Java 类org.apache.hadoop.mapreduce.v2.api.MRDelegationTokenIdentifier 实例源码

@SuppressWarnings("unchecked")
public Token<MRDelegationTokenIdentifier> selectToken(Text service,
    Collection<Token<? extends TokenIdentifier>> tokens) {
  if (service == null) {
    return null;
  }
  LOG.debug("Looking for a token with service " + service.toString());
  for (Token<? extends TokenIdentifier> token : tokens) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Token kind is " + token.getKind().toString()
          + " and the token's service name is " + token.getService());
    }
    if (MRDelegationTokenIdentifier.KIND_NAME.equals(token.getKind())
        && service.equals(token.getService())) {
      return (Token<MRDelegationTokenIdentifier>) token;
    }
  }
  return null;
}

@Override
public void storeToken(MRDelegationTokenIdentifier tokenId, Long renewDate)
    throws IOException {
  if (LOG.isDebugEnabled()) {
    LOG.debug("Storing token " + tokenId.getSequenceNumber());
  }

  ByteArrayOutputStream memStream = new ByteArrayOutputStream();
  DataOutputStream dataStream = new DataOutputStream(memStream);
  try {
    tokenId.write(dataStream);
    dataStream.writeLong(renewDate);
    dataStream.close();
    dataStream = null;
  } finally {
    IOUtils.cleanup(LOG, dataStream);
  }

  String dbKey = getTokenDatabaseKey(tokenId);
  try {
    db.put(bytes(dbKey), memStream.toByteArray());
  } catch (DBException e) {
    throw new IOException(e);
  }
}

@Override
public RenewDelegationTokenResponse renewDelegationToken(
    RenewDelegationTokenRequest request) throws IOException {
    if (!isAllowedDelegationTokenOp()) {
      throw new IOException(
          "Delegation Token can be renewed only with kerberos authentication");
    }

    org.apache.hadoop.yarn.api.records.Token protoToken = request.getDelegationToken();
    Token<MRDelegationTokenIdentifier> token =
        new Token<MRDelegationTokenIdentifier>(
            protoToken.getIdentifier().array(), protoToken.getPassword()
                .array(), new Text(protoToken.getKind()), new Text(
                protoToken.getService()));

    String user = UserGroupInformation.getCurrentUser().getShortUserName();
    long nextExpTime = jhsDTSecretManager.renewToken(token, user);
    RenewDelegationTokenResponse renewResponse = Records
        .newRecord(RenewDelegationTokenResponse.class);
    renewResponse.setNextExpirationTime(nextExpTime);
    return renewResponse;
}

@Override
public CancelDelegationTokenResponse cancelDelegationToken(
    CancelDelegationTokenRequest request) throws IOException {
    if (!isAllowedDelegationTokenOp()) {
      throw new IOException(
          "Delegation Token can be cancelled only with kerberos authentication");
    }

    org.apache.hadoop.yarn.api.records.Token protoToken = request.getDelegationToken();
    Token<MRDelegationTokenIdentifier> token =
        new Token<MRDelegationTokenIdentifier>(
            protoToken.getIdentifier().array(), protoToken.getPassword()
                .array(), new Text(protoToken.getKind()), new Text(
                protoToken.getService()));

    String user = UserGroupInformation.getCurrentUser().getUserName();
    jhsDTSecretManager.cancelToken(token, user);
    return Records.newRecord(CancelDelegationTokenResponse.class);
}

@Override
public void updateToken(MRDelegationTokenIdentifier tokenId,
    Long renewDate) throws IOException {
  if (LOG.isDebugEnabled()) {
    LOG.debug("Updating token " + tokenId.getSequenceNumber());
  }

  // Files cannot be atomically replaced, therefore we write a temporary
  // update file, remove the original token file, then rename the update
  // file to the token file. During recovery either the token file will be
  // used or if that is missing and an update file is present then the
  // update file is used.
  Path tokenPath = getTokenPath(tokenId);
  Path tmp = new Path(tokenPath.getParent(),
      UPDATE_TMP_FILE_PREFIX + tokenPath.getName());
  writeFile(tmp, buildTokenData(tokenId, renewDate));
  try {
    deleteFile(tokenPath);
  } catch (IOException e) {
    fs.delete(tmp, false);
    throw e;
  }
  if (!fs.rename(tmp, tokenPath)) {
    throw new IOException("Could not rename " + tmp + " to " + tokenPath);
  }
}

private MRDelegationTokenIdentifier loadToken(HistoryServerState state,
    Path tokenFile, long numTokenFileBytes) throws IOException {
  MRDelegationTokenIdentifier tokenId = new MRDelegationTokenIdentifier();
  long renewDate;
  byte[] tokenData = readFile(tokenFile, numTokenFileBytes);
  DataInputStream in =
      new DataInputStream(new ByteArrayInputStream(tokenData));
  try {
    tokenId.readFields(in);
    renewDate = in.readLong();
  } finally {
    IOUtils.cleanup(LOG, in);
  }
  state.tokenState.put(tokenId, renewDate);
  return tokenId;
}

@SuppressWarnings("unchecked")
public Token<MRDelegationTokenIdentifier> selectToken(Text service,
    Collection<Token<? extends TokenIdentifier>> tokens) {
  if (service == null) {
    return null;
  }
  LOG.debug("Looking for a token with service " + service.toString());
  for (Token<? extends TokenIdentifier> token : tokens) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Token kind is " + token.getKind().toString()
          + " and the token's service name is " + token.getService());
    }
    if (MRDelegationTokenIdentifier.KIND_NAME.equals(token.getKind())
        && service.equals(token.getService())) {
      return (Token<MRDelegationTokenIdentifier>) token;
    }
  }
  return null;
}

@Override
public void storeToken(MRDelegationTokenIdentifier tokenId, Long renewDate)
    throws IOException {
  if (LOG.isDebugEnabled()) {
    LOG.debug("Storing token " + tokenId.getSequenceNumber());
  }

  ByteArrayOutputStream memStream = new ByteArrayOutputStream();
  DataOutputStream dataStream = new DataOutputStream(memStream);
  try {
    tokenId.write(dataStream);
    dataStream.writeLong(renewDate);
    dataStream.close();
    dataStream = null;
  } finally {
    IOUtils.cleanup(LOG, dataStream);
  }

  String dbKey = getTokenDatabaseKey(tokenId);
  try {
    db.put(bytes(dbKey), memStream.toByteArray());
  } catch (DBException e) {
    throw new IOException(e);
  }
}

@Override
public RenewDelegationTokenResponse renewDelegationToken(
    RenewDelegationTokenRequest request) throws IOException {
    if (!isAllowedDelegationTokenOp()) {
      throw new IOException(
          "Delegation Token can be renewed only with kerberos authentication");
    }

    org.apache.hadoop.yarn.api.records.Token protoToken = request.getDelegationToken();
    Token<MRDelegationTokenIdentifier> token =
        new Token<MRDelegationTokenIdentifier>(
            protoToken.getIdentifier().array(), protoToken.getPassword()
                .array(), new Text(protoToken.getKind()), new Text(
                protoToken.getService()));

    String user = UserGroupInformation.getCurrentUser().getShortUserName();
    long nextExpTime = jhsDTSecretManager.renewToken(token, user);
    RenewDelegationTokenResponse renewResponse = Records
        .newRecord(RenewDelegationTokenResponse.class);
    renewResponse.setNextExpirationTime(nextExpTime);
    return renewResponse;
}

@Override
public CancelDelegationTokenResponse cancelDelegationToken(
    CancelDelegationTokenRequest request) throws IOException {
    if (!isAllowedDelegationTokenOp()) {
      throw new IOException(
          "Delegation Token can be cancelled only with kerberos authentication");
    }

    org.apache.hadoop.yarn.api.records.Token protoToken = request.getDelegationToken();
    Token<MRDelegationTokenIdentifier> token =
        new Token<MRDelegationTokenIdentifier>(
            protoToken.getIdentifier().array(), protoToken.getPassword()
                .array(), new Text(protoToken.getKind()), new Text(
                protoToken.getService()));

    String user = UserGroupInformation.getCurrentUser().getUserName();
    jhsDTSecretManager.cancelToken(token, user);
    return Records.newRecord(CancelDelegationTokenResponse.class);
}

@Override
public void updateToken(MRDelegationTokenIdentifier tokenId,
    Long renewDate) throws IOException {
  if (LOG.isDebugEnabled()) {
    LOG.debug("Updating token " + tokenId.getSequenceNumber());
  }

  // Files cannot be atomically replaced, therefore we write a temporary
  // update file, remove the original token file, then rename the update
  // file to the token file. During recovery either the token file will be
  // used or if that is missing and an update file is present then the
  // update file is used.
  Path tokenPath = getTokenPath(tokenId);
  Path tmp = new Path(tokenPath.getParent(),
      UPDATE_TMP_FILE_PREFIX + tokenPath.getName());
  writeFile(tmp, buildTokenData(tokenId, renewDate));
  try {
    deleteFile(tokenPath);
  } catch (IOException e) {
    fs.delete(tmp, false);
    throw e;
  }
  if (!fs.rename(tmp, tokenPath)) {
    throw new IOException("Could not rename " + tmp + " to " + tokenPath);
  }
}

private MRDelegationTokenIdentifier loadToken(HistoryServerState state,
    Path tokenFile, long numTokenFileBytes) throws IOException {
  MRDelegationTokenIdentifier tokenId = new MRDelegationTokenIdentifier();
  long renewDate;
  byte[] tokenData = readFile(tokenFile, numTokenFileBytes);
  DataInputStream in =
      new DataInputStream(new ByteArrayInputStream(tokenData));
  try {
    tokenId.readFields(in);
    renewDate = in.readLong();
  } finally {
    IOUtils.cleanup(LOG, in);
  }
  state.tokenState.put(tokenId, renewDate);
  return tokenId;
}

@SuppressWarnings("unchecked")
public Token<MRDelegationTokenIdentifier> selectToken(Text service,
    Collection<Token<? extends TokenIdentifier>> tokens) {
  if (service == null) {
    return null;
  }
  LOG.debug("Looking for a token with service " + service.toString());
  for (Token<? extends TokenIdentifier> token : tokens) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Token kind is " + token.getKind().toString()
          + " and the token's service name is " + token.getService());
    }
    if (MRDelegationTokenIdentifier.KIND_NAME.equals(token.getKind())
        && service.equals(token.getService())) {
      return (Token<MRDelegationTokenIdentifier>) token;
    }
  }
  return null;
}

@Override
public void storeToken(MRDelegationTokenIdentifier tokenId, Long renewDate)
    throws IOException {
  if (LOG.isDebugEnabled()) {
    LOG.debug("Storing token " + tokenId.getSequenceNumber());
  }

  ByteArrayOutputStream memStream = new ByteArrayOutputStream();
  DataOutputStream dataStream = new DataOutputStream(memStream);
  try {
    tokenId.write(dataStream);
    dataStream.writeLong(renewDate);
    dataStream.close();
    dataStream = null;
  } finally {
    IOUtils.cleanup(LOG, dataStream);
  }

  String dbKey = getTokenDatabaseKey(tokenId);
  try {
    db.put(bytes(dbKey), memStream.toByteArray());
  } catch (DBException e) {
    throw new IOException(e);
  }
}

@Override
public RenewDelegationTokenResponse renewDelegationToken(
    RenewDelegationTokenRequest request) throws IOException {
    if (!isAllowedDelegationTokenOp()) {
      throw new IOException(
          "Delegation Token can be renewed only with kerberos authentication");
    }

    org.apache.hadoop.yarn.api.records.Token protoToken = request.getDelegationToken();
    Token<MRDelegationTokenIdentifier> token =
        new Token<MRDelegationTokenIdentifier>(
            protoToken.getIdentifier().array(), protoToken.getPassword()
                .array(), new Text(protoToken.getKind()), new Text(
                protoToken.getService()));

    String user = UserGroupInformation.getCurrentUser().getShortUserName();
    long nextExpTime = jhsDTSecretManager.renewToken(token, user);
    RenewDelegationTokenResponse renewResponse = Records
        .newRecord(RenewDelegationTokenResponse.class);
    renewResponse.setNextExpirationTime(nextExpTime);
    return renewResponse;
}

@Override
public CancelDelegationTokenResponse cancelDelegationToken(
    CancelDelegationTokenRequest request) throws IOException {
    if (!isAllowedDelegationTokenOp()) {
      throw new IOException(
          "Delegation Token can be cancelled only with kerberos authentication");
    }

    org.apache.hadoop.yarn.api.records.Token protoToken = request.getDelegationToken();
    Token<MRDelegationTokenIdentifier> token =
        new Token<MRDelegationTokenIdentifier>(
            protoToken.getIdentifier().array(), protoToken.getPassword()
                .array(), new Text(protoToken.getKind()), new Text(
                protoToken.getService()));

    String user = UserGroupInformation.getCurrentUser().getUserName();
    jhsDTSecretManager.cancelToken(token, user);
    return Records.newRecord(CancelDelegationTokenResponse.class);
}

@Override
public void updateToken(MRDelegationTokenIdentifier tokenId,
    Long renewDate) throws IOException {
  if (LOG.isDebugEnabled()) {
    LOG.debug("Updating token " + tokenId.getSequenceNumber());
  }

  // Files cannot be atomically replaced, therefore we write a temporary
  // update file, remove the original token file, then rename the update
  // file to the token file. During recovery either the token file will be
  // used or if that is missing and an update file is present then the
  // update file is used.
  Path tokenPath = getTokenPath(tokenId);
  Path tmp = new Path(tokenPath.getParent(),
      UPDATE_TMP_FILE_PREFIX + tokenPath.getName());
  writeFile(tmp, buildTokenData(tokenId, renewDate));
  try {
    deleteFile(tokenPath);
  } catch (IOException e) {
    fs.delete(tmp, false);
    throw e;
  }
  if (!fs.rename(tmp, tokenPath)) {
    throw new IOException("Could not rename " + tmp + " to " + tokenPath);
  }
}

private MRDelegationTokenIdentifier loadToken(HistoryServerState state,
    Path tokenFile, long numTokenFileBytes) throws IOException {
  MRDelegationTokenIdentifier tokenId = new MRDelegationTokenIdentifier();
  long renewDate;
  byte[] tokenData = readFile(tokenFile, numTokenFileBytes);
  DataInputStream in =
      new DataInputStream(new ByteArrayInputStream(tokenData));
  try {
    tokenId.readFields(in);
    renewDate = in.readLong();
  } finally {
    IOUtils.cleanup(LOG, in);
  }
  state.tokenState.put(tokenId, renewDate);
  return tokenId;
}

@SuppressWarnings("unchecked")
public Token<MRDelegationTokenIdentifier> selectToken(Text service,
    Collection<Token<? extends TokenIdentifier>> tokens) {
  if (service == null) {
    return null;
  }
  LOG.debug("Looking for a token with service " + service.toString());
  for (Token<? extends TokenIdentifier> token : tokens) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Token kind is " + token.getKind().toString()
          + " and the token's service name is " + token.getService());
    }
    if (MRDelegationTokenIdentifier.KIND_NAME.equals(token.getKind())
        && service.equals(token.getService())) {
      return (Token<MRDelegationTokenIdentifier>) token;
    }
  }
  return null;
}

@Override
public RenewDelegationTokenResponse renewDelegationToken(
    RenewDelegationTokenRequest request) throws IOException {
    if (!isAllowedDelegationTokenOp()) {
      throw new IOException(
          "Delegation Token can be renewed only with kerberos authentication");
    }

    org.apache.hadoop.yarn.api.records.Token protoToken = request.getDelegationToken();
    Token<MRDelegationTokenIdentifier> token =
        new Token<MRDelegationTokenIdentifier>(
            protoToken.getIdentifier().array(), protoToken.getPassword()
                .array(), new Text(protoToken.getKind()), new Text(
                protoToken.getService()));

    String user = UserGroupInformation.getCurrentUser().getShortUserName();
    long nextExpTime = jhsDTSecretManager.renewToken(token, user);
    RenewDelegationTokenResponse renewResponse = Records
        .newRecord(RenewDelegationTokenResponse.class);
    renewResponse.setNextExpirationTime(nextExpTime);
    return renewResponse;
}

@Override
public CancelDelegationTokenResponse cancelDelegationToken(
    CancelDelegationTokenRequest request) throws IOException {
    if (!isAllowedDelegationTokenOp()) {
      throw new IOException(
          "Delegation Token can be cancelled only with kerberos authentication");
    }

    org.apache.hadoop.yarn.api.records.Token protoToken = request.getDelegationToken();
    Token<MRDelegationTokenIdentifier> token =
        new Token<MRDelegationTokenIdentifier>(
            protoToken.getIdentifier().array(), protoToken.getPassword()
                .array(), new Text(protoToken.getKind()), new Text(
                protoToken.getService()));

    String user = UserGroupInformation.getCurrentUser().getUserName();
    jhsDTSecretManager.cancelToken(token, user);
    return Records.newRecord(CancelDelegationTokenResponse.class);
}

@Override
public void updateToken(MRDelegationTokenIdentifier tokenId,
    Long renewDate) throws IOException {
  if (LOG.isDebugEnabled()) {
    LOG.debug("Updating token " + tokenId.getSequenceNumber());
  }

  // Files cannot be atomically replaced, therefore we write a temporary
  // update file, remove the original token file, then rename the update
  // file to the token file. During recovery either the token file will be
  // used or if that is missing and an update file is present then the
  // update file is used.
  Path tokenPath = getTokenPath(tokenId);
  Path tmp = new Path(tokenPath.getParent(),
      UPDATE_TMP_FILE_PREFIX + tokenPath.getName());
  writeFile(tmp, buildTokenData(tokenId, renewDate));
  try {
    deleteFile(tokenPath);
  } catch (IOException e) {
    fs.delete(tmp, false);
    throw e;
  }
  if (!fs.rename(tmp, tokenPath)) {
    throw new IOException("Could not rename " + tmp + " to " + tokenPath);
  }
}

private MRDelegationTokenIdentifier loadToken(HistoryServerState state,
    Path tokenFile, long numTokenFileBytes) throws IOException {
  MRDelegationTokenIdentifier tokenId = new MRDelegationTokenIdentifier();
  long renewDate;
  byte[] tokenData = readFile(tokenFile, numTokenFileBytes);
  DataInputStream in =
      new DataInputStream(new ByteArrayInputStream(tokenData));
  try {
    tokenId.readFields(in);
    renewDate = in.readLong();
  } finally {
    IOUtils.cleanup(LOG, in);
  }
  state.tokenState.put(tokenId, renewDate);
  return tokenId;
}

@SuppressWarnings("unchecked")
public Token<MRDelegationTokenIdentifier> selectToken(Text service,
    Collection<Token<? extends TokenIdentifier>> tokens) {
  if (service == null) {
    return null;
  }
  LOG.debug("Looking for a token with service " + service.toString());
  for (Token<? extends TokenIdentifier> token : tokens) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Token kind is " + token.getKind().toString()
          + " and the token's service name is " + token.getService());
    }
    if (MRDelegationTokenIdentifier.KIND_NAME.equals(token.getKind())
        && service.equals(token.getService())) {
      return (Token<MRDelegationTokenIdentifier>) token;
    }
  }
  return null;
}

@Override
public CancelDelegationTokenResponse cancelDelegationToken(
    CancelDelegationTokenRequest request) throws IOException {
    if (!isAllowedDelegationTokenOp()) {
      throw new IOException(
          "Delegation Token can be cancelled only with kerberos authentication");
    }

    org.apache.hadoop.yarn.api.records.Token protoToken = request.getDelegationToken();
    Token<MRDelegationTokenIdentifier> token =
        new Token<MRDelegationTokenIdentifier>(
            protoToken.getIdentifier().array(), protoToken.getPassword()
                .array(), new Text(protoToken.getKind()), new Text(
                protoToken.getService()));

    String user = UserGroupInformation.getCurrentUser().getShortUserName();
    jhsDTSecretManager.cancelToken(token, user);
    return Records.newRecord(CancelDelegationTokenResponse.class);
}

@SuppressWarnings("unchecked")
public Token<MRDelegationTokenIdentifier> selectToken(Text service,
    Collection<Token<? extends TokenIdentifier>> tokens) {
  if (service == null) {
    return null;
  }
  LOG.debug("Looking for a token with service " + service.toString());
  for (Token<? extends TokenIdentifier> token : tokens) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Token kind is " + token.getKind().toString()
          + " and the token's service name is " + token.getService());
    }
    if (MRDelegationTokenIdentifier.KIND_NAME.equals(token.getKind())
        && service.equals(token.getService())) {
      return (Token<MRDelegationTokenIdentifier>) token;
    }
  }
  return null;
}

@Override
public RenewDelegationTokenResponse renewDelegationToken(
    RenewDelegationTokenRequest request) throws IOException {
    if (!isAllowedDelegationTokenOp()) {
      throw new IOException(
          "Delegation Token can be renewed only with kerberos authentication");
    }

    org.apache.hadoop.yarn.api.records.Token protoToken = request.getDelegationToken();
    Token<MRDelegationTokenIdentifier> token =
        new Token<MRDelegationTokenIdentifier>(
            protoToken.getIdentifier().array(), protoToken.getPassword()
                .array(), new Text(protoToken.getKind()), new Text(
                protoToken.getService()));

    String user = UserGroupInformation.getCurrentUser().getShortUserName();
    long nextExpTime = jhsDTSecretManager.renewToken(token, user);
    RenewDelegationTokenResponse renewResponse = Records
        .newRecord(RenewDelegationTokenResponse.class);
    renewResponse.setNextExpirationTime(nextExpTime);
    return renewResponse;
}

@Override
public CancelDelegationTokenResponse cancelDelegationToken(
    CancelDelegationTokenRequest request) throws IOException {
    if (!isAllowedDelegationTokenOp()) {
      throw new IOException(
          "Delegation Token can be cancelled only with kerberos authentication");
    }

    org.apache.hadoop.yarn.api.records.Token protoToken = request.getDelegationToken();
    Token<MRDelegationTokenIdentifier> token =
        new Token<MRDelegationTokenIdentifier>(
            protoToken.getIdentifier().array(), protoToken.getPassword()
                .array(), new Text(protoToken.getKind()), new Text(
                protoToken.getService()));

    String user = UserGroupInformation.getCurrentUser().getUserName();
    jhsDTSecretManager.cancelToken(token, user);
    return Records.newRecord(CancelDelegationTokenResponse.class);
}

@Override
public void updateToken(MRDelegationTokenIdentifier tokenId,
    Long renewDate) throws IOException {
  if (LOG.isDebugEnabled()) {
    LOG.debug("Updating token " + tokenId.getSequenceNumber());
  }

  // Files cannot be atomically replaced, therefore we write a temporary
  // update file, remove the original token file, then rename the update
  // file to the token file. During recovery either the token file will be
  // used or if that is missing and an update file is present then the
  // update file is used.
  Path tokenPath = getTokenPath(tokenId);
  Path tmp = new Path(tokenPath.getParent(),
      UPDATE_TMP_FILE_PREFIX + tokenPath.getName());
  writeFile(tmp, buildTokenData(tokenId, renewDate));
  try {
    deleteFile(tokenPath);
  } catch (IOException e) {
    fs.delete(tmp, false);
    throw e;
  }
  if (!fs.rename(tmp, tokenPath)) {
    throw new IOException("Could not rename " + tmp + " to " + tokenPath);
  }
}

private MRDelegationTokenIdentifier loadToken(HistoryServerState state,
    Path tokenFile, long numTokenFileBytes) throws IOException {
  MRDelegationTokenIdentifier tokenId = new MRDelegationTokenIdentifier();
  long renewDate;
  byte[] tokenData = readFile(tokenFile, numTokenFileBytes);
  DataInputStream in =
      new DataInputStream(new ByteArrayInputStream(tokenData));
  try {
    tokenId.readFields(in);
    renewDate = in.readLong();
  } finally {
    IOUtils.cleanup(LOG, in);
  }
  state.tokenState.put(tokenId, renewDate);
  return tokenId;
}

@SuppressWarnings("unchecked")
public Token<MRDelegationTokenIdentifier> selectToken(Text service,
    Collection<Token<? extends TokenIdentifier>> tokens) {
  if (service == null) {
    return null;
  }
  LOG.debug("Looking for a token with service " + service.toString());
  for (Token<? extends TokenIdentifier> token : tokens) {
    if (LOG.isDebugEnabled()) {
      LOG.debug("Token kind is " + token.getKind().toString()
          + " and the token's service name is " + token.getService());
    }
    if (MRDelegationTokenIdentifier.KIND_NAME.equals(token.getKind())
        && service.equals(token.getService())) {
      return (Token<MRDelegationTokenIdentifier>) token;
    }
  }
  return null;
}

@Override
public void storeToken(MRDelegationTokenIdentifier tokenId, Long renewDate)
    throws IOException {
  if (LOG.isDebugEnabled()) {
    LOG.debug("Storing token " + tokenId.getSequenceNumber());
  }

  ByteArrayOutputStream memStream = new ByteArrayOutputStream();
  DataOutputStream dataStream = new DataOutputStream(memStream);
  try {
    tokenId.write(dataStream);
    dataStream.writeLong(renewDate);
    dataStream.close();
    dataStream = null;
  } finally {
    IOUtils.cleanup(LOG, dataStream);
  }

  String dbKey = getTokenDatabaseKey(tokenId);
  try {
    db.put(bytes(dbKey), memStream.toByteArray());
  } catch (DBException e) {
    throw new IOException(e);
  }
}

@Override
public RenewDelegationTokenResponse renewDelegationToken(
    RenewDelegationTokenRequest request) throws IOException {
    if (!isAllowedDelegationTokenOp()) {
      throw new IOException(
          "Delegation Token can be renewed only with kerberos authentication");
    }

    org.apache.hadoop.yarn.api.records.Token protoToken = request.getDelegationToken();
    Token<MRDelegationTokenIdentifier> token =
        new Token<MRDelegationTokenIdentifier>(
            protoToken.getIdentifier().array(), protoToken.getPassword()
                .array(), new Text(protoToken.getKind()), new Text(
                protoToken.getService()));

    String user = UserGroupInformation.getCurrentUser().getShortUserName();
    long nextExpTime = jhsDTSecretManager.renewToken(token, user);
    RenewDelegationTokenResponse renewResponse = Records
        .newRecord(RenewDelegationTokenResponse.class);
    renewResponse.setNextExpirationTime(nextExpTime);
    return renewResponse;
}

@Override
public CancelDelegationTokenResponse cancelDelegationToken(
    CancelDelegationTokenRequest request) throws IOException {
    if (!isAllowedDelegationTokenOp()) {
      throw new IOException(
          "Delegation Token can be cancelled only with kerberos authentication");
    }

    org.apache.hadoop.yarn.api.records.Token protoToken = request.getDelegationToken();
    Token<MRDelegationTokenIdentifier> token =
        new Token<MRDelegationTokenIdentifier>(
            protoToken.getIdentifier().array(), protoToken.getPassword()
                .array(), new Text(protoToken.getKind()), new Text(
                protoToken.getService()));

    String user = UserGroupInformation.getCurrentUser().getUserName();
    jhsDTSecretManager.cancelToken(token, user);
    return Records.newRecord(CancelDelegationTokenResponse.class);
}

@Override
public void updateToken(MRDelegationTokenIdentifier tokenId,
    Long renewDate) throws IOException {
  if (LOG.isDebugEnabled()) {
    LOG.debug("Updating token " + tokenId.getSequenceNumber());
  }

  // Files cannot be atomically replaced, therefore we write a temporary
  // update file, remove the original token file, then rename the update
  // file to the token file. During recovery either the token file will be
  // used or if that is missing and an update file is present then the
  // update file is used.
  Path tokenPath = getTokenPath(tokenId);
  Path tmp = new Path(tokenPath.getParent(),
      UPDATE_TMP_FILE_PREFIX + tokenPath.getName());
  writeFile(tmp, buildTokenData(tokenId, renewDate));
  try {
    deleteFile(tokenPath);
  } catch (IOException e) {
    fs.delete(tmp, false);
    throw e;
  }
  if (!fs.rename(tmp, tokenPath)) {
    throw new IOException("Could not rename " + tmp + " to " + tokenPath);
  }
}

private MRDelegationTokenIdentifier loadToken(HistoryServerState state,
    Path tokenFile, long numTokenFileBytes) throws IOException {
  MRDelegationTokenIdentifier tokenId = new MRDelegationTokenIdentifier();
  long renewDate;
  byte[] tokenData = readFile(tokenFile, numTokenFileBytes);
  DataInputStream in =
      new DataInputStream(new ByteArrayInputStream(tokenData));
  try {
    tokenId.readFields(in);
    renewDate = in.readLong();
  } finally {
    IOUtils.cleanup(LOG, in);
  }
  state.tokenState.put(tokenId, renewDate);
  return tokenId;
}

private void loadToken(HistoryServerState state, byte[] data)
    throws IOException {
  MRDelegationTokenIdentifier tokenId = new MRDelegationTokenIdentifier();
  long renewDate;
  DataInputStream in = new DataInputStream(new ByteArrayInputStream(data));
  try {
    tokenId.readFields(in);
    renewDate = in.readLong();
  } finally {
    IOUtils.cleanup(LOG, in);
  }
  state.tokenState.put(tokenId, renewDate);
}

@Override
public void removeToken(MRDelegationTokenIdentifier tokenId)
    throws IOException {
  String dbKey = getTokenDatabaseKey(tokenId);
  try {
    db.delete(bytes(dbKey));
  } catch (DBException e) {
    throw new IOException(e);
  }
}

@Override
public void storeToken(MRDelegationTokenIdentifier tokenId,
    Long renewDate) throws IOException {
  if (LOG.isDebugEnabled()) {
    LOG.debug("Storing token " + tokenId.getSequenceNumber());
  }

  Path tokenPath = getTokenPath(tokenId);
  if (fs.exists(tokenPath)) {
    throw new IOException(tokenPath + " already exists");
  }

  createNewFile(tokenPath, buildTokenData(tokenId, renewDate));
}

@Override
public void removeToken(MRDelegationTokenIdentifier tokenId)
    throws IOException {
  if (LOG.isDebugEnabled()) {
    LOG.debug("Removing token " + tokenId.getSequenceNumber());
  }
  deleteFile(getTokenPath(tokenId));
}