View Javadoc

1   /**
2    *
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *     http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing, software
14   * distributed under the License is distributed on an "AS IS" BASIS,
15   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16   * See the License for the specific language governing permissions and
17   * limitations under the License.
18   */
19  package org.apache.hadoop.hbase.security;
20  
21  import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getKeytabFileForTesting;
22  import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getPrincipalForTesting;
23  import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getSecuredConfiguration;
24  import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.isKerberosPropertySetted;
25  
26  import static org.junit.Assert.assertEquals;
27  import static org.junit.Assert.assertSame;
28  import static org.junit.Assume.assumeTrue;
29  
30  import java.net.InetSocketAddress;
31  import java.util.ArrayList;
32  import java.util.List;
33  
34  import org.apache.hadoop.conf.Configuration;
35  import org.apache.hadoop.fs.CommonConfigurationKeys;
36  import org.apache.hadoop.hbase.HConstants;
37  import org.apache.hadoop.hbase.ServerName;
38  import org.apache.hadoop.hbase.SmallTests;
39  import org.apache.hadoop.hbase.ipc.FifoRpcScheduler;
40  import org.apache.hadoop.hbase.ipc.RpcClient;
41  import org.apache.hadoop.hbase.ipc.RpcServer;
42  import org.apache.hadoop.hbase.ipc.RpcServerInterface;
43  import org.apache.hadoop.hbase.ipc.TestDelayedRpc.TestDelayedImplementation;
44  import org.apache.hadoop.hbase.ipc.TestDelayedRpc.TestThread;
45  import org.apache.hadoop.hbase.ipc.protobuf.generated.TestDelayedRpcProtos;
46  import org.apache.hadoop.security.UserGroupInformation;
47  import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
48  import org.junit.Test;
49  import org.junit.experimental.categories.Category;
50  import org.mockito.Mockito;
51  
52  import com.google.common.collect.Lists;
53  import com.google.protobuf.BlockingRpcChannel;
54  import com.google.protobuf.BlockingService;
55  
56  @Category(SmallTests.class)
57  public class TestSecureRPC {
58    public static RpcServerInterface rpcServer;
59    /**
60     * To run this test, we must specify the following system properties:
61     *<p>
62     * <b> hbase.regionserver.kerberos.principal </b>
63     * <p>
64     * <b> hbase.regionserver.keytab.file </b>
65     */
66    @Test
67    public void testRpcCallWithEnabledKerberosSaslAuth() throws Exception {
68      assumeTrue(isKerberosPropertySetted());
69      String krbKeytab = getKeytabFileForTesting();
70      String krbPrincipal = getPrincipalForTesting();
71  
72      Configuration cnf = new Configuration();
73      cnf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
74      UserGroupInformation.setConfiguration(cnf);
75      UserGroupInformation.loginUserFromKeytab(krbPrincipal, krbKeytab);
76      UserGroupInformation ugi = UserGroupInformation.getLoginUser();
77      UserGroupInformation ugi2 = UserGroupInformation.getCurrentUser();
78  
79      // check that the login user is okay:
80      assertSame(ugi, ugi2);
81      assertEquals(AuthenticationMethod.KERBEROS, ugi.getAuthenticationMethod());
82      assertEquals(krbPrincipal, ugi.getUserName());
83  
84      Configuration conf = getSecuredConfiguration();
85  
86      SecurityInfo securityInfoMock = Mockito.mock(SecurityInfo.class);
87      Mockito.when(securityInfoMock.getServerPrincipal())
88        .thenReturn(HBaseKerberosUtils.KRB_PRINCIPAL);
89      SecurityInfo.addInfo("TestDelayedService", securityInfoMock);
90  
91      boolean delayReturnValue = false;
92      InetSocketAddress isa = new InetSocketAddress("localhost", 0);
93      TestDelayedImplementation instance = new TestDelayedImplementation(delayReturnValue);
94      BlockingService service =
95          TestDelayedRpcProtos.TestDelayedService.newReflectiveBlockingService(instance);
96  
97      rpcServer = new RpcServer(null, "testSecuredDelayedRpc",
98          Lists.newArrayList(new RpcServer.BlockingServiceAndInterface(service, null)),
99            isa, conf, new FifoRpcScheduler(conf, 1));
100     rpcServer.start();
101     RpcClient rpcClient = new RpcClient(conf, HConstants.DEFAULT_CLUSTER_ID.toString());
102     try {
103       BlockingRpcChannel channel = rpcClient.createBlockingRpcChannel(
104           ServerName.valueOf(rpcServer.getListenerAddress().getHostName(),
105               rpcServer.getListenerAddress().getPort(), System.currentTimeMillis()),
106           User.getCurrent(), 1000);
107       TestDelayedRpcProtos.TestDelayedService.BlockingInterface stub =
108         TestDelayedRpcProtos.TestDelayedService.newBlockingStub(channel);
109       List<Integer> results = new ArrayList<Integer>();
110       TestThread th1 = new TestThread(stub, true, results);
111       th1.start();
112       Thread.sleep(100);
113       th1.join();
114 
115       assertEquals(0xDEADBEEF, results.get(0).intValue());
116     } finally {
117       rpcClient.stop();
118     }
119   }
120 }