From 556812c179aa094c21acf610439a8d69fe6420ab Mon Sep 17 00:00:00 2001
From: Ray Chiang <rchiang@apache.org>
Date: Tue, 12 Sep 2017 10:19:34 -0700
Subject: [PATCH] HADOOP-14799. Update nimbus-jose-jwt to 4.41.1. (rchiang)

---
 .../JWTRedirectAuthenticationHandler.java     |  4 ++-
 ...TestJWTRedirectAuthenticationHandler.java} | 29 ++++++++-----------
 .../mapreduce/task/reduce/TestFetcher.java    |  4 ---
 hadoop-project/pom.xml                        |  2 +-
 4 files changed, 16 insertions(+), 23 deletions(-)
 rename hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/{TestJWTRedirectAuthentictionHandler.java => TestJWTRedirectAuthenticationHandler.java} (95%)

diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java
index 61f5b9e894..884398cb79 100644
--- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java
+++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/JWTRedirectAuthenticationHandler.java
@@ -28,6 +28,7 @@
 
 import java.security.interfaces.RSAPublicKey;
 
+import com.google.common.annotations.VisibleForTesting;
 import org.apache.hadoop.security.authentication.client.AuthenticationException;
 import org.apache.hadoop.security.authentication.util.CertificateUtil;
 import org.slf4j.Logger;
@@ -216,7 +217,8 @@ protected String getJWTFromCookie(HttpServletRequest req) {
    * @param request for getting the original request URL
    * @return url to use as login url for redirect
    */
-  protected String constructLoginURL(HttpServletRequest request) {
+  @VisibleForTesting
+  String constructLoginURL(HttpServletRequest request) {
     String delimiter = "?";
     if (authenticationProviderUrl.contains("?")) {
       delimiter = "&";
diff --git a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java
similarity index 95%
rename from hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java
rename to hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java
index 97a8a9d2c5..5a2db9ba6f 100644
--- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthentictionHandler.java
+++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestJWTRedirectAuthenticationHandler.java
@@ -47,7 +47,7 @@
 import com.nimbusds.jwt.SignedJWT;
 import com.nimbusds.jose.crypto.RSASSASigner;
 
-public class TestJWTRedirectAuthentictionHandler extends
+public class TestJWTRedirectAuthenticationHandler extends
     KerberosSecurityTestcase {
   private static final String SERVICE_URL = "https://localhost:8888/resource";
   private static final String REDIRECT_LOCATION =
@@ -392,7 +392,7 @@ public void testOrigURLWithQueryString() throws Exception {
         new StringBuffer(SERVICE_URL));
     Mockito.when(request.getQueryString()).thenReturn("name=value");
 
-    String loginURL = ((TestJWTRedirectAuthenticationHandler)handler).testConstructLoginURL(request);
+    String loginURL = handler.constructLoginURL(request);
     Assert.assertNotNull("loginURL should not be null.", loginURL);
     Assert.assertEquals("https://localhost:8443/authserver?originalUrl=" + SERVICE_URL + "?name=value", loginURL);
   }
@@ -409,7 +409,7 @@ public void testOrigURLNoQueryString() throws Exception {
         new StringBuffer(SERVICE_URL));
     Mockito.when(request.getQueryString()).thenReturn(null);
 
-    String loginURL = ((TestJWTRedirectAuthenticationHandler)handler).testConstructLoginURL(request);
+    String loginURL = handler.constructLoginURL(request);
     Assert.assertNotNull("LoginURL should not be null.", loginURL);
     Assert.assertEquals("https://localhost:8443/authserver?originalUrl=" + SERVICE_URL, loginURL);
   }
@@ -425,7 +425,7 @@ public void setup() throws Exception, NoSuchAlgorithmException {
     publicKey = (RSAPublicKey) kp.getPublic();
     privateKey = (RSAPrivateKey) kp.getPrivate();
 
-    handler = new TestJWTRedirectAuthenticationHandler();
+    handler = new JWTRedirectAuthenticationHandler();
   }
 
   protected void setupKerberosRequirements() throws Exception {
@@ -453,15 +453,16 @@ protected Properties getProperties() {
 
   protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey)
       throws Exception {
-    JWTClaimsSet claimsSet = new JWTClaimsSet();
-    claimsSet.setSubject(sub);
-    claimsSet.setIssueTime(new Date(new Date().getTime()));
-    claimsSet.setIssuer("https://c2id.com");
-    claimsSet.setCustomClaim("scope", "openid");
-    claimsSet.setExpirationTime(expires);
+    JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
+        .subject(sub)
+        .issueTime(new Date(new Date().getTime()))
+        .issuer("https://c2id.com")
+        .claim("scope", "openid")
+        .audience("bar")
+        .expirationTime(expires)
+        .build();
     List<String> aud = new ArrayList<String>();
     aud.add("bar");
-    claimsSet.setAudience("bar");
 
     JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).build();
 
@@ -472,10 +473,4 @@ protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey)
 
     return signedJWT;
   }
-
-  class TestJWTRedirectAuthenticationHandler extends JWTRedirectAuthenticationHandler {
-    public String testConstructLoginURL(HttpServletRequest req) {
-      return constructLoginURL(req);
-    }
-  };
 }
diff --git a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/test/java/org/apache/hadoop/mapreduce/task/reduce/TestFetcher.java b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/test/java/org/apache/hadoop/mapreduce/task/reduce/TestFetcher.java
index 01e51e9d07..8f9434d3d5 100644
--- a/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/test/java/org/apache/hadoop/mapreduce/task/reduce/TestFetcher.java
+++ b/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/test/java/org/apache/hadoop/mapreduce/task/reduce/TestFetcher.java
@@ -25,9 +25,7 @@
 import org.apache.hadoop.fs.ChecksumException;
 import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.fs.Path;
-import org.apache.hadoop.mapred.MapOutputFile;
 import org.apache.hadoop.mapreduce.MRJobConfig;
-import org.apache.hadoop.mapreduce.TaskID;
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
@@ -66,8 +64,6 @@
 import org.mockito.invocation.InvocationOnMock;
 import org.mockito.stubbing.Answer;
 
-import com.nimbusds.jose.util.StringUtils;
-
 /**
  * Test that the Fetcher does what we expect it to.
  */
diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
index 24c779c980..ee08754839 100755
--- a/hadoop-project/pom.xml
+++ b/hadoop-project/pom.xml
@@ -1200,7 +1200,7 @@
       <dependency>
           <groupId>com.nimbusds</groupId>
           <artifactId>nimbus-jose-jwt</artifactId>
-          <version>3.9</version>
+          <version>4.41.1</version>
           <scope>compile</scope>
           <exclusions>
           <exclusion>