From common-commits-return-9422-apmail-hadoop-common-commits-archive=hadoop.apache.org@hadoop.apache.org Fri Aug 07 21:40:20 2009
Return-Path: <common-commits-return-9422-apmail-hadoop-common-commits-archive=hadoop.apache.org@hadoop.apache.org>
Delivered-To: apmail-hadoop-common-commits-archive@www.apache.org
Received: (qmail 84885 invoked from network); 7 Aug 2009 21:40:20 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 7 Aug 2009 21:40:20 -0000
Received: (qmail 39688 invoked by uid 500); 7 Aug 2009 21:40:27 -0000
Delivered-To: apmail-hadoop-common-commits-archive@hadoop.apache.org
Received: (qmail 39615 invoked by uid 500); 7 Aug 2009 21:40:27 -0000
Mailing-List: contact common-commits-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-commits-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-commits-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-commits@hadoop.apache.org>
List-Id: <common-commits.hadoop.apache.org>
Reply-To: common-dev@hadoop.apache.org
Delivered-To: mailing list common-commits@hadoop.apache.org
Received: (qmail 39606 invoked by uid 99); 7 Aug 2009 21:40:24 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Aug 2009 21:40:24 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Aug 2009 21:40:22 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id 5CFD323888AD; Fri,  7 Aug 2009 21:40:02 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r802224 - in /hadoop/common/trunk: CHANGES.txt
 src/java/org/apache/hadoop/security/AccessTokenHandler.java
 src/test/core/org/apache/hadoop/security/SecurityTestUtil.java
Date: Fri, 07 Aug 2009 21:40:02 -0000
To: common-commits@hadoop.apache.org
From: szetszwo@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20090807214002.5CFD323888AD@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: szetszwo
Date: Fri Aug  7 21:40:01 2009
New Revision: 802224

URL: http://svn.apache.org/viewvc?rev=802224&view=rev
Log:
HADOOP-6176. Add a couple package private methods to AccessTokenHandler for testing.  Contributed by Kan Zhang

Added:
    hadoop/common/trunk/src/test/core/org/apache/hadoop/security/SecurityTestUtil.java
Modified:
    hadoop/common/trunk/CHANGES.txt
    hadoop/common/trunk/src/java/org/apache/hadoop/security/AccessTokenHandler.java

Modified: hadoop/common/trunk/CHANGES.txt
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/CHANGES.txt?rev=802224&r1=802223&r2=802224&view=diff
==============================================================================
--- hadoop/common/trunk/CHANGES.txt (original)
+++ hadoop/common/trunk/CHANGES.txt Fri Aug  7 21:40:01 2009
@@ -489,6 +489,9 @@
     (gkesavan)
     
     HADOOP-6169. Removing deprecated method calls in TFile. (hong tang via mahadev)
+
+    HADOOP-6176. Add a couple package private methods to AccessTokenHandler
+    for testing.  (Kan Zhang via szetszwo)
  
   OPTIMIZATIONS
 

Modified: hadoop/common/trunk/src/java/org/apache/hadoop/security/AccessTokenHandler.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/java/org/apache/hadoop/security/AccessTokenHandler.java?rev=802224&r1=802223&r2=802224&view=diff
==============================================================================
--- hadoop/common/trunk/src/java/org/apache/hadoop/security/AccessTokenHandler.java (original)
+++ hadoop/common/trunk/src/java/org/apache/hadoop/security/AccessTokenHandler.java Fri Aug  7 21:40:01 2009
@@ -60,7 +60,7 @@
    * sync'ed their access keys with NN at least once during each interval.
    */
   private final long keyUpdateInterval;
-  private final long tokenLifetime;
+  private long tokenLifetime;
   private long serialNo = new SecureRandom().nextLong();
   private KeyGenerator keyGen;
   private AccessKey currentKey;
@@ -203,7 +203,7 @@
   }
 
   /** Check if token is well formed */
-  private synchronized Boolean verifyToken(long keyID, AccessToken token)
+  private synchronized boolean verifyToken(long keyID, AccessToken token)
       throws IOException {
     AccessKey key = allKeys.get(keyID);
     if (key == null) {
@@ -252,7 +252,7 @@
   }
 
   /** Check if access should be allowed. userID is not checked if null */
-  public Boolean checkAccess(AccessToken token, String userID, long blockID,
+  public boolean checkAccess(AccessToken token, String userID, long blockID,
       AccessMode mode) throws IOException {
     long oExpiry = 0;
     long oKeyID = 0;
@@ -282,8 +282,26 @@
           + blockID + ", access mode=" + mode + ", keyID=" + oKeyID);
     }
     return (userID == null || userID.equals(oUserID)) && oBlockID == blockID
-        && System.currentTimeMillis() < oExpiry && oModes.contains(mode)
+        && !isExpired(oExpiry) && oModes.contains(mode)
         && verifyToken(oKeyID, token);
   }
 
+  private static boolean isExpired(long expiryDate) {
+    return System.currentTimeMillis() > expiryDate;
+  }
+
+  /** check if a token is expired. for unit test only.
+   *  return true when token is expired, false otherwise */
+  static boolean isTokenExpired(AccessToken token) throws IOException {
+    ByteArrayInputStream buf = new ByteArrayInputStream(token.getTokenID()
+        .getBytes());
+    DataInputStream in = new DataInputStream(buf);
+    long expiryDate = WritableUtils.readVLong(in);
+    return isExpired(expiryDate);
+  }
+
+  /** set token lifetime. for unit test only */
+  synchronized void setTokenLifetime(long tokenLifetime) {
+    this.tokenLifetime = tokenLifetime;
+  }
 }
\ No newline at end of file

Added: hadoop/common/trunk/src/test/core/org/apache/hadoop/security/SecurityTestUtil.java
URL: http://svn.apache.org/viewvc/hadoop/common/trunk/src/test/core/org/apache/hadoop/security/SecurityTestUtil.java?rev=802224&view=auto
==============================================================================
--- hadoop/common/trunk/src/test/core/org/apache/hadoop/security/SecurityTestUtil.java (added)
+++ hadoop/common/trunk/src/test/core/org/apache/hadoop/security/SecurityTestUtil.java Fri Aug  7 21:40:01 2009
@@ -0,0 +1,43 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hadoop.security;
+
+import java.io.IOException;
+
+/** Utilities for security tests */
+public class SecurityTestUtil {
+
+  /**
+   * check if an access token is expired. return true when token is expired,
+   * false otherwise
+   */
+  public static boolean isAccessTokenExpired(AccessToken token)
+      throws IOException {
+    return AccessTokenHandler.isTokenExpired(token);
+  }
+
+  /**
+   * set access token lifetime.
+   */
+  public static void setAccessTokenLifetime(AccessTokenHandler handler,
+      long tokenLifetime) {
+    handler.setTokenLifetime(tokenLifetime);
+  }
+
+}