HADOOP-6176. Add a couple package private methods to AccessTokenHandler for testing. Contributed by Kan Zhang

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@802224 13f79535-47bb-0310-9956-ffa450edef68
2009-08-07 21:40:01 +00:00 · 2009-08-07 21:40:01 +00:00 · 5fe6906f2a
commit 5fe6906f2a
parent 09d826ebed
3 changed files with 68 additions and 4 deletions
--- a/CHANGES.txt
+++ b/CHANGES.txt
@ -489,6 +489,9 @@ Trunk (unreleased changes)
    (gkesavan)
    
    HADOOP-6169. Removing deprecated method calls in TFile. (hong tang via mahadev)
+
+    HADOOP-6176. Add a couple package private methods to AccessTokenHandler
+    for testing.  (Kan Zhang via szetszwo)
 
  OPTIMIZATIONS

--- a/src/java/org/apache/hadoop/security/AccessTokenHandler.java
+++ b/src/java/org/apache/hadoop/security/AccessTokenHandler.java
@ -60,7 +60,7 @@ public class AccessTokenHandler {
   * sync'ed their access keys with NN at least once during each interval.
   */
  private final long keyUpdateInterval;
-  private final long tokenLifetime;
+  private long tokenLifetime;
  private long serialNo = new SecureRandom().nextLong();
  private KeyGenerator keyGen;
  private AccessKey currentKey;
@ -203,7 +203,7 @@ public synchronized void updateKeys() throws IOException {
  }

  /** Check if token is well formed */
-  private synchronized Boolean verifyToken(long keyID, AccessToken token)
+  private synchronized boolean verifyToken(long keyID, AccessToken token)
      throws IOException {
    AccessKey key = allKeys.get(keyID);
    if (key == null) {
@ -252,7 +252,7 @@ public synchronized AccessToken generateToken(String userID, long blockID,
  }

  /** Check if access should be allowed. userID is not checked if null */
-  public Boolean checkAccess(AccessToken token, String userID, long blockID,
+  public boolean checkAccess(AccessToken token, String userID, long blockID,
      AccessMode mode) throws IOException {
    long oExpiry = 0;
    long oKeyID = 0;
@ -282,8 +282,26 @@ public Boolean checkAccess(AccessToken token, String userID, long blockID,
          + blockID + ", access mode=" + mode + ", keyID=" + oKeyID);
    }
    return (userID == null || userID.equals(oUserID)) && oBlockID == blockID
-        && System.currentTimeMillis() < oExpiry && oModes.contains(mode)
+        && !isExpired(oExpiry) && oModes.contains(mode)
        && verifyToken(oKeyID, token);
  }

+  private static boolean isExpired(long expiryDate) {
+    return System.currentTimeMillis() > expiryDate;
+  }
+
+  /** check if a token is expired. for unit test only.
+   *  return true when token is expired, false otherwise */
+  static boolean isTokenExpired(AccessToken token) throws IOException {
+    ByteArrayInputStream buf = new ByteArrayInputStream(token.getTokenID()
+        .getBytes());
+    DataInputStream in = new DataInputStream(buf);
+    long expiryDate = WritableUtils.readVLong(in);
+    return isExpired(expiryDate);
+  }
+
+  /** set token lifetime. for unit test only */
+  synchronized void setTokenLifetime(long tokenLifetime) {
+    this.tokenLifetime = tokenLifetime;
+  }
 }
--- a/src/test/core/org/apache/hadoop/security/SecurityTestUtil.java
+++ b/src/test/core/org/apache/hadoop/security/SecurityTestUtil.java
@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.security;
+
+import java.io.IOException;
+
+/** Utilities for security tests */
+public class SecurityTestUtil {
+
+  /**
+   * check if an access token is expired. return true when token is expired,
+   * false otherwise
+   */
+  public static boolean isAccessTokenExpired(AccessToken token)
+      throws IOException {
+    return AccessTokenHandler.isTokenExpired(token);
+  }
+
+  /**
+   * set access token lifetime.
+   */
+  public static void setAccessTokenLifetime(AccessTokenHandler handler,
+      long tokenLifetime) {
+    handler.setTokenLifetime(tokenLifetime);
+  }
+
+}