/** Remove expired delegation tokens from cache */ private void removeExpiredToken() throws IOException { long now = Time.now(); Set<TokenIdent> expiredTokens = new HashSet<TokenIdent>(); synchronized (this) { Iterator<Map.Entry<TokenIdent, DelegationTokenInformation>> i = currentTokens.entrySet().iterator(); while (i.hasNext()) { Map.Entry<TokenIdent, DelegationTokenInformation> entry = i.next(); long renewDate = entry.getValue().getRenewDate(); if (renewDate < now) { expiredTokens.add(entry.getKey()); i.remove(); } } } // don't hold lock on 'this' to avoid edit log updates blocking token ops logExpireTokens(expiredTokens); }
private void addOrUpdateToken(TokenIdent ident, DelegationTokenInformation info, boolean isUpdate) throws Exception { String nodeCreatePath = getNodePath(ZK_DTSM_TOKENS_ROOT, DELEGATION_TOKEN_PREFIX + ident.getSequenceNumber()); try (ByteArrayOutputStream tokenOs = new ByteArrayOutputStream(); DataOutputStream tokenOut = new DataOutputStream(tokenOs)) { ident.write(tokenOut); tokenOut.writeLong(info.getRenewDate()); tokenOut.writeInt(info.getPassword().length); tokenOut.write(info.getPassword()); if (LOG.isDebugEnabled()) { LOG.debug((isUpdate ? "Updating " : "Storing ") + "ZKDTSMDelegationToken_" + ident.getSequenceNumber()); } if (isUpdate) { zkClient.setData().forPath(nodeCreatePath, tokenOs.toByteArray()) .setVersion(-1); } else { zkClient.create().withMode(CreateMode.PERSISTENT) .forPath(nodeCreatePath, tokenOs.toByteArray()); } } }
/** * For subclasses externalizing the storage, for example Zookeeper * based implementations */ protected void updateToken(TokenIdent ident, DelegationTokenInformation tokenInfo) throws IOException { currentTokens.put(ident, tokenInfo); updateStoredToken(ident, tokenInfo.getRenewDate()); }
/** * For subclasses externalizing the storage, for example Zookeeper * based implementations */ protected void updateToken(TokenIdent ident, DelegationTokenInformation tokenInfo) throws IOException { currentTokens.put(ident, tokenInfo); updateStoredToken(ident, tokenInfo.getRenewDate()); }
public long getRenewDate(RMDelegationTokenIdentifier ident) throws InvalidToken { DelegationTokenInformation info = currentTokens.get(ident); if (info == null) { throw new InvalidToken("token (" + ident.toString() + ") can't be found in cache"); } return info.getRenewDate(); } }
@Private @VisibleForTesting public synchronized Map<RMDelegationTokenIdentifier, Long> getAllTokens() { Map<RMDelegationTokenIdentifier, Long> allTokens = new HashMap<RMDelegationTokenIdentifier, Long>(); for (Map.Entry<RMDelegationTokenIdentifier, DelegationTokenInformation> entry : currentTokens.entrySet()) { allTokens.put(entry.getKey(), entry.getValue().getRenewDate()); } return allTokens; }
public long getRenewDate(RMDelegationTokenIdentifier ident) throws InvalidToken { DelegationTokenInformation info = currentTokens.get(ident); if (info == null) { throw new InvalidToken("token (" + ident.toString() + ") can't be found in cache"); } return info.getRenewDate(); } }
@Private @VisibleForTesting public synchronized Map<RMDelegationTokenIdentifier, Long> getAllTokens() { Map<RMDelegationTokenIdentifier, Long> allTokens = new HashMap<RMDelegationTokenIdentifier, Long>(); for (Map.Entry<RMDelegationTokenIdentifier, DelegationTokenInformation> entry : currentTokens.entrySet()) { allTokens.put(entry.getKey(), entry.getValue().getRenewDate()); } return allTokens; }
@Private @VisibleForTesting public synchronized Map<RMDelegationTokenIdentifier, Long> getAllTokens() { Map<RMDelegationTokenIdentifier, Long> allTokens = new HashMap<RMDelegationTokenIdentifier, Long>(); for (Map.Entry<RMDelegationTokenIdentifier, DelegationTokenInformation> entry : currentTokens.entrySet()) { allTokens.put(entry.getKey(), entry.getValue().getRenewDate()); } return allTokens; }
/** * For subclasses externalizing the storage, for example Zookeeper * based implementations */ protected void updateToken(TokenIdent ident, DelegationTokenInformation tokenInfo) throws IOException { currentTokens.put(ident, tokenInfo); updateStoredToken(ident, tokenInfo.getRenewDate()); }
/** * For subclasses externalizing the storage, for example Zookeeper * based implementations */ protected void storeToken(TokenIdent ident, DelegationTokenInformation tokenInfo) throws IOException { currentTokens.put(ident, tokenInfo); storeNewToken(ident, tokenInfo.getRenewDate()); }
public long getRenewDate(RMDelegationTokenIdentifier ident) throws InvalidToken { DelegationTokenInformation info = currentTokens.get(ident); if (info == null) { throw new InvalidToken("token (" + ident.toString() + ") can't be found in cache"); } return info.getRenewDate(); } }
/** * For subclasses externalizing the storage, for example Zookeeper * based implementations */ protected void updateToken(TokenIdent ident, DelegationTokenInformation tokenInfo) throws IOException { currentTokens.put(ident, tokenInfo); updateStoredToken(ident, tokenInfo.getRenewDate()); }
/** * For subclasses externalizing the storage, for example Zookeeper * based implementations */ protected void storeToken(TokenIdent ident, DelegationTokenInformation tokenInfo) throws IOException { currentTokens.put(ident, tokenInfo); storeNewToken(ident, tokenInfo.getRenewDate()); }
.setSequenceNumber(id.getSequenceNumber()) .setMasterKeyId(id.getMasterKeyId()) .setExpiryDate(e.getValue().getRenewDate()); tokens.add(b.build());
/** * Private helper methods to save delegation keys and tokens in fsimage */ private synchronized void saveCurrentTokens(DataOutputStream out, String sdPath) throws IOException { StartupProgress prog = NameNode.getStartupProgress(); Step step = new Step(StepType.DELEGATION_TOKENS, sdPath); prog.beginStep(Phase.SAVING_CHECKPOINT, step); prog.setTotal(Phase.SAVING_CHECKPOINT, step, currentTokens.size()); Counter counter = prog.getCounter(Phase.SAVING_CHECKPOINT, step); out.writeInt(currentTokens.size()); Iterator<DelegationTokenIdentifier> iter = currentTokens.keySet() .iterator(); while (iter.hasNext()) { DelegationTokenIdentifier id = iter.next(); id.write(out); DelegationTokenInformation info = currentTokens.get(id); out.writeLong(info.getRenewDate()); counter.increment(); } prog.endStep(Phase.SAVING_CHECKPOINT, step); }
/** * Returns expiry time of a token given its identifier. * * @param dtId DelegationTokenIdentifier of a token * @return Expiry time of the token * @throws IOException */ public synchronized long getTokenExpiryTime( DelegationTokenIdentifier dtId) throws IOException { DelegationTokenInformation info = currentTokens.get(dtId); if (info != null) { return info.getRenewDate(); } else { throw new IOException("No delegation token found for this identifier"); } }
/** * Find the DelegationTokenInformation for the given token id, and verify that * if the token is expired. Note that this method should be called with * acquiring the secret manager's monitor. */ protected DelegationTokenInformation checkToken(TokenIdent identifier) throws InvalidToken { assert Thread.holdsLock(this); DelegationTokenInformation info = getTokenInfo(identifier); if (info == null) { throw new InvalidToken("token " + formatTokenId(identifier) + " can't be found in cache"); } long now = Time.now(); if (info.getRenewDate() < now) { throw new InvalidToken("token " + formatTokenId(identifier) + " is " + "expired, current time: " + Time.formatTime(now) + " expected renewal time: " + Time.formatTime(info.getRenewDate())); } return info; }
/** * Remove expired tokens. Replaces logic in {@link AbstractDelegationTokenSecretManager} * that cannot be reused due to private method access. Logic here can more efficiently * deal with external token store by only loading into memory the minimum data needed. */ protected void removeExpiredTokens() { long now = System.currentTimeMillis(); Iterator<DelegationTokenIdentifier> i = tokenStore.getAllDelegationTokenIdentifiers() .iterator(); while (i.hasNext()) { DelegationTokenIdentifier id = i.next(); if (now > id.getMaxDate()) { this.tokenStore.removeToken(id); // no need to look at token info } else { // get token info to check renew date DelegationTokenInformation tokenInfo = tokenStore.getToken(id); if (tokenInfo != null) { if (now > tokenInfo.getRenewDate()) { this.tokenStore.removeToken(id); } } } } }
/** * For subclasses externalizing the storage, for example Zookeeper * based implementations */ protected void storeToken(TokenIdent ident, DelegationTokenInformation tokenInfo) throws IOException { currentTokens.put(ident, tokenInfo); storeNewToken(ident, tokenInfo.getRenewDate()); }