@SuppressWarnings("unchecked") @Override public long renewDelegationToken(final Token<?> token) throws IOException { // update the kerberos credentials, if they are coming from a keytab UserGroupInformation connectUgi = ugi.getRealUser(); if (connectUgi == null) { connectUgi = ugi; } try { return connectUgi.doAs(new PrivilegedExceptionAction<Long>() { @Override public Long run() throws Exception { InetSocketAddress serviceAddr = SecurityUtil .getTokenServiceAddr(token); return DelegationTokenFetcher.renewDelegationToken(connectionFactory, DFSUtil.createUri(getUnderlyingProtocol(), serviceAddr), (Token<DelegationTokenIdentifier>) token); } }); } catch (InterruptedException e) { throw new IOException(e); } }
@SuppressWarnings("unchecked") @Override public void cancelDelegationToken(final Token<?> token) throws IOException { UserGroupInformation connectUgi = ugi.getRealUser(); if (connectUgi == null) { connectUgi = ugi; } try { connectUgi.doAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { InetSocketAddress serviceAddr = SecurityUtil .getTokenServiceAddr(token); DelegationTokenFetcher.cancelDelegationToken(connectionFactory, DFSUtil.createUri(getUnderlyingProtocol(), serviceAddr), (Token<DelegationTokenIdentifier>) token); return null; } }); } catch (InterruptedException e) { throw new IOException(e); } }
/** * Call fetch token using http server */ @Test public void expectedTokenIsRetrievedFromHttp() throws Exception { bootstrap = startHttpServer(httpPort, testToken, serviceUrl); DelegationTokenFetcher.main(new String[] { "-webservice=" + serviceUrl, tokenFile }); Path p = new Path(fileSys.getWorkingDirectory(), tokenFile); Credentials creds = Credentials.readTokenStorageFile(p, conf); Iterator<Token<?>> itr = creds.getAllTokens().iterator(); assertTrue("token not exist error", itr.hasNext()); Token<?> fetchedToken = itr.next(); Assert.assertArrayEquals("token wrong identifier error", testToken.getIdentifier(), fetchedToken.getIdentifier()); Assert.assertArrayEquals("token wrong password error", testToken.getPassword(), fetchedToken.getPassword()); if (assertionError != null) throw assertionError; }
protected static void cancelDelegationTokenOverHttps( final Token<DelegationTokenIdentifier> token, final Configuration conf) throws InterruptedException, IOException{ final String httpAddress = getHttpAddressForToken(token, conf); // will be chaged to debug LOG.info("address to cancel=" + httpAddress + "; tok=" + token.getService()); UserGroupInformation.getLoginUser().doAs( new PrivilegedExceptionAction<Void>() { public Void run() throws IOException { DelegationTokenFetcher.cancelDelegationToken(httpAddress, token); return null; } }); LOG.info("Cancel over HTTP done. addr="+httpAddress); }
/** * try to fetch token without http server with IOException */ @Test public void testTokenFetchFail() throws Exception { try { DelegationTokenFetcher.main(new String[] { "-webservice=" + serviceUrl, tokenFile }); fail("Token fetcher shouldn't start in absense of NN"); } catch (IOException ex) { } }
/** * try to fetch token without http server with IOException */ @Test public void testTokenRenewFail() throws AuthenticationException { try { DelegationTokenFetcher.renewDelegationToken(connectionFactory, serviceUrl, testToken); fail("Token fetcher shouldn't be able to renew tokens in absense of NN"); } catch (IOException ex) { } }
/** * try cancel token without http server with IOException */ @Test public void expectedTokenCancelFail() throws AuthenticationException { try { DelegationTokenFetcher.cancelDelegationToken(connectionFactory, serviceUrl, testToken); fail("Token fetcher shouldn't be able to cancel tokens in absense of NN"); } catch (IOException ex) { } }
/** * try fetch token and get http response with error */ @Test public void expectedTokenRenewErrorHttpResponse() throws AuthenticationException, URISyntaxException { bootstrap = startHttpServer(httpPort, testToken, serviceUrl); try { DelegationTokenFetcher.renewDelegationToken(connectionFactory, new URI( serviceUrl.toString() + "/exception"), createToken(serviceUrl)); fail("Token fetcher shouldn't be able to renew tokens using an invalid" + " NN URL"); } catch (IOException ex) { } if (assertionError != null) throw assertionError; }
/** * */ @Test public void testCancelTokenFromHttp() throws IOException, AuthenticationException { bootstrap = startHttpServer(httpPort, testToken, serviceUrl); DelegationTokenFetcher.cancelDelegationToken(connectionFactory, serviceUrl, testToken); if (assertionError != null) throw assertionError; }
/** * Call renew token using http server return new expiration time */ @Test public void testRenewTokenFromHttp() throws IOException, NumberFormatException, AuthenticationException { bootstrap = startHttpServer(httpPort, testToken, serviceUrl); assertTrue("testRenewTokenFromHttp error", Long.parseLong(EXP_DATE) == DelegationTokenFetcher.renewDelegationToken( connectionFactory, serviceUrl, testToken)); if (assertionError != null) throw assertionError; }
private void checkOutput(String[] args, String pattern, PrintStream out, Class<?> clazz) { ByteArrayOutputStream outBytes = new ByteArrayOutputStream(); try { PipedOutputStream pipeOut = new PipedOutputStream(); PipedInputStream pipeIn = new PipedInputStream(pipeOut, PIPE_BUFFER_SIZE); if (out == System.out) { System.setOut(new PrintStream(pipeOut)); } else if (out == System.err) { System.setErr(new PrintStream(pipeOut)); } if (clazz == DelegationTokenFetcher.class) { expectDelegationTokenFetcherExit(args); } else if (clazz == JMXGet.class) { expectJMXGetExit(args); } else if (clazz == DFSAdmin.class) { expectDfsAdminPrint(args); } pipeOut.close(); ByteStreams.copy(pipeIn, outBytes); pipeIn.close(); assertTrue(new String(outBytes.toByteArray()).contains(pattern)); } catch (Exception ex) { fail("checkOutput error " + ex); } }
private static void expectDelegationTokenFetcherExit(String[] args) { try { DelegationTokenFetcher.main(args); fail("should call exit"); } catch (ExitException e) { ExitUtil.resetFirstExitException(); } catch (Exception ex) { fail("expectDelegationTokenFetcherExit ex error " + ex); } }
private void checkOutput(String[] args, String pattern, PrintStream out, Class<?> clazz) { ByteArrayOutputStream outBytes = new ByteArrayOutputStream(); PrintStream oldOut = System.out; PrintStream oldErr = System.err; try { PipedOutputStream pipeOut = new PipedOutputStream(); PipedInputStream pipeIn = new PipedInputStream(pipeOut, PIPE_BUFFER_SIZE); if (out == System.out) { System.setOut(new PrintStream(pipeOut)); } else if (out == System.err) { System.setErr(new PrintStream(pipeOut)); } if (clazz == DelegationTokenFetcher.class) { expectDelegationTokenFetcherExit(args); } else if (clazz == JMXGet.class) { expectJMXGetExit(args); } else if (clazz == DFSAdmin.class) { expectDfsAdminPrint(args); } pipeOut.close(); ByteStreams.copy(pipeIn, outBytes); pipeIn.close(); assertTrue(new String(outBytes.toByteArray()).contains(pattern)); } catch (Exception ex) { fail("checkOutput error " + ex); } finally { System.setOut(oldOut); System.setErr(oldErr); } }
