public virtual void TestSerialization()
{
TestDelegationToken.TestDelegationTokenIdentifier origToken = new TestDelegationToken.TestDelegationTokenIdentifier
(new Text("alice"), new Text("bob"), new Text("colin"));
TestDelegationToken.TestDelegationTokenIdentifier newToken = new TestDelegationToken.TestDelegationTokenIdentifier
();
origToken.SetIssueDate(123);
origToken.SetMasterKeyId(321);
origToken.SetMaxDate(314);
origToken.SetSequenceNumber(12345);
// clone origToken into newToken
DataInputBuffer inBuf = new DataInputBuffer();
DataOutputBuffer outBuf = new DataOutputBuffer();
origToken.Write(outBuf);
inBuf.Reset(outBuf.GetData(), 0, outBuf.GetLength());
newToken.ReadFields(inBuf);
// now test the fields
Assert.Equal("alice", newToken.GetUser().GetUserName());
Assert.Equal(new Text("bob"), newToken.GetRenewer());
Assert.Equal("colin", newToken.GetUser().GetRealUser().GetUserName
());
Assert.Equal(123, newToken.GetIssueDate());
Assert.Equal(321, newToken.GetMasterKeyId());
Assert.Equal(314, newToken.GetMaxDate());
Assert.Equal(12345, newToken.GetSequenceNumber());
Assert.Equal(origToken, newToken);
}
public virtual void TestDelegationTokenSecretManager()
{
TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
(24 * 60 * 60 * 1000, 3 * 1000, 1 * 1000, 3600000);
try
{
dtSecretManager.StartThreads();
Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> token = GenerateDelegationToken(dtSecretManager, "SomeUser", "JobTracker");
Assert.True(dtSecretManager.isStoreNewTokenCalled);
// Fake renewer should not be able to renew
ShouldThrow(new _PrivilegedExceptionAction_272(dtSecretManager, token), typeof(AccessControlException
));
long time = dtSecretManager.RenewToken(token, "JobTracker");
Assert.True(dtSecretManager.isUpdateStoredTokenCalled);
Assert.True("renew time is in future", time > Time.Now());
TestDelegationToken.TestDelegationTokenIdentifier identifier = new TestDelegationToken.TestDelegationTokenIdentifier
();
byte[] tokenId = token.GetIdentifier();
identifier.ReadFields(new DataInputStream(new ByteArrayInputStream(tokenId)));
Assert.True(null != dtSecretManager.RetrievePassword(identifier
));
Log.Info("Sleep to expire the token");
Thread.Sleep(2000);
//Token should be expired
try
{
dtSecretManager.RetrievePassword(identifier);
//Should not come here
NUnit.Framework.Assert.Fail("Token should have expired");
}
catch (SecretManager.InvalidToken)
{
}
//Success
dtSecretManager.RenewToken(token, "JobTracker");
Log.Info("Sleep beyond the max lifetime");
Thread.Sleep(2000);
ShouldThrow(new _PrivilegedExceptionAction_302(dtSecretManager, token), typeof(SecretManager.InvalidToken
));
}
finally
{
dtSecretManager.StopThreads();
}
}
/// <exception cref="System.Exception"/>
public virtual void TestRollMasterKey()
{
TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
(800, 800, 1 * 1000, 3600000);
try
{
dtSecretManager.StartThreads();
//generate a token and store the password
Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> token = GenerateDelegationToken(dtSecretManager, "SomeUser", "JobTracker");
byte[] oldPasswd = token.GetPassword();
//store the length of the keys list
int prevNumKeys = dtSecretManager.GetAllKeys().Length;
dtSecretManager.RollMasterKey();
Assert.True(dtSecretManager.isStoreNewMasterKeyCalled);
//after rolling, the length of the keys list must increase
int currNumKeys = dtSecretManager.GetAllKeys().Length;
Assert.Equal((currNumKeys - prevNumKeys) >= 1, true);
//after rolling, the token that was generated earlier must
//still be valid (retrievePassword will fail if the token
//is not valid)
ByteArrayInputStream bi = new ByteArrayInputStream(token.GetIdentifier());
TestDelegationToken.TestDelegationTokenIdentifier identifier = dtSecretManager.CreateIdentifier
();
identifier.ReadFields(new DataInputStream(bi));
byte[] newPasswd = dtSecretManager.RetrievePassword(identifier);
//compare the passwords
Assert.Equal(oldPasswd, newPasswd);
// wait for keys to expire
while (!dtSecretManager.isRemoveStoredMasterKeyCalled)
{
Thread.Sleep(200);
}
}
finally
{
dtSecretManager.StopThreads();
}
}
//PASS
/// <exception cref="System.IO.IOException"/>
private bool TestDelegationTokenIdentiferSerializationRoundTrip(Text owner, Text
renewer, Text realUser)
{
TestDelegationToken.TestDelegationTokenIdentifier dtid = new TestDelegationToken.TestDelegationTokenIdentifier
(owner, renewer, realUser);
DataOutputBuffer @out = new DataOutputBuffer();
dtid.WriteImpl(@out);
DataInputBuffer @in = new DataInputBuffer();
@in.Reset(@out.GetData(), @out.GetLength());
try
{
TestDelegationToken.TestDelegationTokenIdentifier dtid2 = new TestDelegationToken.TestDelegationTokenIdentifier
();
dtid2.ReadFields(@in);
Assert.True(dtid.Equals(dtid2));
return(true);
}
catch (IOException)
{
return(false);
}
}
