/// <exception cref="System.Exception"/> private void TestGetToken(string renewer, Text expectedTokenKind) { DelegationTokenAuthenticator.DelegationTokenOperation op = DelegationTokenAuthenticator.DelegationTokenOperation .Getdelegationtoken; HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>(); HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>(); Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator .OpParam + "=" + op.ToString()); Org.Mockito.Mockito.When(request.GetMethod()).ThenReturn(op.GetHttpMethod()); AuthenticationToken token = Org.Mockito.Mockito.Mock <AuthenticationToken>(); Org.Mockito.Mockito.When(token.GetUserName()).ThenReturn("user"); Org.Mockito.Mockito.When(response.GetWriter()).ThenReturn(new PrintWriter(new StringWriter ())); NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(token, request, response )); Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator .OpParam + "=" + op.ToString() + "&" + DelegationTokenAuthenticator.RenewerParam + "=" + renewer); Org.Mockito.Mockito.Reset(response); Org.Mockito.Mockito.Reset(token); Org.Mockito.Mockito.When(token.GetUserName()).ThenReturn("user"); StringWriter writer = new StringWriter(); PrintWriter pwriter = new PrintWriter(writer); Org.Mockito.Mockito.When(response.GetWriter()).ThenReturn(pwriter); NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(token, request, response )); if (renewer == null) { Org.Mockito.Mockito.Verify(token).GetUserName(); } else { Org.Mockito.Mockito.Verify(token).GetUserName(); } Org.Mockito.Mockito.Verify(response).SetStatus(HttpServletResponse.ScOk); Org.Mockito.Mockito.Verify(response).SetContentType(MediaType.ApplicationJson); pwriter.Close(); string responseOutput = writer.ToString(); string tokenLabel = DelegationTokenAuthenticator.DelegationTokenJson; Assert.True(responseOutput.Contains(tokenLabel)); Assert.True(responseOutput.Contains(DelegationTokenAuthenticator .DelegationTokenUrlStringJson)); ObjectMapper jsonMapper = new ObjectMapper(); IDictionary json = jsonMapper.ReadValue <IDictionary>(responseOutput); json = (IDictionary)json[tokenLabel]; string tokenStr; tokenStr = (string)json[DelegationTokenAuthenticator.DelegationTokenUrlStringJson ]; Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> dt = new Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>(); dt.DecodeFromUrlString(tokenStr); handler.GetTokenManager().VerifyToken(dt); Assert.Equal(expectedTokenKind, dt.GetKind()); }
/// <exception cref="System.Exception"/> private void TestRenewToken() { DelegationTokenAuthenticator.DelegationTokenOperation op = DelegationTokenAuthenticator.DelegationTokenOperation .Renewdelegationtoken; HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>(); HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>(); Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator .OpParam + "=" + op.ToString()); Org.Mockito.Mockito.When(request.GetMethod()).ThenReturn(op.GetHttpMethod()); NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(null, request, response )); Org.Mockito.Mockito.Verify(response).SetStatus(Org.Mockito.Mockito.Eq(HttpServletResponse .ScUnauthorized)); Org.Mockito.Mockito.Verify(response).SetHeader(Org.Mockito.Mockito.Eq(KerberosAuthenticator .WwwAuthenticate), Org.Mockito.Mockito.Eq("mock")); Org.Mockito.Mockito.Reset(response); AuthenticationToken token = Org.Mockito.Mockito.Mock <AuthenticationToken>(); Org.Mockito.Mockito.When(token.GetUserName()).ThenReturn("user"); NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(token, request, response )); Org.Mockito.Mockito.Verify(response).SendError(Org.Mockito.Mockito.Eq(HttpServletResponse .ScBadRequest), Org.Mockito.Mockito.Contains("requires the parameter [token]")); Org.Mockito.Mockito.Reset(response); StringWriter writer = new StringWriter(); PrintWriter pwriter = new PrintWriter(writer); Org.Mockito.Mockito.When(response.GetWriter()).ThenReturn(pwriter); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> dToken = (Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>)handler.GetTokenManager().CreateToken(UserGroupInformation .GetCurrentUser(), "user"); Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator .OpParam + "=" + op.ToString() + "&" + DelegationTokenAuthenticator.TokenParam + "=" + dToken.EncodeToUrlString()); NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(token, request, response )); Org.Mockito.Mockito.Verify(response).SetStatus(HttpServletResponse.ScOk); pwriter.Close(); Assert.True(writer.ToString().Contains("long")); handler.GetTokenManager().VerifyToken(dToken); }
/// <exception cref="System.Exception"/> private void TestCancelToken() { DelegationTokenAuthenticator.DelegationTokenOperation op = DelegationTokenAuthenticator.DelegationTokenOperation .Canceldelegationtoken; HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>(); HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>(); Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator .OpParam + "=" + op.ToString()); Org.Mockito.Mockito.When(request.GetMethod()).ThenReturn(op.GetHttpMethod()); NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(null, request, response )); Org.Mockito.Mockito.Verify(response).SendError(Org.Mockito.Mockito.Eq(HttpServletResponse .ScBadRequest), Org.Mockito.Mockito.Contains("requires the parameter [token]")); Org.Mockito.Mockito.Reset(response); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = (Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>)handler.GetTokenManager().CreateToken(UserGroupInformation .GetCurrentUser(), "foo"); Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator .OpParam + "=" + op.ToString() + "&" + DelegationTokenAuthenticator.TokenParam + "=" + token.EncodeToUrlString()); NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(null, request, response )); Org.Mockito.Mockito.Verify(response).SetStatus(HttpServletResponse.ScOk); try { handler.GetTokenManager().VerifyToken(token); NUnit.Framework.Assert.Fail(); } catch (SecretManager.InvalidToken) { } catch { //NOP NUnit.Framework.Assert.Fail(); } }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException /// "/> public override bool ManagementOperation(AuthenticationToken token, HttpServletRequest request, HttpServletResponse response) { bool requestContinues = true; string op = ServletUtils.GetParameter(request, KerberosDelegationTokenAuthenticator .OpParam); op = (op != null) ? StringUtils.ToUpperCase(op) : null; if (DelegationTokenOps.Contains(op) && !request.GetMethod().Equals("OPTIONS")) { DelegationTokenAuthenticator.DelegationTokenOperation dtOp = DelegationTokenAuthenticator.DelegationTokenOperation .ValueOf(op); if (dtOp.GetHttpMethod().Equals(request.GetMethod())) { bool doManagement; if (dtOp.RequiresKerberosCredentials() && token == null) { token = Authenticate(request, response); if (token == null) { requestContinues = false; doManagement = false; } else { doManagement = true; } } else { doManagement = true; } if (doManagement) { UserGroupInformation requestUgi = (token != null) ? UserGroupInformation.CreateRemoteUser (token.GetUserName()) : null; // Create the proxy user if doAsUser exists string doAsUser = DelegationTokenAuthenticationFilter.GetDoAs(request); if (requestUgi != null && doAsUser != null) { requestUgi = UserGroupInformation.CreateProxyUser(doAsUser, requestUgi); try { ProxyUsers.Authorize(requestUgi, request.GetRemoteHost()); } catch (AuthorizationException ex) { HttpExceptionUtils.CreateServletExceptionResponse(response, HttpServletResponse.ScForbidden , ex); return(false); } } IDictionary map = null; switch (dtOp) { case DelegationTokenAuthenticator.DelegationTokenOperation.Getdelegationtoken: { if (requestUgi == null) { throw new InvalidOperationException("request UGI cannot be NULL"); } string renewer = ServletUtils.GetParameter(request, KerberosDelegationTokenAuthenticator .RenewerParam); try { Org.Apache.Hadoop.Security.Token.Token <object> dToken = tokenManager.CreateToken( requestUgi, renewer); map = DelegationTokenToJSON(dToken); } catch (IOException ex) { throw new AuthenticationException(ex.ToString(), ex); } break; } case DelegationTokenAuthenticator.DelegationTokenOperation.Renewdelegationtoken: { if (requestUgi == null) { throw new InvalidOperationException("request UGI cannot be NULL"); } string tokenToRenew = ServletUtils.GetParameter(request, KerberosDelegationTokenAuthenticator .TokenParam); if (tokenToRenew == null) { response.SendError(HttpServletResponse.ScBadRequest, MessageFormat.Format("Operation [{0}] requires the parameter [{1}]" , dtOp, KerberosDelegationTokenAuthenticator.TokenParam)); requestContinues = false; } else { Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dt = new Org.Apache.Hadoop.Security.Token.Token(); try { dt.DecodeFromUrlString(tokenToRenew); long expirationTime = tokenManager.RenewToken(dt, requestUgi.GetShortUserName()); map = new Hashtable(); map["long"] = expirationTime; } catch (IOException ex) { throw new AuthenticationException(ex.ToString(), ex); } } break; } case DelegationTokenAuthenticator.DelegationTokenOperation.Canceldelegationtoken: { string tokenToCancel = ServletUtils.GetParameter(request, KerberosDelegationTokenAuthenticator .TokenParam); if (tokenToCancel == null) { response.SendError(HttpServletResponse.ScBadRequest, MessageFormat.Format("Operation [{0}] requires the parameter [{1}]" , dtOp, KerberosDelegationTokenAuthenticator.TokenParam)); requestContinues = false; } else { Org.Apache.Hadoop.Security.Token.Token <AbstractDelegationTokenIdentifier> dt = new Org.Apache.Hadoop.Security.Token.Token(); try { dt.DecodeFromUrlString(tokenToCancel); tokenManager.CancelToken(dt, (requestUgi != null) ? requestUgi.GetShortUserName() : null); } catch (IOException) { response.SendError(HttpServletResponse.ScNotFound, "Invalid delegation token, cannot cancel" ); requestContinues = false; } } break; } } if (requestContinues) { response.SetStatus(HttpServletResponse.ScOk); if (map != null) { response.SetContentType(MediaType.ApplicationJson); TextWriter writer = response.GetWriter(); ObjectMapper jsonMapper = new ObjectMapper(); jsonMapper.WriteValue(writer, map); writer.Write(Enter); writer.Flush(); } requestContinues = false; } } } else { response.SendError(HttpServletResponse.ScBadRequest, MessageFormat.Format("Wrong HTTP method [{0}] for operation [{1}], it should be " + "[{2}]", request.GetMethod(), dtOp, dtOp.GetHttpMethod())); requestContinues = false; } } return(requestContinues); }
/// <exception cref="System.IO.IOException"/> /// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException /// "/> private IDictionary DoDelegationTokenOperation <_T0>(Uri url, AuthenticatedURL.Token token, DelegationTokenAuthenticator.DelegationTokenOperation operation, string renewer, Org.Apache.Hadoop.Security.Token.Token <_T0> dToken, bool hasResponse, string doAsUser) where _T0 : TokenIdentifier { IDictionary ret = null; IDictionary <string, string> @params = new Dictionary <string, string>(); @params[OpParam] = operation.ToString(); if (renewer != null) { @params[RenewerParam] = renewer; } if (dToken != null) { @params[TokenParam] = dToken.EncodeToUrlString(); } // proxyuser if (doAsUser != null) { @params[DelegationTokenAuthenticatedURL.DoAs] = URLEncoder.Encode(doAsUser, "UTF-8" ); } string urlStr = url.ToExternalForm(); StringBuilder sb = new StringBuilder(urlStr); string separator = (urlStr.Contains("?")) ? "&" : "?"; foreach (KeyValuePair <string, string> entry in @params) { sb.Append(separator).Append(entry.Key).Append("=").Append(URLEncoder.Encode(entry .Value, "UTF8")); separator = "&"; } url = new Uri(sb.ToString()); AuthenticatedURL aUrl = new AuthenticatedURL(this, connConfigurator); HttpURLConnection conn = aUrl.OpenConnection(url, token); conn.SetRequestMethod(operation.GetHttpMethod()); HttpExceptionUtils.ValidateResponse(conn, HttpURLConnection.HttpOk); if (hasResponse) { string contentType = conn.GetHeaderField(ContentType); contentType = (contentType != null) ? StringUtils.ToLowerCase(contentType) : null; if (contentType != null && contentType.Contains(ApplicationJsonMime)) { try { ObjectMapper mapper = new ObjectMapper(); ret = mapper.ReadValue <IDictionary>(conn.GetInputStream()); } catch (Exception ex) { throw new AuthenticationException(string.Format("'%s' did not handle the '%s' delegation token operation: %s" , url.GetAuthority(), operation, ex.Message), ex); } } else { throw new AuthenticationException(string.Format("'%s' did not " + "respond with JSON to the '%s' delegation token operation" , url.GetAuthority(), operation)); } } return(ret); }