From 557c1b54bd14e1df8ce3c49036e242bfa73f1612 Mon Sep 17 00:00:00 2001 From: slfan1989 Date: Sun, 20 Apr 2025 09:31:15 +0800 Subject: [PATCH 1/6] HADOOP-19417. [JDK17] Upgrade JUnit from 4 to 5 in hadoop-minikdc. --- .../client/TestKerberosAuthenticator.java | 46 ++++++---- .../TestAltKerberosAuthenticationHandler.java | 10 ++- .../TestJWTRedirectAuthenticationHandler.java | 38 +++++---- .../TestKerberosAuthenticationHandler.java | 83 ++++++++++--------- .../org/apache/hadoop/log/TestLogLevel.java | 51 +++++++----- .../security/TestFixKerberosTicketOrder.java | 44 +++++----- .../hadoop/security/TestRaceWhenRelogin.java | 10 +-- hadoop-common-project/hadoop-minikdc/pom.xml | 30 +++++++ .../minikdc/KerberosSecurityTestcase.java | 8 +- .../apache/hadoop/minikdc/TestMiniKdc.java | 20 ++--- 10 files changed, 201 insertions(+), 139 deletions(-) diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java index bc316ef8cb8b2..1ad2e6479d695 100644 --- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java +++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java @@ -45,6 +45,7 @@ import java.util.Arrays; import java.util.Properties; import java.util.concurrent.Callable; +import org.junit.jupiter.api.Timeout; /** * Test class for {@link KerberosAuthenticator}. @@ -89,7 +90,8 @@ private Properties getMultiAuthHandlerConfiguration() { return props; } - @Test(timeout=60000) + @Test + @Timeout(value = 60) public void testFallbacktoPseudoAuthenticator() throws Exception { AuthenticatorTestCase auth = new AuthenticatorTestCase(); Properties props = new Properties(); @@ -99,7 +101,8 @@ public void testFallbacktoPseudoAuthenticator() throws Exception { auth._testAuthentication(new KerberosAuthenticator(), false); } - @Test(timeout=60000) + @Test + @Timeout(value = 60) public void testFallbacktoPseudoAuthenticatorAnonymous() throws Exception { AuthenticatorTestCase auth = new AuthenticatorTestCase(); Properties props = new Properties(); @@ -109,7 +112,8 @@ public void testFallbacktoPseudoAuthenticatorAnonymous() throws Exception { auth._testAuthentication(new KerberosAuthenticator(), false); } - @Test(timeout=60000) + @Test + @Timeout(value = 60) public void testNotAuthenticated() throws Exception { AuthenticatorTestCase auth = new AuthenticatorTestCase(); AuthenticatorTestCase.setAuthenticationHandlerConfig(getAuthenticationHandlerConfiguration()); @@ -125,7 +129,8 @@ public void testNotAuthenticated() throws Exception { } } - @Test(timeout=60000) + @Test + @Timeout(value = 60) public void testAuthentication() throws Exception { final AuthenticatorTestCase auth = new AuthenticatorTestCase(); AuthenticatorTestCase.setAuthenticationHandlerConfig( @@ -139,7 +144,8 @@ public Void call() throws Exception { }); } - @Test(timeout=60000) + @Test + @Timeout(value = 60) public void testAuthenticationPost() throws Exception { final AuthenticatorTestCase auth = new AuthenticatorTestCase(); AuthenticatorTestCase.setAuthenticationHandlerConfig( @@ -153,7 +159,8 @@ public Void call() throws Exception { }); } - @Test(timeout=60000) + @Test + @Timeout(value = 60) public void testAuthenticationHttpClient() throws Exception { final AuthenticatorTestCase auth = new AuthenticatorTestCase(); AuthenticatorTestCase.setAuthenticationHandlerConfig( @@ -167,7 +174,8 @@ public Void call() throws Exception { }); } - @Test(timeout=60000) + @Test + @Timeout(value = 60) public void testAuthenticationHttpClientPost() throws Exception { final AuthenticatorTestCase auth = new AuthenticatorTestCase(); AuthenticatorTestCase.setAuthenticationHandlerConfig( @@ -181,7 +189,8 @@ public Void call() throws Exception { }); } - @Test(timeout = 60000) + @Test + @Timeout(value = 60) public void testNotAuthenticatedWithMultiAuthHandler() throws Exception { AuthenticatorTestCase auth = new AuthenticatorTestCase(); AuthenticatorTestCase @@ -200,7 +209,8 @@ public void testNotAuthenticatedWithMultiAuthHandler() throws Exception { } } - @Test(timeout = 60000) + @Test + @Timeout(value = 60) public void testAuthenticationWithMultiAuthHandler() throws Exception { final AuthenticatorTestCase auth = new AuthenticatorTestCase(); AuthenticatorTestCase @@ -214,7 +224,8 @@ public Void call() throws Exception { }); } - @Test(timeout = 60000) + @Test + @Timeout(value = 60) public void testAuthenticationHttpClientPostWithMultiAuthHandler() throws Exception { final AuthenticatorTestCase auth = new AuthenticatorTestCase(); @@ -229,7 +240,8 @@ public Void call() throws Exception { }); } - @Test(timeout = 60000) + @Test + @Timeout(value = 60) public void testWrapExceptionWithMessage() { IOException ex; ex = new IOException("Induced exception"); @@ -255,7 +267,8 @@ public void testWrapExceptionWithMessage() { Assert.assertTrue(ex.equals(ex2)); } - @Test(timeout = 60000) + @Test + @Timeout(value = 60) public void testNegotiate() throws NoSuchMethodException, InvocationTargetException, IllegalAccessException, IOException { KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator(); @@ -272,7 +285,8 @@ public void testNegotiate() throws NoSuchMethodException, InvocationTargetExcept Assert.assertTrue((boolean)method.invoke(kerberosAuthenticator, conn)); } - @Test(timeout = 60000) + @Test + @Timeout(value = 60) public void testNegotiateLowerCase() throws NoSuchMethodException, InvocationTargetException, IllegalAccessException, IOException { KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator(); @@ -289,7 +303,8 @@ public void testNegotiateLowerCase() throws NoSuchMethodException, InvocationTar Assert.assertTrue((boolean)method.invoke(kerberosAuthenticator, conn)); } - @Test(timeout = 60000) + @Test + @Timeout(value = 60) public void testReadToken() throws NoSuchMethodException, IOException, IllegalAccessException, InvocationTargetException { KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator(); @@ -310,7 +325,8 @@ public void testReadToken() throws NoSuchMethodException, IOException, IllegalAc method.invoke(kerberosAuthenticator, conn); // expecting this not to throw an exception } - @Test(timeout = 60000) + @Test + @Timeout(value = 60) public void testReadTokenLowerCase() throws NoSuchMethodException, IOException, IllegalAccessException, InvocationTargetException { KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator(); diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAltKerberosAuthenticationHandler.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAltKerberosAuthenticationHandler.java index 3b83803309032..4cb4e1ce059cf 100644 --- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAltKerberosAuthenticationHandler.java +++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAltKerberosAuthenticationHandler.java @@ -21,6 +21,7 @@ import org.junit.Assert; import org.junit.Test; import org.mockito.Mockito; +import org.junit.jupiter.api.Timeout; public class TestAltKerberosAuthenticationHandler extends TestKerberosAuthenticationHandler { @@ -47,7 +48,8 @@ protected String getExpectedType() { return AltKerberosAuthenticationHandler.TYPE; } - @Test(timeout=60000) + @Test + @Timeout(value = 60) public void testAlternateAuthenticationAsBrowser() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); @@ -62,7 +64,8 @@ public void testAlternateAuthenticationAsBrowser() throws Exception { Assert.assertEquals(getExpectedType(), token.getType()); } - @Test(timeout=60000) + @Test + @Timeout(value = 60) public void testNonDefaultNonBrowserUserAgentAsBrowser() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); @@ -90,7 +93,8 @@ public void testNonDefaultNonBrowserUserAgentAsBrowser() throws Exception { Assert.assertEquals(getExpectedType(), token.getType()); } - @Test(timeout=60000) + @Test + @Timeout(value = 60) public void testNonDefaultNonBrowserUserAgentAsNonBrowser() throws Exception { if (handler != null) { handler.destroy(); diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java index 7587bca2012d0..e903ea9644ac6 100644 --- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java +++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java @@ -13,8 +13,10 @@ */ package org.apache.hadoop.security.authentication.server; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.fail; import java.io.File; import java.security.KeyPair; @@ -35,10 +37,10 @@ import org.apache.hadoop.minikdc.KerberosSecurityTestcase; import org.apache.hadoop.security.authentication.KerberosTestUtils; import org.apache.hadoop.security.authentication.client.AuthenticationException; -import org.junit.After; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; + import org.mockito.Mockito; import com.nimbusds.jose.*; @@ -107,7 +109,7 @@ public void testCustomCookieNameJWT() throws Exception { AuthenticationToken token = handler.alternateAuthenticate(request, response); - Assert.assertEquals("bob", token.getUserName()); + assertEquals("bob", token.getUserName()); } catch (ServletException se) { fail("alternateAuthentication should NOT have thrown a ServletException: " + se.getMessage()); @@ -275,8 +277,8 @@ public void testNoExpirationJWT() throws Exception { AuthenticationToken token = handler.alternateAuthenticate(request, response); - Assert.assertNotNull("Token should not be null.", token); - Assert.assertEquals("bob", token.getUserName()); + assertNotNull(token, "Token should not be null."); + assertEquals("bob", token.getUserName()); } catch (ServletException se) { fail("alternateAuthentication should NOT have thrown a ServletException"); } catch (AuthenticationException ae) { @@ -340,7 +342,7 @@ public void testValidAudienceJWT() throws Exception { AuthenticationToken token = handler.alternateAuthenticate(request, response); - Assert.assertEquals("bob", token.getUserName()); + assertEquals("bob", token.getUserName()); } catch (ServletException se) { fail("alternateAuthentication should NOT have thrown a ServletException"); } catch (AuthenticationException ae) { @@ -370,8 +372,8 @@ public void testValidJWT() throws Exception { AuthenticationToken token = handler.alternateAuthenticate(request, response); - Assert.assertNotNull("Token should not be null.", token); - Assert.assertEquals("alice", token.getUserName()); + assertNotNull(token, "Token should not be null."); + assertEquals("alice", token.getUserName()); } catch (ServletException se) { fail("alternateAuthentication should NOT have thrown a ServletException."); } catch (AuthenticationException ae) { @@ -392,8 +394,8 @@ public void testOrigURLWithQueryString() throws Exception { Mockito.when(request.getQueryString()).thenReturn("name=value"); String loginURL = handler.constructLoginURL(request); - Assert.assertNotNull("loginURL should not be null.", loginURL); - Assert.assertEquals("https://localhost:8443/authserver?originalUrl=" + SERVICE_URL + "?name=value", loginURL); + assertNotNull(loginURL, "loginURL should not be null."); + assertEquals("https://localhost:8443/authserver?originalUrl=" + SERVICE_URL + "?name=value", loginURL); } @Test @@ -409,11 +411,11 @@ public void testOrigURLNoQueryString() throws Exception { Mockito.when(request.getQueryString()).thenReturn(null); String loginURL = handler.constructLoginURL(request); - Assert.assertNotNull("LoginURL should not be null.", loginURL); - Assert.assertEquals("https://localhost:8443/authserver?originalUrl=" + SERVICE_URL, loginURL); + assertNotNull(loginURL, "LoginURL should not be null."); + assertEquals("https://localhost:8443/authserver?originalUrl=" + SERVICE_URL, loginURL); } - @Before + @BeforeEach public void setup() throws Exception, NoSuchAlgorithmException { setupKerberosRequirements(); @@ -434,7 +436,7 @@ protected void setupKerberosRequirements() throws Exception { getKdc().createPrincipal(new File(keytab), keytabUsers); } - @After + @AfterEach public void teardown() throws Exception { handler.destroy(); } diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java index f10371b925758..bff147ffce2da 100644 --- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java +++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java @@ -13,6 +13,11 @@ */ package org.apache.hadoop.security.authentication.server; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.fail; + import org.apache.hadoop.minikdc.KerberosSecurityTestcase; import org.apache.hadoop.security.authentication.KerberosTestUtils; import org.apache.hadoop.security.authentication.client.AuthenticationException; @@ -23,12 +28,10 @@ import org.ietf.jgss.GSSContext; import org.ietf.jgss.GSSManager; import org.ietf.jgss.GSSName; -import org.junit.After; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.Timeout; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.Timeout; import org.mockito.Mockito; import org.ietf.jgss.Oid; @@ -46,12 +49,10 @@ /** * Tests for Kerberos Authentication Handler. */ +@Timeout(60) public class TestKerberosAuthenticationHandler extends KerberosSecurityTestcase { - @Rule - public Timeout globalTimeout = Timeout.millis(60000); - protected KerberosAuthenticationHandler handler; protected KerberosAuthenticationHandler getNewAuthenticationHandler() { @@ -75,7 +76,7 @@ protected Properties getDefaultProperties() { return props; } - @Before + @BeforeEach public void setup() throws Exception { // create keytab File keytabFile = new File(KerberosTestUtils.getKeytabFile()); @@ -103,7 +104,7 @@ public void setup() throws Exception { @Test public void testNameRulesHadoop() throws Exception { KerberosName kn = new KerberosName(KerberosTestUtils.getServerPrincipal()); - Assert.assertEquals(KerberosTestUtils.getRealm(), kn.getRealm()); + assertEquals(KerberosTestUtils.getRealm(), kn.getRealm()); //destroy handler created in setUp() handler.destroy(); @@ -118,11 +119,11 @@ public void testNameRulesHadoop() throws Exception { } catch (Exception ex) { } kn = new KerberosName("bar@BAR"); - Assert.assertEquals("bar", kn.getShortName()); + assertEquals("bar", kn.getShortName()); kn = new KerberosName("bar@FOO"); try { kn.getShortName(); - Assert.fail(); + fail(); } catch (Exception ex) { } } @@ -130,7 +131,7 @@ public void testNameRulesHadoop() throws Exception { @Test public void testNameRulesCompat() throws Exception { KerberosName kn = new KerberosName(KerberosTestUtils.getServerPrincipal()); - Assert.assertEquals(KerberosTestUtils.getRealm(), kn.getRealm()); + assertEquals(KerberosTestUtils.getRealm(), kn.getRealm()); //destroy handler created in setUp() handler.destroy(); @@ -145,15 +146,15 @@ public void testNameRulesCompat() throws Exception { } catch (Exception ex) { } kn = new KerberosName("bar@BAR"); - Assert.assertEquals("bar", kn.getShortName()); + assertEquals("bar", kn.getShortName()); kn = new KerberosName("bar@FOO"); - Assert.assertEquals("bar@FOO", kn.getShortName()); + assertEquals("bar@FOO", kn.getShortName()); } @Test public void testNullProperties() throws Exception { KerberosName kn = new KerberosName(KerberosTestUtils.getServerPrincipal()); - Assert.assertEquals(KerberosTestUtils.getRealm(), kn.getRealm()); + assertEquals(KerberosTestUtils.getRealm(), kn.getRealm()); KerberosName.setRuleMechanism("MIT"); KerberosName.setRules("DEFAULT"); @@ -171,18 +172,18 @@ public void testNullProperties() throws Exception { } catch (Exception ex) { } - Assert.assertEquals("MIT", KerberosName.getRuleMechanism()); - Assert.assertEquals("DEFAULT", KerberosName.getRules()); + assertEquals("MIT", KerberosName.getRuleMechanism()); + assertEquals("DEFAULT", KerberosName.getRules()); } @Test public void testInit() throws Exception { - Assert.assertEquals(KerberosTestUtils.getKeytabFile(), handler.getKeytab()); + assertEquals(KerberosTestUtils.getKeytabFile(), handler.getKeytab()); Set principals = handler.getPrincipals(); Principal expectedPrincipal = new KerberosPrincipal(KerberosTestUtils.getServerPrincipal()); - Assert.assertTrue(principals.contains(expectedPrincipal)); - Assert.assertEquals(1, principals.size()); + assertTrue(principals.contains(expectedPrincipal)); + assertEquals(1, principals.size()); } /** @@ -205,7 +206,7 @@ public void testDynamicPrincipalDiscovery() throws Exception { handler = getNewAuthenticationHandler(); handler.init(props); - Assert.assertEquals(KerberosTestUtils.getKeytabFile(), + assertEquals(KerberosTestUtils.getKeytabFile(), handler.getKeytab()); Set loginPrincipals = handler.getPrincipals(); @@ -213,8 +214,8 @@ public void testDynamicPrincipalDiscovery() throws Exception { Principal principal = new KerberosPrincipal( user + "@" + KerberosTestUtils.getRealm()); boolean expected = user.startsWith("HTTP/"); - Assert.assertEquals("checking for "+user, expected, - loginPrincipals.contains(principal)); + assertEquals(expected, + loginPrincipals.contains(principal), "checking for "+user); } } @@ -237,18 +238,18 @@ public void testDynamicPrincipalDiscoveryMissingPrincipals() handler = getNewAuthenticationHandler(); try { handler.init(props); - Assert.fail("init should have failed"); + fail("init should have failed"); } catch (ServletException ex) { - Assert.assertEquals("Principals do not exist in the keytab", + assertEquals("Principals do not exist in the keytab", ex.getCause().getMessage()); } catch (Throwable t) { - Assert.fail("wrong exception: "+t); + fail("wrong exception: "+t); } } @Test public void testType() { - Assert.assertEquals(getExpectedType(), handler.getType()); + assertEquals(getExpectedType(), handler.getType()); } @Test @@ -256,7 +257,7 @@ public void testRequestWithoutAuthorization() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); HttpServletResponse response = Mockito.mock(HttpServletResponse.class); - Assert.assertNull(handler.authenticate(request, response)); + assertNull(handler.authenticate(request, response)); Mockito.verify(response).setHeader(KerberosAuthenticator.WWW_AUTHENTICATE, KerberosAuthenticator.NEGOTIATE); Mockito.verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED); @@ -269,7 +270,7 @@ public void testRequestWithInvalidAuthorization() throws Exception { Mockito.when(request.getHeader(KerberosAuthenticator.AUTHORIZATION)) .thenReturn("invalid"); - Assert.assertNull(handler.authenticate(request, response)); + assertNull(handler.authenticate(request, response)); Mockito.verify(response).setHeader(KerberosAuthenticator.WWW_AUTHENTICATE, KerberosAuthenticator.NEGOTIATE); Mockito.verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED); @@ -284,11 +285,11 @@ public void testRequestWithIncompleteAuthorization() { .thenReturn(KerberosAuthenticator.NEGOTIATE); try { handler.authenticate(request, response); - Assert.fail(); + fail(); } catch (AuthenticationException ex) { // Expected } catch (Exception ex) { - Assert.fail(); + fail(); } } @@ -339,11 +340,11 @@ public String call() throws Exception { Mockito.matches(KerberosAuthenticator.NEGOTIATE + " .*")); Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); - Assert.assertEquals(KerberosTestUtils.getClientPrincipal(), + assertEquals(KerberosTestUtils.getClientPrincipal(), authToken.getName()); - Assert.assertTrue(KerberosTestUtils.getClientPrincipal() + assertTrue(KerberosTestUtils.getClientPrincipal() .startsWith(authToken.getUserName())); - Assert.assertEquals(getExpectedType(), authToken.getType()); + assertEquals(getExpectedType(), authToken.getType()); } else { Mockito.verify(response).setHeader( Mockito.eq(KerberosAuthenticator.WWW_AUTHENTICATE), @@ -365,11 +366,11 @@ public void testRequestWithInvalidKerberosAuthorization() { try { handler.authenticate(request, response); - Assert.fail(); + fail(); } catch (AuthenticationException ex) { // Expected } catch (Exception ex) { - Assert.fail(); + fail(); } } @@ -386,15 +387,15 @@ public void testRequestToWhitelist() throws Exception { Mockito.when(request.getServletPath()).thenReturn("/white4"); try { handler.authenticate(request, response); - Assert.fail(); + fail(); } catch (AuthenticationException ex) { // Expected } catch (Exception ex) { - Assert.fail(); + fail(); } } - @After + @AfterEach public void tearDown() throws Exception { if (handler != null) { handler.destroy(); diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/log/TestLogLevel.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/log/TestLogLevel.java index 636c03a16d936..46f52e02629c9 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/log/TestLogLevel.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/log/TestLogLevel.java @@ -37,23 +37,25 @@ import org.apache.hadoop.security.authentication.client.KerberosAuthenticator; import org.apache.hadoop.security.authorize.AccessControlList; import org.apache.hadoop.security.ssl.KeyStoreTestUtil; -import org.junit.Assert; import org.apache.hadoop.test.GenericTestUtils; import org.apache.log4j.Level; import org.apache.log4j.Logger; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; import org.slf4j.LoggerFactory; import javax.net.ssl.SSLException; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; +import org.junit.jupiter.api.Timeout; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotEquals; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.fail; /** * Test LogLevel. @@ -72,7 +74,7 @@ public class TestLogLevel extends KerberosSecurityTestcase { private final static String KEYTAB = "loglevel.keytab"; private static final String PREFIX = "hadoop.http.authentication."; - @BeforeClass + @BeforeAll public static void setUp() throws Exception { org.slf4j.Logger logger = LoggerFactory.getLogger(KerberosAuthenticator.class); @@ -94,7 +96,7 @@ static private void setupSSL(File base) throws Exception { sslConf = KeyStoreTestUtil.getSslConfig(); } - @Before + @BeforeEach public void setupKerberos() throws Exception { File keytabFile = new File(KerberosTestUtils.getKeytabFile()); clientPrincipal = KerberosTestUtils.getClientPrincipal(); @@ -106,7 +108,7 @@ public void setupKerberos() throws Exception { getKdc().createPrincipal(keytabFile, clientPrincipal, serverPrincipal); } - @AfterClass + @AfterAll public static void tearDown() throws Exception { KeyStoreTestUtil.cleanupSSLConfig(keystoresDir, sslConfDir); FileUtil.fullyDelete(BASEDIR); @@ -116,7 +118,8 @@ public static void tearDown() throws Exception { * Test client command line options. Does not validate server behavior. * @throws Exception */ - @Test(timeout=120000) + @Test + @Timeout(value = 120) public void testCommandOptions() throws Exception { final String className = this.getClass().getName(); @@ -251,8 +254,8 @@ private void testDynamicLogLevel(final String bindProtocol, throw new Exception("Invalid client protocol " + connectProtocol); } Level oldLevel = log.getEffectiveLevel(); - Assert.assertNotEquals("Get default Log Level which shouldn't be ERROR.", - Level.ERROR, oldLevel); + assertNotEquals( + Level.ERROR, oldLevel, "Get default Log Level which shouldn't be ERROR."); // configs needed for SPNEGO at server side if (isSpnego) { @@ -330,7 +333,8 @@ private void setLevel(String protocol, String authority, String newLevel) * * @throws Exception */ - @Test(timeout=60000) + @Test + @Timeout(value = 60) public void testInfoLogLevel() throws Exception { testDynamicLogLevel(LogLevel.PROTOCOL_HTTP, LogLevel.PROTOCOL_HTTP, false, "Info"); @@ -341,7 +345,8 @@ public void testInfoLogLevel() throws Exception { * * @throws Exception */ - @Test(timeout=60000) + @Test + @Timeout(value = 60) public void testErrorLogLevel() throws Exception { testDynamicLogLevel(LogLevel.PROTOCOL_HTTP, LogLevel.PROTOCOL_HTTP, false, "Error"); @@ -352,7 +357,8 @@ public void testErrorLogLevel() throws Exception { * * @throws Exception */ - @Test(timeout=60000) + @Test + @Timeout(value = 60) public void testLogLevelByHttp() throws Exception { testDynamicLogLevel(LogLevel.PROTOCOL_HTTP, LogLevel.PROTOCOL_HTTP, false); try { @@ -373,7 +379,8 @@ public void testLogLevelByHttp() throws Exception { * * @throws Exception */ - @Test(timeout=60000) + @Test + @Timeout(value = 60) public void testLogLevelByHttpWithSpnego() throws Exception { testDynamicLogLevel(LogLevel.PROTOCOL_HTTP, LogLevel.PROTOCOL_HTTP, true); try { @@ -394,7 +401,8 @@ public void testLogLevelByHttpWithSpnego() throws Exception { * * @throws Exception */ - @Test(timeout=60000) + @Test + @Timeout(value = 60) public void testLogLevelByHttps() throws Exception { testDynamicLogLevel(LogLevel.PROTOCOL_HTTPS, LogLevel.PROTOCOL_HTTPS, false); @@ -416,7 +424,8 @@ public void testLogLevelByHttps() throws Exception { * * @throws Exception */ - @Test(timeout=60000) + @Test + @Timeout(value = 60) public void testLogLevelByHttpsWithSpnego() throws Exception { testDynamicLogLevel(LogLevel.PROTOCOL_HTTPS, LogLevel.PROTOCOL_HTTPS, true); diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestFixKerberosTicketOrder.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestFixKerberosTicketOrder.java index cbea393d93164..234037bd54ce2 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestFixKerberosTicketOrder.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestFixKerberosTicketOrder.java @@ -18,8 +18,8 @@ package org.apache.hadoop.security; import static org.apache.hadoop.test.LambdaTestUtils.intercept; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertTrue; import java.io.File; import java.security.PrivilegedExceptionAction; @@ -37,8 +37,8 @@ import org.apache.hadoop.security.SaslRpcServer.AuthMethod; import org.apache.hadoop.security.SaslRpcServer.QualityOfProtection; import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod; -import org.junit.Before; -import org.junit.Test; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; /** * Testcase for HADOOP-13433 that verifies the logic of fixKerberosTicketOrder. @@ -63,7 +63,7 @@ public class TestFixKerberosTicketOrder extends KerberosSecurityTestcase { private Map props; - @Before + @BeforeEach public void setUp() throws Exception { keytabFile = new File(getWorkDir(), "keytab"); getKdc().createPrincipal(keytabFile, clientPrincipal, server1Principal, @@ -106,13 +106,13 @@ public Void run() throws Exception { } // make sure the first ticket is not tgt assertFalse( - "The first ticket is still tgt, " - + "the implementation in jdk may have been changed, " - + "please reconsider the problem in HADOOP-13433", - subject.getPrivateCredentials().stream() + + subject.getPrivateCredentials().stream() .filter(c -> c instanceof KerberosTicket) .map(c -> ((KerberosTicket) c).getServer().getName()).findFirst() - .get().startsWith("krbtgt")); + .get().startsWith("krbtgt"), "The first ticket is still tgt, " + + "the implementation in jdk may have been changed, " + + "please reconsider the problem in HADOOP-13433"); // should fail as we send a service ticket instead of tgt to KDC. intercept(SaslException.class, () -> ugi.doAs(new PrivilegedExceptionAction() { @@ -131,11 +131,11 @@ public Void run() throws Exception { ugi.fixKerberosTicketOrder(); // check if TGT is the first ticket after the fix. - assertTrue("The first ticket is not tgt", - subject.getPrivateCredentials().stream() + assertTrue( + subject.getPrivateCredentials().stream() .filter(c -> c instanceof KerberosTicket) .map(c -> ((KerberosTicket) c).getServer().getName()).findFirst() - .get().startsWith("krbtgt")); + .get().startsWith("krbtgt"), "The first ticket is not tgt"); // make sure we can still get new service ticket after the fix. ugi.doAs(new PrivilegedExceptionAction() { @@ -150,10 +150,10 @@ public Void run() throws Exception { return null; } }); - assertTrue("No service ticket for " + server2Protocol + " found", - subject.getPrivateCredentials(KerberosTicket.class).stream() + assertTrue( + subject.getPrivateCredentials(KerberosTicket.class).stream() .filter(t -> t.getServer().getName().startsWith(server2Protocol)) - .findAny().isPresent()); + .findAny().isPresent(), "No service ticket for " + server2Protocol + " found"); } @Test @@ -188,11 +188,11 @@ public Void run() throws Exception { ugi.fixKerberosTicketOrder(); // verify that after fixing, the tgt ticket should be removed - assertFalse("The first ticket is not tgt", - subject.getPrivateCredentials().stream() + assertFalse( + subject.getPrivateCredentials().stream() .filter(c -> c instanceof KerberosTicket) .map(c -> ((KerberosTicket) c).getServer().getName()).findFirst() - .isPresent()); + .isPresent(), "The first ticket is not tgt"); // should fail as we send a service ticket instead of tgt to KDC. @@ -227,9 +227,9 @@ public Void run() throws Exception { } }); - assertTrue("No service ticket for " + server2Protocol + " found", - subject.getPrivateCredentials(KerberosTicket.class).stream() + assertTrue( + subject.getPrivateCredentials(KerberosTicket.class).stream() .filter(t -> t.getServer().getName().startsWith(server2Protocol)) - .findAny().isPresent()); + .findAny().isPresent(), "No service ticket for " + server2Protocol + " found"); } } \ No newline at end of file diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestRaceWhenRelogin.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestRaceWhenRelogin.java index 4f9946c3e27ba..473afcc6c44a7 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestRaceWhenRelogin.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestRaceWhenRelogin.java @@ -17,7 +17,7 @@ */ package org.apache.hadoop.security; -import static org.junit.Assert.assertTrue; +import static org.junit.jupiter.api.Assertions.assertTrue; import java.io.File; import java.io.IOException; @@ -37,8 +37,8 @@ import org.apache.hadoop.security.SaslRpcServer.AuthMethod; import org.apache.hadoop.security.SaslRpcServer.QualityOfProtection; import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod; -import org.junit.Before; -import org.junit.Test; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; /** * Testcase for HADOOP-13433 that confirms that tgt will always be the first @@ -68,7 +68,7 @@ public class TestRaceWhenRelogin extends KerberosSecurityTestcase { private UserGroupInformation ugi; - @Before + @BeforeEach public void setUp() throws Exception { keytabFile = new File(getWorkDir(), "keytab"); serverProtocols = new String[numThreads]; @@ -157,6 +157,6 @@ public void test() throws InterruptedException, IOException { for (Thread getServiceTicketThread : getServiceTicketThreads) { getServiceTicketThread.join(); } - assertTrue("tgt is not the first ticket after relogin", pass.get()); + assertTrue(pass.get(), "tgt is not the first ticket after relogin"); } } diff --git a/hadoop-common-project/hadoop-minikdc/pom.xml b/hadoop-common-project/hadoop-minikdc/pom.xml index 96e0f16f49b8c..47f6881c988d0 100644 --- a/hadoop-common-project/hadoop-minikdc/pom.xml +++ b/hadoop-common-project/hadoop-minikdc/pom.xml @@ -48,6 +48,36 @@ junit compile + + org.assertj + assertj-core + compile + + + org.junit.jupiter + junit-jupiter-api + compile + + + org.junit.jupiter + junit-jupiter-params + compile + + + org.junit.jupiter + junit-jupiter-engine + compile + + + org.junit.vintage + junit-vintage-engine + compile + + + org.junit.platform + junit-platform-launcher + compile + diff --git a/hadoop-common-project/hadoop-minikdc/src/main/java/org/apache/hadoop/minikdc/KerberosSecurityTestcase.java b/hadoop-common-project/hadoop-minikdc/src/main/java/org/apache/hadoop/minikdc/KerberosSecurityTestcase.java index 5bccbc53de870..e5e1463c78fd4 100644 --- a/hadoop-common-project/hadoop-minikdc/src/main/java/org/apache/hadoop/minikdc/KerberosSecurityTestcase.java +++ b/hadoop-common-project/hadoop-minikdc/src/main/java/org/apache/hadoop/minikdc/KerberosSecurityTestcase.java @@ -17,8 +17,8 @@ */ package org.apache.hadoop.minikdc; -import org.junit.After; -import org.junit.Before; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; import java.io.File; import java.util.Properties; @@ -40,7 +40,7 @@ public class KerberosSecurityTestcase { private File workDir; private Properties conf; - @Before + @BeforeEach public void startMiniKdc() throws Exception { createTestDir(); createMiniKdcConf(); @@ -65,7 +65,7 @@ public void createMiniKdcConf() { conf = MiniKdc.createConf(); } - @After + @AfterEach public void stopMiniKdc() { if (kdc != null) { kdc.stop(); diff --git a/hadoop-common-project/hadoop-minikdc/src/test/java/org/apache/hadoop/minikdc/TestMiniKdc.java b/hadoop-common-project/hadoop-minikdc/src/test/java/org/apache/hadoop/minikdc/TestMiniKdc.java index 45684053a03ab..9af2a974899c6 100644 --- a/hadoop-common-project/hadoop-minikdc/src/test/java/org/apache/hadoop/minikdc/TestMiniKdc.java +++ b/hadoop-common-project/hadoop-minikdc/src/test/java/org/apache/hadoop/minikdc/TestMiniKdc.java @@ -20,8 +20,8 @@ import org.apache.kerby.kerberos.kerb.keytab.Keytab; import org.apache.kerby.kerberos.kerb.type.base.PrincipalName; -import org.junit.Assert; -import org.junit.Test; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; import javax.security.auth.Subject; import javax.security.auth.kerberos.KerberosPrincipal; @@ -70,7 +70,7 @@ private static boolean isSystemClassAvailable(String className) { @Test public void testMiniKdcStart() { MiniKdc kdc = getKdc(); - Assert.assertNotSame(0, kdc.getPort()); + Assertions.assertNotSame(0, kdc.getPort()); } @Test @@ -87,7 +87,7 @@ public void testKeytabGen() throws Exception { principals.add(principalName.getName()); } - Assert.assertEquals(new HashSet(Arrays.asList( + Assertions.assertEquals(new HashSet(Arrays.asList( "foo/bar@" + kdc.getRealm(), "bar/foo@" + kdc.getRealm())), principals); } @@ -170,10 +170,10 @@ public void testKerberosLogin() throws Exception { KerberosConfiguration.createClientConfig(principal, keytab)); loginContext.login(); subject = loginContext.getSubject(); - Assert.assertEquals(1, subject.getPrincipals().size()); - Assert.assertEquals(KerberosPrincipal.class, + Assertions.assertEquals(1, subject.getPrincipals().size()); + Assertions.assertEquals(KerberosPrincipal.class, subject.getPrincipals().iterator().next().getClass()); - Assert.assertEquals(principal + "@" + kdc.getRealm(), + Assertions.assertEquals(principal + "@" + kdc.getRealm(), subject.getPrincipals().iterator().next().getName()); loginContext.logout(); @@ -184,10 +184,10 @@ public void testKerberosLogin() throws Exception { KerberosConfiguration.createServerConfig(principal, keytab)); loginContext.login(); subject = loginContext.getSubject(); - Assert.assertEquals(1, subject.getPrincipals().size()); - Assert.assertEquals(KerberosPrincipal.class, + Assertions.assertEquals(1, subject.getPrincipals().size()); + Assertions.assertEquals(KerberosPrincipal.class, subject.getPrincipals().iterator().next().getClass()); - Assert.assertEquals(principal + "@" + kdc.getRealm(), + Assertions.assertEquals(principal + "@" + kdc.getRealm(), subject.getPrincipals().iterator().next().getName()); loginContext.logout(); From b0799a82d799b84a68de9c2d6a51c515c83a77a2 Mon Sep 17 00:00:00 2001 From: slfan1989 Date: Mon, 21 Apr 2025 11:11:00 +0800 Subject: [PATCH 2/6] HADOOP-19417. Fix CheckStyle Issue. --- .../client/TestKerberosAuthenticator.java | 60 ++++++++++--------- .../TestAltKerberosAuthenticationHandler.java | 46 +++++++++----- .../org/apache/hadoop/log/TestLogLevel.java | 4 +- 3 files changed, 64 insertions(+), 46 deletions(-) diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java index 1ad2e6479d695..8c6bb1b6e402d 100644 --- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java +++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java @@ -13,6 +13,10 @@ */ package org.apache.hadoop.security.authentication.client; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; import static org.apache.hadoop.security.authentication.server.MultiSchemeAuthenticationHandler.SCHEMES_PROPERTY; import static org.apache.hadoop.security.authentication.server.MultiSchemeAuthenticationHandler.AUTH_HANDLER_PROPERTY; import static org.apache.hadoop.security.authentication.server.AuthenticationFilter.AUTH_TYPE; @@ -34,10 +38,8 @@ import org.apache.hadoop.security.authentication.server.MultiSchemeAuthenticationHandler; import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler; import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; -import org.mockito.Mockito; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.BeforeEach; import java.io.File; import java.net.HttpURLConnection; @@ -55,7 +57,7 @@ public class TestKerberosAuthenticator extends KerberosSecurityTestcase { public TestKerberosAuthenticator() { } - @Before + @BeforeEach public void setup() throws Exception { // create keytab File keytabFile = new File(KerberosTestUtils.getKeytabFile()); @@ -122,8 +124,8 @@ public void testNotAuthenticated() throws Exception { URL url = new URL(auth.getBaseURL()); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.connect(); - Assert.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode()); - Assert.assertTrue(conn.getHeaderField(KerberosAuthenticator.WWW_AUTHENTICATE) != null); + assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode()); + assertTrue(conn.getHeaderField(KerberosAuthenticator.WWW_AUTHENTICATE) != null); } finally { auth.stop(); } @@ -200,9 +202,9 @@ public void testNotAuthenticatedWithMultiAuthHandler() throws Exception { URL url = new URL(auth.getBaseURL()); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.connect(); - Assert.assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, + assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode()); - Assert.assertTrue(conn + assertTrue(conn .getHeaderField(KerberosAuthenticator.WWW_AUTHENTICATE) != null); } finally { auth.stop(); @@ -247,15 +249,15 @@ public void testWrapExceptionWithMessage() { ex = new IOException("Induced exception"); ex = KerberosAuthenticator.wrapExceptionWithMessage(ex, "Error while " + "authenticating with endpoint: localhost"); - Assert.assertEquals("Induced exception", ex.getCause().getMessage()); - Assert.assertEquals("Error while authenticating with endpoint: localhost", + assertEquals("Induced exception", ex.getCause().getMessage()); + assertEquals("Error while authenticating with endpoint: localhost", ex.getMessage()); ex = new AuthenticationException("Auth exception"); ex = KerberosAuthenticator.wrapExceptionWithMessage(ex, "Error while " + "authenticating with endpoint: localhost"); - Assert.assertEquals("Auth exception", ex.getCause().getMessage()); - Assert.assertEquals("Error while authenticating with endpoint: localhost", + assertEquals("Auth exception", ex.getCause().getMessage()); + assertEquals("Error while authenticating with endpoint: localhost", ex.getMessage()); // Test for Exception with no (String) constructor @@ -263,8 +265,8 @@ public void testWrapExceptionWithMessage() { ex = new CharacterCodingException(); Exception ex2 = KerberosAuthenticator.wrapExceptionWithMessage(ex, "Error while authenticating with endpoint: localhost"); - Assert.assertTrue(ex instanceof CharacterCodingException); - Assert.assertTrue(ex.equals(ex2)); + assertTrue(ex instanceof CharacterCodingException); + assertTrue(ex.equals(ex2)); } @Test @@ -273,16 +275,16 @@ public void testNegotiate() throws NoSuchMethodException, InvocationTargetExcept IllegalAccessException, IOException { KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator(); - HttpURLConnection conn = Mockito.mock(HttpURLConnection.class); - Mockito.when(conn.getHeaderField(KerberosAuthenticator.WWW_AUTHENTICATE)). + HttpURLConnection conn = mock(HttpURLConnection.class); + when(conn.getHeaderField(KerberosAuthenticator.WWW_AUTHENTICATE)). thenReturn(KerberosAuthenticator.NEGOTIATE); - Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED); + when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED); Method method = KerberosAuthenticator.class.getDeclaredMethod("isNegotiate", HttpURLConnection.class); method.setAccessible(true); - Assert.assertTrue((boolean)method.invoke(kerberosAuthenticator, conn)); + assertTrue((boolean)method.invoke(kerberosAuthenticator, conn)); } @Test @@ -291,16 +293,16 @@ public void testNegotiateLowerCase() throws NoSuchMethodException, InvocationTar IllegalAccessException, IOException { KerberosAuthenticator kerberosAuthenticator = new KerberosAuthenticator(); - HttpURLConnection conn = Mockito.mock(HttpURLConnection.class); - Mockito.when(conn.getHeaderField("www-authenticate")) + HttpURLConnection conn = mock(HttpURLConnection.class); + when(conn.getHeaderField("www-authenticate")) .thenReturn(KerberosAuthenticator.NEGOTIATE); - Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED); + when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED); Method method = KerberosAuthenticator.class.getDeclaredMethod("isNegotiate", HttpURLConnection.class); method.setAccessible(true); - Assert.assertTrue((boolean)method.invoke(kerberosAuthenticator, conn)); + assertTrue((boolean)method.invoke(kerberosAuthenticator, conn)); } @Test @@ -312,9 +314,9 @@ public void testReadToken() throws NoSuchMethodException, IOException, IllegalAc Base64 base64 = new Base64(); - HttpURLConnection conn = Mockito.mock(HttpURLConnection.class); - Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED); - Mockito.when(conn.getHeaderField(KerberosAuthenticator.WWW_AUTHENTICATE)) + HttpURLConnection conn = mock(HttpURLConnection.class); + when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED); + when(conn.getHeaderField(KerberosAuthenticator.WWW_AUTHENTICATE)) .thenReturn(KerberosAuthenticator.NEGOTIATE + " " + Arrays.toString(base64.encode("foobar".getBytes()))); @@ -334,9 +336,9 @@ public void testReadTokenLowerCase() throws NoSuchMethodException, IOException, Base64 base64 = new Base64(); - HttpURLConnection conn = Mockito.mock(HttpURLConnection.class); - Mockito.when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED); - Mockito.when(conn.getHeaderField("www-authenticate")) + HttpURLConnection conn = mock(HttpURLConnection.class); + when(conn.getResponseCode()).thenReturn(HttpURLConnection.HTTP_UNAUTHORIZED); + when(conn.getHeaderField("www-authenticate")) .thenReturn(KerberosAuthenticator.NEGOTIATE + Arrays.toString(base64.encode("foobar".getBytes()))); diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAltKerberosAuthenticationHandler.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAltKerberosAuthenticationHandler.java index 4cb4e1ce059cf..0c8daafd841b9 100644 --- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAltKerberosAuthenticationHandler.java +++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestAltKerberosAuthenticationHandler.java @@ -13,14 +13,16 @@ */ package org.apache.hadoop.security.authentication.server; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + import java.io.IOException; import java.util.Properties; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.hadoop.security.authentication.client.AuthenticationException; -import org.junit.Assert; -import org.junit.Test; -import org.mockito.Mockito; +import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Timeout; public class TestAltKerberosAuthenticationHandler @@ -51,24 +53,38 @@ protected String getExpectedType() { @Test @Timeout(value = 60) public void testAlternateAuthenticationAsBrowser() throws Exception { - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - HttpServletResponse response = Mockito.mock(HttpServletResponse.class); + if (handler != null) { + handler.destroy(); + handler = null; + } + handler = getNewAuthenticationHandler(); + Properties props = getDefaultProperties(); + props.setProperty("alt-kerberos.non-browser.user-agents", "foo, bar"); + try { + handler.init(props); + } catch (Exception ex) { + handler = null; + throw ex; + } + + HttpServletRequest request = mock(HttpServletRequest.class); + HttpServletResponse response = mock(HttpServletResponse.class); // By default, a User-Agent without "java", "curl", "wget", or "perl" in it // is considered a browser - Mockito.when(request.getHeader("User-Agent")).thenReturn("Some Browser"); + when(request.getHeader("User-Agent")).thenReturn("Some Browser"); AuthenticationToken token = handler.authenticate(request, response); - Assert.assertEquals("A", token.getUserName()); - Assert.assertEquals("B", token.getName()); - Assert.assertEquals(getExpectedType(), token.getType()); + assertEquals("A", token.getUserName()); + assertEquals("B", token.getName()); + assertEquals(getExpectedType(), token.getType()); } @Test @Timeout(value = 60) public void testNonDefaultNonBrowserUserAgentAsBrowser() throws Exception { - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - HttpServletResponse response = Mockito.mock(HttpServletResponse.class); + HttpServletRequest request = mock(HttpServletRequest.class); + HttpServletResponse response = mock(HttpServletResponse.class); if (handler != null) { handler.destroy(); @@ -85,12 +101,12 @@ public void testNonDefaultNonBrowserUserAgentAsBrowser() throws Exception { } // Pretend we're something that will not match with "foo" (or "bar") - Mockito.when(request.getHeader("User-Agent")).thenReturn("blah"); + when(request.getHeader("User-Agent")).thenReturn("blah"); // Should use alt authentication AuthenticationToken token = handler.authenticate(request, response); - Assert.assertEquals("A", token.getUserName()); - Assert.assertEquals("B", token.getName()); - Assert.assertEquals(getExpectedType(), token.getType()); + assertEquals("A", token.getUserName()); + assertEquals("B", token.getName()); + assertEquals(getExpectedType(), token.getType()); } @Test diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/log/TestLogLevel.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/log/TestLogLevel.java index 46f52e02629c9..27ae491c6da1a 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/log/TestLogLevel.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/log/TestLogLevel.java @@ -324,8 +324,8 @@ private void setLevel(String protocol, String authority, String newLevel) CLI cli = new CLI(sslConf); cli.run(setLevelArgs); - assertEquals("new level not equal to expected: ", newLevel.toUpperCase(), - log.getEffectiveLevel().toString()); + assertEquals(newLevel.toUpperCase(), log.getEffectiveLevel().toString(), + "new level not equal to expected: "); } /** From eeee49553ca3b776109f772150f8a7102c5e8aef Mon Sep 17 00:00:00 2001 From: slfan1989 Date: Mon, 21 Apr 2025 11:32:02 +0800 Subject: [PATCH 3/6] HADOOP-19417. Fix CheckStyle Issue. --- .../client/TestKerberosAuthenticator.java | 5 +- .../TestJWTRedirectAuthenticationHandler.java | 125 +++++++++--------- .../org/apache/hadoop/log/TestLogLevel.java | 7 +- .../security/TestFixKerberosTicketOrder.java | 46 +++---- .../apache/hadoop/minikdc/TestMiniKdc.java | 20 +-- 5 files changed, 101 insertions(+), 102 deletions(-) diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java index 8c6bb1b6e402d..dd345ebd15471 100644 --- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java +++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java @@ -38,8 +38,9 @@ import org.apache.hadoop.security.authentication.server.MultiSchemeAuthenticationHandler; import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler; import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler; -import org.junit.jupiter.api.Test; import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.Timeout; import java.io.File; import java.net.HttpURLConnection; @@ -47,7 +48,7 @@ import java.util.Arrays; import java.util.Properties; import java.util.concurrent.Callable; -import org.junit.jupiter.api.Timeout; + /** * Test class for {@link KerberosAuthenticator}. diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java index e903ea9644ac6..3c5bf4bb97ee5 100644 --- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java +++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java @@ -17,6 +17,9 @@ import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertTrue; import static org.junit.jupiter.api.Assertions.fail; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; import java.io.File; import java.security.KeyPair; @@ -41,8 +44,6 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import org.mockito.Mockito; - import com.nimbusds.jose.*; import com.nimbusds.jwt.JWTClaimsSet; import com.nimbusds.jwt.SignedJWT; @@ -67,12 +68,12 @@ public void testNoPublicKeyJWT() throws Exception { privateKey); Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize()); - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie }); - Mockito.when(request.getRequestURL()).thenReturn( + HttpServletRequest request = mock(HttpServletRequest.class); + when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); - HttpServletResponse response = Mockito.mock(HttpServletResponse.class); - Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( + HttpServletResponse response = mock(HttpServletResponse.class); + when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( SERVICE_URL); AuthenticationToken token = handler.alternateAuthenticate(request, @@ -99,12 +100,12 @@ public void testCustomCookieNameJWT() throws Exception { privateKey); Cookie cookie = new Cookie("jowt", jwt.serialize()); - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie }); - Mockito.when(request.getRequestURL()).thenReturn( + HttpServletRequest request = mock(HttpServletRequest.class); + when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); - HttpServletResponse response = Mockito.mock(HttpServletResponse.class); - Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( + HttpServletResponse response = mock(HttpServletResponse.class); + when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( SERVICE_URL); AuthenticationToken token = handler.alternateAuthenticate(request, @@ -132,12 +133,12 @@ public void testNoProviderURLJWT() throws Exception { privateKey); Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize()); - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie }); - Mockito.when(request.getRequestURL()).thenReturn( + HttpServletRequest request = mock(HttpServletRequest.class); + when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); - HttpServletResponse response = Mockito.mock(HttpServletResponse.class); - Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( + HttpServletResponse response = mock(HttpServletResponse.class); + when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( SERVICE_URL); AuthenticationToken token = handler.alternateAuthenticate(request, @@ -169,17 +170,17 @@ public void testUnableToParseJWT() throws Exception { privateKey); Cookie cookie = new Cookie("hadoop-jwt", "ljm" + jwt.serialize()); - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie }); - Mockito.when(request.getRequestURL()).thenReturn( + HttpServletRequest request = mock(HttpServletRequest.class); + when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); - HttpServletResponse response = Mockito.mock(HttpServletResponse.class); - Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( + HttpServletResponse response = mock(HttpServletResponse.class); + when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( SERVICE_URL); AuthenticationToken token = handler.alternateAuthenticate(request, response); - Mockito.verify(response).sendRedirect(REDIRECT_LOCATION); + verify(response).sendRedirect(REDIRECT_LOCATION); } catch (ServletException se) { fail("alternateAuthentication should NOT have thrown a ServletException"); } catch (AuthenticationException ae) { @@ -208,17 +209,17 @@ public void testFailedSignatureValidationJWT() throws Exception { privateKey); Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize()); - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie }); - Mockito.when(request.getRequestURL()).thenReturn( + HttpServletRequest request = mock(HttpServletRequest.class); + when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); - HttpServletResponse response = Mockito.mock(HttpServletResponse.class); - Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( + HttpServletResponse response = mock(HttpServletResponse.class); + when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( SERVICE_URL); AuthenticationToken token = handler.alternateAuthenticate(request, response); - Mockito.verify(response).sendRedirect(REDIRECT_LOCATION); + verify(response).sendRedirect(REDIRECT_LOCATION); } catch (ServletException se) { fail("alternateAuthentication should NOT have thrown a ServletException"); } catch (AuthenticationException ae) { @@ -238,17 +239,17 @@ public void testExpiredJWT() throws Exception { privateKey); Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize()); - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie }); - Mockito.when(request.getRequestURL()).thenReturn( + HttpServletRequest request = mock(HttpServletRequest.class); + when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); - HttpServletResponse response = Mockito.mock(HttpServletResponse.class); - Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( + HttpServletResponse response = mock(HttpServletResponse.class); + when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( SERVICE_URL); AuthenticationToken token = handler.alternateAuthenticate(request, response); - Mockito.verify(response).sendRedirect(REDIRECT_LOCATION); + verify(response).sendRedirect(REDIRECT_LOCATION); } catch (ServletException se) { fail("alternateAuthentication should NOT have thrown a ServletException"); } catch (AuthenticationException ae) { @@ -267,12 +268,12 @@ public void testNoExpirationJWT() throws Exception { SignedJWT jwt = getJWT("bob", null, privateKey); Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize()); - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie }); - Mockito.when(request.getRequestURL()).thenReturn( + HttpServletRequest request = mock(HttpServletRequest.class); + when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); - HttpServletResponse response = Mockito.mock(HttpServletResponse.class); - Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( + HttpServletResponse response = mock(HttpServletResponse.class); + when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( SERVICE_URL); AuthenticationToken token = handler.alternateAuthenticate(request, @@ -300,17 +301,17 @@ public void testInvalidAudienceJWT() throws Exception { privateKey); Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize()); - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie }); - Mockito.when(request.getRequestURL()).thenReturn( + HttpServletRequest request = mock(HttpServletRequest.class); + when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); - HttpServletResponse response = Mockito.mock(HttpServletResponse.class); - Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( + HttpServletResponse response = mock(HttpServletResponse.class); + when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( SERVICE_URL); AuthenticationToken token = handler.alternateAuthenticate(request, response); - Mockito.verify(response).sendRedirect(REDIRECT_LOCATION); + verify(response).sendRedirect(REDIRECT_LOCATION); } catch (ServletException se) { fail("alternateAuthentication should NOT have thrown a ServletException"); } catch (AuthenticationException ae) { @@ -332,12 +333,12 @@ public void testValidAudienceJWT() throws Exception { privateKey); Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize()); - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie }); - Mockito.when(request.getRequestURL()).thenReturn( + HttpServletRequest request = mock(HttpServletRequest.class); + when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); - HttpServletResponse response = Mockito.mock(HttpServletResponse.class); - Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( + HttpServletResponse response = mock(HttpServletResponse.class); + when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( SERVICE_URL); AuthenticationToken token = handler.alternateAuthenticate(request, @@ -362,12 +363,12 @@ public void testValidJWT() throws Exception { privateKey); Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize()); - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie }); - Mockito.when(request.getRequestURL()).thenReturn( + HttpServletRequest request = mock(HttpServletRequest.class); + when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); - HttpServletResponse response = Mockito.mock(HttpServletResponse.class); - Mockito.when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( + HttpServletResponse response = mock(HttpServletResponse.class); + when(response.encodeRedirectURL(SERVICE_URL)).thenReturn( SERVICE_URL); AuthenticationToken token = handler.alternateAuthenticate(request, @@ -388,10 +389,10 @@ public void testOrigURLWithQueryString() throws Exception { Properties props = getProperties(); handler.init(props); - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - Mockito.when(request.getRequestURL()).thenReturn( + HttpServletRequest request = mock(HttpServletRequest.class); + when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); - Mockito.when(request.getQueryString()).thenReturn("name=value"); + when(request.getQueryString()).thenReturn("name=value"); String loginURL = handler.constructLoginURL(request); assertNotNull(loginURL, "loginURL should not be null."); @@ -405,10 +406,10 @@ public void testOrigURLNoQueryString() throws Exception { Properties props = getProperties(); handler.init(props); - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - Mockito.when(request.getRequestURL()).thenReturn( + HttpServletRequest request = mock(HttpServletRequest.class); + when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); - Mockito.when(request.getQueryString()).thenReturn(null); + when(request.getQueryString()).thenReturn(null); String loginURL = handler.constructLoginURL(request); assertNotNull(loginURL, "LoginURL should not be null."); diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/log/TestLogLevel.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/log/TestLogLevel.java index 27ae491c6da1a..6250a883a8b81 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/log/TestLogLevel.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/log/TestLogLevel.java @@ -45,12 +45,11 @@ import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.Timeout; import org.slf4j.LoggerFactory; import javax.net.ssl.SSLException; -import org.junit.jupiter.api.Timeout; - import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNotEquals; @@ -254,8 +253,8 @@ private void testDynamicLogLevel(final String bindProtocol, throw new Exception("Invalid client protocol " + connectProtocol); } Level oldLevel = log.getEffectiveLevel(); - assertNotEquals( - Level.ERROR, oldLevel, "Get default Log Level which shouldn't be ERROR."); + assertNotEquals(Level.ERROR, oldLevel, + "Get default Log Level which shouldn't be ERROR."); // configs needed for SPNEGO at server side if (isSpnego) { diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestFixKerberosTicketOrder.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestFixKerberosTicketOrder.java index 234037bd54ce2..60a14255fb80c 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestFixKerberosTicketOrder.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestFixKerberosTicketOrder.java @@ -106,13 +106,12 @@ public Void run() throws Exception { } // make sure the first ticket is not tgt assertFalse( - - subject.getPrivateCredentials().stream() - .filter(c -> c instanceof KerberosTicket) - .map(c -> ((KerberosTicket) c).getServer().getName()).findFirst() - .get().startsWith("krbtgt"), "The first ticket is still tgt, " - + "the implementation in jdk may have been changed, " - + "please reconsider the problem in HADOOP-13433"); + subject.getPrivateCredentials().stream() + .filter(c -> c instanceof KerberosTicket) + .map(c -> ((KerberosTicket) c).getServer().getName()).findFirst() + .get().startsWith("krbtgt"), "The first ticket is still tgt, " + + "the implementation in jdk may have been changed, " + + "please reconsider the problem in HADOOP-13433"); // should fail as we send a service ticket instead of tgt to KDC. intercept(SaslException.class, () -> ugi.doAs(new PrivilegedExceptionAction() { @@ -131,11 +130,10 @@ public Void run() throws Exception { ugi.fixKerberosTicketOrder(); // check if TGT is the first ticket after the fix. - assertTrue( - subject.getPrivateCredentials().stream() - .filter(c -> c instanceof KerberosTicket) - .map(c -> ((KerberosTicket) c).getServer().getName()).findFirst() - .get().startsWith("krbtgt"), "The first ticket is not tgt"); + assertTrue(subject.getPrivateCredentials().stream() + .filter(c -> c instanceof KerberosTicket) + .map(c -> ((KerberosTicket) c).getServer().getName()).findFirst() + .get().startsWith("krbtgt"), "The first ticket is not tgt"); // make sure we can still get new service ticket after the fix. ugi.doAs(new PrivilegedExceptionAction() { @@ -150,10 +148,9 @@ public Void run() throws Exception { return null; } }); - assertTrue( - subject.getPrivateCredentials(KerberosTicket.class).stream() - .filter(t -> t.getServer().getName().startsWith(server2Protocol)) - .findAny().isPresent(), "No service ticket for " + server2Protocol + " found"); + assertTrue(subject.getPrivateCredentials(KerberosTicket.class).stream() + .filter(t -> t.getServer().getName().startsWith(server2Protocol)) + .findAny().isPresent(), "No service ticket for " + server2Protocol + " found"); } @Test @@ -188,11 +185,10 @@ public Void run() throws Exception { ugi.fixKerberosTicketOrder(); // verify that after fixing, the tgt ticket should be removed - assertFalse( - subject.getPrivateCredentials().stream() - .filter(c -> c instanceof KerberosTicket) - .map(c -> ((KerberosTicket) c).getServer().getName()).findFirst() - .isPresent(), "The first ticket is not tgt"); + assertFalse(subject.getPrivateCredentials().stream() + .filter(c -> c instanceof KerberosTicket) + .map(c -> ((KerberosTicket) c).getServer().getName()).findFirst() + .isPresent(), "The first ticket is not tgt"); // should fail as we send a service ticket instead of tgt to KDC. @@ -227,9 +223,9 @@ public Void run() throws Exception { } }); - assertTrue( - subject.getPrivateCredentials(KerberosTicket.class).stream() - .filter(t -> t.getServer().getName().startsWith(server2Protocol)) - .findAny().isPresent(), "No service ticket for " + server2Protocol + " found"); + assertTrue(subject.getPrivateCredentials(KerberosTicket.class).stream() + .filter(t -> t.getServer().getName().startsWith(server2Protocol)) + .findAny().isPresent(), + "No service ticket for " + server2Protocol + " found"); } } \ No newline at end of file diff --git a/hadoop-common-project/hadoop-minikdc/src/test/java/org/apache/hadoop/minikdc/TestMiniKdc.java b/hadoop-common-project/hadoop-minikdc/src/test/java/org/apache/hadoop/minikdc/TestMiniKdc.java index 9af2a974899c6..412de652b9f0b 100644 --- a/hadoop-common-project/hadoop-minikdc/src/test/java/org/apache/hadoop/minikdc/TestMiniKdc.java +++ b/hadoop-common-project/hadoop-minikdc/src/test/java/org/apache/hadoop/minikdc/TestMiniKdc.java @@ -18,9 +18,11 @@ package org.apache.hadoop.minikdc; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotSame; + import org.apache.kerby.kerberos.kerb.keytab.Keytab; import org.apache.kerby.kerberos.kerb.type.base.PrincipalName; -import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; import javax.security.auth.Subject; @@ -70,7 +72,7 @@ private static boolean isSystemClassAvailable(String className) { @Test public void testMiniKdcStart() { MiniKdc kdc = getKdc(); - Assertions.assertNotSame(0, kdc.getPort()); + assertNotSame(0, kdc.getPort()); } @Test @@ -87,7 +89,7 @@ public void testKeytabGen() throws Exception { principals.add(principalName.getName()); } - Assertions.assertEquals(new HashSet(Arrays.asList( + assertEquals(new HashSet(Arrays.asList( "foo/bar@" + kdc.getRealm(), "bar/foo@" + kdc.getRealm())), principals); } @@ -170,10 +172,10 @@ public void testKerberosLogin() throws Exception { KerberosConfiguration.createClientConfig(principal, keytab)); loginContext.login(); subject = loginContext.getSubject(); - Assertions.assertEquals(1, subject.getPrincipals().size()); - Assertions.assertEquals(KerberosPrincipal.class, + assertEquals(1, subject.getPrincipals().size()); + assertEquals(KerberosPrincipal.class, subject.getPrincipals().iterator().next().getClass()); - Assertions.assertEquals(principal + "@" + kdc.getRealm(), + assertEquals(principal + "@" + kdc.getRealm(), subject.getPrincipals().iterator().next().getName()); loginContext.logout(); @@ -184,10 +186,10 @@ public void testKerberosLogin() throws Exception { KerberosConfiguration.createServerConfig(principal, keytab)); loginContext.login(); subject = loginContext.getSubject(); - Assertions.assertEquals(1, subject.getPrincipals().size()); - Assertions.assertEquals(KerberosPrincipal.class, + assertEquals(1, subject.getPrincipals().size()); + assertEquals(KerberosPrincipal.class, subject.getPrincipals().iterator().next().getClass()); - Assertions.assertEquals(principal + "@" + kdc.getRealm(), + assertEquals(principal + "@" + kdc.getRealm(), subject.getPrincipals().iterator().next().getName()); loginContext.logout(); From c7f6fe5f4c85fd275e589ad2cda930e3b28d8eef Mon Sep 17 00:00:00 2001 From: slfan1989 Date: Mon, 21 Apr 2025 15:38:51 +0800 Subject: [PATCH 4/6] HADOOP-19417. Fix CheckStyle. --- .../server/TestJWTRedirectAuthenticationHandler.java | 3 ++- .../server/TestKerberosAuthenticationHandler.java | 2 +- .../org/apache/hadoop/security/TestFixKerberosTicketOrder.java | 3 +-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java index 3c5bf4bb97ee5..b626e21ccc43b 100644 --- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java +++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java @@ -396,7 +396,8 @@ public void testOrigURLWithQueryString() throws Exception { String loginURL = handler.constructLoginURL(request); assertNotNull(loginURL, "loginURL should not be null."); - assertEquals("https://localhost:8443/authserver?originalUrl=" + SERVICE_URL + "?name=value", loginURL); + assertEquals("https://localhost:8443/authserver?originalUrl=" + + SERVICE_URL + "?name=value", loginURL); } @Test diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java index bff147ffce2da..6a6f05176b86c 100644 --- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java +++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java @@ -214,7 +214,7 @@ public void testDynamicPrincipalDiscovery() throws Exception { Principal principal = new KerberosPrincipal( user + "@" + KerberosTestUtils.getRealm()); boolean expected = user.startsWith("HTTP/"); - assertEquals(expected, + assertEquals(expected, loginPrincipals.contains(principal), "checking for "+user); } } diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestFixKerberosTicketOrder.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestFixKerberosTicketOrder.java index 60a14255fb80c..4697fe2cc85f9 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestFixKerberosTicketOrder.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestFixKerberosTicketOrder.java @@ -105,8 +105,7 @@ public Void run() throws Exception { } } // make sure the first ticket is not tgt - assertFalse( - subject.getPrivateCredentials().stream() + assertFalse(subject.getPrivateCredentials().stream() .filter(c -> c instanceof KerberosTicket) .map(c -> ((KerberosTicket) c).getServer().getName()).findFirst() .get().startsWith("krbtgt"), "The first ticket is still tgt, " From 079a2ea193d6a331663cbffbdea6f8e1a6699b5a Mon Sep 17 00:00:00 2001 From: slfan1989 Date: Mon, 21 Apr 2025 20:21:04 +0800 Subject: [PATCH 5/6] HADOOP-19417. Fix CheckStyle. --- .../TestJWTRedirectAuthenticationHandler.java | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java index b626e21ccc43b..12de611979a68 100644 --- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java +++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java @@ -69,7 +69,7 @@ public void testNoPublicKeyJWT() throws Exception { Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize()); HttpServletRequest request = mock(HttpServletRequest.class); - when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); HttpServletResponse response = mock(HttpServletResponse.class); @@ -101,7 +101,7 @@ public void testCustomCookieNameJWT() throws Exception { Cookie cookie = new Cookie("jowt", jwt.serialize()); HttpServletRequest request = mock(HttpServletRequest.class); - when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); HttpServletResponse response = mock(HttpServletResponse.class); @@ -134,7 +134,7 @@ public void testNoProviderURLJWT() throws Exception { Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize()); HttpServletRequest request = mock(HttpServletRequest.class); - when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); HttpServletResponse response = mock(HttpServletResponse.class); @@ -171,7 +171,7 @@ public void testUnableToParseJWT() throws Exception { Cookie cookie = new Cookie("hadoop-jwt", "ljm" + jwt.serialize()); HttpServletRequest request = mock(HttpServletRequest.class); - when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); HttpServletResponse response = mock(HttpServletResponse.class); @@ -210,7 +210,7 @@ public void testFailedSignatureValidationJWT() throws Exception { Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize()); HttpServletRequest request = mock(HttpServletRequest.class); - when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); HttpServletResponse response = mock(HttpServletResponse.class); @@ -240,7 +240,7 @@ public void testExpiredJWT() throws Exception { Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize()); HttpServletRequest request = mock(HttpServletRequest.class); - when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); HttpServletResponse response = mock(HttpServletResponse.class); @@ -269,7 +269,7 @@ public void testNoExpirationJWT() throws Exception { Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize()); HttpServletRequest request = mock(HttpServletRequest.class); - when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); HttpServletResponse response = mock(HttpServletResponse.class); @@ -302,7 +302,7 @@ public void testInvalidAudienceJWT() throws Exception { Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize()); HttpServletRequest request = mock(HttpServletRequest.class); - when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); HttpServletResponse response = mock(HttpServletResponse.class); @@ -334,7 +334,7 @@ public void testValidAudienceJWT() throws Exception { Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize()); HttpServletRequest request = mock(HttpServletRequest.class); - when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); HttpServletResponse response = mock(HttpServletResponse.class); @@ -364,7 +364,7 @@ public void testValidJWT() throws Exception { Cookie cookie = new Cookie("hadoop-jwt", jwt.serialize()); HttpServletRequest request = mock(HttpServletRequest.class); - when(request.getCookies()).thenReturn(new Cookie[] { cookie }); + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); when(request.getRequestURL()).thenReturn( new StringBuffer(SERVICE_URL)); HttpServletResponse response = mock(HttpServletResponse.class); From a3141b0828a1c8129f429db774fe4b245d7c21e7 Mon Sep 17 00:00:00 2001 From: slfan1989 Date: Sat, 26 Apr 2025 08:45:49 +0800 Subject: [PATCH 6/6] HADOOP-19417. Fix CheckStyle Issue. --- .../client/TestKerberosAuthenticator.java | 1 - .../TestKerberosAuthenticationHandler.java | 2 +- .../security/TestFixKerberosTicketOrder.java | 28 ++++++++++++------- 3 files changed, 19 insertions(+), 12 deletions(-) diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java index dd345ebd15471..47697d0a6791c 100644 --- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java +++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/client/TestKerberosAuthenticator.java @@ -49,7 +49,6 @@ import java.util.Properties; import java.util.concurrent.Callable; - /** * Test class for {@link KerberosAuthenticator}. */ diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java index 6a6f05176b86c..03da289b81b98 100644 --- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java +++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java @@ -215,7 +215,7 @@ public void testDynamicPrincipalDiscovery() throws Exception { user + "@" + KerberosTestUtils.getRealm()); boolean expected = user.startsWith("HTTP/"); assertEquals(expected, - loginPrincipals.contains(principal), "checking for "+user); + loginPrincipals.contains(principal), "checking for " + user); } } diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestFixKerberosTicketOrder.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestFixKerberosTicketOrder.java index 4697fe2cc85f9..9847f05f1a0f2 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestFixKerberosTicketOrder.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestFixKerberosTicketOrder.java @@ -105,10 +105,12 @@ public Void run() throws Exception { } } // make sure the first ticket is not tgt - assertFalse(subject.getPrivateCredentials().stream() - .filter(c -> c instanceof KerberosTicket) - .map(c -> ((KerberosTicket) c).getServer().getName()).findFirst() - .get().startsWith("krbtgt"), "The first ticket is still tgt, " + assertFalse( + subject.getPrivateCredentials().stream() + .filter(c -> c instanceof KerberosTicket) + .map(c -> ((KerberosTicket) c).getServer().getName()).findFirst() + .get().startsWith("krbtgt"), + "The first ticket is still tgt, " + "the implementation in jdk may have been changed, " + "please reconsider the problem in HADOOP-13433"); // should fail as we send a service ticket instead of tgt to KDC. @@ -129,10 +131,12 @@ public Void run() throws Exception { ugi.fixKerberosTicketOrder(); // check if TGT is the first ticket after the fix. - assertTrue(subject.getPrivateCredentials().stream() + assertTrue( + subject.getPrivateCredentials().stream() .filter(c -> c instanceof KerberosTicket) .map(c -> ((KerberosTicket) c).getServer().getName()).findFirst() - .get().startsWith("krbtgt"), "The first ticket is not tgt"); + .get().startsWith("krbtgt"), + "The first ticket is not tgt"); // make sure we can still get new service ticket after the fix. ugi.doAs(new PrivilegedExceptionAction() { @@ -147,9 +151,11 @@ public Void run() throws Exception { return null; } }); - assertTrue(subject.getPrivateCredentials(KerberosTicket.class).stream() + assertTrue( + subject.getPrivateCredentials(KerberosTicket.class).stream() .filter(t -> t.getServer().getName().startsWith(server2Protocol)) - .findAny().isPresent(), "No service ticket for " + server2Protocol + " found"); + .findAny().isPresent(), + "No service ticket for " + server2Protocol + " found"); } @Test @@ -184,7 +190,8 @@ public Void run() throws Exception { ugi.fixKerberosTicketOrder(); // verify that after fixing, the tgt ticket should be removed - assertFalse(subject.getPrivateCredentials().stream() + assertFalse( + subject.getPrivateCredentials().stream() .filter(c -> c instanceof KerberosTicket) .map(c -> ((KerberosTicket) c).getServer().getName()).findFirst() .isPresent(), "The first ticket is not tgt"); @@ -222,7 +229,8 @@ public Void run() throws Exception { } }); - assertTrue(subject.getPrivateCredentials(KerberosTicket.class).stream() + assertTrue( + subject.getPrivateCredentials(KerberosTicket.class).stream() .filter(t -> t.getServer().getName().startsWith(server2Protocol)) .findAny().isPresent(), "No service ticket for " + server2Protocol + " found");