From cb8d679c95642842efacc5d38ccf2a61b043c689 Mon Sep 17 00:00:00 2001 From: Lars Francke Date: Sat, 3 Nov 2018 16:21:29 +0000 Subject: [PATCH] HADOOP-15687. Credentials class should allow access to aliases. Author: Lars Francke --- .../apache/hadoop/security/Credentials.java | 15 +++++ .../hadoop/security/TestCredentials.java | 57 ++++++++++--------- 2 files changed, 44 insertions(+), 28 deletions(-) diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java index 4fafa4a8c58..4b0d8890031 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java @@ -31,6 +31,7 @@ import java.nio.charset.StandardCharsets; import java.util.Arrays; import java.util.Collection; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -141,6 +142,13 @@ public Collection> getAllTokens() { return tokenMap.values(); } + /** + * Returns an unmodifiable version of the full map of aliases to Tokens. + */ + public Map> getTokenMap() { + return Collections.unmodifiableMap(tokenMap); + } + /** * @return number of Tokens in the in-memory map */ @@ -191,6 +199,13 @@ public List getAllSecretKeys() { return list; } + /** + * Returns an unmodifiable version of the full map of aliases to secret keys. + */ + public Map getSecretKeyMap() { + return Collections.unmodifiableMap(secretKeysMap); + } + /** * Convenience method for reading a token storage file and loading its Tokens. * @param filename diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestCredentials.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestCredentials.java index 1245c0794bb..02ba1539d41 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestCredentials.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestCredentials.java @@ -39,8 +39,6 @@ import javax.crypto.KeyGenerator; import org.apache.hadoop.io.Text; -import org.apache.hadoop.io.WritableComparator; -import org.apache.hadoop.security.Credentials; import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.TokenIdentifier; import org.apache.hadoop.test.GenericTestUtils; @@ -74,6 +72,9 @@ public void testReadWriteStorage() Token token2 = new Token(); Text service1 = new Text("service1"); Text service2 = new Text("service2"); + Text alias1 = new Text("sometoken1"); + Text alias2 = new Text("sometoken2"); + Collection services = new ArrayList(); services.add(service1); @@ -81,8 +82,8 @@ public void testReadWriteStorage() token1.setService(service1); token2.setService(service2); - ts.addToken(new Text("sometoken1"), token1); - ts.addToken(new Text("sometoken2"), token2); + ts.addToken(alias1, token1); + ts.addToken(alias2, token2); // create keys and put it in final KeyGenerator kg = KeyGenerator.getInstance(DEFAULT_HMAC_ALGORITHM); @@ -109,32 +110,32 @@ public void testReadWriteStorage() dis.close(); // get the tokens and compare the services - Collection> list = ts.getAllTokens(); - assertEquals("getAllTokens should return collection of size 2", - list.size(), 2); - boolean foundFirst = false; - boolean foundSecond = false; - for (Token token : list) { - if (token.getService().equals(service1)) { - foundFirst = true; - } - if (token.getService().equals(service2)) { - foundSecond = true; - } - } - assertTrue("Tokens for services service1 and service2 must be present", - foundFirst && foundSecond); + Map> tokenMap = ts.getTokenMap(); + assertEquals("getTokenMap should return collection of size 2", 2, + tokenMap.size()); + assertTrue("Token for alias " + alias1 + " must be present", + tokenMap.containsKey(alias1)); + assertTrue("Token for alias " + alias2 + " must be present", + tokenMap.containsKey(alias2)); + assertEquals("Token for service " + service1 + " must be present", service1, + tokenMap.get(alias1).getService()); + assertEquals("Token for service " + service2 + " must be present", service2, + tokenMap.get(alias2).getService()); + + // compare secret keys - int mapLen = m.size(); - assertEquals("wrong number of keys in the Storage", - mapLen, ts.numberOfSecretKeys()); - for(Text a : m.keySet()) { - byte [] kTS = ts.getSecretKey(a); - byte [] kLocal = m.get(a); - assertTrue("keys don't match for " + a, - WritableComparator.compareBytes(kTS, 0, kTS.length, kLocal, - 0, kLocal.length)==0); + Map secretKeyMap = ts.getSecretKeyMap(); + assertEquals("wrong number of keys in the Storage", m.size(), + ts.numberOfSecretKeys()); + + for (Map.Entry entry : m.entrySet()) { + byte[] key = secretKeyMap.get(entry.getKey()); + assertNotNull("Secret key for alias " + entry.getKey() + " not found", + key); + assertTrue("Keys don't match for alias " + entry.getKey(), + Arrays.equals(key, entry.getValue())); } + tmpFileName.delete(); }