List of usage examples for org.apache.hadoop.hdfs.security.token.block BlockKey BlockKey
public BlockKey(int keyId, long expiryDate, byte[] encodedKey)
From source file:io.hops.metadata.security.token.block.NameNodeBlockTokenSecretManager.java
License:Apache License
private void generateKeys() throws IOException { if (!isMaster) { return;//from w w w .ja v a 2 s . co m } /* * Need to set estimated expiry dates for currentKey and nextKey so that if * NN crashes, DN can still expire those keys. NN will stop using the newly * generated currentKey after the first keyUpdateInterval, however it may * still be used by DN and Balancer to generate new tokens before they get a * chance to sync their keys with NN. Since we require keyUpdInterval to be * long enough so that all live DN's and Balancer will sync their keys with * NN at least once during the period, the estimated expiry date for * currentKey is set to now() + 2 * keyUpdateInterval + tokenLifetime. * Similarly, the estimated expiry date for nextKey is one keyUpdateInterval * more. */ setSerialNo(serialNo + 1); currentKey = new BlockKey(serialNo, Time.now() + 2 * keyUpdateInterval + tokenLifetime, generateSecret()); currentKey.setKeyType(BlockKey.KeyType.CurrKey); setSerialNo(serialNo + 1); nextKey = new BlockKey(serialNo, Time.now() + 3 * keyUpdateInterval + tokenLifetime, generateSecret()); nextKey.setKeyType(BlockKey.KeyType.NextKey); addBlockKeys(); }
From source file:io.hops.metadata.security.token.block.NameNodeBlockTokenSecretManager.java
License:Apache License
private boolean updateBlockKeys() throws IOException { return (Boolean) new HopsTransactionalRequestHandler(HDFSOperationType.UPDATE_BLOCK_KEYS) { @Override/*from w ww . j a v a2s. c o m*/ public void acquireLock(TransactionLocks locks) throws IOException { LockFactory lf = LockFactory.getInstance(); locks.add(lf.getVariableLock(Variable.Finder.BlockTokenKeys, LockType.WRITE)); } @Override public Object performTask() throws StorageException, IOException { Map<Integer, BlockKey> keys = HdfsVariables.getAllBlockTokenKeysByType(); if (keys.isEmpty()) { log.debug("keys is not generated yet to be updated"); return false; } // set final expiry date of retiring currentKey // also modifying this key to mark it as 'simple key' instead of 'current key' BlockKey currentKeyFromDB = keys.get(BlockKey.KeyType.CurrKey.ordinal()); currentKeyFromDB.setExpiryDate(Time.now() + keyUpdateInterval + tokenLifetime); currentKeyFromDB.setKeyType(BlockKey.KeyType.SimpleKey); // after above update, we only have a key marked as 'next key' // the 'next key' becomes the 'current key' // update the estimated expiry date of new currentKey BlockKey nextKeyFromDB = keys.get(BlockKey.KeyType.NextKey.ordinal()); currentKey = new BlockKey(nextKeyFromDB.getKeyId(), Time.now() + 2 * keyUpdateInterval + tokenLifetime, nextKeyFromDB.getKey()); currentKey.setKeyType(BlockKey.KeyType.CurrKey); // generate a new nextKey setSerialNo(serialNo + 1); nextKey = new BlockKey(serialNo, Time.now() + 3 * keyUpdateInterval + tokenLifetime, generateSecret()); nextKey.setKeyType(BlockKey.KeyType.NextKey); HdfsVariables.updateBlockTokenKeys(currentKey, nextKey, currentKeyFromDB); return true; } }.handle(); }