Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-17317. [JDK 11] Upgrade dnsjava to remove illegal access warnings (#2442) 

Reviewed-by: Masatake Iwasaki <iwasakims@apache.org>
This commit is contained in:
Akira Ajisaka 2021-07-24 14:48:25 +09:00 committed by GitHub
parent 05b6a1a06a
commit 4c35466359
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 93 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SecurityUtil.java
View File

@ -608,11 +608,8 @@ public final class SecurityUtil {
private List<String> searchDomains = new ArrayList<>();
{
ResolverConfig resolverConfig = ResolverConfig.getCurrentConfig();
Name[] names = resolverConfig.searchPath();
if (names != null) {
for (Name name : names) {
searchDomains.add(name.toString());
}
for (Name name : resolverConfig.searchPath()) {
searchDomains.add(name.toString());
}
}

77
hadoop-common-project/hadoop-registry/src/main/java/org/apache/hadoop/registry/server/dns/RegistryDNS.java
View File

@ -75,7 +75,6 @@ import java.net.NetworkInterface;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.SocketException;
import java.net.UnknownHostException;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.nio.channels.DatagramChannel;
@ -87,8 +86,10 @@ import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateKeySpec;
import java.text.SimpleDateFormat;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
@ -232,13 +233,7 @@ public class RegistryDNS extends AbstractService implements DNSOperations,
} catch (SocketException e) {
}
ResolverConfig.refresh();
ExtendedResolver resolver;
try {
resolver = new ExtendedResolver();
} catch (UnknownHostException e) {
LOG.error("Can not resolve DNS servers: ", e);
return;
}
ExtendedResolver resolver = new ExtendedResolver();
for (Resolver check : resolver.getResolvers()) {
if (check instanceof SimpleResolver) {
InetAddress address = ((SimpleResolver) check).getAddress()
@ -247,7 +242,7 @@ public class RegistryDNS extends AbstractService implements DNSOperations,
resolver.deleteResolver(check);
continue;
} else {
check.setTimeout(30);
check.setTimeout(Duration.ofSeconds(30));
}
} else {
LOG.error("Not simple resolver!!!?" + check);
@ -260,12 +255,10 @@ public class RegistryDNS extends AbstractService implements DNSOperations,
}
StringBuilder message = new StringBuilder();
message.append("DNS servers: ");
if (ResolverConfig.getCurrentConfig().servers() != null) {
for (String server : ResolverConfig.getCurrentConfig()
.servers()) {
message.append(server);
message.append(" ");
}
for (InetSocketAddress address :
ResolverConfig.getCurrentConfig().servers()) {
message.append(address);
message.append(" ");
}
LOG.info(message.toString());
}
@ -331,11 +324,10 @@ public class RegistryDNS extends AbstractService implements DNSOperations,
if (isDNSSECEnabled()) {
Collection<Zone> zoneCollection = zones.values();
for (Zone zone : zoneCollection) {
Iterator itor = zone.iterator();
Iterator<RRset> itor = zone.iterator();
while (itor.hasNext()) {
RRset rRset = (RRset) itor.next();
Iterator sigs = rRset.sigs();
if (!sigs.hasNext()) {
RRset rRset = itor.next();
if (!rRset.sigs().isEmpty()) {
try {
signSiteRecord(zone, rRset.first());
} catch (DNSSEC.DNSSECException e) {
@ -692,10 +684,8 @@ public class RegistryDNS extends AbstractService implements DNSOperations,
throws DNSSEC.DNSSECException {
RRset rrset = zone.findExactMatch(record.getName(),
record.getType());
Calendar cal = Calendar.getInstance();
Date inception = cal.getTime();
cal.add(Calendar.YEAR, 1);
Date expiration = cal.getTime();
Instant inception = Instant.now();
Instant expiration = inception.plus(365, ChronoUnit.DAYS);
RRSIGRecord rrsigRecord =
DNSSEC.sign(rrset, dnsKeyRecs.get(zone.getOrigin()),
privateKey, inception, expiration);
@ -1159,7 +1149,7 @@ public class RegistryDNS extends AbstractService implements DNSOperations,
}
}
if (r.getType() == Type.CNAME) {
Name cname = ((CNAMERecord) r).getAlias();
Name cname = r.getName();
if (iterations < 6) {
remoteLookup(response, cname, type, iterations + 1);
}
@ -1255,9 +1245,7 @@ public class RegistryDNS extends AbstractService implements DNSOperations,
* @param flags the flags.
*/
private void addAdditional2(Message response, int section, int flags) {
Record[] records = response.getSectionArray(section);
for (int i = 0; i < records.length; i++) {
Record r = records[i];
for (Record r : response.getSection(section)) {
Name glueName = r.getAdditionalName();
if (glueName != null) {
addGlue(response, glueName, flags);
@ -1403,11 +1391,10 @@ public class RegistryDNS extends AbstractService implements DNSOperations,
response.getHeader().setFlag(Flags.AA);
}
} else if (sr.isSuccessful()) {
RRset[] rrsets = sr.answers();
List<RRset> rrsets = sr.answers();
LOG.info("found answers {}", rrsets);
for (int i = 0; i < rrsets.length; i++) {
addRRset(name, response, rrsets[i],
Section.ANSWER, flags);
for (RRset rrset : rrsets) {
addRRset(name, response, rrset, Section.ANSWER, flags);
}
addNS(response, zone, flags);
if (iterations == 0) {
@ -1456,7 +1443,7 @@ public class RegistryDNS extends AbstractService implements DNSOperations,
private void addNXT(Message response, int flags)
throws DNSSEC.DNSSECException, IOException {
Record nxtRecord = getNXTRecord(
response.getSectionArray(Section.QUESTION)[0]);
response.getSection(Section.QUESTION).get(0));
Zone zone = findBestZone(nxtRecord.getName());
addRecordCommand.exec(zone, nxtRecord);
RRset nxtRR = zone.findExactMatch(nxtRecord.getName(), Type.NXT);
@ -1515,9 +1502,7 @@ public class RegistryDNS extends AbstractService implements DNSOperations,
}
}
if ((flags & FLAG_SIGONLY) == 0) {
Iterator it = rrset.rrs();
while (it.hasNext()) {
Record r = (Record) it.next();
for (Record r : rrset.rrs()) {
if (r.getName().isWild() && !name.isWild()) {
r = r.withName(name);
}
@ -1525,9 +1510,7 @@ public class RegistryDNS extends AbstractService implements DNSOperations,
}
}
if ((flags & (FLAG_SIGONLY | FLAG_DNSSECOK)) != 0) {
Iterator it = rrset.sigs();
while (it.hasNext()) {
Record r = (Record) it.next();
for (Record r : rrset.sigs()) {
if (r.getName().isWild() && !name.isWild()) {
r = r.withName(name);
}
@ -1554,13 +1537,13 @@ public class RegistryDNS extends AbstractService implements DNSOperations,
if (zone == null) {
return errorMessage(query, Rcode.REFUSED);
}
Iterator it = zone.AXFR();
Iterator<RRset> it = zone.AXFR();
try {
DataOutputStream dataOut;
dataOut = new DataOutputStream(s.getOutputStream());
int id = query.getHeader().getID();
while (it.hasNext()) {
RRset rrset = (RRset) it.next();
RRset rrset = it.next();
Message response = new Message(id);
Header header = response.getHeader();
header.setFlag(Flags.QR);
@ -1568,7 +1551,7 @@ public class RegistryDNS extends AbstractService implements DNSOperations,
addRRset(rrset.getName(), response, rrset,
Section.ANSWER, FLAG_DNSSECOK);
if (tsig != null) {
tsig.applyStream(response, qtsig, first);
tsig.apply(response, qtsig, first);
qtsig = response.getTSIG();
}
first = false;
@ -1688,10 +1671,8 @@ public class RegistryDNS extends AbstractService implements DNSOperations,
zone.addRecord(record);
LOG.info("Registered {}", record);
if (isDNSSECEnabled()) {
Calendar cal = Calendar.getInstance();
Date inception = cal.getTime();
cal.add(Calendar.YEAR, 1);
Date expiration = cal.getTime();
Instant inception = Instant.now();
Instant expiration = inception.plus(365, ChronoUnit.DAYS);
RRset rRset =
zone.findExactMatch(record.getName(), record.getType());
try {
@ -1727,8 +1708,8 @@ public class RegistryDNS extends AbstractService implements DNSOperations,
*/
private void addDSRecord(Zone zone,
Name name, int dClass, long dsTtl,
Date inception,
Date expiration) throws DNSSEC.DNSSECException {
Instant inception,
Instant expiration) throws DNSSEC.DNSSECException {
RRset rRset;
RRSIGRecord rrsigRecord;

3
hadoop-common-project/hadoop-registry/src/main/java/org/apache/hadoop/registry/server/dns/SecureableZone.java
View File

@ -138,8 +138,7 @@ public class SecureableZone extends Zone {
SetResponse sr = zone.findRecords(base.getName(), Type.ANY);
BitSet bitMap = new BitSet();
bitMap.set(Type.NXT);
RRset[] rRsets = sr.answers();
for (RRset rRset : rRsets) {
for (RRset rRset : sr.answers()) {
int typeCode = rRset.getType();
if (typeCode > 0 && typeCode < 128) {
bitMap.set(typeCode);

118
hadoop-common-project/hadoop-registry/src/test/java/org/apache/hadoop/registry/server/dns/TestRegistryDNS.java
View File

@ -51,8 +51,9 @@ import java.net.InetAddress;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.spec.RSAPrivateKeySpec;
import java.util.Calendar;
import java.util.Date;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.List;
import java.util.concurrent.TimeUnit;
import static org.apache.hadoop.registry.client.api.RegistryConstants.*;
@ -194,34 +195,37 @@ public class TestRegistryDNS extends Assert {
"/registry/users/root/services/org-apache-slider/test1/", record);
// start assessing whether correct records are available
Record[] recs = assertDNSQuery("test1.root.dev.test.");
List<Record> recs = assertDNSQuery("test1.root.dev.test.");
assertEquals("wrong result", "192.168.1.5",
((ARecord) recs[0]).getAddress().getHostAddress());
((ARecord) recs.get(0)).getAddress().getHostAddress());
recs = assertDNSQuery("management-api.test1.root.dev.test.", 2);
assertEquals("wrong target name", "test1.root.dev.test.",
((CNAMERecord) recs[0]).getTarget().toString());
assertTrue("not an ARecord", recs[isSecure() ? 2 : 1] instanceof ARecord);
((CNAMERecord) recs.get(0)).getTarget().toString());
assertTrue("not an ARecord",
recs.get(isSecure() ? 2 : 1) instanceof ARecord);
recs = assertDNSQuery("appmaster-ipc-api.test1.root.dev.test.",
Type.SRV, 1);
assertTrue("not an SRV record", recs[0] instanceof SRVRecord);
assertEquals("wrong port", 1026, ((SRVRecord) recs[0]).getPort());
assertTrue("not an SRV record", recs.get(0) instanceof SRVRecord);
assertEquals("wrong port", 1026, ((SRVRecord) recs.get(0)).getPort());
recs = assertDNSQuery("appmaster-ipc-api.test1.root.dev.test.", 2);
assertEquals("wrong target name", "test1.root.dev.test.",
((CNAMERecord) recs[0]).getTarget().toString());
assertTrue("not an ARecord", recs[isSecure() ? 2 : 1] instanceof ARecord);
((CNAMERecord) recs.get(0)).getTarget().toString());
assertTrue("not an ARecord",
recs.get(isSecure() ? 2 : 1) instanceof ARecord);
recs = assertDNSQuery("http-api.test1.root.dev.test.", 2);
assertEquals("wrong target name", "test1.root.dev.test.",
((CNAMERecord) recs[0]).getTarget().toString());
assertTrue("not an ARecord", recs[isSecure() ? 2 : 1] instanceof ARecord);
((CNAMERecord) recs.get(0)).getTarget().toString());
assertTrue("not an ARecord",
recs.get(isSecure() ? 2 : 1) instanceof ARecord);
recs = assertDNSQuery("http-api.test1.root.dev.test.", Type.SRV,
1);
assertTrue("not an SRV record", recs[0] instanceof SRVRecord);
assertEquals("wrong port", 1027, ((SRVRecord) recs[0]).getPort());
assertTrue("not an SRV record", recs.get(0) instanceof SRVRecord);
assertEquals("wrong port", 1027, ((SRVRecord) recs.get(0)).getPort());
assertDNSQuery("test1.root.dev.test.", Type.TXT, 3);
assertDNSQuery("appmaster-ipc-api.test1.root.dev.test.", Type.TXT, 1);
@ -239,13 +243,13 @@ public class TestRegistryDNS extends Assert {
record);
// start assessing whether correct records are available
Record[] recs =
List<Record> recs =
assertDNSQuery("ctr-e50-1451931954322-0016-01-000002.dev.test.");
assertEquals("wrong result", "172.17.0.19",
((ARecord) recs[0]).getAddress().getHostAddress());
((ARecord) recs.get(0)).getAddress().getHostAddress());
recs = assertDNSQuery("httpd-1.test1.root.dev.test.", 1);
assertTrue("not an ARecord", recs[0] instanceof ARecord);
assertTrue("not an ARecord", recs.get(0) instanceof ARecord);
}
@Test
@ -277,16 +281,16 @@ public class TestRegistryDNS extends Assert {
record);
// start assessing whether correct records are available
Record[] recs = assertDNSQuery(
List<Record> recs = assertDNSQuery(
"ctr-e50-1451931954322-0016-01-000002.dev.test.");
assertEquals("wrong result", "172.17.0.19",
((ARecord) recs[0]).getAddress().getHostAddress());
assertEquals("wrong ttl", 30L, recs[0].getTTL());
((ARecord) recs.get(0)).getAddress().getHostAddress());
assertEquals("wrong ttl", 30L, recs.get(0).getTTL());
recs = assertDNSQuery("httpd-1.test1.root.dev.test.", 1);
assertTrue("not an ARecord", recs[0] instanceof ARecord);
assertTrue("not an ARecord", recs.get(0) instanceof ARecord);
assertEquals("wrong ttl", 30L, recs[0].getTTL());
assertEquals("wrong ttl", 30L, recs.get(0).getTTL());
}
@Test
@ -299,10 +303,11 @@ public class TestRegistryDNS extends Assert {
record);
// start assessing whether correct records are available
Record[] recs = assertDNSQuery("19.0.17.172.in-addr.arpa.", Type.PTR, 1);
List<Record> recs = assertDNSQuery(
"19.0.17.172.in-addr.arpa.", Type.PTR, 1);
assertEquals("wrong result",
"httpd-1.test1.root.dev.test.",
((PTRRecord) recs[0]).getTarget().toString());
((PTRRecord) recs.get(0)).getTarget().toString());
}
@Test
@ -325,10 +330,11 @@ public class TestRegistryDNS extends Assert {
record);
// start assessing whether correct records are available
Record[] recs = assertDNSQuery("19.0.17.172.in-addr.arpa.", Type.PTR, 1);
List<Record> recs = assertDNSQuery(
"19.0.17.172.in-addr.arpa.", Type.PTR, 1);
assertEquals("wrong result",
"httpd-1.test1.root.dev.test.",
((PTRRecord) recs[0]).getTarget().toString());
((PTRRecord) recs.get(0)).getTarget().toString());
}
@Test
@ -372,16 +378,16 @@ public class TestRegistryDNS extends Assert {
assertEquals("wrong status", Rcode.NXDOMAIN, response.getRcode());
}
private Record[] assertDNSQuery(String lookup) throws IOException {
private List<Record> assertDNSQuery(String lookup) throws IOException {
return assertDNSQuery(lookup, Type.A, 1);
}
private Record[] assertDNSQuery(String lookup, int numRecs)
private List<Record> assertDNSQuery(String lookup, int numRecs)
throws IOException {
return assertDNSQuery(lookup, Type.A, numRecs);
}
Record[] assertDNSQuery(String lookup, int type, int numRecs)
private List<Record> assertDNSQuery(String lookup, int type, int numRecs)
throws IOException {
Name name = Name.fromString(lookup);
Record question = Record.newRecord(name, type, DClass.IN);
@ -394,9 +400,9 @@ public class TestRegistryDNS extends Assert {
assertNotNull("Null response", response);
assertEquals("Questions do not match", query.getQuestion(),
response.getQuestion());
Record[] recs = response.getSectionArray(Section.ANSWER);
List<Record> recs = response.getSection(Section.ANSWER);
assertEquals("wrong number of answer records",
isSecure() ? numRecs * 2 : numRecs, recs.length);
isSecure() ? numRecs * 2 : numRecs, recs.size());
if (isSecure()) {
boolean signed = false;
for (Record record : recs) {
@ -410,8 +416,8 @@ public class TestRegistryDNS extends Assert {
return recs;
}
Record[] assertDNSQueryNotNull(String lookup, int type, int answerCount)
throws IOException {
private List<Record> assertDNSQueryNotNull(
String lookup, int type, int answerCount) throws IOException {
Name name = Name.fromString(lookup);
Record question = Record.newRecord(name, type, DClass.IN);
Message query = Message.newQuery(question);
@ -423,9 +429,9 @@ public class TestRegistryDNS extends Assert {
assertNotNull("Null response", response);
assertEquals("Questions do not match", query.getQuestion(),
response.getQuestion());
Record[] recs = response.getSectionArray(Section.ANSWER);
assertEquals(answerCount, recs.length);
assertEquals(recs[0].getType(), type);
List<Record> recs = response.getSection(Section.ANSWER);
assertEquals(answerCount, recs.size());
assertEquals(type, recs.get(0).getType());
return recs;
}
@ -461,10 +467,8 @@ public class TestRegistryDNS extends Assert {
ARecord aRecord = new ARecord(Name.fromString("some.test."), DClass.IN, 0,
InetAddress.getByName("192.168.0.1"));
Calendar cal = Calendar.getInstance();
Date inception = cal.getTime();
cal.add(Calendar.YEAR, 1);
Date expiration = cal.getTime();
Instant inception = Instant.now();
Instant expiration = inception.plus(365, ChronoUnit.DAYS);
RRset rrset = new RRset(aRecord);
RRSIGRecord rrsigRecord = DNSSEC.sign(rrset,
dnskeyRecord,
@ -495,13 +499,13 @@ public class TestRegistryDNS extends Assert {
record);
// start assessing whether correct records are available
Record[] recs = assertDNSQuery(
List<Record> recs = assertDNSQuery(
"ctr-e50-1451931954322-0016-01-000002.dev.test.", Type.AAAA, 1);
assertEquals("wrong result", "172.17.0.19",
((AAAARecord) recs[0]).getAddress().getHostAddress());
((AAAARecord) recs.get(0)).getAddress().getHostAddress());
recs = assertDNSQuery("httpd-1.test1.root.dev.test.", Type.AAAA, 1);
assertTrue("not an ARecord", recs[0] instanceof AAAARecord);
assertTrue("not an ARecord", recs.get(0) instanceof AAAARecord);
}
@Test
@ -524,9 +528,9 @@ public class TestRegistryDNS extends Assert {
assertNotNull("Null response", response);
assertEquals("Questions do not match", query.getQuestion(),
response.getQuestion());
Record[] sectionArray = response.getSectionArray(Section.AUTHORITY);
List<Record> sectionArray = response.getSection(Section.AUTHORITY);
assertEquals("Wrong number of recs in AUTHORITY", isSecure() ? 2 : 1,
sectionArray.length);
sectionArray.size());
boolean soaFound = false;
for (Record rec : sectionArray) {
soaFound = rec.getType() == Type.SOA;
@ -570,19 +574,19 @@ public class TestRegistryDNS extends Assert {
record);
// start assessing whether correct records are available
Record[] recs =
List<Record> recs =
assertDNSQuery("ctr-e50-1451931954322-0016-01-000002.dev.test.");
assertEquals("wrong result", "172.17.0.19",
((ARecord) recs[0]).getAddress().getHostAddress());
((ARecord) recs.get(0)).getAddress().getHostAddress());
recs = assertDNSQuery("httpd-1.test1.root.dev.test.", 1);
assertTrue("not an ARecord", recs[0] instanceof ARecord);
assertTrue("not an ARecord", recs.get(0) instanceof ARecord);
// lookup dyanmic reverse records
recs = assertDNSQuery("19.0.17.172.in-addr.arpa.", Type.PTR, 1);
assertEquals("wrong result",
"httpd-1.test1.root.dev.test.",
((PTRRecord) recs[0]).getTarget().toString());
((PTRRecord) recs.get(0)).getTarget().toString());
// now lookup static reverse records
Name name = Name.fromString("5.0.17.172.in-addr.arpa.");
@ -592,9 +596,9 @@ public class TestRegistryDNS extends Assert {
query.addRecord(optRecord, Section.ADDITIONAL);
byte[] responseBytes = getRegistryDNS().generateReply(query, null);
Message response = new Message(responseBytes);
recs = response.getSectionArray(Section.ANSWER);
recs = response.getSection(Section.ANSWER);
assertEquals("wrong result", "cn005.dev.test.",
((PTRRecord) recs[0]).getTarget().toString());
((PTRRecord) recs.get(0)).getTarget().toString());
}
@Test
@ -655,8 +659,7 @@ public class TestRegistryDNS extends Assert {
getRegistryDNS().initializeZones(conf);
// start assessing whether correct records are available
Record[] recs =
assertDNSQueryNotNull("mail.yahoo.com.", Type.CNAME, 1);
assertDNSQueryNotNull("mail.yahoo.com.", Type.CNAME, 1);
}
@Test
@ -672,8 +675,7 @@ public class TestRegistryDNS extends Assert {
getRegistryDNS().initializeZones(conf);
// start assessing whether correct records are available
Record[] recs =
assertDNSQueryNotNull(".", Type.NS, 13);
assertDNSQueryNotNull(".", Type.NS, 13);
}
@Test
@ -692,10 +694,10 @@ public class TestRegistryDNS extends Assert {
record2);
// start assessing whether correct records are available
Record[] recs =
List<Record> recs =
assertDNSQuery("httpd.test1.root.dev.test.", 2);
assertTrue("not an ARecord", recs[0] instanceof ARecord);
assertTrue("not an ARecord", recs[1] instanceof ARecord);
assertTrue("not an ARecord", recs.get(0) instanceof ARecord);
assertTrue("not an ARecord", recs.get(1) instanceof ARecord);
}
@Test(timeout=5000)

2
hadoop-project/pom.xml
View File

@ -100,7 +100,7 @@
<zookeeper.version>3.5.6</zookeeper.version>
<curator.version>4.2.0</curator.version>
<findbugs.version>3.0.5</findbugs.version>
<dnsjava.version>2.1.7</dnsjava.version>
<dnsjava.version>3.4.0</dnsjava.version>
<guava.version>27.0-jre</guava.version>
<guice.version>4.2.3</guice.version>