HDDS-945. Fix generics warnings in delegation token.

Contributed by Ajay Kumar.
This commit is contained in:
Anu Engineer 2019-01-04 15:09:48 -08:00 committed by Xiaoyu Yao
parent a5d0fcf704
commit 8978466fca
5 changed files with 55 additions and 47 deletions

View File

@ -47,12 +47,12 @@
*/
@InterfaceAudience.Private
@InterfaceStability.Unstable
public class OzoneDelegationTokenSecretManager<T extends OzoneTokenIdentifier>
extends OzoneSecretManager<T> {
public class OzoneDelegationTokenSecretManager
extends OzoneSecretManager<OzoneTokenIdentifier> {
private static final Logger LOG = LoggerFactory
.getLogger(OzoneDelegationTokenSecretManager.class);
private final Map<T, TokenInfo> currentTokens;
private final Map<OzoneTokenIdentifier, TokenInfo> currentTokens;
private final OzoneSecretStore store;
private Thread tokenRemoverThread;
private final long tokenRemoverScanInterval;
@ -85,8 +85,8 @@ public OzoneDelegationTokenSecretManager(OzoneConfiguration conf,
}
@Override
public T createIdentifier() {
return (T) T.newInstance();
public OzoneTokenIdentifier createIdentifier() {
return OzoneTokenIdentifier.newInstance();
}
/**
@ -94,8 +94,9 @@ public T createIdentifier() {
*
* @return T
*/
public T createIdentifier(Text owner, Text renewer, Text realUser) {
return (T) T.newInstance(owner, renewer, realUser);
public OzoneTokenIdentifier createIdentifier(Text owner, Text renewer,
Text realUser) {
return OzoneTokenIdentifier.newInstance(owner, renewer, realUser);
}
/**
@ -106,17 +107,20 @@ public T createIdentifier(Text owner, Text renewer, Text realUser) {
* @param realUser
* @return Token
* @throws IOException to allow future exceptions to be added without breaking
* compatibility
* compatibility
*/
public Token<T> createToken(Text owner, Text renewer, Text realUser)
public Token<OzoneTokenIdentifier> createToken(Text owner, Text renewer,
Text realUser)
throws IOException {
T identifier = createIdentifier(owner, renewer, realUser);
OzoneTokenIdentifier identifier = createIdentifier(owner, renewer,
realUser);
updateIdentifierDetails(identifier);
byte[] password = createPassword(identifier.getBytes(),
getCurrentKey().getPrivateKey());
addToTokenStore(identifier, password);
Token<T> token = new Token<>(identifier.getBytes(), password,
Token<OzoneTokenIdentifier> token = new Token<>(identifier.getBytes(),
password,
identifier.getKind(), getService());
if (LOG.isTraceEnabled()) {
long expiryTime = identifier.getIssueDate() + getTokenRenewInterval();
@ -134,7 +138,7 @@ public Token<T> createToken(Text owner, Text renewer, Text realUser)
* @param password
* @throws IOException
*/
private void addToTokenStore(T identifier, byte[] password)
private void addToTokenStore(OzoneTokenIdentifier identifier, byte[] password)
throws IOException {
TokenInfo tokenInfo = new TokenInfo(identifier.getIssueDate()
+ getTokenRenewInterval(), password, identifier.getTrackingId());
@ -147,7 +151,7 @@ private void addToTokenStore(T identifier, byte[] password)
*
* @param identifier the identifier to validate
*/
private void updateIdentifierDetails(T identifier) {
private void updateIdentifierDetails(OzoneTokenIdentifier identifier) {
int sequenceNum;
long now = Time.monotonicNow();
sequenceNum = incrementDelegationTokenSeqNum();
@ -163,16 +167,17 @@ private void updateIdentifierDetails(T identifier) {
* @param token the token to renew
* @param renewer the full principal name of the user doing the renewal
* @return the new expiration time
* @throws InvalidToken if the token is invalid
* @throws InvalidToken if the token is invalid
* @throws AccessControlException if the user can't renew token
*/
@Override
public synchronized long renewToken(Token<T> token, String renewer)
public synchronized long renewToken(Token<OzoneTokenIdentifier> token,
String renewer)
throws IOException {
ByteArrayInputStream buf = new ByteArrayInputStream(token.getIdentifier());
DataInputStream in = new DataInputStream(buf);
T id = (T) T.readProtoBuf(in);
if(LOG.isDebugEnabled()) {
OzoneTokenIdentifier id = OzoneTokenIdentifier.readProtoBuf(in);
if (LOG.isDebugEnabled()) {
LOG.debug("Token renewal for identifier: {}, total currentTokens: {}",
formatTokenId(id), currentTokens.size());
}
@ -219,11 +224,13 @@ public synchronized long renewToken(Token<T> token, String renewer)
* Cancel a token by removing it from store and cache.
*
* @return Identifier of the canceled token
* @throws InvalidToken for invalid token
* @throws InvalidToken for invalid token
* @throws AccessControlException if the user isn't allowed to cancel
*/
public T cancelToken(Token<T> token, String canceller) throws IOException {
T id = (T) T.readProtoBuf(token.getIdentifier());
public OzoneTokenIdentifier cancelToken(Token<OzoneTokenIdentifier> token,
String canceller) throws IOException {
OzoneTokenIdentifier id = OzoneTokenIdentifier.readProtoBuf(
token.getIdentifier());
LOG.debug("Token cancellation requested for identifier: {}",
formatTokenId(id));
@ -254,7 +261,8 @@ public T cancelToken(Token<T> token, String canceller) throws IOException {
}
@Override
public byte[] retrievePassword(T identifier) throws InvalidToken {
public byte[] retrievePassword(OzoneTokenIdentifier identifier)
throws InvalidToken {
return validateToken(identifier).getPassword();
}
@ -262,7 +270,8 @@ public byte[] retrievePassword(T identifier) throws InvalidToken {
* Checks if TokenInfo for the given identifier exists in database and if the
* token is expired.
*/
public TokenInfo validateToken(T identifier) throws InvalidToken {
public TokenInfo validateToken(OzoneTokenIdentifier identifier)
throws InvalidToken {
TokenInfo info = currentTokens.get(identifier);
if (info == null) {
throw new InvalidToken("token " + formatTokenId(identifier)
@ -275,7 +284,7 @@ public TokenInfo validateToken(T identifier) throws InvalidToken {
" expected renewal time: " + Time.formatTime(info.getRenewDate()));
}
if (!verifySignature(identifier, info.getPassword())) {
throw new InvalidToken("Tampared/Inavalid token.");
throw new InvalidToken("Tampered/Invalid token.");
}
return info;
}
@ -300,20 +309,21 @@ private synchronized void removeExpiredKeys() {
}
}
private void loadTokenSecretState(OzoneManagerSecretState<T> state)
throws IOException {
private void loadTokenSecretState(
OzoneManagerSecretState<OzoneTokenIdentifier> state) throws IOException {
LOG.info("Loading token state into token manager.");
for (OzoneSecretKey key : state.ozoneManagerSecretState()) {
allKeys.putIfAbsent(key.getKeyId(), key);
incrementCurrentKeyId();
}
for (Map.Entry<T, Long> entry : state.getTokenState().entrySet()) {
for (Map.Entry<OzoneTokenIdentifier, Long> entry :
state.getTokenState().entrySet()) {
addPersistedDelegationToken(entry.getKey(), entry.getValue());
}
}
private void addPersistedDelegationToken(
T identifier, long renewDate)
OzoneTokenIdentifier identifier, long renewDate)
throws IOException {
if (isRunning()) {
// a safety check
@ -397,13 +407,13 @@ public void stop() throws IOException {
/**
* Remove expired delegation tokens from cache and persisted store.
*/
private void removeExpiredToken() {
private void removeExpiredToken() {
long now = Time.monotonicNow();
synchronized (this) {
Iterator<Map.Entry<T,
Iterator<Map.Entry<OzoneTokenIdentifier,
TokenInfo>> i = currentTokens.entrySet().iterator();
while (i.hasNext()) {
Map.Entry<T,
Map.Entry<OzoneTokenIdentifier,
TokenInfo> entry = i.next();
long renewDate = entry.getValue().getRenewDate();
if (renewDate < now) {
@ -411,7 +421,7 @@ private void removeExpiredToken() {
try {
store.removeToken(entry.getKey());
} catch (IOException e) {
if(LOG.isDebugEnabled()) {
if (LOG.isDebugEnabled()) {
LOG.debug("Failed to remove expired token {}", entry.getValue());
}
}
@ -421,6 +431,7 @@ private void removeExpiredToken() {
}
private class ExpiredTokenRemover extends Thread {
private long lastTokenCacheCleanup;
@Override

View File

@ -46,8 +46,7 @@
/**
* SecretStore for Ozone Master.
*/
public class OzoneSecretStore<T extends OzoneTokenIdentifier>
implements Closeable {
public class OzoneSecretStore implements Closeable {
private static final Logger LOG = LoggerFactory
.getLogger(OzoneSecretStore.class);
@ -142,7 +141,7 @@ public void removeTokenMasterKey(OzoneSecretKey key)
}
}
public void storeToken(T tokenId, Long renewDate)
public void storeToken(OzoneTokenIdentifier tokenId, Long renewDate)
throws IOException {
if (LOG.isDebugEnabled()) {
LOG.debug("Storing token " + tokenId.getSequenceNumber());
@ -168,12 +167,12 @@ public void storeToken(T tokenId, Long renewDate)
}
}
public void updateToken(T tokenId, Long renewDate)
public void updateToken(OzoneTokenIdentifier tokenId, Long renewDate)
throws IOException {
storeToken(tokenId, renewDate);
}
public void removeToken(T tokenId)
public void removeToken(OzoneTokenIdentifier tokenId)
throws IOException {
byte[] dbKey = getTokenDBKey(tokenId);
try {
@ -228,7 +227,7 @@ private void loadToken(OzoneManagerSecretState state, byte[] data)
throws IOException {
long renewDate;
DataInputStream in = new DataInputStream(new ByteArrayInputStream(data));
T tokenId = (T) T.readProtoBuf(in);
OzoneTokenIdentifier tokenId = OzoneTokenIdentifier.readProtoBuf(in);
try {
tokenId.readFields(in);
renewDate = in.readLong();
@ -243,7 +242,7 @@ private byte[] getMasterKeyDBKey(OzoneSecretKey masterKey) {
TOKEN_MASTER_KEY_KEY_PREFIX + masterKey.getKeyId());
}
private byte[] getTokenDBKey(T tokenId) {
private byte[] getTokenDBKey(OzoneTokenIdentifier tokenId) {
return DFSUtil.string2Bytes(
TOKEN_STATE_KEY_PREFIX + tokenId.getSequenceNumber());
}

View File

@ -44,8 +44,7 @@
*/
public class TestOzoneDelegationTokenSecretManager {
private OzoneDelegationTokenSecretManager<OzoneTokenIdentifier>
secretManager;
private OzoneDelegationTokenSecretManager secretManager;
private SecurityConfig securityConfig;
private KeyPair keyPair;
private long expiryTime;
@ -209,10 +208,10 @@ private void validateHash(byte[] hash, byte[] identifier) throws Exception {
/**
* Create instance of {@link OzoneDelegationTokenSecretManager}.
*/
private OzoneDelegationTokenSecretManager<OzoneTokenIdentifier>
private OzoneDelegationTokenSecretManager
createSecretManager(OzoneConfiguration config, long tokenMaxLife,
long expiry, long tokenRemoverScanTime) throws IOException {
return new OzoneDelegationTokenSecretManager<>(config, tokenMaxLife,
return new OzoneDelegationTokenSecretManager(config, tokenMaxLife,
expiry, tokenRemoverScanTime, serviceRpcAdd);
}
}

View File

@ -55,7 +55,7 @@ public static void init() throws Exception {
public static void shutdown() throws IOException {
shutdownCluster();
}
@Test
public void testGetS3Secret() throws IOException {
//Creates a secret since it does not exist

View File

@ -183,8 +183,7 @@ public final class OzoneManager extends ServiceRuntimeInfoImpl
+ StartupOption.HELP.getName() + " ]\n";
private static final String OM_DAEMON = "om";
private static boolean securityEnabled = false;
private static OzoneDelegationTokenSecretManager<OzoneTokenIdentifier>
delegationTokenMgr;
private static OzoneDelegationTokenSecretManager delegationTokenMgr;
private OzoneBlockTokenSecretManager blockTokenMgr;
private KeyPair keyPair;
private CertificateClient certClient;
@ -397,8 +396,8 @@ private OzoneDelegationTokenSecretManager createDelegationTokenSecretManager(
conf.getTimeDuration(OMConfigKeys.DELEGATION_TOKEN_RENEW_INTERVAL_KEY,
OMConfigKeys.DELEGATION_TOKEN_RENEW_INTERVAL_DEFAULT,
TimeUnit.MILLISECONDS);
Text omRpcAddressTxt = new Text(OmUtils.getOmRpcAddress(configuration));
return new OzoneDelegationTokenSecretManager<>(conf, tokenMaxLifetime,
return new OzoneDelegationTokenSecretManager(conf, tokenMaxLifetime,
tokenRenewInterval, tokenRemoverScanInterval, omRpcAddressTxt);
}