protected internal override byte[] CreatePassword(TokenIdent identifier)
{
lock (this)
{
int sequenceNum;
long now = Time.Now();
sequenceNum = IncrementDelegationTokenSeqNum();
identifier.SetIssueDate(now);
identifier.SetMaxDate(now + tokenMaxLifetime);
identifier.SetMasterKeyId(currentKey.GetKeyId());
identifier.SetSequenceNumber(sequenceNum);
Log.Info("Creating password for identifier: " + identifier + ", currentKey: " + currentKey
.GetKeyId());
byte[] password = CreatePassword(identifier.GetBytes(), currentKey.GetKey());
AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfo = new AbstractDelegationTokenSecretManager.DelegationTokenInformation
(now + tokenRenewInterval, password, GetTrackingIdIfEnabled(identifier));
try
{
StoreToken(identifier, tokenInfo);
}
catch (IOException ioe)
{
Log.Error("Could not store token !!", ioe);
}
return(password);
}
}
/// <summary>
/// This method is intended to be used for recovering persisted delegation
/// tokens
/// This method must be called before this secret manager is activated (before
/// startThreads() is called)
/// </summary>
/// <param name="identifier">identifier read from persistent storage</param>
/// <param name="renewDate">token renew time</param>
/// <exception cref="System.IO.IOException"/>
public virtual void AddPersistedDelegationToken(TokenIdent identifier, long renewDate
)
{
lock (this)
{
if (running)
{
// a safety check
throw new IOException("Can't add persisted delegation token to a running SecretManager."
);
}
int keyId = identifier.GetMasterKeyId();
DelegationKey dKey = allKeys[keyId];
if (dKey == null)
{
Log.Warn("No KEY found for persisted identifier " + identifier.ToString());
return;
}
byte[] password = CreatePassword(identifier.GetBytes(), dKey.GetKey());
if (identifier.GetSequenceNumber() > GetDelegationTokenSeqNum())
{
SetDelegationTokenSeqNum(identifier.GetSequenceNumber());
}
if (GetTokenInfo(identifier) == null)
{
currentTokens[identifier] = new AbstractDelegationTokenSecretManager.DelegationTokenInformation
(renewDate, password, GetTrackingIdIfEnabled(identifier));
}
else
{
throw new IOException("Same delegation token being added twice.");
}
}
}
/// <summary>Renew a delegation token.</summary>
/// <param name="token">the token to renew</param>
/// <param name="renewer">the full principal name of the user doing the renewal</param>
/// <returns>the new expiration time</returns>
/// <exception cref="Org.Apache.Hadoop.Security.Token.SecretManager.InvalidToken">if the token is invalid
/// </exception>
/// <exception cref="Org.Apache.Hadoop.Security.AccessControlException">if the user can't renew token
/// </exception>
/// <exception cref="System.IO.IOException"/>
public virtual long RenewToken(Org.Apache.Hadoop.Security.Token.Token <TokenIdent>
token, string renewer)
{
lock (this)
{
ByteArrayInputStream buf = new ByteArrayInputStream(token.GetIdentifier());
DataInputStream @in = new DataInputStream(buf);
TokenIdent id = CreateIdentifier();
id.ReadFields(@in);
Log.Info("Token renewal for identifier: " + id + "; total currentTokens " + currentTokens
.Count);
long now = Time.Now();
if (id.GetMaxDate() < now)
{
throw new SecretManager.InvalidToken(renewer + " tried to renew an expired token"
);
}
if ((id.GetRenewer() == null) || (id.GetRenewer().ToString().IsEmpty()))
{
throw new AccessControlException(renewer + " tried to renew a token without a renewer"
);
}
if (!id.GetRenewer().ToString().Equals(renewer))
{
throw new AccessControlException(renewer + " tries to renew a token with renewer "
+ id.GetRenewer());
}
DelegationKey key = GetDelegationKey(id.GetMasterKeyId());
if (key == null)
{
throw new SecretManager.InvalidToken("Unable to find master key for keyId=" + id.
GetMasterKeyId() + " from cache. Failed to renew an unexpired token" + " with sequenceNumber="
+ id.GetSequenceNumber());
}
byte[] password = CreatePassword(token.GetIdentifier(), key.GetKey());
if (!Arrays.Equals(password, token.GetPassword()))
{
throw new AccessControlException(renewer + " is trying to renew a token with wrong password"
);
}
long renewTime = Math.Min(id.GetMaxDate(), now + tokenRenewInterval);
string trackingId = GetTrackingIdIfEnabled(id);
AbstractDelegationTokenSecretManager.DelegationTokenInformation info = new AbstractDelegationTokenSecretManager.DelegationTokenInformation
(renewTime, password, trackingId);
if (GetTokenInfo(id) == null)
{
throw new SecretManager.InvalidToken("Renewal request for unknown token");
}
UpdateToken(id, info);
return(renewTime);
}
}
public virtual byte[] CreatePassword(TestDelegationToken.TestDelegationTokenIdentifier
t, DelegationKey key)
{
return(SecretManager.CreatePassword(t.GetBytes(), key.GetKey()));
}