HADOOP-14001. Improve delegation token validity checking.

This commit is contained in:
Akira Ajisaka 2017-01-19 17:56:39 +09:00
parent 78ae2aed8f
commit 1763467210

View File

@ -21,7 +21,7 @@
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.util.Arrays;
import java.security.MessageDigest;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
@ -467,7 +467,7 @@ public synchronized String getTokenTrackingId(TokenIdent identifier) {
public synchronized void verifyToken(TokenIdent identifier, byte[] password)
throws InvalidToken {
byte[] storedPassword = retrievePassword(identifier);
if (!Arrays.equals(password, storedPassword)) {
if (!MessageDigest.isEqual(password, storedPassword)) {
throw new InvalidToken("token " + formatTokenId(identifier)
+ " is invalid, password doesn't match");
}
@ -516,7 +516,7 @@ public synchronized long renewToken(Token<TokenIdent> token,
+ id.getSequenceNumber());
}
byte[] password = createPassword(token.getIdentifier(), key.getKey());
if (!Arrays.equals(password, token.getPassword())) {
if (!MessageDigest.isEqual(password, token.getPassword())) {
throw new AccessControlException(renewer
+ " is trying to renew a token "
+ formatTokenId(id) + " with wrong password");