Exemplo n.º 1
0
        public virtual void TestSerialization()
        {
            TestDelegationToken.TestDelegationTokenIdentifier origToken = new TestDelegationToken.TestDelegationTokenIdentifier
                                                                              (new Text("alice"), new Text("bob"), new Text("colin"));
            TestDelegationToken.TestDelegationTokenIdentifier newToken = new TestDelegationToken.TestDelegationTokenIdentifier
                                                                             ();
            origToken.SetIssueDate(123);
            origToken.SetMasterKeyId(321);
            origToken.SetMaxDate(314);
            origToken.SetSequenceNumber(12345);
            // clone origToken into newToken
            DataInputBuffer  inBuf  = new DataInputBuffer();
            DataOutputBuffer outBuf = new DataOutputBuffer();

            origToken.Write(outBuf);
            inBuf.Reset(outBuf.GetData(), 0, outBuf.GetLength());
            newToken.ReadFields(inBuf);
            // now test the fields
            Assert.Equal("alice", newToken.GetUser().GetUserName());
            Assert.Equal(new Text("bob"), newToken.GetRenewer());
            Assert.Equal("colin", newToken.GetUser().GetRealUser().GetUserName
                             ());
            Assert.Equal(123, newToken.GetIssueDate());
            Assert.Equal(321, newToken.GetMasterKeyId());
            Assert.Equal(314, newToken.GetMaxDate());
            Assert.Equal(12345, newToken.GetSequenceNumber());
            Assert.Equal(origToken, newToken);
        }
Exemplo n.º 2
0
        public virtual void TestGetUserNullOwner()
        {
            TestDelegationToken.TestDelegationTokenIdentifier ident = new TestDelegationToken.TestDelegationTokenIdentifier
                                                                          (null, null, null);
            UserGroupInformation ugi = ident.GetUser();

            NUnit.Framework.Assert.IsNull(ugi);
        }
Exemplo n.º 3
0
                                                 > GenerateDelegationToken(TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager
                                                                           , string owner, string renewer)
 {
     TestDelegationToken.TestDelegationTokenIdentifier dtId = new TestDelegationToken.TestDelegationTokenIdentifier
                                                                  (new Text(owner), new Text(renewer), null);
     return(new Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
                                                        >(dtId, dtSecretManager));
 }
Exemplo n.º 4
0
        public virtual void TestGetUserWithOwner()
        {
            TestDelegationToken.TestDelegationTokenIdentifier ident = new TestDelegationToken.TestDelegationTokenIdentifier
                                                                          (new Text("owner"), null, null);
            UserGroupInformation ugi = ident.GetUser();

            NUnit.Framework.Assert.IsNull(ugi.GetRealUser());
            Assert.Equal("owner", ugi.GetUserName());
            Assert.Equal(UserGroupInformation.AuthenticationMethod.Token,
                         ugi.GetAuthenticationMethod());
        }
Exemplo n.º 5
0
 public virtual void TestDelegationTokenSecretManager()
 {
     TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
                                                                                (24 * 60 * 60 * 1000, 3 * 1000, 1 * 1000, 3600000);
     try
     {
         dtSecretManager.StartThreads();
         Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
                                                 > token = GenerateDelegationToken(dtSecretManager, "SomeUser", "JobTracker");
         Assert.True(dtSecretManager.isStoreNewTokenCalled);
         // Fake renewer should not be able to renew
         ShouldThrow(new _PrivilegedExceptionAction_272(dtSecretManager, token), typeof(AccessControlException
                                                                                        ));
         long time = dtSecretManager.RenewToken(token, "JobTracker");
         Assert.True(dtSecretManager.isUpdateStoredTokenCalled);
         Assert.True("renew time is in future", time > Time.Now());
         TestDelegationToken.TestDelegationTokenIdentifier identifier = new TestDelegationToken.TestDelegationTokenIdentifier
                                                                            ();
         byte[] tokenId = token.GetIdentifier();
         identifier.ReadFields(new DataInputStream(new ByteArrayInputStream(tokenId)));
         Assert.True(null != dtSecretManager.RetrievePassword(identifier
                                                              ));
         Log.Info("Sleep to expire the token");
         Thread.Sleep(2000);
         //Token should be expired
         try
         {
             dtSecretManager.RetrievePassword(identifier);
             //Should not come here
             NUnit.Framework.Assert.Fail("Token should have expired");
         }
         catch (SecretManager.InvalidToken)
         {
         }
         //Success
         dtSecretManager.RenewToken(token, "JobTracker");
         Log.Info("Sleep beyond the max lifetime");
         Thread.Sleep(2000);
         ShouldThrow(new _PrivilegedExceptionAction_302(dtSecretManager, token), typeof(SecretManager.InvalidToken
                                                                                        ));
     }
     finally
     {
         dtSecretManager.StopThreads();
     }
 }
Exemplo n.º 6
0
 public virtual void TestParallelDelegationTokenCreation()
 {
     TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
                                                                                (2000, 24 * 60 * 60 * 1000, 7 * 24 * 60 * 60 * 1000, 2000);
     try
     {
         dtSecretManager.StartThreads();
         int      numThreads         = 100;
         int      numTokensPerThread = 100;
         Thread[] issuers            = new Thread[numThreads];
         for (int i = 0; i < numThreads; i++)
         {
             issuers[i] = new Daemon(new _T1720540651(this));
             issuers[i].Start();
         }
         for (int i_1 = 0; i_1 < numThreads; i_1++)
         {
             issuers[i_1].Join();
         }
         IDictionary <TestDelegationToken.TestDelegationTokenIdentifier, AbstractDelegationTokenSecretManager.DelegationTokenInformation
                      > tokenCache = dtSecretManager.GetAllTokens();
         Assert.Equal(numTokensPerThread * numThreads, tokenCache.Count
                      );
         IEnumerator <TestDelegationToken.TestDelegationTokenIdentifier> iter = tokenCache.
                                                                                Keys.GetEnumerator();
         while (iter.HasNext())
         {
             TestDelegationToken.TestDelegationTokenIdentifier id = iter.Next();
             AbstractDelegationTokenSecretManager.DelegationTokenInformation info = tokenCache
                                                                                    [id];
             Assert.True(info != null);
             DelegationKey key = dtSecretManager.GetKey(id);
             Assert.True(key != null);
             byte[] storedPassword = dtSecretManager.RetrievePassword(id);
             byte[] password       = dtSecretManager.CreatePassword(id, key);
             Assert.True(Arrays.Equals(password, storedPassword));
             //verify by secret manager api
             dtSecretManager.VerifyToken(id, password);
         }
     }
     finally
     {
         dtSecretManager.StopThreads();
     }
 }
Exemplo n.º 7
0
 public virtual void TestDelegationTokenNullRenewer()
 {
     TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
                                                                                (24 * 60 * 60 * 1000, 10 * 1000, 1 * 1000, 3600000);
     dtSecretManager.StartThreads();
     TestDelegationToken.TestDelegationTokenIdentifier dtId = new TestDelegationToken.TestDelegationTokenIdentifier
                                                                  (new Text("theuser"), null, null);
     Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
                                             > token = new Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
                                                                                                   >(dtId, dtSecretManager);
     Assert.True(token != null);
     try
     {
         dtSecretManager.RenewToken(token, string.Empty);
         NUnit.Framework.Assert.Fail("Renewal must not succeed");
     }
     catch (IOException)
     {
     }
 }
Exemplo n.º 8
0
 /// <exception cref="System.Exception"/>
 public virtual void TestRollMasterKey()
 {
     TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
                                                                                (800, 800, 1 * 1000, 3600000);
     try
     {
         dtSecretManager.StartThreads();
         //generate a token and store the password
         Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
                                                 > token = GenerateDelegationToken(dtSecretManager, "SomeUser", "JobTracker");
         byte[] oldPasswd = token.GetPassword();
         //store the length of the keys list
         int prevNumKeys = dtSecretManager.GetAllKeys().Length;
         dtSecretManager.RollMasterKey();
         Assert.True(dtSecretManager.isStoreNewMasterKeyCalled);
         //after rolling, the length of the keys list must increase
         int currNumKeys = dtSecretManager.GetAllKeys().Length;
         Assert.Equal((currNumKeys - prevNumKeys) >= 1, true);
         //after rolling, the token that was generated earlier must
         //still be valid (retrievePassword will fail if the token
         //is not valid)
         ByteArrayInputStream bi = new ByteArrayInputStream(token.GetIdentifier());
         TestDelegationToken.TestDelegationTokenIdentifier identifier = dtSecretManager.CreateIdentifier
                                                                            ();
         identifier.ReadFields(new DataInputStream(bi));
         byte[] newPasswd = dtSecretManager.RetrievePassword(identifier);
         //compare the passwords
         Assert.Equal(oldPasswd, newPasswd);
         // wait for keys to expire
         while (!dtSecretManager.isRemoveStoredMasterKeyCalled)
         {
             Thread.Sleep(200);
         }
     }
     finally
     {
         dtSecretManager.StopThreads();
     }
 }
Exemplo n.º 9
0
        //PASS
        /// <exception cref="System.IO.IOException"/>
        private bool TestDelegationTokenIdentiferSerializationRoundTrip(Text owner, Text
                                                                        renewer, Text realUser)
        {
            TestDelegationToken.TestDelegationTokenIdentifier dtid = new TestDelegationToken.TestDelegationTokenIdentifier
                                                                         (owner, renewer, realUser);
            DataOutputBuffer @out = new DataOutputBuffer();

            dtid.WriteImpl(@out);
            DataInputBuffer @in = new DataInputBuffer();

            @in.Reset(@out.GetData(), @out.GetLength());
            try
            {
                TestDelegationToken.TestDelegationTokenIdentifier dtid2 = new TestDelegationToken.TestDelegationTokenIdentifier
                                                                              ();
                dtid2.ReadFields(@in);
                Assert.True(dtid.Equals(dtid2));
                return(true);
            }
            catch (IOException)
            {
                return(false);
            }
        }