HADOOP-11311. Restrict uppercase key names from being created with JCEKS.
This commit is contained in:
parent
351c5561c2
commit
48d62fad80
@ -444,6 +444,9 @@ Release 2.7.0 - UNRELEASED
|
|||||||
HADOOP-11157. ZKDelegationTokenSecretManager never shuts down
|
HADOOP-11157. ZKDelegationTokenSecretManager never shuts down
|
||||||
listenerThreadPool. (Arun Suresh via atm)
|
listenerThreadPool. (Arun Suresh via atm)
|
||||||
|
|
||||||
|
HADOOP-11311. Restrict uppercase key names from being created with JCEKS.
|
||||||
|
(wang)
|
||||||
|
|
||||||
Release 2.6.0 - 2014-11-18
|
Release 2.6.0 - 2014-11-18
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
@ -18,6 +18,7 @@
|
|||||||
|
|
||||||
package org.apache.hadoop.crypto.key;
|
package org.apache.hadoop.crypto.key;
|
||||||
|
|
||||||
|
import com.google.common.base.Preconditions;
|
||||||
import org.apache.commons.io.IOUtils;
|
import org.apache.commons.io.IOUtils;
|
||||||
import org.apache.hadoop.classification.InterfaceAudience;
|
import org.apache.hadoop.classification.InterfaceAudience;
|
||||||
import org.apache.hadoop.classification.InterfaceAudience.Private;
|
import org.apache.hadoop.classification.InterfaceAudience.Private;
|
||||||
@ -423,6 +424,8 @@ public Metadata getMetadata(String name) throws IOException {
|
|||||||
@Override
|
@Override
|
||||||
public KeyVersion createKey(String name, byte[] material,
|
public KeyVersion createKey(String name, byte[] material,
|
||||||
Options options) throws IOException {
|
Options options) throws IOException {
|
||||||
|
Preconditions.checkArgument(name.equals(name.toLowerCase()),
|
||||||
|
"Uppercase key names are unsupported: %s", name);
|
||||||
writeLock.lock();
|
writeLock.lock();
|
||||||
try {
|
try {
|
||||||
try {
|
try {
|
||||||
|
@ -33,6 +33,7 @@
|
|||||||
import org.apache.hadoop.security.Credentials;
|
import org.apache.hadoop.security.Credentials;
|
||||||
import org.apache.hadoop.security.ProviderUtils;
|
import org.apache.hadoop.security.ProviderUtils;
|
||||||
import org.apache.hadoop.security.UserGroupInformation;
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
|
import org.apache.hadoop.test.GenericTestUtils;
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
@ -328,6 +329,16 @@ public void testJksProvider() throws Exception {
|
|||||||
// check permission retention after explicit change
|
// check permission retention after explicit change
|
||||||
fs.setPermission(path, new FsPermission("777"));
|
fs.setPermission(path, new FsPermission("777"));
|
||||||
checkPermissionRetention(conf, ourUrl, path);
|
checkPermissionRetention(conf, ourUrl, path);
|
||||||
|
|
||||||
|
// Check that an uppercase keyname results in an error
|
||||||
|
provider = KeyProviderFactory.getProviders(conf).get(0);
|
||||||
|
try {
|
||||||
|
provider.createKey("UPPERCASE", KeyProvider.options(conf));
|
||||||
|
Assert.fail("Expected failure on creating key name with uppercase " +
|
||||||
|
"characters");
|
||||||
|
} catch (IllegalArgumentException e) {
|
||||||
|
GenericTestUtils.assertExceptionContains("Uppercase key names", e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void verifyAfterReload(File file, KeyProvider provider)
|
private void verifyAfterReload(File file, KeyProvider provider)
|
||||||
|
Loading…
Reference in New Issue
Block a user