Examples of org.apache.hadoop.yarn.server.security.MasterKeyData

• org.apache.hadoop.yarn.server.security.MasterKeyData

  public synchronized void setMasterKey(MasterKey masterKeyRecord) {
    LOG.info("Rolling master-key for container-tokens, got key with id "
        + masterKeyRecord.getKeyId());
    if (super.currentMasterKey == null) {
      super.currentMasterKey =
          new MasterKeyData(masterKeyRecord, createSecretKey(masterKeyRecord
            .getBytes().array()));
    } else {
      if (super.currentMasterKey.getMasterKey().getKeyId() != masterKeyRecord
          .getKeyId()) {
        // Update keys only if the key has changed.
        this.previousMasterKey = super.currentMasterKey;
        super.currentMasterKey =
            new MasterKeyData(masterKeyRecord, createSecretKey(masterKeyRecord
              .getBytes().array()));
      }
    }
  }

  @Override
  public synchronized byte[] retrievePassword(
      ContainerTokenIdentifier identifier) throws SecretManager.InvalidToken {
    int keyId = identifier.getMasterKeyId();

    MasterKeyData masterKeyToUse = null;
    if (this.previousMasterKey != null
        && keyId == this.previousMasterKey.getMasterKey().getKeyId()) {
      // A container-launch has come in with a token generated off the last
      // master-key
      masterKeyToUse = this.previousMasterKey;

  public synchronized void setMasterKey(MasterKey masterKey) {
    LOG.info("Rolling master-key for nm-tokens, got key with id :"
        + masterKey.getKeyId());
    if (super.currentMasterKey == null) {
      super.currentMasterKey =
          new MasterKeyData(masterKey, createSecretKey(masterKey.getBytes()
            .array()));
    } else {
      if (super.currentMasterKey.getMasterKey().getKeyId() != masterKey
        .getKeyId()) {
        this.previousMasterKey = super.currentMasterKey;
        super.currentMasterKey =
            new MasterKeyData(masterKey, createSecretKey(masterKey.getBytes()
              .array()));
      }
    }
  }

     * older saved master key will be used. 2) If identifier's master key id
     * matches that of previous master key id then previous key will be used. 3)
     * If identifier's master key id matches that of current master key id then
     * current key will be used.
     */
    MasterKeyData oldMasterKey = oldMasterKeys.get(appAttemptId);
    MasterKeyData masterKeyToUse = oldMasterKey;
    if (previousMasterKey != null
        && keyId == previousMasterKey.getMasterKey().getKeyId()) {
      masterKeyToUse = previousMasterKey;
    } else if (keyId == currentMasterKey.getMasterKey().getKeyId()) {
      masterKeyToUse = currentMasterKey;

    if (!appToAppAttemptMap.containsKey(appAttemptId.getApplicationId())) {
      // First application attempt for the given application
      appToAppAttemptMap.put(appAttemptId.getApplicationId(),
        new ArrayList<ApplicationAttemptId>());
    }
    MasterKeyData oldKey = oldMasterKeys.get(appAttemptId);

    if (oldKey == null) {
      // This is a new application attempt.
      appToAppAttemptMap.get(appAttemptId.getApplicationId()).add(appAttemptId);
    }
    if (oldKey == null
        || oldKey.getMasterKey().getKeyId() != identifier.getKeyId()) {
      // Update key only if it is modified.
      LOG.debug("NMToken key updated for application attempt : "
          + identifier.getApplicationAttemptId().toString());
      if (identifier.getKeyId() == currentMasterKey.getMasterKey()
        .getKeyId()) {