001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security.token;
019
020import static org.junit.Assert.assertArrayEquals;
021
022import java.util.Arrays;
023import java.util.Collection;
024import org.apache.hadoop.hbase.HBaseClassTestRule;
025import org.apache.hadoop.hbase.TableName;
026import org.apache.hadoop.hbase.client.Admin;
027import org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder;
028import org.apache.hadoop.hbase.client.Connection;
029import org.apache.hadoop.hbase.client.ConnectionFactory;
030import org.apache.hadoop.hbase.client.Get;
031import org.apache.hadoop.hbase.client.Put;
032import org.apache.hadoop.hbase.client.Result;
033import org.apache.hadoop.hbase.client.Table;
034import org.apache.hadoop.hbase.client.TableDescriptor;
035import org.apache.hadoop.hbase.client.TableDescriptorBuilder;
036import org.apache.hadoop.hbase.ipc.NettyRpcClient;
037import org.apache.hadoop.hbase.ipc.RpcClientFactory;
038import org.apache.hadoop.hbase.testclassification.MediumTests;
039import org.apache.hadoop.hbase.testclassification.SecurityTests;
040import org.apache.hadoop.hbase.util.Bytes;
041import org.apache.hadoop.security.UserGroupInformation;
042import org.apache.hadoop.security.token.Token;
043import org.apache.hadoop.security.token.TokenIdentifier;
044import org.junit.Before;
045import org.junit.BeforeClass;
046import org.junit.ClassRule;
047import org.junit.Rule;
048import org.junit.Test;
049import org.junit.experimental.categories.Category;
050import org.junit.rules.TestName;
051import org.junit.runner.RunWith;
052import org.junit.runners.Parameterized;
053import org.junit.runners.Parameterized.Parameter;
054import org.junit.runners.Parameterized.Parameters;
055
056@RunWith(Parameterized.class)
057@Category({ SecurityTests.class, MediumTests.class })
058public class TestDelegationTokenWithEncryption extends SecureTestCluster {
059
060  @ClassRule
061  public static final HBaseClassTestRule CLASS_RULE =
062    HBaseClassTestRule.forClass(TestDelegationTokenWithEncryption.class);
063
064  @BeforeClass
065  public static void setUp() throws Exception {
066    // enable rpc encryption
067    TEST_UTIL.getConfiguration().set("hbase.rpc.protection", "privacy");
068    SecureTestCluster.setUp();
069    try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration())) {
070      Token<? extends TokenIdentifier> token = ClientTokenUtil.obtainToken(conn);
071      UserGroupInformation.getCurrentUser().addToken(token);
072    }
073  }
074
075  @Parameters(name = "{index}: rpcClientImpl={0}")
076  public static Collection<Object> parameters() {
077    // Client connection supports only non-blocking RPCs (due to master registry restriction), hence
078    // we only test NettyRpcClient.
079    return Arrays.asList(new Object[] { NettyRpcClient.class.getName() });
080  }
081
082  @Parameter
083  public String rpcClientImpl;
084
085  @Rule
086  public TestName testName = new TestName();
087
088  @Before
089  public void setUpBeforeMethod() {
090    TEST_UTIL.getConfiguration().set(RpcClientFactory.CUSTOM_RPC_CLIENT_IMPL_CONF_KEY,
091      rpcClientImpl);
092  }
093
094  private TableName getTestTableName() {
095    return TableName.valueOf(testName.getMethodName().replaceAll("[^0-9A-Za-z]", "_"));
096  }
097
098  @Test
099  public void testPutGetWithDelegationToken() throws Exception {
100    TableName tableName = getTestTableName();
101    byte[] family = Bytes.toBytes("f");
102    byte[] qualifier = Bytes.toBytes("q");
103    byte[] row = Bytes.toBytes("row");
104    byte[] value = Bytes.toBytes("data");
105    try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration())) {
106      Admin admin = conn.getAdmin();
107      TableDescriptor tableDescriptor = TableDescriptorBuilder.newBuilder(tableName)
108        .setColumnFamily(ColumnFamilyDescriptorBuilder.of(family)).build();
109      admin.createTable(tableDescriptor);
110      try (Table table = conn.getTable(tableName)) {
111        table.put(new Put(row).addColumn(family, qualifier, value));
112        Result result = table.get(new Get(row));
113        assertArrayEquals(value, result.getValue(family, qualifier));
114      }
115    }
116  }
117}