Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-14001

Improve delegation token validity checking

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.8.0, 2.7.4, 3.0.0-alpha2
    • Component/s: None
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      In AbstractDelegationSecretManager#verifyToken, MessageDigest.isEqual should be used instead of Arrays.equals to compare byte arrays.

        Activity

        Hide
        hadoopqa Hadoop QA added a comment -
        -1 overall



        Vote Subsystem Runtime Comment
        0 reexec 0m 15s Docker mode activated.
        +1 @author 0m 0s The patch does not contain any @author tags.
        -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
        +1 mvninstall 13m 42s trunk passed
        +1 compile 12m 5s trunk passed
        +1 checkstyle 0m 31s trunk passed
        +1 mvnsite 1m 10s trunk passed
        +1 mvneclipse 0m 20s trunk passed
        +1 findbugs 1m 46s trunk passed
        +1 javadoc 0m 56s trunk passed
        +1 mvninstall 0m 48s the patch passed
        +1 compile 11m 41s the patch passed
        +1 javac 11m 41s the patch passed
        +1 checkstyle 0m 32s the patch passed
        +1 mvnsite 1m 7s the patch passed
        +1 mvneclipse 0m 18s the patch passed
        +1 whitespace 0m 0s The patch has no whitespace issues.
        +1 findbugs 1m 58s the patch passed
        +1 javadoc 0m 57s the patch passed
        +1 unit 9m 7s hadoop-common in the patch passed.
        +1 asflicense 0m 35s The patch does not generate ASF License warnings.
        59m 47s



        Subsystem Report/Notes
        Docker Image:yetus/hadoop:a9ad5d6
        JIRA Issue HADOOP-14001
        JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12848208/HADOOP-14001.01.patch
        Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
        uname Linux b8201cfdca49 3.13.0-95-generic #142-Ubuntu SMP Fri Aug 12 17:00:09 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
        Build tool maven
        Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
        git revision trunk / 383aa9c
        Default Java 1.8.0_111
        findbugs v3.0.0
        Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/11466/testReport/
        modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common
        Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/11466/console
        Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 15s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 mvninstall 13m 42s trunk passed +1 compile 12m 5s trunk passed +1 checkstyle 0m 31s trunk passed +1 mvnsite 1m 10s trunk passed +1 mvneclipse 0m 20s trunk passed +1 findbugs 1m 46s trunk passed +1 javadoc 0m 56s trunk passed +1 mvninstall 0m 48s the patch passed +1 compile 11m 41s the patch passed +1 javac 11m 41s the patch passed +1 checkstyle 0m 32s the patch passed +1 mvnsite 1m 7s the patch passed +1 mvneclipse 0m 18s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 findbugs 1m 58s the patch passed +1 javadoc 0m 57s the patch passed +1 unit 9m 7s hadoop-common in the patch passed. +1 asflicense 0m 35s The patch does not generate ASF License warnings. 59m 47s Subsystem Report/Notes Docker Image:yetus/hadoop:a9ad5d6 JIRA Issue HADOOP-14001 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12848208/HADOOP-14001.01.patch Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux b8201cfdca49 3.13.0-95-generic #142-Ubuntu SMP Fri Aug 12 17:00:09 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / 383aa9c Default Java 1.8.0_111 findbugs v3.0.0 Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/11466/testReport/ modules C: hadoop-common-project/hadoop-common U: hadoop-common-project/hadoop-common Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/11466/console Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
        Hide
        tlipcon Todd Lipcon added a comment -

        +1, lgtm

        Show
        tlipcon Todd Lipcon added a comment - +1, lgtm
        Hide
        ajisakaa Akira Ajisaka added a comment -

        Committed this to trunk, branch-2, branch-2.8, branch-2.8.0, and branch-2.7. Thanks Todd Lipcon for the review.

        Show
        ajisakaa Akira Ajisaka added a comment - Committed this to trunk, branch-2, branch-2.8, branch-2.8.0, and branch-2.7. Thanks Todd Lipcon for the review.
        Hide
        hudson Hudson added a comment -

        SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11143 (See https://builds.apache.org/job/Hadoop-trunk-Commit/11143/)
        HADOOP-14001. Improve delegation token validity checking. (aajisaka: rev 176346721006a03f41d028560e9e29b5931d5be2)

        • (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
        Show
        hudson Hudson added a comment - SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11143 (See https://builds.apache.org/job/Hadoop-trunk-Commit/11143/ ) HADOOP-14001 . Improve delegation token validity checking. (aajisaka: rev 176346721006a03f41d028560e9e29b5931d5be2) (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java
        Hide
        yzhangal Yongjun Zhang added a comment -

        HI Akira Ajisaka and Todd Lipcon,

        Per https://docs.oracle.com/javase/7/docs/api/java/security/MessageDigest.html

        public static boolean isEqual(byte[] digesta,
                      byte[] digestb)
        Compares two digests for equality. Does a simple byte compare.
        Parameters:
        digesta - one of the digests to compare.
        digestb - the other digest to compare.
        Returns:
        true if the digests are equal, false otherwise.
        

        Seems the orginal code has same behavior as the changed code. The newer code looks more symbolic though. Would you please comment if there is any other diff?

        Thanks.

        Show
        yzhangal Yongjun Zhang added a comment - HI Akira Ajisaka and Todd Lipcon , Per https://docs.oracle.com/javase/7/docs/api/java/security/MessageDigest.html public static boolean isEqual( byte [] digesta, byte [] digestb) Compares two digests for equality. Does a simple byte compare. Parameters: digesta - one of the digests to compare. digestb - the other digest to compare. Returns: true if the digests are equal, false otherwise. Seems the orginal code has same behavior as the changed code. The newer code looks more symbolic though. Would you please comment if there is any other diff? Thanks.

          People

          • Assignee:
            ajisakaa Akira Ajisaka
            Reporter:
            ajisakaa Akira Ajisaka
          • Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development