandlers(5).SetVerbose(true).SetSecretManager(sm).Build();
server.Start();
UserGroupInformation current = UserGroupInformation.CreateUserForTesting(RealUserName
, GroupNames);
RefreshConf(newConf);
IPEndPoint addr = NetUtils.GetConnectAddress(server);
TestSaslRPC.TestTokenIdentifier tokenId = new TestSaslRPC.TestTokenIdentifier(new
Org.Apache.Hadoop.IO.Text(current.GetUserName()), new Org.Apache.Hadoop.IO.Text(
"SomeSuperUser"));
Org.Apache.Hadoop.Security.Token.Token <TestSaslRPC.TestTokenIdentifier> token = new
Org.Apache.Hadoop.Security.Token.Token <TestSaslRPC.TestTokenIdentifier>(tokenId,
sm);
SecurityUtil.SetTokenService(token, addr);
current.AddToken(token);
string retVal = current.DoAs(new _PrivilegedExceptionAction_509(this, addr, newConf
, server));
string expected = RealUserName + " (auth:TOKEN) via SomeSuperUser (auth:SIMPLE)";
Assert.Equal(retVal + "!=" + expected, expected, retVal);
}
/// <exception cref="System.IO.IOException"/>
public virtual void CancelToken <_T0>(Org.Apache.Hadoop.Security.Token.Token <_T0>
token, string canceler)
where _T0 : AbstractDelegationTokenIdentifier
{
canceler = (canceler != null) ? canceler : VerifyToken(token).GetShortUserName();
secretManager.CancelToken(token, canceler);
}
/// <exception cref="System.IO.IOException"/>
private BlockReaderLocalLegacy(DFSClient.Conf conf, string hdfsfile, ExtendedBlock
block, Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> token, long
startOffset, long length, BlockLocalPathInfo pathinfo, FileInputStream dataIn)
: this(conf, hdfsfile, block, token, startOffset, length, pathinfo, DataChecksum.
NewDataChecksum(DataChecksum.Type.Null, 4), false, dataIn, startOffset, null)
{
}
/// <exception cref="System.IO.IOException"/>
internal static DataInputBuffer CreateFakeCredentials(Random r, int nTok)
{
Credentials creds = new Credentials();
byte[] password = new byte[20];
Text kind = new Text();
Text service = new Text();
Text alias = new Text();
for (int i = 0; i < nTok; ++i)
{
byte[] identifier = Sharpen.Runtime.GetBytesForString(("idef" + i));
r.NextBytes(password);
kind.Set("kind" + i);
service.Set("service" + i);
alias.Set("token" + i);
Org.Apache.Hadoop.Security.Token.Token token = new Org.Apache.Hadoop.Security.Token.Token
(identifier, password, kind, service);
creds.AddToken(alias, token);
}
DataOutputBuffer buf = new DataOutputBuffer();
creds.WriteTokenStorageToStream(buf);
DataInputBuffer ret = new DataInputBuffer();
ret.Reset(buf.GetData(), 0, buf.GetLength());
return(ret);
}
/// <summary>Test that delegation tokens continue to work after the failover.</summary>
/// <exception cref="System.IO.IOException"/>
public virtual void TestDelegationTokensAfterFailover()
{
Configuration conf = new Configuration();
conf.SetBoolean(DFSConfigKeys.DfsNamenodeDelegationTokenAlwaysUseKey, true);
MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).NnTopology(MiniDFSNNTopology
.SimpleHATopology()).NumDataNodes(0).Build();
try
{
cluster.WaitActive();
cluster.TransitionToActive(0);
NameNode nn1 = cluster.GetNameNode(0);
NameNode nn2 = cluster.GetNameNode(1);
string renewer = UserGroupInformation.GetLoginUser().GetUserName();
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = nn1.GetRpcServer
().GetDelegationToken(new Text(renewer));
Log.Info("Failing over to NN 1");
cluster.TransitionToStandby(0);
cluster.TransitionToActive(1);
nn2.GetRpcServer().RenewDelegationToken(token);
nn2.GetRpcServer().CancelDelegationToken(token);
token = nn2.GetRpcServer().GetDelegationToken(new Text(renewer));
NUnit.Framework.Assert.IsTrue(token != null);
}
finally
{
cluster.Shutdown();
}
}
public virtual void TestJobTokenRpc()
{
TaskUmbilicalProtocol mockTT = Org.Mockito.Mockito.Mock <TaskUmbilicalProtocol>();
Org.Mockito.Mockito.DoReturn(TaskUmbilicalProtocol.versionID).When(mockTT).GetProtocolVersion
(Matchers.AnyString(), Matchers.AnyLong());
Org.Mockito.Mockito.DoReturn(ProtocolSignature.GetProtocolSignature(mockTT, typeof(
TaskUmbilicalProtocol).FullName, TaskUmbilicalProtocol.versionID, 0)).When(mockTT
).GetProtocolSignature(Matchers.AnyString(), Matchers.AnyLong(), Matchers.AnyInt
());
JobTokenSecretManager sm = new JobTokenSecretManager();
Server server = new RPC.Builder(conf).SetProtocol(typeof(TaskUmbilicalProtocol)).
SetInstance(mockTT).SetBindAddress(Address).SetPort(0).SetNumHandlers(5).SetVerbose
(true).SetSecretManager(sm).Build();
server.Start();
UserGroupInformation current = UserGroupInformation.GetCurrentUser();
IPEndPoint addr = NetUtils.GetConnectAddress(server);
string jobId = current.GetUserName();
JobTokenIdentifier tokenId = new JobTokenIdentifier(new Text(jobId));
Org.Apache.Hadoop.Security.Token.Token <JobTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token
<JobTokenIdentifier>(tokenId, sm);
sm.AddTokenForJob(jobId, token);
SecurityUtil.SetTokenService(token, addr);
Log.Info("Service address for token is " + token.GetService());
current.AddToken(token);
current.DoAs(new _PrivilegedExceptionAction_110(addr, server));
}
/// <exception cref="System.IO.IOException"/>
private static UserGroupInformation GetTokenUGI(ServletContext context, HttpServletRequest
request, string tokenString, Configuration conf)
{
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>();
token.DecodeFromUrlString(tokenString);
IPEndPoint serviceAddress = GetNNServiceAddress(context, request);
if (serviceAddress != null)
{
SecurityUtil.SetTokenService(token, serviceAddress);
token.SetKind(DelegationTokenIdentifier.HdfsDelegationKind);
}
ByteArrayInputStream buf = new ByteArrayInputStream(token.GetIdentifier());
DataInputStream @in = new DataInputStream(buf);
DelegationTokenIdentifier id = new DelegationTokenIdentifier();
id.ReadFields(@in);
if (context != null)
{
NameNode nn = NameNodeHttpServer.GetNameNodeFromContext(context);
if (nn != null)
{
// Verify the token.
nn.GetNamesystem().VerifyToken(id, token.GetPassword());
}
}
UserGroupInformation ugi = id.GetUser();
ugi.AddToken(token);
return(ugi);
}
public virtual void TestDTManager()
{
Configuration conf = new Configuration(false);
conf.SetLong(DelegationTokenManager.UpdateInterval, DayInSecs);
conf.SetLong(DelegationTokenManager.MaxLifetime, DayInSecs);
conf.SetLong(DelegationTokenManager.RenewInterval, DayInSecs);
conf.SetLong(DelegationTokenManager.RemovalScanInterval, DayInSecs);
conf.GetBoolean(DelegationTokenManager.EnableZkKey, enableZKKey);
DelegationTokenManager tm = new DelegationTokenManager(conf, new Text("foo"));
tm.Init();
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = (Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>)tm.CreateToken(UserGroupInformation.GetCurrentUser()
, "foo");
NUnit.Framework.Assert.IsNotNull(token);
tm.VerifyToken(token);
Assert.True(tm.RenewToken(token, "foo") > Runtime.CurrentTimeMillis
());
tm.CancelToken(token, "foo");
try
{
tm.VerifyToken(token);
NUnit.Framework.Assert.Fail();
}
catch (IOException)
{
}
catch (Exception)
{
//NOP
NUnit.Framework.Assert.Fail();
}
tm.Destroy();
}
/// <summary>
/// A helper function to serialize the JobTokenIdentifier to be sent to the
/// ShuffleHandler as ServiceData.
/// </summary>
/// <param name="jobToken">
/// the job token to be used for authentication of
/// shuffle data requests.
/// </param>
/// <returns>the serialized version of the jobToken.</returns>
/// <exception cref="System.IO.IOException"/>
public static ByteBuffer SerializeServiceData(Org.Apache.Hadoop.Security.Token.Token
<JobTokenIdentifier> jobToken)
{
//TODO these bytes should be versioned
DataOutputBuffer jobToken_dob = new DataOutputBuffer();
jobToken.Write(jobToken_dob);
return ByteBuffer.Wrap(jobToken_dob.GetData(), 0, jobToken_dob.GetLength());
}
/// <exception cref="System.IO.IOException"/>
public override void BlockChecksum(ExtendedBlock blk, Org.Apache.Hadoop.Security.Token.Token
<BlockTokenIdentifier> blockToken)
{
DataTransferProtos.OpBlockChecksumProto proto = ((DataTransferProtos.OpBlockChecksumProto
)DataTransferProtos.OpBlockChecksumProto.NewBuilder().SetHeader(DataTransferProtoUtil
.BuildBaseHeader(blk, blockToken)).Build());
Send(@out, OP.BlockChecksum, proto);
}
