HADOOP-17793. Better token validation (#3189)
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>
(cherry picked from commit ba325a8ada
)
This commit is contained in:
parent
6cc9549499
commit
c18ad9a007
@ -32,7 +32,7 @@
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import java.io.*;
|
||||
import java.util.Arrays;
|
||||
import java.security.MessageDigest;
|
||||
import java.util.Iterator;
|
||||
import java.util.Map;
|
||||
import java.util.ServiceConfigurationError;
|
||||
@ -391,8 +391,8 @@ public boolean equals(Object right) {
|
||||
return false;
|
||||
} else {
|
||||
Token<T> r = (Token<T>) right;
|
||||
return Arrays.equals(identifier, r.identifier) &&
|
||||
Arrays.equals(password, r.password) &&
|
||||
return MessageDigest.isEqual(identifier, r.identifier) &&
|
||||
MessageDigest.isEqual(password, r.password) &&
|
||||
kind.equals(r.kind) &&
|
||||
service.equals(r.service);
|
||||
}
|
||||
|
@ -22,6 +22,7 @@
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.DataInputStream;
|
||||
import java.io.IOException;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.SecureRandom;
|
||||
import java.util.Arrays;
|
||||
import java.util.EnumSet;
|
||||
@ -407,7 +408,7 @@ public void checkAccess(Token<BlockTokenIdentifier> token, String userId,
|
||||
+ ", block=" + block + ", access mode=" + mode);
|
||||
}
|
||||
checkAccess(id, userId, block, mode, storageTypes, storageIds);
|
||||
if (!Arrays.equals(retrievePassword(id), token.getPassword())) {
|
||||
if (!MessageDigest.isEqual(retrievePassword(id), token.getPassword())) {
|
||||
throw new InvalidToken("Block token with " + id
|
||||
+ " doesn't have the correct token password");
|
||||
}
|
||||
@ -427,7 +428,7 @@ public void checkAccess(Token<BlockTokenIdentifier> token, String userId,
|
||||
+ ", block=" + block + ", access mode=" + mode);
|
||||
}
|
||||
checkAccess(id, userId, block, mode);
|
||||
if (!Arrays.equals(retrievePassword(id), token.getPassword())) {
|
||||
if (!MessageDigest.isEqual(retrievePassword(id), token.getPassword())) {
|
||||
throw new InvalidToken("Block token with " + id
|
||||
+ " doesn't have the correct token password");
|
||||
}
|
||||
|
@ -174,8 +174,8 @@
|
||||
import java.net.InetSocketAddress;
|
||||
import java.net.URISyntaxException;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.security.MessageDigest;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
@ -1231,7 +1231,7 @@ protected ContainerTokenIdentifier verifyAndGetContainerTokenIdentifier(
|
||||
containerTokenIdentifier);
|
||||
byte[] tokenPass = token.getPassword().array();
|
||||
if (password == null || tokenPass == null
|
||||
|| !Arrays.equals(password, tokenPass)) {
|
||||
|| !MessageDigest.isEqual(password, tokenPass)) {
|
||||
throw new InvalidToken(
|
||||
"Invalid container token used for starting container on : "
|
||||
+ context.getNodeId().toString());
|
||||
|
Loading…
Reference in New Issue
Block a user