Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-11368. Fix SSLFactory truststore reloader thread leak in KMSClientProvider. Contributed by Arun Suresh. 

(cherry picked from commit 74d4bfded9)
(cherry picked from commit deaa172e7a)
This commit is contained in:
Andrew Wang 2014-12-09 10:46:50 -08:00 committed by Vinod Kumar Vavilapalli
parent 65180617fb
commit 2a2888f2f3
3 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hadoop-common-project/hadoop-common/CHANGES.txt
View File

@ -24,6 +24,9 @@ Release 2.6.1 - UNRELEASED
HADOOP-11343. Overflow is not properly handled in caclulating final iv for
AES CTR. (Jerry Chen via wang)
HADOOP-11368. Fix SSLFactory truststore reloader thread leak in
KMSClientProvider. (Arun Suresh via wang)
Release 2.6.0 - 2014-11-18
INCOMPATIBLE CHANGES

4
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
View File

@ -814,6 +814,10 @@ public class KMSClientProvider extends KeyProvider implements CryptoExtension,
encKeyVersionQueue.shutdown();
} catch (Exception e) {
throw new IOException(e);
} finally {
if (sslFactory != null) {
sslFactory.destroy();
}
}
}
}

26
hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java
View File

@ -306,6 +306,32 @@ public class TestKMS {
url.getProtocol().equals("https"));
final URI uri = createKMSUri(getKMSUrl());
if (ssl) {
KeyProvider testKp = new KMSClientProvider(uri, conf);
ThreadGroup threadGroup = Thread.currentThread().getThreadGroup();
while (threadGroup.getParent() != null) {
threadGroup = threadGroup.getParent();
}
Thread[] threads = new Thread[threadGroup.activeCount()];
threadGroup.enumerate(threads);
Thread reloaderThread = null;
for (Thread thread : threads) {
if ((thread.getName() != null)
&& (thread.getName().contains("Truststore reloader thread"))) {
reloaderThread = thread;
}
}
Assert.assertTrue("Reloader is not alive", reloaderThread.isAlive());
testKp.close();
boolean reloaderStillAlive = true;
for (int i = 0; i < 10; i++) {
reloaderStillAlive = reloaderThread.isAlive();
if (!reloaderStillAlive) break;
Thread.sleep(1000);
}
Assert.assertFalse("Reloader is still alive", reloaderStillAlive);
}
if (kerberos) {
for (String user : new String[]{"client", "client/host"}) {
doAs(user, new PrivilegedExceptionAction<Void>() {