Apache/hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HADOOP-15687. Credentials class should allow access to aliases.

Browse Source 
Author:    Lars Francke <lars.francke@gmail.com>
This commit is contained in:
Lars Francke 2018-11-03 16:21:29 +00:00 committed by Steve Loughran
parent f84a278baa
commit cb8d679c95
No known key found for this signature in database
GPG Key ID: D22CF846DBB162A0
2 changed files with 44 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java
View File

@ -31,6 +31,7 @@
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -141,6 +142,13 @@ public Collection<Token<? extends TokenIdentifier>> getAllTokens() {
return tokenMap.values(); return tokenMap.values();
} }
/**
* Returns an unmodifiable version of the full map of aliases to Tokens.
*/
public Map<Text, Token<? extends TokenIdentifier>> getTokenMap() {
return Collections.unmodifiableMap(tokenMap);
}
/** /**
* @return number of Tokens in the in-memory map * @return number of Tokens in the in-memory map
*/ */
@ -191,6 +199,13 @@ public List<Text> getAllSecretKeys() {
return list; return list;
} }
/**
* Returns an unmodifiable version of the full map of aliases to secret keys.
*/
public Map<Text, byte[]> getSecretKeyMap() {
return Collections.unmodifiableMap(secretKeysMap);
}
/** /**
* Convenience method for reading a token storage file and loading its Tokens. * Convenience method for reading a token storage file and loading its Tokens.
* @param filename * @param filename

57
hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestCredentials.java
View File

@ -39,8 +39,6 @@
import javax.crypto.KeyGenerator; import javax.crypto.KeyGenerator;
import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Text;
import org.apache.hadoop.io.WritableComparator;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.token.Token; import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier; import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.test.GenericTestUtils; import org.apache.hadoop.test.GenericTestUtils;
@ -74,6 +72,9 @@ public <T extends TokenIdentifier> void testReadWriteStorage()
Token<T> token2 = new Token(); Token<T> token2 = new Token();
Text service1 = new Text("service1"); Text service1 = new Text("service1");
Text service2 = new Text("service2"); Text service2 = new Text("service2");
Text alias1 = new Text("sometoken1");
Text alias2 = new Text("sometoken2");
Collection<Text> services = new ArrayList<Text>(); Collection<Text> services = new ArrayList<Text>();
services.add(service1); services.add(service1);
@ -81,8 +82,8 @@ public <T extends TokenIdentifier> void testReadWriteStorage()
token1.setService(service1); token1.setService(service1);
token2.setService(service2); token2.setService(service2);
ts.addToken(new Text("sometoken1"), token1); ts.addToken(alias1, token1);
ts.addToken(new Text("sometoken2"), token2); ts.addToken(alias2, token2);
// create keys and put it in // create keys and put it in
final KeyGenerator kg = KeyGenerator.getInstance(DEFAULT_HMAC_ALGORITHM); final KeyGenerator kg = KeyGenerator.getInstance(DEFAULT_HMAC_ALGORITHM);
@ -109,32 +110,32 @@ public <T extends TokenIdentifier> void testReadWriteStorage()
dis.close(); dis.close();
// get the tokens and compare the services // get the tokens and compare the services
Collection<Token<? extends TokenIdentifier>> list = ts.getAllTokens(); Map<Text, Token<? extends TokenIdentifier>> tokenMap = ts.getTokenMap();
assertEquals("getAllTokens should return collection of size 2", assertEquals("getTokenMap should return collection of size 2", 2,
list.size(), 2); tokenMap.size());
boolean foundFirst = false; assertTrue("Token for alias " + alias1 + " must be present",
boolean foundSecond = false; tokenMap.containsKey(alias1));
for (Token<? extends TokenIdentifier> token : list) { assertTrue("Token for alias " + alias2 + " must be present",
if (token.getService().equals(service1)) { tokenMap.containsKey(alias2));
foundFirst = true; assertEquals("Token for service " + service1 + " must be present", service1,
} tokenMap.get(alias1).getService());
if (token.getService().equals(service2)) { assertEquals("Token for service " + service2 + " must be present", service2,
foundSecond = true; tokenMap.get(alias2).getService());
}
}
assertTrue("Tokens for services service1 and service2 must be present",
foundFirst && foundSecond);
// compare secret keys // compare secret keys
int mapLen = m.size(); Map<Text, byte[]> secretKeyMap = ts.getSecretKeyMap();
assertEquals("wrong number of keys in the Storage", assertEquals("wrong number of keys in the Storage", m.size(),
mapLen, ts.numberOfSecretKeys()); ts.numberOfSecretKeys());
for(Text a : m.keySet()) {
byte [] kTS = ts.getSecretKey(a); for (Map.Entry<Text, byte[]> entry : m.entrySet()) {
byte [] kLocal = m.get(a); byte[] key = secretKeyMap.get(entry.getKey());
assertTrue("keys don't match for " + a, assertNotNull("Secret key for alias " + entry.getKey() + " not found",
WritableComparator.compareBytes(kTS, 0, kTS.length, kLocal, key);
0, kLocal.length)==0); assertTrue("Keys don't match for alias " + entry.getKey(),
Arrays.equals(key, entry.getValue()));
} }
tmpFileName.delete(); tmpFileName.delete();
} }