/// <exception cref="System.IO.IOException"/>
public override Org.Apache.Hadoop.Security.Token.Token <object> GetDelegationToken
(string renewer)
{
Org.Apache.Hadoop.Security.Token.Token <object> token = new Org.Apache.Hadoop.Security.Token.Token
<TokenIdentifier>();
token.SetService(new Text(GetCanonicalServiceName()));
return(token);
}
/// <exception cref="System.Exception"/>
public Org.Apache.Hadoop.Security.Token.Token <object> Answer(InvocationOnMock invocation
)
{
Org.Apache.Hadoop.Security.Token.Token <object> token = new Org.Apache.Hadoop.Security.Token.Token
<TokenIdentifier>();
token.SetService(service);
return(token);
}
/// <exception cref="System.Exception"/>
public Org.Apache.Hadoop.Security.Token.Token <object> Answer(InvocationOnMock invocation
)
{
Org.Apache.Hadoop.Security.Token.Token <object> token = new Org.Apache.Hadoop.Security.Token.Token
<TokenIdentifier>();
token.SetService(new Text(service));
token.SetKind(new Text("token" + this.unique++));
return(token);
}
/// <exception cref="System.Exception"/>
public virtual void TestHAUtilClonesDelegationTokens()
{
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = GetDelegationToken
(fs, "JobTracker");
UserGroupInformation ugi = UserGroupInformation.CreateRemoteUser("test");
URI haUri = new URI("hdfs://my-ha-uri/");
token.SetService(HAUtil.BuildTokenServiceForLogicalUri(haUri, HdfsConstants.HdfsUriScheme
));
ugi.AddToken(token);
ICollection <IPEndPoint> nnAddrs = new HashSet <IPEndPoint>();
nnAddrs.AddItem(new IPEndPoint("localhost", nn0.GetNameNodeAddress().Port));
nnAddrs.AddItem(new IPEndPoint("localhost", nn1.GetNameNodeAddress().Port));
HAUtil.CloneDelegationTokenForLogicalUri(ugi, haUri, nnAddrs);
ICollection <Org.Apache.Hadoop.Security.Token.Token <TokenIdentifier> > tokens = ugi
.GetTokens();
NUnit.Framework.Assert.AreEqual(3, tokens.Count);
Log.Info("Tokens:\n" + Joiner.On("\n").Join(tokens));
DelegationTokenSelector dts = new DelegationTokenSelector();
// check that the token selected for one of the physical IPC addresses
// matches the one we received
foreach (IPEndPoint addr in nnAddrs)
{
Text ipcDtService = SecurityUtil.BuildTokenService(addr);
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token2 = dts.SelectToken
(ipcDtService, ugi.GetTokens());
NUnit.Framework.Assert.IsNotNull(token2);
Assert.AssertArrayEquals(token.GetIdentifier(), token2.GetIdentifier());
Assert.AssertArrayEquals(token.GetPassword(), token2.GetPassword());
}
// switch to host-based tokens, shouldn't match existing tokens
SecurityUtilTestHelper.SetTokenServiceUseIp(false);
foreach (IPEndPoint addr_1 in nnAddrs)
{
Text ipcDtService = SecurityUtil.BuildTokenService(addr_1);
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token2 = dts.SelectToken
(ipcDtService, ugi.GetTokens());
NUnit.Framework.Assert.IsNull(token2);
}
// reclone the tokens, and see if they match now
HAUtil.CloneDelegationTokenForLogicalUri(ugi, haUri, nnAddrs);
foreach (IPEndPoint addr_2 in nnAddrs)
{
Text ipcDtService = SecurityUtil.BuildTokenService(addr_2);
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token2 = dts.SelectToken
(ipcDtService, ugi.GetTokens());
NUnit.Framework.Assert.IsNotNull(token2);
Assert.AssertArrayEquals(token.GetIdentifier(), token2.GetIdentifier());
Assert.AssertArrayEquals(token.GetPassword(), token2.GetPassword());
}
}
/// <summary>Convert a protobuf token into a rpc token and set its service.</summary>
/// <param name="protoToken">the yarn token</param>
/// <param name="service">the service for the token</param>
public static Org.Apache.Hadoop.Security.Token.Token <T> ConvertFromYarn <T>(Org.Apache.Hadoop.Yarn.Api.Records.Token
protoToken, Text service)
where T : TokenIdentifier
{
Org.Apache.Hadoop.Security.Token.Token <T> token = new Org.Apache.Hadoop.Security.Token.Token
<T>(((byte[])protoToken.GetIdentifier().Array()), ((byte[])protoToken.GetPassword
().Array()), new Text(protoToken.GetKind()), new Text(protoToken.GetService()));
if (service != null)
{
token.SetService(service);
}
return(token);
}
/// <exception cref="System.IO.IOException"/>
/// <exception cref="System.Exception"/>
private void VerifyNewVersionToken(Configuration conf, TestClientToAMTokens.CustomAM
am, Org.Apache.Hadoop.Security.Token.Token <ClientToAMTokenIdentifier> token, MockRM
rm)
{
UserGroupInformation ugi;
ugi = UserGroupInformation.CreateRemoteUser("me");
Org.Apache.Hadoop.Security.Token.Token <ClientToAMTokenIdentifier> newToken = new
Org.Apache.Hadoop.Security.Token.Token <ClientToAMTokenIdentifier>(new ClientToAMTokenIdentifierForTest
(token.DecodeIdentifier(), "message"), am.GetClientToAMTokenSecretManager());
newToken.SetService(token.GetService());
ugi.AddToken(newToken);
ugi.DoAs(new _PrivilegedExceptionAction_386(am, conf));
}
public virtual void TestGetUgi()
{
conf.Set(DFSConfigKeys.FsDefaultNameKey, "hdfs://localhost:4321/");
HttpServletRequest request = Org.Mockito.Mockito.Mock <HttpServletRequest>();
ServletContext context = Org.Mockito.Mockito.Mock <ServletContext>();
string user = "******";
Text userText = new Text(user);
DelegationTokenIdentifier dtId = new DelegationTokenIdentifier(userText, userText
, null);
Org.Apache.Hadoop.Security.Token.Token <DelegationTokenIdentifier> token = new Org.Apache.Hadoop.Security.Token.Token
<DelegationTokenIdentifier>(dtId, new TestJspHelper.DummySecretManager(0, 0, 0,
0));
string tokenString = token.EncodeToUrlString();
Org.Mockito.Mockito.When(request.GetParameter(JspHelper.DelegationParameterName))
.ThenReturn(tokenString);
Org.Mockito.Mockito.When(request.GetRemoteUser()).ThenReturn(user);
//Test attribute in the url to be used as service in the token.
Org.Mockito.Mockito.When(request.GetParameter(JspHelper.NamenodeAddress)).ThenReturn
("1.1.1.1:1111");
conf.Set(DFSConfigKeys.HadoopSecurityAuthentication, "kerberos");
UserGroupInformation.SetConfiguration(conf);
VerifyServiceInToken(context, request, "1.1.1.1:1111");
//Test attribute name.node.address
//Set the nnaddr url parameter to null.
Org.Mockito.Mockito.When(request.GetParameter(JspHelper.NamenodeAddress)).ThenReturn
(null);
IPEndPoint addr = new IPEndPoint("localhost", 2222);
Org.Mockito.Mockito.When(context.GetAttribute(NameNodeHttpServer.NamenodeAddressAttributeKey
)).ThenReturn(addr);
VerifyServiceInToken(context, request, addr.Address.GetHostAddress() + ":2222");
//Test service already set in the token
token.SetService(new Text("3.3.3.3:3333"));
tokenString = token.EncodeToUrlString();
//Set the name.node.address attribute in Servlet context to null
Org.Mockito.Mockito.When(context.GetAttribute(NameNodeHttpServer.NamenodeAddressAttributeKey
)).ThenReturn(null);
Org.Mockito.Mockito.When(request.GetParameter(JspHelper.DelegationParameterName))
.ThenReturn(tokenString);
VerifyServiceInToken(context, request, "3.3.3.3:3333");
}
/// <summary>Set the given token's service to the format expected by the RPC client</summary>
/// <param name="token">a delegation token</param>
/// <param name="addr">the socket for the rpc connection</param>
public static void SetTokenService <_T0>(Org.Apache.Hadoop.Security.Token.Token <_T0
> token, IPEndPoint addr)
where _T0 : TokenIdentifier
{
Text service = BuildTokenService(addr);
if (token != null)
{
token.SetService(service);
if (Log.IsDebugEnabled())
{
Log.Debug("Acquired token " + token);
}
}
else
{
// Token#toString() prints service
Log.Warn("Failed to get token for service " + service);
}
}
