Startsida Utforska Hjälp
Logga in
apache
/
hadoop
spegling av https://github.com/apache/hadoop.git
2
0
Fork 1
Filer Ärenden 0 Wiki
Bläddra i källkod

commit c298600560da6ec05e7295fbeaedf73e6a16337c
Author: Jitendra Nath Pandey <jitendra@yahoo-inc.com>
Date: Tue Dec 22 14:52:12 2009 -0800

HADOOP-6176 from https://issues.apache.org/jira/secure/attachment/12428771/HADOOP-6176-0_20.2.patch.

+++ b/YAHOO-CHANGES.txt
+ HADOOP-6176. Adding a couple private methods to AccessTokenHandler
+ for testing purposes. (Jitendra Nath Pandey)
+


git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-0.20-security-patches@1077088 13f79535-47bb-0310-9956-ffa450edef68

Owen O'Malley 14 år sedan
förälder
0ac9b09c54
incheckning
0fb0f094f8
2 ändrade filer med 65 tillägg och 4 borttagningar
Delad Vy Visa Diff Statistik
  1. 22 4
      src/core/org/apache/hadoop/security/AccessTokenHandler.java
  2. 43 0
      src/test/org/apache/hadoop/security/SecurityTestUtil.java

+ 22 - 4
src/core/org/apache/hadoop/security/AccessTokenHandler.java
Visa fil 

@@ -60,7 +60,7 @@ public class AccessTokenHandler {
 
    * sync'ed their access keys with NN at least once during each interval.
 
    */
 
   private final long keyUpdateInterval;
 
-  private final long tokenLifetime;
 
+  private long tokenLifetime;
 
   private long serialNo = new SecureRandom().nextLong();
 
   private KeyGenerator keyGen;
 
   private AccessKey currentKey;
 
@@ -203,7 +203,7 @@ public class AccessTokenHandler {
 
   }
 
 
   /** Check if token is well formed */
 
-  private synchronized Boolean verifyToken(long keyID, AccessToken token)
 
+  private synchronized boolean verifyToken(long keyID, AccessToken token)
 
       throws IOException {
 
     AccessKey key = allKeys.get(keyID);
 
     if (key == null) {
 
@@ -252,7 +252,7 @@ public class AccessTokenHandler {
 
   }
 
 
   /** Check if access should be allowed. userID is not checked if null */
 
-  public Boolean checkAccess(AccessToken token, String userID, long blockID,
 
+  public boolean checkAccess(AccessToken token, String userID, long blockID,
 
       AccessMode mode) throws IOException {
 
     long oExpiry = 0;
 
     long oKeyID = 0;
 
@@ -282,8 +282,26 @@ public class AccessTokenHandler {
 
           + blockID + ", access mode=" + mode + ", keyID=" + oKeyID);
 
     }
 
     return (userID == null || userID.equals(oUserID)) && oBlockID == blockID
 
-        && System.currentTimeMillis() < oExpiry && oModes.contains(mode)
 
+        && !isExpired(oExpiry) && oModes.contains(mode)
 
         && verifyToken(oKeyID, token);
 
   }
 
 
+  private static boolean isExpired(long expiryDate) {
 
+    return System.currentTimeMillis() > expiryDate;
 
+  }
 
+
 
+  /** check if a token is expired. for unit test only.
 
+   *  return true when token is expired, false otherwise */
 
+  static boolean isTokenExpired(AccessToken token) throws IOException {
 
+    ByteArrayInputStream buf = new ByteArrayInputStream(token.getTokenID()
 
+        .getBytes());
 
+    DataInputStream in = new DataInputStream(buf);
 
+    long expiryDate = WritableUtils.readVLong(in);
 
+    return isExpired(expiryDate);
 
+  }
 
+
 
+  /** set token lifetime. for unit test only */
 
+  synchronized void setTokenLifetime(long tokenLifetime) {
 
+    this.tokenLifetime = tokenLifetime;
 
+  }
 
 }

+ 43 - 0
src/test/org/apache/hadoop/security/SecurityTestUtil.java
Visa fil 

@@ -0,0 +1,43 @@
 
+/**
 
+ * Licensed to the Apache Software Foundation (ASF) under one
 
+ * or more contributor license agreements.  See the NOTICE file
 
+ * distributed with this work for additional information
 
+ * regarding copyright ownership.  The ASF licenses this file
 
+ * to you under the Apache License, Version 2.0 (the
 
+ * "License"); you may not use this file except in compliance
 
+ * with the License.  You may obtain a copy of the License at
 
+ *
 
+ *     http://www.apache.org/licenses/LICENSE-2.0
 
+ *
 
+ * Unless required by applicable law or agreed to in writing, software
 
+ * distributed under the License is distributed on an "AS IS" BASIS,
 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 
+ * See the License for the specific language governing permissions and
 
+ * limitations under the License.
 
+ */
 
+
 
+package org.apache.hadoop.security;
 
+
 
+import java.io.IOException;
 
+
 
+/** Utilities for security tests */
 
+public class SecurityTestUtil {
 
+
 
+  /**
 
+   * check if an access token is expired. return true when token is expired,
 
+   * false otherwise
 
+   */
 
+  public static boolean isAccessTokenExpired(AccessToken token)
 
+      throws IOException {
 
+    return AccessTokenHandler.isTokenExpired(token);
 
+  }
 
+
 
+  /**
 
+   * set access token lifetime.
 
+   */
 
+  public static void setAccessTokenLifetime(AccessTokenHandler handler,
 
+      long tokenLifetime) {
 
+    handler.setTokenLifetime(tokenLifetime);
 
+  }
 
+
 
+}