You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kyuubi.apache.org by ul...@apache.org on 2022/12/13 09:57:44 UTC
[incubator-kyuubi] branch master updated: [KYUUBI #3930] [Fix] fix ut in SessionSigningSuite by getting session public key and user sign from LocalProperty
This is an automated email from the ASF dual-hosted git repository.
ulyssesyou pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-kyuubi.git
The following commit(s) were added to refs/heads/master by this push:
new 36a2d3325 [KYUUBI #3930] [Fix] fix ut in SessionSigningSuite by getting session public key and user sign from LocalProperty
36a2d3325 is described below
commit 36a2d33250647cb42457508e99b72614ef6654df
Author: liangbowen <li...@gf.com.cn>
AuthorDate: Tue Dec 13 17:57:31 2022 +0800
[KYUUBI #3930] [Fix] fix ut in SessionSigningSuite by getting session public key and user sign from LocalProperty
### _Why are the changes needed?_
Followed by issue https://github.com/apache/incubator-kyuubi/issues/3930 and pr https://github.com/apache/incubator-kyuubi/pull/3932.
- correct ut in SessionSigningSuite by fetching session public key and user sign via scala scripts instead of `SET` command in SQL , to prevent accidently redacted by `spark.redaction.regex`
- removed `syncronized` in SignUtils introduced in pr #3932 , with confirming no thread safe problem during the signing and verification
### _How was this patch tested?_
- [x] Add some test cases that check the changes thoroughly including negative and positive cases if possible
- [ ] Add screenshots for manual tests if appropriate
- [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request
Closes #3974 from bowenliang123/3932-fix2.
Closes #3930
c5f07b95 [liangbowen] comment
1f4ace3a [liangbowen] use KyuubiReservedKeys.KYUUBI_SESSION_USER_SIGN/KYUUBI_SESSION_SIGN_PUBLICKEY for property name
a034cbec [liangbowen] style
1f127c10 [liangbowen] remove `synchronized` from `signWithPrivateKey` and `verifySignWithECDSA` in SignUtils
ff5a21d5 [liangbowen] fix ut by getting `kyuubi.session.sign.publickey` and `kyuubi.session.user.sign` via `spark.sparkContext.getLocalProperty` in scala scripts.
Authored-by: liangbowen <li...@gf.com.cn>
Signed-off-by: ulysses-you <ul...@apache.org>
---
.../scala/org/apache/kyuubi/util/SignUtils.scala | 4 ++--
.../kyuubi/session/SessionSigningSuite.scala | 26 ++++++++++++++++------
2 files changed, 21 insertions(+), 9 deletions(-)
diff --git a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/SignUtils.scala b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/SignUtils.scala
index bd7edd297..6f7ff18df 100644
--- a/kyuubi-common/src/main/scala/org/apache/kyuubi/util/SignUtils.scala
+++ b/kyuubi-common/src/main/scala/org/apache/kyuubi/util/SignUtils.scala
@@ -46,7 +46,7 @@ object SignUtils {
def signWithPrivateKey(
plainText: String,
privateKey: PrivateKey,
- algorithm: String = "SHA256withECDSA"): String = synchronized {
+ algorithm: String = "SHA256withECDSA"): String = {
val privateSignature = Signature.getInstance(algorithm)
privateSignature.initSign(privateKey)
privateSignature.update(plainText.getBytes(StandardCharsets.UTF_8))
@@ -57,7 +57,7 @@ object SignUtils {
def verifySignWithECDSA(
plainText: String,
signatureBase64: String,
- publicKeyBase64: String): Boolean = synchronized {
+ publicKeyBase64: String): Boolean = {
try {
val publicKeyBytes = Base64.getDecoder.decode(publicKeyBase64)
val publicKey: PublicKey = KeyFactory.getInstance(KEYPAIR_ALGORITHM_EC)
diff --git a/kyuubi-server/src/test/scala/org/apache/kyuubi/session/SessionSigningSuite.scala b/kyuubi-server/src/test/scala/org/apache/kyuubi/session/SessionSigningSuite.scala
index 3899ab488..a53e46507 100644
--- a/kyuubi-server/src/test/scala/org/apache/kyuubi/session/SessionSigningSuite.scala
+++ b/kyuubi-server/src/test/scala/org/apache/kyuubi/session/SessionSigningSuite.scala
@@ -17,6 +17,8 @@
package org.apache.kyuubi.session
+import org.apache.commons.lang3.StringUtils
+
import org.apache.kyuubi.WithKyuubiServer
import org.apache.kyuubi.config.KyuubiConf
import org.apache.kyuubi.config.KyuubiConf._
@@ -68,19 +70,29 @@ class SessionSigningSuite extends WithKyuubiServer with HiveJDBCTestHelper {
test("KYUUBI #3839 session user sign - check session user sign") {
withSessionConf()()() {
withJdbcStatement() { statement =>
- val rs1 = statement.executeQuery(s"SET $KYUUBI_SESSION_SIGN_PUBLICKEY")
+ val value = s"SET ${OPERATION_LANGUAGE.key}=scala"
+ statement.executeQuery(value)
+
+ val rs1 = statement.executeQuery(
+ s"""
+ |spark.sparkContext.getLocalProperty("$KYUUBI_SESSION_SIGN_PUBLICKEY")
+ |""".stripMargin)
assert(rs1.next())
- assert(rs1.getString("value").nonEmpty)
- val rs2 = statement.executeQuery(s"SET $KYUUBI_SESSION_USER_SIGN")
+ val rs2 = statement.executeQuery(
+ s"""
+ |spark.sparkContext.getLocalProperty("$KYUUBI_SESSION_USER_SIGN")
+ |""".stripMargin)
assert(rs2.next())
- assert(rs2.getString("value").nonEmpty)
- val publicKeyStr = rs1.getString("value")
- val sessionUserSign = rs2.getString("value")
+ // skipping prefix "res0: String = " of returned scala result
+ val publicKeyStr = rs1.getString(1).substring(15)
+ val sessionUserSign = rs2.getString(1).substring(15)
+
+ assert(StringUtils.isNotBlank(publicKeyStr))
+ assert(StringUtils.isNotBlank(sessionUserSign))
assert(SignUtils.verifySignWithECDSA(user, sessionUserSign, publicKeyStr))
}
}
}
-
}