Google Git
Sign in
apache / hbase-site / 0082cda45f48d1755543336c908ec6d80d4ec0a9 / . / testdevapidocs / src-html / org / apache / hadoop / hbase / security / AbstractTestSecureIPC.TestThread.html
blob: 69fc7dd1244981ef1f0eef72539923890b1c9442 [file] [log] [blame]
<!DOCTYPE HTML>
<html lang="en">
<head>
<!-- Generated by javadoc (17) -->
<title>Source code</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="source: package: org.apache.hadoop.hbase.security, class: AbstractTestSecureIPC, class: TestThread">
<meta name="generator" content="javadoc/SourceToHTMLConverter">
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
</head>
<body class="source-page">
<main role="main">
<div class="source-container">
<pre><span class="source-line-no">001</span><span id="line-1">/*</span>
<span class="source-line-no">002</span><span id="line-2"> * Licensed to the Apache Software Foundation (ASF) under one</span>
<span class="source-line-no">003</span><span id="line-3"> * or more contributor license agreements. See the NOTICE file</span>
<span class="source-line-no">004</span><span id="line-4"> * distributed with this work for additional information</span>
<span class="source-line-no">005</span><span id="line-5"> * regarding copyright ownership. The ASF licenses this file</span>
<span class="source-line-no">006</span><span id="line-6"> * to you under the Apache License, Version 2.0 (the</span>
<span class="source-line-no">007</span><span id="line-7"> * "License"); you may not use this file except in compliance</span>
<span class="source-line-no">008</span><span id="line-8"> * with the License. You may obtain a copy of the License at</span>
<span class="source-line-no">009</span><span id="line-9"> *</span>
<span class="source-line-no">010</span><span id="line-10"> * http://www.apache.org/licenses/LICENSE-2.0</span>
<span class="source-line-no">011</span><span id="line-11"> *</span>
<span class="source-line-no">012</span><span id="line-12"> * Unless required by applicable law or agreed to in writing, software</span>
<span class="source-line-no">013</span><span id="line-13"> * distributed under the License is distributed on an "AS IS" BASIS,</span>
<span class="source-line-no">014</span><span id="line-14"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span>
<span class="source-line-no">015</span><span id="line-15"> * See the License for the specific language governing permissions and</span>
<span class="source-line-no">016</span><span id="line-16"> * limitations under the License.</span>
<span class="source-line-no">017</span><span id="line-17"> */</span>
<span class="source-line-no">018</span><span id="line-18">package org.apache.hadoop.hbase.security;</span>
<span class="source-line-no">019</span><span id="line-19"></span>
<span class="source-line-no">020</span><span id="line-20">import static org.apache.hadoop.hbase.ipc.TestProtobufRpcServiceImpl.SERVICE;</span>
<span class="source-line-no">021</span><span id="line-21">import static org.apache.hadoop.hbase.ipc.TestProtobufRpcServiceImpl.newBlockingStub;</span>
<span class="source-line-no">022</span><span id="line-22">import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getKeytabFileForTesting;</span>
<span class="source-line-no">023</span><span id="line-23">import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getPrincipalForTesting;</span>
<span class="source-line-no">024</span><span id="line-24">import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.loginKerberosPrincipal;</span>
<span class="source-line-no">025</span><span id="line-25">import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.setSecuredConfiguration;</span>
<span class="source-line-no">026</span><span id="line-26">import static org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProviders.SELECTOR_KEY;</span>
<span class="source-line-no">027</span><span id="line-27">import static org.hamcrest.MatcherAssert.assertThat;</span>
<span class="source-line-no">028</span><span id="line-28">import static org.hamcrest.Matchers.either;</span>
<span class="source-line-no">029</span><span id="line-29">import static org.hamcrest.Matchers.instanceOf;</span>
<span class="source-line-no">030</span><span id="line-30">import static org.junit.Assert.assertEquals;</span>
<span class="source-line-no">031</span><span id="line-31">import static org.junit.Assert.assertNotSame;</span>
<span class="source-line-no">032</span><span id="line-32">import static org.junit.Assert.assertSame;</span>
<span class="source-line-no">033</span><span id="line-33">import static org.junit.Assert.assertThrows;</span>
<span class="source-line-no">034</span><span id="line-34">import static org.junit.Assert.fail;</span>
<span class="source-line-no">035</span><span id="line-35"></span>
<span class="source-line-no">036</span><span id="line-36">import java.io.EOFException;</span>
<span class="source-line-no">037</span><span id="line-37">import java.io.File;</span>
<span class="source-line-no">038</span><span id="line-38">import java.io.IOException;</span>
<span class="source-line-no">039</span><span id="line-39">import java.lang.reflect.Field;</span>
<span class="source-line-no">040</span><span id="line-40">import java.net.InetAddress;</span>
<span class="source-line-no">041</span><span id="line-41">import java.net.InetSocketAddress;</span>
<span class="source-line-no">042</span><span id="line-42">import java.security.PrivilegedExceptionAction;</span>
<span class="source-line-no">043</span><span id="line-43">import java.util.ArrayList;</span>
<span class="source-line-no">044</span><span id="line-44">import java.util.Collections;</span>
<span class="source-line-no">045</span><span id="line-45">import java.util.Map;</span>
<span class="source-line-no">046</span><span id="line-46">import javax.security.sasl.SaslClient;</span>
<span class="source-line-no">047</span><span id="line-47">import javax.security.sasl.SaslException;</span>
<span class="source-line-no">048</span><span id="line-48">import org.apache.commons.lang3.RandomStringUtils;</span>
<span class="source-line-no">049</span><span id="line-49">import org.apache.hadoop.conf.Configuration;</span>
<span class="source-line-no">050</span><span id="line-50">import org.apache.hadoop.hbase.HBaseTestingUtil;</span>
<span class="source-line-no">051</span><span id="line-51">import org.apache.hadoop.hbase.HConstants;</span>
<span class="source-line-no">052</span><span id="line-52">import org.apache.hadoop.hbase.exceptions.ConnectionClosedException;</span>
<span class="source-line-no">053</span><span id="line-53">import org.apache.hadoop.hbase.ipc.FallbackDisallowedException;</span>
<span class="source-line-no">054</span><span id="line-54">import org.apache.hadoop.hbase.ipc.FifoRpcScheduler;</span>
<span class="source-line-no">055</span><span id="line-55">import org.apache.hadoop.hbase.ipc.RpcClient;</span>
<span class="source-line-no">056</span><span id="line-56">import org.apache.hadoop.hbase.ipc.RpcClientFactory;</span>
<span class="source-line-no">057</span><span id="line-57">import org.apache.hadoop.hbase.ipc.RpcServer;</span>
<span class="source-line-no">058</span><span id="line-58">import org.apache.hadoop.hbase.ipc.RpcServerFactory;</span>
<span class="source-line-no">059</span><span id="line-59">import org.apache.hadoop.hbase.security.provider.AuthenticationProviderSelector;</span>
<span class="source-line-no">060</span><span id="line-60">import org.apache.hadoop.hbase.security.provider.BuiltInProviderSelector;</span>
<span class="source-line-no">061</span><span id="line-61">import org.apache.hadoop.hbase.security.provider.SaslAuthMethod;</span>
<span class="source-line-no">062</span><span id="line-62">import org.apache.hadoop.hbase.security.provider.SaslClientAuthenticationProvider;</span>
<span class="source-line-no">063</span><span id="line-63">import org.apache.hadoop.hbase.util.Pair;</span>
<span class="source-line-no">064</span><span id="line-64">import org.apache.hadoop.minikdc.MiniKdc;</span>
<span class="source-line-no">065</span><span id="line-65">import org.apache.hadoop.security.UserGroupInformation;</span>
<span class="source-line-no">066</span><span id="line-66">import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;</span>
<span class="source-line-no">067</span><span id="line-67">import org.apache.hadoop.security.token.Token;</span>
<span class="source-line-no">068</span><span id="line-68">import org.apache.hadoop.security.token.TokenIdentifier;</span>
<span class="source-line-no">069</span><span id="line-69">import org.junit.Test;</span>
<span class="source-line-no">070</span><span id="line-70">import org.mockito.Mockito;</span>
<span class="source-line-no">071</span><span id="line-71"></span>
<span class="source-line-no">072</span><span id="line-72">import org.apache.hbase.thirdparty.com.google.common.collect.Lists;</span>
<span class="source-line-no">073</span><span id="line-73">import org.apache.hbase.thirdparty.com.google.protobuf.BlockingService;</span>
<span class="source-line-no">074</span><span id="line-74"></span>
<span class="source-line-no">075</span><span id="line-75">import org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestProtos;</span>
<span class="source-line-no">076</span><span id="line-76">import org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestRpcServiceProtos.TestProtobufRpcProto.BlockingInterface;</span>
<span class="source-line-no">077</span><span id="line-77">import org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.UserInformation;</span>
<span class="source-line-no">078</span><span id="line-78"></span>
<span class="source-line-no">079</span><span id="line-79">public class AbstractTestSecureIPC {</span>
<span class="source-line-no">080</span><span id="line-80"></span>
<span class="source-line-no">081</span><span id="line-81"> protected static final HBaseTestingUtil TEST_UTIL = new HBaseTestingUtil();</span>
<span class="source-line-no">082</span><span id="line-82"></span>
<span class="source-line-no">083</span><span id="line-83"> protected static final File KEYTAB_FILE =</span>
<span class="source-line-no">084</span><span id="line-84"> new File(TEST_UTIL.getDataTestDir("keytab").toUri().getPath());</span>
<span class="source-line-no">085</span><span id="line-85"></span>
<span class="source-line-no">086</span><span id="line-86"> protected static MiniKdc KDC;</span>
<span class="source-line-no">087</span><span id="line-87"> protected static String HOST = "localhost";</span>
<span class="source-line-no">088</span><span id="line-88"> protected static String PRINCIPAL;</span>
<span class="source-line-no">089</span><span id="line-89"></span>
<span class="source-line-no">090</span><span id="line-90"> protected String krbKeytab;</span>
<span class="source-line-no">091</span><span id="line-91"> protected String krbPrincipal;</span>
<span class="source-line-no">092</span><span id="line-92"> protected UserGroupInformation ugi;</span>
<span class="source-line-no">093</span><span id="line-93"> protected Configuration clientConf;</span>
<span class="source-line-no">094</span><span id="line-94"> protected Configuration serverConf;</span>
<span class="source-line-no">095</span><span id="line-95"></span>
<span class="source-line-no">096</span><span id="line-96"> protected static void initKDCAndConf() throws Exception {</span>
<span class="source-line-no">097</span><span id="line-97"> KDC = TEST_UTIL.setupMiniKdc(KEYTAB_FILE);</span>
<span class="source-line-no">098</span><span id="line-98"> PRINCIPAL = "hbase/" + HOST;</span>
<span class="source-line-no">099</span><span id="line-99"> KDC.createPrincipal(KEYTAB_FILE, PRINCIPAL);</span>
<span class="source-line-no">100</span><span id="line-100"> HBaseKerberosUtils.setPrincipalForTesting(PRINCIPAL + "@" + KDC.getRealm());</span>
<span class="source-line-no">101</span><span id="line-101"> // set a smaller timeout and retry to speed up tests</span>
<span class="source-line-no">102</span><span id="line-102"> TEST_UTIL.getConfiguration().setInt(RpcClient.SOCKET_TIMEOUT_READ, 2000);</span>
<span class="source-line-no">103</span><span id="line-103"> TEST_UTIL.getConfiguration().setInt("hbase.security.relogin.maxretries", 1);</span>
<span class="source-line-no">104</span><span id="line-104"> TEST_UTIL.getConfiguration().setInt("hbase.security.relogin.maxbackoff", 100);</span>
<span class="source-line-no">105</span><span id="line-105"> }</span>
<span class="source-line-no">106</span><span id="line-106"></span>
<span class="source-line-no">107</span><span id="line-107"> protected static void stopKDC() {</span>
<span class="source-line-no">108</span><span id="line-108"> if (KDC != null) {</span>
<span class="source-line-no">109</span><span id="line-109"> KDC.stop();</span>
<span class="source-line-no">110</span><span id="line-110"> }</span>
<span class="source-line-no">111</span><span id="line-111"> }</span>
<span class="source-line-no">112</span><span id="line-112"></span>
<span class="source-line-no">113</span><span id="line-113"> protected final void setUpPrincipalAndConf() throws Exception {</span>
<span class="source-line-no">114</span><span id="line-114"> krbKeytab = getKeytabFileForTesting();</span>
<span class="source-line-no">115</span><span id="line-115"> krbPrincipal = getPrincipalForTesting();</span>
<span class="source-line-no">116</span><span id="line-116"> ugi = loginKerberosPrincipal(krbKeytab, krbPrincipal);</span>
<span class="source-line-no">117</span><span id="line-117"> clientConf = new Configuration(TEST_UTIL.getConfiguration());</span>
<span class="source-line-no">118</span><span id="line-118"> setSecuredConfiguration(clientConf);</span>
<span class="source-line-no">119</span><span id="line-119"> serverConf = new Configuration(TEST_UTIL.getConfiguration());</span>
<span class="source-line-no">120</span><span id="line-120"> setSecuredConfiguration(serverConf);</span>
<span class="source-line-no">121</span><span id="line-121"> }</span>
<span class="source-line-no">122</span><span id="line-122"></span>
<span class="source-line-no">123</span><span id="line-123"> @Test</span>
<span class="source-line-no">124</span><span id="line-124"> public void testRpcCallWithEnabledKerberosSaslAuth() throws Exception {</span>
<span class="source-line-no">125</span><span id="line-125"> UserGroupInformation ugi2 = UserGroupInformation.getCurrentUser();</span>
<span class="source-line-no">126</span><span id="line-126"></span>
<span class="source-line-no">127</span><span id="line-127"> // check that the login user is okay:</span>
<span class="source-line-no">128</span><span id="line-128"> assertSame(ugi2, ugi);</span>
<span class="source-line-no">129</span><span id="line-129"> assertEquals(AuthenticationMethod.KERBEROS, ugi.getAuthenticationMethod());</span>
<span class="source-line-no">130</span><span id="line-130"> assertEquals(krbPrincipal, ugi.getUserName());</span>
<span class="source-line-no">131</span><span id="line-131"></span>
<span class="source-line-no">132</span><span id="line-132"> callRpcService(User.create(ugi2));</span>
<span class="source-line-no">133</span><span id="line-133"> }</span>
<span class="source-line-no">134</span><span id="line-134"></span>
<span class="source-line-no">135</span><span id="line-135"> @Test</span>
<span class="source-line-no">136</span><span id="line-136"> public void testRpcCallWithEnabledKerberosSaslAuthCanonicalHostname() throws Exception {</span>
<span class="source-line-no">137</span><span id="line-137"> UserGroupInformation ugi2 = UserGroupInformation.getCurrentUser();</span>
<span class="source-line-no">138</span><span id="line-138"></span>
<span class="source-line-no">139</span><span id="line-139"> // check that the login user is okay:</span>
<span class="source-line-no">140</span><span id="line-140"> assertSame(ugi2, ugi);</span>
<span class="source-line-no">141</span><span id="line-141"> assertEquals(AuthenticationMethod.KERBEROS, ugi.getAuthenticationMethod());</span>
<span class="source-line-no">142</span><span id="line-142"> assertEquals(krbPrincipal, ugi.getUserName());</span>
<span class="source-line-no">143</span><span id="line-143"></span>
<span class="source-line-no">144</span><span id="line-144"> enableCanonicalHostnameTesting(clientConf, "localhost");</span>
<span class="source-line-no">145</span><span id="line-145"> clientConf.setBoolean(</span>
<span class="source-line-no">146</span><span id="line-146"> SecurityConstants.UNSAFE_HBASE_CLIENT_KERBEROS_HOSTNAME_DISABLE_REVERSEDNS, false);</span>
<span class="source-line-no">147</span><span id="line-147"> clientConf.set(HBaseKerberosUtils.KRB_PRINCIPAL, "hbase/_HOST@" + KDC.getRealm());</span>
<span class="source-line-no">148</span><span id="line-148"></span>
<span class="source-line-no">149</span><span id="line-149"> callRpcService(User.create(ugi2));</span>
<span class="source-line-no">150</span><span id="line-150"> }</span>
<span class="source-line-no">151</span><span id="line-151"></span>
<span class="source-line-no">152</span><span id="line-152"> @Test</span>
<span class="source-line-no">153</span><span id="line-153"> public void testRpcCallWithEnabledKerberosSaslAuthNoCanonicalHostname() throws Exception {</span>
<span class="source-line-no">154</span><span id="line-154"> UserGroupInformation ugi2 = UserGroupInformation.getCurrentUser();</span>
<span class="source-line-no">155</span><span id="line-155"></span>
<span class="source-line-no">156</span><span id="line-156"> // check that the login user is okay:</span>
<span class="source-line-no">157</span><span id="line-157"> assertSame(ugi2, ugi);</span>
<span class="source-line-no">158</span><span id="line-158"> assertEquals(AuthenticationMethod.KERBEROS, ugi.getAuthenticationMethod());</span>
<span class="source-line-no">159</span><span id="line-159"> assertEquals(krbPrincipal, ugi.getUserName());</span>
<span class="source-line-no">160</span><span id="line-160"></span>
<span class="source-line-no">161</span><span id="line-161"> enableCanonicalHostnameTesting(clientConf, "127.0.0.1");</span>
<span class="source-line-no">162</span><span id="line-162"> clientConf</span>
<span class="source-line-no">163</span><span id="line-163"> .setBoolean(SecurityConstants.UNSAFE_HBASE_CLIENT_KERBEROS_HOSTNAME_DISABLE_REVERSEDNS, true);</span>
<span class="source-line-no">164</span><span id="line-164"> clientConf.set(HBaseKerberosUtils.KRB_PRINCIPAL, "hbase/_HOST@" + KDC.getRealm());</span>
<span class="source-line-no">165</span><span id="line-165"></span>
<span class="source-line-no">166</span><span id="line-166"> callRpcService(User.create(ugi2));</span>
<span class="source-line-no">167</span><span id="line-167"> }</span>
<span class="source-line-no">168</span><span id="line-168"></span>
<span class="source-line-no">169</span><span id="line-169"> private static void enableCanonicalHostnameTesting(Configuration conf, String canonicalHostname) {</span>
<span class="source-line-no">170</span><span id="line-170"> conf.setClass(SELECTOR_KEY, CanonicalHostnameTestingAuthenticationProviderSelector.class,</span>
<span class="source-line-no">171</span><span id="line-171"> AuthenticationProviderSelector.class);</span>
<span class="source-line-no">172</span><span id="line-172"> conf.set(CanonicalHostnameTestingAuthenticationProviderSelector.CANONICAL_HOST_NAME_KEY,</span>
<span class="source-line-no">173</span><span id="line-173"> canonicalHostname);</span>
<span class="source-line-no">174</span><span id="line-174"> }</span>
<span class="source-line-no">175</span><span id="line-175"></span>
<span class="source-line-no">176</span><span id="line-176"> public static class CanonicalHostnameTestingAuthenticationProviderSelector</span>
<span class="source-line-no">177</span><span id="line-177"> extends BuiltInProviderSelector {</span>
<span class="source-line-no">178</span><span id="line-178"> private static final String CANONICAL_HOST_NAME_KEY =</span>
<span class="source-line-no">179</span><span id="line-179"> "CanonicalHostnameTestingAuthenticationProviderSelector.canonicalHostName";</span>
<span class="source-line-no">180</span><span id="line-180"></span>
<span class="source-line-no">181</span><span id="line-181"> @Override</span>
<span class="source-line-no">182</span><span id="line-182"> public Pair&lt;SaslClientAuthenticationProvider, Token&lt;? extends TokenIdentifier&gt;&gt;</span>
<span class="source-line-no">183</span><span id="line-183"> selectProvider(String clusterId, User user) {</span>
<span class="source-line-no">184</span><span id="line-184"> final Pair&lt;SaslClientAuthenticationProvider, Token&lt;? extends TokenIdentifier&gt;&gt; pair =</span>
<span class="source-line-no">185</span><span id="line-185"> super.selectProvider(clusterId, user);</span>
<span class="source-line-no">186</span><span id="line-186"> pair.setFirst(createCanonicalHostNameTestingProvider(pair.getFirst()));</span>
<span class="source-line-no">187</span><span id="line-187"> return pair;</span>
<span class="source-line-no">188</span><span id="line-188"> }</span>
<span class="source-line-no">189</span><span id="line-189"></span>
<span class="source-line-no">190</span><span id="line-190"> SaslClientAuthenticationProvider</span>
<span class="source-line-no">191</span><span id="line-191"> createCanonicalHostNameTestingProvider(SaslClientAuthenticationProvider delegate) {</span>
<span class="source-line-no">192</span><span id="line-192"> return new SaslClientAuthenticationProvider() {</span>
<span class="source-line-no">193</span><span id="line-193"> @Override</span>
<span class="source-line-no">194</span><span id="line-194"> public SaslClient createClient(Configuration conf, InetAddress serverAddr,</span>
<span class="source-line-no">195</span><span id="line-195"> String serverPrincipal, Token&lt;? extends TokenIdentifier&gt; token, boolean fallbackAllowed,</span>
<span class="source-line-no">196</span><span id="line-196"> Map&lt;String, String&gt; saslProps) throws IOException {</span>
<span class="source-line-no">197</span><span id="line-197"> final String s = conf.get(CANONICAL_HOST_NAME_KEY);</span>
<span class="source-line-no">198</span><span id="line-198"> if (s != null) {</span>
<span class="source-line-no">199</span><span id="line-199"> try {</span>
<span class="source-line-no">200</span><span id="line-200"> final Field canonicalHostName =</span>
<span class="source-line-no">201</span><span id="line-201"> InetAddress.class.getDeclaredField("canonicalHostName");</span>
<span class="source-line-no">202</span><span id="line-202"> canonicalHostName.setAccessible(true);</span>
<span class="source-line-no">203</span><span id="line-203"> canonicalHostName.set(serverAddr, s);</span>
<span class="source-line-no">204</span><span id="line-204"> } catch (NoSuchFieldException | IllegalAccessException e) {</span>
<span class="source-line-no">205</span><span id="line-205"> throw new RuntimeException(e);</span>
<span class="source-line-no">206</span><span id="line-206"> }</span>
<span class="source-line-no">207</span><span id="line-207"> }</span>
<span class="source-line-no">208</span><span id="line-208"></span>
<span class="source-line-no">209</span><span id="line-209"> return delegate.createClient(conf, serverAddr, serverPrincipal, token, fallbackAllowed,</span>
<span class="source-line-no">210</span><span id="line-210"> saslProps);</span>
<span class="source-line-no">211</span><span id="line-211"> }</span>
<span class="source-line-no">212</span><span id="line-212"></span>
<span class="source-line-no">213</span><span id="line-213"> @Override</span>
<span class="source-line-no">214</span><span id="line-214"> public UserInformation getUserInfo(User user) {</span>
<span class="source-line-no">215</span><span id="line-215"> return delegate.getUserInfo(user);</span>
<span class="source-line-no">216</span><span id="line-216"> }</span>
<span class="source-line-no">217</span><span id="line-217"></span>
<span class="source-line-no">218</span><span id="line-218"> @Override</span>
<span class="source-line-no">219</span><span id="line-219"> public UserGroupInformation getRealUser(User ugi) {</span>
<span class="source-line-no">220</span><span id="line-220"> return delegate.getRealUser(ugi);</span>
<span class="source-line-no">221</span><span id="line-221"> }</span>
<span class="source-line-no">222</span><span id="line-222"></span>
<span class="source-line-no">223</span><span id="line-223"> @Override</span>
<span class="source-line-no">224</span><span id="line-224"> public boolean canRetry() {</span>
<span class="source-line-no">225</span><span id="line-225"> return delegate.canRetry();</span>
<span class="source-line-no">226</span><span id="line-226"> }</span>
<span class="source-line-no">227</span><span id="line-227"></span>
<span class="source-line-no">228</span><span id="line-228"> @Override</span>
<span class="source-line-no">229</span><span id="line-229"> public void relogin() throws IOException {</span>
<span class="source-line-no">230</span><span id="line-230"> delegate.relogin();</span>
<span class="source-line-no">231</span><span id="line-231"> }</span>
<span class="source-line-no">232</span><span id="line-232"></span>
<span class="source-line-no">233</span><span id="line-233"> @Override</span>
<span class="source-line-no">234</span><span id="line-234"> public SaslAuthMethod getSaslAuthMethod() {</span>
<span class="source-line-no">235</span><span id="line-235"> return delegate.getSaslAuthMethod();</span>
<span class="source-line-no">236</span><span id="line-236"> }</span>
<span class="source-line-no">237</span><span id="line-237"></span>
<span class="source-line-no">238</span><span id="line-238"> @Override</span>
<span class="source-line-no">239</span><span id="line-239"> public String getTokenKind() {</span>
<span class="source-line-no">240</span><span id="line-240"> return delegate.getTokenKind();</span>
<span class="source-line-no">241</span><span id="line-241"> }</span>
<span class="source-line-no">242</span><span id="line-242"> };</span>
<span class="source-line-no">243</span><span id="line-243"> }</span>
<span class="source-line-no">244</span><span id="line-244"> }</span>
<span class="source-line-no">245</span><span id="line-245"></span>
<span class="source-line-no">246</span><span id="line-246"> @Test</span>
<span class="source-line-no">247</span><span id="line-247"> public void testRpcServerFallbackToSimpleAuth() throws Exception {</span>
<span class="source-line-no">248</span><span id="line-248"> String clientUsername = "testuser";</span>
<span class="source-line-no">249</span><span id="line-249"> UserGroupInformation clientUgi =</span>
<span class="source-line-no">250</span><span id="line-250"> UserGroupInformation.createUserForTesting(clientUsername, new String[] { clientUsername });</span>
<span class="source-line-no">251</span><span id="line-251"></span>
<span class="source-line-no">252</span><span id="line-252"> // check that the client user is insecure</span>
<span class="source-line-no">253</span><span id="line-253"> assertNotSame(ugi, clientUgi);</span>
<span class="source-line-no">254</span><span id="line-254"> assertEquals(AuthenticationMethod.SIMPLE, clientUgi.getAuthenticationMethod());</span>
<span class="source-line-no">255</span><span id="line-255"> assertEquals(clientUsername, clientUgi.getUserName());</span>
<span class="source-line-no">256</span><span id="line-256"></span>
<span class="source-line-no">257</span><span id="line-257"> clientConf.set(User.HBASE_SECURITY_CONF_KEY, "simple");</span>
<span class="source-line-no">258</span><span id="line-258"> serverConf.setBoolean(RpcServer.FALLBACK_TO_INSECURE_CLIENT_AUTH, true);</span>
<span class="source-line-no">259</span><span id="line-259"> callRpcService(User.create(clientUgi));</span>
<span class="source-line-no">260</span><span id="line-260"> }</span>
<span class="source-line-no">261</span><span id="line-261"></span>
<span class="source-line-no">262</span><span id="line-262"> @Test</span>
<span class="source-line-no">263</span><span id="line-263"> public void testRpcServerDisallowFallbackToSimpleAuth() throws Exception {</span>
<span class="source-line-no">264</span><span id="line-264"> String clientUsername = "testuser";</span>
<span class="source-line-no">265</span><span id="line-265"> UserGroupInformation clientUgi =</span>
<span class="source-line-no">266</span><span id="line-266"> UserGroupInformation.createUserForTesting(clientUsername, new String[] { clientUsername });</span>
<span class="source-line-no">267</span><span id="line-267"></span>
<span class="source-line-no">268</span><span id="line-268"> // check that the client user is insecure</span>
<span class="source-line-no">269</span><span id="line-269"> assertNotSame(ugi, clientUgi);</span>
<span class="source-line-no">270</span><span id="line-270"> assertEquals(AuthenticationMethod.SIMPLE, clientUgi.getAuthenticationMethod());</span>
<span class="source-line-no">271</span><span id="line-271"> assertEquals(clientUsername, clientUgi.getUserName());</span>
<span class="source-line-no">272</span><span id="line-272"></span>
<span class="source-line-no">273</span><span id="line-273"> clientConf.set(User.HBASE_SECURITY_CONF_KEY, "simple");</span>
<span class="source-line-no">274</span><span id="line-274"> serverConf.setBoolean(RpcServer.FALLBACK_TO_INSECURE_CLIENT_AUTH, false);</span>
<span class="source-line-no">275</span><span id="line-275"> IOException error =</span>
<span class="source-line-no">276</span><span id="line-276"> assertThrows(IOException.class, () -&gt; callRpcService(User.create(clientUgi)));</span>
<span class="source-line-no">277</span><span id="line-277"> // server just closes the connection, so we could get broken pipe, or EOF, or connection closed</span>
<span class="source-line-no">278</span><span id="line-278"> if (error.getMessage() == null || !error.getMessage().contains("Broken pipe")) {</span>
<span class="source-line-no">279</span><span id="line-279"> assertThat(error,</span>
<span class="source-line-no">280</span><span id="line-280"> either(instanceOf(EOFException.class)).or(instanceOf(ConnectionClosedException.class)));</span>
<span class="source-line-no">281</span><span id="line-281"> }</span>
<span class="source-line-no">282</span><span id="line-282"> }</span>
<span class="source-line-no">283</span><span id="line-283"></span>
<span class="source-line-no">284</span><span id="line-284"> @Test</span>
<span class="source-line-no">285</span><span id="line-285"> public void testRpcClientFallbackToSimpleAuth() throws Exception {</span>
<span class="source-line-no">286</span><span id="line-286"> String serverUsername = "testuser";</span>
<span class="source-line-no">287</span><span id="line-287"> UserGroupInformation serverUgi =</span>
<span class="source-line-no">288</span><span id="line-288"> UserGroupInformation.createUserForTesting(serverUsername, new String[] { serverUsername });</span>
<span class="source-line-no">289</span><span id="line-289"> // check that the server user is insecure</span>
<span class="source-line-no">290</span><span id="line-290"> assertNotSame(ugi, serverUgi);</span>
<span class="source-line-no">291</span><span id="line-291"> assertEquals(AuthenticationMethod.SIMPLE, serverUgi.getAuthenticationMethod());</span>
<span class="source-line-no">292</span><span id="line-292"> assertEquals(serverUsername, serverUgi.getUserName());</span>
<span class="source-line-no">293</span><span id="line-293"></span>
<span class="source-line-no">294</span><span id="line-294"> serverConf.set(User.HBASE_SECURITY_CONF_KEY, "simple");</span>
<span class="source-line-no">295</span><span id="line-295"> clientConf.setBoolean(RpcClient.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY, true);</span>
<span class="source-line-no">296</span><span id="line-296"> callRpcService(User.create(serverUgi), User.create(ugi));</span>
<span class="source-line-no">297</span><span id="line-297"> }</span>
<span class="source-line-no">298</span><span id="line-298"></span>
<span class="source-line-no">299</span><span id="line-299"> @Test</span>
<span class="source-line-no">300</span><span id="line-300"> public void testRpcClientDisallowFallbackToSimpleAuth() throws Exception {</span>
<span class="source-line-no">301</span><span id="line-301"> String serverUsername = "testuser";</span>
<span class="source-line-no">302</span><span id="line-302"> UserGroupInformation serverUgi =</span>
<span class="source-line-no">303</span><span id="line-303"> UserGroupInformation.createUserForTesting(serverUsername, new String[] { serverUsername });</span>
<span class="source-line-no">304</span><span id="line-304"> // check that the server user is insecure</span>
<span class="source-line-no">305</span><span id="line-305"> assertNotSame(ugi, serverUgi);</span>
<span class="source-line-no">306</span><span id="line-306"> assertEquals(AuthenticationMethod.SIMPLE, serverUgi.getAuthenticationMethod());</span>
<span class="source-line-no">307</span><span id="line-307"> assertEquals(serverUsername, serverUgi.getUserName());</span>
<span class="source-line-no">308</span><span id="line-308"></span>
<span class="source-line-no">309</span><span id="line-309"> serverConf.set(User.HBASE_SECURITY_CONF_KEY, "simple");</span>
<span class="source-line-no">310</span><span id="line-310"> clientConf.setBoolean(RpcClient.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY, false);</span>
<span class="source-line-no">311</span><span id="line-311"> assertThrows(FallbackDisallowedException.class,</span>
<span class="source-line-no">312</span><span id="line-312"> () -&gt; callRpcService(User.create(serverUgi), User.create(ugi)));</span>
<span class="source-line-no">313</span><span id="line-313"> }</span>
<span class="source-line-no">314</span><span id="line-314"></span>
<span class="source-line-no">315</span><span id="line-315"> private void setRpcProtection(String clientProtection, String serverProtection) {</span>
<span class="source-line-no">316</span><span id="line-316"> clientConf.set("hbase.rpc.protection", clientProtection);</span>
<span class="source-line-no">317</span><span id="line-317"> serverConf.set("hbase.rpc.protection", serverProtection);</span>
<span class="source-line-no">318</span><span id="line-318"> }</span>
<span class="source-line-no">319</span><span id="line-319"></span>
<span class="source-line-no">320</span><span id="line-320"> /**</span>
<span class="source-line-no">321</span><span id="line-321"> * Test various combinations of Server and Client qops.</span>
<span class="source-line-no">322</span><span id="line-322"> */</span>
<span class="source-line-no">323</span><span id="line-323"> @Test</span>
<span class="source-line-no">324</span><span id="line-324"> public void testSaslWithCommonQop() throws Exception {</span>
<span class="source-line-no">325</span><span id="line-325"> setRpcProtection("privacy,authentication", "authentication");</span>
<span class="source-line-no">326</span><span id="line-326"> callRpcService();</span>
<span class="source-line-no">327</span><span id="line-327"></span>
<span class="source-line-no">328</span><span id="line-328"> setRpcProtection("authentication", "privacy,authentication");</span>
<span class="source-line-no">329</span><span id="line-329"> callRpcService();</span>
<span class="source-line-no">330</span><span id="line-330"></span>
<span class="source-line-no">331</span><span id="line-331"> setRpcProtection("integrity,authentication", "privacy,authentication");</span>
<span class="source-line-no">332</span><span id="line-332"> callRpcService();</span>
<span class="source-line-no">333</span><span id="line-333"></span>
<span class="source-line-no">334</span><span id="line-334"> setRpcProtection("integrity,authentication", "integrity,authentication");</span>
<span class="source-line-no">335</span><span id="line-335"> callRpcService();</span>
<span class="source-line-no">336</span><span id="line-336"></span>
<span class="source-line-no">337</span><span id="line-337"> setRpcProtection("privacy,authentication", "privacy,authentication");</span>
<span class="source-line-no">338</span><span id="line-338"> callRpcService();</span>
<span class="source-line-no">339</span><span id="line-339"> }</span>
<span class="source-line-no">340</span><span id="line-340"></span>
<span class="source-line-no">341</span><span id="line-341"> @Test</span>
<span class="source-line-no">342</span><span id="line-342"> public void testSaslNoCommonQop() throws Exception {</span>
<span class="source-line-no">343</span><span id="line-343"> setRpcProtection("integrity", "privacy");</span>
<span class="source-line-no">344</span><span id="line-344"> SaslException se = assertThrows(SaslException.class, () -&gt; callRpcService());</span>
<span class="source-line-no">345</span><span id="line-345"> assertEquals("No common protection layer between client and server", se.getMessage());</span>
<span class="source-line-no">346</span><span id="line-346"> }</span>
<span class="source-line-no">347</span><span id="line-347"></span>
<span class="source-line-no">348</span><span id="line-348"> /**</span>
<span class="source-line-no">349</span><span id="line-349"> * Test sasl encryption with Crypto AES.</span>
<span class="source-line-no">350</span><span id="line-350"> */</span>
<span class="source-line-no">351</span><span id="line-351"> @Test</span>
<span class="source-line-no">352</span><span id="line-352"> public void testSaslWithCryptoAES() throws Exception {</span>
<span class="source-line-no">353</span><span id="line-353"> setRpcProtection("privacy", "privacy");</span>
<span class="source-line-no">354</span><span id="line-354"> setCryptoAES("true", "true");</span>
<span class="source-line-no">355</span><span id="line-355"> callRpcService();</span>
<span class="source-line-no">356</span><span id="line-356"> }</span>
<span class="source-line-no">357</span><span id="line-357"></span>
<span class="source-line-no">358</span><span id="line-358"> /**</span>
<span class="source-line-no">359</span><span id="line-359"> * Test various combinations of Server and Client configuration for Crypto AES.</span>
<span class="source-line-no">360</span><span id="line-360"> */</span>
<span class="source-line-no">361</span><span id="line-361"> @Test</span>
<span class="source-line-no">362</span><span id="line-362"> public void testDifferentConfWithCryptoAES() throws Exception {</span>
<span class="source-line-no">363</span><span id="line-363"> setRpcProtection("privacy", "privacy");</span>
<span class="source-line-no">364</span><span id="line-364"></span>
<span class="source-line-no">365</span><span id="line-365"> setCryptoAES("false", "true");</span>
<span class="source-line-no">366</span><span id="line-366"> callRpcService();</span>
<span class="source-line-no">367</span><span id="line-367"></span>
<span class="source-line-no">368</span><span id="line-368"> setCryptoAES("true", "false");</span>
<span class="source-line-no">369</span><span id="line-369"> try {</span>
<span class="source-line-no">370</span><span id="line-370"> callRpcService();</span>
<span class="source-line-no">371</span><span id="line-371"> fail("The exception should be thrown out for the rpc timeout.");</span>
<span class="source-line-no">372</span><span id="line-372"> } catch (Exception e) {</span>
<span class="source-line-no">373</span><span id="line-373"> // ignore the expected exception</span>
<span class="source-line-no">374</span><span id="line-374"> }</span>
<span class="source-line-no">375</span><span id="line-375"> }</span>
<span class="source-line-no">376</span><span id="line-376"></span>
<span class="source-line-no">377</span><span id="line-377"> private void setCryptoAES(String clientCryptoAES, String serverCryptoAES) {</span>
<span class="source-line-no">378</span><span id="line-378"> clientConf.set("hbase.rpc.crypto.encryption.aes.enabled", clientCryptoAES);</span>
<span class="source-line-no">379</span><span id="line-379"> serverConf.set("hbase.rpc.crypto.encryption.aes.enabled", serverCryptoAES);</span>
<span class="source-line-no">380</span><span id="line-380"> }</span>
<span class="source-line-no">381</span><span id="line-381"></span>
<span class="source-line-no">382</span><span id="line-382"> /**</span>
<span class="source-line-no">383</span><span id="line-383"> * Sets up a RPC Server and a Client. Does a RPC checks the result. If an exception is thrown from</span>
<span class="source-line-no">384</span><span id="line-384"> * the stub, this function will throw root cause of that exception.</span>
<span class="source-line-no">385</span><span id="line-385"> */</span>
<span class="source-line-no">386</span><span id="line-386"> private void callRpcService(User serverUser, User clientUser) throws Exception {</span>
<span class="source-line-no">387</span><span id="line-387"> SecurityInfo securityInfoMock = Mockito.mock(SecurityInfo.class);</span>
<span class="source-line-no">388</span><span id="line-388"> Mockito.when(securityInfoMock.getServerPrincipals())</span>
<span class="source-line-no">389</span><span id="line-389"> .thenReturn(Collections.singletonList(HBaseKerberosUtils.KRB_PRINCIPAL));</span>
<span class="source-line-no">390</span><span id="line-390"> SecurityInfo.addInfo("TestProtobufRpcProto", securityInfoMock);</span>
<span class="source-line-no">391</span><span id="line-391"></span>
<span class="source-line-no">392</span><span id="line-392"> InetSocketAddress isa = new InetSocketAddress(HOST, 0);</span>
<span class="source-line-no">393</span><span id="line-393"></span>
<span class="source-line-no">394</span><span id="line-394"> RpcServer rpcServer = serverUser.getUGI()</span>
<span class="source-line-no">395</span><span id="line-395"> .doAs((PrivilegedExceptionAction&lt;</span>
<span class="source-line-no">396</span><span id="line-396"> RpcServer&gt;) () -&gt; RpcServerFactory.createRpcServer(null, "AbstractTestSecureIPC",</span>
<span class="source-line-no">397</span><span id="line-397"> Lists.newArrayList(</span>
<span class="source-line-no">398</span><span id="line-398"> new RpcServer.BlockingServiceAndInterface((BlockingService) SERVICE, null)),</span>
<span class="source-line-no">399</span><span id="line-399"> isa, serverConf, new FifoRpcScheduler(serverConf, 1)));</span>
<span class="source-line-no">400</span><span id="line-400"> rpcServer.start();</span>
<span class="source-line-no">401</span><span id="line-401"> try (RpcClient rpcClient =</span>
<span class="source-line-no">402</span><span id="line-402"> RpcClientFactory.createClient(clientConf, HConstants.DEFAULT_CLUSTER_ID.toString())) {</span>
<span class="source-line-no">403</span><span id="line-403"> BlockingInterface stub =</span>
<span class="source-line-no">404</span><span id="line-404"> newBlockingStub(rpcClient, rpcServer.getListenerAddress(), clientUser);</span>
<span class="source-line-no">405</span><span id="line-405"> TestThread th1 = new TestThread(stub);</span>
<span class="source-line-no">406</span><span id="line-406"> final Throwable exception[] = new Throwable[1];</span>
<span class="source-line-no">407</span><span id="line-407"> Collections.synchronizedList(new ArrayList&lt;Throwable&gt;());</span>
<span class="source-line-no">408</span><span id="line-408"> Thread.UncaughtExceptionHandler exceptionHandler = new Thread.UncaughtExceptionHandler() {</span>
<span class="source-line-no">409</span><span id="line-409"> @Override</span>
<span class="source-line-no">410</span><span id="line-410"> public void uncaughtException(Thread th, Throwable ex) {</span>
<span class="source-line-no">411</span><span id="line-411"> exception[0] = ex;</span>
<span class="source-line-no">412</span><span id="line-412"> }</span>
<span class="source-line-no">413</span><span id="line-413"> };</span>
<span class="source-line-no">414</span><span id="line-414"> th1.setUncaughtExceptionHandler(exceptionHandler);</span>
<span class="source-line-no">415</span><span id="line-415"> th1.start();</span>
<span class="source-line-no">416</span><span id="line-416"> th1.join();</span>
<span class="source-line-no">417</span><span id="line-417"> if (exception[0] != null) {</span>
<span class="source-line-no">418</span><span id="line-418"> // throw root cause.</span>
<span class="source-line-no">419</span><span id="line-419"> while (exception[0].getCause() != null) {</span>
<span class="source-line-no">420</span><span id="line-420"> exception[0] = exception[0].getCause();</span>
<span class="source-line-no">421</span><span id="line-421"> }</span>
<span class="source-line-no">422</span><span id="line-422"> throw (Exception) exception[0];</span>
<span class="source-line-no">423</span><span id="line-423"> }</span>
<span class="source-line-no">424</span><span id="line-424"> } finally {</span>
<span class="source-line-no">425</span><span id="line-425"> rpcServer.stop();</span>
<span class="source-line-no">426</span><span id="line-426"> }</span>
<span class="source-line-no">427</span><span id="line-427"> }</span>
<span class="source-line-no">428</span><span id="line-428"></span>
<span class="source-line-no">429</span><span id="line-429"> private void callRpcService(User clientUser) throws Exception {</span>
<span class="source-line-no">430</span><span id="line-430"> callRpcService(User.create(ugi), clientUser);</span>
<span class="source-line-no">431</span><span id="line-431"> }</span>
<span class="source-line-no">432</span><span id="line-432"></span>
<span class="source-line-no">433</span><span id="line-433"> private void callRpcService() throws Exception {</span>
<span class="source-line-no">434</span><span id="line-434"> callRpcService(User.create(ugi));</span>
<span class="source-line-no">435</span><span id="line-435"> }</span>
<span class="source-line-no">436</span><span id="line-436"></span>
<span class="source-line-no">437</span><span id="line-437"> public static class TestThread extends Thread {</span>
<span class="source-line-no">438</span><span id="line-438"> private final BlockingInterface stub;</span>
<span class="source-line-no">439</span><span id="line-439"></span>
<span class="source-line-no">440</span><span id="line-440"> public TestThread(BlockingInterface stub) {</span>
<span class="source-line-no">441</span><span id="line-441"> this.stub = stub;</span>
<span class="source-line-no">442</span><span id="line-442"> }</span>
<span class="source-line-no">443</span><span id="line-443"></span>
<span class="source-line-no">444</span><span id="line-444"> @Override</span>
<span class="source-line-no">445</span><span id="line-445"> public void run() {</span>
<span class="source-line-no">446</span><span id="line-446"> try {</span>
<span class="source-line-no">447</span><span id="line-447"> int[] messageSize = new int[] { 100, 1000, 10000 };</span>
<span class="source-line-no">448</span><span id="line-448"> for (int i = 0; i &lt; messageSize.length; i++) {</span>
<span class="source-line-no">449</span><span id="line-449"> String input = RandomStringUtils.random(messageSize[i]);</span>
<span class="source-line-no">450</span><span id="line-450"> String result =</span>
<span class="source-line-no">451</span><span id="line-451"> stub.echo(null, TestProtos.EchoRequestProto.newBuilder().setMessage(input).build())</span>
<span class="source-line-no">452</span><span id="line-452"> .getMessage();</span>
<span class="source-line-no">453</span><span id="line-453"> assertEquals(input, result);</span>
<span class="source-line-no">454</span><span id="line-454"> }</span>
<span class="source-line-no">455</span><span id="line-455"> } catch (org.apache.hbase.thirdparty.com.google.protobuf.ServiceException e) {</span>
<span class="source-line-no">456</span><span id="line-456"> throw new RuntimeException(e);</span>
<span class="source-line-no">457</span><span id="line-457"> }</span>
<span class="source-line-no">458</span><span id="line-458"> }</span>
<span class="source-line-no">459</span><span id="line-459"> }</span>
<span class="source-line-no">460</span><span id="line-460">}</span>
</pre>
</div>
</main>
</body>
</html>