return new BlockTokenSecretManager(updateMin * 60 * 1000L, lifetimeMin * 60 * 1000L, nnIndex, nnIds.size(), null, encryptionAlgorithm, shouldWriteProtobufToken); } else { return new BlockTokenSecretManager(updateMin*60*1000L, lifetimeMin*60*1000L, 0, 1, null, encryptionAlgorithm, shouldWriteProtobufToken);
DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_PROTOBUF_ENABLE_DEFAULT); final BlockTokenSecretManager secretMgr = new BlockTokenSecretManager(0, blockTokenLifetime, blockPoolId, dnConf.encryptionAlgorithm, enableProtobuf); blockPoolTokenSecretManager.addBlockPool(blockPoolId, secretMgr);
DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_PROTOBUF_ENABLE, DFSConfigKeys.DFS_BLOCK_ACCESS_TOKEN_PROTOBUF_ENABLE_DEFAULT); this.blockTokenSecretManager = new BlockTokenSecretManager( updateInterval, tokenLifetime, blockpoolID, encryptionAlgorithm, enableProtobuf);
String thisNnId = HAUtil.getNameNodeId(conf, nsId); String otherNnId = HAUtil.getNameNodeIdOfOtherNode(conf, nsId); return new BlockTokenSecretManager(updateMin*60*1000L, lifetimeMin*60*1000L, thisNnId.compareTo(otherNnId) < 0 ? 0 : 1, null, encryptionAlgorithm); } else { return new BlockTokenSecretManager(updateMin*60*1000L, lifetimeMin*60*1000L, 0, null, encryptionAlgorithm);
@Test public void testWritable() throws Exception { TestWritable.testWritable(new BlockTokenIdentifier()); BlockTokenSecretManager sm = new BlockTokenSecretManager(true, blockKeyUpdateInterval, blockTokenLifetime); TestWritable.testWritable(generateTokenId(sm, block1, EnumSet .allOf(BlockTokenSecretManager.AccessMode.class))); TestWritable.testWritable(generateTokenId(sm, block2, EnumSet .of(BlockTokenSecretManager.AccessMode.WRITE))); TestWritable.testWritable(generateTokenId(sm, block3, EnumSet .noneOf(BlockTokenSecretManager.AccessMode.class))); }
String thisNnId = HAUtil.getNameNodeId(conf, nsId); String otherNnId = HAUtil.getNameNodeIdOfOtherNode(conf, nsId); return new BlockTokenSecretManager(updateMin*60*1000L, lifetimeMin*60*1000L, thisNnId.compareTo(otherNnId) < 0 ? 0 : 1, null, encryptionAlgorithm); } else { return new BlockTokenSecretManager(updateMin*60*1000L, lifetimeMin*60*1000L, 0, null, encryptionAlgorithm);
/** test block key and token handling */ @Test public void testBlockTokenSecretManager() throws Exception { BlockTokenSecretManager masterHandler = new BlockTokenSecretManager(true, blockKeyUpdateInterval, blockTokenLifetime); BlockTokenSecretManager slaveHandler = new BlockTokenSecretManager(false, blockKeyUpdateInterval, blockTokenLifetime); ExportedBlockKeys keys = masterHandler.exportKeys(); slaveHandler.setKeys(keys); tokenGenerationAndVerification(masterHandler, slaveHandler); // key updating masterHandler.updateKeys(); tokenGenerationAndVerification(masterHandler, slaveHandler); keys = masterHandler.exportKeys(); slaveHandler.setKeys(keys); tokenGenerationAndVerification(masterHandler, slaveHandler); }
+ " min(s)"); final BlockTokenSecretManager secretMgr = new BlockTokenSecretManager(0, blockTokenLifetime, blockPoolId, dnConf.encryptionAlgorithm); blockPoolTokenSecretManager.addBlockPool(blockPoolId, secretMgr);
public KeyManager(String blockpoolID, NamenodeProtocol namenode, boolean encryptDataTransfer, Configuration conf) throws IOException { this.namenode = namenode; this.encryptDataTransfer = encryptDataTransfer; this.timer = new Timer(); final ExportedBlockKeys keys = namenode.getBlockKeys(); this.isBlockTokenEnabled = keys.isBlockTokenEnabled(); if (isBlockTokenEnabled) { long updateInterval = keys.getKeyUpdateInterval(); long tokenLifetime = keys.getTokenLifetime(); LOG.info("Block token params received from NN: update interval=" + StringUtils.formatTime(updateInterval) + ", token lifetime=" + StringUtils.formatTime(tokenLifetime)); String encryptionAlgorithm = conf.get( DFSConfigKeys.DFS_DATA_ENCRYPTION_ALGORITHM_KEY); this.blockTokenSecretManager = new BlockTokenSecretManager( updateInterval, tokenLifetime, blockpoolID, encryptionAlgorithm); this.blockTokenSecretManager.addKeys(keys); // sync block keys with NN more frequently than NN updates its block keys this.blockKeyUpdater = new BlockKeyUpdater(updateInterval / 4); this.shouldRun = true; } else { this.blockTokenSecretManager = null; this.blockKeyUpdater = null; } }
this.blockTokenSecretManager = new BlockTokenSecretManager(false, 0, 0);
+ " min(s)"); final BlockTokenSecretManager secretMgr = new BlockTokenSecretManager(0, blockTokenLifetime, blockPoolId, dnConf.encryptionAlgorithm); blockPoolTokenSecretManager.addBlockPool(blockPoolId, secretMgr);
public void testBlockTokenRpcLeak() throws Exception { Assume.assumeTrue(FD_DIR.exists()); BlockTokenSecretManager sm = new BlockTokenSecretManager(true, blockKeyUpdateInterval, blockTokenLifetime); Token<BlockTokenIdentifier> token = sm.generateToken(block3,
@Test public void testWritable() throws Exception { TestWritable.testWritable(new BlockTokenIdentifier()); BlockTokenSecretManager sm = new BlockTokenSecretManager( blockKeyUpdateInterval, blockTokenLifetime, 0, "fake-pool", null); TestWritable.testWritable(generateTokenId(sm, block1, EnumSet.allOf(BlockTokenSecretManager.AccessMode.class))); TestWritable.testWritable(generateTokenId(sm, block2, EnumSet.of(BlockTokenSecretManager.AccessMode.WRITE))); TestWritable.testWritable(generateTokenId(sm, block3, EnumSet.noneOf(BlockTokenSecretManager.AccessMode.class))); }
public KeyManager(String blockpoolID, NamenodeProtocol namenode, boolean encryptDataTransfer, Configuration conf) throws IOException { this.namenode = namenode; this.encryptDataTransfer = encryptDataTransfer; this.timer = new Timer(); final ExportedBlockKeys keys = namenode.getBlockKeys(); this.isBlockTokenEnabled = keys.isBlockTokenEnabled(); if (isBlockTokenEnabled) { long updateInterval = keys.getKeyUpdateInterval(); long tokenLifetime = keys.getTokenLifetime(); LOG.info("Block token params received from NN: update interval=" + StringUtils.formatTime(updateInterval) + ", token lifetime=" + StringUtils.formatTime(tokenLifetime)); String encryptionAlgorithm = conf.get( DFSConfigKeys.DFS_DATA_ENCRYPTION_ALGORITHM_KEY); this.blockTokenSecretManager = new BlockTokenSecretManager( updateInterval, tokenLifetime, blockpoolID, encryptionAlgorithm); this.blockTokenSecretManager.addKeys(keys); // sync block keys with NN more frequently than NN updates its block keys this.blockKeyUpdater = new BlockKeyUpdater(updateInterval / 4); this.shouldRun = true; } else { this.blockTokenSecretManager = null; this.blockKeyUpdater = null; } }
/** test block key and token handling */ @Test public void testBlockTokenSecretManager() throws Exception { BlockTokenSecretManager masterHandler = new BlockTokenSecretManager( blockKeyUpdateInterval, blockTokenLifetime, 0, "fake-pool", null); BlockTokenSecretManager slaveHandler = new BlockTokenSecretManager( blockKeyUpdateInterval, blockTokenLifetime, "fake-pool", null); ExportedBlockKeys keys = masterHandler.exportKeys(); slaveHandler.addKeys(keys); tokenGenerationAndVerification(masterHandler, slaveHandler); // key updating masterHandler.updateKeys(); tokenGenerationAndVerification(masterHandler, slaveHandler); keys = masterHandler.exportKeys(); slaveHandler.addKeys(keys); tokenGenerationAndVerification(masterHandler, slaveHandler); }
@Test public void testBlockTokenRpc() throws Exception { BlockTokenSecretManager sm = new BlockTokenSecretManager(true, blockKeyUpdateInterval, blockTokenLifetime); Token<BlockTokenIdentifier> token = sm.generateToken(block3, EnumSet.allOf(BlockTokenSecretManager.AccessMode.class)); final Server server = createMockDatanode(sm, token); server.start(); final InetSocketAddress addr = NetUtils.getConnectAddress(server); final UserGroupInformation ticket = UserGroupInformation .createRemoteUser(block3.toString()); ticket.addToken(token); ClientDatanodeProtocol proxy = null; try { proxy = (ClientDatanodeProtocol)RPC.getProxy( ClientDatanodeProtocol.class, ClientDatanodeProtocol.versionID, addr, ticket, conf, NetUtils.getDefaultSocketFactory(conf)); assertEquals(block3.getBlockId(), proxy.getReplicaVisibleLength(block3)); } finally { server.stop(); if (proxy != null) { RPC.stopProxy(proxy); } } }
/** * Test {@link BlockPoolTokenSecretManager} */ @Test public void testBlockPoolTokenSecretManager() throws Exception { BlockPoolTokenSecretManager bpMgr = new BlockPoolTokenSecretManager(); // Test BlockPoolSecretManager with upto 10 block pools for (int i = 0; i < 10; i++) { String bpid = Integer.toString(i); BlockTokenSecretManager masterHandler = new BlockTokenSecretManager( blockKeyUpdateInterval, blockTokenLifetime, 0, "fake-pool", null); BlockTokenSecretManager slaveHandler = new BlockTokenSecretManager( blockKeyUpdateInterval, blockTokenLifetime, "fake-pool", null); bpMgr.addBlockPool(bpid, slaveHandler); ExportedBlockKeys keys = masterHandler.exportKeys(); bpMgr.addKeys(bpid, keys); tokenGenerationAndVerification(masterHandler, bpMgr.get(bpid)); // Test key updating masterHandler.updateKeys(); tokenGenerationAndVerification(masterHandler, bpMgr.get(bpid)); keys = masterHandler.exportKeys(); bpMgr.addKeys(bpid, keys); tokenGenerationAndVerification(masterHandler, bpMgr.get(bpid)); } }
final String blockPoolId = "bp-foo"; FakeTimer fakeTimer = new FakeTimer(); BlockTokenSecretManager btsm = new BlockTokenSecretManager( keyUpdateInterval, tokenLifeTime, 0, blockPoolId, null); Whitebox.setInternalState(btsm, "timer", fakeTimer);
@Test public void testBlockTokenRpc() throws Exception { Configuration conf = new Configuration(); conf.set(HADOOP_SECURITY_AUTHENTICATION, "kerberos"); UserGroupInformation.setConfiguration(conf); BlockTokenSecretManager sm = new BlockTokenSecretManager( blockKeyUpdateInterval, blockTokenLifetime, 0, "fake-pool", null); Token<BlockTokenIdentifier> token = sm.generateToken(block3, EnumSet.allOf(BlockTokenSecretManager.AccessMode.class)); final Server server = createMockDatanode(sm, token, conf); server.start(); final InetSocketAddress addr = NetUtils.getConnectAddress(server); final UserGroupInformation ticket = UserGroupInformation .createRemoteUser(block3.toString()); ticket.addToken(token); ClientDatanodeProtocol proxy = null; try { proxy = DFSUtil.createClientDatanodeProtocolProxy(addr, ticket, conf, NetUtils.getDefaultSocketFactory(conf)); assertEquals(block3.getBlockId(), proxy.getReplicaVisibleLength(block3)); } finally { server.stop(); if (proxy != null) { RPC.stopProxy(proxy); } } }
BlockTokenSecretManager sm = new BlockTokenSecretManager( blockKeyUpdateInterval, blockTokenLifetime, 0, "fake-pool", null); Token<BlockTokenIdentifier> token = sm.generateToken(block3,