private static String buildUsername(Token<BlockTokenIdentifier> blockToken) { return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8); }
@Override public LlapTokenIdentifier decodeTokenIdentifier( Token<LlapTokenIdentifier> token) throws IOException { DataInputStream dis = new DataInputStream(new ByteArrayInputStream(token.getIdentifier())); LlapTokenIdentifier id = new LlapTokenIdentifier(); id.readFields(dis); dis.close(); return id; }
protected DelegationTokenIdentifier getTokenIdentifier(Token<DelegationTokenIdentifier> token) throws IOException { // turn bytes back into identifier for cache lookup ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier()); DataInputStream in = new DataInputStream(buf); DelegationTokenIdentifier id = createIdentifier(); id.readFields(in); return id; }
private static DelegationTokenIdentifier decodeToken( Token<DelegationTokenIdentifier> token, Text tokenKind) throws IOException { ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier()); DataInputStream dis = new DataInputStream(buf); DelegationTokenIdentifier id = new DelegationTokenIdentifier(tokenKind); id.readFields(dis); dis.close(); return id; } }
private static void getHdfsToken(Configuration conf, Credentials cred) throws IOException { FileSystem fs = FileSystem.get(conf); LOG.info("Getting DFS token from " + fs.getUri()); Token<?> fsToken = fs.getDelegationToken(getMRTokenRenewerInternal(new JobConf()).toString()); if (fsToken == null) { LOG.error("Failed to fetch DFS token for "); throw new IOException("Failed to fetch DFS token."); } LOG.info("Created DFS token: " + fsToken.toString()); LOG.info("Token kind: " + fsToken.getKind()); LOG.info("Token id: " + Arrays.toString(fsToken.getIdentifier())); LOG.info("Token service: " + fsToken.getService()); cred.addToken(fsToken.getService(), fsToken); }
public String getUserFromToken(String tokenStr) throws IOException { Token<DelegationTokenIdentifier> delegationToken = new Token<>(); delegationToken.decodeFromUrlString(tokenStr); ByteArrayInputStream buf = new ByteArrayInputStream(delegationToken.getIdentifier()); DataInputStream in = new DataInputStream(buf); DelegationTokenIdentifier id = createIdentifier(); id.readFields(in); return id.getUser().getShortUserName(); } }
@Override public synchronized TokenIdent cancelToken(Token<TokenIdent> token, String canceller) throws IOException { ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier()); DataInputStream in = new DataInputStream(buf); TokenIdent id = createIdentifier(); id.readFields(in); syncLocalCacheWithZk(id); return super.cancelToken(token, canceller); }
private static void getJtToken(Credentials cred) throws IOException { try { JobConf jobConf = new JobConf(); JobClient jobClient = new JobClient(jobConf); LOG.info("Pre-fetching JT token from JobTracker"); Token<DelegationTokenIdentifier> mrdt = jobClient.getDelegationToken(getMRTokenRenewerInternal(jobConf)); if (mrdt == null) { LOG.error("Failed to fetch JT token"); throw new IOException("Failed to fetch JT token."); } LOG.info("Created JT token: " + mrdt.toString()); LOG.info("Token kind: " + mrdt.getKind()); LOG.info("Token id: " + Arrays.toString(mrdt.getIdentifier())); LOG.info("Token service: " + mrdt.getService()); cred.addToken(mrdt.getService(), mrdt); } catch (InterruptedException ie) { throw new IOException(ie); } }
public SaslClientCallbackHandler(Token<? extends TokenIdentifier> token) { this.userName = SaslUtil.encodeIdentifier(token.getIdentifier()); this.userPassword = SaslUtil.encodePassword(token.getPassword()); }
public SaslClientCallbackHandler(Token<? extends TokenIdentifier> token) { this.userName = encodeIdentifier(token.getIdentifier()); this.userPassword = encodePassword(token.getPassword()); }
private Token<DelegationTokenIdentifier> getDelegationToken(HiveConf hcatConf, String metaStoreServicePrincipal, String topologySubmitterUser) throws IOException { LOG.info("Creating delegation tokens for principal={}", metaStoreServicePrincipal); HCatClient hcatClient = null; try { hcatClient = HCatClient.create(hcatConf); String delegationToken = hcatClient.getDelegationToken(topologySubmitterUser, metaStoreServicePrincipal); Token<DelegationTokenIdentifier> delegationTokenId = new Token<DelegationTokenIdentifier>(); delegationTokenId.decodeFromUrlString(delegationToken); DelegationTokenIdentifier d = new DelegationTokenIdentifier(); d.readFields(new DataInputStream(new ByteArrayInputStream( delegationTokenId.getIdentifier()))); LOG.info("Created Delegation Token for : " + d.getUser()); return delegationTokenId; } finally { if (hcatClient != null) hcatClient.close(); } }
public SaslClientCallbackHandler(Token<? extends TokenIdentifier> token) { this.userName = SaslRpcServer.encodeIdentifier(token.getIdentifier()); this.userPassword = SaslRpcServer.encodePassword(token.getPassword()); }
/** * Construct a TokenProto from this Token instance. * @return a new TokenProto object holding copies of data in this instance */ public TokenProto toTokenProto() { return TokenProto.newBuilder(). setIdentifier(ByteString.copyFrom(this.getIdentifier())). setPassword(ByteString.copyFrom(this.getPassword())). setKindBytes(ByteString.copyFrom( this.getKind().getBytes(), 0, this.getKind().getLength())). setServiceBytes(ByteString.copyFrom( this.getService().getBytes(), 0, this.getService().getLength())). build(); }
public static void setTokensFor(ContainerLaunchContext amContainer, List<Path> paths, Configuration conf) throws IOException { Credentials credentials = new Credentials(); // for HDFS TokenCache.obtainTokensForNamenodes(credentials, paths.toArray(new Path[0]), conf); // for HBase obtainTokenForHBase(credentials, conf); // for user UserGroupInformation currUsr = UserGroupInformation.getCurrentUser(); Collection<Token<? extends TokenIdentifier>> usrTok = currUsr.getTokens(); for (Token<? extends TokenIdentifier> token : usrTok) { final Text id = new Text(token.getIdentifier()); LOG.info("Adding user token " + id + " with " + token); credentials.addToken(id, token); } try (DataOutputBuffer dob = new DataOutputBuffer()) { credentials.writeTokenStorageToStream(dob); if (LOG.isDebugEnabled()) { LOG.debug("Wrote tokens. Credentials buffer length: " + dob.getLength()); } ByteBuffer securityTokens = ByteBuffer.wrap(dob.getData(), 0, dob.getLength()); amContainer.setTokens(securityTokens); } }
/** * Converts a Token instance (with embedded identifier) to the protobuf representation. * * @param token the Token instance to copy * @return the protobuf Token message */ public static AuthenticationProtos.Token toToken(Token<AuthenticationTokenIdentifier> token) { AuthenticationProtos.Token.Builder builder = AuthenticationProtos.Token.newBuilder(); builder.setIdentifier(ByteString.copyFrom(token.getIdentifier())); builder.setPassword(ByteString.copyFrom(token.getPassword())); if (token.getService() != null) { builder.setService(ByteString.copyFromUtf8(token.getService().toString())); } return builder.build(); }
private Token<? extends TokenIdentifier> createTokenMockWithCredentials( String principal, String password) throws IOException { Token<? extends TokenIdentifier> token = createTokenMock(); if (!Strings.isNullOrEmpty(principal) && !Strings.isNullOrEmpty(password)) { when(token.getIdentifier()).thenReturn(Bytes.toBytes(DEFAULT_USER_NAME)); when(token.getPassword()).thenReturn(Bytes.toBytes(DEFAULT_USER_PASSWORD)); } return token; }
@Test public void testSaslClientCallbackHandler() throws UnsupportedCallbackException { final Token<? extends TokenIdentifier> token = createTokenMock(); when(token.getIdentifier()).thenReturn(Bytes.toBytes(DEFAULT_USER_NAME)); when(token.getPassword()).thenReturn(Bytes.toBytes(DEFAULT_USER_PASSWORD)); final NameCallback nameCallback = mock(NameCallback.class); final PasswordCallback passwordCallback = mock(PasswordCallback.class); final RealmCallback realmCallback = mock(RealmCallback.class); final RealmChoiceCallback realmChoiceCallback = mock(RealmChoiceCallback.class); Callback[] callbackArray = {nameCallback, passwordCallback, realmCallback, realmChoiceCallback}; final SaslClientCallbackHandler saslClCallbackHandler = new SaslClientCallbackHandler(token); saslClCallbackHandler.handle(callbackArray); verify(nameCallback).setName(anyString()); verify(realmCallback).setText(any()); verify(passwordCallback).setPassword(any()); }
@Test public void testSaslClientCallbackHandlerWithException() { final Token<? extends TokenIdentifier> token = createTokenMock(); when(token.getIdentifier()).thenReturn(Bytes.toBytes(DEFAULT_USER_NAME)); when(token.getPassword()).thenReturn(Bytes.toBytes(DEFAULT_USER_PASSWORD)); final SaslClientCallbackHandler saslClCallbackHandler = new SaslClientCallbackHandler(token); try { saslClCallbackHandler.handle(new Callback[] { mock(TextOutputCallback.class) }); } catch (UnsupportedCallbackException expEx) { //expected } catch (Exception ex) { fail("testSaslClientCallbackHandlerWithException error : " + ex.getMessage()); } }
/** * Generate a DelegationTokenAuthenticatedURL.Token from the given generic * typed delegation token. * * @param dToken The delegation token. * @return The DelegationTokenAuthenticatedURL.Token, with its delegation * token set to the delegation token passed in. */ private DelegationTokenAuthenticatedURL.Token generateDelegationToken( final Token<?> dToken) { DelegationTokenAuthenticatedURL.Token token = new DelegationTokenAuthenticatedURL.Token(); Token<AbstractDelegationTokenIdentifier> dt = new Token<>(dToken.getIdentifier(), dToken.getPassword(), dToken.getKind(), dToken.getService()); token.setDelegationToken(dt); return token; }
@Test public void testTokenCreation() throws Exception { Token<AuthenticationTokenIdentifier> token = secretManager.generateToken("testuser"); AuthenticationTokenIdentifier ident = new AuthenticationTokenIdentifier(); Writables.getWritable(token.getIdentifier(), ident); assertEquals("Token username should match", "testuser", ident.getUsername()); byte[] passwd = secretManager.retrievePassword(ident); assertTrue("Token password and password from secret manager should match", Bytes.equals(token.getPassword(), passwd)); } // This won't work any more now RpcServer takes Shaded Service. It depends on RPCServer being able to provide a