private void generateKeys() throws IOException { if (!isMaster) { return; } /* * Need to set estimated expiry dates for currentKey and nextKey so that if * NN crashes, DN can still expire those keys. NN will stop using the newly * generated currentKey after the first keyUpdateInterval, however it may * still be used by DN and Balancer to generate new tokens before they get a * chance to sync their keys with NN. Since we require keyUpdInterval to be * long enough so that all live DN's and Balancer will sync their keys with * NN at least once during the period, the estimated expiry date for * currentKey is set to now() + 2 * keyUpdateInterval + tokenLifetime. * Similarly, the estimated expiry date for nextKey is one keyUpdateInterval * more. */ setSerialNo(serialNo + 1); currentKey = new BlockKey(serialNo, Time.now() + 2 * keyUpdateInterval + tokenLifetime, generateSecret()); currentKey.setKeyType(BlockKey.KeyType.CurrKey); setSerialNo(serialNo + 1); nextKey = new BlockKey(serialNo, Time.now() + 3 * keyUpdateInterval + tokenLifetime, generateSecret()); nextKey.setKeyType(BlockKey.KeyType.NextKey); addBlockKeys(); }
@Override protected byte[] createPassword(BlockTokenIdentifier identifier) { BlockKey key; try { key = getBlockKeyByType(BlockKey.KeyType.CurrKey); } catch (IOException ex) { throw new IllegalStateException( "currentKey hasn't been initialized. [" + ex.getMessage() + "]"); } if (key == null) { throw new IllegalStateException("currentKey hasn't been initialized."); } identifier.setExpiryDate(Time.now() + tokenLifetime); identifier.setKeyId(key.getKeyId()); if (LOG.isDebugEnabled()) { LOG.debug("Generating block token for " + identifier.toString()); } return createPassword(identifier.getBytes(), key.getKey()); }
@Override public byte[] retrievePassword(BlockTokenIdentifier identifier) throws InvalidToken { if (isExpired(identifier.getExpiryDate())) { throw new InvalidToken( "Block token with " + identifier.toString() + " is expired."); } BlockKey key = null; try { key = getBlockKeyById(identifier.getKeyId()); } catch (IOException ex) { } if (key == null) { throw new InvalidToken( "Can't re-compute password for " + identifier.toString() + ", since the required block key (keyID=" + identifier.getKeyId() + ") doesn't exist."); } return createPassword(identifier.getBytes(), key.getKey()); }
private static BlockKey deserializeBlockKey(ByteArrayVariable var) throws IOException { ByteArrayInputStream is = new ByteArrayInputStream((byte[]) var.getValue()); DataInputStream dis = new DataInputStream(is); BlockKey key = new BlockKey(); key.readFields(dis); switch (var.getType()) { case BTCurrKey: key.setKeyType(BlockKey.KeyType.CurrKey); break; case BTNextKey: key.setKeyType(BlockKey.KeyType.NextKey); break; case BTSimpleKey: key.setKeyType(BlockKey.KeyType.SimpleKey); } return key; }
public static BlockKeyProto convert(BlockKey key) { byte[] encodedKey = key.getEncodedKey(); ByteString keyBytes = ByteString.copyFrom(encodedKey == null ? DFSUtil.EMPTY_BYTES : encodedKey); return BlockKeyProto.newBuilder().setKeyId(key.getKeyId()) .setKeyBytes(keyBytes).setExpiryDate(key.getExpiryDate()).build(); }
public static ExportedBlockKeysProto convert(ExportedBlockKeys keys) { ExportedBlockKeysProto.Builder builder = ExportedBlockKeysProto .newBuilder(); builder.setIsBlockTokenEnabled(keys.isBlockTokenEnabled()) .setKeyUpdateInterval(keys.getKeyUpdateInterval()) .setTokenLifeTime(keys.getTokenLifetime()) .setCurrentKey(convert(keys.getCurrentKey())); for (BlockKey k : keys.getAllKeys()) { builder.addAllKeys(convert(k)); } return builder.build(); }
public static BlockKey[] convertBlockKeys(List<BlockKeyProto> list) { BlockKey[] ret = new BlockKey[list.size()]; int i = 0; for (BlockKeyProto k : list) { ret[i++] = convert(k); } return ret; }
@Test public void testConvertBlockKey() { BlockKey key = getBlockKey(1); BlockKeyProto keyProto = PBHelper.convert(key); BlockKey key1 = PBHelper.convert(keyProto); compare(key, key1); }
@Test public void testConvertExportedBlockKeys() { BlockKey[] keys = new BlockKey[] { getBlockKey(2), getBlockKey(3) }; ExportedBlockKeys expKeys = new ExportedBlockKeys(true, 9, 10, getBlockKey(1), keys); ExportedBlockKeysProto expKeysProto = PBHelper.convert(expKeys); ExportedBlockKeys expKeys1 = PBHelper.convert(expKeysProto); compare(expKeys, expKeys1); }
void compare(ExportedBlockKeys expKeys, ExportedBlockKeys expKeys1) { BlockKey[] allKeys = expKeys.getAllKeys(); BlockKey[] allKeys1 = expKeys1.getAllKeys(); assertEquals(allKeys.length, allKeys1.length); for (int i = 0; i < allKeys.length; i++) { compare(allKeys[i], allKeys1[i]); } compare(expKeys.getCurrentKey(), expKeys1.getCurrentKey()); assertEquals(expKeys.getKeyUpdateInterval(), expKeys1.getKeyUpdateInterval()); assertEquals(expKeys.getTokenLifetime(), expKeys1.getTokenLifetime()); }
@Test public void testConvertDatanodeRegistration() { DatanodeID dnId = DFSTestUtil.getLocalDatanodeID(); BlockKey[] keys = new BlockKey[] { getBlockKey(2), getBlockKey(3) }; ExportedBlockKeys expKeys = new ExportedBlockKeys(true, 9, 10, getBlockKey(1), keys); DatanodeRegistration reg = new DatanodeRegistration(dnId, new StorageInfo(NodeType.DATA_NODE), expKeys, "3.0.0"); DatanodeRegistrationProto proto = PBHelper.convert(reg); DatanodeRegistration reg2 = PBHelper.convert(proto); compare(reg.getStorageInfo(), reg2.getStorageInfo()); compare(reg.getExportedKeys(), reg2.getExportedKeys()); compare(reg, reg2); assertEquals(reg.getSoftwareVersion(), reg2.getSoftwareVersion()); }
public static BlockKeyProto convert(BlockKey key) { byte[] encodedKey = key.getEncodedKey(); ByteString keyBytes = PBHelperClient.getByteString(encodedKey == null ? DFSUtilClient.EMPTY_BYTES : encodedKey); return BlockKeyProto.newBuilder().setKeyId(key.getKeyId()) .setKeyBytes(keyBytes).setExpiryDate(key.getExpiryDate()).build(); }
@Test public void testConvertDatanodeRegistration() { DatanodeID dnId = DFSTestUtil.getLocalDatanodeID(); BlockKey[] keys = new BlockKey[] { getBlockKey(2), getBlockKey(3) }; ExportedBlockKeys expKeys = new ExportedBlockKeys(true, 9, 10, getBlockKey(1), keys); DatanodeRegistration reg = new DatanodeRegistration(dnId, new StorageInfo(), expKeys, "3.0.0"); DatanodeRegistrationProto proto = PBHelper.convert(reg); DatanodeRegistration reg2 = PBHelper.convert(proto); compare(reg.getStorageInfo(), reg2.getStorageInfo()); compare(reg.getExportedKeys(), reg2.getExportedKeys()); compare(reg, reg2); assertEquals(reg.getSoftwareVersion(), reg2.getSoftwareVersion()); }