diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java index c3cc7cf54393e2..1bb43ffcd5eb5b 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestLdapGroupsMapping.java @@ -353,7 +353,7 @@ public void testConfGetPassword() throws Exception { // let's make sure that a password that doesn't exist returns an // empty string as currently expected and used to trigger a call to // extract password - assertEquals("", mapping.getPassword(conf,"invalid-alias", "")); + assertEquals("", mapping.getPassword(conf, "invalid-alias", "")); } @Test diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestShellBasedUnixGroupsMapping.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestShellBasedUnixGroupsMapping.java index a23ea2413abee1..ccade918177c96 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestShellBasedUnixGroupsMapping.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestShellBasedUnixGroupsMapping.java @@ -337,12 +337,12 @@ public void testFiniteGroupResolutionTime() throws Exception { ReflectionUtils.newInstance(TestDelayedGroupCommand.class, conf); executor = mapping.createGroupExecutor(userName); - assertEquals(defaultTimeout, - executor.getTimeoutInterval(), "Expected the group names executor to carry the default timeout"); + assertEquals(defaultTimeout, executor.getTimeoutInterval(), + "Expected the group names executor to carry the default timeout"); executor = mapping.createGroupIDExecutor(userName); - assertEquals(defaultTimeout, - executor.getTimeoutInterval(), "Expected the group ID executor to carry the default timeout"); + assertEquals(defaultTimeout, executor.getTimeoutInterval(), + "Expected the group ID executor to carry the default timeout"); mapping.getGroups(userName); assertFalse(shellMappingLog.getOutput().contains(commandTimeoutMessage), diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java index 9af75e209b421a..f5eff7065c865a 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/TestUGILoginFromKeytab.java @@ -116,14 +116,14 @@ public void testUGILoginFromKeytab() throws Exception { UserGroupInformation.loginUserFromKeytab(principal, keytab.getPath()); UserGroupInformation ugi = UserGroupInformation.getLoginUser(); - assertTrue( - ugi.isFromKeytab(), "UGI should be configured to login from keytab"); + assertTrue(ugi.isFromKeytab(), + "UGI should be configured to login from keytab"); User user = getUser(ugi.getSubject()); assertNotNull(user.getLogin()); - assertTrue( - user.getLastLogin() > beforeLogin, "User login time is less than before login time, " + assertTrue(user.getLastLogin() > beforeLogin, + "User login time is less than before login time, " + "beforeLoginTime:" + beforeLogin + " userLoginTime:" + user.getLastLogin()); } @@ -139,8 +139,7 @@ public void testUGIReLoginFromKeytab() throws Exception { UserGroupInformation.loginUserFromKeytab(principal, keytab.getPath()); UserGroupInformation ugi = UserGroupInformation.getLoginUser(); - assertTrue( - ugi.isFromKeytab(), "UGI should be configured to login from keytab"); + assertTrue(ugi.isFromKeytab(), "UGI should be configured to login from keytab"); // Verify relogin from keytab. User user = getUser(ugi.getSubject()); @@ -154,8 +153,8 @@ public void testUGIReLoginFromKeytab() throws Exception { ugi.reloginFromKeytab(); final long secondLogin = user.getLastLogin(); final LoginContext login2 = user.getLogin(); - assertTrue( - secondLogin > firstLogin, "User should have been able to relogin from keytab"); + assertTrue(secondLogin > firstLogin, + "User should have been able to relogin from keytab"); assertNotNull(login2); assertNotSame(login1, login2); } @@ -174,8 +173,7 @@ public void testUGIForceReLoginFromKeytab() throws Exception { UserGroupInformation.loginUserFromKeytab(principal, keytab.getPath()); UserGroupInformation ugi = UserGroupInformation.getLoginUser(); - assertTrue( - ugi.isFromKeytab(), "UGI should be configured to login from keytab"); + assertTrue(ugi.isFromKeytab(), "UGI should be configured to login from keytab"); // Verify relogin from keytab. User user = getUser(ugi.getSubject()); @@ -190,8 +188,8 @@ public void testUGIForceReLoginFromKeytab() throws Exception { ugi.forceReloginFromKeytab(); final long secondLogin = user.getLastLogin(); final LoginContext login2 = user.getLogin(); - assertTrue( - secondLogin > firstLogin, "User should have been able to relogin from keytab"); + assertTrue(secondLogin > firstLogin, + "User should have been able to relogin from keytab"); assertNotNull(login2); assertNotSame(login1, login2); } @@ -287,11 +285,9 @@ public void testUGIRefreshFromKeytab() throws Exception { assertEquals(UserGroupInformation.AuthenticationMethod.KERBEROS, ugi.getAuthenticationMethod()); assertTrue(ugi.isFromKeytab()); - assertTrue( - UserGroupInformation.isKerberosKeyTabLoginRenewalEnabled()); - assertTrue( - UserGroupInformation.getKerberosLoginRenewalExecutor() - .isPresent()); + assertTrue(UserGroupInformation.isKerberosKeyTabLoginRenewalEnabled()); + assertTrue(UserGroupInformation.getKerberosLoginRenewalExecutor() + .isPresent()); } @Test @@ -312,13 +308,11 @@ public void testUGIRefreshFromKeytabDisabled() throws Exception { UserGroupInformation ugi = UserGroupInformation.getLoginUser(); assertEquals(UserGroupInformation.AuthenticationMethod.KERBEROS, - ugi.getAuthenticationMethod()); + ugi.getAuthenticationMethod()); assertTrue(ugi.isFromKeytab()); - assertFalse( - UserGroupInformation.isKerberosKeyTabLoginRenewalEnabled()); - assertFalse( - UserGroupInformation.getKerberosLoginRenewalExecutor() - .isPresent()); + assertFalse(UserGroupInformation.isKerberosKeyTabLoginRenewalEnabled()); + assertFalse(UserGroupInformation.getKerberosLoginRenewalExecutor() + .isPresent()); } private static KerberosTicket getTicket(UserGroupInformation ugi) { @@ -331,10 +325,8 @@ private static KerberosTicket getTicket(UserGroupInformation ugi) { // the expected principal. private static KerberosTicket checkTicketAndKeytab(UserGroupInformation ugi, KerberosPrincipal principal, boolean expectIsKeytab) { - assertEquals( - principal.getName(), ugi.getUserName(), "wrong principal"); - assertEquals( - expectIsKeytab, ugi.isFromKeytab(), "is not keytab"); + assertEquals(principal.getName(), ugi.getUserName(), "wrong principal"); + assertEquals(expectIsKeytab, ugi.isFromKeytab(), "is not keytab"); KerberosTicket ticket = getTicket(ugi); assertNotNull(ticket, "no ticket"); assertEquals(principal, ticket.getClient(), "wrong principal"); @@ -438,9 +430,9 @@ public Void run() throws IOException { // original login user not affected. extLoginUser.reloginFromKeytab(); assertSame(extLoginUserTicket, - checkTicketAndKeytab(extLoginUser, principal2, false)); + checkTicketAndKeytab(extLoginUser, principal2, false)); assertSame(originalLoginUserTicket, - checkTicketAndKeytab(originalLoginUser, principal1, true)); + checkTicketAndKeytab(originalLoginUser, principal1, true)); // verify original login user gets a new ticket, new login user // not affected. @@ -540,8 +532,7 @@ public Void call() throws Exception { }); // wait for the thread to block on the barrier in the logout of the // relogin. - assertTrue( - latch.await(2, TimeUnit.SECONDS), "first relogin didn't block"); + assertTrue(latch.await(2, TimeUnit.SECONDS), "first relogin didn't block"); // although the logout removed the keytab instance, verify the ugi // knows from its login params that it is supposed to be from a keytab. diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/alias/TestCredShell.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/alias/TestCredShell.java index c02763e16a8c24..00c69f9d63e0eb 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/alias/TestCredShell.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/alias/TestCredShell.java @@ -263,7 +263,7 @@ public void testEmptyArgForCommands() throws Exception { for (String cmd : Arrays.asList("create", "delete")) { shell.setConf(new Configuration()); - assertEquals(1, shell.init(new String[] { cmd }), + assertEquals(1, shell.init(new String[]{cmd}), "Expected empty argument on " + cmd + " to return 1"); } } diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/alias/TestCredentialProviderFactory.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/alias/TestCredentialProviderFactory.java index 839c03eb52bca5..d5d7e521f603f3 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/alias/TestCredentialProviderFactory.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/alias/TestCredentialProviderFactory.java @@ -277,6 +277,6 @@ public void checkPermissionRetention(Configuration conf, String ourUrl, FileSystem fs = path.getFileSystem(conf); FileStatus s = fs.getFileStatus(path); assertEquals("rwxrwxrwx", s.getPermission().toString(), - "Permissions should have been retained from the preexisting keystore."); + "Permissions should have been retained from the preexisting keystore."); } } diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/http/TestCrossOriginFilter.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/http/TestCrossOriginFilter.java index 4613dce12aff16..f7d70172e5c978 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/http/TestCrossOriginFilter.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/http/TestCrossOriginFilter.java @@ -88,21 +88,21 @@ public void testAllowAllOrigins() throws ServletException, IOException { public void testEncodeHeaders() { String validOrigin = "http://localhost:12345"; String encodedValidOrigin = CrossOriginFilter.encodeHeader(validOrigin); - assertEquals( - validOrigin, encodedValidOrigin, "Valid origin encoding should match exactly"); + assertEquals(validOrigin, encodedValidOrigin, + "Valid origin encoding should match exactly"); String httpResponseSplitOrigin = validOrigin + " \nSecondHeader: value"; String encodedResponseSplitOrigin = CrossOriginFilter.encodeHeader(httpResponseSplitOrigin); - assertEquals( - validOrigin, encodedResponseSplitOrigin, "Http response split origin should be protected against"); + assertEquals(validOrigin, encodedResponseSplitOrigin, + "Http response split origin should be protected against"); // Test Origin List String validOriginList = "http://foo.example.com:12345 http://bar.example.com:12345"; String encodedValidOriginList = CrossOriginFilter .encodeHeader(validOriginList); - assertEquals( - validOriginList, encodedValidOriginList, "Valid origin list encoding should match exactly"); + assertEquals(validOriginList, encodedValidOriginList, + "Valid origin list encoding should match exactly"); } @Test @@ -348,12 +348,10 @@ public void testCrossOriginFilterAfterRestart() throws ServletException { filter.init(filterConfig); //verify filter values - assertTrue( - filter.getAllowedHeadersHeader() - .compareTo("X-Requested-With,Accept") == 0, "Allowed headers do not match"); - assertTrue( - filter.getAllowedMethodsHeader() - .compareTo("GET,POST") == 0, "Allowed methods do not match"); + assertTrue(filter.getAllowedHeadersHeader(). + compareTo("X-Requested-With,Accept") == 0, "Allowed headers do not match"); + assertTrue(filter.getAllowedMethodsHeader(). + compareTo("GET,POST") == 0, "Allowed methods do not match"); assertTrue(filter.areOriginsAllowed("example.com")); //destroy filter values and clear conf @@ -370,12 +368,10 @@ public void testCrossOriginFilterAfterRestart() throws ServletException { filter.init(filterConfig); //verify filter values - assertTrue( - filter.getAllowedHeadersHeader() - .compareTo("Content-Type,Origin") == 0, "Allowed headers do not match"); - assertTrue( - filter.getAllowedMethodsHeader() - .compareTo("GET,HEAD") == 0, "Allowed methods do not match"); + assertTrue(filter.getAllowedHeadersHeader().compareTo("Content-Type,Origin") == 0, + "Allowed headers do not match"); + assertTrue(filter.getAllowedMethodsHeader().compareTo("GET,HEAD") == 0, + "Allowed methods do not match"); assertTrue(filter.areOriginsAllowed("newexample.com")); //destroy filter values diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/http/TestXFrameOptionsFilter.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/http/TestXFrameOptionsFilter.java index 5d6c2790aebf03..50cd009a117822 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/http/TestXFrameOptionsFilter.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/http/TestXFrameOptionsFilter.java @@ -70,9 +70,8 @@ public Object answer(InvocationOnMock invocation) throws Throwable { @Override public Object answer(InvocationOnMock invocation) throws Throwable { Object[] args = invocation.getArguments(); - assertTrue( - "DENY".equals(args[1]), "Options value incorrect should be DENY but is: " - + args[1]); + assertTrue("DENY".equals(args[1]), + "Options value incorrect should be DENY but is: " + args[1]); headers.add((String)args[1]); return null; } diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestReloadingX509KeyManager.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestReloadingX509KeyManager.java index 768b88f9dd8322..b3a74b745e0de4 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestReloadingX509KeyManager.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/ssl/TestReloadingX509KeyManager.java @@ -35,177 +35,179 @@ import java.util.function.Supplier; import static org.apache.hadoop.security.ssl.KeyStoreTestUtil.*; -import static org.junit.jupiter.api.Assertions.*; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertThrows; public class TestReloadingX509KeyManager { - private static final String BASEDIR = GenericTestUtils.getTempPath( - TestReloadingX509TrustManager.class.getSimpleName()); + private static final String BASEDIR = GenericTestUtils.getTempPath( + TestReloadingX509TrustManager.class.getSimpleName()); + + private final GenericTestUtils.LogCapturer reloaderLog = GenericTestUtils.LogCapturer.captureLogs( + FileMonitoringTimerTask.LOG); + + @BeforeAll + public static void setUp() throws Exception { + File base = new File(BASEDIR); + FileUtil.fullyDelete(base); + base.mkdirs(); + } + + @Test + public void testLoadMissingKeyStore() throws Exception { + assertThrows(IOException.class, () -> { + String keystoreLocation = BASEDIR + "/testmissing.jks"; + + ReloadingX509KeystoreManager tm = + new ReloadingX509KeystoreManager("jks", keystoreLocation, + "password", + "password"); + }); + } + + @Test + public void testLoadCorruptKeyStore() throws Exception { + assertThrows(IOException.class, () -> { + String keystoreLocation = BASEDIR + "/testcorrupt.jks"; + OutputStream os = new FileOutputStream(keystoreLocation); + os.write(1); + os.close(); + + ReloadingX509KeystoreManager tm = + new ReloadingX509KeystoreManager("jks", keystoreLocation, + "password", "password"); + }); + } + + @Test + @Timeout(value = 3000) + public void testReload() throws Exception { + KeyPair kp = generateKeyPair("RSA"); + X509Certificate sCert = generateCertificate("CN=localhost, O=server", kp, 30, + "SHA1withRSA"); + String keystoreLocation = BASEDIR + "/testreload.jks"; + createKeyStore(keystoreLocation, "password", "cert1", kp.getPrivate(), sCert); + + long reloadInterval = 10; + Timer fileMonitoringTimer = new Timer(FileBasedKeyStoresFactory.SSL_MONITORING_THREAD_NAME, true); + ReloadingX509KeystoreManager tm = + new ReloadingX509KeystoreManager("jks", keystoreLocation, + "password", "password"); + try { + fileMonitoringTimer.schedule(new FileMonitoringTimerTask( + Paths.get(keystoreLocation), tm::loadFrom,null), reloadInterval, reloadInterval); + assertEquals(kp.getPrivate(), tm.getPrivateKey("cert1")); + + // Wait so that the file modification time is different + Thread.sleep((reloadInterval+ 1000)); + + // Change the certificate with a new keypair + final KeyPair anotherKP = generateKeyPair("RSA"); + sCert = KeyStoreTestUtil.generateCertificate("CN=localhost, O=server", anotherKP, 30, + "SHA1withRSA"); + createKeyStore(keystoreLocation, "password", "cert1", anotherKP.getPrivate(), sCert); - private final GenericTestUtils.LogCapturer reloaderLog = GenericTestUtils.LogCapturer.captureLogs( - FileMonitoringTimerTask.LOG); - - @BeforeAll - public static void setUp() throws Exception { - File base = new File(BASEDIR); - FileUtil.fullyDelete(base); - base.mkdirs(); + GenericTestUtils.waitFor(new Supplier() { + @Override + public Boolean get() { + return tm.getPrivateKey("cert1").equals(kp.getPrivate()); + } + }, (int) reloadInterval, 100000); + } finally { + fileMonitoringTimer.cancel(); } + } - @Test - public void testLoadMissingKeyStore() throws Exception { - assertThrows(IOException.class, () -> { - String keystoreLocation = BASEDIR + "/testmissing.jks"; + @Test + @Timeout(value = 30) + public void testReloadMissingTrustStore() throws Exception { + KeyPair kp = generateKeyPair("RSA"); + X509Certificate cert1 = generateCertificate("CN=Cert1", kp, 30, "SHA1withRSA"); + String keystoreLocation = BASEDIR + "/testmissing.jks"; + createKeyStore(keystoreLocation, "password", "cert1", kp.getPrivate(), cert1); - ReloadingX509KeystoreManager tm = - new ReloadingX509KeystoreManager("jks", keystoreLocation, - "password", - "password"); - }); - } + long reloadInterval = 10; + Timer fileMonitoringTimer = new Timer(FileBasedKeyStoresFactory.SSL_MONITORING_THREAD_NAME, true); + ReloadingX509KeystoreManager tm = + new ReloadingX509KeystoreManager("jks", keystoreLocation, + "password", + "password"); - @Test - public void testLoadCorruptKeyStore() throws Exception { - assertThrows(IOException.class, () -> { - String keystoreLocation = BASEDIR + "/testcorrupt.jks"; - OutputStream os = new FileOutputStream(keystoreLocation); - os.write(1); - os.close(); - - ReloadingX509KeystoreManager tm = - new ReloadingX509KeystoreManager("jks", keystoreLocation, - "password", "password"); - }); - } + try { + fileMonitoringTimer.schedule(new FileMonitoringTimerTask( + Paths.get(keystoreLocation), tm::loadFrom,null), reloadInterval, reloadInterval); + assertEquals(kp.getPrivate(), tm.getPrivateKey("cert1")); - @Test - @Timeout(value = 3000) - public void testReload() throws Exception { - KeyPair kp = generateKeyPair("RSA"); - X509Certificate sCert = generateCertificate("CN=localhost, O=server", kp, 30, - "SHA1withRSA"); - String keystoreLocation = BASEDIR + "/testreload.jks"; - createKeyStore(keystoreLocation, "password", "cert1", kp.getPrivate(), sCert); - - long reloadInterval = 10; - Timer fileMonitoringTimer = new Timer(FileBasedKeyStoresFactory.SSL_MONITORING_THREAD_NAME, true); - ReloadingX509KeystoreManager tm = - new ReloadingX509KeystoreManager("jks", keystoreLocation, - "password", - "password"); - try { - fileMonitoringTimer.schedule(new FileMonitoringTimerTask( - Paths.get(keystoreLocation), tm::loadFrom,null), reloadInterval, reloadInterval); - assertEquals(kp.getPrivate(), tm.getPrivateKey("cert1")); - - // Wait so that the file modification time is different - Thread.sleep((reloadInterval+ 1000)); - - // Change the certificate with a new keypair - final KeyPair anotherKP = generateKeyPair("RSA"); - sCert = KeyStoreTestUtil.generateCertificate("CN=localhost, O=server", anotherKP, 30, - "SHA1withRSA"); - createKeyStore(keystoreLocation, "password", "cert1", anotherKP.getPrivate(), sCert); - - GenericTestUtils.waitFor(new Supplier() { - @Override - public Boolean get() { - return tm.getPrivateKey("cert1").equals(kp.getPrivate()); - } - }, (int) reloadInterval, 100000); - } finally { - fileMonitoringTimer.cancel(); - } - } + assertFalse(reloaderLog.getOutput().contains( + FileMonitoringTimerTask.PROCESS_ERROR_MESSAGE)); - @Test - @Timeout(value = 30) - public void testReloadMissingTrustStore() throws Exception { - KeyPair kp = generateKeyPair("RSA"); - X509Certificate cert1 = generateCertificate("CN=Cert1", kp, 30, "SHA1withRSA"); - String keystoreLocation = BASEDIR + "/testmissing.jks"; - createKeyStore(keystoreLocation, "password", "cert1", kp.getPrivate(), cert1); - - long reloadInterval = 10; - Timer fileMonitoringTimer = new Timer(FileBasedKeyStoresFactory.SSL_MONITORING_THREAD_NAME, true); - ReloadingX509KeystoreManager tm = - new ReloadingX509KeystoreManager("jks", keystoreLocation, - "password", - "password"); - try { - fileMonitoringTimer.schedule(new FileMonitoringTimerTask( - Paths.get(keystoreLocation), tm::loadFrom,null), reloadInterval, reloadInterval); - assertEquals(kp.getPrivate(), tm.getPrivateKey("cert1")); - - assertFalse(reloaderLog.getOutput().contains( - FileMonitoringTimerTask.PROCESS_ERROR_MESSAGE)); - - // Wait for the first reload to happen so we actually detect a change after the delete - Thread.sleep((reloadInterval+ 1000)); - - new File(keystoreLocation).delete(); - - // Wait for the reload to happen and log to get written to - Thread.sleep((reloadInterval+ 1000)); - - waitForFailedReloadAtLeastOnce((int) reloadInterval); - - assertEquals(kp.getPrivate(), tm.getPrivateKey("cert1")); - } finally { - reloaderLog.stopCapturing(); - fileMonitoringTimer.cancel(); - } - } + // Wait for the first reload to happen so we actually detect a change after the delete + Thread.sleep((reloadInterval+ 1000)); + new File(keystoreLocation).delete(); - @Test - @Timeout(value = 30) - public void testReloadCorruptTrustStore() throws Exception { - KeyPair kp = generateKeyPair("RSA"); - X509Certificate cert1 = generateCertificate("CN=Cert1", kp, 30, "SHA1withRSA"); - String keystoreLocation = BASEDIR + "/testmissing.jks"; - createKeyStore(keystoreLocation, "password", "cert1", kp.getPrivate(), cert1); - - long reloadInterval = 10; - Timer fileMonitoringTimer = new Timer(FileBasedKeyStoresFactory.SSL_MONITORING_THREAD_NAME, true); - ReloadingX509KeystoreManager tm = - new ReloadingX509KeystoreManager("jks", keystoreLocation, - "password", - "password"); - try { - fileMonitoringTimer.schedule(new FileMonitoringTimerTask( - Paths.get(keystoreLocation), tm::loadFrom,null), reloadInterval, reloadInterval); - assertEquals(kp.getPrivate(), tm.getPrivateKey("cert1")); - - // Wait so that the file modification time is different - Thread.sleep((reloadInterval + 1000)); - - assertFalse(reloaderLog.getOutput().contains( - FileMonitoringTimerTask.PROCESS_ERROR_MESSAGE)); - OutputStream os = new FileOutputStream(keystoreLocation); - os.write(1); - os.close(); - - waitForFailedReloadAtLeastOnce((int) reloadInterval); - - assertEquals(kp.getPrivate(), tm.getPrivateKey("cert1")); - } finally { - reloaderLog.stopCapturing(); - fileMonitoringTimer.cancel(); - } - } + // Wait for the reload to happen and log to get written to + Thread.sleep((reloadInterval+ 1000)); - /**Wait for the reloader thread to load the configurations at least once - * by probing the log of the thread if the reload fails. - */ - private void waitForFailedReloadAtLeastOnce(int reloadInterval) - throws InterruptedException, TimeoutException { - GenericTestUtils.waitFor(new Supplier() { - @Override - public Boolean get() { - return reloaderLog.getOutput().contains( - FileMonitoringTimerTask.PROCESS_ERROR_MESSAGE); - } - }, reloadInterval, 10 * 1000); + waitForFailedReloadAtLeastOnce((int) reloadInterval); + + assertEquals(kp.getPrivate(), tm.getPrivateKey("cert1")); + } finally { + reloaderLog.stopCapturing(); + fileMonitoringTimer.cancel(); } + } + + @Test + @Timeout(value = 30) + public void testReloadCorruptTrustStore() throws Exception { + KeyPair kp = generateKeyPair("RSA"); + X509Certificate cert1 = generateCertificate("CN=Cert1", kp, 30, "SHA1withRSA"); + String keystoreLocation = BASEDIR + "/testmissing.jks"; + createKeyStore(keystoreLocation, "password", "cert1", kp.getPrivate(), cert1); + + long reloadInterval = 10; + Timer fileMonitoringTimer = new Timer(FileBasedKeyStoresFactory.SSL_MONITORING_THREAD_NAME, true); + ReloadingX509KeystoreManager tm = + new ReloadingX509KeystoreManager("jks", keystoreLocation, + "password", + "password"); + + try { + fileMonitoringTimer.schedule(new FileMonitoringTimerTask( + Paths.get(keystoreLocation), tm::loadFrom,null), reloadInterval, reloadInterval); + assertEquals(kp.getPrivate(), tm.getPrivateKey("cert1")); + + // Wait so that the file modification time is different + Thread.sleep((reloadInterval + 1000)); + + assertFalse(reloaderLog.getOutput().contains( + FileMonitoringTimerTask.PROCESS_ERROR_MESSAGE)); + OutputStream os = new FileOutputStream(keystoreLocation); + os.write(1); + os.close(); + + waitForFailedReloadAtLeastOnce((int) reloadInterval); + + assertEquals(kp.getPrivate(), tm.getPrivateKey("cert1")); + } finally { + reloaderLog.stopCapturing(); + fileMonitoringTimer.cancel(); + } + } + + /**Wait for the reloader thread to load the configurations at least once + * by probing the log of the thread if the reload fails. + */ + private void waitForFailedReloadAtLeastOnce(int reloadInterval) + throws InterruptedException, TimeoutException { + GenericTestUtils.waitFor(new Supplier() { + @Override + public Boolean get() { + return reloaderLog.getOutput().contains( + FileMonitoringTimerTask.PROCESS_ERROR_MESSAGE); + } + }, reloadInterval, 10 * 1000); + } } diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/TestDtUtilShell.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/TestDtUtilShell.java index eb68d226bb47e7..7ada6f1376731b 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/TestDtUtilShell.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/TestDtUtilShell.java @@ -129,39 +129,39 @@ public void testPrint() throws Exception { args = new String[] {"print", tokenFilename}; rc = dt.run(args); assertEquals(0, rc, "test simple print exit code"); - assertTrue( - outContent.toString().contains(KIND.toString()), "test simple print output kind:\n" + outContent.toString()); - assertTrue( - outContent.toString().contains(SERVICE.toString()), "test simple print output service:\n" + outContent.toString()); + assertTrue(outContent.toString().contains(KIND.toString()), + "test simple print output kind:\n" + outContent.toString()); + assertTrue(outContent.toString().contains(SERVICE.toString()), + "test simple print output service:\n" + outContent.toString()); outContent.reset(); args = new String[] {"print", tokenLegacyFile.toString()}; rc = dt.run(args); assertEquals(0, rc, "test legacy print exit code"); - assertTrue( - outContent.toString().contains(KIND.toString()), "test simple print output kind:\n" + outContent.toString()); - assertTrue( - outContent.toString().contains(SERVICE.toString()), "test simple print output service:\n" + outContent.toString()); + assertTrue(outContent.toString().contains(KIND.toString()), + "test simple print output kind:\n" + outContent.toString()); + assertTrue(outContent.toString().contains(SERVICE.toString()), + "test simple print output service:\n" + outContent.toString()); outContent.reset(); args = new String[] { "print", "-alias", SERVICE.toString(), tokenFilename}; rc = dt.run(args); assertEquals(0, rc, "test alias print exit code"); - assertTrue( - outContent.toString().contains(KIND.toString()), "test simple print output kind:\n" + outContent.toString()); - assertTrue( - outContent.toString().contains(SERVICE.toString()), "test simple print output service:\n" + outContent.toString()); + assertTrue(outContent.toString().contains(KIND.toString()), + "test simple print output kind:\n" + outContent.toString()); + assertTrue(outContent.toString().contains(SERVICE.toString()), + "test simple print output service:\n" + outContent.toString()); outContent.reset(); args = new String[] { "print", "-alias", "not-a-serivce", tokenFilename}; rc = dt.run(args); assertEquals(0, rc, "test no alias print exit code"); - assertFalse( - outContent.toString().contains(KIND.toString()), "test no alias print output kind:\n" + outContent.toString()); - assertFalse( - outContent.toString().contains(SERVICE.toString()), "test no alias print output service:\n" + outContent.toString()); + assertFalse(outContent.toString().contains(KIND.toString()), + "test no alias print output kind:\n" + outContent.toString()); + assertFalse(outContent.toString().contains(SERVICE.toString()), + "test no alias print output service:\n" + outContent.toString()); } @Test @@ -175,17 +175,17 @@ public void testEdit() throws Exception { args = new String[] {"print", "-alias", oldService, tokenFilename2}; rc = dt.run(args); assertEquals(0, rc, "test simple edit print old exit code"); - assertTrue( - outContent.toString().contains(KIND.toString()), "test simple edit output kind old:\n" + outContent.toString()); - assertTrue( - outContent.toString().contains(oldService), "test simple edit output service old:\n" + outContent.toString()); + assertTrue(outContent.toString().contains(KIND.toString()), + "test simple edit output kind old:\n" + outContent.toString()); + assertTrue(outContent.toString().contains(oldService), + "test simple edit output service old:\n" + outContent.toString()); args = new String[] {"print", "-alias", newAlias, tokenFilename2}; rc = dt.run(args); assertEquals(0, rc, "test simple edit print new exit code"); - assertTrue( - outContent.toString().contains(KIND.toString()), "test simple edit output kind new:\n" + outContent.toString()); - assertTrue( - outContent.toString().contains(newAlias), "test simple edit output service new:\n" + outContent.toString()); + assertTrue(outContent.toString().contains(KIND.toString()), + "test simple edit output kind new:\n" + outContent.toString()); + assertTrue(outContent.toString().contains(newAlias), + "test simple edit output service new:\n" + outContent.toString()); } @Test @@ -196,12 +196,12 @@ public void testAppend() throws Exception { args = new String[] {"print", tokenFilename2}; rc = dt.run(args); assertEquals(0, rc, "test simple append print exit code"); - assertTrue( - outContent.toString().contains(KIND.toString()), "test simple append output kind:\n" + outContent.toString()); - assertTrue( - outContent.toString().contains(SERVICE.toString()), "test simple append output service:\n" + outContent.toString()); - assertTrue( - outContent.toString().contains(SERVICE2.toString()), "test simple append output service:\n" + outContent.toString()); + assertTrue(outContent.toString().contains(KIND.toString()), + "test simple append output kind:\n" + outContent.toString()); + assertTrue(outContent.toString().contains(SERVICE.toString()), + "test simple append output service:\n" + outContent.toString()); + assertTrue(outContent.toString().contains(SERVICE2.toString()), + "test simple append output service:\n" + outContent.toString()); } @Test @@ -212,10 +212,10 @@ public void testRemove() throws Exception { args = new String[] {"print", tokenFilename}; rc = dt.run(args); assertEquals(0, rc, "test simple remove print exit code"); - assertFalse( - outContent.toString().contains(KIND.toString()), "test simple remove output kind:\n" + outContent.toString()); - assertFalse( - outContent.toString().contains(SERVICE.toString()), "test simple remove output service:\n" + outContent.toString()); + assertFalse(outContent.toString().contains(KIND.toString()), + "test simple remove output kind:\n" + outContent.toString()); + assertFalse(outContent.toString().contains(SERVICE.toString()), + "test simple remove output service:\n" + outContent.toString()); } @Test @@ -227,10 +227,10 @@ public void testGet() throws Exception { rc = dt.run(args); String oc = outContent.toString(); assertEquals(0, rc, "test print after get exit code"); - assertTrue( - oc.contains(KIND_GET.toString()), "test print after get output kind:\n" + oc); - assertTrue( - oc.contains(SERVICE_GET.toString()), "test print after get output service:\n" + oc); + assertTrue(oc.contains(KIND_GET.toString()), + "test print after get output kind:\n" + oc); + assertTrue(oc.contains(SERVICE_GET.toString()), + "test print after get output service:\n" + oc); } @Test @@ -243,10 +243,10 @@ public void testGetWithServiceFlag() throws Exception { rc = dt.run(args); String oc = outContent.toString(); assertEquals(0, rc, "test print after get with service flag exit code"); - assertTrue( - oc.contains(KIND_GET.toString()), "test print after get with service flag output kind:\n" + oc); - assertTrue( - oc.contains(SERVICE_GET.toString()), "test print after get with service flag output service:\n" + oc); + assertTrue(oc.contains(KIND_GET.toString()), + "test print after get with service flag output kind:\n" + oc); + assertTrue(oc.contains(SERVICE_GET.toString()), + "test print after get with service flag output service:\n" + oc); } @Test @@ -258,12 +258,12 @@ public void testGetWithAliasFlag() throws Exception { rc = dt.run(args); String oc = outContent.toString(); assertEquals(0, rc, "test print after get with alias flag exit code"); - assertTrue( - oc.contains(KIND_GET.toString()), "test print after get with alias flag output kind:\n" + oc); - assertTrue( - oc.contains(alias), "test print after get with alias flag output alias:\n" + oc); - assertFalse(oc.contains(SERVICE_GET.toString()), "test print after get with alias flag output old service:\n" + - oc); + assertTrue(oc.contains(KIND_GET.toString()), + "test print after get with alias flag output kind:\n" + oc); + assertTrue(oc.contains(alias), + "test print after get with alias flag output alias:\n" + oc); + assertFalse(oc.contains(SERVICE_GET.toString()), + "test print after get with alias flag output old service:\n" + oc); } @Test @@ -303,12 +303,12 @@ public void testImport() throws Exception { args = new String[] {"print", tokenFilenameImport}; rc = dt.run(args); assertEquals(0, rc, "test simple import print old exit code"); - assertTrue( - outContent.toString().contains(KIND_IMPORT.toString()), "test print after import output:\n" + outContent); - assertTrue( - outContent.toString().contains(SERVICE_IMPORT.toString()), "test print after import output:\n" + outContent); - assertTrue( - outContent.toString().contains(base64), "test print after simple import output:\n" + outContent); + assertTrue(outContent.toString().contains(KIND_IMPORT.toString()), + "test print after import output:\n" + outContent); + assertTrue(outContent.toString().contains(SERVICE_IMPORT.toString()), + "test print after import output:\n" + outContent); + assertTrue(outContent.toString().contains(base64), + "test print after simple import output:\n" + outContent); } @Test @@ -322,9 +322,9 @@ public void testImportWithAliasFlag() throws Exception { args = new String[] {"print", tokenFilenameImport}; rc = dt.run(args); assertEquals(0, rc, "test simple import print old exit code"); - assertTrue( - outContent.toString().contains(KIND_IMPORT.toString()), "test print after import output:\n" + outContent); - assertTrue( - outContent.toString().contains(alias), "test print after import with alias output:\n" + outContent); + assertTrue(outContent.toString().contains(KIND_IMPORT.toString()), + "test print after import output:\n" + outContent); + assertTrue(outContent.toString().contains(alias), + "test print after import with alias output:\n" + outContent); } } diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestDelegationTokenManager.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestDelegationTokenManager.java index 8836749b2e6a56..ad69f5d1d5c42a 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestDelegationTokenManager.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestDelegationTokenManager.java @@ -26,29 +26,28 @@ import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.token.Token; import org.junit.jupiter.api.Assertions; -import org.junit.jupiter.api.Test; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.MethodSource; -@RunWith(Parameterized.class) public class TestDelegationTokenManager { private static final long DAY_IN_SECS = 86400; - @Parameterized.Parameters public static Collection headers() { - return Arrays.asList(new Object[][] { { false }, { true } }); + return Arrays.asList(new Object[][]{{false}, {true}}); } private boolean enableZKKey; - public TestDelegationTokenManager(boolean enableZKKey) { - this.enableZKKey = enableZKKey; + public void initTestDelegationTokenManager(boolean pEnableZKKey) { + this.enableZKKey = pEnableZKKey; } @SuppressWarnings("unchecked") - @Test - public void testDTManager() throws Exception { + @ParameterizedTest + @MethodSource("headers") + public void testDTManager(boolean pEnableZKKey) throws Exception { + initTestDelegationTokenManager(pEnableZKKey); Configuration conf = new Configuration(false); conf.setLong(DelegationTokenManager.UPDATE_INTERVAL, DAY_IN_SECS); conf.setLong(DelegationTokenManager.MAX_LIFETIME, DAY_IN_SECS); diff --git a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java index f838cbce75b03a..b6f60c4e5b3bcd 100644 --- a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java +++ b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/token/delegation/web/TestWebDelegationToken.java @@ -240,45 +240,45 @@ public void testRawHttpCalls() throws Exception { // unauthenticated access to URL HttpURLConnection conn = (HttpURLConnection) nonAuthURL.openConnection(); - assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, + assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode()); // authenticated access to URL conn = (HttpURLConnection) authURL.openConnection(); - assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); + assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); // unauthenticated access to get delegation token URL url = new URL(nonAuthURL.toExternalForm() + "?op=GETDELEGATIONTOKEN"); conn = (HttpURLConnection) url.openConnection(); - assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, + assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode()); // authenticated access to get delegation token url = new URL(authURL.toExternalForm() + "&op=GETDELEGATIONTOKEN&renewer=foo"); conn = (HttpURLConnection) url.openConnection(); - assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); + assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); ObjectMapper mapper = new ObjectMapper(); Map map = mapper.readValue(conn.getInputStream(), Map.class); String dt = (String) ((Map) map.get("Token")).get("urlString"); - assertNotNull(dt); + assertNotNull(dt); // delegation token access to URL url = new URL(nonAuthURL.toExternalForm() + "?delegation=" + dt); conn = (HttpURLConnection) url.openConnection(); - assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); + assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); // delegation token and authenticated access to URL url = new URL(authURL.toExternalForm() + "&delegation=" + dt); conn = (HttpURLConnection) url.openConnection(); - assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); + assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); // renewew delegation token, unauthenticated access to URL url = new URL(nonAuthURL.toExternalForm() + "?op=RENEWDELEGATIONTOKEN&token=" + dt); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); - assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, + assertEquals(HttpURLConnection.HTTP_UNAUTHORIZED, conn.getResponseCode()); // renewew delegation token, authenticated access to URL @@ -286,14 +286,14 @@ public void testRawHttpCalls() throws Exception { "&op=RENEWDELEGATIONTOKEN&token=" + dt); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); - assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); + assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); // renewew delegation token, authenticated access to URL, not renewer url = new URL(getJettyURL() + "/foo/bar?authenticated=bar&op=RENEWDELEGATIONTOKEN&token=" + dt); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); - assertEquals(HttpURLConnection.HTTP_FORBIDDEN, + assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode()); // cancel delegation token, nonauthenticated access to URL @@ -301,32 +301,32 @@ public void testRawHttpCalls() throws Exception { "?op=CANCELDELEGATIONTOKEN&token=" + dt); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); - assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); + assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); // cancel canceled delegation token, nonauthenticated access to URL url = new URL(nonAuthURL.toExternalForm() + "?op=CANCELDELEGATIONTOKEN&token=" + dt); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); - assertEquals(HttpURLConnection.HTTP_NOT_FOUND, + assertEquals(HttpURLConnection.HTTP_NOT_FOUND, conn.getResponseCode()); // get new delegation token url = new URL(authURL.toExternalForm() + "&op=GETDELEGATIONTOKEN&renewer=foo"); conn = (HttpURLConnection) url.openConnection(); - assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); + assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); mapper = new ObjectMapper(); map = mapper.readValue(conn.getInputStream(), Map.class); dt = (String) ((Map) map.get("Token")).get("urlString"); - assertNotNull(dt); + assertNotNull(dt); // cancel delegation token, authenticated access to URL url = new URL(authURL.toExternalForm() + "&op=CANCELDELEGATIONTOKEN&token=" + dt); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("PUT"); - assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); + assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); } finally { jetty.stop(); } @@ -369,32 +369,32 @@ private void testDelegationTokenAuthenticatorCalls(final boolean useQS) try { aUrl.getDelegationToken(nonAuthURL, token, FOO_USER); - fail(); + fail(); } catch (Exception ex) { - assertTrue(ex.getCause().getMessage().contains("401")); + assertTrue(ex.getCause().getMessage().contains("401")); } aUrl.getDelegationToken(authURL, token, FOO_USER); - assertNotNull(token.getDelegationToken()); - assertEquals(new Text("token-kind"), + assertNotNull(token.getDelegationToken()); + assertEquals(new Text("token-kind"), token.getDelegationToken().getKind()); aUrl.renewDelegationToken(authURL, token); try { aUrl.renewDelegationToken(nonAuthURL, token); - fail(); + fail(); } catch (Exception ex) { - assertTrue(ex.getMessage().contains("401")); + assertTrue(ex.getMessage().contains("401")); } aUrl.getDelegationToken(authURL, token, FOO_USER); try { aUrl.renewDelegationToken(authURL2, token); - fail(); + fail(); } catch (Exception ex) { - assertTrue(ex.getMessage().contains("403")); + assertTrue(ex.getMessage().contains("403")); } aUrl.getDelegationToken(authURL, token, FOO_USER); @@ -410,7 +410,7 @@ private void testDelegationTokenAuthenticatorCalls(final boolean useQS) try { aUrl.renewDelegationToken(nonAuthURL, token); } catch (Exception ex) { - assertTrue(ex.getMessage().contains("401")); + assertTrue(ex.getMessage().contains("401")); } aUrl.getDelegationToken(authURL, token, "foo"); @@ -421,13 +421,13 @@ private void testDelegationTokenAuthenticatorCalls(final boolean useQS) @Override public Void run() throws Exception { HttpURLConnection conn = aUrl.openConnection(nonAuthURL, new DelegationTokenAuthenticatedURL.Token()); - assertEquals(HttpServletResponse.SC_OK, conn.getResponseCode()); + assertEquals(HttpServletResponse.SC_OK, conn.getResponseCode()); if (useQS) { - assertNull(conn.getHeaderField("UsingHeader")); - assertNotNull(conn.getHeaderField("UsingQueryString")); + assertNull(conn.getHeaderField("UsingHeader")); + assertNotNull(conn.getHeaderField("UsingQueryString")); } else { - assertNotNull(conn.getHeaderField("UsingHeader")); - assertNull(conn.getHeaderField("UsingQueryString")); + assertNotNull(conn.getHeaderField("UsingHeader")); + assertNull(conn.getHeaderField("UsingQueryString")); } return null; } @@ -477,8 +477,8 @@ public void testExternalDelegationTokenSecretManager() throws Exception { new DelegationTokenAuthenticatedURL(); aUrl.getDelegationToken(authURL, token, FOO_USER); - assertNotNull(token.getDelegationToken()); - assertEquals(new Text("fooKind"), + assertNotNull(token.getDelegationToken()); + assertEquals(new Text("fooKind"), token.getDelegationToken().getKind()); } finally { @@ -628,15 +628,15 @@ public Void run() throws Exception { DelegationTokenAuthenticatedURL aUrl = new DelegationTokenAuthenticatedURL(); HttpURLConnection conn = aUrl.openConnection(url, token); - assertEquals(HttpURLConnection.HTTP_OK, + assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); List ret = IOUtils.readLines(conn.getInputStream(), StandardCharsets.UTF_8); - assertEquals(1, ret.size()); - assertEquals(FOO_USER, ret.get(0)); + assertEquals(1, ret.size()); + assertEquals(FOO_USER, ret.get(0)); aUrl.getDelegationToken(url, token, FOO_USER); - assertNotNull(token.getDelegationToken()); - assertEquals(new Text("token-kind"), + assertNotNull(token.getDelegationToken()); + assertEquals(new Text("token-kind"), token.getDelegationToken().getKind()); return null; } @@ -751,7 +751,7 @@ private void testKerberosDelegationTokenAuthenticator( final String doAsUser = doAs ? OK_USER : null; File testDir = new File("target/" + UUID.randomUUID().toString()); - assertTrue(testDir.mkdirs()); + assertTrue(testDir.mkdirs()); MiniKdc kdc = new MiniKdc(MiniKdc.createConf(), testDir); final Server jetty = createJettyServer(); ServletContextHandler context = new ServletContextHandler(); @@ -781,7 +781,7 @@ private void testKerberosDelegationTokenAuthenticator( aUrl.getDelegationToken(url, token, FOO_USER, doAsUser); fail(); } catch (AuthenticationException ex) { - assertTrue(ex.getCause().getMessage().contains("GSSException")); + assertTrue(ex.getCause().getMessage().contains("GSSException")); } doAsKerberosUser("client", keytabFile.getAbsolutePath(), @@ -790,8 +790,8 @@ private void testKerberosDelegationTokenAuthenticator( public Void call() throws Exception { aUrl.getDelegationToken( url, token, doAs ? doAsUser : "client", doAsUser); - assertNotNull(token.getDelegationToken()); - assertEquals(new Text("token-kind"), + assertNotNull(token.getDelegationToken()); + assertEquals(new Text("token-kind"), token.getDelegationToken().getKind()); // Make sure the token belongs to the right owner ByteArrayInputStream buf = new ByteArrayInputStream( @@ -801,29 +801,28 @@ public Void call() throws Exception { new DelegationTokenIdentifier(new Text("token-kind")); id.readFields(dis); dis.close(); - assertEquals( - doAs ? new Text(OK_USER) : new Text("client"), id.getOwner()); + assertEquals(doAs ? new Text(OK_USER) : new Text("client"), id.getOwner()); if (doAs) { - assertEquals(new Text("client"), id.getRealUser()); + assertEquals(new Text("client"), id.getRealUser()); } aUrl.renewDelegationToken(url, token, doAsUser); - assertNotNull(token.getDelegationToken()); + assertNotNull(token.getDelegationToken()); aUrl.getDelegationToken(url, token, FOO_USER, doAsUser); - assertNotNull(token.getDelegationToken()); + assertNotNull(token.getDelegationToken()); try { aUrl.renewDelegationToken(url, token, doAsUser); - fail(); + fail(); } catch (Exception ex) { - assertTrue(ex.getMessage().contains("403")); + assertTrue(ex.getMessage().contains("403")); } aUrl.getDelegationToken(url, token, FOO_USER, doAsUser); aUrl.cancelDelegationToken(url, token, doAsUser); - assertNull(token.getDelegationToken()); + assertNull(token.getDelegationToken()); return null; } @@ -853,17 +852,17 @@ public void testProxyUser() throws Exception { url.toExternalForm(), FOO_USER, OK_USER); HttpURLConnection conn = (HttpURLConnection) new URL(strUrl).openConnection(); - assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); + assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); List ret = IOUtils.readLines(conn.getInputStream(), StandardCharsets.UTF_8); - assertEquals(1, ret.size()); - assertEquals(OK_USER, ret.get(0)); + assertEquals(1, ret.size()); + assertEquals(OK_USER, ret.get(0)); strUrl = String.format("%s?user.name=%s&DOAS=%s", url.toExternalForm(), FOO_USER, OK_USER); conn = (HttpURLConnection) new URL(strUrl).openConnection(); - assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); + assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); ret = IOUtils.readLines(conn.getInputStream(), StandardCharsets.UTF_8); - assertEquals(1, ret.size()); - assertEquals(OK_USER, ret.get(0)); + assertEquals(1, ret.size()); + assertEquals(OK_USER, ret.get(0)); UserGroupInformation ugi = UserGroupInformation.createRemoteUser(FOO_USER); ugi.doAs(new PrivilegedExceptionAction() { @@ -876,16 +875,16 @@ public Void run() throws Exception { // proxyuser using authentication handler authentication HttpURLConnection conn = aUrl.openConnection(url, token, OK_USER); - assertEquals(HttpURLConnection.HTTP_OK, + assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); List ret = IOUtils .readLines(conn.getInputStream(), StandardCharsets.UTF_8); - assertEquals(1, ret.size()); - assertEquals(OK_USER, ret.get(0)); + assertEquals(1, ret.size()); + assertEquals(OK_USER, ret.get(0)); // unauthorized proxy user using authentication handler authentication conn = aUrl.openConnection(url, token, FAIL_USER); - assertEquals(HttpURLConnection.HTTP_FORBIDDEN, + assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode()); // proxy using delegation token authentication @@ -897,12 +896,12 @@ public Void run() throws Exception { // requests using delegation token as auth do not honor doAs conn = aUrl.openConnection(url, token, OK_USER); - assertEquals(HttpURLConnection.HTTP_OK, + assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); ret = IOUtils .readLines(conn.getInputStream(), StandardCharsets.UTF_8); - assertEquals(1, ret.size()); - assertEquals(FOO_USER, ret.get(0)); + assertEquals(1, ret.size()); + assertEquals(FOO_USER, ret.get(0)); return null; } @@ -959,22 +958,22 @@ public Void run() throws Exception { // user foo HttpURLConnection conn = aUrl.openConnection(url, token); - assertEquals(HttpURLConnection.HTTP_OK, + assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); List ret = IOUtils .readLines(conn.getInputStream(), StandardCharsets.UTF_8); - assertEquals(1, ret.size()); - assertEquals("remoteuser=" + FOO_USER+ ":ugi=" + FOO_USER, + assertEquals(1, ret.size()); + assertEquals("remoteuser=" + FOO_USER+ ":ugi=" + FOO_USER, ret.get(0)); // user ok-user via proxyuser foo conn = aUrl.openConnection(url, token, OK_USER); - assertEquals(HttpURLConnection.HTTP_OK, + assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); ret = IOUtils.readLines(conn.getInputStream(), StandardCharsets.UTF_8); - assertEquals(1, ret.size()); - assertEquals("realugi=" + FOO_USER +":remoteuser=" + OK_USER + - ":ugi=" + OK_USER, ret.get(0)); + assertEquals(1, ret.size()); + assertEquals("realugi=" + FOO_USER + ":remoteuser=" + OK_USER + + ":ugi=" + OK_USER, ret.get(0)); return null; } @@ -1021,11 +1020,11 @@ public Void run() throws Exception { // user ok-user via proxyuser foo HttpURLConnection conn = aUrl.openConnection(url, token, OK_USER); - assertEquals(HttpURLConnection.HTTP_OK, + assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); List ret = IOUtils.readLines(conn.getInputStream(), StandardCharsets.UTF_8); - assertEquals(1, ret.size()); - assertEquals("realugi=" + FOO_USER +":remoteuser=" + OK_USER + + assertEquals(1, ret.size()); + assertEquals("realugi=" + FOO_USER +":remoteuser=" + OK_USER + ":ugi=" + OK_USER, ret.get(0)); return null;