public _PrivilegedExceptionAction_135(DelegationTokenAuthenticatedURL aUrl, Uri url1
, DelegationTokenAuthenticatedURL.Token token)
{
this.aUrl = aUrl;
this.url1 = url1;
this.token = token;
}
/// <exception cref="System.Exception"/>
public HttpURLConnection Run()
{
DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(this
._enclosing.configurator);
return(authUrl.OpenConnection(url, this._enclosing.authToken, doAsUser));
}
Run()
{
DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(this
._enclosing.authenticator, this._enclosing.connConfigurator);
return((Org.Apache.Hadoop.Security.Token.Token)authUrl.GetDelegationToken(this._enclosing
.resURI.ToURL(), this._enclosing.token, renewer, this._enclosing.doAsUser));
}
public _PrivilegedExceptionAction_870(DelegationTokenAuthenticatedURL authUrl, Uri
url, string renewer, string doAsUser)
{
this.authUrl = authUrl;
this.url = url;
this.renewer = renewer;
this.doAsUser = doAsUser;
}
public virtual void TestMultipleKMSInstancesWithZKSigner()
{
FilePath testDir = TestKMS.GetTestDir();
Configuration conf = CreateBaseKMSConf(testDir);
TestingServer zkServer = new TestingServer();
zkServer.Start();
MiniKMS kms1 = null;
MiniKMS kms2 = null;
conf.Set(KMSAuthenticationFilter.ConfigPrefix + AuthenticationFilter.SignerSecretProvider
, "zookeeper");
conf.Set(KMSAuthenticationFilter.ConfigPrefix + ZKSignerSecretProvider.ZookeeperConnectionString
, zkServer.GetConnectString());
conf.Set(KMSAuthenticationFilter.ConfigPrefix + ZKSignerSecretProvider.ZookeeperPath
, "/secret");
TestKMS.WriteConf(testDir, conf);
try
{
kms1 = new MiniKMS.Builder().SetKmsConfDir(testDir).SetLog4jConfFile("log4j.properties"
).Build();
kms1.Start();
kms2 = new MiniKMS.Builder().SetKmsConfDir(testDir).SetLog4jConfFile("log4j.properties"
).Build();
kms2.Start();
Uri url1 = new Uri(kms1.GetKMSUrl().ToExternalForm() + KMSRESTConstants.ServiceVersion
+ "/" + KMSRESTConstants.KeysNamesResource);
Uri url2 = new Uri(kms2.GetKMSUrl().ToExternalForm() + KMSRESTConstants.ServiceVersion
+ "/" + KMSRESTConstants.KeysNamesResource);
DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token
();
DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL();
UserGroupInformation ugiFoo = UserGroupInformation.CreateUserForTesting("foo", new
string[] { "gfoo" });
UserGroupInformation ugiBar = UserGroupInformation.CreateUserForTesting("bar", new
string[] { "gBar" });
ugiFoo.DoAs(new _PrivilegedExceptionAction_135(aUrl, url1, token));
ugiBar.DoAs(new _PrivilegedExceptionAction_145(aUrl, url2, token));
ugiBar.DoAs(new _PrivilegedExceptionAction_155(aUrl, url2));
}
finally
{
if (kms2 != null)
{
kms2.Stop();
}
if (kms1 != null)
{
kms1.Stop();
}
zkServer.Stop();
}
}
/// <exception cref="System.Exception"/>
public long Run()
{
if (!timelineDT.Equals(this._enclosing.token.GetDelegationToken()))
{
this._enclosing.token.SetDelegationToken((Org.Apache.Hadoop.Security.Token.Token)
timelineDT);
}
DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(this
._enclosing.authenticator, this._enclosing.connConfigurator);
URI serviceURI = isTokenServiceAddrEmpty ? this._enclosing.resURI : new URI(scheme
, null, address.GetHostName(), address.Port, TimelineClientImpl.ResourceUriStr,
null, null);
return(authUrl.RenewDelegationToken(serviceURI.ToURL(), this._enclosing.token, this
._enclosing.doAsUser));
}
/// <exception cref="System.IO.IOException"/>
public virtual Org.Apache.Hadoop.Security.Token.Token <object>[] AddDelegationTokens
(string renewer, Credentials credentials)
{
Org.Apache.Hadoop.Security.Token.Token <object>[] tokens = null;
Text dtService = GetDelegationTokenService();
Org.Apache.Hadoop.Security.Token.Token <object> token = credentials.GetToken(dtService
);
if (token == null)
{
Uri url = CreateURL(null, null, null, null);
DelegationTokenAuthenticatedURL authUrl = new DelegationTokenAuthenticatedURL(configurator
);
try
{
// 'actualUGI' is the UGI of the user creating the client
// It is possible that the creator of the KMSClientProvier
// calls this method on behalf of a proxyUser (the doAsUser).
// In which case this call has to be made as the proxy user.
UserGroupInformation currentUgi = UserGroupInformation.GetCurrentUser();
string doAsUser = (currentUgi.GetAuthenticationMethod() == UserGroupInformation.AuthenticationMethod
.Proxy) ? currentUgi.GetShortUserName() : null;
token = actualUgi.DoAs(new _PrivilegedExceptionAction_870(authUrl, url, renewer,
doAsUser));
// Not using the cached token here.. Creating a new token here
// everytime.
if (token != null)
{
credentials.AddToken(token.GetService(), token);
tokens = new Org.Apache.Hadoop.Security.Token.Token <object>[] { token };
}
else
{
throw new IOException("Got NULL as delegation token");
}
}
catch (Exception)
{
Thread.CurrentThread().Interrupt();
}
catch (Exception e)
{
throw new IOException(e);
}
}
return(tokens);
}
public _PrivilegedExceptionAction_155(DelegationTokenAuthenticatedURL aUrl, Uri url2
)
{
this.aUrl = aUrl;
this.url2 = url2;
}
