001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.hbase.security.token; 019 020import static org.junit.Assert.assertArrayEquals; 021 022import java.util.Arrays; 023import java.util.Collection; 024import org.apache.hadoop.hbase.HBaseClassTestRule; 025import org.apache.hadoop.hbase.TableName; 026import org.apache.hadoop.hbase.client.Admin; 027import org.apache.hadoop.hbase.client.ColumnFamilyDescriptorBuilder; 028import org.apache.hadoop.hbase.client.Connection; 029import org.apache.hadoop.hbase.client.ConnectionFactory; 030import org.apache.hadoop.hbase.client.Get; 031import org.apache.hadoop.hbase.client.Put; 032import org.apache.hadoop.hbase.client.Result; 033import org.apache.hadoop.hbase.client.Table; 034import org.apache.hadoop.hbase.client.TableDescriptor; 035import org.apache.hadoop.hbase.client.TableDescriptorBuilder; 036import org.apache.hadoop.hbase.ipc.NettyRpcClient; 037import org.apache.hadoop.hbase.ipc.RpcClientFactory; 038import org.apache.hadoop.hbase.testclassification.MediumTests; 039import org.apache.hadoop.hbase.testclassification.SecurityTests; 040import org.apache.hadoop.hbase.util.Bytes; 041import org.apache.hadoop.security.UserGroupInformation; 042import org.apache.hadoop.security.token.Token; 043import org.apache.hadoop.security.token.TokenIdentifier; 044import org.junit.Before; 045import org.junit.BeforeClass; 046import org.junit.ClassRule; 047import org.junit.Rule; 048import org.junit.Test; 049import org.junit.experimental.categories.Category; 050import org.junit.rules.TestName; 051import org.junit.runner.RunWith; 052import org.junit.runners.Parameterized; 053import org.junit.runners.Parameterized.Parameter; 054import org.junit.runners.Parameterized.Parameters; 055 056@RunWith(Parameterized.class) 057@Category({ SecurityTests.class, MediumTests.class }) 058public class TestDelegationTokenWithEncryption extends SecureTestCluster { 059 060 @ClassRule 061 public static final HBaseClassTestRule CLASS_RULE = 062 HBaseClassTestRule.forClass(TestDelegationTokenWithEncryption.class); 063 064 @BeforeClass 065 public static void setUp() throws Exception { 066 // enable rpc encryption 067 TEST_UTIL.getConfiguration().set("hbase.rpc.protection", "privacy"); 068 SecureTestCluster.setUp(); 069 try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration())) { 070 Token<? extends TokenIdentifier> token = ClientTokenUtil.obtainToken(conn); 071 UserGroupInformation.getCurrentUser().addToken(token); 072 } 073 } 074 075 @Parameters(name = "{index}: rpcClientImpl={0}") 076 public static Collection<Object> parameters() { 077 // Client connection supports only non-blocking RPCs (due to master registry restriction), hence 078 // we only test NettyRpcClient. 079 return Arrays.asList(new Object[] { NettyRpcClient.class.getName() }); 080 } 081 082 @Parameter 083 public String rpcClientImpl; 084 085 @Rule 086 public TestName testName = new TestName(); 087 088 @Before 089 public void setUpBeforeMethod() { 090 TEST_UTIL.getConfiguration().set(RpcClientFactory.CUSTOM_RPC_CLIENT_IMPL_CONF_KEY, 091 rpcClientImpl); 092 } 093 094 private TableName getTestTableName() { 095 return TableName.valueOf(testName.getMethodName().replaceAll("[^0-9A-Za-z]", "_")); 096 } 097 098 @Test 099 public void testPutGetWithDelegationToken() throws Exception { 100 TableName tableName = getTestTableName(); 101 byte[] family = Bytes.toBytes("f"); 102 byte[] qualifier = Bytes.toBytes("q"); 103 byte[] row = Bytes.toBytes("row"); 104 byte[] value = Bytes.toBytes("data"); 105 try (Connection conn = ConnectionFactory.createConnection(TEST_UTIL.getConfiguration())) { 106 Admin admin = conn.getAdmin(); 107 TableDescriptor tableDescriptor = TableDescriptorBuilder.newBuilder(tableName) 108 .setColumnFamily(ColumnFamilyDescriptorBuilder.of(family)).build(); 109 admin.createTable(tableDescriptor); 110 try (Table table = conn.getTable(tableName)) { 111 table.put(new Put(row).addColumn(family, qualifier, value)); 112 Result result = table.get(new Get(row)); 113 assertArrayEquals(value, result.getValue(family, qualifier)); 114 } 115 } 116 } 117}