HDDS-945. Fix generics warnings in delegation token.
Contributed by Ajay Kumar.
This commit is contained in:
parent
a5d0fcf704
commit
8978466fca
@ -47,12 +47,12 @@
|
|||||||
*/
|
*/
|
||||||
@InterfaceAudience.Private
|
@InterfaceAudience.Private
|
||||||
@InterfaceStability.Unstable
|
@InterfaceStability.Unstable
|
||||||
public class OzoneDelegationTokenSecretManager<T extends OzoneTokenIdentifier>
|
public class OzoneDelegationTokenSecretManager
|
||||||
extends OzoneSecretManager<T> {
|
extends OzoneSecretManager<OzoneTokenIdentifier> {
|
||||||
|
|
||||||
private static final Logger LOG = LoggerFactory
|
private static final Logger LOG = LoggerFactory
|
||||||
.getLogger(OzoneDelegationTokenSecretManager.class);
|
.getLogger(OzoneDelegationTokenSecretManager.class);
|
||||||
private final Map<T, TokenInfo> currentTokens;
|
private final Map<OzoneTokenIdentifier, TokenInfo> currentTokens;
|
||||||
private final OzoneSecretStore store;
|
private final OzoneSecretStore store;
|
||||||
private Thread tokenRemoverThread;
|
private Thread tokenRemoverThread;
|
||||||
private final long tokenRemoverScanInterval;
|
private final long tokenRemoverScanInterval;
|
||||||
@ -85,8 +85,8 @@ public OzoneDelegationTokenSecretManager(OzoneConfiguration conf,
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public T createIdentifier() {
|
public OzoneTokenIdentifier createIdentifier() {
|
||||||
return (T) T.newInstance();
|
return OzoneTokenIdentifier.newInstance();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -94,8 +94,9 @@ public T createIdentifier() {
|
|||||||
*
|
*
|
||||||
* @return T
|
* @return T
|
||||||
*/
|
*/
|
||||||
public T createIdentifier(Text owner, Text renewer, Text realUser) {
|
public OzoneTokenIdentifier createIdentifier(Text owner, Text renewer,
|
||||||
return (T) T.newInstance(owner, renewer, realUser);
|
Text realUser) {
|
||||||
|
return OzoneTokenIdentifier.newInstance(owner, renewer, realUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -108,15 +109,18 @@ public T createIdentifier(Text owner, Text renewer, Text realUser) {
|
|||||||
* @throws IOException to allow future exceptions to be added without breaking
|
* @throws IOException to allow future exceptions to be added without breaking
|
||||||
* compatibility
|
* compatibility
|
||||||
*/
|
*/
|
||||||
public Token<T> createToken(Text owner, Text renewer, Text realUser)
|
public Token<OzoneTokenIdentifier> createToken(Text owner, Text renewer,
|
||||||
|
Text realUser)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
T identifier = createIdentifier(owner, renewer, realUser);
|
OzoneTokenIdentifier identifier = createIdentifier(owner, renewer,
|
||||||
|
realUser);
|
||||||
updateIdentifierDetails(identifier);
|
updateIdentifierDetails(identifier);
|
||||||
|
|
||||||
byte[] password = createPassword(identifier.getBytes(),
|
byte[] password = createPassword(identifier.getBytes(),
|
||||||
getCurrentKey().getPrivateKey());
|
getCurrentKey().getPrivateKey());
|
||||||
addToTokenStore(identifier, password);
|
addToTokenStore(identifier, password);
|
||||||
Token<T> token = new Token<>(identifier.getBytes(), password,
|
Token<OzoneTokenIdentifier> token = new Token<>(identifier.getBytes(),
|
||||||
|
password,
|
||||||
identifier.getKind(), getService());
|
identifier.getKind(), getService());
|
||||||
if (LOG.isTraceEnabled()) {
|
if (LOG.isTraceEnabled()) {
|
||||||
long expiryTime = identifier.getIssueDate() + getTokenRenewInterval();
|
long expiryTime = identifier.getIssueDate() + getTokenRenewInterval();
|
||||||
@ -134,7 +138,7 @@ public Token<T> createToken(Text owner, Text renewer, Text realUser)
|
|||||||
* @param password
|
* @param password
|
||||||
* @throws IOException
|
* @throws IOException
|
||||||
*/
|
*/
|
||||||
private void addToTokenStore(T identifier, byte[] password)
|
private void addToTokenStore(OzoneTokenIdentifier identifier, byte[] password)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
TokenInfo tokenInfo = new TokenInfo(identifier.getIssueDate()
|
TokenInfo tokenInfo = new TokenInfo(identifier.getIssueDate()
|
||||||
+ getTokenRenewInterval(), password, identifier.getTrackingId());
|
+ getTokenRenewInterval(), password, identifier.getTrackingId());
|
||||||
@ -147,7 +151,7 @@ private void addToTokenStore(T identifier, byte[] password)
|
|||||||
*
|
*
|
||||||
* @param identifier the identifier to validate
|
* @param identifier the identifier to validate
|
||||||
*/
|
*/
|
||||||
private void updateIdentifierDetails(T identifier) {
|
private void updateIdentifierDetails(OzoneTokenIdentifier identifier) {
|
||||||
int sequenceNum;
|
int sequenceNum;
|
||||||
long now = Time.monotonicNow();
|
long now = Time.monotonicNow();
|
||||||
sequenceNum = incrementDelegationTokenSeqNum();
|
sequenceNum = incrementDelegationTokenSeqNum();
|
||||||
@ -167,11 +171,12 @@ private void updateIdentifierDetails(T identifier) {
|
|||||||
* @throws AccessControlException if the user can't renew token
|
* @throws AccessControlException if the user can't renew token
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public synchronized long renewToken(Token<T> token, String renewer)
|
public synchronized long renewToken(Token<OzoneTokenIdentifier> token,
|
||||||
|
String renewer)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier());
|
ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier());
|
||||||
DataInputStream in = new DataInputStream(buf);
|
DataInputStream in = new DataInputStream(buf);
|
||||||
T id = (T) T.readProtoBuf(in);
|
OzoneTokenIdentifier id = OzoneTokenIdentifier.readProtoBuf(in);
|
||||||
if (LOG.isDebugEnabled()) {
|
if (LOG.isDebugEnabled()) {
|
||||||
LOG.debug("Token renewal for identifier: {}, total currentTokens: {}",
|
LOG.debug("Token renewal for identifier: {}, total currentTokens: {}",
|
||||||
formatTokenId(id), currentTokens.size());
|
formatTokenId(id), currentTokens.size());
|
||||||
@ -222,8 +227,10 @@ public synchronized long renewToken(Token<T> token, String renewer)
|
|||||||
* @throws InvalidToken for invalid token
|
* @throws InvalidToken for invalid token
|
||||||
* @throws AccessControlException if the user isn't allowed to cancel
|
* @throws AccessControlException if the user isn't allowed to cancel
|
||||||
*/
|
*/
|
||||||
public T cancelToken(Token<T> token, String canceller) throws IOException {
|
public OzoneTokenIdentifier cancelToken(Token<OzoneTokenIdentifier> token,
|
||||||
T id = (T) T.readProtoBuf(token.getIdentifier());
|
String canceller) throws IOException {
|
||||||
|
OzoneTokenIdentifier id = OzoneTokenIdentifier.readProtoBuf(
|
||||||
|
token.getIdentifier());
|
||||||
LOG.debug("Token cancellation requested for identifier: {}",
|
LOG.debug("Token cancellation requested for identifier: {}",
|
||||||
formatTokenId(id));
|
formatTokenId(id));
|
||||||
|
|
||||||
@ -254,7 +261,8 @@ public T cancelToken(Token<T> token, String canceller) throws IOException {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public byte[] retrievePassword(T identifier) throws InvalidToken {
|
public byte[] retrievePassword(OzoneTokenIdentifier identifier)
|
||||||
|
throws InvalidToken {
|
||||||
return validateToken(identifier).getPassword();
|
return validateToken(identifier).getPassword();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -262,7 +270,8 @@ public byte[] retrievePassword(T identifier) throws InvalidToken {
|
|||||||
* Checks if TokenInfo for the given identifier exists in database and if the
|
* Checks if TokenInfo for the given identifier exists in database and if the
|
||||||
* token is expired.
|
* token is expired.
|
||||||
*/
|
*/
|
||||||
public TokenInfo validateToken(T identifier) throws InvalidToken {
|
public TokenInfo validateToken(OzoneTokenIdentifier identifier)
|
||||||
|
throws InvalidToken {
|
||||||
TokenInfo info = currentTokens.get(identifier);
|
TokenInfo info = currentTokens.get(identifier);
|
||||||
if (info == null) {
|
if (info == null) {
|
||||||
throw new InvalidToken("token " + formatTokenId(identifier)
|
throw new InvalidToken("token " + formatTokenId(identifier)
|
||||||
@ -275,7 +284,7 @@ public TokenInfo validateToken(T identifier) throws InvalidToken {
|
|||||||
" expected renewal time: " + Time.formatTime(info.getRenewDate()));
|
" expected renewal time: " + Time.formatTime(info.getRenewDate()));
|
||||||
}
|
}
|
||||||
if (!verifySignature(identifier, info.getPassword())) {
|
if (!verifySignature(identifier, info.getPassword())) {
|
||||||
throw new InvalidToken("Tampared/Inavalid token.");
|
throw new InvalidToken("Tampered/Invalid token.");
|
||||||
}
|
}
|
||||||
return info;
|
return info;
|
||||||
}
|
}
|
||||||
@ -300,20 +309,21 @@ private synchronized void removeExpiredKeys() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void loadTokenSecretState(OzoneManagerSecretState<T> state)
|
private void loadTokenSecretState(
|
||||||
throws IOException {
|
OzoneManagerSecretState<OzoneTokenIdentifier> state) throws IOException {
|
||||||
LOG.info("Loading token state into token manager.");
|
LOG.info("Loading token state into token manager.");
|
||||||
for (OzoneSecretKey key : state.ozoneManagerSecretState()) {
|
for (OzoneSecretKey key : state.ozoneManagerSecretState()) {
|
||||||
allKeys.putIfAbsent(key.getKeyId(), key);
|
allKeys.putIfAbsent(key.getKeyId(), key);
|
||||||
incrementCurrentKeyId();
|
incrementCurrentKeyId();
|
||||||
}
|
}
|
||||||
for (Map.Entry<T, Long> entry : state.getTokenState().entrySet()) {
|
for (Map.Entry<OzoneTokenIdentifier, Long> entry :
|
||||||
|
state.getTokenState().entrySet()) {
|
||||||
addPersistedDelegationToken(entry.getKey(), entry.getValue());
|
addPersistedDelegationToken(entry.getKey(), entry.getValue());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void addPersistedDelegationToken(
|
private void addPersistedDelegationToken(
|
||||||
T identifier, long renewDate)
|
OzoneTokenIdentifier identifier, long renewDate)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
if (isRunning()) {
|
if (isRunning()) {
|
||||||
// a safety check
|
// a safety check
|
||||||
@ -400,10 +410,10 @@ public void stop() throws IOException {
|
|||||||
private void removeExpiredToken() {
|
private void removeExpiredToken() {
|
||||||
long now = Time.monotonicNow();
|
long now = Time.monotonicNow();
|
||||||
synchronized (this) {
|
synchronized (this) {
|
||||||
Iterator<Map.Entry<T,
|
Iterator<Map.Entry<OzoneTokenIdentifier,
|
||||||
TokenInfo>> i = currentTokens.entrySet().iterator();
|
TokenInfo>> i = currentTokens.entrySet().iterator();
|
||||||
while (i.hasNext()) {
|
while (i.hasNext()) {
|
||||||
Map.Entry<T,
|
Map.Entry<OzoneTokenIdentifier,
|
||||||
TokenInfo> entry = i.next();
|
TokenInfo> entry = i.next();
|
||||||
long renewDate = entry.getValue().getRenewDate();
|
long renewDate = entry.getValue().getRenewDate();
|
||||||
if (renewDate < now) {
|
if (renewDate < now) {
|
||||||
@ -421,6 +431,7 @@ private void removeExpiredToken() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private class ExpiredTokenRemover extends Thread {
|
private class ExpiredTokenRemover extends Thread {
|
||||||
|
|
||||||
private long lastTokenCacheCleanup;
|
private long lastTokenCacheCleanup;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -46,8 +46,7 @@
|
|||||||
/**
|
/**
|
||||||
* SecretStore for Ozone Master.
|
* SecretStore for Ozone Master.
|
||||||
*/
|
*/
|
||||||
public class OzoneSecretStore<T extends OzoneTokenIdentifier>
|
public class OzoneSecretStore implements Closeable {
|
||||||
implements Closeable {
|
|
||||||
|
|
||||||
private static final Logger LOG = LoggerFactory
|
private static final Logger LOG = LoggerFactory
|
||||||
.getLogger(OzoneSecretStore.class);
|
.getLogger(OzoneSecretStore.class);
|
||||||
@ -142,7 +141,7 @@ public void removeTokenMasterKey(OzoneSecretKey key)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void storeToken(T tokenId, Long renewDate)
|
public void storeToken(OzoneTokenIdentifier tokenId, Long renewDate)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
if (LOG.isDebugEnabled()) {
|
if (LOG.isDebugEnabled()) {
|
||||||
LOG.debug("Storing token " + tokenId.getSequenceNumber());
|
LOG.debug("Storing token " + tokenId.getSequenceNumber());
|
||||||
@ -168,12 +167,12 @@ public void storeToken(T tokenId, Long renewDate)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void updateToken(T tokenId, Long renewDate)
|
public void updateToken(OzoneTokenIdentifier tokenId, Long renewDate)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
storeToken(tokenId, renewDate);
|
storeToken(tokenId, renewDate);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void removeToken(T tokenId)
|
public void removeToken(OzoneTokenIdentifier tokenId)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
byte[] dbKey = getTokenDBKey(tokenId);
|
byte[] dbKey = getTokenDBKey(tokenId);
|
||||||
try {
|
try {
|
||||||
@ -228,7 +227,7 @@ private void loadToken(OzoneManagerSecretState state, byte[] data)
|
|||||||
throws IOException {
|
throws IOException {
|
||||||
long renewDate;
|
long renewDate;
|
||||||
DataInputStream in = new DataInputStream(new ByteArrayInputStream(data));
|
DataInputStream in = new DataInputStream(new ByteArrayInputStream(data));
|
||||||
T tokenId = (T) T.readProtoBuf(in);
|
OzoneTokenIdentifier tokenId = OzoneTokenIdentifier.readProtoBuf(in);
|
||||||
try {
|
try {
|
||||||
tokenId.readFields(in);
|
tokenId.readFields(in);
|
||||||
renewDate = in.readLong();
|
renewDate = in.readLong();
|
||||||
@ -243,7 +242,7 @@ private byte[] getMasterKeyDBKey(OzoneSecretKey masterKey) {
|
|||||||
TOKEN_MASTER_KEY_KEY_PREFIX + masterKey.getKeyId());
|
TOKEN_MASTER_KEY_KEY_PREFIX + masterKey.getKeyId());
|
||||||
}
|
}
|
||||||
|
|
||||||
private byte[] getTokenDBKey(T tokenId) {
|
private byte[] getTokenDBKey(OzoneTokenIdentifier tokenId) {
|
||||||
return DFSUtil.string2Bytes(
|
return DFSUtil.string2Bytes(
|
||||||
TOKEN_STATE_KEY_PREFIX + tokenId.getSequenceNumber());
|
TOKEN_STATE_KEY_PREFIX + tokenId.getSequenceNumber());
|
||||||
}
|
}
|
||||||
|
@ -44,8 +44,7 @@
|
|||||||
*/
|
*/
|
||||||
public class TestOzoneDelegationTokenSecretManager {
|
public class TestOzoneDelegationTokenSecretManager {
|
||||||
|
|
||||||
private OzoneDelegationTokenSecretManager<OzoneTokenIdentifier>
|
private OzoneDelegationTokenSecretManager secretManager;
|
||||||
secretManager;
|
|
||||||
private SecurityConfig securityConfig;
|
private SecurityConfig securityConfig;
|
||||||
private KeyPair keyPair;
|
private KeyPair keyPair;
|
||||||
private long expiryTime;
|
private long expiryTime;
|
||||||
@ -209,10 +208,10 @@ private void validateHash(byte[] hash, byte[] identifier) throws Exception {
|
|||||||
/**
|
/**
|
||||||
* Create instance of {@link OzoneDelegationTokenSecretManager}.
|
* Create instance of {@link OzoneDelegationTokenSecretManager}.
|
||||||
*/
|
*/
|
||||||
private OzoneDelegationTokenSecretManager<OzoneTokenIdentifier>
|
private OzoneDelegationTokenSecretManager
|
||||||
createSecretManager(OzoneConfiguration config, long tokenMaxLife,
|
createSecretManager(OzoneConfiguration config, long tokenMaxLife,
|
||||||
long expiry, long tokenRemoverScanTime) throws IOException {
|
long expiry, long tokenRemoverScanTime) throws IOException {
|
||||||
return new OzoneDelegationTokenSecretManager<>(config, tokenMaxLife,
|
return new OzoneDelegationTokenSecretManager(config, tokenMaxLife,
|
||||||
expiry, tokenRemoverScanTime, serviceRpcAdd);
|
expiry, tokenRemoverScanTime, serviceRpcAdd);
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -183,8 +183,7 @@ public final class OzoneManager extends ServiceRuntimeInfoImpl
|
|||||||
+ StartupOption.HELP.getName() + " ]\n";
|
+ StartupOption.HELP.getName() + " ]\n";
|
||||||
private static final String OM_DAEMON = "om";
|
private static final String OM_DAEMON = "om";
|
||||||
private static boolean securityEnabled = false;
|
private static boolean securityEnabled = false;
|
||||||
private static OzoneDelegationTokenSecretManager<OzoneTokenIdentifier>
|
private static OzoneDelegationTokenSecretManager delegationTokenMgr;
|
||||||
delegationTokenMgr;
|
|
||||||
private OzoneBlockTokenSecretManager blockTokenMgr;
|
private OzoneBlockTokenSecretManager blockTokenMgr;
|
||||||
private KeyPair keyPair;
|
private KeyPair keyPair;
|
||||||
private CertificateClient certClient;
|
private CertificateClient certClient;
|
||||||
@ -397,8 +396,8 @@ private OzoneDelegationTokenSecretManager createDelegationTokenSecretManager(
|
|||||||
conf.getTimeDuration(OMConfigKeys.DELEGATION_TOKEN_RENEW_INTERVAL_KEY,
|
conf.getTimeDuration(OMConfigKeys.DELEGATION_TOKEN_RENEW_INTERVAL_KEY,
|
||||||
OMConfigKeys.DELEGATION_TOKEN_RENEW_INTERVAL_DEFAULT,
|
OMConfigKeys.DELEGATION_TOKEN_RENEW_INTERVAL_DEFAULT,
|
||||||
TimeUnit.MILLISECONDS);
|
TimeUnit.MILLISECONDS);
|
||||||
Text omRpcAddressTxt = new Text(OmUtils.getOmRpcAddress(configuration));
|
|
||||||
return new OzoneDelegationTokenSecretManager<>(conf, tokenMaxLifetime,
|
return new OzoneDelegationTokenSecretManager(conf, tokenMaxLifetime,
|
||||||
tokenRenewInterval, tokenRemoverScanInterval, omRpcAddressTxt);
|
tokenRenewInterval, tokenRemoverScanInterval, omRpcAddressTxt);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user