Repository: hive
Updated Branches:
  refs/heads/hive-14535 3e481b471 -> 70299dc48


HIVE-14702 : LLAPIF: after a long period of inactivity, signing key may be 
removed from local store (Sergey Shelukhin, reviewed by Jason Dere)


Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/805367b0
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/805367b0
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/805367b0

Branch: refs/heads/hive-14535
Commit: 805367b0e2d1a024e6699e0125e7c68fb3fc1f26
Parents: 49f103c
Author: Sergey Shelukhin <ser...@apache.org>
Authored: Mon Sep 12 12:58:04 2016 -0700
Committer: Sergey Shelukhin <ser...@apache.org>
Committed: Mon Sep 12 12:58:04 2016 -0700

----------------------------------------------------------------------
 .../org/apache/hadoop/hive/llap/security/SecretManager.java | 9 +++++++--
 .../hadoop/hive/llap/security/SigningSecretManager.java     | 4 +++-
 2 files changed, 10 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hive/blob/805367b0/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
----------------------------------------------------------------------
diff --git 
a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java 
b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
index 8d0fa2e..345156f 100644
--- 
a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
+++ 
b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SecretManager.java
@@ -38,6 +38,7 @@ import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.security.token.delegation.DelegationKey;
+import org.apache.hadoop.security.token.delegation.HiveDelegationTokenSupport;
 import 
org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager;
 import org.apache.hadoop.security.token.delegation.web.DelegationTokenManager;
 import org.apache.zookeeper.data.ACL;
@@ -119,8 +120,12 @@ public class SecretManager extends 
ZKDelegationTokenSecretManager<LlapTokenIdent
   }
 
   @Override
-  public synchronized DelegationKey getCurrentKey() {
-    return allKeys.get(getCurrentKeyId());
+  public synchronized DelegationKey getCurrentKey() throws IOException {
+    DelegationKey currentKey = getDelegationKey(getCurrentKeyId());
+    if (currentKey != null) return currentKey;
+    // Try to roll the key if none is found.
+    HiveDelegationTokenSupport.rollMasterKey(this);
+    return getDelegationKey(getCurrentKeyId());
   }
 
   @Override

http://git-wip-us.apache.org/repos/asf/hive/blob/805367b0/llap-common/src/java/org/apache/hadoop/hive/llap/security/SigningSecretManager.java
----------------------------------------------------------------------
diff --git 
a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SigningSecretManager.java
 
b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SigningSecretManager.java
index 82b1992..acae57b 100644
--- 
a/llap-common/src/java/org/apache/hadoop/hive/llap/security/SigningSecretManager.java
+++ 
b/llap-common/src/java/org/apache/hadoop/hive/llap/security/SigningSecretManager.java
@@ -17,10 +17,12 @@
  */
 package org.apache.hadoop.hive.llap.security;
 
+import java.io.IOException;
+
 import org.apache.hadoop.security.token.delegation.DelegationKey;
 
 public interface SigningSecretManager {
-  DelegationKey getCurrentKey();
+  DelegationKey getCurrentKey() throws IOException;
   byte[] signWithKey(byte[] message, DelegationKey key);
   byte[] signWithKey(byte[] message, int keyId) throws SecurityException;
   void close();

Reply via email to