/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.Apache.Hadoop.Security.Authentication.Client.AuthenticationException
/// "/>
private IDictionary DoDelegationTokenOperation <_T0>(Uri url, AuthenticatedURL.Token
token, DelegationTokenAuthenticator.DelegationTokenOperation operation, string
renewer, Org.Apache.Hadoop.Security.Token.Token <_T0> dToken, bool hasResponse, string
doAsUser)
where _T0 : TokenIdentifier
{
IDictionary ret = null;
IDictionary <string, string> @params = new Dictionary <string, string>();
@params[OpParam] = operation.ToString();
if (renewer != null)
{
@params[RenewerParam] = renewer;
}
if (dToken != null)
{
@params[TokenParam] = dToken.EncodeToUrlString();
}
// proxyuser
if (doAsUser != null)
{
@params[DelegationTokenAuthenticatedURL.DoAs] = URLEncoder.Encode(doAsUser, "UTF-8"
);
}
string urlStr = url.ToExternalForm();
StringBuilder sb = new StringBuilder(urlStr);
string separator = (urlStr.Contains("?")) ? "&" : "?";
foreach (KeyValuePair <string, string> entry in @params)
{
sb.Append(separator).Append(entry.Key).Append("=").Append(URLEncoder.Encode(entry
.Value, "UTF8"));
separator = "&";
}
url = new Uri(sb.ToString());
AuthenticatedURL aUrl = new AuthenticatedURL(this, connConfigurator);
HttpURLConnection conn = aUrl.OpenConnection(url, token);
conn.SetRequestMethod(operation.GetHttpMethod());
HttpExceptionUtils.ValidateResponse(conn, HttpURLConnection.HttpOk);
if (hasResponse)
{
string contentType = conn.GetHeaderField(ContentType);
contentType = (contentType != null) ? StringUtils.ToLowerCase(contentType) : null;
if (contentType != null && contentType.Contains(ApplicationJsonMime))
{
try
{
ObjectMapper mapper = new ObjectMapper();
ret = mapper.ReadValue <IDictionary>(conn.GetInputStream());
}
catch (Exception ex)
{
throw new AuthenticationException(string.Format("'%s' did not handle the '%s' delegation token operation: %s"
, url.GetAuthority(), operation, ex.Message), ex);
}
}
else
{
throw new AuthenticationException(string.Format("'%s' did not " + "respond with JSON to the '%s' delegation token operation"
, url.GetAuthority(), operation));
}
}
return(ret);
}
/// <exception cref="System.Exception"/>
private void TestCancelToken()
{
DelegationTokenAuthenticator.DelegationTokenOperation op = DelegationTokenAuthenticator.DelegationTokenOperation
.Canceldelegationtoken;
HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>();
Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator
.OpParam + "=" + op.ToString());
Org.Mockito.Mockito.When(request.GetMethod()).ThenReturn(op.GetHttpMethod());
NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(null, request, response
));
Org.Mockito.Mockito.Verify(response).SendError(Org.Mockito.Mockito.Eq(HttpServletResponse
.ScBadRequest), Org.Mockito.Mockito.Contains("requires the parameter [token]"));
Org.Mockito.Mockito.Reset(response);
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = (Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>)handler.GetTokenManager().CreateToken(UserGroupInformation
.GetCurrentUser(), "foo");
Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator
.OpParam + "=" + op.ToString() + "&" + DelegationTokenAuthenticator.TokenParam +
"=" + token.EncodeToUrlString());
NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(null, request, response
));
Org.Mockito.Mockito.Verify(response).SetStatus(HttpServletResponse.ScOk);
try
{
handler.GetTokenManager().VerifyToken(token);
NUnit.Framework.Assert.Fail();
}
catch (SecretManager.InvalidToken)
{
}
catch
{
//NOP
NUnit.Framework.Assert.Fail();
}
}
/// <exception cref="System.Exception"/>
private void TestRenewToken()
{
DelegationTokenAuthenticator.DelegationTokenOperation op = DelegationTokenAuthenticator.DelegationTokenOperation
.Renewdelegationtoken;
HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>();
Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator
.OpParam + "=" + op.ToString());
Org.Mockito.Mockito.When(request.GetMethod()).ThenReturn(op.GetHttpMethod());
NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(null, request, response
));
Org.Mockito.Mockito.Verify(response).SetStatus(Org.Mockito.Mockito.Eq(HttpServletResponse
.ScUnauthorized));
Org.Mockito.Mockito.Verify(response).SetHeader(Org.Mockito.Mockito.Eq(KerberosAuthenticator
.WwwAuthenticate), Org.Mockito.Mockito.Eq("mock"));
Org.Mockito.Mockito.Reset(response);
AuthenticationToken token = Org.Mockito.Mockito.Mock <AuthenticationToken>();
Org.Mockito.Mockito.When(token.GetUserName()).ThenReturn("user");
NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(token, request, response
));
Org.Mockito.Mockito.Verify(response).SendError(Org.Mockito.Mockito.Eq(HttpServletResponse
.ScBadRequest), Org.Mockito.Mockito.Contains("requires the parameter [token]"));
Org.Mockito.Mockito.Reset(response);
StringWriter writer = new StringWriter();
PrintWriter pwriter = new PrintWriter(writer);
Org.Mockito.Mockito.When(response.GetWriter()).ThenReturn(pwriter);
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> dToken = (Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>)handler.GetTokenManager().CreateToken(UserGroupInformation
.GetCurrentUser(), "user");
Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator
.OpParam + "=" + op.ToString() + "&" + DelegationTokenAuthenticator.TokenParam +
"=" + dToken.EncodeToUrlString());
NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(token, request, response
));
Org.Mockito.Mockito.Verify(response).SetStatus(HttpServletResponse.ScOk);
pwriter.Close();
Assert.True(writer.ToString().Contains("long"));
handler.GetTokenManager().VerifyToken(dToken);
}
/// <exception cref="System.Exception"/>
private void TestGetToken(string renewer, Text expectedTokenKind)
{
DelegationTokenAuthenticator.DelegationTokenOperation op = DelegationTokenAuthenticator.DelegationTokenOperation
.Getdelegationtoken;
HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
HttpServletResponse response = Org.Mockito.Mockito.Mock <HttpServletResponse>();
Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator
.OpParam + "=" + op.ToString());
Org.Mockito.Mockito.When(request.GetMethod()).ThenReturn(op.GetHttpMethod());
AuthenticationToken token = Org.Mockito.Mockito.Mock <AuthenticationToken>();
Org.Mockito.Mockito.When(token.GetUserName()).ThenReturn("user");
Org.Mockito.Mockito.When(response.GetWriter()).ThenReturn(new PrintWriter(new StringWriter
()));
NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(token, request, response
));
Org.Mockito.Mockito.When(request.GetQueryString()).ThenReturn(DelegationTokenAuthenticator
.OpParam + "=" + op.ToString() + "&" + DelegationTokenAuthenticator.RenewerParam
+ "=" + renewer);
Org.Mockito.Mockito.Reset(response);
Org.Mockito.Mockito.Reset(token);
Org.Mockito.Mockito.When(token.GetUserName()).ThenReturn("user");
StringWriter writer = new StringWriter();
PrintWriter pwriter = new PrintWriter(writer);
Org.Mockito.Mockito.When(response.GetWriter()).ThenReturn(pwriter);
NUnit.Framework.Assert.IsFalse(handler.ManagementOperation(token, request, response
));
if (renewer == null)
{
Org.Mockito.Mockito.Verify(token).GetUserName();
}
else
{
Org.Mockito.Mockito.Verify(token).GetUserName();
}
Org.Mockito.Mockito.Verify(response).SetStatus(HttpServletResponse.ScOk);
Org.Mockito.Mockito.Verify(response).SetContentType(MediaType.ApplicationJson);
pwriter.Close();
string responseOutput = writer.ToString();
string tokenLabel = DelegationTokenAuthenticator.DelegationTokenJson;
Assert.True(responseOutput.Contains(tokenLabel));
Assert.True(responseOutput.Contains(DelegationTokenAuthenticator
.DelegationTokenUrlStringJson));
ObjectMapper jsonMapper = new ObjectMapper();
IDictionary json = jsonMapper.ReadValue <IDictionary>(responseOutput);
json = (IDictionary)json[tokenLabel];
string tokenStr;
tokenStr = (string)json[DelegationTokenAuthenticator.DelegationTokenUrlStringJson
];
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> dt = new Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>();
dt.DecodeFromUrlString(tokenStr);
handler.GetTokenManager().VerifyToken(dt);
Assert.Equal(expectedTokenKind, dt.GetKind());
}