HADOOP-15687. Credentials class should allow access to aliases.

Author: Lars Francke <lars.francke@gmail.com>
apache · Nov 3, 2018 · cb8d679 · cb8d679
1 parent f84a278
commit cb8d679
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 28 deletions.
diff --git a/...op-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java b/...op-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/Credentials.java
@@ -31,6 +31,7 @@
 import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -141,6 +142,13 @@ public Collection<Token<? extends TokenIdentifier>> getAllTokens() {
     return tokenMap.values();
   }
 
+  /**
+   * Returns an unmodifiable version of the full map of aliases to Tokens.
+   */
+  public Map<Text, Token<? extends TokenIdentifier>> getTokenMap() {
+    return Collections.unmodifiableMap(tokenMap);
+  }
+
   /**
    * @return number of Tokens in the in-memory map
    */
@@ -191,6 +199,13 @@ public List<Text> getAllSecretKeys() {
     return list;
   }
 
+  /**
+   * Returns an unmodifiable version of the full map of aliases to secret keys.
+   */
+  public Map<Text, byte[]> getSecretKeyMap() {
+    return Collections.unmodifiableMap(secretKeysMap);
+  }
+
   /**
    * Convenience method for reading a token storage file and loading its Tokens.
    * @param filename

diff --git a/...ommon-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestCredentials.java b/...ommon-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestCredentials.java
@@ -39,8 +39,6 @@
 import javax.crypto.KeyGenerator;
 
 import org.apache.hadoop.io.Text;
-import org.apache.hadoop.io.WritableComparator;
-import org.apache.hadoop.security.Credentials;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.security.token.TokenIdentifier;
 import org.apache.hadoop.test.GenericTestUtils;
@@ -74,15 +72,18 @@ public <T extends TokenIdentifier> void testReadWriteStorage()
     Token<T> token2 = new Token();
     Text service1 = new Text("service1");
     Text service2 = new Text("service2");
+    Text alias1 = new Text("sometoken1");
+    Text alias2 = new Text("sometoken2");
+
     Collection<Text> services = new ArrayList<Text>();
 
     services.add(service1);
     services.add(service2);
 
     token1.setService(service1);
     token2.setService(service2);
-    ts.addToken(new Text("sometoken1"), token1);
+    ts.addToken(alias1, token1);
-    ts.addToken(new Text("sometoken2"), token2);
+    ts.addToken(alias2, token2);
 
     // create keys and put it in
     final KeyGenerator kg = KeyGenerator.getInstance(DEFAULT_HMAC_ALGORITHM);
@@ -109,32 +110,32 @@ public <T extends TokenIdentifier> void testReadWriteStorage()
     dis.close();
 
     // get the tokens and compare the services
-    Collection<Token<? extends TokenIdentifier>> list = ts.getAllTokens();
+    Map<Text, Token<? extends TokenIdentifier>> tokenMap = ts.getTokenMap();
-    assertEquals("getAllTokens should return collection of size 2",
+    assertEquals("getTokenMap should return collection of size 2", 2,
-        list.size(), 2);
+        tokenMap.size());
-    boolean foundFirst = false;
+    assertTrue("Token for alias " + alias1 + " must be present",
-    boolean foundSecond = false;
+        tokenMap.containsKey(alias1));
-    for (Token<? extends TokenIdentifier> token : list) {
+    assertTrue("Token for alias " + alias2 + " must be present",
-      if (token.getService().equals(service1)) {
+        tokenMap.containsKey(alias2));
-        foundFirst = true;
+    assertEquals("Token for service " + service1 + " must be present", service1,
-      }
+        tokenMap.get(alias1).getService());
-      if (token.getService().equals(service2)) {
+    assertEquals("Token for service " + service2 + " must be present", service2,
-        foundSecond = true;
+        tokenMap.get(alias2).getService());
-      }
+
-    }
+
-    assertTrue("Tokens for services service1 and service2 must be present",
-        foundFirst && foundSecond);
     // compare secret keys
-    int mapLen = m.size();
+    Map<Text, byte[]> secretKeyMap = ts.getSecretKeyMap();
-    assertEquals("wrong number of keys in the Storage",
+    assertEquals("wrong number of keys in the Storage", m.size(),
-        mapLen, ts.numberOfSecretKeys());
+        ts.numberOfSecretKeys());
-    for(Text a : m.keySet()) {
+
-      byte [] kTS = ts.getSecretKey(a);
+    for (Map.Entry<Text, byte[]> entry : m.entrySet()) {
-      byte [] kLocal = m.get(a);
+      byte[] key = secretKeyMap.get(entry.getKey());
-      assertTrue("keys don't match for " + a,
+      assertNotNull("Secret key for alias " + entry.getKey() + " not found",
-          WritableComparator.compareBytes(kTS, 0, kTS.length, kLocal,
+          key);
-              0, kLocal.length)==0);
+      assertTrue("Keys don't match for alias " + entry.getKey(),
+          Arrays.equals(key, entry.getValue()));
     }
+
     tmpFileName.delete();
   }