001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.ipc;
019
020import static org.apache.hadoop.hbase.ipc.TestProtobufRpcServiceImpl.SERVICE;
021import static org.apache.hadoop.hbase.ipc.TestProtobufRpcServiceImpl.newBlockingStub;
022import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getKeytabFileForTesting;
023import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.getPrincipalForTesting;
024import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.loginKerberosPrincipal;
025import static org.apache.hadoop.hbase.security.HBaseKerberosUtils.setSecuredConfiguration;
026import static org.junit.Assert.assertFalse;
027import static org.junit.Assert.assertTrue;
028
029import java.io.File;
030import java.net.InetSocketAddress;
031import java.util.Collections;
032import java.util.concurrent.atomic.AtomicReference;
033import org.apache.hadoop.conf.Configuration;
034import org.apache.hadoop.hbase.HBaseClassTestRule;
035import org.apache.hadoop.hbase.HBaseTestingUtility;
036import org.apache.hadoop.hbase.HConstants;
037import org.apache.hadoop.hbase.security.HBaseKerberosUtils;
038import org.apache.hadoop.hbase.security.SecurityInfo;
039import org.apache.hadoop.hbase.security.User;
040import org.apache.hadoop.hbase.testclassification.MediumTests;
041import org.apache.hadoop.hbase.testclassification.RPCTests;
042import org.apache.hadoop.minikdc.MiniKdc;
043import org.apache.hadoop.security.UserGroupInformation;
044import org.junit.AfterClass;
045import org.junit.Before;
046import org.junit.BeforeClass;
047import org.junit.ClassRule;
048import org.junit.Test;
049import org.junit.experimental.categories.Category;
050import org.mockito.Mockito;
051
052import org.apache.hbase.thirdparty.com.google.common.collect.Lists;
053import org.apache.hbase.thirdparty.io.netty.channel.Channel;
054
055import org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestProtos;
056import org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestRpcServiceProtos.TestProtobufRpcProto.BlockingInterface;
057
058@Category({ RPCTests.class, MediumTests.class })
059public class TestRpcSkipInitialSaslHandshake {
060
061  @ClassRule
062  public static final HBaseClassTestRule CLASS_RULE =
063    HBaseClassTestRule.forClass(TestRpcSkipInitialSaslHandshake.class);
064
065  protected static final HBaseTestingUtility TEST_UTIL = new HBaseTestingUtility();
066
067  protected static final File KEYTAB_FILE =
068    new File(TEST_UTIL.getDataTestDir("keytab").toUri().getPath());
069
070  protected static MiniKdc KDC;
071  protected static String HOST = "localhost";
072  protected static String PRINCIPAL;
073
074  protected String krbKeytab;
075  protected String krbPrincipal;
076  protected UserGroupInformation ugi;
077  protected Configuration clientConf;
078  protected Configuration serverConf;
079
080  protected static void initKDCAndConf() throws Exception {
081    KDC = TEST_UTIL.setupMiniKdc(KEYTAB_FILE);
082    PRINCIPAL = "hbase/" + HOST;
083    KDC.createPrincipal(KEYTAB_FILE, PRINCIPAL);
084    HBaseKerberosUtils.setPrincipalForTesting(PRINCIPAL + "@" + KDC.getRealm());
085    // set a smaller timeout and retry to speed up tests
086    TEST_UTIL.getConfiguration().setInt(RpcClient.SOCKET_TIMEOUT_READ, 2000000000);
087    TEST_UTIL.getConfiguration().setInt("hbase.security.relogin.maxretries", 1);
088  }
089
090  protected static void stopKDC() throws InterruptedException {
091    if (KDC != null) {
092      KDC.stop();
093    }
094  }
095
096  protected final void setUpPrincipalAndConf() throws Exception {
097    krbKeytab = getKeytabFileForTesting();
098    krbPrincipal = getPrincipalForTesting();
099    ugi = loginKerberosPrincipal(krbKeytab, krbPrincipal);
100    clientConf = new Configuration(TEST_UTIL.getConfiguration());
101    setSecuredConfiguration(clientConf);
102    clientConf.setBoolean(RpcClient.IPC_CLIENT_FALLBACK_TO_SIMPLE_AUTH_ALLOWED_KEY, true);
103    serverConf = new Configuration(TEST_UTIL.getConfiguration());
104  }
105
106  @BeforeClass
107  public static void setUp() throws Exception {
108    initKDCAndConf();
109  }
110
111  @AfterClass
112  public static void tearDown() throws Exception {
113    stopKDC();
114    TEST_UTIL.cleanupTestDir();
115  }
116
117  @Before
118  public void setUpTest() throws Exception {
119    setUpPrincipalAndConf();
120  }
121
122  /**
123   * This test is for HBASE-27923,which NettyRpcServer may hange if it should skip initial sasl
124   * handshake.
125   */
126  @Test
127  public void test() throws Exception {
128    SecurityInfo securityInfoMock = Mockito.mock(SecurityInfo.class);
129    Mockito.when(securityInfoMock.getServerPrincipals())
130      .thenReturn(Collections.singletonList(HBaseKerberosUtils.KRB_PRINCIPAL));
131    SecurityInfo.addInfo("TestProtobufRpcProto", securityInfoMock);
132
133    final AtomicReference<NettyServerRpcConnection> conn = new AtomicReference<>(null);
134    NettyRpcServer rpcServer = new NettyRpcServer(null, getClass().getSimpleName(),
135      Lists.newArrayList(new RpcServer.BlockingServiceAndInterface(SERVICE, null)),
136      new InetSocketAddress(HOST, 0), serverConf, new FifoRpcScheduler(serverConf, 1), true) {
137
138      @Override
139      protected NettyServerRpcConnection createNettyServerRpcConnection(Channel channel) {
140        conn.set(super.createNettyServerRpcConnection(channel));
141        return conn.get();
142      }
143    };
144
145    rpcServer.start();
146    try (NettyRpcClient rpcClient =
147      new NettyRpcClient(clientConf, HConstants.DEFAULT_CLUSTER_ID.toString(), null, null)) {
148      BlockingInterface stub = newBlockingStub(rpcClient, rpcServer.getListenerAddress(),
149        User.create(UserGroupInformation.getCurrentUser()));
150
151      String response =
152        stub.echo(null, TestProtos.EchoRequestProto.newBuilder().setMessage("test").build())
153          .getMessage();
154      assertTrue("test".equals(response));
155      assertFalse(conn.get().useSasl);
156    } finally {
157      rpcServer.stop();
158    }
159  }
160}