示例#1
0
 public virtual void TestDelegationTokenSelector()
 {
     TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
                                                                                (24 * 60 * 60 * 1000, 10 * 1000, 1 * 1000, 3600000);
     try
     {
         dtSecretManager.StartThreads();
         AbstractDelegationTokenSelector ds = new AbstractDelegationTokenSelector <TestDelegationToken.TestDelegationTokenIdentifier
                                                                                   >(Kind);
         //Creates a collection of tokens
         Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
                                                 > token1 = GenerateDelegationToken(dtSecretManager, "SomeUser1", "JobTracker");
         token1.SetService(new Text("MY-SERVICE1"));
         Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
                                                 > token2 = GenerateDelegationToken(dtSecretManager, "SomeUser2", "JobTracker");
         token2.SetService(new Text("MY-SERVICE2"));
         IList <Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
                                                        > > tokens = new AList <Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
                                                                                                                        > >();
         tokens.AddItem(token1);
         tokens.AddItem(token2);
         //try to select a token with a given service name (created earlier)
         Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
                                                 > t = ds.SelectToken(new Text("MY-SERVICE1"), tokens);
         Assert.Equal(t, token1);
     }
     finally
     {
         dtSecretManager.StopThreads();
     }
 }
示例#2
0
 public virtual void TestDelegationTokenSecretManager()
 {
     TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
                                                                                (24 * 60 * 60 * 1000, 3 * 1000, 1 * 1000, 3600000);
     try
     {
         dtSecretManager.StartThreads();
         Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
                                                 > token = GenerateDelegationToken(dtSecretManager, "SomeUser", "JobTracker");
         Assert.True(dtSecretManager.isStoreNewTokenCalled);
         // Fake renewer should not be able to renew
         ShouldThrow(new _PrivilegedExceptionAction_272(dtSecretManager, token), typeof(AccessControlException
                                                                                        ));
         long time = dtSecretManager.RenewToken(token, "JobTracker");
         Assert.True(dtSecretManager.isUpdateStoredTokenCalled);
         Assert.True("renew time is in future", time > Time.Now());
         TestDelegationToken.TestDelegationTokenIdentifier identifier = new TestDelegationToken.TestDelegationTokenIdentifier
                                                                            ();
         byte[] tokenId = token.GetIdentifier();
         identifier.ReadFields(new DataInputStream(new ByteArrayInputStream(tokenId)));
         Assert.True(null != dtSecretManager.RetrievePassword(identifier
                                                              ));
         Log.Info("Sleep to expire the token");
         Thread.Sleep(2000);
         //Token should be expired
         try
         {
             dtSecretManager.RetrievePassword(identifier);
             //Should not come here
             NUnit.Framework.Assert.Fail("Token should have expired");
         }
         catch (SecretManager.InvalidToken)
         {
         }
         //Success
         dtSecretManager.RenewToken(token, "JobTracker");
         Log.Info("Sleep beyond the max lifetime");
         Thread.Sleep(2000);
         ShouldThrow(new _PrivilegedExceptionAction_302(dtSecretManager, token), typeof(SecretManager.InvalidToken
                                                                                        ));
     }
     finally
     {
         dtSecretManager.StopThreads();
     }
 }
示例#3
0
 public virtual void TestParallelDelegationTokenCreation()
 {
     TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
                                                                                (2000, 24 * 60 * 60 * 1000, 7 * 24 * 60 * 60 * 1000, 2000);
     try
     {
         dtSecretManager.StartThreads();
         int      numThreads         = 100;
         int      numTokensPerThread = 100;
         Thread[] issuers            = new Thread[numThreads];
         for (int i = 0; i < numThreads; i++)
         {
             issuers[i] = new Daemon(new _T1720540651(this));
             issuers[i].Start();
         }
         for (int i_1 = 0; i_1 < numThreads; i_1++)
         {
             issuers[i_1].Join();
         }
         IDictionary <TestDelegationToken.TestDelegationTokenIdentifier, AbstractDelegationTokenSecretManager.DelegationTokenInformation
                      > tokenCache = dtSecretManager.GetAllTokens();
         Assert.Equal(numTokensPerThread * numThreads, tokenCache.Count
                      );
         IEnumerator <TestDelegationToken.TestDelegationTokenIdentifier> iter = tokenCache.
                                                                                Keys.GetEnumerator();
         while (iter.HasNext())
         {
             TestDelegationToken.TestDelegationTokenIdentifier id = iter.Next();
             AbstractDelegationTokenSecretManager.DelegationTokenInformation info = tokenCache
                                                                                    [id];
             Assert.True(info != null);
             DelegationKey key = dtSecretManager.GetKey(id);
             Assert.True(key != null);
             byte[] storedPassword = dtSecretManager.RetrievePassword(id);
             byte[] password       = dtSecretManager.CreatePassword(id, key);
             Assert.True(Arrays.Equals(password, storedPassword));
             //verify by secret manager api
             dtSecretManager.VerifyToken(id, password);
         }
     }
     finally
     {
         dtSecretManager.StopThreads();
     }
 }
示例#4
0
 public virtual void TestDelegationTokenNullRenewer()
 {
     TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
                                                                                (24 * 60 * 60 * 1000, 10 * 1000, 1 * 1000, 3600000);
     dtSecretManager.StartThreads();
     TestDelegationToken.TestDelegationTokenIdentifier dtId = new TestDelegationToken.TestDelegationTokenIdentifier
                                                                  (new Text("theuser"), null, null);
     Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
                                             > token = new Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
                                                                                                   >(dtId, dtSecretManager);
     Assert.True(token != null);
     try
     {
         dtSecretManager.RenewToken(token, string.Empty);
         NUnit.Framework.Assert.Fail("Renewal must not succeed");
     }
     catch (IOException)
     {
     }
 }
示例#5
0
 /// <exception cref="System.Exception"/>
 public virtual void TestRollMasterKey()
 {
     TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
                                                                                (800, 800, 1 * 1000, 3600000);
     try
     {
         dtSecretManager.StartThreads();
         //generate a token and store the password
         Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
                                                 > token = GenerateDelegationToken(dtSecretManager, "SomeUser", "JobTracker");
         byte[] oldPasswd = token.GetPassword();
         //store the length of the keys list
         int prevNumKeys = dtSecretManager.GetAllKeys().Length;
         dtSecretManager.RollMasterKey();
         Assert.True(dtSecretManager.isStoreNewMasterKeyCalled);
         //after rolling, the length of the keys list must increase
         int currNumKeys = dtSecretManager.GetAllKeys().Length;
         Assert.Equal((currNumKeys - prevNumKeys) >= 1, true);
         //after rolling, the token that was generated earlier must
         //still be valid (retrievePassword will fail if the token
         //is not valid)
         ByteArrayInputStream bi = new ByteArrayInputStream(token.GetIdentifier());
         TestDelegationToken.TestDelegationTokenIdentifier identifier = dtSecretManager.CreateIdentifier
                                                                            ();
         identifier.ReadFields(new DataInputStream(bi));
         byte[] newPasswd = dtSecretManager.RetrievePassword(identifier);
         //compare the passwords
         Assert.Equal(oldPasswd, newPasswd);
         // wait for keys to expire
         while (!dtSecretManager.isRemoveStoredMasterKeyCalled)
         {
             Thread.Sleep(200);
         }
     }
     finally
     {
         dtSecretManager.StopThreads();
     }
 }
示例#6
0
 public virtual void TestCancelDelegationToken()
 {
     TestDelegationToken.TestDelegationTokenSecretManager dtSecretManager = new TestDelegationToken.TestDelegationTokenSecretManager
                                                                                (24 * 60 * 60 * 1000, 10 * 1000, 1 * 1000, 3600000);
     try
     {
         dtSecretManager.StartThreads();
         Org.Apache.Hadoop.Security.Token.Token <TestDelegationToken.TestDelegationTokenIdentifier
                                                 > token = GenerateDelegationToken(dtSecretManager, "SomeUser", "JobTracker");
         //Fake renewer should not be able to renew
         ShouldThrow(new _PrivilegedExceptionAction_324(dtSecretManager, token), typeof(AccessControlException
                                                                                        ));
         dtSecretManager.CancelToken(token, "JobTracker");
         Assert.True(dtSecretManager.isRemoveStoredTokenCalled);
         ShouldThrow(new _PrivilegedExceptionAction_333(dtSecretManager, token), typeof(SecretManager.InvalidToken
                                                                                        ));
     }
     finally
     {
         dtSecretManager.StopThreads();
     }
 }