Examples with DelegationKey org.apache.hadoop.security.token.delegation.DelegationKey used on opensource projects

Example 11 with DelegationKey

use of org.apache.hadoop.security.token.delegation.DelegationKey in project hadoop by apache.

the class TestRMDelegationTokens method testRemoveExpiredMasterKeyInRMStateStore.

// Test all expired keys are removed from state-store.
@Test(timeout = 15000)
public void testRemoveExpiredMasterKeyInRMStateStore() throws Exception {
    MemoryRMStateStore memStore = new MemoryRMStateStore();
    memStore.init(testConf);
    RMState rmState = memStore.getState();
    Set<DelegationKey> rmDTMasterKeyState = rmState.getRMDTSecretManagerState().getMasterKeyState();
    MockRM rm1 = new MyMockRM(testConf, memStore);
    rm1.start();
    RMDelegationTokenSecretManager dtSecretManager = rm1.getRMContext().getRMDelegationTokenSecretManager();
    // assert all master keys are saved
    Assert.assertEquals(dtSecretManager.getAllMasterKeys(), rmDTMasterKeyState);
    Set<DelegationKey> expiringKeys = new HashSet<DelegationKey>();
    expiringKeys.addAll(dtSecretManager.getAllMasterKeys());
    // wait for expiringKeys to expire
    while (true) {
        boolean allExpired = true;
        for (DelegationKey key : expiringKeys) {
            if (rmDTMasterKeyState.contains(key)) {
                allExpired = false;
            }
        }
        if (allExpired)
            break;
        Thread.sleep(500);
    }
    rm1.stop();
}

Example 12 with DelegationKey

use of org.apache.hadoop.security.token.delegation.DelegationKey in project hive by apache.

the class TokenStoreDelegationTokenSecretManager method reloadKeys.

protected Map<Integer, DelegationKey> reloadKeys() {
    // read keys from token store
    String[] allKeys = tokenStore.getMasterKeys();
    Map<Integer, DelegationKey> keys = new HashMap<Integer, DelegationKey>(allKeys.length);
    for (String keyStr : allKeys) {
        DelegationKey key = new DelegationKey();
        try {
            decodeWritable(key, keyStr);
            keys.put(key.getKeyId(), key);
        } catch (IOException ex) {
            LOGGER.error("Failed to load master key.", ex);
        }
    }
    synchronized (this) {
        super.allKeys.clear();
        super.allKeys.putAll(keys);
    }
    return keys;
}

Example 13 with DelegationKey

use of org.apache.hadoop.security.token.delegation.DelegationKey in project hive by apache.

the class TokenStoreDelegationTokenSecretManager method logUpdateMasterKey.

/**
   * Synchronize master key updates / sequence generation for multiple nodes.
   * NOTE: {@Link AbstractDelegationTokenSecretManager} keeps currentKey private, so we need
   * to utilize this "hook" to manipulate the key through the object reference.
   * This .20S workaround should cease to exist when Hadoop supports token store.
   */
@Override
protected void logUpdateMasterKey(DelegationKey key) throws IOException {
    int keySeq = this.tokenStore.addMasterKey(encodeWritable(key));
    // update key with assigned identifier
    DelegationKey keyWithSeq = new DelegationKey(keySeq, key.getExpiryDate(), key.getKey());
    String keyStr = encodeWritable(keyWithSeq);
    this.tokenStore.updateMasterKey(keySeq, keyStr);
    decodeWritable(key, keyStr);
    LOGGER.info("New master key with key id={}", key.getKeyId());
    super.logUpdateMasterKey(key);
}

Example 14 with DelegationKey

use of org.apache.hadoop.security.token.delegation.DelegationKey in project hive by apache.

the class TokenStoreDelegationTokenSecretManager method rollMasterKeyExt.

/**
   * Extension of rollMasterKey to remove expired keys from store.
   *
   * @throws IOException
   */
protected void rollMasterKeyExt() throws IOException {
    Map<Integer, DelegationKey> keys = reloadKeys();
    int currentKeyId = super.currentId;
    HiveDelegationTokenSupport.rollMasterKey(TokenStoreDelegationTokenSecretManager.this);
    List<DelegationKey> keysAfterRoll = Arrays.asList(getAllKeys());
    for (DelegationKey key : keysAfterRoll) {
        keys.remove(key.getKeyId());
        if (key.getKeyId() == currentKeyId) {
            tokenStore.updateMasterKey(currentKeyId, encodeWritable(key));
        }
    }
    for (DelegationKey expiredKey : keys.values()) {
        LOGGER.info("Removing expired key id={}", expiredKey.getKeyId());
        try {
            tokenStore.removeMasterKey(expiredKey.getKeyId());
        } catch (Exception e) {
            LOGGER.error("Error removing expired key id={}", expiredKey.getKeyId(), e);
        }
    }
}

Example 15 with DelegationKey

use of org.apache.hadoop.security.token.delegation.DelegationKey in project hive by apache.

the class TestLlapSignerImpl method rollKey.

private FakeSecretManager rollKey(FakeSecretManager fsm, int idToPreserve) throws IOException {
    // Adding keys is PITA - there's no way to plug into timed rolling; just create a new fsm.
    DelegationKey dk = fsm.getDelegationKey(idToPreserve), curDk = fsm.getCurrentKey();
    if (curDk.getKeyId() != idToPreserve) {
        LOG.warn("The current key is not the one we expect; key rolled in background? Signed with " + idToPreserve + " but got " + curDk.getKeyId());
    }
    // Regardless of the above, we should have the key we've signed with.
    assertNotNull(dk);
    assertEquals(idToPreserve, dk.getKeyId());
    fsm.stopThreads();
    fsm = new FakeSecretManager();
    fsm.addKey(dk);
    assertNotNull("Couldn't add key", fsm.getDelegationKey(dk.getKeyId()));
    fsm.startThreads();
    return fsm;
}