use of org.apache.storm.generated.WorkerTokenServiceType in project storm by apache.
the class WorkerTokenTest method testExpiration.
@Test
public void testExpiration() {
final AtomicReference<PrivateWorkerKey> privateKey = new AtomicReference<>();
final String topoId = "topo-1";
final String userName = "user";
final WorkerTokenServiceType type = WorkerTokenServiceType.NIMBUS;
final long versionNumber = 5L;
// Simulate time starts out at 0, so we are going to just leave it here.
try (Time.SimulatedTime sim = new Time.SimulatedTime()) {
IStormClusterState mockState = mock(IStormClusterState.class);
Map<String, Object> conf = new HashMap<>();
WorkerTokenManager wtm = new WorkerTokenManager(conf, mockState);
when(mockState.getNextPrivateWorkerKeyVersion(type, topoId)).thenReturn(versionNumber);
doAnswer((invocation) -> {
// Save the private worker key away so we can test it too.
privateKey.set(invocation.getArgument(3));
return null;
}).when(mockState).addPrivateWorkerKey(eq(type), eq(topoId), eq(versionNumber), any(PrivateWorkerKey.class));
// Answer when we ask for a private key...
when(mockState.getPrivateWorkerKey(type, topoId, versionNumber)).thenAnswer((invocation) -> privateKey.get());
WorkerToken wt = wtm.createOrUpdateTokenFor(type, userName, topoId);
verify(mockState).addPrivateWorkerKey(eq(type), eq(topoId), eq(versionNumber), any(PrivateWorkerKey.class));
assertTrue(wt.is_set_serviceType());
assertEquals(type, wt.get_serviceType());
assertTrue(wt.is_set_info());
assertTrue(wt.is_set_signature());
PrivateWorkerKey pwk = privateKey.get();
assertNotNull(pwk);
assertTrue(pwk.is_set_expirationTimeMillis());
assertEquals(ONE_DAY_MILLIS, pwk.get_expirationTimeMillis());
WorkerTokenInfo info = ClientAuthUtils.getWorkerTokenInfo(wt);
assertTrue(info.is_set_topologyId());
assertTrue(info.is_set_userName());
assertTrue(info.is_set_expirationTimeMillis());
assertTrue(info.is_set_secretVersion());
assertEquals(topoId, info.get_topologyId());
assertEquals(userName, info.get_userName());
assertEquals(ONE_DAY_MILLIS, info.get_expirationTimeMillis());
assertEquals(versionNumber, info.get_secretVersion());
// Expire the token
Time.advanceTime(ONE_DAY_MILLIS + 1);
try (WorkerTokenAuthorizer wta = new WorkerTokenAuthorizer(type, mockState)) {
try {
// Verify the signature...
wta.getSignedPasswordFor(wt.get_info(), info);
fail("Expected an expired token to not be signed!!!");
} catch (IllegalArgumentException ia) {
// What we want...
}
}
// Verify if WorkerTokenManager recognizes the expired WorkerToken.
Map<String, String> creds = new HashMap<>();
ClientAuthUtils.setWorkerToken(creds, wt);
assertTrue("Expired WorkerToken should be eligible for renewal", wtm.shouldRenewWorkerToken(creds, type));
}
}
Aggregations