Re: [PR] HIVE-28042: DigestMD5 token expired or does not exist issue while opening connection to HMS [hive]

Thu, 04 Jul 2024 03:54:57 -0700 


chinnaraolalam commented on code in PR #5303:
URL: https://github.com/apache/hive/pull/5303#discussion_r1665533819


##########
standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/security/TokenStoreDelegationTokenSecretManager.java:
##########
@@ -238,20 +248,33 @@ public synchronized void stopThreads() {
    */
   protected void removeExpiredTokens() {
     long now = System.currentTimeMillis();
-    Iterator<DelegationTokenIdentifier> i = 
tokenStore.getAllDelegationTokenIdentifiers()
-        .iterator();
-    while (i.hasNext()) {
-      DelegationTokenIdentifier id = i.next();
+    for (DelegationTokenIdentifier id : 
tokenStore.getAllDelegationTokenIdentifiers()) {
       if (now > id.getMaxDate()) {
+        LOGGER.info("Expiry Thread removing expired token: " + id);
         this.tokenStore.removeToken(id); // no need to look at token info
       } else {
         // get token info to check renew date
-        DelegationTokenInformation tokenInfo = tokenStore.getToken(id);
-        if (tokenInfo != null) {
-          if (now > tokenInfo.getRenewDate()) {
-            this.tokenStore.removeToken(id);
-          }
+        renewIfRequired(now, id, tokenStore.getToken(id));
+      }
+    }
+  }
+
+  private void renewIfRequired(long currentTime, DelegationTokenIdentifier id, 
DelegationTokenInformation tokenInfo) {
+    if (tokenInfo != null) {
+      if (currentTime > tokenInfo.getRenewDate() && currentTime < 
id.getMaxDate()) {
+        // This will be the case when now > tokenInfo.getRenewDate() but less 
than the token expiration/max time.
+        LOGGER.info("Trying to renew the token: " + id);
+        try {
+          DelegationKey key = getDelegationKey(id.getMasterKeyId());
+          Token<DelegationTokenIdentifier> t = new Token<>(id.getBytes(), 
createPassword(id.getBytes(), key.getKey()),
+                  id.getKind(), new Text());
+          renewToken(t, 
UserGroupInformation.getCurrentUser().getShortUserName());
+        } catch (IOException e) {
+          throw new IllegalStateException("Unable to renew token: " + id);
         }
+      } else if (currentTime >= id.getMaxDate()) {

Review Comment:
   If it equal to maxdate can remove token other case it can throw InvalidToken 
Exception not Illegalstatetexception



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For additional commands, e-mail: gitbox-h...@hive.apache.org

Reply via email to