Examples with DelegationKey org.apache.hadoop.security.token.delegation.DelegationKey used on opensource projects

Example 16 with DelegationKey

use of org.apache.hadoop.security.token.delegation.DelegationKey in project hadoop by apache.

the class RMDelegationTokenSecretManager method recover.

@Override
public void recover(RMState rmState) throws Exception {
    LOG.info("recovering RMDelegationTokenSecretManager.");
    // recover RMDTMasterKeys
    for (DelegationKey dtKey : rmState.getRMDTSecretManagerState().getMasterKeyState()) {
        addKey(dtKey);
    }
    // recover RMDelegationTokens
    Map<RMDelegationTokenIdentifier, Long> rmDelegationTokens = rmState.getRMDTSecretManagerState().getTokenState();
    this.delegationTokenSequenceNumber = rmState.getRMDTSecretManagerState().getDTSequenceNumber();
    for (Map.Entry<RMDelegationTokenIdentifier, Long> entry : rmDelegationTokens.entrySet()) {
        addPersistedDelegationToken(entry.getKey(), entry.getValue());
    }
}

Example 17 with DelegationKey

use of org.apache.hadoop.security.token.delegation.DelegationKey in project hadoop by apache.

the class RMStateStoreTestBase method testRMDTSecretManagerStateStore.

public void testRMDTSecretManagerStateStore(RMStateStoreHelper stateStoreHelper) throws Exception {
    RMStateStore store = stateStoreHelper.getRMStateStore();
    TestDispatcher dispatcher = new TestDispatcher();
    store.setRMDispatcher(dispatcher);
    // store RM delegation token;
    RMDelegationTokenIdentifier dtId1 = new RMDelegationTokenIdentifier(new Text("owner1"), new Text("renewer1"), new Text("realuser1"));
    int sequenceNumber = 1111;
    dtId1.setSequenceNumber(sequenceNumber);
    byte[] tokenBeforeStore = dtId1.getBytes();
    Long renewDate1 = new Long(System.currentTimeMillis());
    store.storeRMDelegationToken(dtId1, renewDate1);
    modifyRMDelegationTokenState();
    Map<RMDelegationTokenIdentifier, Long> token1 = new HashMap<RMDelegationTokenIdentifier, Long>();
    token1.put(dtId1, renewDate1);
    // store delegation key;
    DelegationKey key = new DelegationKey(1234, 4321, "keyBytes".getBytes());
    HashSet<DelegationKey> keySet = new HashSet<DelegationKey>();
    keySet.add(key);
    store.storeRMDTMasterKey(key);
    RMDTSecretManagerState secretManagerState = store.loadState().getRMDTSecretManagerState();
    Assert.assertEquals(token1, secretManagerState.getTokenState());
    Assert.assertEquals(keySet, secretManagerState.getMasterKeyState());
    Assert.assertEquals(sequenceNumber, secretManagerState.getDTSequenceNumber());
    RMDelegationTokenIdentifier tokenAfterStore = secretManagerState.getTokenState().keySet().iterator().next();
    Assert.assertTrue(Arrays.equals(tokenBeforeStore, tokenAfterStore.getBytes()));
    // update RM delegation token;
    renewDate1 = new Long(System.currentTimeMillis());
    store.updateRMDelegationToken(dtId1, renewDate1);
    token1.put(dtId1, renewDate1);
    RMDTSecretManagerState updateSecretManagerState = store.loadState().getRMDTSecretManagerState();
    Assert.assertEquals(token1, updateSecretManagerState.getTokenState());
    Assert.assertEquals(keySet, updateSecretManagerState.getMasterKeyState());
    Assert.assertEquals(sequenceNumber, updateSecretManagerState.getDTSequenceNumber());
    // check to delete delegationKey
    store.removeRMDTMasterKey(key);
    keySet.clear();
    RMDTSecretManagerState noKeySecretManagerState = store.loadState().getRMDTSecretManagerState();
    Assert.assertEquals(token1, noKeySecretManagerState.getTokenState());
    Assert.assertEquals(keySet, noKeySecretManagerState.getMasterKeyState());
    Assert.assertEquals(sequenceNumber, noKeySecretManagerState.getDTSequenceNumber());
    // check to delete delegationToken
    store.removeRMDelegationToken(dtId1);
    RMDTSecretManagerState noKeyAndTokenSecretManagerState = store.loadState().getRMDTSecretManagerState();
    token1.clear();
    Assert.assertEquals(token1, noKeyAndTokenSecretManagerState.getTokenState());
    Assert.assertEquals(keySet, noKeyAndTokenSecretManagerState.getMasterKeyState());
    Assert.assertEquals(sequenceNumber, noKeySecretManagerState.getDTSequenceNumber());
    store.close();
}

Example 18 with DelegationKey

use of org.apache.hadoop.security.token.delegation.DelegationKey in project hadoop by apache.

the class TestRMDelegationTokens method testRMDTMasterKeyStateOnRollingMasterKey.

// Test the DT mast key in the state-store when the mast key is being rolled.
@Test(timeout = 15000)
public void testRMDTMasterKeyStateOnRollingMasterKey() throws Exception {
    Configuration conf = new Configuration(testConf);
    conf.set("hadoop.security.authentication", "kerberos");
    UserGroupInformation.setConfiguration(conf);
    MemoryRMStateStore memStore = new MemoryRMStateStore();
    memStore.init(conf);
    RMState rmState = memStore.getState();
    Map<RMDelegationTokenIdentifier, Long> rmDTState = rmState.getRMDTSecretManagerState().getTokenState();
    Set<DelegationKey> rmDTMasterKeyState = rmState.getRMDTSecretManagerState().getMasterKeyState();
    MockRM rm1 = new MyMockRM(conf, memStore);
    rm1.start();
    // on rm start, two master keys are created.
    // One is created at RMDTSecretMgr.startThreads.updateCurrentKey();
    // the other is created on the first run of
    // tokenRemoverThread.rollMasterKey()
    RMDelegationTokenSecretManager dtSecretManager = rm1.getRMContext().getRMDelegationTokenSecretManager();
    // assert all master keys are saved
    Assert.assertEquals(dtSecretManager.getAllMasterKeys(), rmDTMasterKeyState);
    // request to generate a RMDelegationToken
    GetDelegationTokenRequest request = mock(GetDelegationTokenRequest.class);
    when(request.getRenewer()).thenReturn("renewer1");
    GetDelegationTokenResponse response = rm1.getClientRMService().getDelegationToken(request);
    org.apache.hadoop.yarn.api.records.Token delegationToken = response.getRMDelegationToken();
    Token<RMDelegationTokenIdentifier> token1 = ConverterUtils.convertFromYarn(delegationToken, (Text) null);
    RMDelegationTokenIdentifier dtId1 = token1.decodeIdentifier();
    // in state-store also.
    while (((TestRMDelegationTokenSecretManager) dtSecretManager).numUpdatedKeys.get() < 3) {
        ((TestRMDelegationTokenSecretManager) dtSecretManager).checkCurrentKeyInStateStore(rmDTMasterKeyState);
        Thread.sleep(100);
    }
    // wait for token to expire and remove from state-store
    // rollMasterKey is called every 1 second.
    int count = 0;
    while (rmDTState.containsKey(dtId1) && count < 100) {
        Thread.sleep(100);
        count++;
    }
    rm1.stop();
}

Example 19 with DelegationKey

use of org.apache.hadoop.security.token.delegation.DelegationKey in project hive by apache.

the class LlapSignerImpl method serializeAndSign.

@Override
public SignedMessage serializeAndSign(Signable message) throws IOException {
    SignedMessage result = new SignedMessage();
    DelegationKey key = secretManager.getCurrentKey();
    message.setSignInfo(key.getKeyId());
    result.message = message.serialize();
    result.signature = secretManager.signWithKey(result.message, key);
    return result;
}

Example 20 with DelegationKey

use of org.apache.hadoop.security.token.delegation.DelegationKey in project hive by apache.

the class SecretManager method getCurrentKey.

@Override
public synchronized DelegationKey getCurrentKey() throws IOException {
    DelegationKey currentKey = getDelegationKey(getCurrentKeyId());
    if (currentKey != null)
        return currentKey;
    // Try to roll the key if none is found.
    HiveDelegationTokenSupport.rollMasterKey(this);
    return getDelegationKey(getCurrentKeyId());
}