abstractdog commented on code in PR #393:
URL: https://github.com/apache/tez/pull/393#discussion_r1969502619
##########
tez-api/src/main/java/org/apache/tez/common/security/JobTokenSecretManager.java:
##########
@@ -37,11 +39,31 @@
@InterfaceAudience.Private
@InterfaceStability.Unstable
public class JobTokenSecretManager extends SecretManager<JobTokenIdentifier> {
- private static final String DEFAULT_HMAC_ALGORITHM = "HmacSHA1";
- private final SecretKey masterKey;
private final Map<String, SecretKey> currentJobTokens;
private final Mac mac;
+
+ /**
+ * @param conf a mandatory configuration for JobTokenSecretManager to
prevent algorithm mismatch
+ */
+ public JobTokenSecretManager(Configuration conf) {
+ this(null, conf);
+ }
+
+ public JobTokenSecretManager(SecretKey key, Configuration conf) {
+ String algorithm = getAlgorithm(conf);
+ SecretKey masterKey = (key == null) ? generateSecret() : key;
+ this.currentJobTokens = new TreeMap<>();
+ try {
+ mac = Mac.getInstance(algorithm);
+ mac.init(masterKey);
+ } catch (NoSuchAlgorithmException nsa) {
+ throw new IllegalArgumentException("Can't find " + algorithm + "
algorithm.", nsa);
+ } catch (InvalidKeyException ike) {
+ throw new IllegalArgumentException("Invalid key to HMAC computation",
ike);
Review Comment:
oh, right, this is a leftover from the default HMAC-era
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
