HADOOP-14001. Improve delegation token validity checking.
This commit is contained in:
parent
78ae2aed8f
commit
1763467210
@ -21,7 +21,7 @@
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.DataInputStream;
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
import java.security.MessageDigest;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
@ -467,7 +467,7 @@ public synchronized String getTokenTrackingId(TokenIdent identifier) {
|
||||
public synchronized void verifyToken(TokenIdent identifier, byte[] password)
|
||||
throws InvalidToken {
|
||||
byte[] storedPassword = retrievePassword(identifier);
|
||||
if (!Arrays.equals(password, storedPassword)) {
|
||||
if (!MessageDigest.isEqual(password, storedPassword)) {
|
||||
throw new InvalidToken("token " + formatTokenId(identifier)
|
||||
+ " is invalid, password doesn't match");
|
||||
}
|
||||
@ -516,7 +516,7 @@ public synchronized long renewToken(Token<TokenIdent> token,
|
||||
+ id.getSequenceNumber());
|
||||
}
|
||||
byte[] password = createPassword(token.getIdentifier(), key.getKey());
|
||||
if (!Arrays.equals(password, token.getPassword())) {
|
||||
if (!MessageDigest.isEqual(password, token.getPassword())) {
|
||||
throw new AccessControlException(renewer
|
||||
+ " is trying to renew a token "
|
||||
+ formatTokenId(id) + " with wrong password");
|
||||
|
Loading…
Reference in New Issue
Block a user