/// <exception cref="System.IO.IOException"/>
/// <exception cref="System.Exception"/>
private void CheckShortCircuitRenewCancel(IPEndPoint rmAddr, IPEndPoint serviceAddr
, bool shouldShortCircuit)
{
Configuration conf = new Configuration();
conf.SetClass(YarnConfiguration.IpcRpcImpl, typeof(TestClientRMTokens.YarnBadRPC)
, typeof(YarnRPC));
RMDelegationTokenSecretManager secretManager = Org.Mockito.Mockito.Mock <RMDelegationTokenSecretManager
>();
RMDelegationTokenIdentifier.Renewer.SetSecretManager(secretManager, rmAddr);
RMDelegationTokenIdentifier ident = new RMDelegationTokenIdentifier(new Text("owner"
), new Text("renewer"), null);
Org.Apache.Hadoop.Security.Token.Token <RMDelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token
<RMDelegationTokenIdentifier>(ident, secretManager);
SecurityUtil.SetTokenService(token, serviceAddr);
if (shouldShortCircuit)
{
token.Renew(conf);
Org.Mockito.Mockito.Verify(secretManager).RenewToken(Matchers.Eq(token), Matchers.Eq
("renewer"));
Org.Mockito.Mockito.Reset(secretManager);
token.Cancel(conf);
Org.Mockito.Mockito.Verify(secretManager).CancelToken(Matchers.Eq(token), Matchers.Eq
("renewer"));
}
else
{
try
{
token.Renew(conf);
NUnit.Framework.Assert.Fail();
}
catch (RuntimeException e)
{
NUnit.Framework.Assert.AreEqual("getProxy", e.Message);
}
Org.Mockito.Mockito.Verify(secretManager, Org.Mockito.Mockito.Never()).RenewToken
(Matchers.Any <Org.Apache.Hadoop.Security.Token.Token>(), Matchers.AnyString());
try
{
token.Cancel(conf);
NUnit.Framework.Assert.Fail();
}
catch (RuntimeException e)
{
NUnit.Framework.Assert.AreEqual("getProxy", e.Message);
}
Org.Mockito.Mockito.Verify(secretManager, Org.Mockito.Mockito.Never()).CancelToken
(Matchers.Any <Org.Apache.Hadoop.Security.Token.Token>(), Matchers.AnyString());
}
}
/// <exception cref="System.Exception"/>
public virtual void TestHdfsGetCanonicalServiceName()
{
Configuration conf = dfs.GetConf();
URI haUri = HATestUtil.GetLogicalUri(cluster);
AbstractFileSystem afs = AbstractFileSystem.CreateFileSystem(haUri, conf);
string haService = HAUtil.BuildTokenServiceForLogicalUri(haUri, HdfsConstants.HdfsUriScheme
).ToString();
NUnit.Framework.Assert.AreEqual(haService, afs.GetCanonicalServiceName());
Org.Apache.Hadoop.Security.Token.Token <object> token = afs.GetDelegationTokens(UserGroupInformation
.GetCurrentUser().GetShortUserName())[0];
NUnit.Framework.Assert.AreEqual(haService, token.GetService().ToString());
// make sure the logical uri is handled correctly
token.Renew(conf);
token.Cancel(conf);
}
/// <summary>
/// HDFS-3062: DistributedFileSystem.getCanonicalServiceName() throws an
/// exception if the URI is a logical URI.
/// </summary>
/// <remarks>
/// HDFS-3062: DistributedFileSystem.getCanonicalServiceName() throws an
/// exception if the URI is a logical URI. This bug fails the combination of
/// ha + mapred + security.
/// </remarks>
/// <exception cref="System.Exception"/>
public virtual void TestDFSGetCanonicalServiceName()
{
URI hAUri = HATestUtil.GetLogicalUri(cluster);
string haService = HAUtil.BuildTokenServiceForLogicalUri(hAUri, HdfsConstants.HdfsUriScheme
).ToString();
NUnit.Framework.Assert.AreEqual(haService, dfs.GetCanonicalServiceName());
string renewer = UserGroupInformation.GetCurrentUser().GetShortUserName();
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = GetDelegationToken
(dfs, renewer);
NUnit.Framework.Assert.AreEqual(haService, token.GetService().ToString());
// make sure the logical uri is handled correctly
token.Renew(dfs.GetConf());
token.Cancel(dfs.GetConf());
}
/// <summary>Renew or replace the delegation token for this file system.</summary>
/// <remarks>
/// Renew or replace the delegation token for this file system.
/// It can only be called when the action is not in the queue.
/// </remarks>
/// <returns/>
/// <exception cref="System.IO.IOException"/>
/// <exception cref="System.Exception"/>
private bool Renew()
{
T fs = weakFs.Get();
bool b = fs != null;
if (b)
{
lock (fs)
{
try
{
long expires = token.Renew(fs.GetConf());
UpdateRenewalTime(expires - Time.Now());
}
catch (IOException ie)
{
try
{
Org.Apache.Hadoop.Security.Token.Token <object>[] tokens = fs.AddDelegationTokens(
null, null);
if (tokens.Length == 0)
{
throw new IOException("addDelegationTokens returned no tokens");
}
token = tokens[0];
UpdateRenewalTime(renewCycle);
fs.SetDelegationToken(token);
}
catch (IOException)
{
isValid = false;
throw new IOException("Can't renew or get new delegation token ", ie);
}
}
}
}
return(b);
}
