Addendum for HADOOP-10670.
This commit is contained in:
Haohui Mai
parent
28095c26f7
commit
2e9c690e90
|
|
@ -0,0 +1,84 @@
|
||||||
|
/**
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License. See accompanying LICENSE file.
|
||||||
|
*/
|
||||||
|
package org.apache.hadoop.security.authentication.util;
|
||||||
|
|
||||||
|
import com.google.common.base.Charsets;
|
||||||
|
import org.apache.hadoop.classification.InterfaceAudience;
|
||||||
|
import org.apache.hadoop.classification.InterfaceStability;
|
||||||
|
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
|
||||||
|
import org.apache.hadoop.security.authentication.util.SignerSecretProvider;
|
||||||
|
|
||||||
|
import javax.servlet.ServletContext;
|
||||||
|
import java.io.*;
|
||||||
|
import java.nio.charset.Charset;
|
||||||
|
import java.util.Properties;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A SignerSecretProvider that simply loads a secret from a specified file.
|
||||||
|
*/
|
||||||
|
@InterfaceStability.Unstable
|
||||||
|
@InterfaceAudience.Private
|
||||||
|
public class FileSignerSecretProvider extends SignerSecretProvider {
|
||||||
|
|
||||||
|
private byte[] secret;
|
||||||
|
private byte[][] secrets;
|
||||||
|
|
||||||
|
public FileSignerSecretProvider() {}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void init(Properties config, ServletContext servletContext,
|
||||||
|
long tokenValidity) throws Exception {
|
||||||
|
|
||||||
|
String signatureSecretFile = config.getProperty(
|
||||||
|
AuthenticationFilter.SIGNATURE_SECRET_FILE, null);
|
||||||
|
|
||||||
|
Reader reader = null;
|
||||||
|
if (signatureSecretFile != null) {
|
||||||
|
try {
|
||||||
|
StringBuilder sb = new StringBuilder();
|
||||||
|
reader = new InputStreamReader(
|
||||||
|
new FileInputStream(signatureSecretFile), Charsets.UTF_8);
|
||||||
|
int c = reader.read();
|
||||||
|
while (c > -1) {
|
||||||
|
sb.append((char) c);
|
||||||
|
c = reader.read();
|
||||||
|
}
|
||||||
|
secret = sb.toString().getBytes(Charset.forName("UTF-8"));
|
||||||
|
} catch (IOException ex) {
|
||||||
|
throw new RuntimeException("Could not read signature secret file: " +
|
||||||
|
signatureSecretFile);
|
||||||
|
} finally {
|
||||||
|
if (reader != null) {
|
||||||
|
try {
|
||||||
|
reader.close();
|
||||||
|
} catch (IOException e) {
|
||||||
|
// nothing to do
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
secrets = new byte[][]{secret};
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public byte[] getCurrentSecret() {
|
||||||
|
return secret;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public byte[][] getAllSecrets() {
|
||||||
|
return secrets;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,51 @@
|
||||||
|
/**
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License. See accompanying LICENSE file.
|
||||||
|
*/
|
||||||
|
package org.apache.hadoop.security.authentication.util;
|
||||||
|
|
||||||
|
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
|
||||||
|
import org.junit.Assert;
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
|
import java.io.File;
|
||||||
|
import java.io.FileWriter;
|
||||||
|
import java.io.Writer;
|
||||||
|
import java.util.Properties;
|
||||||
|
|
||||||
|
public class TestFileSignerSecretProvider {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testGetSecrets() throws Exception {
|
||||||
|
File testDir = new File(System.getProperty("test.build.data",
|
||||||
|
"target/test-dir"));
|
||||||
|
testDir.mkdirs();
|
||||||
|
String secretValue = "hadoop";
|
||||||
|
File secretFile = new File(testDir, "http-secret.txt");
|
||||||
|
Writer writer = new FileWriter(secretFile);
|
||||||
|
writer.write(secretValue);
|
||||||
|
writer.close();
|
||||||
|
|
||||||
|
FileSignerSecretProvider secretProvider
|
||||||
|
= new FileSignerSecretProvider();
|
||||||
|
Properties secretProviderProps = new Properties();
|
||||||
|
secretProviderProps.setProperty(
|
||||||
|
AuthenticationFilter.SIGNATURE_SECRET_FILE,
|
||||||
|
secretFile.getAbsolutePath());
|
||||||
|
secretProvider.init(secretProviderProps, null, -1);
|
||||||
|
Assert.assertArrayEquals(secretValue.getBytes(),
|
||||||
|
secretProvider.getCurrentSecret());
|
||||||
|
byte[][] allSecrets = secretProvider.getAllSecrets();
|
||||||
|
Assert.assertEquals(1, allSecrets.length);
|
||||||
|
Assert.assertArrayEquals(secretValue.getBytes(), allSecrets[0]);
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue