From 2e9c690e90575635978c9fbf39ae28dad264907d Mon Sep 17 00:00:00 2001 From: Haohui Mai Date: Wed, 25 Mar 2015 12:29:44 -0700 Subject: [PATCH] Addendum for HADOOP-10670. --- .../util/FileSignerSecretProvider.java | 84 +++++++++++++++++++ .../util/TestFileSignerSecretProvider.java | 51 +++++++++++ 2 files changed, 135 insertions(+) create mode 100644 hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/FileSignerSecretProvider.java create mode 100644 hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/util/TestFileSignerSecretProvider.java diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/FileSignerSecretProvider.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/FileSignerSecretProvider.java new file mode 100644 index 00000000000..e8aa160a208 --- /dev/null +++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/util/FileSignerSecretProvider.java @@ -0,0 +1,84 @@ +/** + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. See accompanying LICENSE file. + */ +package org.apache.hadoop.security.authentication.util; + +import com.google.common.base.Charsets; +import org.apache.hadoop.classification.InterfaceAudience; +import org.apache.hadoop.classification.InterfaceStability; +import org.apache.hadoop.security.authentication.server.AuthenticationFilter; +import org.apache.hadoop.security.authentication.util.SignerSecretProvider; + +import javax.servlet.ServletContext; +import java.io.*; +import java.nio.charset.Charset; +import java.util.Properties; + +/** + * A SignerSecretProvider that simply loads a secret from a specified file. + */ +@InterfaceStability.Unstable +@InterfaceAudience.Private +public class FileSignerSecretProvider extends SignerSecretProvider { + + private byte[] secret; + private byte[][] secrets; + + public FileSignerSecretProvider() {} + + @Override + public void init(Properties config, ServletContext servletContext, + long tokenValidity) throws Exception { + + String signatureSecretFile = config.getProperty( + AuthenticationFilter.SIGNATURE_SECRET_FILE, null); + + Reader reader = null; + if (signatureSecretFile != null) { + try { + StringBuilder sb = new StringBuilder(); + reader = new InputStreamReader( + new FileInputStream(signatureSecretFile), Charsets.UTF_8); + int c = reader.read(); + while (c > -1) { + sb.append((char) c); + c = reader.read(); + } + secret = sb.toString().getBytes(Charset.forName("UTF-8")); + } catch (IOException ex) { + throw new RuntimeException("Could not read signature secret file: " + + signatureSecretFile); + } finally { + if (reader != null) { + try { + reader.close(); + } catch (IOException e) { + // nothing to do + } + } + } + } + + secrets = new byte[][]{secret}; + } + + @Override + public byte[] getCurrentSecret() { + return secret; + } + + @Override + public byte[][] getAllSecrets() { + return secrets; + } +} diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/util/TestFileSignerSecretProvider.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/util/TestFileSignerSecretProvider.java new file mode 100644 index 00000000000..1856410fd29 --- /dev/null +++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/util/TestFileSignerSecretProvider.java @@ -0,0 +1,51 @@ +/** + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. See accompanying LICENSE file. + */ +package org.apache.hadoop.security.authentication.util; + +import org.apache.hadoop.security.authentication.server.AuthenticationFilter; +import org.junit.Assert; +import org.junit.Test; + +import java.io.File; +import java.io.FileWriter; +import java.io.Writer; +import java.util.Properties; + +public class TestFileSignerSecretProvider { + + @Test + public void testGetSecrets() throws Exception { + File testDir = new File(System.getProperty("test.build.data", + "target/test-dir")); + testDir.mkdirs(); + String secretValue = "hadoop"; + File secretFile = new File(testDir, "http-secret.txt"); + Writer writer = new FileWriter(secretFile); + writer.write(secretValue); + writer.close(); + + FileSignerSecretProvider secretProvider + = new FileSignerSecretProvider(); + Properties secretProviderProps = new Properties(); + secretProviderProps.setProperty( + AuthenticationFilter.SIGNATURE_SECRET_FILE, + secretFile.getAbsolutePath()); + secretProvider.init(secretProviderProps, null, -1); + Assert.assertArrayEquals(secretValue.getBytes(), + secretProvider.getCurrentSecret()); + byte[][] allSecrets = secretProvider.getAllSecrets(); + Assert.assertEquals(1, allSecrets.length); + Assert.assertArrayEquals(secretValue.getBytes(), allSecrets[0]); + } +}