RANGER : 3328 - RANGER-KMS : code improvement
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerHSM.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerHSM.java
index a531f32..d0a07b9 100644
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerHSM.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerHSM.java
@@ -68,10 +68,11 @@
ByteArrayInputStream is1 = new ByteArrayInputStream(("tokenlabel:" + partitionName).getBytes());
logger.debug("Loading HSM tokenlabel : " + partitionName);
myStore = KeyStore.getInstance("Luna");
- myStore.load(is1, passwd.toCharArray());
if (myStore == null) {
logger.error("Luna not found. Please verify the Ranger KMS HSM configuration setup.");
- }
+ } else {
+ myStore.load(is1, passwd.toCharArray());
+ }
} catch (KeyStoreException kse) {
logger.error("Unable to create keystore object : " + kse.getMessage());
} catch (NoSuchAlgorithmException nsae) {
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
index 011318b..db8fa69 100755
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/RangerKeyStoreProvider.java
@@ -305,9 +305,6 @@
throw new IOException("Key " + name + " already exists");
}
- if (dbStore.engineContainsAlias(name) || cache.containsKey(name)) {
- throw new IOException("Key " + name + " already exists");
- }
Metadata meta = new Metadata(options.getCipher(),
options.getBitLength(), options.getDescription(),
options.getAttributes(), new Date(), 1);
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java
index 5df58e7..e65577c 100755
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSACLs.java
@@ -229,9 +229,9 @@
if (blacklist == null) {
LOG.debug("No blacklist for {}", type.toString());
} else if (access) {
- LOG.debug("user is in {}" , blacklist.getAclString());
- } else {
LOG.debug("user is not in {}" , blacklist.getAclString());
+ } else {
+ LOG.debug("user is in {}" , blacklist.getAclString());
}
}
}
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
index ca13a53..274bac9 100644
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
@@ -26,6 +26,9 @@
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler;
import org.apache.hadoop.security.token.delegation.web.KerberosDelegationTokenAuthenticationHandler;
import org.apache.hadoop.security.token.delegation.web.PseudoDelegationTokenAuthenticationHandler;
+
+import com.google.common.annotations.VisibleForTesting;
+
import org.apache.hadoop.http.HtmlQuoting;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
@@ -54,16 +57,19 @@
@Override
protected Properties getConfiguration(String configPrefix,
FilterConfig filterConfig) {
- Properties props = new Properties();
Configuration conf = KMSWebApp.getConfiguration();
- for (Map.Entry<String, String> entry : conf) {
- String name = entry.getKey();
- if (name.startsWith(CONFIG_PREFIX)) {
- String value = conf.get(name);
- name = name.substring(CONFIG_PREFIX.length());
- props.setProperty(name, value);
- }
- }
+ return this.getKMSConfiguration(conf);
+ }
+
+ @VisibleForTesting
+ Properties getKMSConfiguration(Configuration conf) {
+ Properties props = new Properties();
+ Map<String, String> propsWithPrefixMap = conf.getPropsWithPrefix(CONFIG_PREFIX);
+
+ for (Map.Entry<String, String> entry : propsWithPrefixMap.entrySet()) {
+ props.setProperty(entry.getKey(), entry.getValue());
+ }
+
String authType = props.getProperty(AUTH_TYPE,"simple");
if (authType.equals(PseudoAuthenticationHandler.TYPE)) {
props.setProperty(AUTH_TYPE,
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java
index 1efc521..c974fd6 100755
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSWebApp.java
@@ -20,6 +20,7 @@
import com.codahale.metrics.JmxReporter;
import com.codahale.metrics.Meter;
import com.codahale.metrics.MetricRegistry;
+import com.google.common.base.Preconditions;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
@@ -174,6 +175,11 @@
LOG.info("----------------Instantiating key provider ---------------");
KeyProvider keyProvider =
KeyProviderFactory.get(new URI(providerString), kmsConf);
+ Preconditions.checkNotNull(keyProvider, String.format("No" +
+ " KeyProvider has been initialized, please" +
+ " check whether %s '%s' is configured correctly in" +
+ " kms-site.xml.", KMSConfiguration.KEY_PROVIDER_URI,
+ providerString));
LOG.info("keyProvider = "+keyProvider.toString());
if (kmsConf.getBoolean(KMSConfiguration.KEY_CACHE_ENABLE,
KMSConfiguration.KEY_CACHE_ENABLE_DEFAULT)) {
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java
index fb9a261..d9f1b5b 100755
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KeyAuthorizationKeyProvider.java
@@ -390,7 +390,7 @@
@Override
public String toString() {
- return provider.toString();
+ return this.getClass().getName() + ":" + provider.toString();
}
}
diff --git a/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAuthenticationFilter.java b/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAuthenticationFilter.java
new file mode 100644
index 0000000..e8ca7b7
--- /dev/null
+++ b/kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMSAuthenticationFilter.java
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.crypto.key.kms.server;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.crypto.key.kms.KMSDelegationToken;
+import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler;
+import org.apache.hadoop.security.token.delegation.web.PseudoDelegationTokenAuthenticationHandler;
+import org.junit.Test;
+import java.util.Properties;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * Test KMS Authentication Filter.
+ */
+public class TestKMSAuthenticationFilter {
+
+ @Test
+ public void testConfiguration() throws Exception {
+ Configuration conf = new Configuration();
+ conf.set("hadoop.kms.authentication.type", "simple");
+
+ Properties prop = new KMSAuthenticationFilter().getKMSConfiguration(conf);
+ assertEquals(prop.getProperty(KMSAuthenticationFilter.AUTH_TYPE),
+ PseudoDelegationTokenAuthenticationHandler.class.getName());
+ assertEquals(prop.getProperty(DelegationTokenAuthenticationHandler.TOKEN_KIND),
+ KMSDelegationToken.TOKEN_KIND_STR);
+ }
+}