Пример #1
0
 public NMTokenIdentifierNewForTest(NMTokenIdentifier tokenIdentifier, string message
                                    )
 {
     builder = YarnSecurityTestTokenProtos.NMTokenIdentifierNewProto.NewBuilder();
     builder.SetAppAttemptId(tokenIdentifier.GetProto().GetAppAttemptId());
     builder.SetNodeId(tokenIdentifier.GetProto().GetNodeId());
     builder.SetAppSubmitter(tokenIdentifier.GetApplicationSubmitter());
     builder.SetKeyId(tokenIdentifier.GetKeyId());
     builder.SetMessage(message);
     proto   = ((YarnSecurityTestTokenProtos.NMTokenIdentifierNewProto)builder.Build());
     builder = null;
 }
        /// <summary>
        /// This method will be used to verify NMTokens generated by different master
        /// keys.
        /// </summary>
        /// <exception cref="Org.Apache.Hadoop.Security.Token.SecretManager.InvalidToken"/>
        public override byte[] RetrievePassword(NMTokenIdentifier identifier)
        {
            lock (this)
            {
                int keyId = identifier.GetKeyId();
                ApplicationAttemptId appAttemptId = identifier.GetApplicationAttemptId();

                /*
                 * MasterKey used for retrieving password will be as follows. 1) By default
                 * older saved master key will be used. 2) If identifier's master key id
                 * matches that of previous master key id then previous key will be used. 3)
                 * If identifier's master key id matches that of current master key id then
                 * current key will be used.
                 */
                MasterKeyData oldMasterKey   = oldMasterKeys[appAttemptId];
                MasterKeyData masterKeyToUse = oldMasterKey;
                if (previousMasterKey != null && keyId == previousMasterKey.GetMasterKey().GetKeyId
                        ())
                {
                    masterKeyToUse = previousMasterKey;
                }
                else
                {
                    if (keyId == currentMasterKey.GetMasterKey().GetKeyId())
                    {
                        masterKeyToUse = currentMasterKey;
                    }
                }
                if (nodeId != null && !identifier.GetNodeId().Equals(nodeId))
                {
                    throw new SecretManager.InvalidToken("Given NMToken for application : " + appAttemptId
                                                         .ToString() + " is not valid for current node manager." + "expected : " + nodeId
                                                         .ToString() + " found : " + identifier.GetNodeId().ToString());
                }
                if (masterKeyToUse != null)
                {
                    byte[] password = RetrivePasswordInternal(identifier, masterKeyToUse);
                    Log.Debug("NMToken password retrieved successfully!!");
                    return(password);
                }
                throw new SecretManager.InvalidToken("Given NMToken for application : " + appAttemptId
                                                     .ToString() + " seems to have been generated illegally.");
            }
        }
 /// <summary>This will be called by startContainer.</summary>
 /// <remarks>
 /// This will be called by startContainer. It will add the master key into
 /// the cache used for starting this container. This should be called before
 /// validating the startContainer request.
 /// </remarks>
 /// <exception cref="Org.Apache.Hadoop.Security.Token.SecretManager.InvalidToken"/>
 public virtual void AppAttemptStartContainer(NMTokenIdentifier identifier)
 {
     lock (this)
     {
         ApplicationAttemptId appAttemptId = identifier.GetApplicationAttemptId();
         if (!appToAppAttemptMap.Contains(appAttemptId.GetApplicationId()))
         {
             // First application attempt for the given application
             appToAppAttemptMap[appAttemptId.GetApplicationId()] = new AList <ApplicationAttemptId
                                                                              >();
         }
         MasterKeyData oldKey = oldMasterKeys[appAttemptId];
         if (oldKey == null)
         {
             // This is a new application attempt.
             appToAppAttemptMap[appAttemptId.GetApplicationId()].AddItem(appAttemptId);
         }
         if (oldKey == null || oldKey.GetMasterKey().GetKeyId() != identifier.GetKeyId())
         {
             // Update key only if it is modified.
             Log.Debug("NMToken key updated for application attempt : " + identifier.GetApplicationAttemptId
                           ().ToString());
             if (identifier.GetKeyId() == currentMasterKey.GetMasterKey().GetKeyId())
             {
                 UpdateAppAttemptKey(appAttemptId, currentMasterKey);
             }
             else
             {
                 if (previousMasterKey != null && identifier.GetKeyId() == previousMasterKey.GetMasterKey
                         ().GetKeyId())
                 {
                     UpdateAppAttemptKey(appAttemptId, previousMasterKey);
                 }
                 else
                 {
                     throw new SecretManager.InvalidToken("Older NMToken should not be used while starting the container."
                                                          );
                 }
             }
         }
     }
 }