/// <exception cref="System.Exception"/>
public virtual void TestDecryptWithKeyVersionNameKeyMismatch()
{
Configuration conf = new Configuration();
KeyProvider kp = new UserProvider.Factory().CreateProvider(new URI("user:///"), conf
);
KeyAuthorizationKeyProvider.KeyACLs mock = Org.Mockito.Mockito.Mock <KeyAuthorizationKeyProvider.KeyACLs
>();
Org.Mockito.Mockito.When(mock.IsACLPresent("testKey", KeyAuthorizationKeyProvider.KeyOpType
.Management)).ThenReturn(true);
Org.Mockito.Mockito.When(mock.IsACLPresent("testKey", KeyAuthorizationKeyProvider.KeyOpType
.GenerateEek)).ThenReturn(true);
Org.Mockito.Mockito.When(mock.IsACLPresent("testKey", KeyAuthorizationKeyProvider.KeyOpType
.DecryptEek)).ThenReturn(true);
Org.Mockito.Mockito.When(mock.IsACLPresent("testKey", KeyAuthorizationKeyProvider.KeyOpType
.All)).ThenReturn(true);
UserGroupInformation u1 = UserGroupInformation.CreateRemoteUser("u1");
UserGroupInformation u2 = UserGroupInformation.CreateRemoteUser("u2");
UserGroupInformation u3 = UserGroupInformation.CreateRemoteUser("u3");
UserGroupInformation sudo = UserGroupInformation.CreateRemoteUser("sudo");
Org.Mockito.Mockito.When(mock.HasAccessToKey("testKey", u1, KeyAuthorizationKeyProvider.KeyOpType
.Management)).ThenReturn(true);
Org.Mockito.Mockito.When(mock.HasAccessToKey("testKey", u2, KeyAuthorizationKeyProvider.KeyOpType
.GenerateEek)).ThenReturn(true);
Org.Mockito.Mockito.When(mock.HasAccessToKey("testKey", u3, KeyAuthorizationKeyProvider.KeyOpType
.DecryptEek)).ThenReturn(true);
Org.Mockito.Mockito.When(mock.HasAccessToKey("testKey", sudo, KeyAuthorizationKeyProvider.KeyOpType
.All)).ThenReturn(true);
KeyProviderCryptoExtension kpExt = new KeyAuthorizationKeyProvider(KeyProviderCryptoExtension
.CreateKeyProviderCryptoExtension(kp), mock);
sudo.DoAs(new _PrivilegedExceptionAction_247(conf, kpExt));
}
/// <summary>
/// The constructor takes a
/// <see cref="Org.Apache.Hadoop.Crypto.Key.KeyProviderCryptoExtension"/>
/// and an
/// implementation of <code>KeyACLs</code>. All calls are delegated to the
/// provider keyProvider after authorization check (if required)
/// </summary>
/// <param name="keyProvider"></param>
/// <param name="acls"/>
public KeyAuthorizationKeyProvider(KeyProviderCryptoExtension keyProvider, KeyAuthorizationKeyProvider.KeyACLs
acls)
: base(keyProvider, null)
{
this.provider = keyProvider;
this.acls = acls;
ReadWriteLock Lock = new ReentrantReadWriteLock(true);
readLock = Lock.ReadLock();
writeLock = Lock.WriteLock();
}
public virtual void TestCreateKey()
{
Configuration conf = new Configuration();
KeyProvider kp = new UserProvider.Factory().CreateProvider(new URI("user:///"), conf
);
KeyAuthorizationKeyProvider.KeyACLs mock = Org.Mockito.Mockito.Mock <KeyAuthorizationKeyProvider.KeyACLs
>();
Org.Mockito.Mockito.When(mock.IsACLPresent("foo", KeyAuthorizationKeyProvider.KeyOpType
.Management)).ThenReturn(true);
UserGroupInformation u1 = UserGroupInformation.CreateRemoteUser("u1");
Org.Mockito.Mockito.When(mock.HasAccessToKey("foo", u1, KeyAuthorizationKeyProvider.KeyOpType
.Management)).ThenReturn(true);
KeyProviderCryptoExtension kpExt = new KeyAuthorizationKeyProvider(KeyProviderCryptoExtension
.CreateKeyProviderCryptoExtension(kp), mock);
u1.DoAs(new _PrivilegedExceptionAction_62(kpExt, conf));
// "bar" key not configured
// Ignore
// Unauthorized User
UserGroupInformation.CreateRemoteUser("badGuy").DoAs(new _PrivilegedExceptionAction_87
(kpExt, conf));
}
