diff --git a/CHANGES.txt b/CHANGES.txt
index 89901793723..2c19f62abc9 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -653,6 +653,9 @@ Release 0.21.0 - Unreleased
HADOOP-6343. Log unexpected throwable object caught in RPC. (Jitendra Nath
Pandey via szetszwo)
+ HADOOP-6367. Removes Access Token implementation from common.
+ (Kan Zhang via ddas)
+
OPTIMIZATIONS
HADOOP-5595. NameNode does not need to run a replicator to choose a
diff --git a/src/java/core-default.xml b/src/java/core-default.xml
index dc77fd5c904..9389ffb6e04 100644
--- a/src/java/core-default.xml
+++ b/src/java/core-default.xml
@@ -269,29 +269,6 @@
Disk usage statistics refresh interval in msec.
-
- fs.access.token.enable
- false
-
- If "true", access tokens are used as capabilities for accessing datanodes.
- If "false", no access tokens are checked on accessing datanodes.
-
-
-
-
- fs.access.key.update.interval
- 600
-
- Interval in minutes at which namenode updates its access keys.
-
-
-
-
- fs.access.token.lifetime
- 600
- The lifetime of access tokens in minutes.
-
-
fs.s3.block.size
67108864
diff --git a/src/java/org/apache/hadoop/conf/Configuration.java b/src/java/org/apache/hadoop/conf/Configuration.java
index e1b3be4f7b1..e12817b42f5 100644
--- a/src/java/org/apache/hadoop/conf/Configuration.java
+++ b/src/java/org/apache/hadoop/conf/Configuration.java
@@ -1757,12 +1757,6 @@ public class Configuration implements Iterable>,
new String[]{CommonConfigurationKeys.FS_CLIENT_BUFFER_DIR_KEY});
Configuration.addDeprecation("hadoop.native.lib",
new String[]{CommonConfigurationKeys.IO_NATIVE_LIB_AVAILABLE_KEY});
- Configuration.addDeprecation("dfs.access.token.enable",
- new String[]{CommonConfigurationKeys.FS_ACCESS_TOKEN_ENABLE_KEY});
- Configuration.addDeprecation("dfs.access.key.update.interval",
- new String[]{CommonConfigurationKeys.FS_ACCESS_KEY_UPDATE_INTERVAL_KEY});
- Configuration.addDeprecation("dfs.access.token.lifetime",
- new String[]{CommonConfigurationKeys.FS_ACCESS_TOKEN_LIFETIME_KEY});
Configuration.addDeprecation("fs.default.name",
new String[]{CommonConfigurationKeys.FS_DEFAULT_NAME_KEY});
}
diff --git a/src/java/org/apache/hadoop/fs/CommonConfigurationKeys.java b/src/java/org/apache/hadoop/fs/CommonConfigurationKeys.java
index d721f5ed04a..5dcc2cb5ab1 100644
--- a/src/java/org/apache/hadoop/fs/CommonConfigurationKeys.java
+++ b/src/java/org/apache/hadoop/fs/CommonConfigurationKeys.java
@@ -43,15 +43,6 @@ public class CommonConfigurationKeys {
public static final int FS_PERMISSIONS_UMASK_DEFAULT = 0022;
public static final String FS_DF_INTERVAL_KEY = "fs.df.interval";
public static final long FS_DF_INTERVAL_DEFAULT = 60000;
- public static final String FS_ACCESS_TOKEN_ENABLE_KEY =
- "fs.access.token.enable";
- public static final boolean FS_ACCESS_TOKEN_ENABLE_DEFAULT = false;
- public static final String FS_ACCESS_KEY_UPDATE_INTERVAL_KEY =
- "fs.access.key.update.interval";
- public static final long FS_ACCESS_KEY_UPDATE_INTERVAL_DEFAULT = 600;
- public static final String FS_ACCESS_TOKEN_LIFETIME_KEY =
- "fs.access.token.lifetime";
- public static final long FS_ACCESS_TOKEN_LIFETIME_DEFAULT = 600;
//Defaults are not specified for following keys
diff --git a/src/java/org/apache/hadoop/security/AccessKey.java b/src/java/org/apache/hadoop/security/AccessKey.java
deleted file mode 100644
index 81b6383381e..00000000000
--- a/src/java/org/apache/hadoop/security/AccessKey.java
+++ /dev/null
@@ -1,110 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.security;
-
-import java.io.DataInput;
-import java.io.DataOutput;
-import java.io.IOException;
-
-import javax.crypto.Mac;
-
-import org.apache.hadoop.io.Text;
-import org.apache.hadoop.io.Writable;
-import org.apache.hadoop.io.WritableUtils;
-
-/**
- * Key used for generating and verifying access tokens
- */
-public class AccessKey implements Writable {
- private long keyID;
- private Text key;
- private long expiryDate;
- private Mac mac;
-
- public AccessKey() {
- this(0L, new Text(), 0L);
- }
-
- public AccessKey(long keyID, Text key, long expiryDate) {
- this.keyID = keyID;
- this.key = key;
- this.expiryDate = expiryDate;
- }
-
- public long getKeyID() {
- return keyID;
- }
-
- public Text getKey() {
- return key;
- }
-
- public long getExpiryDate() {
- return expiryDate;
- }
-
- public Mac getMac() {
- return mac;
- }
-
- public void setMac(Mac mac) {
- this.mac = mac;
- }
-
- static boolean isEqual(Object a, Object b) {
- return a == null ? b == null : a.equals(b);
- }
-
- /** {@inheritDoc} */
- public boolean equals(Object obj) {
- if (obj == this) {
- return true;
- }
- if (obj instanceof AccessKey) {
- AccessKey that = (AccessKey) obj;
- return this.keyID == that.keyID && isEqual(this.key, that.key)
- && this.expiryDate == that.expiryDate;
- }
- return false;
- }
-
- /** {@inheritDoc} */
- public int hashCode() {
- return key == null ? 0 : key.hashCode();
- }
-
- // ///////////////////////////////////////////////
- // Writable
- // ///////////////////////////////////////////////
- /**
- */
- public void write(DataOutput out) throws IOException {
- WritableUtils.writeVLong(out, keyID);
- key.write(out);
- WritableUtils.writeVLong(out, expiryDate);
- }
-
- /**
- */
- public void readFields(DataInput in) throws IOException {
- keyID = WritableUtils.readVLong(in);
- key.readFields(in);
- expiryDate = WritableUtils.readVLong(in);
- }
-}
\ No newline at end of file
diff --git a/src/java/org/apache/hadoop/security/AccessToken.java b/src/java/org/apache/hadoop/security/AccessToken.java
deleted file mode 100644
index 5a5d9a72f46..00000000000
--- a/src/java/org/apache/hadoop/security/AccessToken.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.security;
-
-import java.io.DataInput;
-import java.io.DataOutput;
-import java.io.IOException;
-
-import org.apache.hadoop.io.Text;
-import org.apache.hadoop.io.Writable;
-
-public class AccessToken implements Writable {
- public static final AccessToken DUMMY_TOKEN = new AccessToken();
- private Text tokenID;
- private Text tokenAuthenticator;
-
- public AccessToken() {
- this(new Text(), new Text());
- }
-
- public AccessToken(Text tokenID, Text tokenAuthenticator) {
- this.tokenID = tokenID;
- this.tokenAuthenticator = tokenAuthenticator;
- }
-
- public Text getTokenID() {
- return tokenID;
- }
-
- public Text getTokenAuthenticator() {
- return tokenAuthenticator;
- }
-
- static boolean isEqual(Object a, Object b) {
- return a == null ? b == null : a.equals(b);
- }
-
- /** {@inheritDoc} */
- public boolean equals(Object obj) {
- if (obj == this) {
- return true;
- }
- if (obj instanceof AccessToken) {
- AccessToken that = (AccessToken) obj;
- return isEqual(this.tokenID, that.tokenID)
- && isEqual(this.tokenAuthenticator, that.tokenAuthenticator);
- }
- return false;
- }
-
- /** {@inheritDoc} */
- public int hashCode() {
- return tokenAuthenticator == null ? 0 : tokenAuthenticator.hashCode();
- }
-
- // ///////////////////////////////////////////////
- // Writable
- // ///////////////////////////////////////////////
- /**
- */
- public void write(DataOutput out) throws IOException {
- tokenID.write(out);
- tokenAuthenticator.write(out);
- }
-
- /**
- */
- public void readFields(DataInput in) throws IOException {
- tokenID.readFields(in);
- tokenAuthenticator.readFields(in);
- }
-
-}
\ No newline at end of file
diff --git a/src/java/org/apache/hadoop/security/AccessTokenHandler.java b/src/java/org/apache/hadoop/security/AccessTokenHandler.java
deleted file mode 100644
index 97166dcb966..00000000000
--- a/src/java/org/apache/hadoop/security/AccessTokenHandler.java
+++ /dev/null
@@ -1,312 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.security;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.DataInputStream;
-import java.io.DataOutputStream;
-import java.io.IOException;
-import java.security.NoSuchAlgorithmException;
-import java.security.GeneralSecurityException;
-import java.security.SecureRandom;
-import java.util.EnumSet;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-
-import javax.crypto.KeyGenerator;
-import javax.crypto.Mac;
-import javax.crypto.spec.SecretKeySpec;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.io.Text;
-import org.apache.hadoop.io.WritableUtils;
-import org.apache.hadoop.fs.CommonConfigurationKeys;
-
-/**
- * AccessTokenHandler can be instantiated in 2 modes, master mode and slave
- * mode. Master can generate new access keys and export access keys to slaves,
- * while slaves can only import and use access keys received from master. Both
- * master and slave can generate and verify access tokens. Typically, master
- * mode is used by NN and slave mode is used by DN.
- */
-public class AccessTokenHandler {
- private static final Log LOG = LogFactory.getLog(AccessTokenHandler.class);
- public static final String STRING_ENABLE_ACCESS_TOKEN =
- CommonConfigurationKeys.FS_ACCESS_TOKEN_ENABLE_KEY;
- public static final String STRING_ACCESS_KEY_UPDATE_INTERVAL =
- CommonConfigurationKeys.FS_ACCESS_KEY_UPDATE_INTERVAL_KEY;
- public static final String STRING_ACCESS_TOKEN_LIFETIME =
- CommonConfigurationKeys.FS_ACCESS_TOKEN_LIFETIME_KEY;
-
-
- private final boolean isMaster;
- /*
- * keyUpdateInterval is the interval that NN updates its access keys. It
- * should be set long enough so that all live DN's and Balancer should have
- * sync'ed their access keys with NN at least once during each interval.
- */
- private final long keyUpdateInterval;
- private long tokenLifetime;
- private long serialNo = new SecureRandom().nextLong();
- private KeyGenerator keyGen;
- private AccessKey currentKey;
- private AccessKey nextKey;
- private Map allKeys;
-
- public static enum AccessMode {
- READ, WRITE, COPY, REPLACE
- };
-
- /**
- * Constructor
- *
- * @param isMaster
- * @param keyUpdateInterval
- * @param tokenLifetime
- * @throws IOException
- */
- public AccessTokenHandler(boolean isMaster, long keyUpdateInterval,
- long tokenLifetime) throws IOException {
- this.isMaster = isMaster;
- this.keyUpdateInterval = keyUpdateInterval;
- this.tokenLifetime = tokenLifetime;
- this.allKeys = new HashMap();
- if (isMaster) {
- try {
- generateKeys();
- initMac(currentKey);
- } catch (GeneralSecurityException e) {
- throw (IOException) new IOException(
- "Failed to create AccessTokenHandler").initCause(e);
- }
- }
- }
-
- /** Initialize access keys */
- private synchronized void generateKeys() throws NoSuchAlgorithmException {
- keyGen = KeyGenerator.getInstance("HmacSHA1");
- /*
- * Need to set estimated expiry dates for currentKey and nextKey so that if
- * NN crashes, DN can still expire those keys. NN will stop using the newly
- * generated currentKey after the first keyUpdateInterval, however it may
- * still be used by DN and Balancer to generate new tokens before they get a
- * chance to sync their keys with NN. Since we require keyUpdInterval to be
- * long enough so that all live DN's and Balancer will sync their keys with
- * NN at least once during the period, the estimated expiry date for
- * currentKey is set to now() + 2 * keyUpdateInterval + tokenLifetime.
- * Similarly, the estimated expiry date for nextKey is one keyUpdateInterval
- * more.
- */
- serialNo++;
- currentKey = new AccessKey(serialNo, new Text(keyGen.generateKey()
- .getEncoded()), System.currentTimeMillis() + 2 * keyUpdateInterval
- + tokenLifetime);
- serialNo++;
- nextKey = new AccessKey(serialNo, new Text(keyGen.generateKey()
- .getEncoded()), System.currentTimeMillis() + 3 * keyUpdateInterval
- + tokenLifetime);
- allKeys.put(currentKey.getKeyID(), currentKey);
- allKeys.put(nextKey.getKeyID(), nextKey);
- }
-
- /** Initialize Mac function */
- private synchronized void initMac(AccessKey key) throws IOException {
- try {
- Mac mac = Mac.getInstance("HmacSHA1");
- mac.init(new SecretKeySpec(key.getKey().getBytes(), "HmacSHA1"));
- key.setMac(mac);
- } catch (GeneralSecurityException e) {
- throw (IOException) new IOException(
- "Failed to initialize Mac for access key, keyID=" + key.getKeyID())
- .initCause(e);
- }
- }
-
- /** Export access keys, only to be used in master mode */
- public synchronized ExportedAccessKeys exportKeys() {
- if (!isMaster)
- return null;
- if (LOG.isDebugEnabled())
- LOG.debug("Exporting access keys");
- return new ExportedAccessKeys(true, keyUpdateInterval, tokenLifetime,
- currentKey, allKeys.values().toArray(new AccessKey[0]));
- }
-
- private synchronized void removeExpiredKeys() {
- long now = System.currentTimeMillis();
- for (Iterator> it = allKeys.entrySet()
- .iterator(); it.hasNext();) {
- Map.Entry e = it.next();
- if (e.getValue().getExpiryDate() < now) {
- it.remove();
- }
- }
- }
-
- /**
- * Set access keys, only to be used in slave mode
- */
- public synchronized void setKeys(ExportedAccessKeys exportedKeys)
- throws IOException {
- if (isMaster || exportedKeys == null)
- return;
- LOG.info("Setting access keys");
- removeExpiredKeys();
- this.currentKey = exportedKeys.getCurrentKey();
- initMac(currentKey);
- AccessKey[] receivedKeys = exportedKeys.getAllKeys();
- for (int i = 0; i < receivedKeys.length; i++) {
- if (receivedKeys[i] == null)
- continue;
- this.allKeys.put(receivedKeys[i].getKeyID(), receivedKeys[i]);
- }
- }
-
- /**
- * Update access keys, only to be used in master mode
- */
- public synchronized void updateKeys() throws IOException {
- if (!isMaster)
- return;
- LOG.info("Updating access keys");
- removeExpiredKeys();
- // set final expiry date of retiring currentKey
- allKeys.put(currentKey.getKeyID(), new AccessKey(currentKey.getKeyID(),
- currentKey.getKey(), System.currentTimeMillis() + keyUpdateInterval
- + tokenLifetime));
- // update the estimated expiry date of new currentKey
- currentKey = new AccessKey(nextKey.getKeyID(), nextKey.getKey(), System
- .currentTimeMillis()
- + 2 * keyUpdateInterval + tokenLifetime);
- initMac(currentKey);
- allKeys.put(currentKey.getKeyID(), currentKey);
- // generate a new nextKey
- serialNo++;
- nextKey = new AccessKey(serialNo, new Text(keyGen.generateKey()
- .getEncoded()), System.currentTimeMillis() + 3 * keyUpdateInterval
- + tokenLifetime);
- allKeys.put(nextKey.getKeyID(), nextKey);
- }
-
- /** Check if token is well formed */
- private synchronized boolean verifyToken(long keyID, AccessToken token)
- throws IOException {
- AccessKey key = allKeys.get(keyID);
- if (key == null) {
- LOG.warn("Access key for keyID=" + keyID + " doesn't exist.");
- return false;
- }
- if (key.getMac() == null) {
- initMac(key);
- }
- Text tokenID = token.getTokenID();
- Text authenticator = new Text(key.getMac().doFinal(tokenID.getBytes()));
- return authenticator.equals(token.getTokenAuthenticator());
- }
-
- /** Generate an access token for current user */
- public AccessToken generateToken(long blockID, EnumSet modes)
- throws IOException {
- UserGroupInformation ugi = UserGroupInformation.getCurrentUGI();
- String userID = (ugi == null ? null : ugi.getUserName());
- return generateToken(userID, blockID, modes);
- }
-
- /** Generate an access token for a specified user */
- public synchronized AccessToken generateToken(String userID, long blockID,
- EnumSet modes) throws IOException {
- if (LOG.isDebugEnabled()) {
- LOG.debug("Generating access token for user=" + userID + ", blockID="
- + blockID + ", access modes=" + modes + ", keyID="
- + currentKey.getKeyID());
- }
- if (modes == null || modes.isEmpty())
- throw new IOException("access modes can't be null or empty");
- ByteArrayOutputStream buf = new ByteArrayOutputStream(4096);
- DataOutputStream out = new DataOutputStream(buf);
- WritableUtils.writeVLong(out, System.currentTimeMillis() + tokenLifetime);
- WritableUtils.writeVLong(out, currentKey.getKeyID());
- WritableUtils.writeString(out, userID);
- WritableUtils.writeVLong(out, blockID);
- WritableUtils.writeVInt(out, modes.size());
- for (AccessMode aMode : modes) {
- WritableUtils.writeEnum(out, aMode);
- }
- Text tokenID = new Text(buf.toByteArray());
- return new AccessToken(tokenID, new Text(currentKey.getMac().doFinal(
- tokenID.getBytes())));
- }
-
- /** Check if access should be allowed. userID is not checked if null */
- public boolean checkAccess(AccessToken token, String userID, long blockID,
- AccessMode mode) throws IOException {
- long oExpiry = 0;
- long oKeyID = 0;
- String oUserID = null;
- long oBlockID = 0;
- EnumSet oModes = EnumSet.noneOf(AccessMode.class);
-
- try {
- ByteArrayInputStream buf = new ByteArrayInputStream(token.getTokenID()
- .getBytes());
- DataInputStream in = new DataInputStream(buf);
- oExpiry = WritableUtils.readVLong(in);
- oKeyID = WritableUtils.readVLong(in);
- oUserID = WritableUtils.readString(in);
- oBlockID = WritableUtils.readVLong(in);
- int length = WritableUtils.readVInt(in);
- for (int i = 0; i < length; ++i) {
- oModes.add(WritableUtils.readEnum(in, AccessMode.class));
- }
- } catch (IOException e) {
- throw (IOException) new IOException(
- "Unable to parse access token for user=" + userID + ", blockID="
- + blockID + ", access mode=" + mode).initCause(e);
- }
- if (LOG.isDebugEnabled()) {
- LOG.debug("Verifying access token for user=" + userID + ", blockID="
- + blockID + ", access mode=" + mode + ", keyID=" + oKeyID);
- }
- return (userID == null || userID.equals(oUserID)) && oBlockID == blockID
- && !isExpired(oExpiry) && oModes.contains(mode)
- && verifyToken(oKeyID, token);
- }
-
- private static boolean isExpired(long expiryDate) {
- return System.currentTimeMillis() > expiryDate;
- }
-
- /** check if a token is expired. for unit test only.
- * return true when token is expired, false otherwise */
- static boolean isTokenExpired(AccessToken token) throws IOException {
- ByteArrayInputStream buf = new ByteArrayInputStream(token.getTokenID()
- .getBytes());
- DataInputStream in = new DataInputStream(buf);
- long expiryDate = WritableUtils.readVLong(in);
- return isExpired(expiryDate);
- }
-
- /** set token lifetime. for unit test only */
- synchronized void setTokenLifetime(long tokenLifetime) {
- this.tokenLifetime = tokenLifetime;
- }
-}
diff --git a/src/java/org/apache/hadoop/security/ExportedAccessKeys.java b/src/java/org/apache/hadoop/security/ExportedAccessKeys.java
deleted file mode 100644
index e5ab2934b4b..00000000000
--- a/src/java/org/apache/hadoop/security/ExportedAccessKeys.java
+++ /dev/null
@@ -1,138 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.security;
-
-import java.io.DataInput;
-import java.io.DataOutput;
-import java.io.IOException;
-import java.util.Arrays;
-
-import org.apache.hadoop.io.Writable;
-import org.apache.hadoop.io.WritableFactories;
-import org.apache.hadoop.io.WritableFactory;
-
-/**
- * Object for passing access keys
- */
-public class ExportedAccessKeys implements Writable {
- public static final ExportedAccessKeys DUMMY_KEYS = new ExportedAccessKeys();
- private boolean isAccessTokenEnabled;
- private long keyUpdateInterval;
- private long tokenLifetime;
- private AccessKey currentKey;
- private AccessKey[] allKeys;
-
- public ExportedAccessKeys() {
- this(false, 0, 0, new AccessKey(), new AccessKey[0]);
- }
-
- ExportedAccessKeys(boolean isAccessTokenEnabled, long keyUpdateInterval,
- long tokenLifetime, AccessKey currentKey, AccessKey[] allKeys) {
- this.isAccessTokenEnabled = isAccessTokenEnabled;
- this.keyUpdateInterval = keyUpdateInterval;
- this.tokenLifetime = tokenLifetime;
- this.currentKey = currentKey;
- this.allKeys = allKeys;
- }
-
- public boolean isAccessTokenEnabled() {
- return isAccessTokenEnabled;
- }
-
- public long getKeyUpdateInterval() {
- return keyUpdateInterval;
- }
-
- public long getTokenLifetime() {
- return tokenLifetime;
- }
-
- public AccessKey getCurrentKey() {
- return currentKey;
- }
-
- public AccessKey[] getAllKeys() {
- return allKeys;
- }
-
- static boolean isEqual(Object a, Object b) {
- return a == null ? b == null : a.equals(b);
- }
-
- /** {@inheritDoc} */
- public boolean equals(Object obj) {
- if (obj == this) {
- return true;
- }
- if (obj instanceof ExportedAccessKeys) {
- ExportedAccessKeys that = (ExportedAccessKeys) obj;
- return this.isAccessTokenEnabled == that.isAccessTokenEnabled
- && this.keyUpdateInterval == that.keyUpdateInterval
- && this.tokenLifetime == that.tokenLifetime
- && isEqual(this.currentKey, that.currentKey)
- && Arrays.equals(this.allKeys, that.allKeys);
- }
- return false;
- }
-
- /** {@inheritDoc} */
- public int hashCode() {
- return currentKey == null ? 0 : currentKey.hashCode();
- }
-
- // ///////////////////////////////////////////////
- // Writable
- // ///////////////////////////////////////////////
- static { // register a ctor
- WritableFactories.setFactory(ExportedAccessKeys.class,
- new WritableFactory() {
- public Writable newInstance() {
- return new ExportedAccessKeys();
- }
- });
- }
-
- /**
- */
- public void write(DataOutput out) throws IOException {
- out.writeBoolean(isAccessTokenEnabled);
- out.writeLong(keyUpdateInterval);
- out.writeLong(tokenLifetime);
- currentKey.write(out);
- out.writeInt(allKeys.length);
- for (int i = 0; i < allKeys.length; i++) {
- allKeys[i].write(out);
- }
- }
-
- /**
- */
- public void readFields(DataInput in) throws IOException {
- isAccessTokenEnabled = in.readBoolean();
- keyUpdateInterval = in.readLong();
- tokenLifetime = in.readLong();
- currentKey.readFields(in);
- this.allKeys = new AccessKey[in.readInt()];
- for (int i = 0; i < allKeys.length; i++) {
- allKeys[i] = new AccessKey();
- allKeys[i].readFields(in);
- }
- }
-
-}
\ No newline at end of file
diff --git a/src/java/org/apache/hadoop/security/InvalidAccessTokenException.java b/src/java/org/apache/hadoop/security/InvalidAccessTokenException.java
deleted file mode 100644
index eabce15ea3b..00000000000
--- a/src/java/org/apache/hadoop/security/InvalidAccessTokenException.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.security;
-
-import java.io.IOException;
-
-/**
- * Access token verification failed.
- */
-public class InvalidAccessTokenException extends IOException {
- private static final long serialVersionUID = 168L;
-
- public InvalidAccessTokenException() {
- super();
- }
-
- public InvalidAccessTokenException(String msg) {
- super(msg);
- }
-}
diff --git a/src/test/core/org/apache/hadoop/security/SecurityTestUtil.java b/src/test/core/org/apache/hadoop/security/SecurityTestUtil.java
deleted file mode 100644
index d6a30fcad10..00000000000
--- a/src/test/core/org/apache/hadoop/security/SecurityTestUtil.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.security;
-
-import java.io.IOException;
-
-/** Utilities for security tests */
-public class SecurityTestUtil {
-
- /**
- * check if an access token is expired. return true when token is expired,
- * false otherwise
- */
- public static boolean isAccessTokenExpired(AccessToken token)
- throws IOException {
- return AccessTokenHandler.isTokenExpired(token);
- }
-
- /**
- * set access token lifetime.
- */
- public static void setAccessTokenLifetime(AccessTokenHandler handler,
- long tokenLifetime) {
- handler.setTokenLifetime(tokenLifetime);
- }
-
-}
diff --git a/src/test/core/org/apache/hadoop/security/TestAccessToken.java b/src/test/core/org/apache/hadoop/security/TestAccessToken.java
deleted file mode 100644
index cd3cc4c482a..00000000000
--- a/src/test/core/org/apache/hadoop/security/TestAccessToken.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hadoop.security;
-
-import java.util.EnumSet;
-
-import org.apache.hadoop.io.TestWritable;
-
-import junit.framework.TestCase;
-
-/** Unit tests for access tokens */
-public class TestAccessToken extends TestCase {
- long accessKeyUpdateInterval = 10 * 60 * 1000; // 10 mins
- long accessTokenLifetime = 2 * 60 * 1000; // 2 mins
- long blockID1 = 0L;
- long blockID2 = 10L;
- long blockID3 = -108L;
-
- /** test Writable */
- public void testWritable() throws Exception {
- TestWritable.testWritable(ExportedAccessKeys.DUMMY_KEYS);
- AccessTokenHandler handler = new AccessTokenHandler(true,
- accessKeyUpdateInterval, accessTokenLifetime);
- ExportedAccessKeys keys = handler.exportKeys();
- TestWritable.testWritable(keys);
- TestWritable.testWritable(AccessToken.DUMMY_TOKEN);
- AccessToken token = handler.generateToken(blockID3, EnumSet
- .allOf(AccessTokenHandler.AccessMode.class));
- TestWritable.testWritable(token);
- }
-
- private void tokenGenerationAndVerification(AccessTokenHandler master,
- AccessTokenHandler slave) throws Exception {
- // single-mode tokens
- for (AccessTokenHandler.AccessMode mode : AccessTokenHandler.AccessMode
- .values()) {
- // generated by master
- AccessToken token1 = master.generateToken(blockID1, EnumSet.of(mode));
- assertTrue(master.checkAccess(token1, null, blockID1, mode));
- assertTrue(slave.checkAccess(token1, null, blockID1, mode));
- // generated by slave
- AccessToken token2 = slave.generateToken(blockID2, EnumSet.of(mode));
- assertTrue(master.checkAccess(token2, null, blockID2, mode));
- assertTrue(slave.checkAccess(token2, null, blockID2, mode));
- }
- // multi-mode tokens
- AccessToken mtoken = master.generateToken(blockID3, EnumSet
- .allOf(AccessTokenHandler.AccessMode.class));
- for (AccessTokenHandler.AccessMode mode : AccessTokenHandler.AccessMode
- .values()) {
- assertTrue(master.checkAccess(mtoken, null, blockID3, mode));
- assertTrue(slave.checkAccess(mtoken, null, blockID3, mode));
- }
- }
-
- /** test access key and token handling */
- public void testAccessTokenHandler() throws Exception {
- AccessTokenHandler masterHandler = new AccessTokenHandler(true,
- accessKeyUpdateInterval, accessTokenLifetime);
- AccessTokenHandler slaveHandler = new AccessTokenHandler(false,
- accessKeyUpdateInterval, accessTokenLifetime);
- ExportedAccessKeys keys = masterHandler.exportKeys();
- slaveHandler.setKeys(keys);
- tokenGenerationAndVerification(masterHandler, slaveHandler);
- // key updating
- masterHandler.updateKeys();
- tokenGenerationAndVerification(masterHandler, slaveHandler);
- keys = masterHandler.exportKeys();
- slaveHandler.setKeys(keys);
- tokenGenerationAndVerification(masterHandler, slaveHandler);
- }
-
-}