View Javadoc

1   /**
2    *
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *     http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing, software
14   * distributed under the License is distributed on an "AS IS" BASIS,
15   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16   * See the License for the specific language governing permissions and
17   * limitations under the License.
18   */
19  package org.apache.hadoop.hbase.security;
20  
21  import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getKeytabFileForTesting;
22  import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getPrincipalForTesting;
23  import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getSecuredConfiguration;
24  import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.isKerberosPropertySetted;
25  
26  import static org.junit.Assert.assertEquals;
27  import static org.junit.Assert.assertSame;
28  import static org.junit.Assume.assumeTrue;
29  
30  import java.net.InetSocketAddress;
31  import java.util.ArrayList;
32  import java.util.List;
33  
34  import org.apache.hadoop.conf.Configuration;
35  import org.apache.hadoop.fs.CommonConfigurationKeys;
36  import org.apache.hadoop.hbase.HConstants;
37  import org.apache.hadoop.hbase.ServerName;
38  import org.apache.hadoop.hbase.testclassification.SmallTests;
39  import org.apache.hadoop.hbase.ipc.FifoRpcScheduler;
40  import org.apache.hadoop.hbase.ipc.RpcClient;
41  import org.apache.hadoop.hbase.ipc.RpcClientFactory;
42  import org.apache.hadoop.hbase.ipc.RpcServer;
43  import org.apache.hadoop.hbase.ipc.RpcServerInterface;
44  import org.apache.hadoop.hbase.ipc.TestDelayedRpc.TestDelayedImplementation;
45  import org.apache.hadoop.hbase.ipc.TestDelayedRpc.TestThread;
46  import org.apache.hadoop.hbase.ipc.protobuf.generated.TestDelayedRpcProtos;
47  import org.apache.hadoop.security.UserGroupInformation;
48  import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
49  import org.junit.Test;
50  import org.junit.experimental.categories.Category;
51  import org.mockito.Mockito;
52  
53  import com.google.common.collect.Lists;
54  import com.google.protobuf.BlockingRpcChannel;
55  import com.google.protobuf.BlockingService;
56  
57  @Category(SmallTests.class)
58  public class TestSecureRPC {
59    public static RpcServerInterface rpcServer;
60    /**
61     * To run this test, we must specify the following system properties:
62     *<p>
63     * <b> hbase.regionserver.kerberos.principal </b>
64     * <p>
65     * <b> hbase.regionserver.keytab.file </b>
66     */
67    @Test
68    public void testRpcCallWithEnabledKerberosSaslAuth() throws Exception {
69      assumeTrue(isKerberosPropertySetted());
70      String krbKeytab = getKeytabFileForTesting();
71      String krbPrincipal = getPrincipalForTesting();
72  
73      Configuration cnf = new Configuration();
74      cnf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
75      UserGroupInformation.setConfiguration(cnf);
76      UserGroupInformation.loginUserFromKeytab(krbPrincipal, krbKeytab);
77      UserGroupInformation ugi = UserGroupInformation.getLoginUser();
78      UserGroupInformation ugi2 = UserGroupInformation.getCurrentUser();
79  
80      // check that the login user is okay:
81      assertSame(ugi, ugi2);
82      assertEquals(AuthenticationMethod.KERBEROS, ugi.getAuthenticationMethod());
83      assertEquals(krbPrincipal, ugi.getUserName());
84  
85      Configuration conf = getSecuredConfiguration();
86  
87      SecurityInfo securityInfoMock = Mockito.mock(SecurityInfo.class);
88      Mockito.when(securityInfoMock.getServerPrincipal())
89        .thenReturn(HBaseKerberosUtils.KRB_PRINCIPAL);
90      SecurityInfo.addInfo("TestDelayedService", securityInfoMock);
91  
92      boolean delayReturnValue = false;
93      InetSocketAddress isa = new InetSocketAddress("localhost", 0);
94      TestDelayedImplementation instance = new TestDelayedImplementation(delayReturnValue);
95      BlockingService service =
96          TestDelayedRpcProtos.TestDelayedService.newReflectiveBlockingService(instance);
97  
98      rpcServer = new RpcServer(null, "testSecuredDelayedRpc",
99          Lists.newArrayList(new RpcServer.BlockingServiceAndInterface(service, null)),
100           isa, conf, new FifoRpcScheduler(conf, 1));
101     rpcServer.start();
102     RpcClient rpcClient = RpcClientFactory
103         .createClient(conf, HConstants.DEFAULT_CLUSTER_ID.toString());
104     try {
105       BlockingRpcChannel channel = rpcClient.createBlockingRpcChannel(
106           ServerName.valueOf(rpcServer.getListenerAddress().getHostName(),
107               rpcServer.getListenerAddress().getPort(), System.currentTimeMillis()),
108           User.getCurrent(), 1000);
109       TestDelayedRpcProtos.TestDelayedService.BlockingInterface stub =
110         TestDelayedRpcProtos.TestDelayedService.newBlockingStub(channel);
111       List<Integer> results = new ArrayList<Integer>();
112       TestThread th1 = new TestThread(stub, true, results);
113       th1.start();
114       Thread.sleep(100);
115       th1.join();
116 
117       assertEquals(0xDEADBEEF, results.get(0).intValue());
118     } finally {
119       rpcClient.close();
120     }
121   }
122 }