@Override protected void initializeAuthHandler(String authHandlerClassName, FilterConfig filterConfig) throws ServletException { // A single CuratorFramework should be used for a ZK cluster. // If the ZKSignerSecretProvider has already created it, it has to // be set here... to be used by the ZKDelegationTokenSecretManager ZKDelegationTokenSecretManager.setCurator((CuratorFramework) filterConfig.getServletContext().getAttribute(ZKSignerSecretProvider. ZOOKEEPER_SIGNER_SECRET_PROVIDER_CURATOR_CLIENT_ATTRIBUTE)); super.initializeAuthHandler(authHandlerClassName, filterConfig); ZKDelegationTokenSecretManager.setCurator(null); }
@Override protected void updateDelegationKey(DelegationKey key) throws IOException { addOrUpdateDelegationKey(key, true); }
@Override protected void updateToken(TokenIdent ident, DelegationTokenInformation tokenInfo) throws IOException { String nodeRemovePath = getNodePath(ZK_DTSM_TOKENS_ROOT, DELEGATION_TOKEN_PREFIX + ident.getSequenceNumber()); try { if (zkClient.checkExists().forPath(nodeRemovePath) != null) { addOrUpdateToken(ident, tokenInfo, true); } else { addOrUpdateToken(ident, tokenInfo, false); LOG.debug("Attempted to update a non-existing znode " + nodeRemovePath); } } catch (Exception e) { throw new RuntimeException("Could not update Stored Token ZKDTSMDelegationToken_" + ident.getSequenceNumber(), e); } }
@Override public synchronized TokenIdent cancelToken(Token<TokenIdent> token, String canceller) throws IOException { ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier()); DataInputStream in = new DataInputStream(buf); TokenIdent id = createIdentifier(); id.readFields(in); syncLocalCacheWithZk(id); return super.cancelToken(token, canceller); }
private DelegationTokenInformation getTokenInfoFromZK(TokenIdent ident, boolean quiet) throws IOException { String nodePath = getNodePath(ZK_DTSM_TOKENS_ROOT, DELEGATION_TOKEN_PREFIX + ident.getSequenceNumber()); try { createIdentifier().readFields(din); long renewDate = din.readLong(); int pwdLen = din.readInt();
private DelegationKey getKeyFromZK(int keyId) throws IOException { String nodePath = getNodePath(ZK_DTSM_MASTER_KEY_ROOT, DELEGATION_KEY_PREFIX + keyId); try { byte[] data = zkClient.getData().forPath(nodePath); if ((data == null) || (data.length == 0)) { return null; } ByteArrayInputStream bin = new ByteArrayInputStream(data); DataInputStream din = new DataInputStream(bin); DelegationKey key = new DelegationKey(); key.readFields(din); return key; } catch (KeeperException.NoNodeException e) { LOG.error("No node in path [" + nodePath + "]"); } catch (Exception ex) { throw new IOException(ex); } return null; }
private DelegationTokenInformation getTokenInfoFromZK(TokenIdent ident) throws IOException { return getTokenInfoFromZK(ident, false); }
private void processTokenRemoved(ChildData data) throws IOException { ByteArrayInputStream bin = new ByteArrayInputStream(data.getData()); DataInputStream din = new DataInputStream(bin); TokenIdent ident = createIdentifier(); ident.readFields(din); synchronized (this) { currentTokens.remove(ident); // The cancel task might be waiting notifyAll(); } }
@Override protected int incrementDelegationTokenSeqNum() { try { incrSharedCount(delTokSeqCounter); } catch (InterruptedException e) { // The ExpirationThread is just finishing.. so dont do anything.. LOG.debug("Thread interrupted while performing token counter increment", e); Thread.currentThread().interrupt(); } catch (Exception e) { throw new RuntimeException("Could not increment shared counter !!", e); } return delTokSeqCounter.getCount(); }
@Override protected void storeToken(TokenIdent ident, DelegationTokenInformation tokenInfo) throws IOException { try { addOrUpdateToken(ident, tokenInfo, false); } catch (Exception e) { throw new RuntimeException(e); } }
@Override protected DelegationKey getDelegationKey(int keyId) { // First check if its I already have this key DelegationKey key = allKeys.get(keyId); // Then query ZK if (key == null) { try { key = getKeyFromZK(keyId); if (key != null) { allKeys.put(keyId, key); } } catch (IOException e) { LOG.error("Error retrieving key [" + keyId + "] from ZK", e); } } return key; }
LOG.info("Connecting to ZooKeeper with SASL/Kerberos" + "and using 'sasl' ACLs"); String principal = setJaasConfiguration(conf); System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, JAAS_LOGIN_ENTRY_NAME);
createPersistentNode(ZK_DTSM_MASTER_KEY_ROOT); createPersistentNode(ZK_DTSM_TOKENS_ROOT); } catch (Exception e) { throw new RuntimeException("Could not create ZK paths"); loadFromZKCache(false); loadFromZKCache(true);
@Override public synchronized TokenIdent cancelToken(Token<TokenIdent> token, String canceller) throws IOException { ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier()); DataInputStream in = new DataInputStream(buf); TokenIdent id = createIdentifier(); id.readFields(in); try { if (!currentTokens.containsKey(id)) { // See if token can be retrieved and placed in currentTokens getTokenInfo(id); } return super.cancelToken(token, canceller); } catch (Exception e) { LOG.error("Exception while checking if token exist !!", e); return id; } }
createPersistentNode(ZK_DTSM_MASTER_KEY_ROOT); createPersistentNode(ZK_DTSM_TOKENS_ROOT); } catch (Exception e) { throw new RuntimeException("Could not create ZK paths");
private DelegationTokenInformation getTokenInfoFromZK(TokenIdent ident, boolean quiet) throws IOException { String nodePath = getNodePath(ZK_DTSM_TOKENS_ROOT, DELEGATION_TOKEN_PREFIX + ident.getSequenceNumber()); try { createIdentifier().readFields(din); long renewDate = din.readLong(); int pwdLen = din.readInt();
@Override protected void removeStoredMasterKey(DelegationKey key) { String nodeRemovePath = getNodePath(ZK_DTSM_MASTER_KEY_ROOT, DELEGATION_KEY_PREFIX + key.getKeyId()); if (LOG.isDebugEnabled()) { LOG.debug("Removing ZKDTSMDelegationKey_" + key.getKeyId()); } try { if (zkClient.checkExists().forPath(nodeRemovePath) != null) { while(zkClient.checkExists().forPath(nodeRemovePath) != null){ try { zkClient.delete().guaranteed().forPath(nodeRemovePath); } catch (NoNodeException nne) { // It is possible that the node might be deleted between the // check and the actual delete.. which might lead to an // exception that can bring down the daemon running this // SecretManager LOG.debug("Node already deleted by peer " + nodeRemovePath); } } } else { LOG.debug("Attempted to delete a non-existing znode " + nodeRemovePath); } } catch (Exception e) { LOG.debug(nodeRemovePath + " znode could not be removed!!"); } }
@Override protected DelegationTokenInformation getTokenInfo(TokenIdent ident) { // First check if I have this.. DelegationTokenInformation tokenInfo = currentTokens.get(ident); // Then query ZK if (tokenInfo == null) { try { tokenInfo = getTokenInfoFromZK(ident); if (tokenInfo != null) { currentTokens.put(ident, tokenInfo); } } catch (IOException e) { LOG.error("Error retrieving tokenInfo [" + ident.getSequenceNumber() + "] from ZK", e); } } return tokenInfo; }
private void processTokenAddOrUpdate(ChildData data) throws IOException { ByteArrayInputStream bin = new ByteArrayInputStream(data.getData()); DataInputStream din = new DataInputStream(bin); TokenIdent ident = createIdentifier(); ident.readFields(din); long renewDate = din.readLong(); int pwdLen = din.readInt(); byte[] password = new byte[pwdLen]; int numRead = din.read(password, 0, pwdLen); if (numRead > -1) { DelegationTokenInformation tokenInfo = new DelegationTokenInformation(renewDate, password); synchronized (this) { currentTokens.put(ident, tokenInfo); // The cancel task might be waiting notifyAll(); } } }
@Override protected int incrementCurrentKeyId() { try { incrSharedCount(keyIdSeqCounter); } catch (InterruptedException e) { // The ExpirationThread is just finishing.. so dont do anything.. LOG.debug("Thread interrupted while performing keyId increment", e); Thread.currentThread().interrupt(); } catch (Exception e) { throw new RuntimeException("Could not increment shared keyId counter !!", e); } return keyIdSeqCounter.getCount(); }