Examples with BlockTokenException org.apache.hadoop.hdds.security.token.BlockTokenException used on opensource projects

Example 1 with BlockTokenException

use of org.apache.hadoop.hdds.security.token.BlockTokenException in project ozone by apache.

the class TestOzoneBlockTokenSecretManager method tokenCannotBeUsedForOtherBlock.

@Test
public void tokenCannotBeUsedForOtherBlock() throws Exception {
    // GIVEN
    BlockID blockID = new BlockID(101, 0);
    BlockID otherBlockID = new BlockID(102, 0);
    // WHEN
    Token<OzoneBlockTokenIdentifier> token = secretManager.generateToken("testUser", blockID, EnumSet.allOf(AccessModeProto.class), 100);
    String encodedToken = token.encodeToUrlString();
    ContainerCommandRequestProto writeChunkRequest = getWriteChunkRequest(pipeline, otherBlockID, 100, encodedToken);
    // THEN
    BlockTokenException e = assertThrows(BlockTokenException.class, () -> tokenVerifier.verify("testUser", token, writeChunkRequest));
    String msg = e.getMessage();
    assertTrue(msg, msg.contains("Token for ID: " + OzoneBlockTokenIdentifier.getTokenService(blockID) + " can't be used to access: " + OzoneBlockTokenIdentifier.getTokenService(otherBlockID)));
}

Example 2 with BlockTokenException

use of org.apache.hadoop.hdds.security.token.BlockTokenException in project ozone by apache.

the class TestOzoneBlockTokenSecretManager method testBlockTokenReadAccessMode.

@Test
public void testBlockTokenReadAccessMode() throws Exception {
    final String testUser1 = "testUser1";
    BlockID blockID = new BlockID(101, 0);
    Token<OzoneBlockTokenIdentifier> token = secretManager.generateToken(testUser1, blockID, EnumSet.of(AccessModeProto.READ), 100);
    String encodedToken = token.encodeToUrlString();
    ContainerCommandRequestProto writeChunkRequest = getWriteChunkRequest(pipeline, blockID, 100, encodedToken);
    ContainerCommandRequestProto putBlockCommand = getPutBlockRequest(pipeline, encodedToken, writeChunkRequest.getWriteChunk());
    ContainerCommandRequestProto getBlockCommand = getBlockRequest(pipeline, putBlockCommand.getPutBlock());
    BlockTokenException e = assertThrows(BlockTokenException.class, () -> tokenVerifier.verify(testUser1, token, putBlockCommand));
    String msg = e.getMessage();
    assertTrue(msg, msg.contains("doesn't have WRITE permission"));
    tokenVerifier.verify(testUser1, token, getBlockCommand);
}

Example 3 with BlockTokenException

use of org.apache.hadoop.hdds.security.token.BlockTokenException in project ozone by apache.

the class TestOzoneBlockTokenSecretManager method testNetYetValidCertificate.

@Test
public void testNetYetValidCertificate() throws Exception {
    String user = "testUser2";
    BlockID blockID = new BlockID(102, 0);
    Token<OzoneBlockTokenIdentifier> token = secretManager.generateToken(user, blockID, EnumSet.allOf(AccessModeProto.class), 100);
    ContainerCommandRequestProto writeChunkRequest = getWriteChunkRequest(pipeline, blockID, 100, token.encodeToUrlString());
    tokenVerifier.verify(user, token, writeChunkRequest);
    // Mock client with an expired cert
    X509Certificate netYetValidCert = generateNotValidYetCert("CN=OzoneMaster", keyPair, ALGORITHM);
    when(client.getCertificate(anyString())).thenReturn(netYetValidCert);
    BlockTokenException e = assertThrows(BlockTokenException.class, () -> tokenVerifier.verify(user, token, writeChunkRequest));
    String msg = e.getMessage();
    assertTrue(msg, msg.contains("Token can't be verified due to not" + " yet valid certificate"));
}

Example 4 with BlockTokenException

use of org.apache.hadoop.hdds.security.token.BlockTokenException in project ozone by apache.

the class TestOzoneBlockTokenSecretManager method testBlockTokenWriteAccessMode.

@Test
public void testBlockTokenWriteAccessMode() throws Exception {
    final String testUser2 = "testUser2";
    BlockID blockID = new BlockID(102, 0);
    Token<OzoneBlockTokenIdentifier> token = secretManager.generateToken(testUser2, blockID, EnumSet.of(AccessModeProto.WRITE), 100);
    String encodedToken = token.encodeToUrlString();
    ContainerCommandRequestProto writeChunkRequest = getWriteChunkRequest(pipeline, blockID, 100, encodedToken);
    ContainerCommandRequestProto readChunkRequest = getReadChunkRequest(pipeline, writeChunkRequest.getWriteChunk());
    tokenVerifier.verify(testUser2, token, writeChunkRequest);
    BlockTokenException e = assertThrows(BlockTokenException.class, () -> tokenVerifier.verify(testUser2, token, readChunkRequest));
    String msg = e.getMessage();
    assertTrue(msg, msg.contains("doesn't have READ permission"));
}

Example 5 with BlockTokenException

use of org.apache.hadoop.hdds.security.token.BlockTokenException in project ozone by apache.

the class TestOzoneBlockTokenSecretManager method testExpiredCertificate.

@Test
public void testExpiredCertificate() throws Exception {
    String user = "testUser2";
    BlockID blockID = new BlockID(102, 0);
    Token<OzoneBlockTokenIdentifier> token = secretManager.generateToken(user, blockID, EnumSet.allOf(AccessModeProto.class), 100);
    ContainerCommandRequestProto writeChunkRequest = getWriteChunkRequest(pipeline, blockID, 100, token.encodeToUrlString());
    tokenVerifier.verify("testUser", token, writeChunkRequest);
    // Mock client with an expired cert
    X509Certificate expiredCert = generateExpiredCert("CN=OzoneMaster", keyPair, ALGORITHM);
    when(client.getCertificate(anyString())).thenReturn(expiredCert);
    BlockTokenException e = assertThrows(BlockTokenException.class, () -> tokenVerifier.verify(user, token, writeChunkRequest));
    String msg = e.getMessage();
    assertTrue(msg, msg.contains("Token can't be verified due to" + " expired certificate"));
}