/// <exception cref="System.IO.IOException"/> public override Org.Apache.Hadoop.Security.Token.Token <object> GetDelegationToken (string renewer) { Org.Apache.Hadoop.Security.Token.Token <object> token = new Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier>(); token.SetService(new Text(GetCanonicalServiceName())); return(token); }
/// <exception cref="System.Exception"/> public Org.Apache.Hadoop.Security.Token.Token <object> Answer(InvocationOnMock invocation ) { Org.Apache.Hadoop.Security.Token.Token <object> token = new Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier>(); token.SetService(service); return(token); }
/// <exception cref="System.Exception"/> public Org.Apache.Hadoop.Security.Token.Token <object> Answer(InvocationOnMock invocation ) { Org.Apache.Hadoop.Security.Token.Token <object> token = new Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier>(); token.SetService(new Text(service)); token.SetKind(new Text("token" + this.unique++)); return(token); }
/// <exception cref="System.Exception"/> public virtual void TestHAUtilClonesDelegationTokens() { Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = GetDelegationToken (fs, "JobTracker"); UserGroupInformation ugi = UserGroupInformation.CreateRemoteUser("test"); URI haUri = new URI("hdfs://my-ha-uri/"); token.SetService(HAUtil.BuildTokenServiceForLogicalUri(haUri, HdfsConstants.HdfsUriScheme )); ugi.AddToken(token); ICollection <IPEndPoint> nnAddrs = new HashSet <IPEndPoint>(); nnAddrs.AddItem(new IPEndPoint("localhost", nn0.GetNameNodeAddress().Port)); nnAddrs.AddItem(new IPEndPoint("localhost", nn1.GetNameNodeAddress().Port)); HAUtil.CloneDelegationTokenForLogicalUri(ugi, haUri, nnAddrs); ICollection <Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> > tokens = ugi .GetTokens(); NUnit.Framework.Assert.AreEqual(3, tokens.Count); Log.Info("Tokens:\n" + Joiner.On("\n").Join(tokens)); DelegationTokenSelector dts = new DelegationTokenSelector(); // check that the token selected for one of the physical IPC addresses // matches the one we received foreach (IPEndPoint addr in nnAddrs) { Text ipcDtService = SecurityUtil.BuildTokenService(addr); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token2 = dts.SelectToken (ipcDtService, ugi.GetTokens()); NUnit.Framework.Assert.IsNotNull(token2); Assert.AssertArrayEquals(token.GetIdentifier(), token2.GetIdentifier()); Assert.AssertArrayEquals(token.GetPassword(), token2.GetPassword()); } // switch to host-based tokens, shouldn't match existing tokens SecurityUtilTestHelper.SetTokenServiceUseIp(false); foreach (IPEndPoint addr_1 in nnAddrs) { Text ipcDtService = SecurityUtil.BuildTokenService(addr_1); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token2 = dts.SelectToken (ipcDtService, ugi.GetTokens()); NUnit.Framework.Assert.IsNull(token2); } // reclone the tokens, and see if they match now HAUtil.CloneDelegationTokenForLogicalUri(ugi, haUri, nnAddrs); foreach (IPEndPoint addr_2 in nnAddrs) { Text ipcDtService = SecurityUtil.BuildTokenService(addr_2); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token2 = dts.SelectToken (ipcDtService, ugi.GetTokens()); NUnit.Framework.Assert.IsNotNull(token2); Assert.AssertArrayEquals(token.GetIdentifier(), token2.GetIdentifier()); Assert.AssertArrayEquals(token.GetPassword(), token2.GetPassword()); } }
/// <summary>Convert a protobuf token into a rpc token and set its service.</summary> /// <param name="protoToken">the yarn token</param> /// <param name="service">the service for the token</param> public static Org.Apache.Hadoop.Security.Token.Token <T> ConvertFromYarn <T>(Org.Apache.Hadoop.Yarn.Api.Records.Token protoToken, Text service) where T : TokenIdentifier { Org.Apache.Hadoop.Security.Token.Token <T> token = new Org.Apache.Hadoop.Security.Token.Token <T>(((byte[])protoToken.GetIdentifier().Array()), ((byte[])protoToken.GetPassword ().Array()), new Text(protoToken.GetKind()), new Text(protoToken.GetService())); if (service != null) { token.SetService(service); } return(token); }
/// <exception cref="System.IO.IOException"/> /// <exception cref="System.Exception"/> private void VerifyNewVersionToken(Configuration conf, TestClientToAMTokens.CustomAM am, Org.Apache.Hadoop.Security.Token.Token <ClientToAMTokenIdentifier> token, MockRM rm) { UserGroupInformation ugi; ugi = UserGroupInformation.CreateRemoteUser("me"); Org.Apache.Hadoop.Security.Token.Token <ClientToAMTokenIdentifier> newToken = new Org.Apache.Hadoop.Security.Token.Token <ClientToAMTokenIdentifier>(new ClientToAMTokenIdentifierForTest (token.DecodeIdentifier(), "message"), am.GetClientToAMTokenSecretManager()); newToken.SetService(token.GetService()); ugi.AddToken(newToken); ugi.DoAs(new _PrivilegedExceptionAction_386(am, conf)); }
public virtual void TestGetUgi() { conf.Set(DFSConfigKeys.FsDefaultNameKey, "hdfs://localhost:4321/"); HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>(); ServletContext context = Org.Mockito.Mockito.Mock <ServletContext>(); string user = "******"; Text userText = new Text(user); DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(userText, userText , null); Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier>(dtId, new TestJspHelper.DummySecretManager(0, 0, 0, 0)); string tokenString = token.EncodeToUrlString(); Org.Mockito.Mockito.When(request.GetParameter(JspHelper.DelegationParameterName)) .ThenReturn(tokenString); Org.Mockito.Mockito.When(request.GetRemoteUser()).ThenReturn(user); //Test attribute in the url to be used as service in the token. Org.Mockito.Mockito.When(request.GetParameter(JspHelper.NamenodeAddress)).ThenReturn ("1.1.1.1:1111"); conf.Set(DFSConfigKeys.HadoopSecurityAuthentication, "kerberos"); UserGroupInformation.SetConfiguration(conf); VerifyServiceInToken(context, request, "1.1.1.1:1111"); //Test attribute name.node.address //Set the nnaddr url parameter to null. Org.Mockito.Mockito.When(request.GetParameter(JspHelper.NamenodeAddress)).ThenReturn (null); IPEndPoint addr = new IPEndPoint("localhost", 2222); Org.Mockito.Mockito.When(context.GetAttribute(NameNodeHttpServer.NamenodeAddressAttributeKey )).ThenReturn(addr); VerifyServiceInToken(context, request, addr.Address.GetHostAddress() + ":2222"); //Test service already set in the token token.SetService(new Text("3.3.3.3:3333")); tokenString = token.EncodeToUrlString(); //Set the name.node.address attribute in Servlet context to null Org.Mockito.Mockito.When(context.GetAttribute(NameNodeHttpServer.NamenodeAddressAttributeKey )).ThenReturn(null); Org.Mockito.Mockito.When(request.GetParameter(JspHelper.DelegationParameterName)) .ThenReturn(tokenString); VerifyServiceInToken(context, request, "3.3.3.3:3333"); }
/// <summary>Set the given token's service to the format expected by the RPC client</summary> /// <param name="token">a delegation token</param> /// <param name="addr">the socket for the rpc connection</param> public static void SetTokenService <_T0>(Org.Apache.Hadoop.Security.Token.Token <_T0 > token, IPEndPoint addr) where _T0 : TokenIdentifier { Text service = BuildTokenService(addr); if (token != null) { token.SetService(service); if (Log.IsDebugEnabled()) { Log.Debug("Acquired token " + token); } } else { // Token#toString() prints service Log.Warn("Failed to get token for service " + service); } }