From 157f86fca59ed1c470d4c4c25072e60d9eabe546 Mon Sep 17 00:00:00 2001
From: Uma Maheswara Rao G <umamahesh@apache.org>
Date: Thu, 9 Oct 2014 20:06:41 +0530
Subject: [PATCH] HADOOP-11133. Should trim the content of keystore password
 file for JavaKeyStoreProvider (Yi Liu via umamahesh) (cherry picked from
 commit 8d7c54967d5a08cdff75a782998ee89e7537b5c4)

---
 .../hadoop-common/CHANGES.txt                 |  3 +++
 .../crypto/key/JavaKeyStoreProvider.java      |  2 +-
 .../security/alias/JavaKeyStoreProvider.java  |  2 +-
 .../crypto/key/TestKeyProviderFactory.java    | 23 ++++++++++---------
 .../resources/javakeystoreprovider.password   |  2 +-
 5 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt
index 4ed90c43e78..d516399495c 100644
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -460,6 +460,9 @@ Release 2.6.0 - UNRELEASED
     HADOOP-11161. Expose close method in KeyProvider to give clients of
     Provider implementations a hook to release resources. (Arun Suresh via atm)
 
+    HADOOP-11133. Should trim the content of keystore password file for JavaKeyStoreProvider
+    (Yi Liu via umamahesh)
+
     BREAKDOWN OF HDFS-6134 AND HADOOP-10150 SUBTASKS AND RELATED JIRAS
   
       HADOOP-10734. Implement high-performance secure random number sources.
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java
index 5cc136c5249..ac18e1653bb 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/JavaKeyStoreProvider.java
@@ -146,7 +146,7 @@ public class JavaKeyStoreProvider extends KeyProvider {
         if (pwdFile != null) {
           InputStream is = pwdFile.openStream();
           try {
-            password = IOUtils.toCharArray(is);
+            password = IOUtils.toString(is).trim().toCharArray();
           } finally {
             is.close();
           }
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/JavaKeyStoreProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/JavaKeyStoreProvider.java
index e9269e66ae5..5dc2abfd13f 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/JavaKeyStoreProvider.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/JavaKeyStoreProvider.java
@@ -99,7 +99,7 @@ public class JavaKeyStoreProvider extends CredentialProvider {
         if (pwdFile != null) {
           InputStream is = pwdFile.openStream();
           try {
-            password = IOUtils.toCharArray(is);
+            password = IOUtils.toString(is).trim().toCharArray();
           } finally {
             is.close();
           }
diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderFactory.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderFactory.java
index 7bb12d0654a..ec1fc592635 100644
--- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderFactory.java
+++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/key/TestKeyProviderFactory.java
@@ -21,12 +21,12 @@ import java.io.File;
 import java.io.IOException;
 import java.net.URI;
 import java.util.List;
-import java.util.UUID;
 
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.crypto.key.KeyProvider.KeyVersion;
 import org.apache.hadoop.fs.FileStatus;
 import org.apache.hadoop.fs.FileSystem;
+import org.apache.hadoop.fs.FileSystemTestHelper;
 import org.apache.hadoop.fs.Path;
 import org.apache.hadoop.fs.permission.FsPermission;
 import org.apache.hadoop.io.Text;
@@ -44,20 +44,21 @@ import static org.junit.Assert.assertNotNull;
 
 public class TestKeyProviderFactory {
 
-  private static File tmpDir;
+  private FileSystemTestHelper fsHelper;
+  private File testRootDir;
 
   @Before
   public void setup() {
-    tmpDir = new File(System.getProperty("test.build.data", "target"),
-        UUID.randomUUID().toString());
-    tmpDir.mkdirs();
+    fsHelper = new FileSystemTestHelper();
+    String testRoot = fsHelper.getTestRootDir();
+    testRootDir = new File(testRoot).getAbsoluteFile();
   }
 
   @Test
   public void testFactory() throws Exception {
     Configuration conf = new Configuration();
     final String userUri = UserProvider.SCHEME_NAME + ":///";
-    final Path jksPath = new Path(tmpDir.toString(), "test.jks");
+    final Path jksPath = new Path(testRootDir.toString(), "test.jks");
     final String jksUri = JavaKeyStoreProvider.SCHEME_NAME +
         "://file" + jksPath.toUri().toString();
     conf.set(KeyProviderFactory.KEY_PROVIDER_PATH,
@@ -209,11 +210,11 @@ public class TestKeyProviderFactory {
   @Test
   public void testJksProvider() throws Exception {
     Configuration conf = new Configuration();
-    final Path jksPath = new Path(tmpDir.toString(), "test.jks");
+    final Path jksPath = new Path(testRootDir.toString(), "test.jks");
     final String ourUrl =
         JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();
 
-    File file = new File(tmpDir, "test.jks");
+    File file = new File(testRootDir, "test.jks");
     file.delete();
     conf.set(KeyProviderFactory.KEY_PROVIDER_PATH, ourUrl);
     checkSpecificProvider(conf, ourUrl);
@@ -364,10 +365,10 @@ public class TestKeyProviderFactory {
   @Test
   public void testJksProviderPasswordViaConfig() throws Exception {
     Configuration conf = new Configuration();
-    final Path jksPath = new Path(tmpDir.toString(), "test.jks");
+    final Path jksPath = new Path(testRootDir.toString(), "test.jks");
     final String ourUrl =
         JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();
-    File file = new File(tmpDir, "test.jks");
+    File file = new File(testRootDir, "test.jks");
     file.delete();
     try {
       conf.set(KeyProviderFactory.KEY_PROVIDER_PATH, ourUrl);
@@ -408,7 +409,7 @@ public class TestKeyProviderFactory {
   @Test
   public void testGetProviderViaURI() throws Exception {
     Configuration conf = new Configuration(false);
-    final Path jksPath = new Path(tmpDir.toString(), "test.jks");
+    final Path jksPath = new Path(testRootDir.toString(), "test.jks");
     URI uri = new URI(JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri());
     KeyProvider kp = KeyProviderFactory.get(uri, conf);
     Assert.assertNotNull(kp);
diff --git a/hadoop-common-project/hadoop-common/src/test/resources/javakeystoreprovider.password b/hadoop-common-project/hadoop-common/src/test/resources/javakeystoreprovider.password
index 19102815663..97b5955f788 100644
--- a/hadoop-common-project/hadoop-common/src/test/resources/javakeystoreprovider.password
+++ b/hadoop-common-project/hadoop-common/src/test/resources/javakeystoreprovider.password
@@ -1 +1 @@
-foo
\ No newline at end of file
+12345678