Example 1 with DelegationTokenInformation
use of org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation in project hive by apache.
the class HiveDelegationTokenSupport method decodeDelegationTokenInformation.
public static DelegationTokenInformation decodeDelegationTokenInformation(byte[] tokenBytes) throws IOException {
DataInputStream in = new DataInputStream(new ByteArrayInputStream(tokenBytes));
DelegationTokenInformation token = new DelegationTokenInformation(0, null);
int len = WritableUtils.readVInt(in);
token.password = new byte[len];
in.readFully(token.password);
token.renewDate = in.readLong();
return token;
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
DataInputStream(java.io.DataInputStream)
DelegationTokenInformation(org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation)
Example 2 with DelegationTokenInformation
use of org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation in project hive by apache.
the class TestDBTokenStore method testDBTokenStore.
public void testDBTokenStore() throws TokenStoreException, MetaException, IOException {
DelegationTokenStore ts = new DBTokenStore();
ts.init(new HMSHandler("Test handler"), ServerMode.METASTORE);
assertEquals(0, ts.getMasterKeys().length);
assertEquals(false, ts.removeMasterKey(-1));
try {
ts.updateMasterKey(-1, "non-existent-key");
fail("Updated non-existent key.");
} catch (TokenStoreException e) {
assertTrue(e.getCause() instanceof NoSuchObjectException);
}
int keySeq = ts.addMasterKey("key1Data");
int keySeq2 = ts.addMasterKey("key2Data");
int keySeq2same = ts.addMasterKey("key2Data");
assertEquals("keys sequential", keySeq + 1, keySeq2);
assertEquals("keys sequential", keySeq + 2, keySeq2same);
assertEquals("expected number of keys", 3, ts.getMasterKeys().length);
assertTrue(ts.removeMasterKey(keySeq));
assertTrue(ts.removeMasterKey(keySeq2same));
assertEquals("expected number of keys", 1, ts.getMasterKeys().length);
assertEquals("key2Data", ts.getMasterKeys()[0]);
ts.updateMasterKey(keySeq2, "updatedData");
assertEquals("updatedData", ts.getMasterKeys()[0]);
assertTrue(ts.removeMasterKey(keySeq2));
// tokens
assertEquals(0, ts.getAllDelegationTokenIdentifiers().size());
DelegationTokenIdentifier tokenId = new DelegationTokenIdentifier(new Text("owner"), new Text("renewer"), new Text("realUser"));
assertNull(ts.getToken(tokenId));
assertFalse(ts.removeToken(tokenId));
DelegationTokenInformation tokenInfo = new DelegationTokenInformation(99, "password".getBytes());
assertTrue(ts.addToken(tokenId, tokenInfo));
assertFalse(ts.addToken(tokenId, tokenInfo));
DelegationTokenInformation tokenInfoRead = ts.getToken(tokenId);
assertEquals(tokenInfo.getRenewDate(), tokenInfoRead.getRenewDate());
assertNotSame(tokenInfo, tokenInfoRead);
Assert.assertArrayEquals(HiveDelegationTokenSupport.encodeDelegationTokenInformation(tokenInfo), HiveDelegationTokenSupport.encodeDelegationTokenInformation(tokenInfoRead));
List<DelegationTokenIdentifier> allIds = ts.getAllDelegationTokenIdentifiers();
assertEquals(1, allIds.size());
Assert.assertEquals(TokenStoreDelegationTokenSecretManager.encodeWritable(tokenId), TokenStoreDelegationTokenSecretManager.encodeWritable(allIds.get(0)));
assertTrue(ts.removeToken(tokenId));
assertEquals(0, ts.getAllDelegationTokenIdentifiers().size());
assertNull(ts.getToken(tokenId));
ts.close();
}
Also used :
TokenStoreException(org.apache.hadoop.hive.thrift.DelegationTokenStore.TokenStoreException)
NoSuchObjectException(org.apache.hadoop.hive.metastore.api.NoSuchObjectException)
Text(org.apache.hadoop.io.Text)
HMSHandler(org.apache.hadoop.hive.metastore.HiveMetaStore.HMSHandler)
DelegationTokenInformation(org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation)
Example 3 with DelegationTokenInformation
use of org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation in project hive by apache.
the class DBTokenStore method getToken.
@Override
public DelegationTokenInformation getToken(DelegationTokenIdentifier tokenIdentifier) throws TokenStoreException {
try {
String tokenStr = (String) invokeOnTokenStore("getToken", new Object[] { TokenStoreDelegationTokenSecretManager.encodeWritable(tokenIdentifier) }, String.class);
DelegationTokenInformation result = null;
if (tokenStr != null) {
result = HiveDelegationTokenSupport.decodeDelegationTokenInformation(Base64.decodeBase64(tokenStr));
}
if (LOG.isTraceEnabled()) {
LOG.trace("getToken: tokenIdentifier = " + tokenIdentifier + ", result = " + result);
}
return result;
} catch (IOException e) {
throw new TokenStoreException(e);
}
}
Also used :
IOException(java.io.IOException)
DelegationTokenInformation(org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation)
Example 4 with DelegationTokenInformation
use of org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation in project hive by apache.
the class TestZooKeeperTokenStore method testTokenStorage.
public void testTokenStorage() throws Exception {
String ZK_PATH = "/zktokenstore-testTokenStorage";
ts = new ZooKeeperTokenStore();
Configuration conf = createConf(ZK_PATH);
conf.set(HiveDelegationTokenManager.DELEGATION_TOKEN_STORE_ZK_ACL, "world:anyone:cdrwa");
ts.setConf(conf);
ts.init(null, ServerMode.METASTORE);
String metastore_zk_path = ZK_PATH + ServerMode.METASTORE;
int keySeq = ts.addMasterKey("key1Data");
byte[] keyBytes = zkClient.getData().forPath(metastore_zk_path + "/keys/" + String.format(ZooKeeperTokenStore.ZK_SEQ_FORMAT, keySeq));
assertNotNull(keyBytes);
assertEquals(new String(keyBytes), "key1Data");
int keySeq2 = ts.addMasterKey("key2Data");
assertEquals("keys sequential", keySeq + 1, keySeq2);
assertEquals("expected number keys", 2, ts.getMasterKeys().length);
ts.removeMasterKey(keySeq);
assertEquals("expected number keys", 1, ts.getMasterKeys().length);
// tokens
DelegationTokenIdentifier tokenId = new DelegationTokenIdentifier(new Text("owner"), new Text("renewer"), new Text("realUser"));
DelegationTokenInformation tokenInfo = new DelegationTokenInformation(99, "password".getBytes());
ts.addToken(tokenId, tokenInfo);
DelegationTokenInformation tokenInfoRead = ts.getToken(tokenId);
assertEquals(tokenInfo.getRenewDate(), tokenInfoRead.getRenewDate());
assertNotSame(tokenInfo, tokenInfoRead);
Assert.assertArrayEquals(HiveDelegationTokenSupport.encodeDelegationTokenInformation(tokenInfo), HiveDelegationTokenSupport.encodeDelegationTokenInformation(tokenInfoRead));
List<DelegationTokenIdentifier> allIds = ts.getAllDelegationTokenIdentifiers();
assertEquals(1, allIds.size());
Assert.assertEquals(TokenStoreDelegationTokenSecretManager.encodeWritable(tokenId), TokenStoreDelegationTokenSecretManager.encodeWritable(allIds.get(0)));
assertTrue(ts.removeToken(tokenId));
assertEquals(0, ts.getAllDelegationTokenIdentifiers().size());
assertNull(ts.getToken(tokenId));
}
Also used :
Configuration(org.apache.hadoop.conf.Configuration)
Text(org.apache.hadoop.io.Text)
DelegationTokenInformation(org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation)
Example 5 with DelegationTokenInformation
use of org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation in project hive by apache.
the class TestHadoopAuthBridge23 method testDelegationTokenSharedStore.
/**
* Test delegation token store/load from shared store.
* @throws Exception
*/
@Test
public void testDelegationTokenSharedStore() throws Exception {
UserGroupInformation clientUgi = UserGroupInformation.getCurrentUser();
TokenStoreDelegationTokenSecretManager tokenManager = new TokenStoreDelegationTokenSecretManager(0, 60 * 60 * 1000, 60 * 60 * 1000, 0, MyTokenStore.TOKEN_STORE);
// initializes current key
tokenManager.startThreads();
tokenManager.stopThreads();
String tokenStrForm = tokenManager.getDelegationToken(clientUgi.getShortUserName());
Token<DelegationTokenIdentifier> t = new Token<DelegationTokenIdentifier>();
t.decodeFromUrlString(tokenStrForm);
//check whether the username in the token is what we expect
DelegationTokenIdentifier d = new DelegationTokenIdentifier();
d.readFields(new DataInputStream(new ByteArrayInputStream(t.getIdentifier())));
Assert.assertTrue("Usernames don't match", clientUgi.getShortUserName().equals(d.getUser().getShortUserName()));
DelegationTokenInformation tokenInfo = MyTokenStore.TOKEN_STORE.getToken(d);
Assert.assertNotNull("token not in store", tokenInfo);
Assert.assertFalse("duplicate token add", MyTokenStore.TOKEN_STORE.addToken(d, tokenInfo));
// check keys are copied from token store when token is loaded
TokenStoreDelegationTokenSecretManager anotherManager = new TokenStoreDelegationTokenSecretManager(0, 0, 0, 0, MyTokenStore.TOKEN_STORE);
Assert.assertEquals("master keys empty on init", 0, anotherManager.getAllKeys().length);
Assert.assertNotNull("token loaded", anotherManager.retrievePassword(d));
anotherManager.renewToken(t, clientUgi.getShortUserName());
Assert.assertEquals("master keys not loaded from store", MyTokenStore.TOKEN_STORE.getMasterKeys().length, anotherManager.getAllKeys().length);
// cancel the delegation token
tokenManager.cancelDelegationToken(tokenStrForm);
Assert.assertNull("token not removed from store after cancel", MyTokenStore.TOKEN_STORE.getToken(d));
Assert.assertFalse("token removed (again)", MyTokenStore.TOKEN_STORE.removeToken(d));
try {
anotherManager.retrievePassword(d);
Assert.fail("InvalidToken expected after cancel");
} catch (InvalidToken ex) {
// expected
}
// token expiration
MyTokenStore.TOKEN_STORE.addToken(d, new DelegationTokenInformation(0, t.getPassword()));
Assert.assertNotNull(MyTokenStore.TOKEN_STORE.getToken(d));
anotherManager.removeExpiredTokens();
Assert.assertNull("Expired token not removed", MyTokenStore.TOKEN_STORE.getToken(d));
// key expiration - create an already expired key
// generates initial key
anotherManager.startThreads();
anotherManager.stopThreads();
DelegationKey expiredKey = new DelegationKey(-1, 0, anotherManager.getAllKeys()[0].getKey());
// updates key with sequence number
anotherManager.logUpdateMasterKey(expiredKey);
Assert.assertTrue("expired key not in allKeys", anotherManager.reloadKeys().containsKey(expiredKey.getKeyId()));
anotherManager.rollMasterKeyExt();
Assert.assertFalse("Expired key not removed", anotherManager.reloadKeys().containsKey(expiredKey.getKeyId()));
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
DelegationKey(org.apache.hadoop.security.token.delegation.DelegationKey)
InvalidToken(org.apache.hadoop.security.token.SecretManager.InvalidToken)
InvalidToken(org.apache.hadoop.security.token.SecretManager.InvalidToken)
Token(org.apache.hadoop.security.token.Token)
DataInputStream(java.io.DataInputStream)
UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)
DelegationTokenInformation(org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation)
Test(org.junit.Test)
Aggregations
DelegationTokenInformation (org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager.DelegationTokenInformation)6
ByteArrayInputStream (java.io.ByteArrayInputStream)2
DataInputStream (java.io.DataInputStream)2
IOException (java.io.IOException)2
Text (org.apache.hadoop.io.Text)2
Test (org.junit.Test)2
Configuration (org.apache.hadoop.conf.Configuration)1
HMSHandler (org.apache.hadoop.hive.metastore.HiveMetaStore.HMSHandler)1
NoSuchObjectException (org.apache.hadoop.hive.metastore.api.NoSuchObjectException)1
TokenStoreException (org.apache.hadoop.hive.thrift.DelegationTokenStore.TokenStoreException)1
AccessControlException (org.apache.hadoop.security.AccessControlException)1
UserGroupInformation (org.apache.hadoop.security.UserGroupInformation)1
InvalidToken (org.apache.hadoop.security.token.SecretManager.InvalidToken)1
Token (org.apache.hadoop.security.token.Token)1
DelegationKey (org.apache.hadoop.security.token.delegation.DelegationKey)1
Daemon (org.apache.hadoop.util.Daemon)1
