Repository: hive Updated Branches: refs/heads/master f291de23b -> bff1b9e9e
HIVE-14432 : LLAP signing unit test may be timing-dependent (Sergey Shelukhin, reviewed by Prasanth Jayachandran) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/bff1b9e9 Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/bff1b9e9 Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/bff1b9e9 Branch: refs/heads/master Commit: bff1b9e9e47944c679c3b9b62796bee408ddb652 Parents: f291de2 Author: Sergey Shelukhin <[email protected]> Authored: Fri Aug 12 14:05:43 2016 -0700 Committer: Sergey Shelukhin <[email protected]> Committed: Fri Aug 12 14:28:05 2016 -0700 ---------------------------------------------------------------------- .../hive/llap/security/TestLlapSignerImpl.java | 39 +++++++++++++------- 1 file changed, 26 insertions(+), 13 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/bff1b9e9/llap-server/src/test/org/apache/hadoop/hive/llap/security/TestLlapSignerImpl.java ---------------------------------------------------------------------- diff --git a/llap-server/src/test/org/apache/hadoop/hive/llap/security/TestLlapSignerImpl.java b/llap-server/src/test/org/apache/hadoop/hive/llap/security/TestLlapSignerImpl.java index fbce98a..77f658b 100644 --- a/llap-server/src/test/org/apache/hadoop/hive/llap/security/TestLlapSignerImpl.java +++ b/llap-server/src/test/org/apache/hadoop/hive/llap/security/TestLlapSignerImpl.java @@ -45,8 +45,8 @@ public class TestLlapSignerImpl { byte theByte = 1; TestSignable in = new TestSignable(theByte); TestSignable in2 = new TestSignable(++theByte); - SignedMessage sm2 = signer.serializeAndSign(in2); SignedMessage sm = signer.serializeAndSign(in); + SignedMessage sm2 = signer.serializeAndSign(in2); TestSignable out = TestSignable.deserialize(sm.message); TestSignable out2 = TestSignable.deserialize(sm2.message); assertEquals(in, out); @@ -72,12 +72,7 @@ public class TestLlapSignerImpl { } sm.signature[index] = (byte)(sm.signature[index] - 1); - // Adding keys is PITA - there's no way to plug into timed rolling; just create a new fsm. - DelegationKey dk = fsm.getCurrentKey(); - fsm.stopThreads(); - fsm = new FakeSecretManager(); - fsm.addKey(dk); - fsm.startThreads(); + fsm = rollKey(fsm, out.masterKeyId); signer = new LlapSignerImpl(fsm); // Sign in2 with a different key. sm2 = signer.serializeAndSign(in2); @@ -95,12 +90,7 @@ public class TestLlapSignerImpl { } // The same for rolling the key; re-create the fsm with only the key #2. - dk = fsm.getCurrentKey(); - fsm.stopThreads(); - - fsm = new FakeSecretManager(); - fsm.addKey(dk); - fsm.startThreads(); + fsm = rollKey(fsm, out2.masterKeyId); signer = new LlapSignerImpl(fsm); signer.checkSignature(sm2.message, sm2.signature, out2.masterKeyId); // The key is missing - shouldn't be able to verify. @@ -113,6 +103,24 @@ public class TestLlapSignerImpl { fsm.stopThreads(); } + private FakeSecretManager rollKey(FakeSecretManager fsm, int idToPreserve) throws IOException { + // Adding keys is PITA - there's no way to plug into timed rolling; just create a new fsm. + DelegationKey dk = fsm.getDelegationKey(idToPreserve), curDk = fsm.getCurrentKey(); + if (curDk.getKeyId() != idToPreserve) { + LOG.warn("The current key is not the one we expect; key rolled in background? Signed with " + + idToPreserve + " but got " + curDk.getKeyId()); + } + // Regardless of the above, we should have the key we've signed with. + assertNotNull(dk); + assertEquals(idToPreserve, dk.getKeyId()); + fsm.stopThreads(); + fsm = new FakeSecretManager(); + fsm.addKey(dk); + assertNotNull("Couldn't add key", fsm.getDelegationKey(dk.getKeyId())); + fsm.startThreads(); + return fsm; + } + private static class TestSignable implements Signable { public int masterKeyId; public byte index; @@ -178,6 +186,11 @@ public class TestLlapSignerImpl { } @Override + public DelegationKey getDelegationKey(int keyId) { + return super.getDelegationKey(keyId); + } + + @Override public byte[] signWithKey(byte[] message, DelegationKey key) { return createPassword(message, key.getKey()); }
