From cd2a553fbd0bd675e58fc1a4faf987120bd1cfe8 Mon Sep 17 00:00:00 2001 From: Jitendra Nath Pandey Date: Tue, 1 Nov 2011 23:15:13 +0000 Subject: [PATCH] HADOOP-7792. Common component for HDFS-2416: Add verifyToken method to AbstractDelegationTokenSecretManager. git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1196386 13f79535-47bb-0310-9956-ffa450edef68 --- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../AbstractDelegationTokenSecretManager.java | 15 +++++++++++++++ .../token/delegation/TestDelegationToken.java | 2 ++ 3 files changed, 20 insertions(+) diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 0b10d3f715..be5490c4a8 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -52,6 +52,9 @@ Trunk (unreleased changes) HADOOP-7424. Log an error if the topology script doesn't handle multiple args. (Uma Maheswara Rao G via eli) + HADOOP-7792. Add verifyToken method to AbstractDelegationTokenSecretManager. + (jitendra) + BUGS HADOOP-7606. Upgrade Jackson to version 1.7.1 to match the version required diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java index cded687c43..3c2e666a39 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java @@ -209,6 +209,21 @@ public synchronized byte[] retrievePassword(TokenIdent identifier) return info.getPassword(); } + /** + * Verifies that the given identifier and password are valid and match. + * @param identifier Token identifier. + * @param password Password in the token. + * @throws InvalidToken + */ + public synchronized void verifyToken(TokenIdent identifier, byte[] password) + throws InvalidToken { + byte[] storedPassword = retrievePassword(identifier); + if (!Arrays.equals(password, storedPassword)) { + throw new InvalidToken("token (" + identifier + + ") is invalid, password doesn't match"); + } + } + /** * Renew a delegation token. * @param token the token to renew diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/TestDelegationToken.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/TestDelegationToken.java index 3dc8ca1f50..e2388ad550 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/TestDelegationToken.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/TestDelegationToken.java @@ -360,6 +360,8 @@ public void run() { byte[] storedPassword = dtSecretManager.retrievePassword(id); byte[] password = dtSecretManager.createPassword(id, key); Assert.assertTrue(Arrays.equals(password, storedPassword)); + //verify by secret manager api + dtSecretManager.verifyToken(id, password); } } finally { dtSecretManager.stopThreads();