public virtual void TestDelegationTokenSelector()
{
TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
(24 * 60 * 60 * 1000, 10 * 1000, 1 * 1000, 3600000);
try
{
dtSecretManager.StartThreads();
AbstractDelegationTokenSelector ds = new AbstractDelegationTokenSelector <TestDelegationToken.TestDelegationTokenIdentifier
>(Kind);
//Creates a collection of tokens
Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> token1 = GenerateDelegationToken(dtSecretManager, "SomeUser1", "JobTracker");
token1.SetService(new Text("MY-SERVICE1"));
Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> token2 = GenerateDelegationToken(dtSecretManager, "SomeUser2", "JobTracker");
token2.SetService(new Text("MY-SERVICE2"));
IList <Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> > tokens = new AList <Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> >();
tokens.AddItem(token1);
tokens.AddItem(token2);
//try to select a token with a given service name (created earlier)
Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> t = ds.SelectToken(new Text("MY-SERVICE1"), tokens);
Assert.Equal(t, token1);
}
finally
{
dtSecretManager.StopThreads();
}
}
public _PrivilegedExceptionAction_333(TestDelegationToken.TestDelegationTokenSecretManager
dtSecretManager, Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> token)
{
this.dtSecretManager = dtSecretManager;
this.token = token;
}
> GenerateDelegationToken(TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager
, string owner, string renewer)
{
TestDelegationToken.TestDelegationTokenIdentifier dtId = new TestDelegationToken.TestDelegationTokenIdentifier
(new Text(owner), new Text(renewer), null);
return(new Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
>(dtId, dtSecretManager));
}
public virtual void TestDelegationTokenSecretManager()
{
TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
(24 * 60 * 60 * 1000, 3 * 1000, 1 * 1000, 3600000);
try
{
dtSecretManager.StartThreads();
Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> token = GenerateDelegationToken(dtSecretManager, "SomeUser", "JobTracker");
Assert.True(dtSecretManager.isStoreNewTokenCalled);
// Fake renewer should not be able to renew
ShouldThrow(new _PrivilegedExceptionAction_272(dtSecretManager, token), typeof(AccessControlException
));
long time = dtSecretManager.RenewToken(token, "JobTracker");
Assert.True(dtSecretManager.isUpdateStoredTokenCalled);
Assert.True("renew time is in future", time > Time.Now());
TestDelegationToken.TestDelegationTokenIdentifier identifier = new TestDelegationToken.TestDelegationTokenIdentifier
();
byte[] tokenId = token.GetIdentifier();
identifier.ReadFields(new DataInputStream(new ByteArrayInputStream(tokenId)));
Assert.True(null != dtSecretManager.RetrievePassword(identifier
));
Log.Info("Sleep to expire the token");
Thread.Sleep(2000);
//Token should be expired
try
{
dtSecretManager.RetrievePassword(identifier);
//Should not come here
NUnit.Framework.Assert.Fail("Token should have expired");
}
catch (SecretManager.InvalidToken)
{
}
//Success
dtSecretManager.RenewToken(token, "JobTracker");
Log.Info("Sleep beyond the max lifetime");
Thread.Sleep(2000);
ShouldThrow(new _PrivilegedExceptionAction_302(dtSecretManager, token), typeof(SecretManager.InvalidToken
));
}
finally
{
dtSecretManager.StopThreads();
}
}
public virtual void TestParallelDelegationTokenCreation()
{
TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
(2000, 24 * 60 * 60 * 1000, 7 * 24 * 60 * 60 * 1000, 2000);
try
{
dtSecretManager.StartThreads();
int numThreads = 100;
int numTokensPerThread = 100;
Thread[] issuers = new Thread[numThreads];
for (int i = 0; i < numThreads; i++)
{
issuers[i] = new Daemon(new _T1720540651(this));
issuers[i].Start();
}
for (int i_1 = 0; i_1 < numThreads; i_1++)
{
issuers[i_1].Join();
}
IDictionary <TestDelegationToken.TestDelegationTokenIdentifier, AbstractDelegationTokenSecretManager.DelegationTokenInformation
> tokenCache = dtSecretManager.GetAllTokens();
Assert.Equal(numTokensPerThread * numThreads, tokenCache.Count
);
IEnumerator <TestDelegationToken.TestDelegationTokenIdentifier> iter = tokenCache.
Keys.GetEnumerator();
while (iter.HasNext())
{
TestDelegationToken.TestDelegationTokenIdentifier id = iter.Next();
AbstractDelegationTokenSecretManager.DelegationTokenInformation info = tokenCache
[id];
Assert.True(info != null);
DelegationKey key = dtSecretManager.GetKey(id);
Assert.True(key != null);
byte[] storedPassword = dtSecretManager.RetrievePassword(id);
byte[] password = dtSecretManager.CreatePassword(id, key);
Assert.True(Arrays.Equals(password, storedPassword));
//verify by secret manager api
dtSecretManager.VerifyToken(id, password);
}
}
finally
{
dtSecretManager.StopThreads();
}
}
public virtual void TestDelegationTokenNullRenewer()
{
TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
(24 * 60 * 60 * 1000, 10 * 1000, 1 * 1000, 3600000);
dtSecretManager.StartThreads();
TestDelegationToken.TestDelegationTokenIdentifier dtId = new TestDelegationToken.TestDelegationTokenIdentifier
(new Text("theuser"), null, null);
Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> token = new Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
>(dtId, dtSecretManager);
Assert.True(token != null);
try
{
dtSecretManager.RenewToken(token, string.Empty);
NUnit.Framework.Assert.Fail("Renewal must not succeed");
}
catch (IOException)
{
}
}
/// <exception cref="System.Exception"/>
public virtual void TestRollMasterKey()
{
TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
(800, 800, 1 * 1000, 3600000);
try
{
dtSecretManager.StartThreads();
//generate a token and store the password
Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> token = GenerateDelegationToken(dtSecretManager, "SomeUser", "JobTracker");
byte[] oldPasswd = token.GetPassword();
//store the length of the keys list
int prevNumKeys = dtSecretManager.GetAllKeys().Length;
dtSecretManager.RollMasterKey();
Assert.True(dtSecretManager.isStoreNewMasterKeyCalled);
//after rolling, the length of the keys list must increase
int currNumKeys = dtSecretManager.GetAllKeys().Length;
Assert.Equal((currNumKeys - prevNumKeys) >= 1, true);
//after rolling, the token that was generated earlier must
//still be valid (retrievePassword will fail if the token
//is not valid)
ByteArrayInputStream bi = new ByteArrayInputStream(token.GetIdentifier());
TestDelegationToken.TestDelegationTokenIdentifier identifier = dtSecretManager.CreateIdentifier
();
identifier.ReadFields(new DataInputStream(bi));
byte[] newPasswd = dtSecretManager.RetrievePassword(identifier);
//compare the passwords
Assert.Equal(oldPasswd, newPasswd);
// wait for keys to expire
while (!dtSecretManager.isRemoveStoredMasterKeyCalled)
{
Thread.Sleep(200);
}
}
finally
{
dtSecretManager.StopThreads();
}
}
public virtual void TestCancelDelegationToken()
{
TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
(24 * 60 * 60 * 1000, 10 * 1000, 1 * 1000, 3600000);
try
{
dtSecretManager.StartThreads();
Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
> token = GenerateDelegationToken(dtSecretManager, "SomeUser", "JobTracker");
//Fake renewer should not be able to renew
ShouldThrow(new _PrivilegedExceptionAction_324(dtSecretManager, token), typeof(AccessControlException
));
dtSecretManager.CancelToken(token, "JobTracker");
Assert.True(dtSecretManager.isRemoveStoredTokenCalled);
ShouldThrow(new _PrivilegedExceptionAction_333(dtSecretManager, token), typeof(SecretManager.InvalidToken
));
}
finally
{
dtSecretManager.StopThreads();
}
}
