public virtual void TestSerialization()
{
TestDelegationToken.TestDelegationTokenIdentifier origToken = new TestDelegationToken.TestDelegationTokenIdentifier
(new Text("alice"), new Text("bob"), new Text("colin"));
TestDelegationToken.TestDelegationTokenIdentifier newToken = new TestDelegationToken.TestDelegationTokenIdentifier
();
origToken.SetIssueDate(123);
origToken.SetMasterKeyId(321);
origToken.SetMaxDate(314);
origToken.SetSequenceNumber(12345);
// clone origToken into newToken
DataInputBuffer inBuf = new DataInputBuffer();
DataOutputBuffer outBuf = new DataOutputBuffer();
origToken.Write(outBuf);
inBuf.Reset(outBuf.GetData(), 0, outBuf.GetLength());
newToken.ReadFields(inBuf);
// now test the fields
Assert.Equal("alice", newToken.GetUser().GetUserName());
Assert.Equal(new Text("bob"), newToken.GetRenewer());
Assert.Equal("colin", newToken.GetUser().GetRealUser().GetUserName
());
Assert.Equal(123, newToken.GetIssueDate());
Assert.Equal(321, newToken.GetMasterKeyId());
Assert.Equal(314, newToken.GetMaxDate());
Assert.Equal(12345, newToken.GetSequenceNumber());
Assert.Equal(origToken, newToken);
}
public virtual void TestGetUserNullOwner()
{
TestDelegationToken.TestDelegationTokenIdentifier ident = new TestDelegationToken.TestDelegationTokenIdentifier
(null, null, null);
UserGroupInformation ugi = ident.GetUser();
NUnit.Framework.Assert.IsNull(ugi);
}
> GenerateDelegationToken(TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager
, string owner, string renewer)
{
TestDelegationToken.TestDelegationTokenIdentifier dtId = new TestDelegationToken.TestDelegationTokenIdentifier
(new Text(owner), new Text(renewer), null);
return(new Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
>(dtId, dtSecretManager));
}
public virtual void TestGetUserWithOwner()
{
TestDelegationToken.TestDelegationTokenIdentifier ident = new TestDelegationToken.TestDelegationTokenIdentifier
(new Text("owner"), null, null);
UserGroupInformation ugi = ident.GetUser();
NUnit.Framework.Assert.IsNull(ugi.GetRealUser());
Assert.Equal("owner", ugi.GetUserName());
Assert.Equal(UserGroupInformation.AuthenticationMethod.Token,
ugi.GetAuthenticationMethod());
}
public virtual void TestDelegationTokenSecretManager()
{
TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
(24 * 60 * 60 * 1000, 3 * 1000, 1 * 1000, 3600000);
try
{
dtSecretManager.StartThreads();
Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> token = GenerateDelegationToken(dtSecretManager, "SomeUser", "JobTracker");
Assert.True(dtSecretManager.isStoreNewTokenCalled);
// Fake renewer should not be able to renew
ShouldThrow(new _PrivilegedExceptionAction_272(dtSecretManager, token), typeof(AccessControlException
));
long time = dtSecretManager.RenewToken(token, "JobTracker");
Assert.True(dtSecretManager.isUpdateStoredTokenCalled);
Assert.True("renew time is in future", time > Time.Now());
TestDelegationToken.TestDelegationTokenIdentifier identifier = new TestDelegationToken.TestDelegationTokenIdentifier
();
byte[] tokenId = token.GetIdentifier();
identifier.ReadFields(new DataInputStream(new ByteArrayInputStream(tokenId)));
Assert.True(null != dtSecretManager.RetrievePassword(identifier
));
Log.Info("Sleep to expire the token");
Thread.Sleep(2000);
//Token should be expired
try
{
dtSecretManager.RetrievePassword(identifier);
//Should not come here
NUnit.Framework.Assert.Fail("Token should have expired");
}
catch (SecretManager.InvalidToken)
{
}
//Success
dtSecretManager.RenewToken(token, "JobTracker");
Log.Info("Sleep beyond the max lifetime");
Thread.Sleep(2000);
ShouldThrow(new _PrivilegedExceptionAction_302(dtSecretManager, token), typeof(SecretManager.InvalidToken
));
}
finally
{
dtSecretManager.StopThreads();
}
}
public virtual void TestParallelDelegationTokenCreation()
{
TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
(2000, 24 * 60 * 60 * 1000, 7 * 24 * 60 * 60 * 1000, 2000);
try
{
dtSecretManager.StartThreads();
int numThreads = 100;
int numTokensPerThread = 100;
Thread[] issuers = new Thread[numThreads];
for (int i = 0; i < numThreads; i++)
{
issuers[i] = new Daemon(new _T1720540651(this));
issuers[i].Start();
}
for (int i_1 = 0; i_1 < numThreads; i_1++)
{
issuers[i_1].Join();
}
IDictionary <TestDelegationToken.TestDelegationTokenIdentifier, AbstractDelegationTokenSecretManager.DelegationTokenInformation
> tokenCache = dtSecretManager.GetAllTokens();
Assert.Equal(numTokensPerThread * numThreads, tokenCache.Count
);
IEnumerator <TestDelegationToken.TestDelegationTokenIdentifier> iter = tokenCache.
Keys.GetEnumerator();
while (iter.HasNext())
{
TestDelegationToken.TestDelegationTokenIdentifier id = iter.Next();
AbstractDelegationTokenSecretManager.DelegationTokenInformation info = tokenCache
[id];
Assert.True(info != null);
DelegationKey key = dtSecretManager.GetKey(id);
Assert.True(key != null);
byte[] storedPassword = dtSecretManager.RetrievePassword(id);
byte[] password = dtSecretManager.CreatePassword(id, key);
Assert.True(Arrays.Equals(password, storedPassword));
//verify by secret manager api
dtSecretManager.VerifyToken(id, password);
}
}
finally
{
dtSecretManager.StopThreads();
}
}
public virtual void TestDelegationTokenNullRenewer()
{
TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
(24 * 60 * 60 * 1000, 10 * 1000, 1 * 1000, 3600000);
dtSecretManager.StartThreads();
TestDelegationToken.TestDelegationTokenIdentifier dtId = new TestDelegationToken.TestDelegationTokenIdentifier
(new Text("theuser"), null, null);
Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> token = new Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
>(dtId, dtSecretManager);
Assert.True(token != null);
try
{
dtSecretManager.RenewToken(token, string.Empty);
NUnit.Framework.Assert.Fail("Renewal must not succeed");
}
catch (IOException)
{
}
}
/// <exception cref="System.Exception"/>
public virtual void TestRollMasterKey()
{
TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
(800, 800, 1 * 1000, 3600000);
try
{
dtSecretManager.StartThreads();
//generate a token and store the password
Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> token = GenerateDelegationToken(dtSecretManager, "SomeUser", "JobTracker");
byte[] oldPasswd = token.GetPassword();
//store the length of the keys list
int prevNumKeys = dtSecretManager.GetAllKeys().Length;
dtSecretManager.RollMasterKey();
Assert.True(dtSecretManager.isStoreNewMasterKeyCalled);
//after rolling, the length of the keys list must increase
int currNumKeys = dtSecretManager.GetAllKeys().Length;
Assert.Equal((currNumKeys - prevNumKeys) >= 1, true);
//after rolling, the token that was generated earlier must
//still be valid (retrievePassword will fail if the token
//is not valid)
ByteArrayInputStream bi = new ByteArrayInputStream(token.GetIdentifier());
TestDelegationToken.TestDelegationTokenIdentifier identifier = dtSecretManager.CreateIdentifier
();
identifier.ReadFields(new DataInputStream(bi));
byte[] newPasswd = dtSecretManager.RetrievePassword(identifier);
//compare the passwords
Assert.Equal(oldPasswd, newPasswd);
// wait for keys to expire
while (!dtSecretManager.isRemoveStoredMasterKeyCalled)
{
Thread.Sleep(200);
}
}
finally
{
dtSecretManager.StopThreads();
}
}
//PASS
/// <exception cref="System.IO.IOException"/>
private bool TestDelegationTokenIdentiferSerializationRoundTrip(Text owner, Text
renewer, Text realUser)
{
TestDelegationToken.TestDelegationTokenIdentifier dtid = new TestDelegationToken.TestDelegationTokenIdentifier
(owner, renewer, realUser);
DataOutputBuffer @out = new DataOutputBuffer();
dtid.WriteImpl(@out);
DataInputBuffer @in = new DataInputBuffer();
@in.Reset(@out.GetData(), @out.GetLength());
try
{
TestDelegationToken.TestDelegationTokenIdentifier dtid2 = new TestDelegationToken.TestDelegationTokenIdentifier
();
dtid2.ReadFields(@in);
Assert.True(dtid.Equals(dtid2));
return(true);
}
catch (IOException)
{
return(false);
}
}
